>>By the way I tried using --external as suggested and it did not
>>fix the false-negative problems I've been seeing since 01may.
>>I'm still getting about 5000 messages per day that clamav-milter
>>says are clean but that clamscan correctly says have Bagz.something.
>
>Please post your clamd.conf and freshclam.conf
I agree that a misconfiguration is the most likely cause, but
I've looked at the files and don't see anything wrong. Plus
I didn't change them on 01may when I started getting this sudden
huge increase in false-negatives. But anyway, the config files
are below.
I'm running FreeBSD 4.9, and have installed clamav 0.84 from
the ports tree. When the problem started I was using 0.83, though.
A "locate daily.cvd" shows only:
/usr/ports/security/clamav/work/clamav-0.84/database/daily.cvd
/var/db/clamav/daily.cvd
The latter has a mod date of yesterday, and freshclam.log says
it is version 875. A clamscan of one of the false-negatives:
% clamscan -V
ClamAV 0.84/875/Tue May 10 04:27:59 2005
% clamscan 473844
473844: Worm.Bagz.C FOUND
----------- SCAN SUMMARY -----------
Known viruses: 34297
Engine version: 0.84
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.32 MB
Time: 0.828 sec (0 m 0 s)
The clamav headers from that same message, received just a few minutes ago:
X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on
gate.acme.com
X-Virus-Status: Clean
It's too bad clamav-milter no longer puts the database version in the
headers it generates, so we could be sure it's using the right one.
As for the config files, it would be easier if I send just the diffs
between the default ones and my versions, right? Here you go.
- - - - - - - - -
% diff clamd.conf.default clamd.conf
14c14
< LogFile /var/log/clamav/clamd.log
---
> #LogFile /var/log/clamav/clamd.log
43c43
< #LogSyslog
---
> LogSyslog
48c48
< #LogFacility LOG_MAIL
---
> LogFacility LOG_MAIL
87c87
< #TCPAddr 127.0.0.1
---
> TCPAddr 127.0.0.1
110c110
< #MaxThreads 20
---
> MaxThreads 500
144c144
< User clamav
---
> User filter
- - - - - - - - -
% diff freshclam.conf.default freshclam.conf
18c18
< UpdateLogFile /var/log/clamav/freshclam.log
---
> UpdateLogFile /var/log/freshclam.log
22c22
< #LogVerbose
---
> LogVerbose
40c40
< DatabaseOwner clamav
---
> DatabaseOwner filter
55c55
< #DatabaseMirror db.XY.clamav.net
---
> DatabaseMirror db.us.clamav.net
85c85
< NotifyClamd
---
> #NotifyClamd
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
