Re: [Clamav-users] same error with Linux and BSD

[R W C]

Hello,

Yes, we do, well I call it highly loaded but that is relative so I will
post the status below, we have 12,000 users or so. We have two slackware
linux MX boxes that prescan for spam and viruses (the scan is done in the
data stream and 550 error is produced so we have no bounce message we let
their machine or their mail server do the bounce), we use exim with the
exiscan-acl patch (from duncanthrax.net) and it is using
clamd/spamassassin.  The MX servers then just pass on the good mail via a
hub routing rule.  If it does get a socket error it queues it, it does not
let it on though (which makes for interesting load effect if one of the
daemons die :P).  The main mail server also scans for viruses in case some
skip the mail mx and for outgoing email (I use an md5 signature added on
my outside boxes to avoid rescanning what they already approved).  In
exiscan I use the demime function and tell it to refuse .vbs, .scr and
.pif which keeps some load off the virus daemon in itself.

Here is yesterdays 24 hour rejection stats, we had 73865 good emails
delivered out of 260870 attempts.  A few days ago, the unwanted was about
three times last nights amount due to a new virus that used the extention
.pif and .scr:


MX1   MX2MAIL

rejected:  114964116348  29558
  blacklist:42003 44927652
  spam: 52941 52062  0
  viruses:408   362560
  unwanted:  5601  6064567
  other:14011 12933  27779


  "unwanted" is file extensions (scr:vbs:bat:lnk:pif) which is
  potential virii.  "other"  can be protocol errors, and
  non-resolvable return addresses, etc that are killed at the front door,
  as you can see most viruses never have a chance to load the clamd
  daemon since the demime function gets most potential ones.



later
Randal


On Tue, 26 Aug 2003, Olaf Zaplinski wrote:

> Hi,
>
> now I found it - installed clamav-0.60 on both FreeBSD and Linux, and both
> fail regularly...
>
> Aug 25 23:47:28 frodo sendmail[38162]: h7PLlSNd038162: Milter (clmilter): to
> error state
> Aug 25 23:47:28 frodo sendmail[38162]: h7PLlSNd038162: Milter:
> initialization failed, temp failing commands
> Aug 25 23:47:28 frodo sendmail[38163]: h7PLlSNd038163: Milter (clmilter):
> error connecting to filter: Connection refused by
> /usr/local/var/clamav/clmilter.sock
>
> So I don't think this is libmilter or OS specific.
>
> I would like to tell the deveolper(s). BTW, is he/they reading this list?
>
> And: is somebody here using clamav on a rather high loaded email server? If
> yes, what configuration? What OS? HOW TO do?
>
> Regards
> Olaf
>
>
>
> ---
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd 0.60 problems

[Marc Balmer]

Hi

I am again experiencing problems with clamd on OpenBSD 3.3 on Sparc64. 
clamd suddenly terminates, no entry in the log, no entry elsewhere.  It
just silently dies.

I have abolsutely no indication as to what might be the cause.

If you have any idea, it's more than welcome!

- Marc


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Socket Already Exist Error [REPOST]

[Mark Mielke]

On Tue, Aug 26, 2003 at 05:53:57PM +0200, Tomasz Kojm wrote:
> > As I don't usually do networking in C, and there were one/some style 
> > complaints: Tomasz, are you accepting the patch as-is?
> Of course, I do. However I'd like to see Mark's version and after that
> we can update the CVS with the better one ;)

For anybody reading, not on clamav-devel, I have taken this to clamav-devel.

Cheers,
mark

-- 
[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL PROTECTED] __
.  .  _  ._  . .   .__.  . ._. .__ .   . . .__  | Neighbourhood Coder
|\/| |_| |_| |/|_ |\/|  |  |_  |   |/  |_   | 
|  | | | | \ | \   |__ .  |  | .|. |__ |__ | \ |__  | Ottawa, Ontario, Canada

  One ring to rule them all, one ring to find them, one ring to bring them all
   and in the darkness bind them...

   http://mark.mielke.cc/



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] How stable is 0.60?

[Marc Balmer]

On Tue, 26 Aug 2003 15:25:04 +0200 (CEST)
Tomasz Kojm <[EMAIL PROTECTED]> wrote:

>> > In my maillog I find the following entry:
> > 
> > Aug 25 13:53:36 harbart smtp-vilter[19777]: smtp-vilter: accept()
> > returned invalid socket (Too many open files), try again
>
> there are known problems with clamd + OpenBSD. The log above suggests
> your software is lacking descriptors (and probaby clamd received some
> critical signal from the system). Could you investigate it with the "lsof"
> utility ?

I solved this issue, it was a bug in our milter.  But clamd is unreliable on OpenBSD 
3.4-beta sparc64 (at least), after some time it stops responding to commands. I.e. I 
still can connect to localhost:3310, but clamd no longer responds to commands.

Has anyone else such experiences?  It is a bit annoying, but for the moment I do not 
know how and where to attack the problem...

- Marc


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamdscan Command Not Found

[Ian Scott]

I'm sorry for taking up so much of your time over the past day! 
Sometimes, I am a slow learner.  I finally got clamav working great,
along with clamav-milter and Sendmail 8.2.19.  Everything was working
great! For about 16 hours. 

Then, I started experiencing time out issues sending mail through the
server, as did a few of my clients.  From the maillog file:

Aug 26 23:17:00 ns sendmail[6858]: h7R3D0UM006858: Milter (clmilter):
timeout before data read
Aug 26 23:17:00 ns sendmail[6858]: h7R3D0UM006858: Milter (clmilter): to
error state
Aug 26 23:17:00 ns sendmail[6858]: h7R3D0UM006858: Milter (clmilter):
init failed to open
Aug 26 23:17:00 ns sendmail[6858]: h7R3D0UM006858: Milter (clmilter): to
error state
Aug 26 23:17:00 ns sendmail[6858]: h7R3D0UM006858: [141.157.130.130] did
not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Aug 26 23:17:18 ns sendmail[6911]: h7R3DEUM006911: Milter (clmilter):
timeout before data read
Aug 26 23:17:18 ns sendmail[6911]: h7R3DEUM006911: Milter (clmilter): to
error state
Aug 26 23:17:18 ns sendmail[6911]: h7R3DEUM006911: Milter (clmilter):
init failed to open
Aug 26 23:17:18 ns sendmail[6911]: h7R3DEUM006911: Milter (clmilter): to
error state
Aug 26 23:17:18 ns sendmail[6911]: h7R3DEUM006911:
cpe-24-242-21-236.elp.rr.com [24.242.21.236] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MT

So, I tried restarting Sendmail, and everything else, but still the same
error messages in the logs.  

It's a very quiet time, so I thought I'd just reboot the darn machine,
to see what would happen.  In my /etc/rc.d/rc.local file, I have:

# update clamav databases
freshclam -d -c 2 -l /var/log/clam-update.log

# start clamd antivirus daemaon
/usr/local/sbin/clamd

# Start clamd milter
/usr/local/sbin/clamav-milter -lo /var/run/clmilter.sock
killall -HUP sendmail


But now in my email headers, I"m seeing this:
X-Virus-Scanned:  sh: clamdscan: command not found

And after spending two full days on getting this to work, my brain is a
bit numb, I have to admit.  Anyone point out what I've done wrong?

Thanks again!

-- 
Ian Scott <[EMAIL PROTECTED]>
Goal Centered Internet Solutions
http://www.pairowoodies.com

All About Fly Fishing
http://www.about-flyfishing.com

PGP/GPG Key ID: 319CE936



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Proxy and Scanning?

[Kevin Spicer]

On Wed, 2003-08-27 at 00:20, Mark wrote:
> Is it possible to scan the traffic (via plug in or so) with SQUID or an
> SOCKS-Proxy (like Dante)?
> If not: Feature Request -> TrafficScan via PlugIN, own mod or Daemon :)
> 
Dansguardian (http://www.dansguardian.org) is a content filter for squid
which has an extension available (http://www.pcxperience.org/dgvirus/)
that virus scans files passing through the proxy (it can use Clam or
F-prot).




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Suggestions for build process

[David Jansen]

On Tue, Aug 26, 2003 at 18:15:52 +0200 (CEST) Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> > 1) clamav-milter links with -lmilter but that (at least on RedHat) references
> > a function strlcpy which is in libsmutil.a (also from the sendmail-devel
> > rpm), so I needed to add -lsmutil in clamav-milter/Makefile
> > I'm not sure if this is specific to this version of RedHat's sendmail 
> > packaging or a more generic feature.
>  
> I can't find this library on Debian. I need some function name from it to
> be able to add the support for -lsmutil linking in configure.
[...] 

It looks like something that is only referenced from within libmilter.a
and maybe sendmail, so perhaps RedHat has just broken up libmilter into
two libraries?
Anyway, the only function which seems to be called from it (through libmilter)
is strlcpy which seems to be a strcpy replacement with length checks.

David
-- 
David Jansenmailto:[EMAIL PROTECTED]
Leiden Observatory( Sterrewacht Leiden )
P.O. Box 9513,  2300 RA Leiden,  The Netherlands
Phone: (+31) 71 5275810Fax: (+31) 71 5275819


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Proxy and Scanning?

[Diego d'Ambra]

> -Original Message-
> From: Mark [mailto:[EMAIL PROTECTED] 
> Sent: 27. august 2003 01:21
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Proxy and Scanning?
> 
> 
> Is it possible to scan the traffic (via plug in or so) with 
> SQUID or an SOCKS-Proxy (like Dante)? If not: Feature Request 
> -> TrafficScan via PlugIN, own mod or Daemon :)
> 

Look at Viralator and Squirm which are a plug-ins for Squid. With these
you can use ClamAV to scan clients web-traffic.

Best regards,
Diego d'Amrba


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamdscan Command Not Found

[Tomasz Papszun]

On Wed, 27 Aug 2003 at  0:19:25 -0400, Ian Scott wrote:
[...]
> It's a very quiet time, so I thought I'd just reboot the darn machine,
> to see what would happen.  In my /etc/rc.d/rc.local file, I have:
> 
> # update clamav databases
> freshclam -d -c 2 -l /var/log/clam-update.log
> 
> # start clamd antivirus daemaon
> /usr/local/sbin/clamd
> 
> # Start clamd milter
> /usr/local/sbin/clamav-milter -lo /var/run/clmilter.sock
> killall -HUP sendmail
> 
> 
> But now in my email headers, I"m seeing this:
> X-Virus-Scanned:  sh: clamdscan: command not found
> 

It may be a wrong shot, but:
start-up scripts (like these ones in /etc/rc.d/) often contain
explicitly set PATH variable. Maybe the PATH in your  /etc/rc.d/rc.local
does not contain the directory in which  clamdscan  is?...

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Building CLAMd Snapshot fails

[Adam Williams]

I'm trying to use the spec file from the 0.60 src rpm, to build an RPM
from the clamav-20030806.tar.gz snapshot (to see if the milter/clamd is
more stable).

Just unpacking the tar ball, running ./configure, and make works.

But rpmbuild -bb clam.spec dies with -

source='clamav-milter.c' object='clamav-milter.o' libtool=no \
depfile='.deps/clamav-milter.Po' tmpdepfile='.deps/clamav-milter.TPo' \
depmode=gcc3 /bin/sh ../depcomp \
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\"
-DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"clamav\"
-DVERSION=\"20030806\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
-DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1
-DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1
-DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DBUFFSIZE=131072
-DFBUFFSIZE=16384 -DSTDC_HEADERS=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
-DHAVE_DLFCN_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STDLIB_H=1
-DHAVE_STRINGS_H=1 -DHAVE_STRING_H=1 -DHAVE_SYS_MMAN_H=1
-DHAVE_SYS_PARAM_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1
-DHAVE_MALLOC_H=1 -DSIZEOF_SHORT=2 -DSIZEOF_INT=4 -DSIZEOF_LONG=4
-DHAVE_ZLIB_H=1 -DHAVE_BZLIB_H=1 -DCLAMD_USE_SYSLOG=1
-DCLAMAVUSER=\"clamav\" -DCLAMAVGROUP=\"clamav\"
-DDB1NAME=\"viruses.db\" -DDB2NAME=\"viruses.db2\"
-DDATADIR=\"/var/clamav\" -DCONFDIR=\"/etc\" -DC_URANDOM=1 -DC_LINUX=1
-DCL_THREAD_SAFE=1 -DCLAMUKO=1 -DWORDS_LITTLEENDIAN=1 -I. -I. -I../clamd
-I../libclamav-O2 -g -pipe -march=i386 -mcpu=i686 -c `test -f
'clamav-milter.c' || echo './'`clamav-milter.c
/bin/sh ../libtool --mode=link gcc  -O2 -g -pipe -march=i386
-mcpu=i686   -o clamav-milter  clamav-milter.o ../clamd/cfgfile.o
../clamd/others.o -L../libclamav -L/usr/lib/libmilter -lmilter -lpthread
mkdir .libs
gcc -O2 -g -pipe -march=i386 -mcpu=i686 -o clamav-milter clamav-milter.o
../clamd/cfgfile.o ../clamd/others.o 
-L/usr/src/redhat/BUILD/clamav-0.61/libclamav -L/usr/lib/libmilter
-lmilter -lpthread
../clamd/others.o(.text+0x56e): In function `virusaction':
/home/awilliam/clamav-20030806/clamd/others.c:260: undefined reference
to `cli_malloc'
collect2: ld returned 1 exit status
make[1]: *** [clamav-milter] Error 1
make[1]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.61/clamav-milter'
make: *** [all-recursive] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.61394 (%build)

Any thoughts?  I've looked through the spec and don't see anything
really strange.



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Building CLAMd Snapshot fails

[Adam Williams]

> I'm trying to use the spec file from the 0.60 src rpm, to build an RPM
> from the clamav-20030806.tar.gz snapshot (to see if the milter/clamd is
> more stable).
> Just unpacking the tar ball, running ./configure, and make works.
> But rpmbuild -bb clam.spec dies with -
> source='clamav-milter.c' object='clamav-milter.o' libtool=no \
> depfile='.deps/clamav-milter.Po' tmpdepfile='.deps/clamav-milter.TPo' \
> depmode=gcc3 /bin/sh ../depcomp \
> gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\"
> -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"clamav\"
> -DVERSION=\"20030806\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
> -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1
> -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1
> -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DBUFFSIZE=131072
> -DFBUFFSIZE=16384 -DSTDC_HEADERS=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
> -DHAVE_DLFCN_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STDLIB_H=1
> -DHAVE_STRINGS_H=1 -DHAVE_STRING_H=1 -DHAVE_SYS_MMAN_H=1
> -DHAVE_SYS_PARAM_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1
> -DHAVE_MALLOC_H=1 -DSIZEOF_SHORT=2 -DSIZEOF_INT=4 -DSIZEOF_LONG=4
> -DHAVE_ZLIB_H=1 -DHAVE_BZLIB_H=1 -DCLAMD_USE_SYSLOG=1
> -DCLAMAVUSER=\"clamav\" -DCLAMAVGROUP=\"clamav\"
> -DDB1NAME=\"viruses.db\" -DDB2NAME=\"viruses.db2\"
> -DDATADIR=\"/var/clamav\" -DCONFDIR=\"/etc\" -DC_URANDOM=1 -DC_LINUX=1
> -DCL_THREAD_SAFE=1 -DCLAMUKO=1 -DWORDS_LITTLEENDIAN=1 -I. -I. -I../clamd
> -I../libclamav-O2 -g -pipe -march=i386 -mcpu=i686 -c `test -f
> 'clamav-milter.c' || echo './'`clamav-milter.c
> /bin/sh ../libtool --mode=link gcc  -O2 -g -pipe -march=i386
> -mcpu=i686   -o clamav-milter  clamav-milter.o ../clamd/cfgfile.o
> ../clamd/others.o -L../libclamav -L/usr/lib/libmilter -lmilter -lpthread
> mkdir .libs
> gcc -O2 -g -pipe -march=i386 -mcpu=i686 -o clamav-milter clamav-milter.o
> ../clamd/cfgfile.o ../clamd/others.o 
> -L/usr/src/redhat/BUILD/clamav-0.61/libclamav -L/usr/lib/libmilter
> -lmilter -lpthread
> ../clamd/others.o(.text+0x56e): In function `virusaction':
> /home/awilliam/clamav-20030806/clamd/others.c:260: undefined reference
> to `cli_malloc'
> collect2: ld returned 1 exit status
> make[1]: *** [clamav-milter] Error 1
> make[1]: Leaving directory
> `/usr/src/redhat/BUILD/clamav-0.61/clamav-milter'
> make: *** [all-recursive] Error 1
> error: Bad exit status from /var/tmp/rpm-tmp.61394 (%build)
> Any thoughts?  I've looked through the spec and don't see anything
> really strange.

It is --enable-milter that causes this, even in a standard tar-pack
build.  Without milter support it compiles.



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamd [defunct]

[Marian Eichholz]

Well, I can prove the failure for

root # /usr/clamav/sbin/clamd --version
clamd / ClamAV version 20030806

selfbuilt with exim/exiscan 4.21.

one thread goes defunct, the master thread idles around and the third is
stuck in an empty event loop.

Exim connections pile up to (in this case: 777) connections and the mail
exchanger grinds down.

After killing clamd

  stop)
pkill -9 -P 1 clamd && sleep 1 && echo 'Clam anti virus daemon stopped'

and waiting some additional time(!!!) it can be restarted

  start)
rm -f /var/clamav/run/clamd
clamd && echo 'Clam anti virus daemon started'

Note the manual deletion of the socket. Bad bad bad bunny!

What exactly do You mean with "more robust against mail bodies"? There
should be no way to break the scanner with "bad mail". It should *protect*
other systems, not being exploitable(?) itself.

So, which version *is* stable?

You know:

- not leaking threads
- not leaking memory
- not leaking zombies
- not segfaulting...
- reliably restartable.

You want to know when You start to scan some million emails per day, what we
do here :-)

Yours sincerely

- Marian Eichholz


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Building CLAMd Snapshot fails

[Nigel Horne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 27 Aug 2003 12:19 pm, Adam Williams wrote:

> It is --enable-milter that causes this, even in a standard tar-pack
> build.  Without milter support it compiles.

The problem is with line 260 of clamd/others.c, change the call from 
cli_malloc to mcalloc.

- -Nigel

- -- 
Nigel Horne. Arranger, Composer, Conductor, Typesetter.
Owner of the brass band group of the Internet. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk/music.htm
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/TJjROv/MqfDWaY8RAmzZAKDPSiyRpcf5UtbvFb6ZD0IzhQ2BMACfRaam
iI5wwvk3GQs0p1qe1djoqLY=
=Xe6a
-END PGP SIGNATURE-



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav-milter and bouncemessages

[tomte]

Hi there,

I have a question about the mails that (I assume) clamav-milter sends
to both the sender and the receiver of an infected mail.

Is there any way to turn this off ?
>From my point of view this is unneccessary, and I would like the 
scanner to quietly toss the mail away instead.

I've read the documentation but cannot seem to find anything useful
in this direction. 

Any hints/pointers ?

// Richard

-- 

"Artificial Intelligence is no match for natural stupidity!"




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamd [defunct]

[Adam Williams]

> Well, I can prove the failure for
>   root # /usr/clamav/sbin/clamd --version
>   clamd / ClamAV version 20030806
> selfbuilt with exim/exiscan 4.21.
> one thread goes defunct, the master thread idles around and the third is
> stuck in an empty event loop.
> Exim connections pile up to (in this case: 777) connections and the mail
> exchanger grinds down.
> After killing clamd
>   stop)
> pkill -9 -P 1 clamd && sleep 1 && echo 'Clam anti virus daemon stopped'
> and waiting some additional time(!!!) it can be restarted
>   start)
> rm -f /var/clamav/run/clamd
> clamd && echo 'Clam anti virus daemon started'
> Note the manual deletion of the socket. Bad bad bad bunny!

Yes, this is all exactly what we experience.

> What exactly do You mean with "more robust against mail bodies"? There
> should be no way to break the scanner with "bad mail". It should *protect*
> other systems, not being exploitable(?) itself.

Theoretically your right,  but it does take time to develope software
that meets that high criteria.  CLAMAV is relatively young.

> So, which version *is* stable?

Apparently, for the milter work, none.  It probably will be some day,
for now we'll go find something else and check back later (since
20030806 isn't stable either).



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamd can't remove socket on reload

[Wouter de Vries]

Hi,

Sometimes clamd seems to be unable to remove the socket before 
restarting, and the reload (when the viruses db is updated) fails.

I just turned on Verbose Logging to be sure the reload fails because the 
clamd socket still exists, but I am quite sure about it.

Clamd has full priveleges to the socket, so it should be able to just 
remove the socket on reload (sometimes the reload just goes ok, 
sometimes it keeps reloading).

Does anybody know why clamd doesn't remove the socket and fails on reload?

Wouter de Vries



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav-milter, clamd, and high volume mail (SoBig.F)

[Eric Jarman]

I'm having a problem with clamd and clamav-milter.
We just implemented a virus-scanning mail proxy for our university.
When using clamav-milter and clamd, clamd seems to be exiting 
unexpectedly when trying to deal with a high volume of mail traffic, 
most of it generated by the SoBig.F worm.  (Please note that it works 
perfectly when only handling a few messages at a time.) I'm not sure if 
the problem is resulting from clamd or clamav-milter.  Turning on debug 
output for clamd, all I find in the logs that might indicate trouble are 
a few entries like:

Sun Aug 24 00:33:10 2003 -> InVirusAction
Sun Aug 24 00:34:52 2003 -> Session 0 stopped due to timeout.
If there is more information I can send to help debug this problem, 
please let me know.

Thank You.

Eric Jarman
Information Services
Central Missouri State University


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter, clamd, and high volume mail (SoBig.F)

[Support ePaxsys/FRWS]

Had/have the same problem.

Switch to MailScanner from http://www.mailscanner.info until they can get 
that found and fixed. Seriously.

We want to use the Milter also but cannot.

JP

At 11:23 AM 8/25/03 -0500, you wrote:
I'm having a problem with clamd and clamav-milter.
We just implemented a virus-scanning mail proxy for our university.
When using clamav-milter and clamd, clamd seems to be exiting unexpectedly 
when trying to deal with a high volume of mail traffic, most of it 
generated by the SoBig.F worm.  (Please note that it works perfectly when 
only handling a few messages at a time.) I'm not sure if the problem is 
resulting from clamd or clamav-milter.  Turning on debug output for clamd, 
all I find in the logs that might indicate trouble are a few entries like:

Sun Aug 24 00:33:10 2003 -> InVirusAction
Sun Aug 24 00:34:52 2003 -> Session 0 stopped due to timeout.
If there is more information I can send to help debug this problem, please 
let me know.

Thank You.

Eric Jarman
Information Services
Central Missouri State University


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
ePaxsys Technical Support
ePaxsys, Inc. http://www.epaxsys.net
http://www.FRWS.com
Live Text Support: http://www.epaxsys.net/live-help


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Using Clam from a non-standard MTA

[ODHIAMBO Washington]

* Toby Reiter <[EMAIL PROTECTED]> [20030826 06:03]: wrote:
> Hello all,
> Just joined the list. I just downloaded Clam AV and am impressed with 
> its speed and its autodownload capabilities (freshclam).
> 
> I need some help, though. I use XMail, which I really like as an MTA 
> but it doesn't offer any of the hooks that QMail or Postfix have 
> which Clam already caters to.
> 
> XMail works by passing messages to outside filter programs, which can 
> pretty much do anything they want, and then return an exit code. 
> XMail then can choose what to do on the basis of that code.
> 
> At the basic level, I'd need help figuring out what the command line 
> is that I'll be wanting to pass in to Clam AV (I don't even know if 
> it should be clamscan, clamd, clamdscan, etc).  It should scan the 
> message for attachments, and give me some kind of feedback that I can 
> then parse to create appropriate reactions (rejecting/accepting 
> messages, bouncing messages back, etc.).
> 
> If you all think I should use Amavis, I'd appreciate any one's help 
> in setting that up (I'll have to contact the XMail folks on their 
> list to see how to get XMail and Amavis to talk to each other...).
> 
> Thanks in advance for any help,
> 
> Toby
> -- 
> Toby Reiter  mailto:[EMAIL PROTECTED]
> Breezing Internet Communications http://www.breezing.com
> 1106 West Main Stphone:434.295.2050
> Charlottesville, VA 22903fax:603.843.6931
> 
> 
> ---
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

-Wash

-- 
Odhiambo Washington   <[EMAIL PROTECTED]>  "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD."   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)


While you don't greatly need the outside world, it's still very
reassuring to know that it's still there.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] same error with Linux and BSD

[Marc Balmer]

On Tue, 26 Aug 2003 00:05:14 +0200
Olaf Zaplinski <[EMAIL PROTECTED]> wrote:

> And: is somebody here using clamav on a rather high loaded email server? If 
> yes, what configuration? What OS? HOW TO do?

We use Clam AV in conjunction with smtp-vilter, a flexible milter written in C, on 
OpenBSD-3.4 beta on a Sparc 64 machine.  After some initial struggles we got it 
working quite properly and satisfying.

- Marc


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamd [defunct]

[Tomasz Kojm]

> So, which version *is* stable?
> 
> You know:
> 
> - not leaking threads
> - not leaking memory
> - not leaking zombies
> - not segfaulting...
> - reliably restartable.
 
There will be a new version available on Friday - it should handle that
problems more gently :)

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter woes

[Support ePaxsys/FRWS]

We too had some trouble with the ClamAV milter on our servers, we went to 
MailScanner and it does the job nicely. (Though I would rather have a 
Non-Perl solution, we can wait)

http://ww.mailscanner.info

Enjoy.

Jerome

At 04:32 PM 8/25/03 -0700, you wrote:
On 8/25/2003 4:16 PM, Tomasz Papszun wrote:
>> >> I've tried running clamav-milter with and without clamd
>> >> (there's not much documentation - which is correct?), as
>> >> root and non-root, and the permissions on the various
>> >> clamav directories/files seem correct.  What am I missing?
>> >
>> > Jessica, you may want to check permissions of the socket file.
>>
>> Currently got it to set up as root, this looks ok, right?
>>
>> srwxr-xr-x1 root root  0 Aug 25 16:15 clamd.socket
>
> Possibly not OK. It should be owned by the user which clamd is running
> as.
> I don't use milter so I can't say for sure but I suspect that clamd
> can switch to other user even when started as root. Please check who
> runs clamd.
>
> If I'm saying nonsense here, other subscribers are encouraged to correct
> me :-) .
It's configured to run as root at the moment, but
unless I can get it working fairly soon, I may
give amavis a whirl instead... :)
Thanks!
Jessica




---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
ePaxsys Technical Support
ePaxsys, Inc. http://www.epaxsys.net
http://www.FRWS.com


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Build Problems - RH 8

[Marc Balmer]

On Tue, 26 Aug 2003 00:04:03 -0400
Ian Scott <[EMAIL PROTECTED]> wrote:

> I'm now trying to compile it on a box with RH 8 and Sendmail 8.12.9. 
> I configured with --enable-milter.
> 
> However, make quits with an error:
> 
> /usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o):
> In function `smfi_register':
> main.o(.text+0x74): undefined reference to `strlcpy'

The functions strlcpy and strlcat are not part of the Linux C library. 
Get the files strlcpy.c and strlcat.c from the OpenBSD source code and
compile and link them with your program.

I can also send you sources and a Makefile to compile the functions into
a small shared library libstrlfunc.so.

- Marc


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd RELOAD

[slim]

I know there is a socket command for clamd that can tell clamd to reload the 
virus defintion databases. 

Is this something that clamd does on its own after a set period of time? Or 
is there maybe a helper application (clamdscan with a command line switch?) 
that could trigger this behavior? 

I am curious because I have converted to clamdscan/clamd combination for use 
with my shell script (reduced the overall machine load from ~3.9 to around 
~1.5). 

My thinking is that we can use a call to `clamdscan -r` command, say in a 
crontab, that would cause the clamd to reload the virus definitions. 

If this is already done by say: 

SelfCheck: Database status OK.
SelfCheck: Integrity OK 

Then... nevermind. :) 

Tom Walsh
Network Administrator
http://www.ala.net/
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter woes

[Marc Balmer]

On Mon, 25 Aug 2003 19:00:23 -0600
Support ePaxsys/FRWS <[EMAIL PROTECTED]> wrote:

> We too had some trouble with the ClamAV milter on our servers, we went
> to MailScanner and it does the job nicely. (Though I would rather have
> a Non-Perl solution, we can wait)

We have smtp-vilter which is written in C and allows for different
backends (like clamd, libclamav or savse).  We use it with savse on a
high volume e-mail gateway and with clamd on a medium to low volume
gateway.  But it seems that clamd is not 100% stable...

- Marc


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamd RELOAD

[Iván Baldo]

   Hello!

slim wrote:

SelfCheck: Database status OK.
SelfCheck: Integrity OK
   Yes, if a new database is installed, then you should see something 
like this:
SelfCheck: Database modification detected. Forcing reload.
SelfCheck: Integrity OK

   Goodbye!

P.s.: I don't know if there is a way to tell clamd explicitly that a new 
virus database is installed and it should reload it...

--
/Iván Baldo/
*Esquemas.com*
[EMAIL PROTECTED] 
www.esquemas.com 
+ (598 2) 403 03 03
Nueva Palmira 2241
11800 Montevideo, Uruguay


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamd RELOAD

[Thomas Lamy]

slim wrote:
I know there is a socket command for clamd that can tell clamd to reload 
the virus defintion databases.
Is this something that clamd does on its own after a set period of time? 
Or is there maybe a helper application (clamdscan with a command line 
switch?) that could trigger this behavior?
I am curious because I have converted to clamdscan/clamd combination for 
use with my shell script (reduced the overall machine load from ~3.9 to 
around ~1.5).
My thinking is that we can use a call to `clamdscan -r` command, say in 
a crontab, that would cause the clamd to reload the virus definitions.
If this is already done by say:
SelfCheck: Database status OK.
SelfCheck: Integrity OK
Then... nevermind. :)
Tom Walsh
You're right, clamd checks the database integrity itself, by default 
every hour. This is controlled by the "SelfCheck" variable in 
configuration file.

Apparantly I'm not up to date regarding the reload command, though. I 
remember a bug report for that, but I dunno if this bug was fixed?

Thomas



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems compiling 0.60 under Solaris 2.6

[Steve Pfister]

I'm trying to compile 0.60 under Solaris 2.6, and I'm stuck:

- Make gives me: ld: fatal: library -lz: not found

- I can't seem to find zlib-devel (I've got zlib). I'm assuming this is 
related to the first problem.

Thanks,

Steve Pfister // [EMAIL PROTECTED]



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamd RELOAD

[slim]

   Yes, if a new database is installed, then you should see something like 
this:
SelfCheck: Database modification detected. Forcing reload.
SelfCheck: Integrity OK 

   Goodbye! 

P.s.: I don't know if there is a way to tell clamd explicitly that a new 
virus database is installed and it should reload it...
As long as it rechecks the database on a regular interval... that is all I 
really care about. 

Thanks for the replies. 

Tom Walsh
Network Administrator
http://www.ala.net/ 

p.s. As of the writting of this e-mail we are receiving, on average, 1 
SoBig.F virus per second on our external (MX) mail server.

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] viruses.db.local ? (or wildcard signature for *.exe *.pif *.scr)

[Jim Mercer]

i'm finding clamav to be quite nice for my setup.

however, our local policies also consider any attachment ending with
.exe, .scr, .pif, etc, etc, etc to be viruses.

(i mean, really, who needs to send a .pif file as an attachment to an email?)

would it be possible to add to clamav the ability to optionally consider
any attachement to an email with said extension to be a "virus"?

alternately, is it technically possible to create a signature which will
flag any file that ends in .exe?  (sorry, i'm not at all familiar with how
the signature database works)

if so, could we then allow for a viruses.db.local, so that those who wish to
reject all .exe attachments to email, can.

just wondering.

i'm currently doing a secondary pass for this scan, and it would be nice
if clamav just did it while it had the email all ripped apart.

-- 
[ Jim Mercer[EMAIL PROTECTED] +1 416 410-5633 ]
[  I want to live forever, or die trying.]


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] viruses.db.local ? (or wildcard signature for *.exe *.pif *.scr)

[Antony Stone]

On Wednesday 27 August 2003 11:37 pm, Jim Mercer wrote:

> i'm finding clamav to be quite nice for my setup.
>
> however, our local policies also consider any attachment ending with
> .exe, .scr, .pif, etc, etc, etc to be viruses.
>
> (i mean, really, who needs to send a .pif file as an attachment to an
> email?)

Good point.

Check out http://www.MailScanner.info

Anti-virus (using ClamAV or about a dozen others)
Anti-spam (using SpamAssassin)
Filename checks
Filetype (content) checks
Really nicely configurable

By the way, no, you can't create a ClamAV signature to recognise filenames, 
because ClamAV looks at what's *in* the file, not what it's called.   
Clamscan will look at anything and tell you if it's a virus.   The filename 
is irrelevant.

Antony

-- 

G- GIT/E d- s+:--(-) a+ C$ UL$ P+(---)>++ L+++()$ !E W(-) N(-) o? 
w-- O !M V+++(--) !PS !PE Y+ PGP+> t- tv@ b+++ DI++ D--- e++>+++ h++ [EMAIL PROTECTED] 
5? 
!X- !R K--?


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users