My fresclam say ERROR: Can't get information about db.us1.clamav.net: Host not found
????? Saludos cordiales MSc. Ing. Pedro Luis Domínguez Viqueira Administrador de Nodo de Comunicaciones Oficina Central, DESOFT Email: [EMAIL PROTECTED] Mensajería instantánea: [EMAIL PROTECTED] -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de [EMAIL PROTECTED] Enviado el: Domingo, 05 de Agosto de 2007 06:00 a.m. Para: clamav-users@lists.clamav.net Asunto: clamav-users Digest, Vol 35, Issue 5 Send clamav-users mailing list submissions to clamav-users@lists.clamav.net To subscribe or unsubscribe via the World Wide Web, visit http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of clamav-users digest..." Today's Topics: 1. Virus definition file /var/lib/clamav/main.cvd is missing.... (Kevin Williams) 2. Re: Problems with installation (G.W. Haywood) 3. Virus definition file /var/lib/clamav/main.cvd is missing.... (Kevin Williams) 4. (not-exactly-a-Feature) Request (John Rudd) ---------------------------------------------------------------------- Message: 1 Date: Sat, 4 Aug 2007 13:09:44 -0400 From: Kevin Williams <[EMAIL PROTECTED]> Subject: [Clamav-users] Virus definition file /var/lib/clamav/main.cvd is missing.... To: clamav-users@lists.clamav.net Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" I just upgraded clamav to the latest svn version an hour ago. Now, when I run clamd I get the following message: Virus definition file /var/lib/clamav/main.cvd is missing. Either install the clamav-db package or run freshclam to get the virus definitions. When I run freshclam I get: ClamAV update process started at Sat Aug 4 13:04:57 2007 main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven) daily.inc is up to date (version: 3854, sigs: 8990, f-level: 20, builder: ccordes) I haven't changes any of the config option to the configure script nor have I changed location for any of the scripts, libs etc. In other words, the setup has always been the same. The only difference, I could make out is that, clamd is looking for main.cvd while, /var/lib/clamav contains a directory main.inc along with others like daily.inc. I am guessing here, the database structure has been changed and now stored in directories main.inc and daily.inc while, clamd code contiunes to look for main.cvd and hence, the problem. I have tried searching mailing list and the web with the error message as the search word to end up with nothing really. Can someone tell me what am I doing wrong or what is going on ? Thanks for any help. Kevin ------------------------------ Message: 2 Date: Sat, 4 Aug 2007 21:24:56 +0100 (BST) From: "G.W. Haywood" <[EMAIL PROTECTED]> Subject: Re: [Clamav-users] Problems with installation To: clamav-users@lists.clamav.net Message-ID: <[EMAIL PROTECTED]> Content-Type: TEXT/PLAIN; charset=US-ASCII Hi there, On Sat, 4 Aug 2007 SM wrote: > It would have been better to trim your reply instead of incorrectly > attributing the above to me. Please accept my apologies for my mistake. -- 73, Ged. ------------------------------ Message: 3 Date: Sat, 4 Aug 2007 19:42:52 -0400 From: Kevin Williams <[EMAIL PROTECTED]> Subject: [Clamav-users] Virus definition file /var/lib/clamav/main.cvd is missing.... To: clamav-users@lists.clamav.net Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Sorry for the noise I'm making ! I just found out that the error message was generated by the init script and really has nothing to do with clamav package itself ! The start-up script was looking for main.cvd and when it couldn't find it it balked out with before mentioned error message ! I just changed the script to look for the new database and things are working just fine as the way they meant to be. Sorry again. Thanks anyways, Kevin On August 4, 2007 13:09:44 Kevin wrote: > I just upgraded clamav to the latest svn version an hour ago. Now, when I > run clamd I get the following message: > > Virus definition file /var/lib/clamav/main.cvd is missing. > Either install the clamav-db package or run freshclam > to get the virus definitions. > > > When I run freshclam I get: > > ClamAV update process started at Sat Aug 4 13:04:57 2007 > main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder: > sven) daily.inc is up to date (version: 3854, sigs: 8990, f-level: 20, > builder: ccordes) > > I haven't changes any of the config option to the configure script nor have > I changed location for any of the scripts, libs etc. In other words, the > setup has always been the same. > > The only difference, I could make out is that, clamd is looking for > main.cvd while, /var/lib/clamav contains a directory main.inc along with > others like daily.inc. I am guessing here, the database structure has been > changed and now stored in directories main.inc and daily.inc while, clamd > code contiunes to look for main.cvd and hence, the problem. > > I have tried searching mailing list and the web with the error message as > the search word to end up with nothing really. > > Can someone tell me what am I doing wrong or what is going on ? > > Thanks for any help. > > Kevin ------------------------------ Message: 4 Date: Sat, 04 Aug 2007 18:00:20 -0700 From: John Rudd <[EMAIL PROTECTED]> Subject: [Clamav-users] (not-exactly-a-Feature) Request To: ClamAV users ML <clamav-users@lists.clamav.net> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Identifying the exact nature of a signature, just from the name, is a major pain. Especially when you throw in the 3rd party signatures. The location in the signature name of the authority it came from varies from group to group (and isn't present in the ClamAV signatures at all). Whether it's virus/malware/trojan/worm or just a phishing/fraud or spam signature is handled differently by each authority. It's just a _MESS_, on the part of _ALL_ of the signature authorities, including ClamAV's official signatures. I'd like to see better organization on this front. My suggestion is: A signature name is a dot separated 4-tuple or 5-tuple, with the following fields: - the first field is the signature source: ClamAV, Sanesecurity, MBL, MSRBL, etc. - the second field is the signature category: Virus, Worm, Malware, Trojan, Exploit, Scam or Fraud or Phishing, Spam, Archive, etc. - the third field is the platform/mechanism abused: Win32, MacOSX-x86, MacOSX-ppc, Linux-x86, Solaris-x86, Solaris-Sparc, FreeBSD-x86, NetBSD-x86, NetBSD-all, Image, PDF, MS-Macro, HTML, Zip, etc. - the optional fourth field is a signature sub-category Stock, Spyware, virus-family-name, etc. - the last field is an exact signature ID Further, the first 3 fields would need to be universally agreed upon (dictated by ClamAV, IMO). So, this: Email.Stk.Gen588.Sanesecurity.07071604.pdf becomes: Sanesecurity.Spam.PDF.Stock.Gen588-07071604 This: Worm.Mydoom.M becomes: ClamAV.Worm.Win32.Mydoom.M This: HTML.Phishing.Bank-3 becomes: ClamAV.Fraud.HTML.Bank.3 or: ClamAV.Phishing.HTML.Bank.3 This: Zip.ExceededFilesLimit becomes: ClamAV.Archive.Zip.Exceeded.FilesLimit (which might also mean there'd be ClamAV.Archive.Zip.Exceeded.Size ClamAV.Archive.Zip.Encrypted or even ClamAV.Archive.Rar.NotAllowed, if all rar files are blocked) This would make it a LOT easier to decide how to handle a given match in a programmatic manner. For example, if I have a sendmail-milter and I want to reject viruses, worms, and malware, but I want to merely mark a header for things like Phishing/Fraud Scams or Spam, I could do something like: if ($virusname =~ /\.(Scam|Fraud|Spam)\./) { add_a_header_and_accept(); } else { send_smtp_5xx_response(); } Or, perhaps I want to do it by signature authority, because I've heard some signature authorities might have false positives: if ($virusname =~ /^ClamAV\./) { send_smtp_5xx_response(); } elsif ($virusname =~ /^Sanesecurity\./) { do_sanesecurity_action(); } elsif ($virusname =~ /^MBL\./) { do_mbl_action(); } elsif ($virusname =~ /^MSRBL\.) { do_msrbl_action(); } else { # some new signature authority I haven't specifically handled yet add_a_header_and_accept(); } The point is, whether you go with my suggestion or some other idea, imposing _SOME_ kind of structure on the signature names is, IMO, necessary. It needs to be formalized, and required of all signature authorities. When someone wants to add a new possibly value to the first 3 fields of the tuple, I'd suggest that it have to be blessed by some group (the clamav developers? a side-group with some of the clamav developers and some of the other authority members, whatever). ------------------------------ _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users End of clamav-users Digest, Vol 35, Issue 5 ******************************************* _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
