[Clamav-users] Virus DB. Query?
I would like to know the name of all virus on the Clamav DataBase... Is it possible Thank you! --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus DB. Query?
On Friday 09 January 2004 9:09 am, Marino, Santiago Maximiliano wrote: > I would like to know the name of all virus on the Clamav DataBase... > Is it possible Yes - simply look at the plain Ascii files /usr/local/share/clamav/viruses.db and viruses.db2 (you can convert the newer .cvd format to these if you need to). The first field before the = sign is the name of the virus, and the bit after the = is the signature. Antony. -- 90% of networking problems are routing problems. 9 of the remaining 10% are routing problems in the other direction. The remaining 1% might be something else, but check the routing anyway. Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clam update
Hello.. Sorry for my terrible english. I have a Linux server with Clam anti-virus with auto update and always I receive a e-mail with subject "clam update", but the body in blank. I want that e-mail show me the log about update (what is updated,..) I know it's possible. Someone can help me?? Wesley Yoshizava - [EMAIL PROTECTED] Departamento de Informatica ROBTEC São Caetano do Sul - http://www.robtec.com Rua Herculano de Freitas, 57 - Bairro Fundação CEP 09520-280 - São Caetano do Sul - SP Telefone: 55 0xx11 4226-3500 - Fax: 55 0xx11 4226-3501 Robtec Argentina [EMAIL PROTECTED] Telefone: 5411 4787-6800 Robtec México [EMAIL PROTECTED] Telefone: 5255 5277-5545 Robtec Uruguai [EMAIL PROTECTED] Telefone: 5982 712-5419 ___ Este e-mail bem como qualquer arquivo transmitido simultaneamente são confidenciais e para uso exclusivo a quem é endereçado. Caso você tenha recebido este e-mail por engano, por favor retorne ao destinatário. O conteúdo apresentado é de responsabilidade do autor da mensagem e não necessariamente do Grupo Robtec. São proibidas cópias, impressões, uso e reendereçamentos deste e-mail ou parte do mesmo. ___ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error please send it back to the person that sent it to you. Any views or opinions presented are solely those of its author and do not necessarily represent those of Robtec Group or any of its subsidiary companies. Unauthorized publication, use, dissemination, forwarding, printing or copying of this email and its associated attachments is strictly prohibited. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam update
On Fri, 09 Jan 2004 09:32:06 -0200 Wesley <[EMAIL PROTECTED]> wrote: > Hello.. > Sorry for my terrible english. > I have a Linux server with Clam anti-virus with auto update and always > I receive a e-mail with subject "clam update", but the body in blank. > I want that e-mail show me the log about update (what is updated,..) I > know it's possible. Someone can help me?? Please subscribe to the clamav-virusdb mailing list. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 9 14:36:06 CET 2004 pgp0.pgp Description: PGP signature
[Clamav-users] Re: clamdwatch
On Fri, 2004-01-09 at 08:58, Odhiambo Washington wrote: > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20040108 18:12]: wrote: > > http://mikecathey.com/code/clamdwatch/ > > How do I run the script? > Here's an install guide: http://mikecathey.com/code/clamdwatch/INSTALL I just started using this in production this morning... It's now up to version 0.6. I changed the exit codes so that you can just add it to your crontab with something like this: SNIP */1 * * * * root /usr/local/bin/clamdwatch.pl -q && ( /usr/bin/killall -9 clamd; rm -fr /var/amavis/clamd; /etc/init.d/clamav-daemon start 2>&1 ) SNIP See the INSTALL guide for more info. As the bottom of the install guide notes... SNIP NOTES: This could create problems if your virus db is somehow corrupt and cause clamd to be killed and restarted every minute. SNIP If anyone has a suggestion for a more appropriate action to take in a case where clamd doesn't find the virus pattern, please let me know. Run freshclam manually and try again? Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] pretty basic question - clamscan vs clamdscan
Okay, i apologize for such a basic question, but i guess i've been running clamav 'blind' for some time now! i installed clamav via the instructions quite a long time ago. i run it via qmail-scanner. clamd is running, and messages are scanned by clamscan. so where does clamdscan come in?? there's very little mention of clamdscan in the documentation. there's a couple of passing comments in the mailing list archive, boiling down to 'clamdscan may or may not have better performance'! my qmail-scanner directives are: my $clamscan_binary='/usr/local/bin/clamscan'; my $clamscan_options="-r --disable-summary --max-recursion=10 --max-space=250"; the man page for clamdscan says it takes all the same options, so could i just change the $clamscan_binary call to /usr/local/bin/clamdscan and keep rolling along? what are the advantages/disadvantages of using clamdscan vs clamscan? one of the issues i have currently is that i have two spam/virusscanning proxy servers, of very different architecture, and have been having trouble load balancing between them. neither server is particularly powerful (more below). i'm wondering if the clamdscan process would be more suited to one server over the other. the two servers: sparc 20, quad HS125Mhz/256K cache CPUs, 448megs ram. netra T1, single 440Mhz/2MB cache ultrasparc CPU, 512 megs ram. thanks in advance for any insight. Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] max-space question again
per my max-space setting of 250, if i understand it correctly, messages up to 250K will be virusscanned. does that mean that larger messages simply get pushed through the processing unscanned? the reason i ask is because it seems as if it doesn't matter what size the message is, it gets scanned - which means giant messages can chew up the machine for a long time. Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] documentation error/problem
just noticed that in the documentation - under 'certified software' - there's mention of nclamd, with a URL of http://www.kyzo.com/nclamd . that url fails, and going to their main page, i couldn't find any link to nclamd. Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 9 Jan 2004 [EMAIL PROTECTED] wrote: > i installed clamav via the instructions quite a long time ago. i run it via > qmail-scanner. clamd is running, and messages are scanned by clamscan. so > where does clamdscan come in?? there's very little mention of clamdscan in Use clandscan instead of clanscan to have mail scaned by clamd. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Christopher X. Candreva > Sent: Friday, January 09, 2004 1:00 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] pretty basic question - clamscan vs > clamdscan > > > On Fri, 9 Jan 2004 [EMAIL PROTECTED] wrote: > > > i installed clamav via the instructions quite a long time ago. > i run it via > > qmail-scanner. clamd is running, and messages are scanned by > clamscan. so > > where does clamdscan come in?? there's very little mention of > clamdscan in > > Use clandscan instead of clanscan to have mail scaned by clamd. > The difference between up and down is that one is up and one is down. Very profound, and not very helpful. Why bother answering if the answer in no way provides any explanation? Jim Maul Eastern Long Island Hospital smime.p7s Description: S/MIME cryptographic signature
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
> The difference between up and down is that one is up and one > is down. Very profound, and not very helpful. Why bother > answering if the answer in no way provides any explanation? Why bother responding only to chide the response for its lack of content with more banter with similarly lacking substance? To answer the question in a more detailed fashion... Clamd listens on a socket. Clamdscan is a client interface for talking to that socket. Clamd's purpose is to avoid the performance hit of forking a new process to scan a file or directory. Tom Walsh It is Friday... Can't we all just get along? --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 2004-01-09 at 12:18, Jim Maul wrote: > > On Fri, 9 Jan 2004 [EMAIL PROTECTED] wrote: > > > > > i installed clamav via the instructions quite a long time ago. > > i run it via > > > qmail-scanner. clamd is running, and messages are scanned by > > clamscan. so > > > where does clamdscan come in?? there's very little mention of > > clamdscan in > > > > Use clandscan instead of clanscan to have mail scaned by clamd. > > > > The difference between up and down is that one is up and one is down. > Very profound, and not very helpful. Why bother answering if the answer > in no way provides any explanation? I don't believe the previous responder answered without giving sufficient information, but try this: clamd loads the virus database once and provides back-end support to clamdscan, irrespective of how many times clamdscan is invoked. clamscan has to parse the virus database each time clamscan starts up. -- Daniel J McDonald <[EMAIL PROTECTED]> Austin Energy --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
At 10:47 AM 1/9/2004, Daniel J McDonald wrote: On Fri, 2004-01-09 at 12:18, Jim Maul wrote: > > On Fri, 9 Jan 2004 [EMAIL PROTECTED] wrote: > > > > > i installed clamav via the instructions quite a long time ago. > > i run it via > > > qmail-scanner. clamd is running, and messages are scanned by > > clamscan. so > > > where does clamdscan come in?? there's very little mention of > > clamdscan in > > > > Use clandscan instead of clanscan to have mail scaned by clamd. > > > > The difference between up and down is that one is up and one is down. > Very profound, and not very helpful. Why bother answering if the answer > in no way provides any explanation? I don't believe the previous responder answered without giving sufficient information, but try this: clamd loads the virus database once and provides back-end support to clamdscan, irrespective of how many times clamdscan is invoked. clamscan has to parse the virus database each time clamscan starts up. thanks. i suspect my invocation needs to be different - when i switch from clamscan to clamdscan, messages are processed - for example - rather than taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 seconds, .7 seconds, etc - which doesn't seem possible. Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 9 Jan 2004 [EMAIL PROTECTED] wrote: > thanks. i suspect my invocation needs to be different - when i switch from > clamscan to clamdscan, messages are processed - for example - rather than > taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 > seconds, .7 seconds, etc - which doesn't seem possible. Nope. That's right on the money. The real test is to give it a known virus and make sure it finds it. -Chris ps. I like short answers. :-) == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, Jan 09, 2004 at 11:09:34AM -0800, [EMAIL PROTECTED] wrote: > thanks. i suspect my invocation needs to be different - when i switch from > clamscan to clamdscan, messages are processed - for example - rather than > taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 > seconds, .7 seconds, etc - which doesn't seem possible. I missed the first few mails, but if you are worried if your mails are really scanned and if you are using qmail and qmail-scanner then you might want to look at headers to verify. -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
At 11:09 AM 1/9/2004, [EMAIL PROTECTED] wrote: thanks. i suspect my invocation needs to be different - when i switch from clamscan to clamdscan, messages are processed - for example - rather than taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 seconds, .7 seconds, etc - which doesn't seem possible. following up on my own message here - the name clamdscan implies a daemon unto itself, that's why it seems - odd - if clamdscan is to be invoked the same as clamscan. If clamdscan is to run persistently, i'd expect it to be started up once, a la clamd. but perhaps i'm misinterpreting the name - perhaps it doesn't mean 'clam scanning daemon' but rather 'clamd-associated scanning process'... Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 2004-01-09 at 14:19, [EMAIL PROTECTED] wrote: > following up on my own message here - the name clamdscan implies a daemon > unto itself, that's why it seems - odd - if clamdscan is to be invoked the > same as clamscan. If clamdscan is to run persistently, i'd expect it to be > started up once, a la clamd. but perhaps i'm misinterpreting the name - > perhaps it doesn't mean 'clam scanning daemon' but rather 'clamd-associated > scanning process'... Clamdscan (client) is the small client that connects to clamd (daemon/server) to request it to perform scans. Clamdscan needs clamd to be running in order to function. Clamscan is a standalone application. Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 9 Jan 2004 [EMAIL PROTECTED] wrote: > following up on my own message here - the name clamdscan implies a daemon > unto itself, that's why it seems - odd - if clamdscan is to be invoked the Ah. Therein lies your problem. clamdscan means "scan by sending to clamd" . == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
>thanks. i suspect my invocation needs to be different - when i switch from >clamscan to clamdscan, messages are processed - for example - rather than >taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 >seconds, .7 seconds, etc - which doesn't seem possible. Actually, that's exactly the point, and sounds about right. Try scanning something with a virus, using clamdscan, and ensure that it finds it. Muskoka.com 115 Manitoba Street Bracebridge, Ontario P1L 2B6 (705)645-6097 Muskoka.com is pleased to announce New High Speed Services please visit http://www.muskoka.com/services.htm for more information --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
At 01:19 PM 1/9/04, [EMAIL PROTECTED] wrote: At 11:09 AM 1/9/2004, [EMAIL PROTECTED] wrote: thanks. i suspect my invocation needs to be different - when i switch from clamscan to clamdscan, messages are processed - for example - rather than taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 seconds, .7 seconds, etc - which doesn't seem possible. following up on my own message here - the name clamdscan implies a daemon unto itself, that's why it seems - odd - if clamdscan is to be invoked the same as clamscan. If clamdscan is to run persistently, i'd expect it to be started up once, a la clamd. but perhaps i'm misinterpreting the name - perhaps it doesn't mean 'clam scanning daemon' but rather 'clamd-associated scanning process'... rather clamdscan = 'scan using the clamd daemon' or maybe better 'direct the clamd daemon to scan the following' To test your setup, send yourself the eicar test virus and see if it's detected. You can easily do this from www.testvirus.org If you run all the tests, don't be too alarmed if some of them are not caught - see yesterday's discussion on this. Very generally expect 10x or so speed improvement using clamdscan rather than clamscan with an MTA, but results will vary widely. Your reported scan time improvement seems quite possible. -- Noel Jones --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
At 11:31 AM 1/9/2004, Shayne Lebrun wrote: >thanks. i suspect my invocation needs to be different - when i switch from >clamscan to clamdscan, messages are processed - for example - rather than >taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 >seconds, .7 seconds, etc - which doesn't seem possible. Actually, that's exactly the point, and sounds about right. Try scanning something with a virus, using clamdscan, and ensure that it finds it. yup, just tested it with the eicar test file. amazing. i'm blown away. all this time i thought i was getting a bruising on resource usage, and with the addition of a single 'd' into my qmail-scanner-queue.pl, instead of my two servers running at a 14 load average constantly, they're running at like .45. this should perhaps be better documented. there's only two mentions of clamdscan in the docs, under 'testing' - nothing under 'configuration', and there's no details about actually using one or the other. Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Tom Walsh > Sent: Friday, January 09, 2004 1:44 PM > To: [EMAIL PROTECTED] > Subject: RE: [Clamav-users] pretty basic question - clamscan vs > clamdscan > > > > The difference between up and down is that one is up and one > > is down. Very profound, and not very helpful. Why bother > > answering if the answer in no way provides any explanation? > > Why bother responding only to chide the response for its lack of content > with more banter with similarly lacking substance? I was attempting to make a point. I appolgize if my response was just another example of the exact thing i was bashing. > > To answer the question in a more detailed fashion... Clamd listens on a > socket. Clamdscan is a client interface for talking to that socket. > > Clamd's purpose is to avoid the performance hit of forking a new process > to scan a file or directory. > Thank you for a more detailed response. > Tom Walsh > > It is Friday... Can't we all just get along? > > Indeed. Its been too long a week Jim Maul Eastern Long Island Hospital smime.p7s Description: S/MIME cryptographic signature
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 09 Jan 2004 at 13:38:54 -0600, Noel Jones wrote: > [...] > Very generally expect 10x or so speed improvement using clamdscan rather > than clamscan with an MTA, but results will vary widely. Your reported > scan time improvement seems quite possible. > A simple comparison (very rough, but shows the idea): $ time clamscan /etc/services /etc/services: OK --- SCAN SUMMARY --- [...] Data scanned: 0.01 Mb I/O buffer size: 131072 bytes Time: 0.721 sec (0 m 0 s) real0m0.726s user0m0.680s sys 0m0.040s $ time clamdscan /etc/services /etc/services: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.008 sec (0 m 0 s) real0m0.012s user0m0.000s sys 0m0.000s Depending on which times one compares, one gets: 0.721/0.008 ~= 90 or: 0.726/0.012 ~= 60. You can see the difference! ;-) -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
At 11:53 AM 1/9/2004, Tomasz Papszun wrote: A simple comparison (very rough, but shows the idea): $ time clamscan /etc/services /etc/services: OK --- SCAN SUMMARY --- [...] Data scanned: 0.01 Mb I/O buffer size: 131072 bytes Time: 0.721 sec (0 m 0 s) real0m0.726s user0m0.680s sys 0m0.040s $ time clamdscan /etc/services /etc/services: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.008 sec (0 m 0 s) real0m0.012s user0m0.000s sys 0m0.000s Depending on which times one compares, one gets: 0.721/0.008 ~= 90 or: 0.726/0.012 ~= 60. You can see the difference! ;-) hmm. while i am seeing a gigantic difference in 'real' scanning of incoming messages, here's what i get from scanning my existing quarantine dir between the two: with 880 files in the quarantine, clamdscan: --- SCAN SUMMARY --- Infected files: 33 Time: 37.506 sec (0 m 37 s) 0.02u 0.00s 0:37.51 0.0% clamscan: --- SCAN SUMMARY --- Known viruses: 29948 Scanned directories: 1 Scanned files: 880 Infected files: 11 Data scanned: 6.48 MB I/O buffer size: 131072 bytes Time: 34.016 sec (0 m 34 s) 17.80u 0.55s 0:34.04 53.9% which is really weird. clamdscan took 3 seconds *longer*, butit also found three times as many viruses as clamscan (that's weird in itself, since all the messages in the quarantine were put there by clamscan!) so, i'm confused to say the least, but with my servers now sitting back having a cool drink, rather than swinging a pickaxe and sweating like crazy, i'm not going to question the results. ;^) Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
I tried the test mentioned below and noticed my times were almost identical. I found the cause of this to be that my clamdscan was symlinked to clamscan so they were 1 and the same. Then i recalled a step from the qmailrocks (www.qmailrocks.org) installation instructions that says to rename clamdscan -> clamdscan.orig and symlink clamdscan to clamscan. This causes qmailscanner to detect clamuko instead of clamscan. So, now im thinking, why was this done? Im not sure if anyone here can answer this, but what is clamuko and why would this be preferred over clamdscan? Thanks. Jim Maul > A simple comparison (very rough, but shows the idea): > > $ time clamscan /etc/services > /etc/services: OK > > --- SCAN SUMMARY --- > [...] > Data scanned: 0.01 Mb > I/O buffer size: 131072 bytes > Time: 0.721 sec (0 m 0 s) > > real0m0.726s > user0m0.680s > sys 0m0.040s > > > $ time clamdscan /etc/services > /etc/services: OK > > --- SCAN SUMMARY --- > Infected files: 0 > Time: 0.008 sec (0 m 0 s) > > real0m0.012s > user0m0.000s > sys 0m0.000s > > > Depending on which times one compares, one gets: > > 0.721/0.008 ~= 90 or: > > 0.726/0.012 ~= 60. > > You can see the difference! ;-) > > -- > smime.p7s Description: S/MIME cryptographic signature
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
I used a Pentium 233MMX [EMAIL PROTECTED] arquivos]# time /usr/local/bin/clamscan /etc/services /etc/services: OK --- SCAN SUMMARY --- Known viruses: 29951 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.01 Mb I/O buffer size: 131072 bytes Time: 7.206 sec (0 m 7 s) real0m7.233s user0m6.380s sys 0m0.780s [ ]'s Mário - Original Message - From: "Tomasz Papszun" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 09, 2004 5:53 PM Subject: Re: [Clamav-users] pretty basic question - clamscan vs clamdscan > On Fri, 09 Jan 2004 at 13:38:54 -0600, Noel Jones wrote: > > > [...] > > Very generally expect 10x or so speed improvement using clamdscan rather > > than clamscan with an MTA, but results will vary widely. Your reported > > scan time improvement seems quite possible. > > > > A simple comparison (very rough, but shows the idea): > > $ time clamscan /etc/services > /etc/services: OK > > --- SCAN SUMMARY --- > [...] > Data scanned: 0.01 Mb > I/O buffer size: 131072 bytes > Time: 0.721 sec (0 m 0 s) > > real0m0.726s > user0m0.680s > sys 0m0.040s > > > $ time clamdscan /etc/services > /etc/services: OK > > --- SCAN SUMMARY --- > Infected files: 0 > Time: 0.008 sec (0 m 0 s) > > real0m0.012s > user0m0.000s > sys 0m0.000s > > > Depending on which times one compares, one gets: > > 0.721/0.008 ~= 90 or: > > 0.726/0.012 ~= 60. > > You can see the difference! ;-) > > -- > Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only > [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. > [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner > > > --- > This SF.net email is sponsored by: Perforce Software. > Perforce is the Fast Software Configuration Management System offering > advanced branching capabilities and atomic changes on 50+ platforms. > Free Eval! http://www.perforce.com/perforce/loadprog.html > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
At 02:07 PM 1/9/04, [EMAIL PROTECTED] wrote: hmm. while i am seeing a gigantic difference in 'real' scanning of incoming messages, here's what i get from scanning my existing quarantine dir between the two: with 880 files in the quarantine, When scanning a large number of files all at once, most time is spent actually scanning the files. When scanning just a few small files, most time is spent loading the database and getting ready to scan. Clamd pre-loads the database and is ready to scan whatever file or directory name is passed to it by clamdscan. Typical MTA usage is scan just a few files per command; ie. a single mail message, usually unpacked into its various mime parts. So clamdscan wins big when used with an MTA. For a fair comparison test of your quarantine, you would need to do something like: time sh -c 'for name in * do clamscan $name done' Once with clamscan, again with clamdscan. No bets on who wins this race, but try it and see what you get. Prediction: with clamdscan, total time will be about the same as you measured before; with clamscan, it will take ~10x longer than the previous test. Tell us what really happens. As for the differences in number of viruses detected in your quarantine scan, probably something to do with the options used with clamscan and settings in clamav.conf. The slight time difference you saw was likely due to files to scan cached in ram, and maybe other processes running. -- Noel Jones --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
>Known viruses: 29948 It is still under 2 virus signatures in the db. I think there is a discussion from yesterday or the day before on how too correct the reading of virusdb. Tjenesten mail.adventuras.no ble levert av Adventuras Web Agency http://www.adventuras.no/ --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 09 Jan 2004 at 12:07:16 -0800, [EMAIL PROTECTED] wrote: > > hmm. while i am seeing a gigantic difference in 'real' scanning of incoming > messages, here's what i get from scanning my existing quarantine dir > between the two: > > with 880 files in the quarantine, > > clamdscan: > --- SCAN SUMMARY --- > Infected files: 33 > Time: 37.506 sec (0 m 37 s) > 0.02u 0.00s 0:37.51 0.0% > > clamscan: > --- SCAN SUMMARY --- > Known viruses: 29948 > Scanned directories: 1 > Scanned files: 880 > Infected files: 11 > Data scanned: 6.48 MB > I/O buffer size: 131072 bytes > Time: 34.016 sec (0 m 34 s) > 17.80u 0.55s 0:34.04 53.9% > > which is really weird. clamdscan took 3 seconds *longer*, butit also found A gigantic difference (as shown in my previous message) is caused by wasting much time for launching the program (clamscan) and loading a database into memory (while clamd has it loaded _already_). But when you scan many files at once, you execute clamscan only once, so supremacy of clamdscan is lesser. Theoretically, with a number of files going to infinity, a duration of clamscan is reaching a duration of clamdscan. Now you could ask: "But why does clamdscan run longer that clamscan?! I understand that the times can be similar, but clamdscan longer?!". Read on :-) . > three times as many viruses as clamscan (that's weird in itself, since all > the messages in the quarantine were put there by clamscan!) Not so weird, in fact. First of all we must remember that clamdscan is a clamd client, so unless we use command line options, scanning with clamdscan will use these options which are set in clamav.conf. For instance, you may have set in clamav.conf ScanMail and ScanArchive. Of course using more features requires more time and resources. That's why clamdscan can run longer than clamscan! And your second question: "Why did clamdcan find 33 viruses, while clamscan found only 11?!". The answer is the same: clamdscan is a clamd client! If you have set ScanMail in clamav.conf, then clamdscan tries harder when searching for viruses. So it can find infections also in email messages, not only in raw binary files! A real example with one of my samples: $ clamscan Worm.Yaha.Y.msg Worm.Yaha.Y.msg: OK --- SCAN SUMMARY --- Known viruses: 19802 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.08 Mb I/O buffer size: 131072 bytes Time: 0.718 sec (0 m 0 s) $ clamdscan Worm.Yaha.Y.msg /tmp/Worm.Yaha.Y.msg: Worm.Yaha.Y FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.026 sec (0 m 0 s) As you can see, clamscan didn't find a virus in the mail message, but clamdscan did! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, 09 Jan 2004 12:07:16 -0800 [EMAIL PROTECTED] wrote: > which is really weird. clamdscan took 3 seconds *longer*, butit also > found three times as many viruses as clamscan (that's weird in itself, > since all the messages in the quarantine were put there by clamscan!) That's because clamd by default (check your config file) scans all directories recursively while clamscan don't. Try clamscan -r. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 9 23:11:54 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] documentation error/problem
On Fri, 09 Jan 2004 09:55:08 -0800 [EMAIL PROTECTED] wrote: > > just noticed that in the documentation - under 'certified software' - > there's mention of nclamd, with a URL of http://www.kyzo.com/nclamd . > that url fails, and going to their main page, i couldn't find any link > to nclamd. This is fixed (missing a trailing backslash) on the website. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 9 23:03:31 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] max-space question again
On Fri, 09 Jan 2004 09:53:41 -0800 [EMAIL PROTECTED] wrote: > per my max-space setting of 250, if i understand it correctly, > messages up to 250K will be virusscanned. does that mean that larger > messages simply get pushed through the processing unscanned? the > reason i ask is because it seems as if it doesn't matter what size the > message is, it gets scanned - which means giant messages can chew up > the machine for a long time. This option only affects archive scanning. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 9 23:55:29 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] clamav vs. other virus scanners
Antony Stone wrote: On Thursday 08 January 2004 12:21 pm, Payal Rathod wrote: Hi all, Recently I noticed that Norton AV clears more than 60,000 viruses, maybe other virus scanners also have similar numbers, why do we have a very less number? 2. Many vendors count minor variations in viruses as multiple signatures, whereas ClamAV often catches several variations with a single signature. Again, the higher number looks good for marketing, even though it really means the product is ratehr less efficient at detecting the viruses and has to search a bigger database of signatures to achieve the same effect. Another area where numbers are pumped is in application exploits and other non-virus related signatures. Desktop AVs will count signatures for things such as Outlook MIME vulnerabilities, spyware, adware, etc. Some will trigger "backdoor" warnings on tools that have been commercially designed for the purpose of remote administration as well, under the guise that users will want to be alerted if such programs are found on thier systems. DS --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter problem
Hi all I am new that use clamav on my server suse-smp. I install clamav.0-65 , when I use this command : /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock it saya You must select server type (local/TCP) in /usr/local/etc/clamav.conf What must I do ? -by regards -- Sophia --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
