[clamav-users] How to delete logs after scan
Buongiorno, è possibile cancellare i log dopo ogni scansone? Se sì come? Grazie -- ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: ClamAV 0.102.0 has been released!
Il 02/10/2019 21:08, Joel Esler (jesler) via clamav-users ha scritto: https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html ClamAV 0.102.0 has been released! Hello, I read "the version of clamonacc (and clamd) released with 0.102.0 is not optimized for sending files and receiving verdicts via a network stream". I use Amavis and clamd with INSTREAM to check infected emails. Clamd is listening at TCP port 3310 the Amavis requests. Do you suggest to upgrade to this last clamd version? Thank you Kind Regards Marco ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Cannot update virus definitions
Hi everyone. I’ve been using ClamAV for years now, on my small NAS. Since yesterday, it’s giving me errors in updating the virus definitions, which has always worked fine until now. I tried downloading the CVD manually and start a manual update on my NAS, but neither of them works (main|dayly|bytecode); they all report an “incorrect file format” error. Am I doing something wrong? Nothing’s changed on my NAS, not that I have much options to mess with in the antivirus applet control panel. Thank you for any advice. Toothsaw ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] rpm files question [was: ClamAV 0.101.2 announcement?]
On 29/03/2019 13:54, Micah Snyder (micasnyd) via clamav-users : This won't help you right now, but our team has been discussing publishing ClamAV on Linux using Snapcraft at the time of each release. Snapcraft sounds like it may be a good option to make ClamAV accessible faster. Would you, and others here, be interested in installing a ClamAV snap in the future? Yes. I never used it before, but if I well understood how it works I think it could be useful! +1 Thanks Marco ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] rpm files question [was: ClamAV 0.101.2 announcement?]
Hello, I use EPEL RPM files to upgrade Clamav on my Linux systems. When urgent vulnerability fixes are released is it advisable to wait for stable rpm? I don't know if it is safe to apply testing rpm. Usually EPEL stable rpms are released after weeks of delay from new Clamav versions. Do you have any hints about use of clamav rpm distributions? Many thanks Warm Regards Marco Il 27/03/2019 18:46, Micah Snyder (micasnyd) via clamav-users wrote: 0.101.2 is a security patch release that includes a handful of urgent vulnerability fixes for issues in 0.101.1 and several that were in 0.100 and prior. Please see the blog announcement for details: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html Micah On 3/27/19, 1:18 PM, "clamav-users on behalf of J.R. via clamav-users" wrote: I saw 0.101.2 was released yesterday (3/26/2019) but I can't find an announcement anywhere? Anything noteworthy on this release? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 beta has been released!
Any hope for eliminating the delay during the reload of the signatures? It blocks the milter and SMTP server for a while. Thanks a lot Marco Il 06/02/2018 00:03, Joel Esler (jesler) ha scritto: http://blog.clamav.net/2018/02/clamav-01000-beta-has-been-released.html ClamAV 0.100.0 beta has been released! ClamAV 0.100.0-beta is the successor to the previous 0.99.3-beta2. The 0.99.3 patch release on January 25th was required to address vulnerability fixes in a timely manner, so the features previously found in 0.99.3 betas have been bumped to this new version. If you haven’t read it, please read the announcement regarding the version number change. <http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html> The 0.100.0-beta includes all of the feature improvements and bug fixes that were in the previous 0.99.3-beta2, plus some additional bug fixes and requested improvements that were found by users of the previous beta. These include: * Eliminating warnings regarding with variables being used before being initialized. * Correcting an issue for those using private mirrors where freshclam attempts to pull down the CVD file if the CLD is up-to-date. * Fixed a bug in the filtering system that caused unexpected behavior for signatures that use the case insensitive signatures (:i). * Increased the max stack size when building ClamAV for non-glibc Linux machines (i.e. musl). * Deprecated the AllowSupplementaryGroups config option in a more graceful way. * Bug fixes to on-access scanning. * A few other bug fixes. We could use community support testing these fixes, of course. That said, our main goal of 0.100.0-beta is to get the community ready for the version string change. Mirror maintainers have been asked to verify that ClamAV clients using the 0.100.0 version number in the HTTP user agent are not blacklisted by regexes intended to drop support for older versions of ClamAV. As a disclaimer, 0.100.0-beta isn’t a release candidate because we have a few outstanding known issues that we must address prior to the 0.100.0 release, and because once the fixes are made we will have to complete regression testing. The known issues blocking release include the following: * The libmspack library install location, name. Bug<https://bugzilla.clamav.net/show_bug.cgi?id=11994> * BlockMax config option may differ slightly from —block-max command line option. Bug<https://bugzilla.clamav.net/show_bug.cgi?id=11970> * Using the ./configure --disable-static will still require llvm-static. Bug<https://bugzilla.clamav.net/show_bug.cgi?id=11995> * Improvements in PDF object parsing (in progress). * Messages when clamscan skips a file due to max file size settings, along with corrections to the —help string. Bug<https://bugzilla.clamav.net/show_bug.cgi?id=11967> * Warnings when building on macOS. Bugs<https://bugzilla.clamav.net/show_bug.cgi?id=11747>, Bugs<https://bugzilla.clamav.net/show_bug.cgi?id=11977> Bugs should be brought to our attention via the clamav-devel mailing list<https://www.clamav.net/contact#ml> or via bugzilla<https://bugzilla.clamav.net/> -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] URGENT: Clamd is wedged on multiple installations
Il 26/01/2018 10:39, Ralf Hildebrandt ha scritto: clamd is leaking filedescriptors for temporary files - ls /proc/`pidof clamd`/fd shows a lot of: lrwx-- 1 root root 64 Jan 26 10:38 993 -> /tmp/clamav-736a3d0d2a944a0a79d465671fb754d5.tmp (deleted) lrwx-- 1 root root 64 Jan 26 10:38 994 -> /tmp/clamav-59b5548fe87bc9a454486cbe37d5c89b.tmp (deleted) lrwx-- 1 root root 64 Jan 26 10:38 995 -> /tmp/clamav-0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted) ... I think that Clamav now knows this very big problem... Anyway these are other logs I see (0.99.2 version on RH EL7): 2018-01-26T03:41:29.246852+01:00 clamd[18086]: LibClamAV Error: cli_gentempfd: Can't create temporary file /tmp/clamav-f553aa378e37664837deb720f2ce10f6.tmp/clamav-ef95d457b05dc585eb4bc09d3fc83edc.tmp: Too many open files 2018-01-26T03:41:29.247296+01:00 clamd[18086]: LibClamAV Warning: fileblobScan, fullname == NULL 2018-01-26T03:41:29.247458+01:00 clamd[18086]: LibClamAV Error: fileblobDestroy: mixedtextportion not saved: report to http://bugs.clamav.net Regards Marco ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] URGENT: Clamd is wedged on multiple installations
Il 26/01/2018 09:00, Reindl Harald ha scritto: freshclam and a custom script downloads anything to /var/lib/clamav-download and then for the two "/var/lib/clamav" and "/var/lib/clamav-sa" basend on file-lists hardlinks are set - from the official only "safebrowsing" is active We have the same problem: I confirm that without official signature Clamav works! Regards Marco ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] LibClamAV Warning: cli_tnef: file truncated, returning CLEAN
Hello, I would like to know what this clamd warn means: "LibClamAV Warning: cli_tnef: file truncated, returning CLEAN" I run ClamAV 0.99.1/21486/Tue Apr 5 22:19:10 2016 on amavisd and clamav-milter. In deep, I would like to know if this warning could be a issue allowing some malwares to bypass a scan. Thank you very much Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] signature by recipient or domain (clamav-milter)?
Hello, I would like to exclude a set of signatures only for a defined list of recipient domains. I would appreciate an ExcludeSignatures option, a kind of whitelist table with Can I already achieve this with some configuration? Thank you very much Best Regards Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] DB update and clamav-milter delay
more help give clamconf on pastebin with a link here is your main and daily uncompressed or compressed ? cvd vs cld files Here are the conf: clamconf http://pastebin.com/zNbRwzTp clamav-milter.conf http://pastebin.com/9kbZN3jK clamd.conf http://pastebin.com/85ys7v96 I have daily.cld main.cvd Thanks a lot Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] DB update and clamav-milter delay
[3rd Party] javascript.ndb: 70417 sigs You didn't update SecuriteInfo.com signatures. ATM, javascript.ndb has 48734 signatures for the free edition, and 25530 signatures for the paid edition. Hello Arnaud, I use clamav-unofficial-sigs.sh 4.5.3 (12 August 2015) with free accounts and the file I have is 39631521 Sep 29 13:59 javascript.ndb It still has 70417 sigs (reloaded now). Thank you Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] DB update and clamav-milter delay
Hello, I installed clamd server (0.98.7) with clamav-milter using RPM of EPEL. With this installation, after every freshclam update session, clamd is forced to read the DB: 2015-09-29T09:12:41.244383+02:00 av1 clamd[15201]: Reading databases from /var/lib/clamav 2015-09-29T09:13:14.950256+02:00 av2 clamav-milter[11957]: Failed to stream to clamd 2015-09-29T09:13:14.950546+02:00 av2 clamav-milter[11957]: Streaming failed 2015-09-29T09:13:20.593439+02:00 av1 clamd[15201]: Database correctly reloaded (5342538 signatures) During this time clamav-milter have a trouble and the SMTP server experiences a delay receiving the mail. On a frontend MSA SMTP server this delay is a problem. I would like to know if there is a better way to configure the DB update, without interruption on service. In case I remove the reload, is SelfCheck of Clamd sufficient to detect a change in DB? Do you have any hint to improve performances? I tried to relax the upgrades, but I see the problem is the time spent to reload the db: 2015-09-29T01:03:15.710526+02:00 av2 clamd[15201]: Reading databases from /var/lib/clamav 2015-09-29T01:03:53.151179+02:00 av2 clamd[15201]: Database correctly reloaded (5342845 signatures) Is there a way to speed up this phase? Maybe putting the db files into a RAM fs? Thank you very much Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] DB update and clamav-milter delay
Hi Marco, Are the signatures official ClamAV ones only or are you using 3rd Party ones as well (if so, could you list them) Cheers, Hello Steve, I'm checking the Sanesecurity signature. I have these: blurl.ndb bofhland_cracked_URL.ndb bofhland_malware_attach.hdb bofhland_malware_URL.ndb bofhland_phishing_URL.ndb crdfam.clamav.hdb foxhole_filename.cdb foxhole_generic.cdb hackingteam.hsb javascript.ndb junk.ndb jurlbl.ndb malwarehash.hsb malwarepatrol.db phish.ndb phishtank.ndb porcupine.ndb rogue.hdb sanesecurity.ftm scam.ndb securiteinfoascii.hdb securiteinfo.hdb securiteinfohtml.hdb securiteinfo.ign2 securiteinfopdf.hdb sigwhitelist.ign2 spamattach.hdb spamimg.hdb spearl.ndb spear.ndb winnow.attachments.hdb winnow_bad_cw.hdb winnow_extended_malware.hdb winnow_malware.hdb winnow_malware_links.ndb I now noticed that reload time decrease if I remove SecuriteInfo. Really I don't find securiteinfo match in log of viruses, so I could remove it permanently... Do you have any hint about signature to keep for email traffic? I'll also try to move fs in tmpfs... Thank you very much Best Regards Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter: ClamAV, mi_rd_cmd: read returned -1: Connection reset by peer
Hello How many Postfix servers? Do you know that your clamd server is capable of sustaining the load from the many Postfix servers? now I have four postfix servers. The load on clamav servers is low... this is an instance: top - 15:24:36 up 31 days, 19:17, 1 user, load average: 0.14, 0.08, 0.02 Tasks: 116 total, 1 running, 115 sleeping, 0 stopped, 0 zombie Cpu0 : 1.7%us, 1.0%sy, 0.0%ni, 97.0%id, 0.0%wa, 0.0%hi, 0.3%si, 0.0%st Cpu1 : 15.0%us, 0.7%sy, 0.0%ni, 84.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 3925152k total, 2742588k used, 1182564k free, 203704k buffers Swap: 2097144k total,17964k used, 2079180k free, 713052k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 10142 clamav20 0 1453m 421m 2132 S 17.3 11.0 139:56.99 clamd 30560 clamav20 0 1918m 889m 940 S 0.7 23.2 10:56.87 clamav-milter procs ---memory-- ---swap-- -io --system-- -cpu- r b swpd free buff cache si sobibo in cs us sy id wa st 0 0 17964 1183096 203704 71305600 41261 2 0 98 0 0 ClamdTOP version 0.98.1 Mon Mar 17 15:40:19 2014 NO CONNTIME LIV IDL QUEUE MAXQ MEM HOST ENGINE DBVER DBTIME 1 00:00:04 18 17 0 0 356M local 0.98.1 18614 2014-03-17 14h Details for Clamd version: ClamAV 0.98.1/18614/Mon Mar 17 14:43:12 2014 Primary threads: live 18 idle 17 max 50 ? [| ] ?Mem: heap 10M mmap0M unused 8M? Queue: 0 items 0 max ?Libc: used0M free9M total 10M? [] ?Pool: count1 used 346M total 346M? ?[||| ] ? ? COMMANDQUEUEDSINCE FILE IDLE 3.800s [...] You could use syslog-ng, and tell it to send them to /dev/null. :) I'll try with rsyslog ;) You could try increasing the Postfix timeout (if that is in fact the cause of the issue) but I wonder if you might need a more powerful clamd server. Scanning for viruses can be processor intensive. I don't see log on Postfix correlated to these warning. Just two or three error a day like this, really: 2014-03-17T12:47:34.538025+01:00 postfix2 postfix/smtpd[17215]: warning: milter inet:example.com:7357: can't read SMFIC_MAIL reply packet header: Connection reset by peer Postfix milter timeout are: milter_command_timeout = 30s milter_connect_timeout = 30s milter_content_timeout = 300s that are greater than clamav timeout (I have a doubt on command_timeout...). Thank you for all hints Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] clamav-milter: ClamAV, mi_rd_cmd: read returned -1: Connection reset by peer
I see the Connection reset by peer notice? Is there something I can do to avoid that notice? Thanks a lot Marco ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[Clamav-users] Freeze after reading db ?
Hi, i'm using Clamav inside the Zimbra Collaboration Suite on ubuntu 6. Clamav version 0.90.2, on ubuntu 6.06.1 server. This behaviour happened with 0.90.3 too. I see that amavisd cannot connect to Clamav Jun 5 00:30:02 mailserver amavis[4348]: (04348-01) Checking: DkmOYJDUMtQR [80.247.70.64] ## - Jun 5 00:30:03 mailserver amavis[4348]: (04348-01) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (1) Jun 5 00:30:04 mailserver amavis[4348]: (04348-01) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2) Jun 5 00:30:07 mailserver zimbramon[20838]: 20838:info: 2007-06-05 00:30:06, QUEUE: 4 1 and looking at clamd.log i see these messages: Mon Jun 4 19:35:33 2007 - +++ Started at Mon Jun 4 19:35:33 2007 Mon Jun 4 19:35:33 2007 - clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686) Mon Jun 4 19:35:33 2007 - Log file size limited to 20971520 bytes. Mon Jun 4 19:35:33 2007 - Reading databases from /opt/zimbra/clamav/db Mon Jun 4 19:37:12 2007 - +++ Started at Mon Jun 4 19:37:12 2007 Mon Jun 4 19:37:12 2007 - clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686) Mon Jun 4 19:37:12 2007 - Log file size limited to 20971520 bytes. Mon Jun 4 19:37:12 2007 - Reading databases from /opt/zimbra/clamav/db Mon Jun 4 19:38:59 2007 - +++ Started at Mon Jun 4 19:38:59 2007 Mon Jun 4 19:38:59 2007 - clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686) Mon Jun 4 19:38:59 2007 - Log file size limited to 20971520 bytes. Mon Jun 4 19:38:59 2007 - Reading databases from /opt/zimbra/clamav/db No errors and no crash messages. Privs are ok: drwxr-xr-x 2 zimbra zimbra4096 Jun 4 19:43 . drwxr-xr-x 9 zimbra zimbra4096 Jun 4 17:45 .. -rwxrwxr-- 1 zimbra zimbra 0 Jun 4 19:43 .dbLock -rw-r--r-- 1 zimbra zimbra 608128 Jun 4 19:12 daily.cvd -rw-r--r-- 1 zimbra zimbra 9351789 Jun 4 19:11 main.cvd -rw--- 1 zimbra zimbra 52 Jun 4 19:43 mirrors.dat And the file log is very small (fresh install) -rw-r--r-- 1 zimbra zimbra 21087 2007-06-05 00:34 /opt/zimbra/log/clamd.log And the process seems to be running, but frozen: [EMAIL PROTECTED]:~$ ps -ax | grep clamd Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html 20416 ?Rs 1:01 /opt/zimbra/clamav/sbin/clamd --config-file /opt/zimbra/conf/clamd.conf 20443 pts/0S+ 0:00 grep clamd I asked help on zimbra forums but still got no answers. Any idea? Thank you very much in advance, aNt1X ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freeze after reading db ?
Run clamconf and put the results here. The clamd is started with the option --config-file /opt/zimbra/conf/clamd.conf so i started the clamconf with the option --config-dir /opt/zimbra/conf/. Here is the output: [EMAIL PROTECTED]:~/clamav/bin$ ./clamconf --config-dir /opt/zimbra/conf/ /opt/zimbra/conf//clamd.conf: clamd directives - LogFile = /opt/zimbra/log/clamd.log LogFileUnlock = no LogFileMaxSize = 20971520 LogTime = yes LogClean = no LogVerbose = no LogSyslog = yes LogFacility = LOG_LOCAL0 PidFile = /opt/zimbra/log/clamd.pid TemporaryDirectory not set ScanPE = yes ScanELF = yes DetectBrokenExecutables = no ScanMail = yes MailFollowURLs = no MailMaxRecursion = 64 PhishingSignatures = yes AlgorithmicDetection = yes ScanHTML = yes ScanOLE2 = yes ScanPDF = no ScanArchive = yes ArchiveMaxFileSize = 104857600 ArchiveMaxRecursion = 8 ArchiveMaxFiles = 1000 ArchiveMaxCompressionRatio = 250 ArchiveLimitMemoryUsage = no ArchiveBlockEncrypted = no ArchiveBlockMax = no DatabaseDirectory = /opt/zimbra/clamav/db TCPAddr not set TCPSocket = 3310 LocalSocket not set MaxConnectionQueueLength = 15 StreamMaxLength = 1024 StreamMinPort = 1024 StreamMaxPort = 2048 MaxThreads = 10 ReadTimeout = 120 IdleTimeout = 30 MaxDirectoryRecursion = 15 FollowDirectorySymlinks = no FollowFileSymlinks = no ExitOnOOM = no Foreground = no Debug = no LeaveTemporaryFiles = no FixStaleSocket = no User = zimbra AllowSupplementaryGroups = no SelfCheck = 1800 VirusEvent not set NodalCoreAcceleration = no ClamukoScanOnAccess not set ClamukoScanOnOpen not set ClamukoScanOnClose not set ClamukoScanOnExec not set ClamukoIncludePath not set ClamukoExcludePath not set ClamukoMaxFileSize = 5242880 /opt/zimbra/conf//freshclam.conf: freshclam directives - LogVerbose = no LogSyslog = no LogFacility = LOG_LOCAL6 PidFile = /opt/zimbra/log/freshclam.pid DatabaseDirectory = /opt/zimbra/clamav/db Foreground = no Debug = no AllowSupplementaryGroups = no DatabaseOwner = zimbra Checks = 12 UpdateLogFile = /opt/zimbra/log/freshclam.log DNSDatabaseInfo = current.cvd.clamav.net DatabaseMirror = db.us.clamav.net MaxAttempts = 3 ScriptedUpdates = yes HTTPProxyServer not set HTTPProxyPort not set HTTPProxyUsername not set HTTPProxyPassword not set HTTPUserAgent not set NotifyClamd = /opt/zimbra/conf/clamd.conf OnUpdateExecute not set OnErrorExecute not set OnOutdatedExecute not set LocalIPAddress not set ConnectTimeout = 30 ReceiveTimeout = 30 [EMAIL PROTECTED]:~/clamav/bin$ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freeze after reading db ?
TCPAddr not set TCPSocket = 3310 I think I'd start here. It appears you have not updated your config file correctly. Very strange, because it is a fresh zimbra install into a fresh ubuntu, i usually don't have to modify ANY config file. Also, the comment in the config file says: # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled # By default we bind to INADDR_ANY, probably not wise. #TCPAddr 127.0.0.1 So, clamav shouldn't listen binding to INADDR_ANY? Also, isn't strange that after the Reading databases from... i don't get the following messages, like loaded signatures ? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freeze after reading db ?
Yes - I'd expected to see a wrong address there. It seems ok. So with clamd running, telnet to the port and tell it to reload (use upper case as shown) and see what you get in your log: telnet localhost 3310 RELOAD dp Ok. I tried to manually start clamd and telnet locally to it. I think i got it, while doing this test. It seems that manually starting Clamav is correctly listening on 3310, after nealy 1 minute of CPU consumption (it is an old pc). But if I tell zimbra to automatically start Clamav, it seems that some sort of timeout occours and Clamav is restarted by Zimbra every 1-2 minutes or so. I'll try to check if there is some sort of timeout. Thank you man, and sorry, but i thought it was a Clamav related problem, but now it seems that it is a timeout-related issue! :) Bye, and thanks again aNt1X ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] New freshclam error
- Original Message - From: aCaB [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Thursday, March 15, 2007 9:23 AM Subject: Re: [Clamav-users] New freshclam error Robert Isaac wrote: Ooops. Strange how we always look for the complicated and forget the basic simple things. ... like not to top post :) Sorry for the offense. -Marco ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] New freshclam error
edit freshclam.conf and comment out the word example. -Marco - Original Message - From: Robert Isaac [EMAIL PROTECTED] To: 'ClamAV users ML' clamav-users@lists.clamav.net Sent: Wednesday, March 14, 2007 10:08 AM Subject: [Clamav-users] New freshclam error I have removed all clamav/clamd and reinstalled the 0.90.1 rpms (DAG). When I run freshclam I get [EMAIL PROTECTED] etc]# freshclam ERROR: Please edit the example config file /etc/freshclam.conf. WARNING: You must specify at least one database mirror. This is what I have in freshclam.conf # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. DatabaseMirror db.gb.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror db.gb.clamav.net DatabaseMirror db.local.clamav.net Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.11/722 - Release Date: 3/14/2007 3:38 PM ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] 0.9 update libssl and libcrypto
ok, thanks a lot, it works. too bad for the automatical updates...(yum) Daniele Marco Bevar Mondo Rondo Web Factory http://www.mondorondo.com/ -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Henrik Krohns Envoyé : lundi, 19. février 2007 12:19 À : clamav-users@lists.clamav.net Objet : Re: [Clamav-users] 0.9 update libssl and libcrypto On Mon, Feb 19, 2007 at 10:53:34AM +0100, Dan wrote: Hi, I'm running clamav 0.88.7 on a FC5 for a OpenXchange mail server. Trying to update to .9 I see that it needs libssl.so.6 and libcrypto.so.6 (i'm working in .5) This means upgrading from mysql to cyrus and postfix, openssl, httpd and perl, openldap and almost everything. OpenXchange install is so fragile...is it there any workaround to leave actual .5 libs for everything, and .6 for clamav? Thanks for your help ClamAV does nothing with SSL. Curl does, so just compile without it (it has no other use than the bad URL downloading feature). configure --with-libcurl=no Cheers, Henrik ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] some trouble using clamscan options...
Mandi! Marco Gaiarin In chel di` si favelave... as it is a pattern, not a path, might work ;-) Ok, works. But as i've stated yesterday, if some user create a ``quarantena'' folder somewhere, that folder are not scanned. This is not so good... There's some way that i can match an exact path? Some ``standard'' regular expression library are used, like ereg, or shell globbing, ... that i can start playing with? I've fiddled a bit within... seems that path specified in --exclude-dir are relative, not absolute, so if you have to scan /srv and exclude /srv/quarantena, you have to do: clamscan --recursive --exclude-dir=/quarantena /srv and not clamscan --recursive --exclude-dir=/srv/quarantena /srv as i was supposing. This is rather suboptimal, because every user can create a quarantena user and match occur. The only solution seems to create a quarantena folder out of scan path, but why there's a --exclude-dir options? ;) Also, i've noted that even if i've put --no-mail, this script quarantine a Thunderbird mailbox, that is in unix mailbox format. What i'm missing here? i'm doing something wrong or can i do something to prevent the --no-mail to fail? Still no answer... i'll put on CC the bugreport address of clamav, hoping help. trinity:/srv/quarantena# file arrivo.mbx arrivo.mbx: ISO-8859 mail text, with CRLF line terminators trinity:/srv/quarantena# clamscan --no-mail arrivo.mbx arrivo.mbx: JS.Fortnight.B.1 FOUND --- SCAN SUMMARY --- Known viruses: 44053 Engine version: 0.88 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.38 MB Time: 0.726 sec (0 m 0 s) I've tried to scan unix mailboxes, seems that the trouble came from the windows CRLF termination, as: trinity:/srv/quarantena# file /home/gaio/.inbox /home/gaio/.inbox: ASCII mail text trinity:/srv/quarantena# clamscan /home/gaio/.inbox /home/gaio/.inbox: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 44053 Engine version: 0.88 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Time: 0.532 sec (0 m 0 s) trinity:/srv/quarantena# clamscan --no-mail /home/gaio/.inbox /home/gaio/.inbox: OK --- SCAN SUMMARY --- Known viruses: 44053 Engine version: 0.88 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.01 MB Time: 0.536 sec (0 m 0 s) trinity:/srv/quarantena# clamscan --version ClamAV 0.88/1281/Wed Feb 8 20:59:33 2006 from a debian sarge, taken from volatile. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] some trouble using clamscan options...
Mandi! Bob Hutchinson In chel di` si favelave... try --exclude-dir=quarantena as it is a pattern, not a path, might work ;-) Ok, works. But as i've stated yesterday, if some user create a ``quarantena'' folder somewhere, that folder are not scanned. This is not so good... There's some way that i can match an exact path? Some ``standard'' regular expression library are used, like ereg, or shell globbing, ... that i can start playing with? And again: Also, i've noted that even if i've put --no-mail, this script quarantine a Thunderbird mailbox, that is in unix mailbox format. What i'm missing here? i'm doing something wrong or can i do something to prevent the --no-mail to fail? Many thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Issues with clamav 0.88 on Solaris 7
Mandi! Nicolas MacPherson In chel di` si favelave... I don't understand how to work around this issue. When these start You have restarted clamd? Some month ago (not 0.88 version) i've found clamd ``stalled'', like this. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] some trouble using clamscan options...
I'm tring to build up some sort of ``system scan'' script that, nightly, scan all my debian/samba servers and report infections. Script works, but i've some strange result, or at least probably i've not understood well the clamscan command line options. I start clamscan with a cmdline like: clamscan --quiet --stdout --recursive --infected --no-mail \ --exclude-dir=/srv/quarantena --move=/srv/quarantena \ --log=/var/log/sysscan.log /home /srv and AFAI've understood well, the --exclude-dir excludes directory patterns from the scannning process. But i find in log: /home/user/.profile9x/Application Data/sgrunt/IE4321.exe: Dialer-319 FOUND /home/user/.profile9x/Application Data/sgrunt/IE4321.exe: moved to '/srv/quarantena//IE4321.exe.000' [...] /srv/quarantena/IE4321.exe.000: Dialer-319 FOUND File excluded '/srv/quarantena/IE4321.exe.000' So seems that --exclude-dir apply not to scanning, but to moving... Can i tackle log the report sum script to ignore row like these, but i'd prefere not to scan --exclude-dir ... clamav is a powerful tool, a wonderful antivirus, but a bit slow... Also, i've noted that even if i've put --no-mail, this script quarantine a Thunderbird mailbox, that is in unix mailbox format. What i'm missing here? trinity:~# clamscan --version ClamAV 0.88/1278/Mon Feb 6 12:05:04 2006 debian sarge, taken from volatile, daily upgrade. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] some trouble using clamscan options...
Mandi! Bob Hutchinson In chel di` si favelave... --exclude-dir=quarantena as it is a pattern, not a path, might work ;-) Ok i'll try. But in this way some user can fake the scan simply putting a file in a ``quarantena'' folder... There's some way i can put an exact path? / is a special char tha i've to escape with \/?! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.88 upgrade failed on ubuntu
Hi everybody, I am running Ubuntu Breezy. I have tried to upgrade ClamAV to 0.88 form 0.87 through Synaptic, but the (needed) libgmp3 has been renamed by Ubuntu people to libgmp3c2. Is there anything I can do to resolve the dependence? Best regards marco ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan doens't recognize virus
Tomasz Papszun wrote: On Thu, 22 Sep 2005 at 18:45:25 +0200, Marco Berizzi wrote: AAAHH!!! Find! ;-) Here is the option: ArchiveMaxFileSize 500k Commenting this option has solved the problem. I really don't undestand. Nor do I. I have seen the value you use and verified that the file is only 77 KB big (even after extracting from the zipfile, as it's just stored, not compressed). So 500k should be sufficient! You may want to verify everything once again, try to find the threshold of ArchiveMaxFileSize below which the detection fails Setting ArchiveMaxFileSize = 512k will detect the virus. and report the bug according to http://www.clamav.net/bugs.html#pagestart . done ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan doens't recognize virus
Tomasz Papszun wrote: On Thu, 22 Sep 2005 at 11:09:07 +0200, Marco Berizzi wrote: David Filion wrote: Marco Berizzi wrote: Hello everybody. I'm using clam 0.87 with mimedefang. This moring a virus has been slipped through. This is the output from clamdscan: /tmp/photo.zip: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.143 sec (0 m 0 s) and this is the output from clamscan: photo.zip: Trojan.W32.PWS.Prostor.A FOUND --- SCAN SUMMARY --- Known viruses: 40212 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.20 MB Time: 5.939 sec (0 m 5 s) Clearly clamd doesn't recognize it as a virus. Hints? Did you specify --daemon-notify when you ran/run freshclam? Waiting for the daemon to notice the change and update itself seems to take a while. Yes, I run freshclam --daemon-notify. I have also restarted both freshclam and clamd. Trojan.W32.PWS.Prostor.A signature was added to the database in April 2005, so it's not the matter of delaying in noticing the updated database. Unless you have some very old database somewhere and clamd using it. Recent virus are catched (see clamd.log below). But you may want to verify that there are no some forgotten clamd.conf files in the system and, generally, files from old clamav installation. no. Only one /etc/clamd.conf As you can see clamd is *working* and it is cacthing viruses. Only that stupid zip is slipping throught. Running clamdscan with eicar test file is fine as you can see in the follwing clamd.log file: +++ Started at Thu Sep 22 10:56:33 2005 clamd daemon 0.87 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 1048576 bytes. Verbose logging activated. Running as user defang (UID 500, GID 500) Reading databases from /usr/share/clamav Protecting against 40343 viruses. Unix socket file /var/spool/MIMEDefang/clamd.sock Setting connection queue length to 15 Listening daemon: PID: 8037 Archive: Archived file size limit set to 512000 bytes. Archive: Recursion level limit set to 8. Archive: Files limit set to 10. Archive: Compression ratio limit set to 200. Archive support enabled. Archive: RAR support disabled. Portable Executable support enabled. Mail files support enabled. OLE2 support enabled. HTML support enabled. Self checking every 1800 seconds. /var/spool/MIMEDefang/mdefang-j8M98Fd3008197/Work/msg-7825-12.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M98Mn6008199/Work/msg-7825-14.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M995lv008204/Work/msg-7825-16.scr: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9BFkL008217/Work/msg-7825-23.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9CZLc008253/Work/msg-7825-38.cmd: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9FN12008260/Work/msg-7825-41.bat: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9J8Dk008276/Work/msg-7825-46.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9KNa8008280/Work/msg-7825-48.pif: Worm.Mytob.AU FOUND /tmp/CLAM/eicar.com.vir: Eicar-Test-Signature FOUND /var/spool/MIMEDefang/mdefang-j8M9NpAb008309/Work/msg-7825-53.zip: Worm.Mytob.AU FOUND No stats for Database check - forcing reload Reading databases from /usr/share/clamav Database correctly reloaded (40343 viruses) /var/spool/MIMEDefang/mdefang-j8M9XjFV008390/Work/msg-7825-72.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9afUc008439/Work/msg-7825-89.pif: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9cgd3008473/Work/msg-7825-99.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9dUfP008481/Work/msg-7825-102.zip: Worm.Mytob.AU FOUND /var/spool/MIMEDefang/mdefang-j8M9dVFC008482/Work/msg-7825-104.pif: Worm.Mytob.AU FOUND /tmp/CLAM/eicar.com.vir: Eicar-Test-Signature FOUND ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan doens't recognize virus
AAAHH!!! Find! ;-) Here is the option: ArchiveMaxFileSize 500k Commenting this option has solved the problem. I really don't undestand. If you find something you believe is a bug, please report. Thanks a lot. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan doens't recognize virus
Umm..i wouldnt comment it. You might want to just consider raising the limit. Its there for a reason. True. I have upgraded to 1000k ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamdscan doens't recognize virus
Hello everybody. I'm using clam 0.87 with mimedefang. This moring a virus has been slipped through. This is the output from clamdscan: /tmp/photo.zip: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.143 sec (0 m 0 s) and this is the output from clamscan: photo.zip: Trojan.W32.PWS.Prostor.A FOUND --- SCAN SUMMARY --- Known viruses: 40212 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.20 MB Time: 5.939 sec (0 m 5 s) Clearly clamd doesn't recognize it as a virus. Hints? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan doens't recognize virus
attack. #Never use it on loaded servers. # Default: disabled #MailFollowURLs ## ## HTML ## # Perform HTML normalisation and decryption of MS Script Encoder code. # Default: enabled #ScanHTML ## ## Archives ## # ClamAV can scan within archives and compressed files. # Default: enabled ScanArchive # Due to license issues libclamav does not support RAR 3.0 archives (only the # old 2.0 format is supported). Because some users report stability problems # with unrarlib it's disabled by default and you must uncomment the directive # below to enable RAR 2.0 support. # Default: disabled #ScanRAR # The options below protect your system against Denial of Service attacks # using archive bombs. # Files in archives larger than this limit won't be scanned. # Value of 0 disables the limit. # Default: 10M ArchiveMaxFileSize 500k # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how # deep the process should be continued. # Value of 0 disables the limit. # Default: 5 #ArchiveMaxRecursion 8 # Number of files to be scanned within an archive. # Value of 0 disables the limit. # Default: 1000 ArchiveMaxFiles 10 # If a file in an archive is compressed more than ArchiveMaxCompressionRatio # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip) # Value of 0 disables the limit. # Default: 250 ArchiveMaxCompressionRatio 200 # Use slower but memory efficient decompression algorithm. # only affects the bzip2 decompressor. # Default: disabled #ArchiveLimitMemoryUsage # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). # Default: disabled #ArchiveBlockEncrypted # Mark archives as viruses if ArchiveMaxFiles, ArchiveMaxFileSize, or # ArchiveMaxRecursion limit is reached. # Default: disabled #ArchiveBlockMax ## ## Clamuko settings ## WARNING: This is experimental software. It is very likely it will hang ## up your system!!! ## # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. # Default: disabled #ClamukoScanOnAccess # Set access mask for Clamuko. # Default: disabled #ClamukoScanOnOpen #ClamukoScanOnClose #ClamukoScanOnExec # Set the include paths (all files in them will be scanned). You can have # multiple ClamukoIncludePath directives but each directory must be added # in a seperate line. # Default: disabled #ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. # Default: disabled #ClamukoExcludePath /home/guru # Don't scan files larger than ClamukoMaxFileSize # Value of 0 disables the limit. # Default: 5M #ClamukoMaxFileSize 10M # FIXME: Add support for other directives. #ClamukoScanArchive Marco Berizzi wrote: Hello everybody. I'm using clam 0.87 with mimedefang. This moring a virus has been slipped through. This is the output from clamdscan: /tmp/photo.zip: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.143 sec (0 m 0 s) and this is the output from clamscan: photo.zip: Trojan.W32.PWS.Prostor.A FOUND --- SCAN SUMMARY --- Known viruses: 40212 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.20 MB Time: 5.939 sec (0 m 5 s) Clearly clamd doesn't recognize it as a virus. Hints? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Easiest setup for ClamAV and procmail
Kelly Corbin wrote: I did a lot of searching around but didn't see anything that simple. Is it possible? If not, what's the lightest weight RPMified app to add to do this? I use ClamAssassin for that: http://drivel.com/clamassassin/ No RPM AFAIK, but the setup looks like this: :0fw: clamassassin.lock | /usr/local/bin/clamassassin *Exactly* like spamc, and puts X-Virus headers in mails like this: X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.2 with clamdscan / ClamAV 0.85.1/907/Thu Jun 2 14:50:12 2005 When there is a virus in the mail, the X-Virus-Status will be Yes and the name of the virus put in. -- Regards, Marco. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ERROR: Can't query current.cvd.clamav.net
Stephen Gran wrote: This is indeed your problem. Probably the problem is that your DNS is not returning the text record, but returning host not found. Correct. The 'DNS server' (such as it is) in an Alcatel Speedtouch only resolves A records. Any other type returns host not found. I got bitten by it when running a mail server trying to resolve MX records. -- Regards, Marco. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] freshclam 0.80 on FreeBSD hanging
Jason Hammerschmidt wrote: tailing the log files while also running the command in verbose mode. Any ideas why it hangs? Is it checking but not logging or telling me? wmail1# freshclam -v -c 48 It's doing exactly whet you told it to do, just not what you *want* it to :-). To have it stay active and check every 30 minutes, add the '-d'/'--deamon' option. -- Regards, Marco. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] freshclam 0.80 on FreeBSD hanging
Jason Hammerschmidt wrote: To have it stay active and check every 30 minutes, add the '-d'/'--deamon' option. But with that option, according to the logs, it looks as if freshclam just stops checking and updating. If it truly does check a few times and then stops doing it, that's weird. Do you use LogVerbose? I do, so I don't know what it does or doesn't log when you don't. Perhaps someone else can chip in with that. I do know that the bit about the '-d' option needing '--checks' is false; it doesn't. At least not here; it will run fine without it and do exactly what you would expect: read freshclam.conf and follow the 'Checks' directive in there, or run at 12 checks a day (de default) if it isn't defined. --- Regards, Marco. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Clamuko can delete file ??..
Can Clamuko delete a file when it's intercepted??. I think NO but someone have make a script to do that??. Regards
[Clamav-users] VirusEvent and %f
I read that %f show me the path of the file infected Is it really??. I have try to do that but don't work. Only %v works. VirusEvent echo %f %v |smbclient -M mpompei Only the name of the virus is reported plus %f. Hi Marco
Re: [Clamav-users] ClamAV + P3Scan problem
Willem Kossen wrote: Hi, I'm probably missing something simple, but I've got this problem: I'm running p3scan (which is a pop3 virusscanning proxy) with ClamAV 0.74. 1. i know clamav works because with mailscanner it works 2. i know clamd works because interactively i can scan files using clamd and get results but with p3scan it doesn't work. the error is of p3scan is: Hi, i have another problem with p3scan, this problem is that make a kind of bucle with the pop messages and the same messages come for less 3 time, anyone know how fix this problem? -- Marco Salgado Arellano counter.li.org #295511 Estudiante Ing. Civil Informatica - UTFSM Cel.: 0-93124689 to code is to suffer, and suffering is the way to ilumination,therefore to code is a bless... --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Update
I've received the warning about the outdated version of my clamav-0.67 too. For install the new clamav-0.70.tar.gz do I need to uninstall the first one and after install the new one, or just install the last version over 0.67?? Thanks, Marco. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Update Clamav
I've received the warning about the outdated version of my clamav-0.67 too. For install the new clamav-0.70.tar.gz do I need to uninstall the first one and after install the new one, or just install the last version over 0.67?? Thanks, Marco. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users