[clamav-users] Newbie Question
Hi Group, Can anyone tell me if it's possible to only scan emails that have attachments, as opposed to every single one? Thanks. -Andrey - This mail sent through Latest Wave WebMail Sign up Today @ http://www.latestwave.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] freshclam failure
sorry if this post came in duplicate.. RH7.3 clamav-0.60 I have defined in rc.local : freshclam -d -c 2 -l /var/log/clam-update.log but the process seems to be dying any suggestions? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] freshclam failure
> -Original Message- > From: _Chris McKeever_ [mailto:[EMAIL PROTECTED] > > > RH7.3 > clamav-0.60 > > I have defined in rc.local : > > freshclam -d -c 2 -l /var/log/clam-update.log > > but the process seems to be dying > > any suggestions? > follow-up: if I run that command from the shell, I get: Current working dir is /usr/local/share/clamav and the process runs. thanks > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] false detect on JS.FORTNIGHT.E-2
Sure. Zip his signature file that is causing the problem. Password protect the zip file. Email me both the zip file and the password for it. (This is all to bypass any accidental antivirus detection blocking the attachment along the way.) I'll run it through our system to see what happens. Ted --On Thursday, July 10, 2003 3:05 PM +0800 Nicholas Chua <[EMAIL PROTECTED]> wrote: Hi List, I am having some problem on the detection of this particulat virus JS.FORTNIGHT.E-2. Whenever my user attach a html signature to his email, the email will be rejected by clam stating that it is infected by the above. So i asked him to reject his signature and all went swell. Can someone help me to verify it? thanks & regards nicholas chua - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] Spyware detection
Which is the status of spyware detection withc clamav? I searched through viruses.db and could not find signatures for some samples of spyware. Previusly, I had some troubles with a sony vaio and tgcmd.exe (=spyware). I tried to detect it running clamscan via smbmount without result. Is it possible to add signatures for spyware in viruses.db? Has anyone else coped with spyware? I see a good opportunity for improvement of clam here. Whats you opinion? PS. See these links for more info on spyware: http://www.microdata.com/group/Care%20Tips%20and%20Techniques%20mtl/Spyware.htm http://fmcpherson.weblogger.com/2002/01/06 http://www.snark.com/support.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] Access Denied while scanning - Please Help.
Here is an update to my issue, I ran a program that listed all files in the qmailscan directory and here is what the permissions are on the temporary directory it creates when placing the the attachments in it... drwx--2 qmailq vchkpw 4096 Jul 10 18:44 mail.horistjr.com10578770854264756 /var/spool/qmailscan/mail.horistjr.com10578770854264756: total 520 drwx--2 qmailq vchkpw 4096 Jul 10 18:44 . drwxr-xr-x5 qmailq qmail4096 Jul 10 18:44 .. -rw---1 root qmail 177 Jul 10 18:44 1057877090.4764-0.mail.horistjr.com -rw---1 root qmail 512818 Jul 10 18:44 befsx41_v1.44.11_0416.zip Notice that the user of the mail and attachment are root and the group is qmail.. Does anyone know where it is getting these from??? Thanks... > It sure looks like a permissions problem, what are the permissions anyway? > > //daniel wiberg > > [EMAIL PROTECTED] wrote: > >>I am running Red Hat 9.0 and am using qmail scanner 1.16 with ClamAV and Spamassassin. Spamassassin is working fine. The only problem I am >> having >>is that when ClamAV is called to scan an attached file I get in my qmail-queue.log file this: >> >>08/07/2003 12:01:12:7233: clamscan: starting scan of directory >>"/var/spool/qmailscan/mail.mydomain.com10576800724267233"... >>08/07/2003 12:01:12:7233: run /usr/local/bin/clamscan -r >>--tempdir=/var/spool/qmailscan/mail.mydomain.com10576800724267233 --disable-summary --unzip --unrar --unace --unarj --zoo --lha --jar --tar --tgz /var/spool/qmailscan/mail.mydomain.com10576800724267233 2>&1 08/07/2003 12:01:12:7233: --output of clamscan was: >>/var/spool/qmailscan/mail.mydomain.com10576800724267233/1057680072.7235-0.mail.mydomain.com: Access denied. >>-- >>08/07/2003 12:01:12:7233: clamscan: finished scan of dir >>"/var/spool/qmailscan/mail.mydomain.com10576800724267233" in 0.420626 >> secs >> >>I have checked all permissions and everything looks fine.. Can anyone help me with this.. If you need more info please just ask.. >> >>Thanks... >> >>- To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] Clamd with Clamav-Milter, Sendmail 8.12.9 timeout lockup?
Hi again To add to this thread. It seems to hang on quite a few (not all) Session TimeOuts and ALL 'WARNING: ScanStream: Size exceeded' events That may help. Jerome At 02:57 PM 7/10/03 -0600, you wrote: Hey all! Maybe someone here can help out with a curious problem. Its happening on at least 2 servers running RedHat 7.2 and 7.3 with patched Kernels... etc etc They are both running: Sendmail-8.12.9 OpenWebmail SASL for user auth And both have the latest and greatest Clamd and Clamav-Milter What seems to happen, over time, we get log entries like: Session 0 stopped due to timeout Session 1 stopped due to timeout And then in some cases, clamd will have a [defunct] thread in the ps list, and after short period - the clamav-milter plugin reports: Milter (clmilter): timeout before data read Milter (clmilter): to error state Milter (clmilter): timeout before data read Milter (clmilter): to error state Milter (clmilter): init failed to open Milter (clmilter): to error state And at that point - it stops working. Clamd needs to be shutdown and restarted, Clamav-Milter also - and Sendmail. Obviously not a good situation. This is on 2 separate servers, both have timeout values at 360 (played with these - no difference) The sendmail.cf milter lines are set at 6 minutes each (6m) Any ideas?? Happens randomly - one server has a lot of traffic and the other minimal, happens on both. Both work fine and trap viruses when they are working. Jerome ePaxsys, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] false detect on JS.FORTNIGHT.E-2
Hi List, I am having some problem on the detection of this particulat virus JS.FORTNIGHT.E-2. Whenever my user attach a html signature to his email, the email will be rejected by clam stating that it is infected by the above. So i asked him to reject his signature and all went swell. Can someone help me to verify it? thanks & regards nicholas chua - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] suidperl rht90 problem? qmail-scanner access denied ANSWERED
well. this machine had changed names... the smtpd run script was pulling the hostname from `cat hostname` and qmail-scanner was running under another hostname. i set the hostname in the runscript by hand (why do a system call, when you don't have to) and changed the hostname to match. everything works as it should. that's what i get for setting up a box in the middle of the night over several night (and specs changing) kg [EMAIL PROTECTED] wrote: perl-suidperl is installed via up2date. and is confirmed by rpm -qa. remember, i said i'd googled and this is well documented. thanks, any other ideas? kg [EMAIL PROTECTED] wrote: My guess is that you might not have perl-suidperl installed? Run this: rpm -qa |grep perl-suidperl If it isnt installed, head over to rpmfind.net and download the rpm for redhat 9. Install that, then restart qmail and it should work. I ran into this problem with qmailtoaster and redhat 8.0. p.s. this assumes you used the perl rpm versions, and didnt compile your own perl distribution. Josh - Original Message - From: "Kelley G" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 11:42 AM Subject: [clamav-users] suidperl rht90 problem? qmail-scanner access denied i have several other qmail-scanner clamav installations all running smoothly. a new one, rh90 and rpm based (qmailtoasterclikka.com) is working fine, all except for clamav. testing clamscan and clamdscan on other files called by regular user work fine. clamscan called from qmail-scanner script is not. qmail-scanner seems to be unable to suid to the proper user, anyone else see this behavior? someone else saw the same access denied errors a week or so ago. i've tried everything i know of and goggled etc. this qmail-scanner clamav install is identical to the others running smoothly and is quite standard following docs. the others run on red hat 7.3 shupp toasters. same qmail-scanner versions etc. i'm inclined to think this is a suidperl problem on redhat 90. although perscanner and spamassassin work perfectly on this machine. any ideas? thanks kelley g - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with [EMAIL PROTECTED] http://shopnow.netscape.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] freshclam failure - Solved
> > > -Original Message- > > From: _Chris McKeever_ [mailto:[EMAIL PROTECTED] > > > > > > > RH7.3 > > clamav-0.60 > > > > I have defined in rc.local : > > > > freshclam -d -c 2 -l /var/log/clam-update.log > > > > but the process seems to be dying > > > > any suggestions? > > > > follow-up: if I run that command from the shell, I get: > > Current working dir is /usr/local/share/clamav > > and the process runs. > > thanks It looks like for some reason I need to put the full path to the executable in the rc.local now, since upgrade to 0.60 all is good now, I will report back if it dies mid-stream > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] Clamd with Clamav-Milter, Sendmail 8.12.9 timeout lockup?
Hey all! Maybe someone here can help out with a curious problem. Its happening on at least 2 servers running RedHat 7.2 and 7.3 with patched Kernels... etc etc They are both running: Sendmail-8.12.9 OpenWebmail SASL for user auth And both have the latest and greatest Clamd and Clamav-Milter What seems to happen, over time, we get log entries like: Session 0 stopped due to timeout Session 1 stopped due to timeout And then in some cases, clamd will have a [defunct] thread in the ps list, and after short period - the clamav-milter plugin reports: Milter (clmilter): timeout before data read Milter (clmilter): to error state Milter (clmilter): timeout before data read Milter (clmilter): to error state Milter (clmilter): init failed to open Milter (clmilter): to error state And at that point - it stops working. Clamd needs to be shutdown and restarted, Clamav-Milter also - and Sendmail. Obviously not a good situation. This is on 2 separate servers, both have timeout values at 360 (played with these - no difference) The sendmail.cf milter lines are set at 6 minutes each (6m) Any ideas?? Happens randomly - one server has a lot of traffic and the other minimal, happens on both. Both work fine and trap viruses when they are working. Jerome ePaxsys, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] Newbie Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 10 Jul 2003 6:49 pm, [EMAIL PROTECTED] wrote: > Hi Group, > > Can anyone tell me if it's possible to only scan emails that have > attachments, as opposed to every single one? You have to scan an e-mail to see if it has any attachments... > Thanks. > > -Andrey - --Nigel - -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/DcMYhTUd3VwpF6IRAk4UAJ9MoOIIpgqsGVQUON1XEblzmWu8SgCeLHgM KJVdJL+Vf4GEfDKWL6G9cTE= =Y6kg -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
