Re: [Clamav-users] Problem with clamscan .vs. clamdscan
> On Fri, 2004-04-23 at 08:40, Stephen Gran wrote: >> use /usr/bin/clamscan --tempdir=/tmp -r -i --block-encrypted bob.zip > > Any idea why the config file setting to enable blocking encrypted files > is not working? > Because clamscan doesnt use clamav.conf!! S many people dont seem to realize this. Jim --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Fri, 2004-04-23 at 16:25, Todd Lyons wrote:
> B. van Ouwerkerk wrote:
> >
> > On my system I had to chmod /var/run/clamav to 700 owned by
> > clamav:clamav. You have that dir set to 755. I'm not sure this will work
> > exactly the same on all distro's but on Slackware this works just fine.
>
> It works fine at mode 755. If you're using an
> /etc/sysconfig/clamav-milter config file, you could be specifying it on
> the commandline which will override the config file settings:
>
> [EMAIL PROTECTED] root]# ps ax | grep clamav-milter | grep -v grep
> 6090 ?S 4:07 clamav-milter --config-file=/etc/clamav.conf
> --max-children=20 --quiet -ol local:/var/clamav/clmilter.socket
>
Well, I may be making progress.
Based upon someone's suggestion, I had been keeping the clamav-milter
execution script in /etc/rc.d/init.d/. I copied it to /usr/sbin, with a
link to it in /usr/local/sbin. I made sure the permissions were the
same as the test of the files there (755). Now, when I try to execute
it, I get the following:
[EMAIL PROTECTED] log]# clamav-milter start
Starting clamav-milter: Usage: /usr/sbin/clamav-milter
{start|stop|reload|restart|condrestart|status}
[FAILED]
It looks like it's actually trying to start something now, though
failing.
I did an strace, and found that it was looking for a file
"initscripts.mo" in the US locale directories. Searching for the file,
I seemed to have a copy almost everywhere *except* in the US. I first
linked to one in the UK directory; the "[FAILED]" message then appeared
in Cyrillic. Linking to a copy in /var/log changed nothing. According
to yum, I have the latest initscripts package installed. Ignoring that,
I redid an strace; for those interested the text is here:
http://www.the-leveys.us:6080/clamav-milter-strace.txt
I am not good at reading these, so I don't see what else might be
wrong. Any suggestions are welcome.
-Don
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Saturday 24 April 2004 9:28 pm, Don Levey wrote:
> Well, I may be making progress.
> Based upon someone's suggestion, I had been keeping the clamav-milter
> execution script in /etc/rc.d/init.d/. I copied it to /usr/sbin, with a
> link to it in /usr/local/sbin. I made sure the permissions were the
> same as the test of the files there (755). Now, when I try to execute
> it, I get the following:
>
> [EMAIL PROTECTED] log]# clamav-milter start
> Starting clamav-milter: Usage: /usr/sbin/clamav-milter
> {start|stop|reload|restart|condrestart|status}
>[FAILED]
Why are you putting an init startup script in /usr/local/sbin? init scripts
live in /etc/rc.d or /etc/init.d depending on your OS, certainly not in a
sbin directory!
Leave the clamav-milter executable in /usr/local/sbin and the startup
script in /etc/rc.d/init.d. Two programs for two jobs and never the
twain shall meet...
> -Don
-Nigel
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Sat, 2004-04-24 at 16:57, Nigel Horne wrote:
> On Saturday 24 April 2004 9:28 pm, Don Levey wrote:
>
> > Well, I may be making progress.
> > Based upon someone's suggestion, I had been keeping the clamav-milter
> > execution script in /etc/rc.d/init.d/. I copied it to /usr/sbin, with a
> > link to it in /usr/local/sbin. I made sure the permissions were the
> > same as the test of the files there (755). Now, when I try to execute
> > it, I get the following:
> >
> > [EMAIL PROTECTED] log]# clamav-milter start
> > Starting clamav-milter: Usage: /usr/sbin/clamav-milter
> > {start|stop|reload|restart|condrestart|status}
> >[FAILED]
>
> Why are you putting an init startup script in /usr/local/sbin? init scripts
> live in /etc/rc.d or /etc/init.d depending on your OS, certainly not in a
> sbin directory!
>
> Leave the clamav-milter executable in /usr/local/sbin and the startup
> script in /etc/rc.d/init.d. Two programs for two jobs and never the
> twain shall meet...
I've got two files names "clamav-milter".
One is in /etc/sysconfig, and contains what looks like command-line
flags for startup. My guess was that this was a config file.
The second is an executable script. I can't even remember where it was
originally; probably in the build directory and no-where else. Yes, I
did run make in the milter subdirectory when I downloaded the code, as
well as make install. I copied *this* script into /etc/rc.d/init.d, and
then into /usr/sbin and /usr/local/sbin. For reference, it starts:
!/bin/sh
#
# clamav-milter This script starts and stops the clamav-milter daemon
#
# chkconfig: 2345 91 30
#
# description: clamav-milter is a daemon which hooks into sendmail and
routes
# email messages to clamav
# processname: clamav-milter
# Source function library.
. /etc/rc.d/init.d/functions
Since those are the only files directly named 'clamav-milter", which one
is the executable and which one the startup script?
-Don
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Saturday 24 April 2004 10:10 pm, Don Levey wrote: > Since those are the only files directly named 'clamav-milter", which one > is the executable and which one the startup script? Look in .../clamav-milter/INSTALL and ensure that you have followed the instructions in there. > -Don -Nigel --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Sat, 2004-04-24 at 18:05, Nigel Horne wrote: > On Saturday 24 April 2004 10:10 pm, Don Levey wrote: > > > Since those are the only files directly named 'clamav-milter", which one > > is the executable and which one the startup script? > > Look in .../clamav-milter/INSTALL and ensure that you have followed the > instructions in there. I thought I had... Of course, the key line in all of that is: "Install into /usr/local/sbin/clamav-milter" Which is what I'm trying to do - but this isn't particularly informative (to me). The closest thing I could figure was to use --prefix during the overall make, but this did nothing for the milter at all. The example referenced didn't give me any information either, unfortunately. I've added the relevant lines to the sendmail.mc (and rebuilt sendmail.cf), made sure that clamav.conf was similarly edited, made the appropriate run directory with permissions and ownership. The next instructions were not applicable, as I am not running spamassassin, and I'm trying to run all on one machine. >From there on, everything else is changelog. What have I missed? Running make in the overall clamav directory, enabling the milter, still says that there's nothing to be done for 'all' in the milter directory. Likewise when I try to run make in the milter directory itself. I'm clearly missing something - but what? -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] PATCH: mbox-force, treat unrecognized files as rfc822 mbox.
<>I wrote this patch because I kept getting virus emails quarantined by
amavisd (after passing through clamav-milter) which were not recognized
as RFC822 mail files.
They are not recognized because their headers are mxed up a bit. For
instance the messages can start with Date: or To: or any other header
not recognized by the magic scan routine.
These messages were infected by viruses that clamscan detects after
using munpack on them.
The messages all had a X-Scanned by clamav-milter header.
clamav-milter currently sends a pseudo "Received:" header to clamd,
presumably this should force RFC822/Mbox processing.
Since I cant currently tell why amavis-milter/amavisd/uvscan catches
them and clamav didnt, this patch will allow me to remove the
uncertainty involved.
This patch
* updates libclamav to recognize a new option CL_UNKNOWN_MAIL which will
treat the file as RFC822 if unrecognized.
* updates clamscan to recognize these new command line arguments (all
equivalent) --mbox-force or --mail or -M which turns on above behavior.
* updates clamd to recognize new commands designed to ask for this
behavior. MAILSCAN, CONTMAILSCAN, MAILSTREAM.
* updates clamd to recognize new configuration option
"ScanUnknownAsMail" designed to ask for this behavior as a default.
* updates clamdscan to recognize the new command line arguments and use
the above commands to clamd.
* updates clamav-milter to use the MAILSTREAM or MAILSCAN commands to clamd.
Some notes:
- clamd will reject with unknown command the new verbs if ScanMail is
not in the config file.
- clamdscan will not use the new verbs if ScanMail is not in the config
file.
- clamscan will treat the new arguments as implying -m (--mbox).
Its been 30 hours since and not a single new one of those messages has
appeared with this patch.
Patches are on http://www.jmaimon.com/clamav
Attached are patches for 0.70 and clamav-devel
Joe
diff -ur clamav-devel-jm5/clamav-milter/clamav-milter.c
clamav-devel-jm4/clamav-milter/clamav-milter.c
--- clamav-devel-jm5/clamav-milter/clamav-milter.c Fri Apr 23 17:07:42 2004
+++ clamav-devel-jm4/clamav-milter/clamav-milter.c Fri Apr 23 17:16:38 2004
@@ -2083,7 +2083,7 @@
return cl_error;
}
- snprintf(cmdbuf, sizeof(cmdbuf) - 1, "SCAN %s", privdata->filename);
+ snprintf(cmdbuf, sizeof(cmdbuf) - 1, "MAILSCAN %s",
privdata->filename);
nbytes = (int)strlen(cmdbuf);
@@ -2894,7 +2894,7 @@
shutdown(privdata->dataSocket, SHUT_RD);
- if(send(privdata->cmdSocket, "STREAM\n", 7, 0) < 7) {
+ if(send(privdata->cmdSocket, "MAILSTREAM\n", 11, 0) < 7) {
perror("send");
if(use_syslog)
syslog(LOG_ERR, "send failed to clamd");
diff -ur clamav-devel-jm5/clamd/session.c clamav-devel-jm4/clamd/session.c
--- clamav-devel-jm5/clamd/session.cFri Apr 23 17:07:43 2004
+++ clamav-devel-jm4/clamd/session.cFri Apr 23 17:16:38 2004
@@ -54,6 +54,9 @@
#define CMD9 "SESSION"
#define CMD10 "END"
#define CMD11 "SHUTDOWN"
+#define CMD12 "MAILSTREAM"
+#define CMD13 "MAILSCAN"
+#define CMD14 "CONTMAILSCAN"
int command(int desc, const struct cl_node *root, const struct cl_limits *limits, int
options, const struct cfgstruct *copt)
@@ -150,6 +153,27 @@
} else if(!strncmp(buff, CMD11, strlen(CMD11))) { /* SHUTDOWN */
return COMMAND_QUIT;
+} else if(!strncmp(buff, CMD12, strlen(CMD12))) { /* MAILSTREAM */
+ if((cpt = cfgopt(copt,"ScanMail"))) {
+ options |= CL_UNKNOWN_MAIL;
+ scanstream(desc, NULL, root, limits, options, copt);
+ } else {
+ mdprintf(desc, "UNKNOWN COMMAND\n");
+ }
+} else if(!strncmp(buff, CMD13, strlen(CMD13))) { /* MAILSCAN */
+ if((cpt = cfgopt(copt,"ScanMail"))) {
+ options |= CL_UNKNOWN_MAIL;
+ scan(buff + strlen(CMD13) + 1, NULL, root, limits, options, copt, desc, 0);
+ } else {
+ mdprintf(desc, "UNKNOWN COMMAND\n");
+ }
+} else if(!strncmp(buff, CMD14, strlen(CMD14))) { /* CONTMAILSCAN */
+ if((cpt = cfgopt(copt,"ScanMail"))) {
+ options |= CL_UNKNOWN_MAIL;
+ scan(buff + strlen(CMD14) + 1, NULL, root, limits, options, copt, desc, 1);
+ } else {
+ mdprintf(desc, "UNKNOWN COMMAND\n");
+ }
} else {
mdprintf(desc, "UNKNOWN COMMAND\n");
}
diff -ur clamav-devel-jm5/clamdscan/clamdscan.c clamav-devel-jm4/clamdscan/clamdscan.c
--- clamav-devel-jm5/clamdscan/clamdscan.c Fri Apr 23 17:07:43 2004
+++ clamav-devel-jm4/clamdscan/clamdscan.c Fri Apr 23 17:16:38 2004
@@ -126,6 +126,8 @@
mprintf("--verbose -v Be verbose\n");
mprintf("--quietBe quiet, only output error
messages\n");
mprintf("--stdout Write to stdout
