should search for ClamWin return codes and research it
that way.
It is much faster by the way to have the clamd service running and
use clamdscan. I wrote a program
http://www.smartbusiness.com/imail/declude/ to keep clamd running
but you could probably use srvany or any similar thing.
you are
using that version anyway.
---
Terry Fritts
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".
> Forgive me if I'm naive, but what does a local virus scanner have to
> do with TCP/IP?
I'll write how I understand it. In the case being discussed we have
ClamD running as a service under Windows. When clamdscan is called
to actually scan a file then that instance of clamdscan communicate
> it looks like the genesis of the problem is that clam started
> timing out.
It may be but I haven't been able to force it to happen so far. For
me this is the first instance of this in more than one year.
I am suspicious that it could be a Windows socket issue which is why
I've changed
> I do have some weird log lines on one of the machines:
Those look okay to me.
> There are 57 on one box and 80 on another. Every time I click on of
> the files, I get a simple "Access Denied" error even though ALL clam
> processes are stopped and I'm running under a Domain Admin account.
> I can't find anything in the event or application logs that looks bad
> around this time either.
I can't either.
I've switched my clamd.conf file settings to run on TCP/IP rather
than local socket. In the clamd.log file there were accept() errors
recorded when this occurs which is a soc
I don't know why this is happening yet but it is happening for others,
too. Google for "instances of clamdscan.exe" - but nothing so far
to indicate why or what to do about it.
I wonder if it is happening when the database is being updated.
---
Terry Fritts
---
This E-mai
> At one point on each
> machine started getting these errors in the Declude Virus file:
>
> 06/04/2005 14:06:54 Qed820cb43917 ERROR: Virus scanner 2 didn't
> finish after 60 seconds; terminating.
> 06/04/2005 14:06:54 Qed820cb43917 WARNING: Couldn't remove .vir
> directory o:\spool\Ded82
cause on
our XMAIL server we track the speeds for FPROT as we do ClamAV)
Brian Burns of sosdg.org deserves a lot of credit for his work on
ClamAV for windows.
---
Terry Fritts
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMA
> It took a reboot of both machines to fix the problem. On one I had 288
> process running which fouls everything else up. Clam is SCANNER2
>
> Any ideas?
What did the runclamscan log report if anything? What kind of times
are you seeing in it for the actual scanning?
The only time I've
> How can I figure out if freshclam is grabbing the latest defs?
I set up a scheduled task update_clamav to run every 2 hours or so:
start in: c:\clamav-devel\bin\
run: freshclam.exe --quiet -l c:\clamav-devel\log\freshclam.log
Then I can check the freshclam.log file.
> I have "Rundclamd" runn
clamdscan
http://www.smartbusiness.com/imail/declude/
Set up a scheduled task to periodically run freshclam to keep the
database update.
Works extremely well for us.
---
Terry Fritts
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
typ
My programs are available for download at:
http://www.smartbusiness.com/imail/declude/
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mai
0222a6ae File(s) are INFECTED
[[Microsoft GDIPlus.DLL JPEG Vulnerability]: 0]
This was a jpg.
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail t
ClamAV is no longer using the old style database as of Sep 1 2004.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declud
> Also, I have temporarily blocked all zip files, as I am seeing quite a few
> that are not being caught by banned extension or F-Prot or AVG. I am
> investigating these.
The ones I am seeing appear to be virus laden but would require the
user to unzip them and to take additional action to ac
t work if all you have purchased is
CmdLine scanner.
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "
nd
4.1.6.0 neither one fail with 4366 dat or the dat files from
dailyscan.zip.
But thanks for sharing that link last night.
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.
time. Also using Fprot
and ClamAV and have extremely good results with both. Really with
cost consideration Fprot has to be one of my favorites.
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing
I've written a couple of utilities for clamav that we thought we'd
share.
runclamd - an nt service that keeps the windows port of the clamd
service running. command line options for install, start, stop,
remove. Using clamd results in much better scanning time.
runclamscan - a wrapper pro
ram does some spam checking including a call to the
sniffer engine.
I don't do a lot of stuff that declude does however.
As for the daemon issue I'm going to look a that and see if I can
figure some way to keep the thing loaded - just no time today.
Terry Fritts
---
[This E-mail was scanned
oesn't
do everything so I began catching more when I added my own demime.
NAI and clamav are both worthless without demime.
When I have to write this stuff myself it makes me appreciate
declude a lot!
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http:/
> BTW, run clamd.exe and clamdscan.exe and notice a difference in
> speed
Charles,
Did you start clamd and then leave the server logged on?
Terry
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
u
> After this there was another error, that I've solved after Terry's tipp to
> create the c:\tmp folder.
> At them moment I've a problem with freshclam (MD5 error)
> So I downloaded all the updates manualy from an mirror.
> I fear after the next available update I will have this error again. B
> LibClamAV Error: cli_cvdload(): Can't create temporary directory
> /tmp/ccb31b8aace2b2fc
> ERROR: Unable to create temporary directory.
Oh I'm sorry - I had this problem.
Create a C:\tmp directory is easiest solution.
---
[This E-mail was scanned for viruses by Declude Virus (http://w
> I am definitely leaving it as an additional scanner on my
> system.
Besides that they gave me credit for uploading a virus! Made me
feel good - like I was actually doing something instead of just
hunkering down!
I need to read this stuff about creating your own virus signatures.
Tha
d an additional scanner.
Only real disadvantage I see is the virus name and that's not too
significant.
Terry Fritts
Log Snippet:
===
13:10:24 Scanner 1: Virus=: W32/[EMAIL PROTECTED]
13:10:25 Scanner 2: Virus= the W32/[EM
27 matches
Mail list logo