[Clamav-users] Clamav Problem Solaris 8
Follwing problem with (devel-20040108, clamav-milter version '0.66c'): After several days I eventually get the following messages in clamd.log (about 200 times): Sat Jan 17 20:38:01 2004 -> ERROR: ScanStream: accept() failed. Sat Jan 17 20:40:20 2004 -> ERROR: accept() failed. Sat Jan 17 20:40:20 2004 -> ERROR: accept() failed. Sat Jan 17 20:40:20 2004 -> ERROR: accept() failed. Sat Jan 17 20:40:20 2004 -> ERROR: accept() failed. Sat Jan 17 20:40:20 2004 -> ERROR: accept() failed. Sat Jan 17 20:40:20 2004 -> ERROR: accept() failed. Sat Jan 17 20:40:20 2004 -> ERROR: accept() failed. After that clamd crashes!! What could be the reason for this behaviour? Best regards Wolfgang --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Problem with openbsd 3.3
Hi folks, I need to install clamav to check my filesystem. I've tried with clamav-0.65 port: I've installed anything, I've created the /etc/clamav.conf and the _clamd user/group, but when I try to use freshclam or clamd I receive this message: /usr/libexec/ld.so: clamd: libpthread.so.20.20: No such file or directory /usr/libexec/ld.so: freshclam: libpthread.so.20.20: No such file or directory Where is my mistake? Could I try with clamav-devel-20040118, but with the --disable-clamav option? Thanks for your support, and patience Regards Andrea --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Problem with openbsd 3.3
Hello, There's a big problem with libpthread on obsd, a port exists on http://www.activeintra.net/projects/clamav/. I hope it'll work after. Bye, LOYET Jerome -> -Message d'origine- -> De : [EMAIL PROTECTED] -> [mailto:[EMAIL PROTECTED] De la part -> de Andrea Riela -> Envoyé : lundi 19 janvier 2004 13:25 -> À : [EMAIL PROTECTED] -> Objet : [Clamav-users] Problem with openbsd 3.3 -> -> Hi folks, -> -> I need to install clamav to check my filesystem. -> I've tried with clamav-0.65 port: I've installed anything, -> I've created the /etc/clamav.conf and the _clamd user/group, -> but when I try to use freshclam or clamd I receive this message: -> -> /usr/libexec/ld.so: clamd: libpthread.so.20.20: No such file -> or directory -> /usr/libexec/ld.so: freshclam: libpthread.so.20.20: No such -> file or directory -> -> Where is my mistake? -> Could I try with clamav-devel-20040118, but with the -> --disable-clamav option? -> -> Thanks for your support, and patience -> Regards -> Andrea -> -> -> -> --- -> The SF.Net email is sponsored by EclipseCon 2004 Premiere -> Conference on Open Tools Development and Integration See the -> breadth of Eclipse activity. February 3-5 in Anaheim, CA. -> http://www.eclipsecon.org/osdn -> ___ -> Clamav-users mailing list -> [EMAIL PROTECTED] -> https://lists.sourceforge.net/lists/listinfo/clamav-users -> --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem with openbsd 3.3
there is no problem with openbsd's libpthread. the problem has to do with the way clamav get's built. i would be surprised that you were able to build it then get an error like that. you don't have gnu pthreads installed do you? If so remove it, you don't need it. try the port though, it should help unless you have problems with the system itself. regrards, flinn On Jan 19, 2004, at 7:44 AM, Jerome LOYET wrote: Hello, There's a big problem with libpthread on obsd, a port exists on http://www.activeintra.net/projects/clamav/. I hope it'll work after. Bye, LOYET Jerome -> -Message d'origine- -> De : [EMAIL PROTECTED] -> [mailto:[EMAIL PROTECTED] De la part -> de Andrea Riela -> Envoyé : lundi 19 janvier 2004 13:25 -> À : [EMAIL PROTECTED] -> Objet : [Clamav-users] Problem with openbsd 3.3 -> -> Hi folks, -> -> I need to install clamav to check my filesystem. -> I've tried with clamav-0.65 port: I've installed anything, -> I've created the /etc/clamav.conf and the _clamd user/group, -> but when I try to use freshclam or clamd I receive this message: -> -> /usr/libexec/ld.so: clamd: libpthread.so.20.20: No such file -> or directory -> /usr/libexec/ld.so: freshclam: libpthread.so.20.20: No such -> file or directory -> -> Where is my mistake? -> Could I try with clamav-devel-20040118, but with the -> --disable-clamav option? -> -> Thanks for your support, and patience -> Regards -> Andrea -> -> -> -> --- -> The SF.Net email is sponsored by EclipseCon 2004 Premiere -> Conference on Open Tools Development and Integration See the -> breadth of Eclipse activity. February 3-5 in Anaheim, CA. -> http://www.eclipsecon.org/osdn -> ___ -> Clamav-users mailing list -> [EMAIL PROTECTED] -> https://lists.sourceforge.net/lists/listinfo/clamav-users -> --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd protocol
Quoting Philipp Grosswiler <[EMAIL PROTECTED]>: > > So, how is clamd behaving with the patch and ThreadTimout=0? > > > > Is it any better? > > It is actually better, but unfortunately, there still seems to be a > problem > somewhere. If you have can put an accurate time on when clamd stopped responding, would it correspond to their being a virus DB update? I assume that you do automatic updates and this is signalled to clamd (probably via freshclam --daemon-notify). -trog --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd protocol
> If you have can put an accurate time on when clamd stopped > responding, would it correspond to their being a virus DB update? I don't think so. > I assume that you do automatic updates and this is signalled > to clamd (probably via freshclam --daemon-notify). That's true, I am doing automatic updates and it doesn't seem to be the problem. Although clamd is responding to any commands, it is not able to actually scan the messages anymore. There are still entries in the log file which refer to virus DB updates (just the scanning is not working anymore). So, I assume the threads are dead, but clamd itself is still functional. This happened today morning again, and the only thing I can do is to "killproc clamd" and restart again. Regards, Phil. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Problem with openbsd 3.3
> http://www.activeintra.net/projects/clamav/. Ok, It looks like it's working. That is the latest release for openbsd? Thanks Andrea --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamd network commands
I was a bit confused when I first tried writing a script to connect to clamd 0.65 on a remote server and do scanning via the STREAM command: 1 - I expected to be able to do multiple commands per TCP session... for example: -- connection established C: PING S: PONG C: STREAM S: PORT ... S: stream: OK C: STREAM S: PORT ... S: stream:OK C: QUIT S: BYE -- connection terminated But I know now that this is not possible - each separate command terminates the connection after the server response comes back, and the "QUIT" command shuts down the daemon, not terminate the current session. It would be useful if the clamd man page mentioned something about this. 2 - The "QUIT" command is, in my opinion, badly documented in the clamd man page: QUIT Perform a clean exit. Maybe it should say: QUIT Perform a clean shutdown of the daemon. "clean exit" implied to me that in a session like I described above, this would cleanly notify the server that the connection was to be terminated - a "clean exit" of the communication. 3 - The "PING" command doesn't seem to be very useful in the light of each command running in its own TCP session. If I get a PONG back, I know that the server is sane. But then I have to make another TCP connection to do any other work... how do I know it's still sane? I am now not using "PING" and just assuming that if a connection opens the server is okay. Does anyone else here think those things should be changed? I think that especially my first complaint above should be fixed - it would save a lot of overhead if one wants to scan multiple files using the "STREAM" method (instead of having to setup and teardown a separate TCP connection for each one). Now that I'm passed these hurdles, I'll finish my python version of clamdscan which sends data to a remote clamd server via "STREAM" instead of using CONTSCAN or RAWSCAN (whichever the current clamdscan does). If anyone is interested in this, let me know and I can send it to you or post it here. -- Jim Ramsay --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd network commands
Le Lun 19 jan 08:46:36 2004, Jim Ramsay écrit: > > 3 - The "PING" command doesn't seem to be very useful in the light of > each command running in its own TCP session. If I get a PONG back, I > know that the server is sane. But then I have to make another TCP > connection to do any other work... how do I know it's still sane? I am > now not using "PING" and just assuming that if a connection opens the > server is okay. PING/PONG is useless. It could have been better if the server had send a banner at connection startup. > Does anyone else here think those things should be changed? I think > that especially my first complaint above should be fixed - it would save > a lot of overhead if one wants to scan multiple files using the "STREAM" > method (instead of having to setup and teardown a separate TCP > connection for each one). IMHO, the main misfit of the STREAM command is the random TCP port. You have to open your firewall to allow any connection to any port from clamd clients to servers. Some other - return string is not clear (not documented) - server may close the stream connection when a virus is found at start of data (not documented) - you can't pass options (check mail/check data) to commands - log file is clueless (it just tell the TCP port and file descriptor, not even the client IP address) --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clamd network commands
Laurent Wacrenier wrote: PING/PONG is useless. It could have been better if the server had send a banner at connection startup. Good point - that's much better for determining server state upon connection. This banner should also include the clamd version so that you don't have to use a separate connection for that either. IMHO, the main misfit of the STREAM command is the random TCP port. You have to open your firewall to allow any connection to any port from clamd clients to servers. I agree there. I hate FTP for the same reason :) Maybe the next version will have an in-band data transfer command. I hope. If not, I suggest 'DATA' to the developers, and it should go like this: C: DATA S: OK C: binary data... C: binary data... C: more data until 'length' bytes have been sent... S: stream: OK Some other - return string is not clear (not documented) True, I found out by trial and error, and I'm sure I'm not catching all possibilities at this point. - server may close the stream connection when a virus is found at start of data (not documented) Without saying 'stream: VIRUSNAME FOUND'? That's bad. -- Jim Ramsay --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail-8.12.10+clamav-0.65+mimedefang-2.39 not catching some virii
On Fri, 16 Jan 2004 15:04:57 -0500 <[EMAIL PROTECTED]> wrote: > Test #6: Eicar virus embedded within another MIME segment > Test #11: Eicar virus within a ZIP file > Test #13: Eicar virus sent in a Microsoft TNEF file (winmail.dat) ... > I'm not overly surprised about the last three, but it seems like > clamav should catch the first four. Are there additional pieces of > software that I'm missing? #6 and #13 should be handled by mimedefang (and it should execute clamscan on already parsed files) however I don't understand why they failed to detect #11. Are zip archives processed in some way by MD ? Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Jan 19 19:48:56 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Problem with openbsd 3.3
yes that is the latest, I have yet to play with the latest snaps. i need to test on 3.4, but I am not ready to deploy 3.4 on my server (mostly because of the change from a.out to elf). regards, flinn On Jan 19, 2004, at 9:43 AM, Andrea Riela wrote: http://www.activeintra.net/projects/clamav/. Ok, It looks like it's working. That is the latest release for openbsd? Thanks Andrea --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Bagle Virus/Worm Status?
Anybody seen these yet? http://www.viruslist.com/eng/alert.html?id=783050 There has been some discussion on bugtraq about it's payload today. Just curious... Tom Walsh Network Administrator http://www.ala.net/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bagle Virus/Worm Status?
Hi, Seen clamav catch a few on some of my servers today. Rick Tom Walsh wrote: Anybody seen these yet? http://www.viruslist.com/eng/alert.html?id=783050 There has been some discussion on bugtraq about it's payload today. Just curious... Tom Walsh Network Administrator http://www.ala.net/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bagle Virus/Worm Status?
On Mon, 2004-01-19 at 20:57, Tom Walsh wrote: > Anybody seen these yet? > > http://www.viruslist.com/eng/alert.html?id=783050 > > There has been some discussion on bugtraq about it's payload today. > > Just curious... > Yeah, we had about 30 today so far. It seems to be spreading quite rapidly. Good news is its supposed to deactivate on the 28th. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Bagle Virus/Worm Status?
> Yeah, we had about 30 today so far. It seems to be spreading > quite rapidly. Good news is its supposed to deactivate on the 28th. I just have to say it... I love ClamAV. :) Thanks for the reports guys. Tom Walsh Network Administrator http://www.ala.net/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bagle Virus/Worm Status?
On Mon, 19 Jan 2004, Kevin Spicer wrote: > Yeah, we had about 30 today so far. It seems to be spreading quite > rapidly. Good news is its supposed to deactivate on the 28th. Only 30? I've seen over 500 on my mail systems since getting the new sigs late last night. Kudos to Diego for getting the sigs updated quickly. Tim Wilde -- Tim Wilde [EMAIL PROTECTED] Systems Administrator Dynamic Network Services, Inc. http://www.dyndns.org/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bagle Virus/Worm Status?
On Mon, 2004-01-19 at 21:31, Tim Wilde wrote: > On Mon, 19 Jan 2004, Kevin Spicer wrote: > > > Yeah, we had about 30 today so far. It seems to be spreading quite > > rapidly. Good news is its supposed to deactivate on the 28th. > > Only 30? I've seen over 500 on my mail systems since getting the new sigs > late last night. Kudos to Diego for getting the sigs updated quickly. > I guess it depends on how much mail you handle! To put mine in perspective I'm talking a daily load of only about 7000 messages of which only about 3-4000 will be incoming. So probably about 1% of incoming mail is Bagle (thats pretty much in line with the figures message labs are reporting of 1 in 136). --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Problem with openbsd 3.3
It works fine on Openbsd 3.4 --stable, other then the items this list is already aware of like crashing without notice once in a while. rm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Flinn Mueller Sent: Monday, January 19, 2004 2:41 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Problem with openbsd 3.3 yes that is the latest, I have yet to play with the latest snaps. i need to test on 3.4, but I am not ready to deploy 3.4 on my server (mostly because of the change from a.out to elf). regards, flinn On Jan 19, 2004, at 9:43 AM, Andrea Riela wrote: >> http://www.activeintra.net/projects/clamav/. > > Ok, > It looks like it's working. > That is the latest release for openbsd? > > Thanks > Andrea > > > > --- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem with openbsd 3.3
Roy Morris wrote: It works fine on Openbsd 3.4 --stable, other then the items this list is already aware of like crashing without notice once in a while. rm I actually managed to get ClamAV 0.65 running rock solid. It has been running now for nearly 2 months without any problems. I am using OpenBSD 3.4, didn't use flinn's port though (because it wasn't updated around the time 0.65 released IIRC). Wouter --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Problem with openbsd 3.3
how much email do you get? Mine usually runs for about 6 days or so then pops. I get around 200 msg/hr on the server. I stopped using it until the next version, hoping it would be more stable. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Wouter de Vries Sent: Monday, January 19, 2004 5:03 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Problem with openbsd 3.3 Roy Morris wrote: > It works fine on Openbsd 3.4 --stable, other then the items this list is already > aware of like crashing without notice once in a while. > > rm I actually managed to get ClamAV 0.65 running rock solid. It has been running now for nearly 2 months without any problems. I am using OpenBSD 3.4, didn't use flinn's port though (because it wasn't updated around the time 0.65 released IIRC). Wouter --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail-8.12.10+clamav-0.65+mimedefang-2.39 not catching some virii
arr> Test #6: Eicar virus embedded within another MIME segment arr> Test #11: Eicar virus within a ZIP file arr> Test #13: Eicar virus sent in a Microsoft TNEF file (winmail.dat) tk> #6 and #13 should be handled by mimedefang (and it should execute clamscan tk> on already parsed files) however I don't understand why they failed to tk> detect #11. Are zip archives processed in some way by MD ? I'm wondering if there's an issue because Solaris ships with an unzip but not a zip. I was hoping that someone also running Solaris would be able to let me know if I just needed to install a third party zip package with both binaries. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem with openbsd 3.3
Ditto. My version of clamav-0.65 is running since 22 Dec 03 (last time I rebooted for security reasons). Before that it was pretty solid as well. Regards, Flinn On Jan 19, 2004, at 5:02 PM, Wouter de Vries wrote: Roy Morris wrote: It works fine on Openbsd 3.4 --stable, other then the items this list is already aware of like crashing without notice once in a while. rm I actually managed to get ClamAV 0.65 running rock solid. It has been running now for nearly 2 months without any problems. I am using OpenBSD 3.4, didn't use flinn's port though (because it wasn't updated around the time 0.65 released IIRC). Wouter --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Solaris 9 / zziplib
On Wed, 24 Dec 2003 15:24:20 +0100, Tomasz Kojm wrote: > On Wed, 24 Dec 2003 00:05:45 + > Marty Lee <[EMAIL PROTECTED]> wrote: > >> Please find attached the patch; the code that was overloading the >> _trailer->z_magic area with the offset was the offending item. I've >> manually mapped the offset to the magic area, then reversed the function >> in the __correct_rootseek defintion that followed it. > > Marty, > > thank you - the patch is OK and has been commited in CVS. > > Merry Christmas, > > Tomasz Kojm Guys, I am afflicted with the __zzip_find_disk_trailer crash.. which I think this patch fixes.. but either my firewall is acting stupid, or there is a problem with CVS... on Solaris, the cvs command just hangs.. on linux... $ cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav co clamav-devel cvs checkout: authorization failed: server cvs.sourceforge.net rejected access to /cvsroot/clamav for user anonymous cvs checkout: used empty password; try "cvs login" with a real password Are the CVS snapshots stable enough to use for "production" ... or can someone send me that patch so I can apply it to 0.65? Thanks in advance! -- Tommy McNeely - [EMAIL PROTECTED] Unix Administrator - Electro Domestico --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail-8.12.10+clamav-0.65+mimedefang-2.39 not catching some virii
On Mon, 19 Jan 2004 17:38:02 -0500 <[EMAIL PROTECTED]> wrote: > I'm wondering if there's an issue because Solaris ships with an unzip > but not a zip. I was hoping that someone also running Solaris would > be able to let me know if I just needed to install a third party zip > package with both binaries. Does clamscan detect the eicar.zip itself ? Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jan 20 03:31:24 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Re: Solaris 9 / zziplib
On Mon, 19 Jan 2004 16:49:28 -0700 Tommy McNeely <[EMAIL PROTECTED]> wrote: > I am afflicted with the __zzip_find_disk_trailer crash.. which I think > this patch fixes.. but either my firewall is acting stupid, or there The patch was broken and has been reversed recently in CVS. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jan 20 03:27:41 CET 2004 pgp0.pgp Description: PGP signature
[Clamav-users] Re: Re: Solaris 9 / zziplib
On Tue, 20 Jan 2004 03:30:38 +0100, Tomasz Kojm wrote: > On Mon, 19 Jan 2004 16:49:28 -0700 > Tommy McNeely <[EMAIL PROTECTED]> wrote: > >> I am afflicted with the __zzip_find_disk_trailer crash.. which I think >> this patch fixes.. but either my firewall is acting stupid, or there > > The patch was broken and has been reversed recently in CVS. > > Best regards, > Tomasz Kojm Ouch... ok, so does anyone know if I installed gcc and used that if the problem goes away (I am not using 64bit mode on the Sun Compiler).. I searched for Solaris in the clamav-devel list (on GMANE) and didn't see anything about it. Is the problem with SUNWzlib or with the way clam* uses it? -- Tommy McNeely - [EMAIL PROTECTED] Unix Administrator - Electro Domestico --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
