Re: [clamav-users] fail updates

2017-11-06 Thread Eric Tykwinski
Sort of weird from personal experience, but OVH seems to update better than most. If anyone on OVH is here, feel free to explain. Just looking at freshclam logs on my local servers running on links with L3/Cogent vs OVH I seem to have less issues on the OVH mirrors. My personal explanation is

Re: [clamav-users] fail updates

2017-11-06 Thread Paul Kosinski
I killed our "mirrors.dat" at 2017-11-06 19:35:35 (EST). It was last modified at 2017-11-06 18:06:29 (EST). We'll see what happens. Paul Kosinski On Mon, 6 Nov 2017 21:21:58 + "Joel Esler (jesler)" wrote: > It would be helpful, if, starting now, deleting mirrors.dat and

Re: [clamav-users] clamav-milter Can't Find Clamd

2017-11-06 Thread Colony.three
Original Message > Subject: Re: [clamav-users] clamav-milter Can't Find Clamd > Local Time: November 6, 2017 4:01 PM > UTC Time: November 7, 2017 12:01 AM > From: h.rei...@thelounge.net > To: clamav-users@lists.clamav.net > > Am 07.11.2017 um 00:19 schrieb Colony.three: > >>

Re: [clamav-users] clamav-milter Can't Find Clamd

2017-11-06 Thread Reindl Harald
Am 07.11.2017 um 00:19 schrieb Colony.three: Trying to make milter see the clam daemon but can't figure out what's wrong. CentOS7. In /etc/clamd.d/clamd.conf: LocalSocket /var/run/clamd.scan/clamd.sock LocalSocketGroup virusgroup LocalSocketMode 660 FixStaleSocket yes

[clamav-users] clamav-milter Can't Find Clamd

2017-11-06 Thread Colony.three
Trying to make milter see the clam daemon but can't figure out what's wrong. CentOS7. In /etc/clamd.d/clamd.conf: LocalSocket /var/run/clamd.scan/clamd.sock LocalSocketGroup virusgroup LocalSocketMode 660 FixStaleSocket yes ... at which point I found that Yum hadn't installed the socket for

Re: [clamav-users] fail updates

2017-11-06 Thread Al Varnell
On Mon, Nov 06, 2017 at 01:21 PM, Joel Esler (jesler) wrote: > It would be helpful, if, starting now, deleting mirrors.dat and *then* > telling us about failing mirrors…. Cause…. We’ve done many changes in the > past month, it would be good to start from a clean slate. You might want to

Re: [clamav-users] fail updates

2017-11-06 Thread Joel Esler (jesler)
It would be helpful, if, starting now, deleting mirrors.dat and *then* telling us about failing mirrors…. Cause…. We’ve done many changes in the past month, it would be good to start from a clean slate. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 6,

Re: [clamav-users] fail updates

2017-11-06 Thread Reindl Harald
Am 06.11.2017 um 20:26 schrieb Benny Pedersen: Dennis Peterson skrev den 2017-11-06 19:43: Come to think of it, 130.59.10.36 shouldn't even still be in mirrors.dat and that is part of the systemic problems in the system. Nothing cleans up stale entries in mirrors.dat except rm -f mirrors.dat.

Re: [clamav-users] fail updates

2017-11-06 Thread Benny Pedersen
Dennis Peterson skrev den 2017-11-06 19:43: Come to think of it, 130.59.10.36 shouldn't even still be in mirrors.dat and that is part of the systemic problems in the system. Nothing cleans up stale entries in mirrors.dat except rm -f mirrors.dat. yep, its not working well, i see freshclam

Re: [clamav-users] Heuristics.Broken.Executable FOUND for core files/core dumps

2017-11-06 Thread Ravi
Hi, Looking forward for comments and suggestions for the below reported issue from the community. Thanks Ravi On Oct 27, 2017 4:09 PM, "Ravi" wrote: > Hi, > > We are seeing instances when customer uploads his zip files which contains > core files/core dumps during scanning

Re: [clamav-users] fail updates

2017-11-06 Thread Dennis Peterson
Come to think of it, 130.59.10.36 shouldn't even still be in mirrors.dat and that is part of the systemic problems in the system. Nothing cleans up stale entries in mirrors.dat except rm -f mirrors.dat. dp On 11/6/17 9:02 AM, Benny Pedersen wrote: freshclam --list-mirrors Mirror #1 IP:

Re: [clamav-users] fail updates

2017-11-06 Thread Paul Kosinski
Here's our latest actual download (subsequent queries showed nothing new). Note that 204.130.133.50 worked for us (from 66.31.152.192). Paul -- Monday 06 November 2017 at 09:06:03 EST -- Current working dir is

Re: [clamav-users] fail updates

2017-11-06 Thread Dennis Peterson
Your report includes mirrors that should be ignored based on last access. I built a list of current mirrors from freshclam logs that go back only to August. grep -h Ignoring freshclam* |grep -v Reading |awk '{print $9}' |sort |uniq -c |sort -rn The result is an easy to understand (if not jaw

[clamav-users] fail updates

2017-11-06 Thread Benny Pedersen
freshclam --list-mirrors Mirror #1 IP: 130.59.10.36 Successes: 391 Failures: 97 Last access: Mon Dec 19 00:46:43 2016 Ignore: No - Mirror #2 IP: 193.1.193.64 Successes: 2122 Failures: 208 Last access: Mon Nov 6 16:44:43 2017 Ignore: Yes

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Joel Esler (jesler)
If you have list of mirrors that are broken, it would be helpful to have that list, and what is broken about them. About a month ago, we went through a removed a “ton”* of broken ones. *ton means "a lot”. -- Joel Esler | Talos: Manager | jes...@cisco.com On

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Dennis Peterson
There are still a lot of broken mirrors out there aside from this problem. dp On 11/6/17 8:05 AM, Joel Esler (jesler) wrote: This should be resolving itself as we speak. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Joel Esler (jesler)
This should be resolving itself as we speak. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 6, 2017, at 4:47 AM, Simon Mousey Smith > wrote: Hi, Same here still having problems but slightly

Re: [clamav-users] freshclam broken

2017-11-06 Thread Joel Esler (jesler)
This should be resolving itself as we speak. We found a lingering error to some mirrors and it should be fixed. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 5, 2017, at 11:49 PM, Gene Heskett > wrote:

Re: [clamav-users] DLP extension

2017-11-06 Thread Al Varnell
On Mon, Nov 06, 2017 at 02:05 AM, Zvi Kave wrote: > Hi, > > I see that only SSN and CC is checked. > Is there a reason for that ? > I am interesting in more DLP types. > Is there a way to add more types ? > Or is there an open DLP types code that can be added ? > > Regards, > > Zvi See

[clamav-users] DLP extension

2017-11-06 Thread Zvi Kave
Hi, I see that only SSN and CC is checked. Is there a reason for that ? I am interesting in more DLP types. Is there a way to add more types ? Or is there an open DLP types code that can be added ? Regards, Zvi ___ clamav-users mailing list

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Simon Mousey Smith
Hi, Same here still having problems but slightly different ClamAV update process started at Mon Nov 6 09:46:22 2017 WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. Falling back to HTTP mode. junk.ndb is up to date (version: custom database) jurlbl.ndb is up to date