Hello!
I have had freshclam mangle the DB a number of times, and when it does,
clamd will freak out until the next successful DB update fixes things,
which may be several hours. For this reason, I do not run clamd as a
service, but as a process in a window which is started with a script
that loops. When clamd resets for a new (mangled) DB, the script will
delete and refresh all of the DB's and then restart clamd. A side
benefit is that you can also pull up the clamd windows to see its output.
Take care!
John
On 4/29/2010 11:10 PM, Michael Cummins wrote:
When I set up Clam earlier today, I was able to run it from the command line
and test it against an EICAR file, get a response, etc. I saw it fail
against the bad database and succeed when properly configured. I imagine
that I could easily schedule that, pipe the results to a text file and
schedule a bot to read it regularly and e-mail me if the test fails. That
would let me know if FreshClam ever mangled the database.
Is there a way we could do the same with Declude and the Internal AVG
scanner / database?
Is there some way to execute it from a command line, point it at EICAR and
get a parse-able result?
That could be awfully handy.
-- Michael Cummins
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Thursday, April 29, 2010 11:13 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to
Reenable Virus Protection!
Declude Users - take note!
CommTouch/Zerohous does a good job, but does not catch all known viruses
(some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to
multiple users each!), it's absolutely imperative that AVG works if you
don't have additional scanners set up.
Unfortunately, AVG had stopped working (no one has said for how many weeks
or possible months it has not worked). I have confirmed that AVG is now
working again after I upgraded from 4.10.42-A to 4.10.48. So - I recommend
all Declude users get on top of this quickly!
(PS: This is the second time AVG has gone AWOL inside of Declude for
extended periods of times - and it's never discovered until I finally
insist. Naturally, I have zero confidence in the built-in scanner. It's
unreliable and there is no notification whenever it stops working.)
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Wednesday, April 28, 2010 12:56 PM
To: declude.junkm...@declude.com; declude.virus@declude.com;
declude.relea...@declude.com
Subject: [Declude.Virus] New Release Declude 4.10.48
The following release contains the following changes since 4.7.35 to the
current 4.10.48:
RELEASE 4.10.48
----------------------------------------------------------------------------
----------------------------
4.10.48 Fix closing files when PCRE dll encounters an error.
----------------------------------------------------------------------------
----------------------------
4.10.47 Fix memory leak in AVG SDK Release Instance
----------------------------------------------------------------------------
----------------------------
4.10.46 Updated AVG SDK to 1.7.9783; Added avgcorex.dll and avgcert.dll
----------------------------------------------------------------------------
----------------------------
4.10.45 Optimize code for moving files to the spool directory for IMail
----------------------------------------------------------------------------
----------------------------
4.10.44 Optimize code for moving files to the spool directory for
Smartermail
----------------------------------------------------------------------------
----------------------------
4.10.43 Fixed variable names in the MoveToError function which were
declared globally
----------------------------------------------------------------------------
----------------------------
4.10.42-A Fix for SNF Authentication to turn off without having to restart
Decludeproc
----------------------------------------------------------------------------
----------------------------
4.10.42 Message Sniffer integrated into Declude
----------------------------------------------------------------------------
----------------------------
4.10.41 Added variable %AUTH% to show the authenticated sender of the email
----------------------------------------------------------------------------
----------------------------
4.10.40 XWHITELIST ON in the global.cfg will give the reason for why the
email was WHITELISTED in the header of the email
----------------------------------------------------------------------------
----------------------------
4.9.39 Added a function to send a notify e-mail when hijack is triggered and
e-mails are being held in the Hold2 folder
To turn the Hijack e-mail notify on add the following directive to the
hijack.cfg.
HIJNOTIFY ON
Add the include HijackNotify.eml into the \Declude directory. The recipient
of the email can be modified.
----------------------------------------------------------------------------
----------------------------
4.8.39 IPBYPASS can be configured with CIDR
----------------------------------------------------------------------------
----------------------------
4.8.38 Add the Recipient, mailfrom and subject information to the blklst.txt
file.
The format blklst.txt file is
Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfa
iled
Example:
Multiple Recipients:
10/14/2009|11:40:06.109|53|24.177.234.76|18|s...@hcss.net,s...@hcss.net,test
i...@yahoo,beg...@yahoo.com,donotl...@gmail,
|owner-nolist-30960_*bigm**ridgewoodcable*-...@soar.soulfulbliss.com|[59]Gua
ranteed*-payment-center|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINMX=0,SORBS-D
UL=5,FIVETENRC=2,ZEN=7,SORBS=7,DYNHELO=5,FROMNOMATCH=2,WEIGHT10=10,WEIGHT14=
14,|
One Recipient:
10/14/2009|11:40:06.296|15|218.16.123.185|37|s...@hcss.net,|info_claimsproce
ssgabjgfu...@gmx.net|CONTACT AGENT FOR
CONFIRMATION|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINMX=0,FIVETEN-SRC=2,NJAB
L=4,BASE64=4,CMDSPACE=8,DYNHELO=5,HELOBOGUS
=5,REVDNS=10,SPFFAIL=10,WEIGHT10=10,WEIGHT14=14,WEIGHT20=20,WEIGHT30=30,|
----------------------------------------------------------------------------
----------------------------
4.8.37 PostiniFix, Add a new directive POSTINIFIX ON/OFF goes in the
declude.cfg file
Configuration:
In declude.cfg file: "POSTINIFIX ON " in order for the Postini Fix to
work
----------------------------------------------------------------------------
----------------------------
4.8.36 Fix for Virus test was not catching the EICAR test due to e-mail
formatting
----------------------------------------------------------------------------
----------------------------
4.7.35 Added support for IMail SQL Database for AUTOWHITELIST.
----------------------------------------------------------------------------
----------------------------
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
<mailto:dbar...@declude.com> dbar...@declude.com
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
