[clamav-users] ClamAV 0.103.0 check3_clamd.sh fails
I'm trying to build 0.103.0 on a CentOS6 server and the build completes but the 'make check' is giving a failure on check3_clamd.sh. The file unit_tests/check3_clamd.log contains the following but apart from the obvious that the reply is the wrong size I don't know what this is telling me or what I should be looking at to fix it. Running suite(s): clamd 91%: Checks: 78, Failures: 7, Errors: 0 check_clamd.c:251:F:clamd commands:test_basic_commands:4: Reply has wrong size: 76, expected 90, reply: /root/email/clamav-0.103.0/test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND , expected: /root/email/clamav-0.103.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND check_clamd.c:251:F:clamd commands:test_basic_commands:6: Reply has wrong size: 76, expected 90, reply: /root/email/clamav-0.103.0/test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND , expected: /root/email/clamav-0.103.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND check_clamd.c:251:F:clamd commands:test_basic_commands:8: Reply has wrong size: 76, expected 90, reply: /root/email/clamav-0.103.0/test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND , expected: /root/email/clamav-0.103.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND check_clamd.c:251:F:clamd commands:test_compat_commands:4: Reply has wrong size: 76, expected 90, reply: /root/email/clamav-0.103.0/test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND , expected: /root/email/clamav-0.103.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND check_clamd.c:251:F:clamd commands:test_compat_commands:6: Reply has wrong size: 76, expected 90, reply: /root/email/clamav-0.103.0/test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND , expected: /root/email/clamav-0.103.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND check_clamd.c:251:F:clamd commands:test_compat_commands:8: Reply has wrong size: 76, expected 90, reply: /root/email/clamav-0.103.0/test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND , expected: /root/email/clamav-0.103.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND check_clamd.c:810:F:clamd commands:test_idsession:0: Wrong ID reply for ID 3: /root/email/clamav-0.103.0/test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND, expected /root/email/clamav-0.103.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND ERROR: Communication error ERROR: Error occurred while receiving version information. *** *** clamdscan can't get version of clamd! *** FAIL check3_clamd.sh (exit status: 42) FAS ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
Shawn Webb wrote: On Wed, Sep 25, 2013 at 4:51 AM, Francis Stevens francis.stev...@bristow.co.uk wrote: Shawn Webb wrote: On Tue, Sep 24, 2013 at 2:21 PM, Rob Sterenborg (lists) li...@sterenborg.info wrote: On 09/24/2013 03:51 PM, Shawn Webb wrote: On Mon, Sep 23, 2013 at 5:04 PM, Dennis Peterson denni...@inetnw.com wrote: On 9/23/13 1:59:42PM, Shawn Webb wrote: Maybe this time I'll actually attach the patch. ;) I believe the list server discourages attachments. dp Did the patch not go through? No it didn't. The patch has been uploaded to this BugZilla report: https://bugzilla.clamav.net/**show_bug.cgi?id=8959https://bugzilla.clamav.net/show_bug.cgi?id=8959 __**_ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/**clamav-faqhttps://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/**ml http://www.clamav.net/support/ml I applied the patch but still get the same compile error. CC libclamav_la-upx.lo In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: redefinition of `Byte' /usr/local/zlib/include/zconf.**h:368: `Byte' previously declared here make[4]: *** [libclamav_la-upx.lo] Error 1 Hey Francis, Can you add the --disable-silent-rules option to your configure script and re-run make? It'd be helpful to see what's being passed to the compiler. Here's a small patch that might help. Can you give this a try and let me know how it goes? http://ix.io/8fk Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml This is the result of --disable-silent-rules libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/zlib/include -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -MT libclamav_la-upx.lo -MD -MP -MF .deps/libclamav_la-upx.Tpo -c upx.c -fPIC -DPIC -o .libs/libclamav_la-upx.o In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: redefinition of `Byte' /usr/local/zlib/include/zconf.h:368: `Byte' previously declared here make[4]: *** [libclamav_la-upx.lo] Error 1 make[4]: Leaving directory `/root/email/clamav-0.98/libclamav' applying the patch resolved the compile error, but I see that it is just making the changes I made manually originally. FAS ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
Shawn Webb wrote: On Tue, Sep 24, 2013 at 2:21 PM, Rob Sterenborg (lists) li...@sterenborg.info wrote: On 09/24/2013 03:51 PM, Shawn Webb wrote: On Mon, Sep 23, 2013 at 5:04 PM, Dennis Peterson denni...@inetnw.com wrote: On 9/23/13 1:59:42PM, Shawn Webb wrote: Maybe this time I'll actually attach the patch. ;) I believe the list server discourages attachments. dp Did the patch not go through? No it didn't. The patch has been uploaded to this BugZilla report: https://bugzilla.clamav.net/show_bug.cgi?id=8959 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml I applied the patch but still get the same compile error. CC libclamav_la-upx.lo In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: redefinition of `Byte' /usr/local/zlib/include/zconf.h:368: `Byte' previously declared here make[4]: *** [libclamav_la-upx.lo] Error 1 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
I have also hit this compilation issue, also on an old RedHat system. Looking in the sources for the file libclamav/7z/Types.h for 0.97.8 there are some edits that seem to be working around this issue which don't appear in the corresponding Types.h file for 0.98. The diff output is a bit long so here are the relevant bits... at line 13 /* aCaB -- lame workaround for Byte refef */ #include zconf.h at line 46 /* aCaB -- use Byte defined in zconf.h typedef unsigned char Byte; */ making these changes to the Types.h file with 0.98 enables the compile to complete. I have compiled 0.98 on CentOS6.4 without issues so this is probably related to the gcc version or some such. FAS Bob Cobb wrote: Richard, I'm using RH8 because it's the one production server that needs to stay online. Unfortunately I can't take it offline to upgrade to CentOS. Shawn, Tried configure without --with-zlib=/usr/local and I got the same error. B. Date: Fri, 20 Sep 2013 11:24:26 -0400 From: sw...@sourcefire.com To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte' On Fri, Sep 20, 2013 at 10:38 AM, Bob Cobb bobcob...@hotmail.com wrote: After downloading ClamAV 0.98 I tried to compile it, but I got this error, In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: redefinition of `Byte' /usr/local/include/zconf.h:368: `Byte' previously declared here make[4]: *** [libclamav_la-upx.lo] Error 1 make[4]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/clamav/clamav-0.98' make: *** [all] Error 2 Here's what I'm using, gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7) ./configure --enable-bigstack --enable-readdir_r --with-zlib=/usr/local --with-libcurl --enable-no-cache --enable-milter --enable-dns-fix --enable-clamdtop I tried this work around, which allowed me to compile it, (in clamav-0.98/libclamav/7z/Types.h line 59) replaced this, typedef unsigned char Byte; with this, #define Byte unsigned char I don't know if it's safe to use, so I held off installing it. Also, I didn't have any problems compiling the previous version of ClamAV (0.97.8). Any help would be appreciated. Thanks, B. Hey Bob, Is there a reason why you're specifying --with-zlib? Can you give it a try without that? Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
Shawn Webb wrote: On Mon, Sep 23, 2013 at 10:33 AM, Francis Stevens francis.stev...@bristow.co.uk wrote: I have also hit this compilation issue, also on an old RedHat system. Looking in the sources for the file libclamav/7z/Types.h for 0.97.8 there are some edits that seem to be working around this issue which don't appear in the corresponding Types.h file for 0.98. The diff output is a bit long so here are the relevant bits... at line 13 /* aCaB -- lame workaround for Byte refef */ #include zconf.h at line 46 /* aCaB -- use Byte defined in zconf.h typedef unsigned char Byte; */ making these changes to the Types.h file with 0.98 enables the compile to complete. I have compiled 0.98 on CentOS6.4 without issues so this is probably related to the gcc version or some such. FAS This is due to a change I had made in November 2012 to how the zlib linking checks are done in the configure script. If you have a few extra moments, can you apply the below-pasted patchfile and re-run configure? If your compile works with just this patch (and without the changes you made to zconf.h), we will better know how to proceed from here. The diff is in unified diff format. If you need me to convert the diff from unified to traditional, let me know. Thanks, Shawn The patch: diff --git a/configure b/configure index 0158088..4109375 100755 --- a/configure +++ b/configure @@ -15952,7 +15952,7 @@ $as_echo $as_me: WARNING: ** stability problems to the ClamAV developers! if test $ZLIB_HOME != /usr; then CPPFLAGS=$CPPFLAGS -I$ZLIB_HOME/include save_LDFLAGS=$LDFLAGS - LDFLAGS=$LDFLAGS -Wl,-rpath=$ZLIB_HOME/lib + LDFLAGS=$LDFLAGS -L$ZLIB_HOME/lib { $as_echo $as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz 5 $as_echo_n checking for inflateEnd in -lz... 6; } if ${ac_cv_lib_z_inflateEnd+:} false; then : @@ -15990,7 +15990,7 @@ fi { $as_echo $as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd 5 $as_echo $ac_cv_lib_z_inflateEnd 6; } if test x$ac_cv_lib_z_inflateEnd = xyes; then : - LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz + LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -L$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS -L$ZLIB_HOME/lib -lz else as_fn_error $? Please install zlib and zlib-devel packages $LINENO 5 fi diff --git a/configure.ac b/configure.ac index 1287602..b769f5d 100644 --- a/configure.ac +++ b/configure.ac @@ -557,8 +557,8 @@ else if test $ZLIB_HOME != /usr; then CPPFLAGS=$CPPFLAGS -I$ZLIB_HOME/include save_LDFLAGS=$LDFLAGS - LDFLAGS=$LDFLAGS -Wl,-rpath=$ZLIB_HOME/lib - AC_CHECK_LIB([z], [inflateEnd], [LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz], AC_MSG_ERROR([Please install zlib and zlib-devel packages])) + LDFLAGS=$LDFLAGS -L$ZLIB_HOME/lib + AC_CHECK_LIB([z], [inflateEnd], [LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -L$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS -L$ZLIB_HOME/lib -lz], AC_MSG_ERROR([Please install zlib and zlib-devel packages])) AC_CHECK_LIB([z], [gzopen], [], AC_MSG_ERROR([Your zlib is missing gzopen()])) LDFLAGS=$save_LDFLAGS else ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml Shawn, The patch has wrapped in the post, can you post as an attachment or email to me direct. If you could include the required patch command it would speed things up - I don't use patch often enough to be that familiar with it. FAS ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Sat, Nov 17, 2012 at 4:38 PM, Benny Pedersen m...@junc.org wrote: francis picabia skrev den 16-11-2012 21:14: This appears to be what the Debian system does when the freshclam daemon handles things. Should my Redhat cron do the same? if you like to see redhat performs as badly as debian yes What the heck does that mean? Let's phrase the question differently... Does the existance of the daily.* files (extracted from daily.cld) : daily.cfg daily.db daily.ftm daily.hdu daily.ign daily.info daily.ldu daily.mdu daily.ndu daily.wdb daily.fp daily.hdb daily.idb daily.ign2 daily.ldb daily.mdb daily.ndb daily.pdb daily.zmd matter to the performance of clamav, does it work just as well if there is only the daily.cld file? I ask this because it was stated my amavis + clamav scanning issue where some Sanesecurity infections are missed was said to be possibly linked to a missing daily.ftm file. I don't know why, I was just told this. stop using cron to get clamav updated, stop using anything that is started with cron use freshclam, if freshclam gives you issues show them here If I recall, on Debian, it asks whether to run once a day as a cron, or as a daemon. On Redhat it just installs a cron. That is two major Linux distros making cron an option. Has something changed that makes the cron option wrong? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Sat, Nov 17, 2012 at 4:38 PM, Benny Pedersen m...@junc.org wrote: francis picabia skrev den 16-11-2012 21:14: This appears to be what the Debian system does when the freshclam daemon handles things. Should my Redhat cron do the same? if you like to see redhat performs as badly as debian yes stop using cron to get clamav updated, stop using anything that is started with cron use freshclam, if freshclam gives you issues show them here Maybe you misunderstood. The cron was of freshclam run. Anyway, to test if there was a difference I found an example of an init script for Redhat and freshclam and set it up. It runs now as a daemon and I see like the cron of freshclam it updates only two files: -rw--- 1 amavis amavis 468 Nov 19 11:35 mirrors.dat -rw-r--r-- 1 amavis amavis 18211328 Nov 19 11:35 daily.cld The daily.* files are not extracted as they are in the Debian system. Is there a conf variable associated with this? I've already attempted to improve the freshclam.conf on the Redhat with settings I saw on Debian. I currently have: DatabaseDirectory /var/clamav UpdateLogFile /var/log/clamav/freshclam.log LogSyslog yes DatabaseOwner amavis DatabaseMirror db.ca.clamav.net DatabaseMirror db.local.clamav.net NotifyClamd /etc/clamd.conf Debug no AllowSupplementaryGroups false TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Mon, Nov 19, 2012 at 11:59 AM, Erwan David er...@rail.eu.org wrote: On Sat, Nov 17, 2012 at 09:38:30PM CET, Benny Pedersen m...@junc.org said: francis picabia skrev den 16-11-2012 21:14: This appears to be what the Debian system does when the freshclam daemon handles things. Should my Redhat cron do the same? if you like to see redhat performs as badly as debian yes stop using cron to get clamav updated, stop using anything that is started with cron use freshclam, if freshclam gives you issues show them here On my debian, freshclam (debian packaged) is in daemon mode, no cron, and it works... As does mine on Debian. Any idea how the daily.* files are being extracted? Or do you see differently? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Differences between Redhat and Debian clamav set up
I have a primary MX running Redhat, with postfix+amavisd+clamav I also have a secondary MX and SMTP gateway running Debian, with postfix+amavisd-new+clamav Recently we adopted use of Sanesecurity additions, using the scamp script on both MX and SMTP. Root receives virus notifications on the SMTP, and we've noticed some emails which are not caught on inbound but are stopped on outbound, while tracing the quarantined message demonstrates it was the same message, being forwarded out of our domain by a sieve script on cyrus. This issue was discussed on the amavis mailing list, and Noel Jones suggested the symptoms looked like a problem with .ftm files. I searched for such files, and on the Redhat system which sometimes misses a Sanesecurity signature in incoming email, I have an old directory /var/clamav/daily.inc dated 2008 and all files in there as old. # ls -l /var/clamav/daily.inc/ total 3024 -rw-r--r-- 1 amavis amavis 17992 Jan 4 2008 COPYING -rw-r--r-- 1 amavis amavis 142 Apr 29 2008 daily.cfg -rw-r--r-- 1 amavis amavis 26014 Apr 7 2008 daily.db -rw-r--r-- 1 amavis amavis5020 Apr 22 2008 daily.fp -rw-r--r-- 1 amavis amavis5642 May 1 2008 daily.ftm -rw-r--r-- 1 amavis amavis6798 May 2 2008 daily.hdb -rw-r--r-- 1 amavis amavis1224 Feb 6 2008 daily.hdu -rw-r--r-- 1 amavis amavis 32 May 5 2008 daily.ign -rw-r--r-- 1 amavis amavis 672 May 6 2008 daily.info -rw-r--r-- 1 amavis amavis 2667216 May 6 2008 daily.mdb -rw-r--r-- 1 amavis amavis 38567 May 4 2008 daily.mdu -rw-r--r-- 1 amavis amavis 262690 May 6 2008 daily.ndb -rw-r--r-- 1 amavis amavis6935 Apr 29 2008 daily.ndu -rw-r--r-- 1 amavis amavis3218 Mar 27 2008 daily.pdb -rw-r--r-- 1 amavis amavis1454 Feb 28 2008 daily.wdb -rw-r--r-- 1 amavis amavis2922 Jan 4 2008 daily.zmd If I contrast that with the Debian system, it has more current files, within the clamav directory. # ls -l /var/lib/clamav/daily.* -rw-r--r-- 1 root root383 Nov 16 14:00 /var/lib/clamav/daily.cfg -rw-r--r-- 1 amavis amavis 18197504 Nov 15 22:32 /var/lib/clamav/daily.cld -rw-r--r-- 1 root root 25391 Nov 16 14:00 /var/lib/clamav/daily.db -rw-r--r-- 1 root root 40375 Nov 16 14:00 /var/lib/clamav/daily.fp -rw-r--r-- 1 root root 8098 Nov 16 14:00 /var/lib/clamav/daily.ftm -rw-r--r-- 1 root root 104981 Nov 16 14:00 /var/lib/clamav/daily.hdb -rw-r--r-- 1 root root 2676 Nov 16 14:00 /var/lib/clamav/daily.hdu -rw-r--r-- 1 root root 31677 Nov 16 14:00 /var/lib/clamav/daily.idb -rw-r--r-- 1 root root 3958 Nov 16 14:00 /var/lib/clamav/daily.ign -rw-r--r-- 1 root root 2471 Nov 16 14:00 /var/lib/clamav/daily.ign2 -rw-r--r-- 1 root root 1873 Nov 16 14:00 /var/lib/clamav/daily.info -rw-r--r-- 1 root root 83449 Nov 16 14:00 /var/lib/clamav/daily.ldb -rw-r--r-- 1 root root 2373 Nov 16 14:00 /var/lib/clamav/daily.ldu -rw-r--r-- 1 root root 16113730 Nov 16 14:00 /var/lib/clamav/daily.mdb -rw-r--r-- 1 root root 64233 Nov 16 14:00 /var/lib/clamav/daily.mdu -rw-r--r-- 1 root root 835302 Nov 16 14:00 /var/lib/clamav/daily.ndb -rw-r--r-- 1 root root 824779 Nov 16 14:00 /var/lib/clamav/daily.ndu -rw-r--r-- 1 root root 4094 Nov 16 14:00 /var/lib/clamav/daily.pdb -rw-r--r-- 1 root root 6394 Nov 16 14:00 /var/lib/clamav/daily.wdb -rw-r--r-- 1 root root 8689 Nov 16 14:00 /var/lib/clamav/daily.zmd The old daily.inc is probably left over from an upgrade. I use the freshclam scripts daily, but I'm not sure how to correct this on the Redhat system. The other difference is Redhat runs it as a cron, while Debian has a daemon. Here is the daily cron I have on Redhat #!/bin/sh ### A simple update script for the clamav virus database. ### This could as well be replaced by a SysV script. ### fix log file if needed LOG_FILE=/var/log/clamav/freshclam.log if [ ! -f $LOG_FILE ]; then touch $LOG_FILE chmod 644 $LOG_FILE chown amavis:amavis $LOG_FILE fi /usr/bin/freshclam \ --quiet \ --datadir=/var/clamav \ --log=$LOG_FILE \ --daemon-notify=/etc/clamd.conf Are there suggestions on what I should change so I get another version of daily.ftm and other daily.* files as does the Debian configuration? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Fri, Nov 16, 2012 at 2:56 PM, francis picabia fpica...@gmail.com wrote: I have a primary MX running Redhat, with postfix+amavisd+clamav I also have a secondary MX and SMTP gateway running Debian, with postfix+amavisd-new+clamav Recently we adopted use of Sanesecurity additions, using the scamp script on both MX and SMTP. Root receives virus notifications on the SMTP, and we've noticed some emails which are not caught on inbound but are stopped on outbound, while tracing the quarantined message demonstrates it was the same message, being forwarded out of our domain by a sieve script on cyrus. This issue was discussed on the amavis mailing list, and Noel Jones suggested the symptoms looked like a problem with .ftm files. I searched for such files, and on the Redhat system which sometimes misses a Sanesecurity signature in incoming email, I have an old directory /var/clamav/daily.inc dated 2008 and all files in there as old. # ls -l /var/clamav/daily.inc/ total 3024 -rw-r--r-- 1 amavis amavis 17992 Jan 4 2008 COPYING -rw-r--r-- 1 amavis amavis 142 Apr 29 2008 daily.cfg -rw-r--r-- 1 amavis amavis 26014 Apr 7 2008 daily.db -rw-r--r-- 1 amavis amavis5020 Apr 22 2008 daily.fp -rw-r--r-- 1 amavis amavis5642 May 1 2008 daily.ftm -rw-r--r-- 1 amavis amavis6798 May 2 2008 daily.hdb -rw-r--r-- 1 amavis amavis1224 Feb 6 2008 daily.hdu -rw-r--r-- 1 amavis amavis 32 May 5 2008 daily.ign -rw-r--r-- 1 amavis amavis 672 May 6 2008 daily.info -rw-r--r-- 1 amavis amavis 2667216 May 6 2008 daily.mdb -rw-r--r-- 1 amavis amavis 38567 May 4 2008 daily.mdu -rw-r--r-- 1 amavis amavis 262690 May 6 2008 daily.ndb -rw-r--r-- 1 amavis amavis6935 Apr 29 2008 daily.ndu -rw-r--r-- 1 amavis amavis3218 Mar 27 2008 daily.pdb -rw-r--r-- 1 amavis amavis1454 Feb 28 2008 daily.wdb -rw-r--r-- 1 amavis amavis2922 Jan 4 2008 daily.zmd If I contrast that with the Debian system, it has more current files, within the clamav directory. # ls -l /var/lib/clamav/daily.* -rw-r--r-- 1 root root383 Nov 16 14:00 /var/lib/clamav/daily.cfg -rw-r--r-- 1 amavis amavis 18197504 Nov 15 22:32 /var/lib/clamav/daily.cld -rw-r--r-- 1 root root 25391 Nov 16 14:00 /var/lib/clamav/daily.db -rw-r--r-- 1 root root 40375 Nov 16 14:00 /var/lib/clamav/daily.fp -rw-r--r-- 1 root root 8098 Nov 16 14:00 /var/lib/clamav/daily.ftm -rw-r--r-- 1 root root 104981 Nov 16 14:00 /var/lib/clamav/daily.hdb -rw-r--r-- 1 root root 2676 Nov 16 14:00 /var/lib/clamav/daily.hdu -rw-r--r-- 1 root root 31677 Nov 16 14:00 /var/lib/clamav/daily.idb -rw-r--r-- 1 root root 3958 Nov 16 14:00 /var/lib/clamav/daily.ign -rw-r--r-- 1 root root 2471 Nov 16 14:00 /var/lib/clamav/daily.ign2 -rw-r--r-- 1 root root 1873 Nov 16 14:00 /var/lib/clamav/daily.info -rw-r--r-- 1 root root 83449 Nov 16 14:00 /var/lib/clamav/daily.ldb -rw-r--r-- 1 root root 2373 Nov 16 14:00 /var/lib/clamav/daily.ldu -rw-r--r-- 1 root root 16113730 Nov 16 14:00 /var/lib/clamav/daily.mdb -rw-r--r-- 1 root root 64233 Nov 16 14:00 /var/lib/clamav/daily.mdu -rw-r--r-- 1 root root 835302 Nov 16 14:00 /var/lib/clamav/daily.ndb -rw-r--r-- 1 root root 824779 Nov 16 14:00 /var/lib/clamav/daily.ndu -rw-r--r-- 1 root root 4094 Nov 16 14:00 /var/lib/clamav/daily.pdb -rw-r--r-- 1 root root 6394 Nov 16 14:00 /var/lib/clamav/daily.wdb -rw-r--r-- 1 root root 8689 Nov 16 14:00 /var/lib/clamav/daily.zmd The old daily.inc is probably left over from an upgrade. I use the freshclam scripts daily, but I'm not sure how to correct this on the Redhat system. The other difference is Redhat runs it as a cron, while Debian has a daemon. Here is the daily cron I have on Redhat #!/bin/sh ### A simple update script for the clamav virus database. ### This could as well be replaced by a SysV script. ### fix log file if needed LOG_FILE=/var/log/clamav/freshclam.log if [ ! -f $LOG_FILE ]; then touch $LOG_FILE chmod 644 $LOG_FILE chown amavis:amavis $LOG_FILE fi /usr/bin/freshclam \ --quiet \ --datadir=/var/clamav \ --log=$LOG_FILE \ --daemon-notify=/etc/clamd.conf Are there suggestions on what I should change so I get another version of daily.ftm and other daily.* files as does the Debian configuration? OK, I've now learned I can extract the daily.* files from daily.cld using sigtool --unpack daily.cld This appears to be what the Debian system does when the freshclam daemon handles things. Should my Redhat cron do the same? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)
I've tried a build on an ancient RedHat system and the make seems to complete ok but a make check fails with: make[2]: Entering directory `/test/email/clamav-devel/unit_tests' CC check_clamav-check_clamav.o CC check_clamav-check_jsnorm.o CC check_clamav-check_str.o CC check_clamav-check_regex.o CC check_clamav-check_disasm.o CC check_clamav-check_uniq.o CC check_clamav-check_matchers.o CC check_clamav-check_htmlnorm.o CC check_clamav-check_bytecode.o check_bytecode.c:526: parse error before `barrier' check_bytecode.c:526: warning: data definition has no type or storage class make[2]: *** [check_clamav-check_bytecode.o] Error 1 had no problems with 0.96.4 FAS Tomasz Kojm wrote: Dear Users, we're going to release a new version of ClamAV on Monday, November 29. ClamAV 0.96.5 will include bugfixes and minor feature enhancements, such as improved handling of detection statistics, better file logging, and support for custom database URLs in freshclam. You can find more information in the ChangeLog: http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=HEAD and our Bugzilla: https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXEDquery_format=advancedbug_status=RESOLVEDproduct=ClamAVtarget_milestone=0.96.5 You can help by testing (or just running ./configure make check) the latest code available in our Git repository - the latest snapshot tarball can be grabbed here: http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz Thank you in advance, ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)
I should have said that the build seems to work fine, it's only the check that is having problems. FAS Francis Stevens wrote: I've tried a build on an ancient RedHat system and the make seems to complete ok but a make check fails with: make[2]: Entering directory `/test/email/clamav-devel/unit_tests' CC check_clamav-check_clamav.o CC check_clamav-check_jsnorm.o CC check_clamav-check_str.o CC check_clamav-check_regex.o CC check_clamav-check_disasm.o CC check_clamav-check_uniq.o CC check_clamav-check_matchers.o CC check_clamav-check_htmlnorm.o CC check_clamav-check_bytecode.o check_bytecode.c:526: parse error before `barrier' check_bytecode.c:526: warning: data definition has no type or storage class make[2]: *** [check_clamav-check_bytecode.o] Error 1 had no problems with 0.96.4 FAS Tomasz Kojm wrote: Dear Users, we're going to release a new version of ClamAV on Monday, November 29. ClamAV 0.96.5 will include bugfixes and minor feature enhancements, such as improved handling of detection statistics, better file logging, and support for custom database URLs in freshclam. You can find more information in the ChangeLog: http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=HEAD and our Bugzilla: https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXEDquery_format=advancedbug_status=RESOLVEDproduct=ClamAVtarget_milestone=0.96.5 You can help by testing (or just running ./configure make check) the latest code available in our Git repository - the latest snapshot tarball can be grabbed here: http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz Thank you in advance, ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)
Thanks for that, I've pulled down the latest version but still see the same error with make check. FAS Török Edwin wrote: On Tue, 23 Nov 2010 10:32:02 + Francis Stevensfrancis.stev...@bristow.co.uk wrote: I've tried a build on an ancient RedHat system and the make seems to complete ok but a make check fails with: You should upgrade that to something newer. It probably has hundreds of exploits by now. I fail to see any reason of keeping it (support has probably expired by now anyway, if it had any). make[2]: Entering directory `/test/email/clamav-devel/unit_tests' CC check_clamav-check_clamav.o CC check_clamav-check_jsnorm.o CC check_clamav-check_str.o CC check_clamav-check_regex.o CC check_clamav-check_disasm.o CC check_clamav-check_uniq.o CC check_clamav-check_matchers.o CC check_clamav-check_htmlnorm.o CC check_clamav-check_bytecode.o check_bytecode.c:526: parse error before `barrier' check_bytecode.c:526: warning: data definition has no type or storage I commited something that should help, please grab latest version and test again. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)
ancient... 2.2.4 Török Edwin wrote: On Tue, 23 Nov 2010 12:17:02 + Francis Stevensfrancis.stev...@bristow.co.uk wrote: Thanks for that, I've pulled down the latest version but still see the same error with make check. And your glibc version is? --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)
That fixed it!! Thanks for taking time to look into this for such an old system (and sysadmin come to that :-)) FAS Török Edwin wrote: On Tue, 23 Nov 2010 14:14:30 + Francis Stevensfrancis.stev...@bristow.co.uk wrote: ancient... 2.2.4 OK, I set the ifdef to 2.3 (looks like it got introduced in 2.2.5). Does it work now? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd memory usage (Solved)
Chris wrote: I've misplaced the original post I made so I can't reply to it, however I'd like to make a note for the archives what the problem is and to thank Steve Basford and Edwin for the their help in finding it. Seems like I had both a main.cvd and main.cld. I removed the main.cld file and all is back to the way it should be. Chris I was interested in this thread and so checked my clam folder on seeing this. I've got a main.cld file and no main.cvd have I got a problem (everything seems to be working correctly)? FAS ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (no subject)
Leonardo Rodrigues wrote: Em 16/04/2010 07:22, Török Edwin escreveu: On 04/16/2010 01:07 PM, Dima wrote: I have something very much doubt that this can be done on the old compiler using libraries of those times. People have successfully built ClamAV on various old systems, maybe not with all the features, but it surely built and run. just as example, i could successfully built and get clamav 0.95.3 on a redhat 9 box with GCC 3.2.2. Thats surely an example of OLD system ! It was released in 2003 and its EOL was 2004-04-30. I've even managed to build 0.96 on a Redhat 7.2 based system, gcc 2.96 (Redhat patched version), though I did have to update zlib manually to get make check to pass. havent tried clamav 0.96 because i had 0.95 confs ready and had to upgrade quickly after the kill signature was published yesterday. [r...@correio root]# cat /etc/redhat-release Red Hat Linux release 9 (Shrike) [r...@correio root]# gcc --version gcc (GCC) 3.2.2 20030222 (Red Hat Linux 3.2.2-5) Copyright (C) 2002 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. [r...@correio root]# clamd --version ClamAV 0.95.3-exp/10751/Thu Apr 15 23:23:45 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upgrading System for latest ClamAV version
Simon Hobson wrote: And then of course, there's an element of which language ? It's one thing if I can just hit make clean ; make and it all works - but when it doesn't - then being able to at least read whatever language is kinda useful. I do have some programming experience (done Pascal and PLM/51 in the past, mostly stick to shell now) - and yes I've managed to tweak a few things in the past when I've had to. Next week I might well download the source and see what happens. It is possible to build clam on Sarge (I've just verified that is true). If your going to try this next week the following may help... The minimum packages required to build it are (I think): build-essential zlib1g zlib1g-dev zlib1g-dev will pull in some other packages when it's installed. grab the source for clam from sourceforge and unpack it. % tar xzf clamav-0.96.tar.gz this creates a folder clamav-0.96 in the current directory.. % cd clamav-0.96 use the configure script to configure the installation, the following worked for me: % ./configure --sysconfdir=/etc --with-user=vscan --with-group=vscan assuming this runs without error % make will build clam % make install will install everything to /usr/local/bin, /usr/local/lib, /usr/local/sbin in the source directory there is a directory etc which has templates for /etc/clamd.conf and /etc/freshclam.conf but the versions already there may be sufficient. If you want to test all this before hitting your production server and you have a Windows XP desktop available with sufficient RAM and disc space you could consider grabbing a copy of VMware Server 2.0.2 from www.vmware.com, it's a free download, and building a virtual server running Sarge (this is what I did to run this test). All the best. FAS ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Problems installing 0.95.3
I'm trying to install 0.95.3 on a RedHat system currently running 0.95.2 and am getting the following error from make install make[4]: Entering directory `/root/email/clamav-0.95.3/libclamav' test -z /usr/local/lib/ || /bin/mkdir -p /usr/local/lib/ /bin/sh ../libtool --mode=install /usr/bin/install -c libclamunrar.la libclamunrar_iface.la libclamav.la '/usr/local/lib/' libtool: install: /usr/bin/install -c .libs/libclamunrar.so.6.0.5 /usr/local/lib/libclamunrar.so.6.0.5 libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so.6 || { rm -f libclamunrar.so.6 ln -s libclamunrar.so.6.0.5 libclamunrar.so.6; }; }) libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so || { rm -f libclamunrar.so ln -s libclamunrar.so.6.0.5 libclamunrar.so; }; }) libtool: install: /usr/bin/install -c .libs/libclamunrar.lai /usr/local/lib/libclamunrar.la libtool: install: error: cannot install `libclamunrar_iface.la' to a directory not ending in /usr/local/lib/ make[4]: *** [install-libLTLIBRARIES] Error 1 make[4]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[3]: *** [install-am] Error 2 make[3]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make: *** [install-recursive] Error 1 I can't make out why it is failing, after the failure /usr/local/lib contains: libclamunrar.la libclamunrar.so.6.0.5 libclamunrar.so libclamunrar.so.6 the make didn't return any errors and I can reinstall 0.95.2 without problems (using make install). Does anyone have any ideas what the problem might be? FAS ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems installing 0.95.3
This may be misleading but the corresponding snippet from the make install for 0.95.2 is: make[3]: Entering directory `/root/email/clamav-0.95.2/libclamav/lzma' make[4]: Entering directory `/root/email/clamav-0.95.2/libclamav/lzma' make[4]: Nothing to be done for `install-exec-am'. make[4]: Nothing to be done for `install-data-am'. make[4]: Leaving directory `/root/email/clamav-0.95.2/libclamav/lzma' make[3]: Leaving directory `/root/email/clamav-0.95.2/libclamav/lzma' Making install in . make[3]: Entering directory `/root/email/clamav-0.95.2/libclamav' make[4]: Entering directory `/root/email/clamav-0.95.2/libclamav' test -z /usr/local/lib/ || /bin/mkdir -p /usr/local/lib/ /bin/sh ../libtool --mode=install /usr/bin/install -c 'libclamunrar.la' '/usr/local/lib//libclamunrar.la' libtool: install: /usr/bin/install -c .libs/libclamunrar.so.6.0.4 /usr/local/lib//libclamunrar.so.6.0.4 libtool: install: (cd /usr/local/lib/ { ln -s -f libclamunrar.so.6.0.4 libclamunrar.so.6 || { rm -f libclamunrar.so.6 ln -s libclamunrar.so.6.0.4 libclamunrar.so.6; }; }) libtool: install: (cd /usr/local/lib/ { ln -s -f libclamunrar.so.6.0.4 libclamunrar.so || { rm -f libclamunrar.so ln -s libclamunrar.so.6.0.4 libclamunrar.so; }; }) libt see that the call to libtool has a different argument list, in the case of 0.95.2 only libclamunrar.la whereas for 0.95.3 it is libclamunrar.la libclamunrar_iface.la libclamav.la. For 0.95.2 the second two libraries are installed individually, is it this bundling that is causing the problem? If only I understood advanced Makefiles I might stand a chance of making this change... FAS Francis Stevens wrote: I'm trying to install 0.95.3 on a RedHat system currently running 0.95.2 and am getting the following error from make install make[4]: Entering directory `/root/email/clamav-0.95.3/libclamav' test -z /usr/local/lib/ || /bin/mkdir -p /usr/local/lib/ /bin/sh ../libtool --mode=install /usr/bin/install -c libclamunrar.la libclamunrar_iface.la libclamav.la '/usr/local/lib/' libtool: install: /usr/bin/install -c .libs/libclamunrar.so.6.0.5 /usr/local/lib/libclamunrar.so.6.0.5 libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so.6 || { rm -f libclamunrar.so.6 ln -s libclamunrar.so.6.0.5 libclamunrar.so.6; }; }) libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so || { rm -f libclamunrar.so ln -s libclamunrar.so.6.0.5 libclamunrar.so; }; }) libtool: install: /usr/bin/install -c .libs/libclamunrar.lai /usr/local/lib/libclamunrar.la libtool: install: error: cannot install `libclamunrar_iface.la' to a directory not ending in /usr/local/lib/ make[4]: *** [install-libLTLIBRARIES] Error 1 make[4]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[3]: *** [install-am] Error 2 make[3]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make: *** [install-recursive] Error 1 I can't make out why it is failing, after the failure /usr/local/lib contains: libclamunrar.la libclamunrar.so.6.0.5 libclamunrar.so libclamunrar.so.6 the make didn't return any errors and I can reinstall 0.95.2 without problems (using make install). Does anyone have any ideas what the problem might be? FAS ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems installing 0.95.3
some progress... I have copied the Makefile from libclamav/ for 0.95.2 to replace the Makefile in the same folder for 0.95.3 and the make install now works without error, but what I can't be sure of since I messed with the Makefile is that everything is installed properly... FAS Francis Stevens wrote: This may be misleading but the corresponding snippet from the make install for 0.95.2 is: make[3]: Entering directory `/root/email/clamav-0.95.2/libclamav/lzma' make[4]: Entering directory `/root/email/clamav-0.95.2/libclamav/lzma' make[4]: Nothing to be done for `install-exec-am'. make[4]: Nothing to be done for `install-data-am'. make[4]: Leaving directory `/root/email/clamav-0.95.2/libclamav/lzma' make[3]: Leaving directory `/root/email/clamav-0.95.2/libclamav/lzma' Making install in . make[3]: Entering directory `/root/email/clamav-0.95.2/libclamav' make[4]: Entering directory `/root/email/clamav-0.95.2/libclamav' test -z /usr/local/lib/ || /bin/mkdir -p /usr/local/lib/ /bin/sh ../libtool --mode=install /usr/bin/install -c 'libclamunrar.la' '/usr/local/lib//libclamunrar.la' libtool: install: /usr/bin/install -c .libs/libclamunrar.so.6.0.4 /usr/local/lib//libclamunrar.so.6.0.4 libtool: install: (cd /usr/local/lib/ { ln -s -f libclamunrar.so.6.0.4 libclamunrar.so.6 || { rm -f libclamunrar.so.6 ln -s libclamunrar.so.6.0.4 libclamunrar.so.6; }; }) libtool: install: (cd /usr/local/lib/ { ln -s -f libclamunrar.so.6.0.4 libclamunrar.so || { rm -f libclamunrar.so ln -s libclamunrar.so.6.0.4 libclamunrar.so; }; }) libt see that the call to libtool has a different argument list, in the case of 0.95.2 only libclamunrar.la whereas for 0.95.3 it is libclamunrar.la libclamunrar_iface.la libclamav.la. For 0.95.2 the second two libraries are installed individually, is it this bundling that is causing the problem? If only I understood advanced Makefiles I might stand a chance of making this change... FAS Francis Stevens wrote: I'm trying to install 0.95.3 on a RedHat system currently running 0.95.2 and am getting the following error from make install make[4]: Entering directory `/root/email/clamav-0.95.3/libclamav' test -z /usr/local/lib/ || /bin/mkdir -p /usr/local/lib/ /bin/sh ../libtool --mode=install /usr/bin/install -c libclamunrar.la libclamunrar_iface.la libclamav.la '/usr/local/lib/' libtool: install: /usr/bin/install -c .libs/libclamunrar.so.6.0.5 /usr/local/lib/libclamunrar.so.6.0.5 libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so.6 || { rm -f libclamunrar.so.6 ln -s libclamunrar.so.6.0.5 libclamunrar.so.6; }; }) libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so || { rm -f libclamunrar.so ln -s libclamunrar.so.6.0.5 libclamunrar.so; }; }) libtool: install: /usr/bin/install -c .libs/libclamunrar.lai /usr/local/lib/libclamunrar.la libtool: install: error: cannot install `libclamunrar_iface.la' to a directory not ending in /usr/local/lib/ make[4]: *** [install-libLTLIBRARIES] Error 1 make[4]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[3]: *** [install-am] Error 2 make[3]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make: *** [install-recursive] Error 1 I can't make out why it is failing, after the failure /usr/local/lib contains: libclamunrar.la libclamunrar.so.6.0.5 libclamunrar.so libclamunrar.so.6 the make didn't return any errors and I can reinstall 0.95.2 without problems (using make install). Does anyone have any ideas what the problem might be? FAS ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems installing 0.95.3
Török Edwin wrote: On 2009-10-29 12:42, Francis Stevens wrote: I'm trying to install 0.95.3 on a RedHat system currently running 0.95.2 and am getting the following error from make install Which RedHat version, is it a RHEL? It's an old system based on Redhat 7.2 but with a new kernel and some updated libraries. It looks like a mismatch between the prefix specified during configure, and the prefix specified during make install. Perhaps it is a mismatch between /usr/local/lib and /usr/local/lib64. What is the exact command-line you used to invoke configure? ./configure -sysconfdir=/etc \ -with-user=vscan \ -with-group=vscan \ What is the exact command-line used for make and make install? make make install What does this command output: grep libdir libclamav/*.la [r...@charlie clamav-0.95.3]# grep libdir libclamav/*.la libclamav/libclamav.la:libdir='/usr/local/lib/' libclamav/libclamav_internal_utils.la:libdir='' libclamav/libclamav_internal_utils_nothreads.la:libdir='' libclamav/libclamunrar.la:libdir='/usr/local/lib/' libclamav/libclamunrar_iface.la:libdir='/usr/local/lib/' [r...@charlie clamav-0.95.3]# FAS ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems installing 0.95.3
Rick, Thank's for that, it has fixed my install problem. Will you raise the bug report or should I? FAS Rick Cooper wrote: Original Message From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Francis Stevens Sent: Thursday, October 29, 2009 6:43 AM To: ClamAV users ML Subject: [Clamav-users] Problems installing 0.95.3 I'm trying to install 0.95.3 on a RedHat system currently running 0.95.2 and am getting the following error from make install make[4]: Entering directory `/root/email/clamav-0.95.3/libclamav' test -z /usr/local/lib/ || /bin/mkdir -p /usr/local/lib/ /bin/sh ../libtool --mode=install /usr/bin/install -c libclamunrar.la libclamunrar_iface.la libclamav.la '/usr/local/lib/' libtool: install: /usr/bin/install -c .libs/libclamunrar.so.6.0.5 /usr/local/lib/libclamunrar.so.6.0.5 libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so.6 || { rm -f libclamunrar.so.6 ln -s libclamunrar.so.6.0.5 libclamunrar.so.6; }; }) libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so || { rm -f libclamunrar.so ln -s libclamunrar.so.6.0.5 libclamunrar.so; }; }) libtool: install: /usr/bin/install -c .libs/libclamunrar.lai /usr/local/lib/libclamunrar.la libtool: install: error: cannot install `libclamunrar_iface.la' to a directory not ending in /usr/local/lib/ make[4]: *** [install-libLTLIBRARIES] Error 1 make[4]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[3]: *** [install-am] Error 2 make[3]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make: *** [install-recursive] Error 1 I can't make out why it is failing, after the failure /usr/local/lib contains: libclamunrar.la libclamunrar.so.6.0.5 libclamunrar.so libclamunrar.so.6 the make didn't return any errors and I can reinstall 0.95.2 without problems (using make install). Does anyone have any ideas what the problem might be? I got around this by adding --libdir=/usr/local/lib to the configure line. Yes that is the default but it did infact allow the install to complete correctly. This was not a problem in 0.95.2. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems installing 0.95.3
Bug #1738 raised. FAS Török Edwin wrote: On 2009-10-29 15:37, Rick Cooper wrote: Original Message From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Francis Stevens Sent: Thursday, October 29, 2009 6:43 AM To: ClamAV users ML Subject: [Clamav-users] Problems installing 0.95.3 I'm trying to install 0.95.3 on a RedHat system currently running 0.95.2 and am getting the following error from make install make[4]: Entering directory `/root/email/clamav-0.95.3/libclamav' test -z /usr/local/lib/ || /bin/mkdir -p /usr/local/lib/ /bin/sh ../libtool --mode=install /usr/bin/install -c libclamunrar.la libclamunrar_iface.la libclamav.la '/usr/local/lib/' libtool: install: /usr/bin/install -c .libs/libclamunrar.so.6.0.5 /usr/local/lib/libclamunrar.so.6.0.5 libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so.6 || { rm -f libclamunrar.so.6 ln -s libclamunrar.so.6.0.5 libclamunrar.so.6; }; }) libtool: install: (cd /usr/local/lib { ln -s -f libclamunrar.so.6.0.5 libclamunrar.so || { rm -f libclamunrar.so ln -s libclamunrar.so.6.0.5 libclamunrar.so; }; }) libtool: install: /usr/bin/install -c .libs/libclamunrar.lai /usr/local/lib/libclamunrar.la libtool: install: error: cannot install `libclamunrar_iface.la' to a directory not ending in /usr/local/lib/ make[4]: *** [install-libLTLIBRARIES] Error 1 make[4]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[3]: *** [install-am] Error 2 make[3]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make[1]: *** [install] Error 2 make[1]: Leaving directory `/root/email/clamav-0.95.3/libclamav' make: *** [install-recursive] Error 1 I can't make out why it is failing, after the failure /usr/local/lib contains: libclamunrar.la libclamunrar.so.6.0.5 libclamunrar.so libclamunrar.so.6 the make didn't return any errors and I can reinstall 0.95.2 without problems (using make install). Does anyone have any ideas what the problem might be? I got around this by adding --libdir=/usr/local/lib to the configure line. Yes that is the default but it did infact allow the install to complete correctly. This was not a problem in 0.95.2. Can you open a bug at bugs.clamav.net so we can track this? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Scanning performance issues on some files
I have been having the same problem and was even more puzzled when scanning the rogue file on my test system didn't exhibit the same problem (it scanned in a fraction of a second as against over a minute on my production system). The reason for the difference was that in /etc/clamd.conf on my test system I have the configuration: MaxFileSize 15M and on the production system the configuration was the default: MaxFileSize 30M changing the line on the production system and restarting clamd made things better, but I think it may just be that the scan aborted quicker. FAS [EMAIL PROTECTED] wrote: Hi, For a couple of days now, I have some performance issues with clamav. I use clamav on my email server to scan incoming traffic. I faced the problem yesterday with the Trojan.Agent-49425 before clamav was considering it as a virus. The scanning time of this 35KB zipped file was 16444.5 ms, once considered as a virus it was taking 50.531 ms to scan it. Today I face the same problem with an email containing a zipped file with the virus Email.Trojan-14. It's a 32KB file and clamdscan take 15s to scan it. I'm currently using clamav 0.94. I really don't know what to do to fix this issue. Thanks for your help. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] server type (local/TCP) error found in /tmp/clamd.log
On Thu, Aug 24, 2006 at 10:15:46AM +0300, Odhiambo Washington said: * On 24/08/06 14:37 +0800, Francis (188Web) wrote: | Hi, | | After installation of clamav-0.88.4 package, it works fine with | cvd files update and files scan | freshclam -v | clamscan -r /* | | but error found in the /tmp/clamd.log as shown | | +++ Started at Wed Aug 23 16:53:16 2006 | clamd daemon 0.88.4 (OS: linux-gnu, ARCH: i386, CPU: i686) | Log file size limited to 2097152 bytes. | ERROR: Please select server type (local/TCP). | | I don't know what is going wrong and how to fix the server type error. There is a default size limit for the log file in clamd.conf. You need to increase that limit if your server is a busy one, and also rotate the file using logrotate/newsyslog (depending on your OS). Um, while that's true, the problem is actually the line following that. It means the OP has both Unix and TCP socket definitions in their clamd.conf. So, to the OP: pick one that you want and comment the other out. Hi, Sorry for the late reply because I don't know how to find a way to reply this. No reply button except for a new thread. I just send it using copy paste. Could u pls tell me what is OP. I can't find it in clamd.conf. Only have TCPSocket TCPAddr. LogFileMaxSize has been set to 0, ERROR: Please select server type (local/TCP) still appeared. ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] server type (local/TCP) error found in /tmp/clamd.log
Hi, After installation of clamav-0.88.4 package, it works fine with cvd files update and files scan freshclam -v clamscan -r /* but error found in the /tmp/clamd.log as shown +++ Started at Wed Aug 23 16:53:16 2006 clamd daemon 0.88.4 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 2097152 bytes. ERROR: Please select server type (local/TCP). I don't know what is going wrong and how to fix the server type error. Rgds, Francis ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virus Volumes
Doug Hardie wrote: I have been running clamav for quite some time now. For most of that time I was receiving between 1500 and 2000 viruses per day. However, lately the number is down to about 200 per day. I don't have any users complaining about receiving viruses so I don't think there is a problem with clamav. Is the virus volume really decreasing? I think it maybe, we are seeing a lot less per day. Most ISP ads in the UK these days are trumpeting their anti-virus and anti-spam filters so perhasp we are all going to benfit from the herd immunity effect. FAS ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Exploit.W32.MS05-002 False Positives
I'm seeing several false positives for Exploit.W32.MS05-002 since I upgraded to 0.82 yesterday. I've posted samples to the submission website but would like to do something about this. Using sigtool -l doesn't list Exploit.W32.MS05-002 as a signature in the database, is there any way I can disable this check? I tried reverting to 0.81 but that didn't help. FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
Francis Stevens wrote: I'm seeing several false positives for Exploit.W32.MS05-002 since I upgraded to 0.82 yesterday. I've posted samples to the submission website but would like to do something about this. Using sigtool -l doesn't list Exploit.W32.MS05-002 as a signature in the database, is there any way I can disable this check? I tried reverting to 0.81 but that didn't help. Finally worked out how to (correctly) revert to 0.81, had to remove the libraries in /usr/local/lib before doing the make install for 0.81. I'm no longer getting the false positives, just the WARNING message from freshclam - which I'm happy to ignore until the other issue is dealt with. Am I right that the MS05-002 check is built into the clamscan executable (libclamav) an is not a true signature? FAS FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
Ralf Hildebrandt wrote: * Francis Stevens [EMAIL PROTECTED]: Finally worked out how to (correctly) revert to 0.81, had to remove the libraries in /usr/local/lib before doing the make install for 0.81. I'm no longer getting the false positives, just the WARNING message from freshclam - which I'm happy to ignore until the other issue is dealt with. Am I right that the MS05-002 check is built into the clamscan executable (libclamav) an is not a true signature? Same here, what is the fix? My fix was to go back to 0.81. Hopefully the ClamAV team will be able to suggest a better one FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
Trog wrote: You can apply the enclosed patch if you want less stringent checking. Tried the patch and it fixes the problem for all the false positives I've seen so far, so it looks good to me. Will this make it into 0.83? Thanks for the rapid response. FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
Trog wrote: BTW, all the false positives I've seen so far are also reported as broken by the showriff utility, which was written specifically to check these files. For example: $ showriff virus-2005-02-08-n0009134 Contents of file virus-2005-02-08-n0009134 (18926/0x8926 bytes): All the problem files I've had are Powerpoint and Word files. For the Powerpoint files it was a common background image. FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] False positive with Oversized.zip
Since I upgraded to 0.80 I am seeing many false positives for the Oversized.zip virus, I have posted samples at the ClamAV website but in the mean time is there a way of removing the signatures for this virus from my copy of the database? FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] False positive with Oversized.zip
If only I'd waited a bit longer... I now find the answer to my own question in the FAQ (should have looked first... a case of engaging the maillist before the brain... sorry). I post the correct answer here in case anyone else is a stupid as me!! # I get many false positives of Oversized.zip Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it's considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting. Francis Stevens wrote: Since I upgraded to 0.80 I am seeing many false positives for the Oversized.zip virus, I have posted samples at the ClamAV website but in the mean time is there a way of removing the signatures for this virus from my copy of the database? FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] False positive with Oversized.zip
I don't feel so stupid now... I've set ArchiveMaxCompressionRatio to 0 to disable the limit and I still get the Oversized.zip FOUND message with clamscan and clamdscan. With clamscan I can use --max-ratio=0 and everything is OK but I'm actually using amavisd-new so this isn't an option. Anyone know whay ArchiveMaxCompressionRatio doesn't work and what I can do about it? FAS Francis Stevens wrote: If only I'd waited a bit longer... I now find the answer to my own question in the FAQ (should have looked first... a case of engaging the maillist before the brain... sorry). I post the correct answer here in case anyone else is a stupid as me!! # I get many false positives of Oversized.zip Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it's considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting. Francis Stevens wrote: Since I upgraded to 0.80 I am seeing many false positives for the Oversized.zip virus, I have posted samples at the ClamAV website but in the mean time is there a way of removing the signatures for this virus from my copy of the database? FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] False positive with Oversized.zip
So I'm slightly stupid... I now know that clamscan doesn't seem to read the options in /etc/clamd.conf but clamdscan does (or rather clamd does), but of course you have to restart clamd after changing a value. Obviously must try harder as they used to say at school. FAS Francis Stevens wrote: I don't feel so stupid now... I've set ArchiveMaxCompressionRatio to 0 to disable the limit and I still get the Oversized.zip FOUND message with clamscan and clamdscan. With clamscan I can use --max-ratio=0 and everything is OK but I'm actually using amavisd-new so this isn't an option. Anyone know whay ArchiveMaxCompressionRatio doesn't work and what I can do about it? FAS Francis Stevens wrote: If only I'd waited a bit longer... I now find the answer to my own question in the FAQ (should have looked first... a case of engaging the maillist before the brain... sorry). I post the correct answer here in case anyone else is a stupid as me!! # I get many false positives of Oversized.zip Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it's considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting. Francis Stevens wrote: Since I upgraded to 0.80 I am seeing many false positives for the Oversized.zip virus, I have posted samples at the ClamAV website but in the mean time is there a way of removing the signatures for this virus from my copy of the database? FAS ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Missing W32.Magistr.A signature
I've just upgraded to clamav 0.75 and as a result of running my testsuite I've found that clamscan no longer detects the W32.Magistr.A virus. This seems to be an issue with the signature database (I run freshclam from cron) as when I put back a copy of the signature database from a couple of weeks ago clamscan started detecting W32.Magistr.A again. Everything seems to be working OK and clamscan detects a Worm.Bagle.Gen example I have. Is this a known issue? Have I missed an announcement somewhere? Can anyone help? Thanks FAS --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [clamav-users] Installation problem
Do you have kernel headers installed ? Try the following command at the terminal prompt (you do not need to be root to do this) rpm -qa | fgrep kernel, then post the results here. Do have directories /usr/include/linux /usr/include/asm with a lot of .h files. Result of rpm -qa | fgrep kernel as shown below : kernel-2.4.18-14 kernel-utils-2.4-8.13 kernel-pcmcia-cs-3.1.31-9 kernel-doc-2.4.18-14 kernel-source-2.4.18-14 kernel-debug-2.4.18-14 kernel-uml-2.4.18-14 Rgds, Francis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]