Re: [Clamav-users] REPOST - Some PDF files report as Zip module errors?
On Mon, Nov 13, 2006 at 10:12:45AM -0500, [EMAIL PROTECTED] wrote: This thread was originally in dec 2005. I am having the same issue. When I run a test PDF named testfile_js.pdf this through clamav I receive the following error message: pathToFile\testfile_js.pdf: Zip module failure ERROR Try CVS version, it should be fixed. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=43 Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Complexity limit on (custom) signatures?
On Sat, Oct 28, 2006 at 04:28:47PM -0700, Dennis Peterson wrote: I don't get it.. unless you have some big honeypot, maybe 5% of traffic contain small images to be OCRd. If your server can't handle that, I guess it's running out of juice anyway. :) You can even easily create separate scanning queue for OCR, so it doesn't interfere with normal traffic. You may have missed that I'm in the image industry - a great deal of what we do is imagery including imagery with text in it, and as we have to scan all images over a particular size, it would require more cpu than is worth it. Ok that's fair. But you probably meant: scan everything _under_ SpamAssassin scan size. That's only whole messages less than ~256kB to be scanned by default in most software. I guess if you get images from all over, you can't whitelist etc then. Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Complexity limit on (custom) signatures?
On Sat, Oct 28, 2006 at 09:20:55AM -0700, Dennis Peterson wrote: I've explored OCR on both color and de-colorized images and there have been successes, but not enough to warrant turning it on in production. It is very cpu intensive. I don't get it.. unless you have some big honeypot, maybe 5% of traffic contain small images to be OCRd. If your server can't handle that, I guess it's running out of juice anyway. :) You can even easily create separate scanning queue for OCR, so it doesn't interfere with normal traffic. Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] outbound scanning
On Mon, Oct 23, 2006 at 01:50:12AM -0400, Tom Metro wrote: Dennis Peterson wrote: Gerard Seibert wrote: ...I am not particularly interested in scanning outgoing mail. Because you don't scan outgoing mail I have to scan incoming mail from you. For any small shop that keeps a close eye on their machines and network traffic, I'd think the overhead of scanning every outbound message would be a waste. Any small shop would have so little traffic, that the scanning would practically take no resources. Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter with Postfix
On Mon, Oct 23, 2006 at 05:53:30AM -0400, Gerard Seibert wrote: Anyway, we send out several times a week flyers to our customers. These mailings range from 750 to 2000 messages per run. To scan 2000 identical messages is insane, not to mention a total waste of system resources. Other than going to the expense of setting up a separate mail server, etc. I am looking for a way to circumvent this annoyance. So are they sent using Bcc (wise) or as invidivual messages (very stupid)? Any sane system (I prefer postfix/amavisd-new) handles those as a single message. Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Config problem with 0.90RC1
On Mon, Oct 16, 2006 at 02:23:27PM +0200, Balzi Andrea wrote: There are more difference in the configuration file regarding the previous version. On the man these modifications are not present, like the value true to set up. I have found the follow error for ScanRAR: ERROR: Parse error at line 30: Unknown option ScanRAR. And I've also a problem with the unix socket connection, I try this afternoon to delete the socket file. Just forget the old config, and create a new from the ones in source distribution (cd clamav-0.90RC1; cp etc/*.conf /usr/local/etc). Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd not listenting to tcp port
On Mon, Oct 16, 2006 at 03:20:42PM +0200, Torsten Bauer wrote: hi there, i've upgraded to 0.90rc1 today - but now i'm not able to connect to the daemon any longer: hosting:~ # clamd --version ClamAV 0.90RC1/2035/Sun Oct 15 22:42:30 2006 hosting:~ # /etc/init.d/clamd restart Shutting down ClamAV... ClamAV stopped! Starting ClamAV... Running as user clamav (UID 200, GID 108) ClamAV is now up and running! hosting:~ # ps -ef |grep clam clamav 23772 1 0 15:15 ?00:00:00 /usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav root 23776 5442 0 15:15 pts/100:00:00 grep clam hosting:~ # For some reason 0.90RC1 creates libclamav.so.1.0.10 and 0.88.4 is 1.0.17. If you don't rm -f /usr/local/lib/libclamav* before installing, your ClamAV will use the newer library and dies. I bet this is the reason.. Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can I give clam a list of files to scan
On Fri, Sep 08, 2006 at 10:05:48AM -0700, Dennis Peterson wrote: Hopefully the list is also properly escaped and or quoted. xargs is pretty unhappy with filenames that have special characters in them, or spaces. This is true no matter how the list is submitted to the scanner. This is the gripe I have against using 'find' without sanitizing the output. Thats why we have: find -print0 | xargs -0 hk ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] smtp mail notification on virus found
On Tue, Sep 05, 2006 at 09:40:22AM -0700, Chuck Swiger wrote: On Sep 5, 2006, at 6:30 AM, Erez Epstein wrote: I'm using clamscan and not clamd. is it better to use clamd for the scan? clamdscan is somewhat more efficient than clamscan, so clamdscan is therefore generally preferred. However, note that clamdscan works using the permissions that the clamd daemon runs as (commonly a clamd user), which means that clamdscan may not be able to read all files, whereas a clamscan as root will be able to read everything... If you are running periodic scans, there are no benefits from the faster startup time that clamd(scan) provides. As clamd could be dead or hanged, it is even less robust in that case. Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] bash script to split mbox file and scan individual messages
On Mon, Aug 28, 2006 at 09:25:54AM +0300, Odhiambo Washington wrote: * On 27/08/06 15:02 -0400, Dan MacNeil wrote: | However, I beg to differ on the point that post-delivery scanning is | useless (dumb???). We run clam through amavis. We also clamscan our mail | spool when fresh-clam gives us a new signature. To be honest, in all my years as sysadmin, I don't know why I would want post-delivery scanning. Time to get some glasses man? He just explained it in detail. -hk ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] bash script to split mbox file and scan individual messages
On Mon, Aug 28, 2006 at 09:35:56AM +0300, Henrik Krohns wrote: On Mon, Aug 28, 2006 at 09:25:54AM +0300, Odhiambo Washington wrote: * On 27/08/06 15:02 -0400, Dan MacNeil wrote: | However, I beg to differ on the point that post-delivery scanning is | useless (dumb???). We run clam through amavis. We also clamscan our mail | spool when fresh-clam gives us a new signature. To be honest, in all my years as sysadmin, I don't know why I would want post-delivery scanning. Time to get some glasses man? He just explained it in detail. Replying to myself.. I thought you meant clamscan our mail spool with post-delivery scanning. So apologies if that was the case. But still, after-queue (post-delivery) scanning with amavisd-new is much better.. -hk ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Uninstall
On Fri, Aug 18, 2006 at 07:23:43AM +0200, Scott Ryan wrote: On Friday 18 August 2006 06:02, Robert wrote with regard to - Re: [Clamav-users] Clamav Uninstall : That's my problem ! An 'unnamed colleague' deleted the previous build directory. May I suggest that you start using some sort of package management tool - like RPM ? Everything would be a whole lot easier... Only package management I use is --prefix=/usr/local/clamav ... Uninstalling is as hard as: rm -rf /usr/local/clamav Keep it simple. ;) Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html