Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Thu, 16 Oct 2008 17:41:50 -0700 John Rudd [EMAIL PROTECTED] wrote: Do you have any thoughts about how we can get the stats to you, so that you can use them, without bypassing our mechanism for ensuring consistent and safe updating of our virus signatures? There's a special option in freshclam (--submit-stats, currently deactivated) which could help here. When this option is used, fresclam only submits the statistics *without* touching the database files. You could just run freshclam --submit-stats=/path/to/clamd.conf on the hosts that get real traffic. Would that work for you? (if so, we will activate this option in 0.94.1-final). Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Oct 17 08:13:26 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On 2008-10-17 05:11, René Berber wrote: Nigel Horne wrote: 0.94.1 RC1 was published on schedule yesterday. [snip] Has anyone seen a problem testing with the contents of test/.split? In particular 'clamscan test/.split/split.clam.exe.htmlaa' just holds the CPU at 100% for a long time... I've killed it on two runs. Scanning test/.split works here: --- SCAN SUMMARY --- Known viruses: 446984 Engine version: 0.94.1rc1 Scanned directories: 1 Scanned files: 70 Infected files: 0 Data scanned: 0.59 MB Time: 1.278 sec (0 m 1 s) What OS/compiler are you using? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
There's a special option in freshclam (--submit-stats, currently deactivated) Hi Tomasz, from how I'd use it here, it'd certainly be a good idea to enable this option. As a side note, for users of the windows port... they'd normally run freshclam damonised... and then could run the special freshclam --submit-stats option every hour (for example) in a seperate job/process. Just a quick question.. are these stats only for HQ viewing or will there be a public version at some point, as well? Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Fri, 17 Oct 2008 07:41:52 +0100 (BST) Steve Basford [EMAIL PROTECTED] wrote: There's a special option in freshclam (--submit-stats, currently deactivated) Hi Tomasz, from how I'd use it here, it'd certainly be a good idea to enable this option. As a side note, for users of the windows port... they'd normally run freshclam damonised... and then could run the special freshclam --submit-stats option every hour (for example) in a seperate job/process. Thanks for your feedback! Just a quick question.. are these stats only for HQ viewing or will there be a public version at some point, as well? They will be also available (in some nice form) on www.clamav.net -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Oct 17 08:43:49 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Török Edwin wrote: Scanning test/.split works here: Thanks, I'm probably hitting an obscure system bug... What OS/compiler are you using? ...in unsupported Cygwin. Almost everything else seems to work, exceptions being 'clamscan --debug', and the programs used to check the build. I'll check on Solaris later. -- René Berber ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Tomasz Kojm wrote: On Thu, 16 Oct 2008 17:41:50 -0700 John Rudd [EMAIL PROTECTED] wrote: Do you have any thoughts about how we can get the stats to you, so that you can use them, without bypassing our mechanism for ensuring consistent and safe updating of our virus signatures? You could just run freshclam --submit-stats=/path/to/clamd.conf on the hosts that get real traffic. Would that work for you? It would if I was using clamd... which I don't. I use the clamav libraries via perl. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Thu, Oct 16, 2008 at 09:11:16PM -0500, René Berber wrote: Has anyone seen a problem testing with the contents of test/.split? In particular 'clamscan test/.split/split.clam.exe.htmlaa' just holds the CPU at 100% for a long time... I've killed it on two runs. no problem here: test/.split/split.clam.exe.htmlaa: OK --- SCAN SUMMARY --- Known viruses: 526908 Engine version: 0.94.1rc1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Time: 2.121 sec (0 m 2 s) real0m2.220s user0m1.924s sys 0m0.144s on: vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Xeon(R) CPU E5320 @ 1.86GHz stepping: 11 cpu MHz : 1861.992 cache size : 4096 KB -- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Compiles cleanly on OpenBSD 4.3 Release i386 on AMD Opteron Best regards, Walter. signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Nigel Horne wrote: Folks, We are pleased to announce the availability of the first release candidate for ClamAV 0.94.1. 0.94.1RC1 is scheduled for release on Wednesday (15/10/08). Nigel, Everything works on gcc-3.3.6 with Redhat FC1. I managed to install check and perform the checks with success. Log below... [EMAIL PROTECTED] clamav-0.94.1rc1]# make check Making check in libclamunrar make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar' Making check in libclamunrar_iface make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar_iface' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar_iface' Making check in libclamav make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make check-recursive make[2]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' Making check in lzma make[3]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav/lzma' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav/lzma' Making check in . make[3]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make[3]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make[2]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' Making check in clamscan make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamscan' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamscan' Making check in clamd make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamd' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamd' Making check in clamdscan make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamdscan' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamdscan' Making check in freshclam make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/freshclam' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/freshclam' Making check in sigtool make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/sigtool' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/sigtool' Making check in clamconf make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamconf' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamconf' Making check in database make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/database' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/database' Making check in docs make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/docs' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/docs' Making check in etc make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/etc' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/etc' Making check in clamav-milter make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamav-milter' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamav-milter' Making check in test make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/test' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/test' Making check in unit_tests make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' make check_clamav check_clamd.sh check_freshclam.sh check_sigtool.sh check_clamscan.sh valgrind_tests.sh efence_tests.sh duma_tests.sh make[2]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' make[2]: `check_clamav' is up to date. make[2]: Nothing to be done for `check_clamd.sh'. make[2]: Nothing to be done for `check_freshclam.sh'. make[2]: Nothing to be done for `check_sigtool.sh'. make[2]: Nothing to be done for `check_clamscan.sh'. make[2]: Nothing to be done for `valgrind_tests.sh'. make[2]: Nothing to be done for `efence_tests.sh'. make[2]: Nothing to be done for `duma_tests.sh'. make[2]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' make check-TESTS make[2]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' Running suite(s): cl_api cli jsnorm str regex disasm unique matchers
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Fri, Oct 17, 2008 at 08:19:54AM +0200, Tomasz Kojm wrote: On Thu, 16 Oct 2008 17:41:50 -0700 John Rudd [EMAIL PROTECTED] wrote: Do you have any thoughts about how we can get the stats to you, so that you can use them, without bypassing our mechanism for ensuring consistent and safe updating of our virus signatures? There's a special option in freshclam (--submit-stats, currently deactivated) which could help here. When this option is used, fresclam only submits the statistics *without* touching the database files. You could just run freshclam --submit-stats=/path/to/clamd.conf on the hosts that get real traffic. Would that work for you? (if so, we will activate this option in 0.94.1-final). That would certainly work for us. We have the same setup: two freshclam config master hosts that push changes out to the production systems. -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
For details of the new features please refer to the Changelog. For an overview please refer to http://www.clamav.net/press/0.94.1-WhatsNew.pdf. Nigel, does the stats sent... only send information regarding ClamAV default signatures (when detected)... or does this also include detections by Third-Party signature names, such as MSRBL, MBL and Sanesecurity ones? Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Steve Basford wrote: For details of the new features please refer to the Changelog. For an overview please refer to http://www.clamav.net/press/0.94.1-WhatsNew.pdf. Nigel, does the stats sent... only send information regarding ClamAV default signatures (when detected)... or does this also include detections by Third-Party signature names, such as MSRBL, MBL and Sanesecurity ones? Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml I haven't had the time to check the source code. How does it send it? What protocol and port, to which servers? Anything that firewall admins will need to be aware of? Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: [EMAIL PROTECTED] Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Thu, 16 Oct 2008 13:43:12 +0100 Randal, Phil [EMAIL PROTECTED] wrote: I haven't had the time to check the source code. How does it send it? What protocol and port, to which servers? Anything that firewall admins will need to be aware of? It sends information about a file name, malware name and time to stats.clamav.net using HTTP (POST) port 80. HTH, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Oct 16 14:52:57 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Tomasz Kojm wrote: On Thu, 16 Oct 2008 13:43:12 +0100 Randal, Phil [EMAIL PROTECTED] wrote: I haven't had the time to check the source code. How does it send it? What protocol and port, to which servers? Anything that firewall admins will need to be aware of? It sends information about a file name, malware name and time to stats.clamav.net using HTTP (POST) port 80. HTH, Fabulous, thanks very much for the rapid reply. Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: [EMAIL PROTECTED] Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Folks, 0.94.1 RC1 was published on schedule yesterday. For details of the new features please refer to the Changelog. For an overview please refer to http://www.clamav.net/press/0.94.1-WhatsNew.pdf. We encourage as many people as possible to test this release candidate by downloading it from www.clamav.net. If you don't have access to a test machine you can still help by downloading it and checking for us that it compiles and links on your platform. If you do have a test machine/model/network please help us by loading ClamAV 0.94.1RC1 and testing. All bug reports should be filed at http://bugs.clamav.net. We also encourage all 3rd party developers of products and distribution/port maintainers to download and check this update so that you can go live as soon as the final version is released. Thank you for your continued support and help, -Nigel -- Nigel Horne, [EMAIL PROTECTED] Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +44 1226 241048 or +1 706 705 4022 FAX: +44 870 705 9334, Skype: nigelhorne ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Thu, 16 Oct 2008 13:20:27 +0100 (BST) Steve Basford [EMAIL PROTECTED] wrote: For details of the new features please refer to the Changelog. For an overview please refer to http://www.clamav.net/press/0.94.1-WhatsNew.pdf. Nigel, does the stats sent... only send information regarding ClamAV default signatures (when detected)... or does this also include detections by Third-Party signature names, such as MSRBL, MBL and Sanesecurity ones? Freshclam also submits information about detections with 3rd party signatures. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Oct 16 14:30:11 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Tomasz Kojm wrote: On Thu, 16 Oct 2008 13:43:12 +0100 Randal, Phil [EMAIL PROTECTED] wrote: I haven't had the time to check the source code. How does it send it? What protocol and port, to which servers? Anything that firewall admins will need to be aware of? It sends information about a file name, malware name and time to stats.clamav.net using HTTP (POST) port 80. HTH, That is just one host. Does the connection die gracefully if that host is unavailable? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
up and running in 5m on FreeBSD 4.8 :-) +++ Started at Thu Oct 16 21:48:29 2008 Thu Oct 16 21:48:29 2008 - clamd daemon 0.94.1rc1 (OS: freebsd4.8, ARCH: i386, CPU: i386) Thu Oct 16 21:48:29 2008 - Running as user clamav (UID 1028, GID 1001) freshclam.conf + # When enabled freshclam will submit statistics to the ClamAV Project about # the latest virus detections in your environment. The ClamAV maintainers # will then use this data to determine what types of malware are the most # detected in the field and in what geographic area they are. # This feature requires LogTime and LogFile to be enabled in clamd.conf. # Default: no SubmitDetectionStats /usr/local/etc/clamd.conf su-2.05a# freshclam --debug -v Current working dir is /usr/local/share/clamav Max retries == 3 ClamAV update process started at Thu Oct 16 21:54:55 2008 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 426 Software version from DNS: 0.94 main.cvd version from DNS: 48 main.cld is up to date (version: 48, sigs: 399264, f-level: 35, builder: sven) daily.cvd version from DNS: 8435 daily.cld is up to date (version: 8435, sigs: 48057, f-level: 35, builder: ccordes) SubmitDetectionStats: Submitted 50 records very nice Matthias ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Nigel Horne wrote: Folks, 0.94.1 RC1 was published on schedule yesterday. Built fine but installed with errors on Solaris 9. Solaris has obsoleted ranlib but has a stub file, /usr/ccs/bin/ranlib. Configure found it and of course it failed. I renamed it and clamav built and installed fine. Running diff on the new config files and old config files did not reveal any new options. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Thu, Oct 16, 2008 at 03:51:32PM -0700, Dennis Peterson said: Running diff on the new config files and old config files did not reveal any new options. Freshclam has one new option, disabled by default - fairly harmless for upgrades, but useful for redistributors to note if they handle that sort of thing in maintainer scripts. -- -- | Stephen Gran | The way some people find fault, you'd | | [EMAIL PROTECTED] | think there was some kind of reward.| | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Stephen Gran wrote: On Thu, Oct 16, 2008 at 03:51:32PM -0700, Dennis Peterson said: Running diff on the new config files and old config files did not reveal any new options. Freshclam has one new option, disabled by default - fairly harmless for upgrades, but useful for redistributors to note if they handle that sort of thing in maintainer scripts. I failed to indicate no new options turned on by default - those are the ones that seem to create problems for some folks. The new stats option actually requires a bit of effort to get going if one is logging to syslog. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Tomasz Kojm wrote: Freshclam also submits information about detections with 3rd party signatures. We only have one host in our environment that does freshclam (or any of the other virus signature update mechanisms). It verifies the validity of the data (makes sure nothing will die as a result, etc.), and then pushes the new data out into a shared data space for the other hosts to pick up. This is done both for our own internal safety/sanity check AND to ensure all of our production hosts get the same data at the same time. It also means that no matter how many production hosts we have, we only impact each signature site with one database refresh per update cycle. The host in question doesn't get much (if any) traffic, except when we're running tests. So, even then, it only gets synthetic traffic, not real traffic. Meanwhile, the hosts that get real traffic don't run freshclam at all. Nor do we want those hosts to ever run freshclam (at least, we don't want them to ever run freshclam for the purpose of receiving new virus signatures). Do you have any thoughts about how we can get the stats to you, so that you can use them, without bypassing our mechanism for ensuring consistent and safe updating of our virus signatures? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Nigel Horne wrote: 0.94.1 RC1 was published on schedule yesterday. [snip] Has anyone seen a problem testing with the contents of test/.split? In particular 'clamscan test/.split/split.clam.exe.htmlaa' just holds the CPU at 100% for a long time... I've killed it on two runs. -- René Berber ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Thu, 16 Oct 2008 17:41:50 -0700, John Rudd wrote Tomasz Kojm wrote: Freshclam also submits information about detections with 3rd party signatures. We only have one host in our environment that does freshclam (or any of the other virus signature update mechanisms). Same here. Also with this setup we get logwatch warning messages as follows: - clam-update Begin No updates detected in the log for the freshclam daemon (the ClamAV update process). If the freshclam daemon is not running, you may need to restart it. Other options: A. If you no longer wish to run freshclam, deleting the log file (default is freshclam.log) will suppress this error message. B. If you use a different log file, update the appropriate configuration file. For example: echo LogFile = log_file /etc/logwatch/conf/logfiles/clam-update.conf where log_file is the filename of the freshclam log file. C. If you are logging using syslog, you need to indicate that your log file uses the syslog format. For example: echo *OnlyService = freshclam /etc/logwatch/conf/logfiles/clam-update.conf echo *RemoveHeaders /etc/logwatch/conf/logfiles/clam-update.conf -- clam-update End - In spite of following the suggestions, these message still come out every day. We are not running clamd on this server. Could it be that logwatch is checking for something produced by clamd instead of freshclam? -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu One-armed Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml