[Clamav-users] News from the Horne household
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am about to go abroad on business until the end of November. Although I will remain in e-mail contact, response times will be longer than usual. If it takes me sometime to get back to questions or support you please be patient! - -Nigel - -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/lihIhTUd3VwpF6IRAoywAJoCXq0KJiz1EF6FjxDtXwH5Ol2rNwCgkjgP Y7gthlyMmdVz9+icsoKcKOg= =mCMh -END PGP SIGNATURE- --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 'Orphaned' clamav-milter child processes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've not seen this for a long time. Please post your complete sendmail.mc and clamav.conf - -Nigel - -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/lic5hTUd3VwpF6IRAoh3AJ4yRVnj0kXEdoAcjxU7AOr5qFW9xQCeJBEp XhSSP1JmLJ3zEpjswqsOx14= =FswR -END PGP SIGNATURE- --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 'Orphaned' clamav-milter child processes
Nigel Horne wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I've not seen this for a long time. Please post your complete sendmail.mc and > clamav.conf Same thing happens to me regularly (every 48-72 hours). Using CVS snapshot from 20030926. I was hoping that it was fixed in current CVS though, and was planning to upgrade shortly. If you want, I can send you my sendmail.mc and clamav.conf also - let me know. Mike. --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] False positive for Cake.A virus?
I have a file that was detected to have the Cake.A virus; however, my other scanners (Norton, Ravav, F-Prot, Nod32) do not concur. Anyone see this type of false positive. Forrest --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 'Orphaned' clamav-milter child processes
> > I've not seen this for a long time. Please post your complete sendmail.mc and > clamav.conf > > - -Nigel > Hello again. My complete clamav.conf and sendmail.mc is at the end. I have another problem (probably continuation my earlier problem) This morning clamav-milter has died completely and I didn't start it again. # /etc/init.d/clamav-milter start (restart) didn't work until I restarted clamav. After this clamav-milter began work. In maillog I found this, and much more: Oct 22 06:13:31 melmak clamav-milter[23181]: clamfi_connect: connection from [69.6.27.97] [69.6.27.97] Oct 22 06:13:32 melmak clamav-milter[23181]: hit max-children limit (504 >= 40): waiting for some to exit Oct 22 06:13:47 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again Oct 22 06:13:51 melmak clamav-milter[23106]: pthread_cond_timedwait: (rc = 110) U^P^H Oct 22 06:13:55 melmak clamav-milter[23198]: clamfi_connect: connection from mta04ps.bigpond.com [144.135.25.158] Oct 22 06:13:55 melmak clamav-milter[23198]: hit max-children limit (505 >= 40): waiting for some to exit Oct 22 06:14:07 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again Oct 22 06:14:08 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again Oct 22 06:14:10 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again Oct 22 06:14:18 melmak clamav-milter[23176]: pthread_cond_timedwait: (rc = 110) \230N^P^H Oct 22 06:14:19 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again Oct 22 06:14:25 melmak clamav-milter[23161]: pthread_cond_timedwait: (rc = 110) PT^P^H Oct 22 06:14:32 melmak clamav-milter[23181]: pthread_cond_timedwait: (rc = 110) X[^P^H Oct 22 06:14:55 melmak clamav-milter[23198]: pthread_cond_timedwait: (rc = 110) hS^P^H Oct 22 06:15:01 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again Oct 22 06:15:07 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again Oct 22 06:15:15 melmak clamav-milter[30065]: ClamAv: accept() returned invalid socket (Too many open files), try again There was above 500 clamav-milter processes (they ate 1GB my server's memory !) I must run amavis or mailscanner :(( Maciek clamav.conf *** ## ## Example config file for the Clam AV daemon ## Please read the clamav.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /var/log/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. #LogFileMaxSize 2M # Log time with an each message. LogTime # Use system logger (can work together with LogFile). LogSyslog # Enable verbose logging. #LogVerbose # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clam/clamd.pid # Path to a directory containing .db files. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # it depends on installation options). #DataDirectory /var/lib/clamav # The daemon works in local or network mode. Currently the local mode is # recommended for security reasons. # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. LocalSocket /tmp/clamd # Remove stale socket after unclean shutdown. FixStaleSocket # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. #TCPAddr 127.0.0.1 # TCP port address. #TCPSocket 3310 # Maximum length the queue of pending connections may grow to. # Default is 15. #MaxConnectionQueueLength 30 # When activated, input stream (see STREAM command) will be saved to disk before # scanning - this allows scanning within archives. StreamSaveToDisk # Close the connection if this limit is exceeded. StreamMaxLength 10M # Maximal number of a threads running at the same time. # Default is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server
[Clamav-users] Re: ERROR: Can't open file
No, I'm still getting this error. Could someone in the group shed light on this problem? Suggestions? Ideas? /dev/idal --- Mike Parin <[EMAIL PROTECTED]> wrote: > Hi Chris, > > I'm experiencing exactly the same problem with clamav > as you expressed on the mailing list (see below). > Did you ever solve the problem and if so how? > > Regards, > Mike Parin. > > --- Chris de Vidal <[EMAIL PROTECTED]> wrote: > > I have a Samba file server with 546,500 files. When > clamscan runs > > recursively, > > I get "ERROR: Can't open file" on approximately > 43,000 files. When I run > > clamscan individually on any of these files, it > works. Our other large > > servers > > have 352,200, 168,932 and 101,680 files and they > work every time. I got > > these > > counts with locate / | uniq | wc -l. > > > > Ideas? __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] false positives
i' ve recently started using clamav to scan SAMBA directories, and to scan incoming e-mail messages (in conjunction with amavis). i've been seeing a lot of false positives on the file scans, most of them Word macro virii: WM.CAP WordMacro.Concept W97M/Story.A Trojan.Stealth.D my script sends the clamav report to our IT support department mailing list, and i'm getting some negative feedback from techs about all the false positives wasting time. also, i'm very concerned that clamav may be rejecting e-mail documents that contain attachments that are not infected. this is pretty serious for us - is this a known issue? is there a fix or a workaround? how about a list of known false positives, and a way to bypass scanning for these? thanks --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] viruses that forge from: and/or envelope sender addresses
Howdy list, Is there a database anywhere that lists all the viruses that forge addresses? I'd like to prevent my server from sending out false notification messages. Thanks. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] false positives
On Wed, 22 Oct 2003 at 3:52:04 -0400, lists wrote: > i' ve recently started using clamav to scan SAMBA directories, and to > scan incoming e-mail messages (in conjunction with amavis). > > i've been seeing a lot of false positives on the file scans, most of > them Word macro virii: > > WM.CAP > WordMacro.Concept > W97M/Story.A > Trojan.Stealth.D > When have you seen the latest false positive about Trojan.Stealth.D? Because the false positive has been already reported, I replaced the signature on 2003.10.16 and the reporter confirmed that the problem went away. > my script sends the clamav report to our IT support department mailing > list, and i'm getting some negative feedback from techs about all the > false positives wasting time. > > also, i'm very concerned that clamav may be rejecting e-mail documents > that contain attachments that are not infected. > > this is pretty serious for us - is this a known issue? is there a fix > or a workaround? how about a list of known false positives, and a way > to bypass scanning for these? > An emergency, personal workaround is removing the culprit signature from the viruses.db (viruses.db2) file. Of course the next execution of automatic update of the database will overwrite the file. The correct fix is to submit such falsely infected file via normal way: < http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi >, clearly stating that you think that it's not infected file and it gives false positive about what virus. The more details, the better (e.g. which AV scanners do *not* detect a virus in the file). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 'Orphaned' clamav-milter child processes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 22 Oct 2003 10:42 am, Mike Brodbelt wrote: > Same thing happens to me regularly (every 48-72 hours). When it happens, is clamd still running? Do you see any error messages from it? Do you have ScanArchive enabled? - -Nigel - -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/llivhTUd3VwpF6IRAq/DAJ4niedkY4VG/gXNz82rRHrgBWlL9QCgosjx qEyL0J3jgi3QYi7YyeVHVco= =uNxP -END PGP SIGNATURE- --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] viruses that forge from: and/or envelope sende r addresses
-Original Message- From: Jesse Guardiani >Is there a database anywhere that lists all the viruses >that forge addresses? There may be, but can you react quickly to a new one? >I'd like to prevent my server from sending out false >notification messages. I've come to the conclusion that it's better to drop them all. I've got mine set up to never let anyone know that we received a virus - not the sender, not the recipient, only the virus administrator. That's pretty easy to do with amavis-new. --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] False positive for Cake.A virus?
On Tue, 21 Oct 2003 at 22:47:15 -0400, Forrest Aldrich wrote: > I have a file that was detected to have the Cake.A virus; however, my other > scanners (Norton, Ravav, F-Prot, Nod32) do not concur. > > Anyone see this type of false positive. > > Forrest Please, submit a file causing a false positive match via the normal way < http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi >, clearly stating that you think that it's not infected file and it gives false positive about what virus. Give all details as above. Thanks -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] false positives
Please submit any "false positive" samples to the DB team. You can submit through http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi. We do take these reports very serious, but we need to discover them before any action can be taken. A workaround could be to delete signatures from the DB files you don't like ClamAV to detect. Best regards, Diego d'Ambra > -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of lists > Sent: 22. oktober 2003 09:52 > To: [EMAIL PROTECTED] > Subject: [Clamav-users] false positives > > i' ve recently started using clamav to scan SAMBA directories, and to > scan incoming e-mail messages (in conjunction with amavis). > > i've been seeing a lot of false positives on the file scans, most of > them Word macro virii: > > WM.CAP > WordMacro.Concept > W97M/Story.A > Trojan.Stealth.D > > my script sends the clamav report to our IT support department mailing > list, and i'm getting some negative feedback from techs about all the > false positives wasting time. > > also, i'm very concerned that clamav may be rejecting e-mail documents > that contain attachments that are not infected. > > this is pretty serious for us - is this a known issue? is there a fix > or a workaround? how about a list of known false positives, and a way > to bypass scanning for these? > > > thanks > > > > > > --- > This SF.net email is sponsored by OSDN developer relations > Here's your chance to show off your extensive product knowledge > We want to know what you know. Tell us and you have a chance to win $100 > http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] viruses that forge from: and/or envelope sender addresses
Generally un-neccesary. Just check if the sending SMTP host matches the from address for the domain. IN general practice, it would be a bad idea to bounce messages back to a non-matching address. Sundie... Jesse Guardiani said: > Howdy list, > > Is there a database anywhere that lists all the viruses > that forge addresses? > > I'd like to prevent my server from sending out false > notification messages. > > Thanks. > > -- > Jesse Guardiani, Systems Administrator > WingNET Internet Services, > P.O. Box 2605 // Cleveland, TN 37320-2605 > 423-559-LINK (v) 423-559-5145 (f) > http://www.wingnet.net > > > > > --- > This SF.net email is sponsored by OSDN developer relations > Here's your chance to show off your extensive product knowledge > We want to know what you know. Tell us and you have a chance to win $100 > http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] viruses that forge from: and/or envelope sender addresses
On Wed, 22 Oct 2003 at 9:42:34 -0400, Jesse Guardiani wrote: > > Is there a database anywhere that lists all the viruses > that forge addresses? > > I'd like to prevent my server from sending out false > notification messages. > Not all, just the most frequently met: $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|gibe'i, qr'exploit\.iframe\.gen'i ); -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] viruses that forge from: and/or envelope sender addresses
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Jesse Guardiani
> Sent: 22. oktober 2003 15:43
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] viruses that forge from: and/or envelope
sender
> addresses
>
> Howdy list,
>
> Is there a database anywhere that lists all the viruses
> that forge addresses?
>
I'm not aware of any place listing these viruses.
This is my list:
My
@silent_viruses_array=('klez','bugbear','hybris','IFrame.HTML','yaha','b
raid','nimda','tanatos','sobig','winevar','IFRMEXP','ganda','fizzer
','palyh','trojan.win32.dia','dumaru','gibe','swen');
Once your server find a virus run the name through the list a see if a
part of it matches.
Best regards,
Diego d'Ambra
---
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] RE: viruses that forge from: and/or envelope sende r addresses
McDonald, Dan wrote: > -Original Message- > From: Jesse Guardiani >>Is there a database anywhere that lists all the viruses >>that forge addresses? > > There may be, but can you react quickly to a new one? If one exists, then yes, I can. I'm a programmer. I could easily automate the creation of the silent virus list that qmail-scanner uses. >>I'd like to prevent my server from sending out false >>notification messages. > > I've come to the conclusion that it's better to drop them all. I've got > mine set up to never let anyone know that we received a virus - not the > sender, not the recipient, only the virus administrator. That's pretty > easy to do with amavis-new. I'd like to send a notification if it's going to the actual sender of the virus. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 'Orphaned' clamav-milter child processes
> There was above 500 clamav-milter processes (they ate 1GB my server's > memory !) > > I must run amavis or mailscanner :(( What about clamd itself ? Is it stable ? Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: ERROR: Can't open file
Chris de Vidal wrote: No, I'm still getting this error. Could someone in the group shed light on this problem? Suggestions? Ideas? /dev/idal --- Mike Parin <[EMAIL PROTECTED]> wrote: Hi Chris, I'm experiencing exactly the same problem with clamav as you expressed on the mailing list (see below). Did you ever solve the problem and if so how? Regards, Mike Parin. --- Chris de Vidal <[EMAIL PROTECTED]> wrote: I have a Samba file server with 546,500 files. When clamscan runs recursively, I get "ERROR: Can't open file" on approximately 43,000 files. When I run clamscan individually on any of these files, it works. Our other large servers have 352,200, 168,932 and 101,680 files and they work every time. I got these counts with locate / | uniq | wc -l. Ideas? Hope these questions help: Are you scanning the files locally on the same server or are you scanning files using smb (network) access? Have you compared the /etc/smb.conf files on both servers (one one of them is working)? Are both servers running the same samba version? Have you checked samba log files (maybe increasing log level)? --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Compilation Issues - Automake version mismatch
Just an FYI RedHat 9 box, got this error during make: *** # make cd . && \ /bin/sh /export/clamav/build/clamav-devel-20031021/missing --run automake-1.6 --gnu Makefile aclocal.m4:4200: version mismatch. This is Automake 1.6.3, but aclocal.m4 aclocal.m4:4200: was generated for Automake 1.6.1. You should recreate aclocal.m4:4200: aclocal.m4 with aclocal and run automake again. make: *** [Makefile.in] Error 1 I moved the aclocal.m4 file and ran aclocal and then the make worked. Seems to be working ok so far. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter and Logwatch
Soren Schimkat wrote: Hi Guys If you want Logwatch to display clamav-milter logs - you can use the following files (a short description is located below the files): [snip] I've just created a new set of files - which also matches the latest CVS version of Clamav / Clamav-milter: http://www.schimkat.dk/clamav The tar.gz file is just a pakage containing the 2 script files. Best regards Søren Schimkat [/snip] When using these scripts, logwatch will produce a output like this: - clamav-milter Begin Clean messages: 112 Message(s) Infected messages: 24 Message(s) Virus list: ClamAV-Test-Signature - 1 Time(s) Exploit.IFrame.Gen - 3 Time(s) VBS.LoveLetter.D - 1 Time(s) VBS/Haptime.A - 1 Time(s) W95/Hybris.PI.003 - 1 Time(s) Worm.BugBear.B - 4 Time(s) Worm.Dumaru.A - 1 Time(s) Worm.Ganda-A - 1 Time(s) Worm.Gibe.F - 7 Time(s) Worm.Gibe.F.UPX.2 - 1 Time(s) Worm/Klez.H - 2 Time(s) Yaha.P - 1 Time(s) -- clamav-milter End - --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
