* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040313 15:01]: wrote:
> Odhiambo Washington wrote:
>
> >Latest cvs code ... with OLE2 support enabled...
> >
> >Sat Mar 13 08:53:15 2004 ->
> >/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-00001.doc: Unable
> >to open file or directory. ERROR
> >Sat Mar 13 08:54:08 2004 ->
> >/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-00001.doc: *Unable
> >to open file or directory*. ERROR
> >
> >
> >
> That don't look like OLE errors to me ... More like permission problem.
I doubt it, unless I ignored something so obvious ... other instances of
scanning don't exhibit the same signs. See attached clamd.log.
> After enabling ScanOLE2 on clamav.conf , I tested with command line
> ====================================
> bash-2.03# clamscan /tmp/Aplikasi-DC.doc
> /tmp/Aplikasi-DC.doc: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 20470
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.09 MB
> I/O buffer size: 131072 bytes
> Time: 6.231 sec (0 m 6 s)
> bash-2.03# clamdscan /tmp/Aplikasi-DC.doc
> /tmp/Aplikasi-DC.doc: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.922 sec (0 m 0 s)
> bash-2.03# clamd -V
> clamd / ClamAV version devel-20040313
> ====================================
>
> and by sending mail, it's OK. No error occured. I use clean (non-virus
> infected) *.doc though.
> Is there something special about the .doc file you used? Do you still
> have it? What does
> clamdscan say?
>
> Regards,
>
> Fajar
>
> PS : I'm running clamd as the same user as exim.
me too. that is why I see this occurence as strange.
cheers
- wash
+----------------------------------+-----------------------------------------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) |
<wash at wananchi dot com> . 1ere Etage, Loita Hse, Loita St., |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"
--from a /. post
Sat Mar 13 06:35:07 2004 -> SelfCheck: Database status OK.
Sat Mar 13 07:06:26 2004 ->
/var/spool/exim/scan/1B20Pc-0006bu-KY/1B20Pc-0006bu-KY-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 07:35:09 2004 -> SelfCheck: Database status OK.
Sat Mar 13 07:53:57 2004 ->
/var/spool/exim/scan/1B219D-000LC7-57/1B219D-000LC7-57-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 08:04:06 2004 ->
/var/spool/exim/scan/1B21Jb-000N5u-0M/1B21Jb-000N5u-0M-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 08:13:12 2004 -> Reading databases from /usr/local/share/clamav
Sat Mar 13 08:13:13 2004 -> Database correctly reloaded (20470 viruses)
Sat Mar 13 08:35:16 2004 -> SelfCheck: Database status OK.
Sat Mar 13 08:35:22 2004 ->
/var/spool/exim/scan/1B21lp-0001YY-3y/1B21lp-0001YY-3y-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 08:47:15 2004 ->
/var/spool/exim/scan/1B21yv-0003Mr-JQ/1B21yv-0003Mr-JQ-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 08:53:15 2004 ->
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-00001.doc: Unable to open file
or directory. ERROR
Sat Mar 13 08:54:08 2004 ->
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-00001.doc: Unable to open file
or directory. ERROR
Sat Mar 13 09:23:45 2004 ->
/var/spool/exim/scan/1B22Yd-00089X-V2/1B22Yd-00089X-V2-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 09:35:24 2004 -> SelfCheck: Database status OK.
Sat Mar 13 09:38:45 2004 ->
/var/spool/exim/scan/1B22nA-0009uH-AK/1B22nA-0009uH-AK-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 09:41:10 2004 ->
/var/spool/exim/scan/1B22pO-000AEW-JE/1B22pO-000AEW-JE.eml: VBS.Redlof.Encoded.gen
FOUND
Sat Mar 13 09:55:34 2004 ->
/var/spool/exim/scan/1B233P-000CEO-0l/1B233P-000CEO-0l-00000.zip: Worm.SCO.A-unp FOUND
Sat Mar 13 09:59:01 2004 -> +++ Started at Sat Mar 13 09:59:01 2004
Sat Mar 13 09:59:01 2004 -> Log file size limited to 15728640 bytes.
Sat Mar 13 09:59:01 2004 -> Reading databases from /usr/local/share/clamav
Sat Mar 13 09:59:01 2004 -> Protecting against 20470 viruses.
Sat Mar 13 09:59:02 2004 -> Unix socket file /var/spool/exim/clamd.sock
Sat Mar 13 09:59:02 2004 -> Setting connection queue length to 100
Sat Mar 13 09:59:02 2004 -> Archive: Archived file size limit set to 26214400 bytes.
Sat Mar 13 09:59:02 2004 -> Archive: Recursion level limit set to 5.
Sat Mar 13 09:59:02 2004 -> Archive: Files limit set to 1000.
Sat Mar 13 09:59:02 2004 -> Archive: Compression ratio limit set to 200.
Sat Mar 13 09:59:02 2004 -> Archive: Limited memory usage.
Sat Mar 13 09:59:02 2004 -> Archive support enabled.
Sat Mar 13 09:59:02 2004 -> RAR support disabled.
Sat Mar 13 09:59:02 2004 -> Blocking encrypted archives.
Sat Mar 13 09:59:02 2004 -> Mail files support disabled.
Sat Mar 13 09:59:02 2004 -> OLE2 support enabled.
Sat Mar 13 09:59:02 2004 -> Self checking every 3600 seconds.
Sat Mar 13 10:08:07 2004 ->
/var/spool/exim/scan/1B23Fc-000EfM-RO/1B23Fc-000EfM-RO-00000.zip: Worm.Mydoom.F FOUND
Sat Mar 13 10:09:27 2004 ->
/var/spool/exim/scan/1B23GQ-000Ek6-7K/1B23GQ-000Ek6-7K-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 10:17:53 2004 ->
/var/spool/exim/scan/1B23Oz-000Fo2-Ki/1B23Oz-000Fo2-Ki-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 10:18:30 2004 ->
/var/spool/exim/scan/1B23PI-000FoC-IZ/1B23PI-000FoC-IZ-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 10:39:05 2004 ->
/var/spool/exim/scan/1B23jB-000IZb-Ld/1B23jB-000IZb-Ld-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 10:48:47 2004 ->
/var/spool/exim/scan/1B23sy-000KMt-F0/1B23sy-000KMt-F0-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 10:52:18 2004 ->
/var/spool/exim/scan/1B23wN-000KmU-0M/1B23wN-000KmU-0M-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 10:59:03 2004 -> No stats for Database check - forcing reload
Sat Mar 13 10:59:03 2004 -> Reading databases from /usr/local/share/clamav
Sat Mar 13 10:59:04 2004 -> Database correctly reloaded (20470 viruses)
Sat Mar 13 11:03:39 2004 ->
/var/spool/exim/scan/1B247M-000MTK-Km/1B247M-000MTK-Km-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 11:04:58 2004 ->
/var/spool/exim/scan/1B248c-000Md0-ME/1B248c-000Md0-ME-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 11:06:40 2004 ->
/var/spool/exim/scan/1B24AI-000MrR-5w/1B24AI-000MrR-5w-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 11:07:36 2004 ->
/var/spool/exim/scan/1B24BC-000Mw7-DQ/1B24BC-000Mw7-DQ-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 11:08:14 2004 ->
/var/spool/exim/scan/1B24Bj-000Mwf-GY/1B24Bj-000Mwf-GY-00000.zip: Worm.Mydoom.F FOUND
Sat Mar 13 11:11:21 2004 ->
/var/spool/exim/scan/1B24EA-000NFF-Co/1B24EA-000NFF-Co-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 11:44:32 2004 ->
/var/spool/exim/scan/1B24kr-00022N-Rm/1B24kr-00022N-Rm-00000.zip: Worm.Mydoom.F FOUND
Sat Mar 13 11:45:59 2004 ->
/var/spool/exim/scan/1B24mI-0002QL-44/1B24mI-0002QL-44.eml: VBS.Redlof.Encoded.gen
FOUND
Sat Mar 13 11:59:04 2004 -> SelfCheck: Database status OK.
Sat Mar 13 12:59:06 2004 -> SelfCheck: Database status OK.
Sat Mar 13 13:48:22 2004 ->
/var/spool/exim/scan/1B26g7-000HBc-M1/1B26g7-000HBc-M1-00000.zip: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 13:53:10 2004 ->
/var/spool/exim/scan/1B26l4-000HXj-9T/1B26l4-000HXj-9T-00000.zip: Worm.SCO.A FOUND
Sat Mar 13 13:59:09 2004 -> SelfCheck: Database status OK.
Sat Mar 13 14:02:46 2004 ->
/var/spool/exim/scan/1B26ui-000IYS-6E/1B26ui-000IYS-6E-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 14:37:39 2004 ->
/var/spool/exim/scan/1B27SR-000MAV-Va/1B27SR-000MAV-Va-00002.com: Worm.SomeFool.Gen-1
FOUND
Sat Mar 13 14:48:30 2004 ->
/var/spool/exim/scan/1B27cf-000ND4-1q/1B27cf-000ND4-1q-00000.zip: Worm.SCO.A FOUND
Sat Mar 13 14:54:47 2004 ->
/var/spool/exim/scan/1B27j0-000NzM-Ed/1B27j0-000NzM-Ed-00000.zip: Worm.SomeFool.Gen-2
FOUND
Sat Mar 13 14:59:10 2004 -> SelfCheck: Database status OK.
Sat Mar 13 15:00:16 2004 ->
/var/spool/exim/scan/1B27oF-000OZL-2R/1B27oF-000OZL-2R-00000.zip: Worm.SomeFool.Gen-1
FOUND
