Re: [Clamav-users] bounce vs. quarantine
Steven Stern wrote: On second thought, maybe I should have a chance to look at incoming messages rather than bouncing them with a 550. I've removed the -b from the clamav-milter startup. I've replaced it with --quarantine=/var/spool/clamav. Is this what's necessary to quarantine messages in /var/spool/clamav? old: CLAMAV_FLAGS=" -lo --b --max-children=10 --force-scan --quiet --dont-log-clean --server=localhost local:/var/run/clamav/clamav-milter.sock" new: CLAMAV_FLAGS=" -lo --quarantine-dir=/var/spool/clamav --max-children=10 --force-scan --quiet --dont-log-clean --server=localhost local:/var/run/clamav/clamav-milter.sock" You must use LocalSocket for communication between clamd and clamav-milter to get --quarantine-dir working. Edit clamav.conf and CLAMAV_FLAGS. Petr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bounce vs. quarantine
>new: >CLAMAV_FLAGS=" -lo --quarantine-dir=/var/spool/clamav --max-children=10 >--force-scan --quiet --dont-log-clean --server=localhost >local:/var/run/clamav/clamav-milter.sock" The default value for --server is 127.0.0.1 so there's no need to add --server=localhost. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bounce vs. quarantine
> The default value for --server is 127.0.0.1 so there's no need to add > --server=localhost. I have now documented this in the clamav-milter(8) manual page, and committed it to CVS, along with an overview of the ability of clamav-milter to talk to more than one clamd server. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Malformed CVD header detected {Scanned}
Hi, Is anybody else having problems getting database updates or is it just me? I haven't changed my clam setups for ages (it's on my todo list), yet recently (as from Mon, 22 Mar 2004 17:23:01 +) I get the following: With freshclam 0.60: Current working dir is /usr/local/share/clamav Checking for a new database - started at Tue Mar 23 11:12:01 2004 Connected to database.clamav.net. Reading md5 sum (viruses.md5): ERROR: Malformed md5 checksum detected. ERROR: Can't get viruses.md5 sum from database.clamav.net With CVS freshclam version devel-20040129 Current working dir is /usr/local/share/clamav Max retries == 3 ClamAV update process started at Tue Mar 23 08:30:01 2004 Connecting via proxy.littleport Connected to database.clamav.net (10.100.130.2). Reading CVD header (main.cvd): ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (10.100.130.2) Trying again... Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pthreads instability?
It seems evident now that clamd crashes when it has to scan some viruses, any time I submit Bugbear, i have a segmentation fault ! fortunately, clamscan relays the jobs . Hope it could helps clamd snapshot-20040323 / amavisd-new / Freebsd5.0 > -Message d'origine- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] la part de Todd > Lyons > Envoyé : lundi 22 mars 2004 22:52 > À : ClamAV Users List > Objet : RE: [Clamav-users] pthreads instability? > > > On Mon, 2004-03-22 at 00:38, Trog wrote: > > On Mon, 2004-03-22 at 05:59, Pubs wrote: > > > > > Thu Mar 18 17:51:05 2004 -> Segmentation fault :-( Bye.. > > When this happens, you need to capture the file(s) it was scanning at > > the time. > > Pardon my ignorance, but could you provide a method of capturing these > files? On my system, I see a bunch of segfaults: > > [EMAIL PROTECTED] tmp]# grep "Segmentation" /var/log/clamav/clamd.log | tail > Sun Mar 21 14:29:51 2004 -> Segmentation fault :-( Bye.. > Sun Mar 21 15:02:18 2004 -> Segmentation fault :-( Bye.. > Sun Mar 21 15:32:26 2004 -> Segmentation fault :-( Bye.. > Sun Mar 21 16:24:43 2004 -> Segmentation fault :-( Bye.. > Sun Mar 21 17:55:33 2004 -> Segmentation fault :-( Bye.. > Sun Mar 21 22:11:05 2004 -> Segmentation fault :-( Bye.. > Sun Mar 21 22:32:32 2004 -> Segmentation fault :-( Bye.. > Sun Mar 21 23:11:24 2004 -> Segmentation fault :-( Bye.. > Mon Mar 22 00:02:42 2004 -> Segmentation fault :-( Bye.. > Mon Mar 22 00:41:35 2004 -> Segmentation fault :-( Bye.. > > This not due to freshclam because it only runs once a day in > cron.daily. I do have "SelfCheck 600" set so it could be related to > that I suppose. > > Back to the question, I see a bunch of directories in /tmp: > [EMAIL PROTECTED] tmp]# vdir > total 124 > drwx--2 clamav clamav 4096 Mar 21 09:51 013bd56a3825715e > drwx--2 clamav clamav 4096 Mar 21 11:21 08af3df9a6f7feb9 > drwx--2 clamav clamav 4096 Mar 21 06:14 10979d75d61f9c1a > drwx--2 clamav clamav 4096 Mar 21 17:55 1776596f7b2cd026 > drwx--2 clamav clamav 4096 Mar 21 16:24 1d3d5c7e8a4ea647 > drwx--2 clamav clamav 4096 Mar 21 03:41 20d6648144db7333 > drwx--2 clamav clamav 4096 Mar 17 16:55 2d5e7c84f724c611 > drwx--2 clamav clamav 4096 Mar 21 14:29 2fba60ec86f2f527 > drwx--2 clamav clamav 4096 Mar 21 01:12 3f3e4dec02de478f > drwx--2 clamav clamav 4096 Mar 20 21:26 4d1f0202cd75d18b > drwx--2 clamav clamav 4096 Mar 21 12:28 4e6a9bbb4882d20f > drwx--2 clamav clamav 4096 Mar 21 01:44 5160537f29dece02 > drwx--2 clamav clamav 4096 Mar 21 13:58 54659dc82d3433bf > drwx--2 clamav clamav 4096 Mar 21 10:45 5c0480d4587d0ba4 > drwx--2 clamav clamav 4096 Mar 21 23:11 5f2db06087311d9d > drwx--2 clamav clamav 4096 Mar 21 15:32 607f705bcfc4a8b1 > drwx--2 clamav clamav 4096 Mar 21 04:46 7131086605570da7 > drwx--2 clamav clamav 4096 Mar 21 02:15 8b35b74d378d7418 > drwx--2 clamav clamav 4096 Mar 21 05:11 9220a98c58a52a19 > drwx--2 clamav clamav 4096 Mar 21 22:11 93715699cc9c661f > drwx--2 clamav clamav 4096 Mar 21 11:46 9c733e279371e499 > drwx--2 clamav clamav 4096 Mar 22 00:02 b734c578bac6f5ff > drwx--2 clamav clamav 4096 Mar 21 08:20 b73b31a325911270 > drwx--2 clamav clamav 4096 Mar 22 00:41 bb58c0f513933cd8 > drwx--2 clamav clamav 4096 Mar 17 21:17 ccc2b12f232ba677 > drwx--2 clamav clamav 4096 Mar 21 22:32 d49a744eb2d88ff9 > drwx--2 clamav clamav 4096 Mar 21 12:24 d8954311067da134 > drwx--2 clamav clamav 4096 Mar 21 15:02 e1be3743104dcf5c > drwx--2 clamav clamav 4096 Mar 21 09:14 f1a523862958006e > > But they're all empty. I can't find any sign of the emails that caused > the segfault. Any suggestions would be helpful. > > BTW, there's a few of us who've taken to hanging out on #clamav on > irc.freenode.net. Anybody who wishes to come and get some realtime > feedback and discussion, that's a decent place. It's not a registered > channel, but if it gains in popularity, it could easily be registered > and become an official support venue. Are there any other irc servers > that people hang out in? > > Blue skies... Todd > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free L
Re: [Clamav-users] Malformed CVD header detected {Scanned}
Jo Mills wrote: Hi, Is anybody else having problems getting database updates or is it just me? I haven't changed my clam setups for ages (it's on my todo list), yet recently (as from Mon, 22 Mar 2004 17:23:01 +) I get the following: [snip] With CVS freshclam version devel-20040129 Current working dir is /usr/local/share/clamav Max retries == 3 ClamAV update process started at Tue Mar 23 08:30:01 2004 Connecting via proxy.littleport Connected to database.clamav.net (10.100.130.2). Reading CVD header (main.cvd): ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (*10.100.130.2*) Trying again... Does your proxy allow DNS TCP packets? Try nslookup database.clamav.net on your proxy. If you get an error, try adjusting your proxy or firewall to allow DNS TCP packets. Regards, Fajar PS : The mirror admins is cooking-up a solution which would ensure DNS response for database.clamav.net would fit in a single UDP response packet in the future. In the mean time, if you're completely stuck then just change the entry DatabaseMirror on your freshclam.conf to one of the mirrors on http://www.clamav.net/mirrors.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Malformed CVD header detected {Scanned}
On Tue, Mar 23, 2004 at 08:53:40PM +0700, Fajar A. Nugraha wrote: > Jo Mills wrote: > > >Hi, > > > >Is anybody else having problems getting database updates or is it just > >me? I haven't changed my clam setups for ages (it's on my todo list), > >yet recently (as from Mon, 22 Mar 2004 17:23:01 +) I get the following: > > > [snip] > > > Does your proxy allow DNS TCP packets? > Try nslookup database.clamav.net on your proxy. > If you get an error, try adjusting your proxy or firewall to allow DNS > TCP packets. > > Regards, > > Fajar > [snip] Fajar, I considered this originally but then discounted it as the firewall on our system allows TCP DNS packets. However, I hadn't allowed for the main IT guys at the other end of our VPN being helpful! They must have stopped TCP packets for DNS sometime on Monday afternoon. I'll sort out some DNS servers from our ISP and (yet again!) work around the IT guys. (Trog helped out last time -> freshclam timeout erros - I ended having to build a Debian / Squid HTTP Proxy to bypass the official Novell HTTP proxy). Thanks again for your help, Best regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Virus ID
Silly question time... While I suppose the questions about the standard naming sequences may help, I would propose one other idea (along with asking for help with my question :-) First: I see a hit in my logfiles for Exploit.HTML.Bagle.Gen-4-eml; is this the variant I've read about where if a user on Windows *previews* a mail message (no attachment), they can get infected? Second: is there a database for clamav with descriptions of the viruses? I wondered if some kind of user-supplemented database could be used online, and *there* have the aliases, rather than bulk up the antivirus database with aliases and pseudonyms. If you see a virus hit, you could refer to the online site and check for AKA's of the virus name (as well as information of what the viruses are capable of). Just an idea... --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pthreads instability?
On Tue, 2004-03-23 at 13:37, Pubs wrote: > It seems evident now that clamd crashes when it has to scan some viruses, > any time I submit Bugbear, i have a segmentation fault ! fortunately, > clamscan relays the jobs . > > Hope it could helps > > clamd snapshot-20040323 / amavisd-new / Freebsd5.0 > Please send a copy of the file to [EMAIL PROTECTED] as soon as possible. Make sure you put it in an encrypted zip file with a password of 'virus' (without the quotes). -trog signature.asc Description: This is a digitally signed message part
[Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
Nigel Horne wrote: >> > I attempted to push a 59M email through clamd via clamdscan >> > (all body, not attachment) and clamd has started chewing up >> > RAM and CPU. > > Does the e-mail include encapsulated RFC822 messages? If so, there has > been a fix to that recently. > > -Nigel No, it's strictly text and just a LOT of characters. I can send it zipped or a small sample if anyone is interested. It has a lot of repeating characters, so it aught to compress rather well. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
Tomasz Kojm wrote: > On Mon, 22 Mar 2004 15:54:18 -0500 > Jesse Guardiani <[EMAIL PROTECTED]> wrote: > >> Any ideas on how to avoid this in the future? I'm running with >> ScanArchive and ScanMail (because I want the binhex feature on). > > The problem may be connected with already discussed and fixed > /dev/urandom issue. Please update to the latest CVS version. I'll consider it. This is a production server, so I'm not incredibly keen on running CVS code. I'll take a look at the CVS version, compile it on a test server and go for it if everything looks ok. Stay tuned. May take a few days for me to get around to it. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
Adam Webb wrote: > softlimit set to low? Well, how much RAM does clamdscan eat then? Is it a flat memory footprint, or does it climb based on message size? I assumed that it would be a flat memory footprint and that clamdscan would simply write a large file to disk and pass it off to clamd. That's what I would do. :) > It's a release candidate, not a recognized stable > code. Just a thought. I'm aware of that. Besides this stress testing bug I haven't had any problems with it. The upgrade was well worth the risk for the new features. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clarification on header info from Clam
This is a newbie question, I'm sure. Please bear with me. I have searched the archives but either the answer is not in there or I haven't thought of the right search terms. When Clam AV notifies me that it detected (and deleted) a virus on my email server, it sends the message I have included below. Is the IP address it reports a legitimate way of tracing what the last point of exit for the email was? In other words, does it show what machine it originated from or at least what firewall it passed through last? When I had an infection in house, I was able use the IP to track the machines very quickly because I use a fake ip schema inside. If we receive several from the same IP and samspade.org tracks it to a certain domain, is it worth my while to notify their admin that something behind their firewall is spewing viruses? (The biggest offender currently APPEARS to be our state department. Sigh.) Or do the viruses spoof the IP address in addition to the sender field? Also, is there any downside to disabling the server from notifying the "sender" of infected emails, given that most viri these days forge the sender field? I was getting too many delivery failure messages so I turned that feature off. Now I am the only one getting the notification. Sample Notification: The following e-mail messages were found to have viruses in them: Sender: [EMAIL PROTECTED] IP Address: 64.8.162.162 Recipient: [EMAIL PROTECTED] Subject: Important notify about your e-mail account. MessageID: i2IGkaH22647 Report: text_document.pif contains Worm.Bagle.N Shortcuts to MS-Dos programs are very dangerous in email (text_document.pif) -- AV-Suite Email Virus Scanner - --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
On Tuesday 23 Mar 2004 3:06 pm, Jesse Guardiani wrote: > No, it's strictly text and just a LOT of characters. I can send it zipped > or a small sample if anyone is interested. It has a lot of repeating > characters, so it aught to compress rather well. Yes, please e-mail me a copy. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus ID
On Tue, 2004-03-23 at 09:41 -0500, Bart Silverstrim wrote: > Silly question time... > > While I suppose the questions about the standard naming sequences may > help, I would propose one other idea (along with asking for help with > my question :-) > > First: I see a hit in my logfiles for Exploit.HTML.Bagle.Gen-4-eml; is > this the variant I've read about where if a user on Windows *previews* > a mail message (no attachment), they can get infected? That would be the one. > Second: is there a database for clamav with descriptions of the > viruses? I wondered if some kind of user-supplemented database could > be used online, and *there* have the aliases, rather than bulk up the > antivirus database with aliases and pseudonyms. If you see a virus > hit, you could refer to the online site and check for AKA's of the > virus name (as well as information of what the viruses are capable of). > Just an idea... I've considered suggesting just such an idea myself. Most AV vendors do have information about the viruses listed in their databases (what it does, what it infects, how to prevent and how to clean if possible). Along with current outbreak info. While that would be a big task for the core developers, I'm sure there'd be a few people in the Clam community who could submit this information. A Wiki type interface would be perfect for this. -- Chris --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Time of signature in Virus DB Search
I just noticed the new Virus DB Search function on the web site. That's great, I will use that often but could you add the date and time (GMT) the signature was added. I often get asked by managers when Clam added a signature for comparison with other scanners and it would make it real easy to find. Thanks! -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14, SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav may crash when processing Certain RAR files.....
You won't detect some bagle rar virus unless you are using .68-1. .67 does not detect some virus's and core dumps. I filed this bug against the debian package last week and the maintainers (for debian) are releasing a .68-x package shortly. You need to upgrade to detect some bagle virus's. Jim said: > Has anyone seen the below article, is it really a problem and do users > of clamav need to move to .68 or better to be protected? > > > http://www.securitytracker.com/alerts/2004/Mar/1009502.html > > > > Jim > > > > > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] memory leak?
I'm a bit hesitant of upgrading to .68 or .70-rc if it appears to have a memory leak. At what point can the developers say: "this x release does not have a memory leak." Pubs said: >> On Sun, Mar 21, 2004 at 01:14:53PM -0600, John Jolet wrote: >> > If anything, i'd say it leaked less...course, i jumped from .65 to .7. >> >> It seems to be worse for me. Much worse. I had archive scanning off >> before the jump to 67, and then to 70-rc from 65. Both of these appear >> to have the problem. I can cron a daily restart to clear it up but >> that's kind a jenky. >> -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Time of signature in Virus DB Search
Peter Bonivart wrote: > I just noticed the new Virus DB Search function on the web site. That's > great, I will use that often but could you add the date and time (GMT) > the signature was added. I often get asked by managers when Clam added a > signature for comparison with other scanners and it would make it real > easy to find. I'd like to add a quick: Me too -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav 0.68-1 port for openbsd has been released
Hello all, The port of clamav 0.68-1 has just been released and is available @ http://www.fatbsd.com/openbsd Enjoy, ++ Jerome PS: There are still bugs with clamav on openbsd. (Signals known problems on clamd and clamdscan (kill -HUP doesn't work fine)) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] RE: memory leak?
Lucas Albers wrote: > I'm a bit hesitant of upgrading to .68 or .70-rc if it appears to have a > memory leak. At what point can the developers say: > "this x release does not have a memory leak." :) Never, or about 2 years after the software is released and has run on virtually every machine known to man. That's my experience with C anyway. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Malformed CVD header detected {Scanned}
Jo Mills wrote: > packets for DNS sometime on Monday afternoon. I'll sort out > some DNS servers > from our ISP and (yet again!) work around the IT > guys. (Trog helped As an IT guy myself, I'd like to respectfully suggest that you let your IT team know that you've noticed a change in behavior and think you have pinned down the cause. It may very well be that someone who thought they knew what they were doing broke something, and they'll put things back the way they were. (It may also be that they really did know what they were doing, and that you shouldn't route around them.) (Of course, maybe you were already planning on doing this...) Thanks, -ron --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav 0.68-1 port for openbsd has been released
On Tue, 23 Mar 2004 20:44:49 +0100 "LOYET Jerome" <[EMAIL PROTECTED]> wrote: > Hello all, > > The port of clamav 0.68-1 has just been released and is available @ > http://www.fatbsd.com/openbsd Are you the current maintainer of the openbsd port ? > PS: There are still bugs with clamav on openbsd. (Signals known > problems on clamd and clamdscan (kill -HUP doesn't work fine)) Should be already fixed in the CVS version. The final 0.70 version will be available soon. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 24 00:10:36 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
Jesse Guardiani wrote: Tomasz Kojm wrote: The problem may be connected with already discussed and fixed /dev/urandom issue. Please update to the latest CVS version. I'll consider it. This is a production server, so I'm not incredibly keen on running CVS code. Actually, with ClamAV CVS versions are often more stable or better than "stable" preview versions due to rapid bugfix and improvements :) Read ChangeLog from CVS; you should find many interesting entries there. Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] RFE: clamav-milter stuff
On Wed, 10 Mar 2004, Damian Menscher wrote: > On Wed, 10 Mar 2004, Nigel Horne wrote: > > ClamAV version 0.67-1, clamav-milter version 0.67a > Please be more specific by: (b) giving an example of a message that you think is missing some information, since all the messages I see already contain the virus/worm name >>> >>> 550 5.7.1 Virus detected by ClamAV - http://www.clamav.net > >> (d) pointing out and example of what more you want. > > How about something like: > 550 5.7.1 Virus detected: Mydoom.f (http://www.clamav.net/) Just a reminder, this is still something we're waiting for. It doesn't look like it's been changed in CVS, though I hear someone submitted a patch for it. (I'm being a bit pushy since it would be good to get this into the final release of 0.70.) Also, I'd like to add another, slightly more difficult, request: a little more flexibility in the drop/bounce/reject options. If the virus database could contain a flag of whether the virus is one that spoofs the from address, versus one that doesn't, versus one that attaches to legitimate files (word macro viruses, for example), then postmasters could decide whether to drop/bounce/reject these different *classes* of viruses accordingly. Would certainly end the endless debate about what is the best method, or at least make it more interesting. ;) Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav failes to update {Scanned}
I have clamav antivirus installed but a few days ago, it stopped getting updated because I can't seem to resolve 'database.clamav.net' and I'm not sure what the problem is. It seems I can resolve other sites, including clamav.net but not the database.clamav.net. Can someone help? Here is what I get w/ nslookup: $ nslookup database.clamav.net Server: ns1.wppi.net Address: 68.166.149.45 *** ns1.wppi.net can't find database.clamav.net: Non-existent host/domain But, I can get to clamav.net: $ nslookup clamav.net Server: ns1.wppi.net Address: 68.166.149.45 Non-authoritative answer: Name:clamav.net Address: 66.35.250.210 - WPPi.com|WPPi.Net - http://www.wppi.com | http://www.wppi.net - WPPi.com & WPPi.Net MailScanner Signature This message has been scanned for viruses and dangerous content by WPPi MailScanner, and has been found to be clean. - --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav failes to update {Scanned}
Dns answers have been too big for udp packets, so query gets redone as tcp.
Some firewalls (or fw admins) block tcp dns requests. (Although I would have
expected to see a "server failed" type of message rather than "non-existent
host".) Something to investigate, anyway.
> -Original Message-
> From: SW [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 9:22 PM
> To: Clamav
> Subject: [Clamav-users] Clamav failes to update {Scanned}
>
>
> I have clamav antivirus installed but a few days ago, it
> stopped getting updated because I can't seem to resolve
> 'database.clamav.net' and I'm not sure what the problem is.
> It seems I can resolve other sites, including clamav.net but
> not the database.clamav.net. Can someone help?
>
> Here is what I get w/ nslookup:
>
> $ nslookup database.clamav.net
> Server: ns1.wppi.net
> Address: 68.166.149.45
>
> *** ns1.wppi.net can't find database.clamav.net: Non-existent
> host/domain
>
> But, I can get to clamav.net:
>
> $ nslookup clamav.net
> Server: ns1.wppi.net
> Address: 68.166.149.45
>
> Non-authoritative answer:
> Name:clamav.net
> Address: 66.35.250.210
>
>
>
>
>
> -
> WPPi.com|WPPi.Net
> -
> http://www.wppi.com | http://www.wppi.net
> -
> WPPi.com & WPPi.Net MailScanner Signature
> This message has been scanned for viruses
> and dangerous content by WPPi MailScanner,
> and has been found to be clean.
> -
>
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President
> and CEO of GenToo technologies. Learn everything from
> fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
