Re: [Clamav-users] clamd crash triggered by THIS list
On Tue, Jun 01, 2004 at 01:41:08AM -0500, Damian Menscher wrote: > May 31 11:36:23 astro clamd[1002]: Segmentation fault :-( Bye.. > So... the message that broke it was sent to this list, specifically the > message from Samuel Benzaquen with timestamp: > Date: Mon, 31 May 2004 11:16:12 -0400 same happened here. .070/.70j, no patch, slack 9.1 -- Please avoid sending me Microsoft Office attachments. See http://www.fsf.org/philosophy/no-word-attachments.html --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Running Clamd as root?
On Tuesday 01 Jun 2004 07:36, Mr Mailing List wrote: > Non-priviliged users that uses clamdscan to scan files (and not > clamscan) cannot scan files that are only accessible to the user unless > clamd runs as root. And let's hope it stays that way. -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd crash triggered by THIS list
On Tuesday 01 Jun 2004 07:41, Damian Menscher wrote: > INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, > T=S:4m;R:4m')dnl > > It was my understanding that the "F=" part of that meant that a milter > failure would cause messages to come in as if the milter did not exist. > Perhaps the documentation could be improved? INPUT_MAIL_FILTER and the meaning of 'F=' is part of sendmail, you will have to ask the sendmail authors to improve their documentation if you're unhappy with that. > Damian Menscher -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam problem since update
Hi, I'm running clamav on FreeBSD 5.2.1 and since i upgraded from 0.70 to 0.71 i get the following errors when running freshclam : # freshclam ClamAV update process started at Tue Jun 1 10:06:04 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder: ddm) Reading CVD header (daily.cvd): OK ERROR: Can't open new file ./clamav-17600af7dd18baba to write open: Permission denied ERROR: Can't download daily.cvd from 213.184.16.3 I am running as root and this always worked, but now i am getting these errors, so i cannot update my virus definitions. Please help! -- Remco Bressers --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Customize the virus varnings.
Hi, How can I customize the Virus warning message. Thanks in Advance. - Rajesh --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam problem since update
Hi, have a look to the file freshclam.conf. Especialy directives "DatabaseDirectory" and "DatabaseOwner". I think that it's the problem. The DatabaseOwner doens't have write access to the DatabaseDirectory. Regards. Le mar 01/06/2004 à 10:15, Remco Bressers a écrit : > Hi, > > I'm running clamav on FreeBSD 5.2.1 and since i upgraded from 0.70 to > 0.71 i get the following errors when running freshclam : > > # freshclam > ClamAV update process started at Tue Jun 1 10:06:04 2004 > Reading CVD header (main.cvd): OK > main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder: ddm) > Reading CVD header (daily.cvd): OK > ERROR: Can't open new file ./clamav-17600af7dd18baba to write > open: Permission denied > ERROR: Can't download daily.cvd from 213.184.16.3 > > I am running as root and this always worked, but now i am getting these > errors, so i cannot update my virus definitions. Please help! -- == Cedric Foll Ingénieur sécurité & réseaux, Rectorat de Rouen mèl: [EMAIL PROTECTED] tèl: 02 35 14 77 51 "Email is dying, it's coming to its end. Any day now, a MyDoom-style virus could quickly overload and break the entire email system without a chance of recovery - simply by sending out millions of generic, unfilterable messages in a loop, round the clock, forever. Then we would have to drop email as we know it. Every email server, every email client in the world." Mikko Hypponen, Manager, Anti-Virus Research F-Secure == signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
Re: [Clamav-users] Freshclam problem since update
Hi, Thanks! That fixed my problem. The database owner was different :) Remco Cedric Foll wrote: Hi, have a look to the file freshclam.conf. Especialy directives "DatabaseDirectory" and "DatabaseOwner". I think that it's the problem. The DatabaseOwner doens't have write access to the DatabaseDirectory. Regards. Le mar 01/06/2004 à 10:15, Remco Bressers a écrit : Hi, I'm running clamav on FreeBSD 5.2.1 and since i upgraded from 0.70 to 0.71 i get the following errors when running freshclam : # freshclam ClamAV update process started at Tue Jun 1 10:06:04 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder: ddm) Reading CVD header (daily.cvd): OK ERROR: Can't open new file ./clamav-17600af7dd18baba to write open: Permission denied ERROR: Can't download daily.cvd from 213.184.16.3 I am running as root and this always worked, but now i am getting these errors, so i cannot update my virus definitions. Please help! -- Met vriendelijke groet, Signet B.V. Remco Bressers Network Engineer E: [EMAIL PROTECTED] T: 0499 - 396 094 F: 0499 - 395 579 www.signet.nl --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] (no subject)
Hello.
I got lots of shuch mesages in log:
---SNIP---
Jun 1 15:04:02 spamd clamav-milter[885]: Access Denied: Host Unknown
([221.143.124.239])
---SNIP---
Im using:
Jun 1 15:12:37 spamd clamav-milter[15432]: clamd / ClamAV version 0.71, clamav-milter
version 0.71
This happened after we moved relay to other address (with DNS records updeted...).
I found that calav-milter fails on :
clamav-milter.c: 1773: if((hp = gethostbyname(hostmail)) == NULL)
where hostmail is {if_name} from sendmail, well, i checked sendmail's if_name, by
editing O SmtpGreetingMessage= i added ${if_name} at the end of old Greeting Msg. So
then telnet relay 25, gives me correct hostname at the end greeting msg.
Now im triyng to find what's wrong, temporary workaround: milter rebuilded
--without-tcpwrappers, and it works.
Any ideas ?
Thanx.
ps. sorry for my english.
--
Alex V. Kovirshin
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] (no subject), clamav-milter with tcpwrappers, gethostbyname for {if_name} failed
On Tue, Jun 01, 2004 at 03:23:42PM +0400, Alex V. Kovirshin wrote:
> Hello.
>
> I got lots of shuch mesages in log:
> ---SNIP---
> Jun 1 15:04:02 spamd clamav-milter[885]: Access Denied: Host Unknown
> ([221.143.124.239])
> ---SNIP---
>
> Im using:
> Jun 1 15:12:37 spamd clamav-milter[15432]: clamd / ClamAV version 0.71,
> clamav-milter version 0.71
>
>
> This happened after we moved relay to other address (with DNS records updeted...).
>
> I found that calav-milter fails on :
> clamav-milter.c: 1773: if((hp = gethostbyname(hostmail)) == NULL)
>
> where hostmail is {if_name} from sendmail, well, i checked sendmail's if_name, by
> editing O SmtpGreetingMessage= i added ${if_name} at the end of old Greeting Msg. So
> then telnet relay 25, gives me correct hostname at the end greeting msg.
> Now im triyng to find what's wrong, temporary workaround: milter rebuilded
> --without-tcpwrappers, and it works.
> Any ideas ?
>
> Thanx.
>
> ps. sorry for my english.
Sorry, for no subject. My head feels like a freesbee :-\.
--
Alex V. Kovirshin
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Problems with clamd in local network {Scanned}
thats what I try to do. But how can I say PC2 to use the clamd (or the virus database) of PC1? --- Samuel Benzaquen <[EMAIL PROTECTED]> schrieb: > > > > [mailto:[EMAIL PROTECTED] > nombre de Jo Mills > > Enviado el: Jueves, 27 de Mayo de 2004 07:33 a.m. > > > > > > On Thu, May 27, 2004 at 01:06:01PM +0200, Pippi > Langstrumpf wrote: > > > Hi, > > > > > > how can i configure clamd in a local network? > has > > > anybody some documentation (more detailed than > the the > > > normal clamav docs..) > > > > > > Situation: > > > PC 1: installed clamd, clamav, clamav-base, > > > clamav-daemon, clamav-freshclam, libclamav1 > > > --> has internet connection (sometimes) > > > > > > PC2: installed clamav, clamav-base, > clamav-freshclam, > > > libclamav1 > > > --> just local network > > > > > > PC1: db-update via internet > > > PC2: tries to connect to PC1 for db update with > > > freshclam > > > --> errormessage: > > > ClamAV update process started at Wed May 26 > 13:59:43 > > > 2004 > > > ERROR: Can't connect to port 80 of host 10.1.0.6 > > > (10.1.0.6) > > > ERROR: Connection with 10.1.0.6 (IP: 10.1.0.6) > failed. > > > > > > some help? > > > > > Just a thought, but why do you run freshclam on > PC2? If you ran > > freshclam via cron on PC1, then once PC1 has > updated it's database(s) > > OK (check the return codes from Freshclam in the > documentation) you > > could, as part of the same cron job, use scp (see > SSH documentation if > > you're not familiar with scp) to copy the new > database(s) to PC2 (and > > as many other PC's as you wish). > > > > Perhaps you could use NFS to "share" the directory > on PC1 with other > > PC's? I guess it depends a bit on your security > considerations and on > > what it is your trying to do. > > > > Jo. > > > > If I understand what you're saying, PC2 does NOT run > clamd, it uses the > clamd daemon on PC1. > In that case, you don't need freshclam, scp or any > other utility. > > -Samuel > - > Don't fix it if it's not broken. > But if u still want to fix it, call me. I'll break > it for u. > > > > --- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the > market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the > exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users Mit schönen Grüßen von Yahoo! Mail - http://mail.yahoo.de --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd crash triggered by THIS list
> -Mensaje original- > De: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] nombre de christian > laubscher > Enviado el: Martes, 01 de Junio de 2004 03:28 a.m. > Para: [EMAIL PROTECTED] > Asunto: Re: [Clamav-users] clamd crash triggered by THIS list > > > On Tue, Jun 01, 2004 at 01:41:08AM -0500, Damian Menscher wrote: > > > May 31 11:36:23 astro clamd[1002]: Segmentation fault :-( Bye.. > > > So... the message that broke it was sent to this list, specifically the > > message from Samuel Benzaquen with timestamp: > > Date: Mon, 31 May 2004 11:16:12 -0400 > > same happened here. > .070/.70j, no patch, slack 9.1 > > -- Sorry about that. =( For the ones that could not read my mail, I sent the header of an attachment that contained a BinHex file. The mail that I received broke my clamd and i was asking the list for help about it. I guess just by sending the header causes the clamd to break. I'm running same version of clamav / clamav-milter. I think that I found a DoS by accident. =P Hope they fix it soon. -Samuel Benzaquen --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd dead but subsys locked
[EMAIL PROTECTED] wrote: > Folks, > I am again in the situation where the clamav-milter seems unable to > connect to clamd. In my maillog I get the following: > > Milter: data, reject=451 4.7.1 Please try again later > > Previously, I had thought that this was a problem with the milter > itself, but as I know (a little) more now I went to check on the clamd > process. Checking on the status gives the following: > > clamd dead but subsys locked > > I am able to start clamd again, but it seems only a matter of time > before it stops again. I do not know the trigger event that stops it; > it does seem to accept some number of messages successfully before it > dies. > > Below are the relevant lines from my sendmail.mc file; I'll also > attach the (non-commented) lines in my clamav.conf file. > > Hopefully this will make sense to someone; thanks for your time. > > -Don > > It appears that the message from Samuel Benzaquen, mentioned elsewhere, must have been the source of my crash. Does anyone have any ideas for what in this message may have caused a crash? -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam not responding
I have been using Clamav 0.70 without problem for some time but without warning freshclam recently stopped responding. No error message except the usual notification that I had no digital signature, which is another problem which I have not solved but am not too concerned about at this stage. The link just stopped responding. I then updated to 0.71 hoping in vain that the problem would go away. It didn't of course. Can anyone suggest the answer, or help a relative newbie to identify the problem? I have read all the help files and read all recent suggestions for upgrading with interest but none seem to help. I first did a "make uninstall", then removed (I think) all traces of 0.70, and "freshclam -V" only throws up 0.71. File permissions don't seem to be a problem either. I am now stumped. Thanks in advance. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] OT: Question Re: possibly infected W2K Server
Is there anything free that I can use to scan a possibly infected Windows 2000 Server system. Norton's Internet Security says it's trying to DoS my Windows clients, on port 1433. The server is sending "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this system, asap. -ste --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Problems with clamd in local network {Scanned}
> [mailto:[EMAIL PROTECTED] nombre de Pippi > Langstrumpf > Enviado el: Martes, 01 de Junio de 2004 09:26 a.m. > > > thats what I try to do. But how can I say PC2 to use > the clamd (or the virus database) of PC1? > I'm 'guessing' that if you configure /etc/clamav.conf on PC2: - Commenting local socket - Configuring TCPAddr to PC1 clamdscan will read that conf and connect to that clamd daemon. - extract from /etc/clamav.conf -- # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. # LocalSocket /tmp/clamd # TCP port address. #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. #TCPAddr 127.0.0.1 --- Be sure to use clamdscan. clamscan will not try to connect to a clamd deamon. -samuel > > --- Samuel Benzaquen <[EMAIL PROTECTED]> schrieb: > > > > > > [mailto:[EMAIL PROTECTED] > > nombre de Jo Mills > > > Enviado el: Jueves, 27 de Mayo de 2004 07:33 a.m. > > > > > > > > > On Thu, May 27, 2004 at 01:06:01PM +0200, Pippi > > Langstrumpf wrote: > > > > Hi, > > > > > > > > how can i configure clamd in a local network? > > has > > > > anybody some documentation (more detailed than > > the the > > > > normal clamav docs..) > > > > > > > > Situation: > > > > PC 1: installed clamd, clamav, clamav-base, > > > > clamav-daemon, clamav-freshclam, libclamav1 > > > > --> has internet connection (sometimes) > > > > > > > > PC2: installed clamav, clamav-base, > > clamav-freshclam, > > > > libclamav1 > > > > --> just local network > > > > > > > > PC1: db-update via internet > > > > PC2: tries to connect to PC1 for db update with > > > > freshclam > > > > --> errormessage: > > > > ClamAV update process started at Wed May 26 > > 13:59:43 > > > > 2004 > > > > ERROR: Can't connect to port 80 of host 10.1.0.6 > > > > (10.1.0.6) > > > > ERROR: Connection with 10.1.0.6 (IP: 10.1.0.6) > > failed. > > > > > > > > some help? > > > > > > > Just a thought, but why do you run freshclam on > > PC2? If you ran > > > freshclam via cron on PC1, then once PC1 has > > updated it's database(s) > > > OK (check the return codes from Freshclam in the > > documentation) you > > > could, as part of the same cron job, use scp (see > > SSH documentation if > > > you're not familiar with scp) to copy the new > > database(s) to PC2 (and > > > as many other PC's as you wish). > > > > > > Perhaps you could use NFS to "share" the directory > > on PC1 with other > > > PC's? I guess it depends a bit on your security > > considerations and on > > > what it is your trying to do. > > > > > > Jo. > > > > > > > If I understand what you're saying, PC2 does NOT run > > clamd, it uses the > > clamd daemon on PC1. > > In that case, you don't need freshclam, scp or any > > other utility. > > > > -Samuel > > - > > Don't fix it if it's not broken. > > But if u still want to fix it, call me. I'll break > > it for u. > > > > > > > > > --- > > This SF.Net email is sponsored by: Oracle 10g > > Get certified on the hottest thing ever to hit the > > market... Oracle 10g. > > Take an Oracle 10g class now, and we'll give you the > > exam FREE. > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > ___ > > Clamav-users mailing list > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/clamav-users > > > > > > > Mit schönen Grüßen von Yahoo! Mail - http://mail.yahoo.de > > > --- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: Question Re: possibly infected W2K Server
http://housecall.trendmicro.com/ Regards, Rick Shaun T. Erickson wrote: Is there anything free that I can use to scan a possibly infected Windows 2000 Server system. Norton's Internet Security says it's trying to DoS my Windows clients, on port 1433. The server is sending "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this system, asap. -ste --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OT: Question Re: possibly infected W2K Server
http://housecall.trendmicro.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shaun T. Erickson Sent: Tuesday, June 01, 2004 10:08 AM To: [EMAIL PROTECTED] Subject: [Clamav-users] OT: Question Re: possibly infected W2K Server Is there anything free that I can use to scan a possibly infected Windows 2000 Server system. Norton's Internet Security says it's trying to DoS my Windows clients, on port 1433. The server is sending "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this system, asap. -ste --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: Question Re: possibly infected W2K Server
Shaun T. Erickson said: > Is there anything free that I can use to scan a possibly infected > Windows 2000 Server system. Norton's Internet Security says it's trying > to DoS my Windows clients, on port 1433. The server is sending > "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this > system, asap. > Would ClamWin (http://www.clamwin.com) do it? I run it on multiple desktop systems. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamd troubles
>If you walk through the following steps, your trouble should be repaired. As you have not shared your full clamav and procmail >configuration, I will be as comprehensive as possible. Thanks for the response. I got clamdscan working late last week. I'm working on getting auto email checking under qmail going. Thanks, Roger --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav + amavis_new
I installed yesterday clamav (Linux). Clamd (over TCP), clamscan and clamdscan are all working fine. Now I want to continue with the step to install and configurate amavis_new using clamav. Clamd can work with sockets OR tcp. How must I configure amavis_new and clamav to cooperate. I would prefer tcp, but with amavis I did not see a way to configurate a port for communicate with clamd. Maybe it is only working via sockets ? How can I test from commandline, wheter clamd is working or not: - clamscan recognize virus-signatures in 2 files (.zip) - clamdscan (socket) tell me that 0 files are infected Which user should start clamd ? When I use user "vscan" (the same user as amavisd), then I cannot user clamdscan for checking files from command line due to permission violations of user vscan (low rights). Is there any other problem to know about amavis and clamd? Thanks Harald --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: Question Re: possibly infected W2K Server
On Tue, 2004-06-01 at 09:07, Shaun T. Erickson wrote: > Is there anything free that I can use to scan a possibly infected > Windows 2000 Server system. Norton's Internet Security says it's trying > to DoS my Windows clients, on port 1433. The server is sending > "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this > system, asap. See the SQLServer pages on www.microsoft.com. This sounds like an old worm that was fixed a long time ago. There is also a pgm on the web site to verify if the SQLServer (or MSDE) patch is needed. Alex --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav + amavis_new
I installed yesterday clamav (Linux). Clamd (over TCP), clamscan and clamdscan are all working fine. Now I want to continue with the step to install and configurate amavis_new using clamav. Clamd can work with sockets OR tcp. How must I configure amavis_new and clamav to cooperate. I would prefer tcp, but with amavis I did not see a way to configurate a port for communicate with clamd. Maybe it is only working via sockets ? How can I test from commandline, wheter clamd is working or not: - clamscan recognize virus-signatures in 2 files (.zip) - clamdscan (socket) tell me that 0 files are infected Which user should start clamd ? When I use user "vscan" (the same user as amavisd), then I cannot user clamdscan for checking files from command line due to permission violations of user vscan (low rights). Is there any other problem to know about amavis and clamd? Thanks Harald --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Update of multiple machines
Chris, Clamd seems like a much better option, IMHO. Install the daemon on ONE machine, and then have all the other clients connect to it with their files-to-be-scanned. Then you only have ONE machine scanning, and one machine updating it's lists. I wish I had a link offhand to send you, hopefully someone else on the list will have some help for setting up clamd with multiple clients?? GuaRDiaN --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamd troubles
Harrell, Roger said: >>If you walk through the following steps, your trouble should be repaired. > As you have not shared your full clamav and procmail >>configuration, I will be as comprehensive as possible. > > Thanks for the response. I got clamdscan working late last week. I'm > working > on getting auto email checking under qmail going. > How are you going to call clamdscam? I've been using qmail-scanner-queue on --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam not responding
I have found that freshclam just like to stop occasionally, I run a cron job to see
that it is still running, I guess one could get a little more
creative and set it to star tback p if it is ofund to be missing
---
Chris McKeever
If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com
http://www.prupref.com";>www.prupref.com
Prudential Preferred Properties
http://www.prupref.com";>Chicago and Illinois NorthShore Real Estate
Experts
On Tue, 01 Jun 2004 15:05 , Gervase <[EMAIL PROTECTED]> sent:
>I have been using Clamav 0.70 without problem for some time but without
>warning freshclam recently stopped responding. No error message except
>the usual notification that I had no digital signature, which is another
>problem which I have not solved but am not too concerned about at this
>stage. The link just stopped responding.
>
>I then updated to 0.71 hoping in vain that the problem would go away.
>It didn't of course. Can anyone suggest the answer, or help a relative
>newbie to identify the problem? I have read all the help files and read
>all recent suggestions for upgrading with interest but none seem to
>help. I first did a "make uninstall", then removed (I think) all traces
>of 0.70, and "freshclam -V" only throws up 0.71. File permissions don't
>seem to be a problem either. I am now stumped. Thanks in advance.
>
>
>
>---
>This SF.Net email is sponsored by: Oracle 10g
>Get certified on the hottest thing ever to hit the market... Oracle 10g.
>Take an Oracle 10g class now, and we'll give you the exam FREE.
>http://ads.osdn.com/\?ad_id=3149&alloc_id=8166&op=click
>___
>Clamav-users mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/clamav-users
>
Prudential Preferred Properties www.prupref.com
Success Driven By Results
Results Driven By Commitment
Commitment Driven By Integrity
We Are Prudential Preferred Properties
N¬HS^µéX¬²'²Þu¼§%{] ë\z»b~'¢{az-µë-¶§ëÞ®Ú!Ûazf«ëN§%{]
M©
js«iÉ^×H
«,Ü
X"½ì¨ºØ^{¦Ûiÿö²
Ê&ý§b
Re: [Clamav-users] OT: Question Re: possibly infected W2K Server
housecall.trendmicro.com symantec.com both have free checking utilities On Tue, 1 Jun 2004 10:16 , [EMAIL PROTECTED] <[EMAIL PROTECTED]> sent: >Shaun T. Erickson said: >> Is there anything free that I can use to scan a possibly infected >> Windows 2000 Server system. Norton's Internet Security says it's trying >> to DoS my Windows clients, on port 1433. The server is sending >> "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this >> system, asap. >> > >Would ClamWin (http://www.clamwin.com\) do it? I run it on multiple >desktop systems. > > --- Chris McKeever If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com http://www.prupref.com";>www.prupref.com Prudential Preferred Properties http://www.prupref.com";>Chicago and Illinois NorthShore Real Estate Experts > Prudential Preferred Properties www.prupref.com Success Driven By Results Results Driven By Commitment Commitment Driven By Integrity We Are Prudential Preferred Properties
Re: Bad ideas WAS RE: [Clamav-users] Zero bytes vbs & cpl attachment
Mitch (WebCob) wanted us to know: >While you are mentioning bad ideas... what about this trend of sending >bounce messages to the sender or postmaster based on the From or envelope >address of messages with virii in them. Does Clam-milter do this? (I don't Only if you start it with the -b (--bounce) option. Personally I use -ol --quiet for my control options. -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.3-8mdkenterprise 1 user, load average: 0.03, 0.05, 0.03 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam not responding
On Tue, 1 Jun 2004 12:45:29 -0500, McKeever Chris <[EMAIL PROTECTED]> wrote: >I have found that freshclam just like to stop occasionally, I run a cron job to see >that it is still running, I guess one could get a little more >creative and set it to star tback p if it is ofund to be missing > Why run it as a daemon at all? I have it run from cron every 3 hours on the 17th minute. -- Steve --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamd troubles
>>If you walk through the following steps, your trouble should be repaired. > As you have not shared your full clamav and procmail >>configuration, I will be as comprehensive as possible. > > Thanks for the response. I got clamdscan working late last week. I'm > working > on getting auto email checking under qmail going. > >How are you going to call clamdscam? I've been using qmail-scanner-queue on I have qscanq installed, and using qmailqueue to call it. The trouble I'm running into now is that the mail does not make it back into the queue. When an email is received it is passed scanned by clamd then gets stuck somewhere I haven't been able to figure out exactly where, but when I remove the qmailqueue line from my /etc/tcp.smtp line, the previously non-delivered mail, gets delivered to the final recipient. Roger --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Freshclam not responding
Following my own question of Tue, 2004-06-01 at 15:05, in which I wrote: > I have been using Clamav 0.70 without problem for some time but without > warning freshclam recently stopped responding. No error message except > the usual notification that I had no digital signature, which is another > problem which I have not solved but am not too concerned about at this > stage. The link just stopped responding. > > I then updated to 0.71 hoping in vain that the problem would go away. > It didn't of course. Can anyone suggest the answer, or help a relative > newbie to identify the problem? I have read all the help files and read > all recent suggestions for upgrading with interest but none seem to > help. I first did a "make uninstall", then removed (I think) all traces > of 0.70, and "freshclam -V" only throws up 0.71. File permissions don't > seem to be a problem either. I am now stumped. Thanks in advance. If I leave it alone long enough, I get the following message: "ClamAV update process started at Tue Jun 1 16:31:59 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES ERROR: Can't get information about database.clamav.net host. ERROR: Connection with database.clamav.net (IP: ???) failed. Trying again... Does this help anyone identify the problem? --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Freshclam not responding
Gervase wrote: ERROR: Can't get information about database.clamav.net host. Seems like DNS problem. Configure your DNS server properly, or use proxy (edit freshclam.conf) What does "nslookup database.clamav.net" or "host database.clamav.net" says? It should say something like [EMAIL PROTECTED] data]# host database.clamav.net database.clamav.net is an alias for db.local.clamav.net. db.local.clamav.net is an alias for db.asia.clamav.net. db.asia.clamav.net has address 212.113.16.74 db.asia.clamav.net has address 218.44.253.75 db.asia.clamav.net has address 24.244.193.22 db.asia.clamav.net has address 62.210.153.202 db.asia.clamav.net has address 129.64.99.170 db.asia.clamav.net has address 193.140.143.23 db.asia.clamav.net has address 202.134.0.71 db.asia.clamav.net has address 203.28.142.36 db.asia.clamav.net has address 203.81.40.167 db.asia.clamav.net has address 203.202.10.60 db.asia.clamav.net has address 207.201.202.73 db.asia.clamav.net has address 210.22.201.152 Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FreeBSD 4.8-RELEASE + clamd 0.70 (stable) hanging
Hello Jesse, I am affraid you are NOT the only person who is experiancing this kind of problems. We are a Dutch internetprovider using Clamav as virusscanner for our mailplatform using clamavmilter / sendmail. One or two times a day clamav hangs. We have tried to use network and file sockets: does not make any difference. When the load is high, clamd hangs more than under normal load. On an other platform with 2 loadbalanced fast intel machines, we have no troubles. If clamd hangs, we only have left 2 clamd processes and 1 milter process. Kind regards, Bas van Oosterum, Senior System Administrator Solcon Internetdiensten B.V. - NOC Dronten - The Netherlands T - +31 321 385646 W - http://www. solcon.nl - Original Message - From: "Jesse Guardiani" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 04, 2004 10:28 PM Subject: [Clamav-users] FreeBSD 4.8-RELEASE + clamd 0.70 (stable) hanging > Howdy folks, > > I'm running clamd 0.70 with: > > FreeBSD chortos.wingnet.net 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Fri Apr 11 12:59:08 EDT 2003 [EMAIL PROTECTED]:/usr/src/sys/compile/CHORTOS i386 > > I am (and have been since a CVS upgrade sometime after 0.70-rc) > having serious problems with clamd hanging. I'm > currently monitoring it with monit, and monit > is having to restart clamd every couple of > minutes because clamd keeps hanging: > > May 4 15:53:09 chortos monit[51854]: Trying to restart 'clamd' > May 4 15:55:16 chortos monit[51854]: Trying to restart 'clamd' > May 4 15:57:35 chortos monit[51854]: Trying to restart 'clamd' > May 4 15:59:49 chortos monit[51854]: Trying to restart 'clamd' > May 4 16:15:36 chortos monit[51854]: Trying to restart 'clamd' > > I'm testing clamd by sending a VERSION command > to the unix socket. If clamd fails to respond within > monit's specified timeout then monit kills and > restarts clamd. > > Is anyone else seeing this behavior? Have any > fixes been made in CVS that may prevent it? > > My mailserver is considerably less reliable with > clamd having to be restarted every few minutes. > For example, it's making long multi-meg mail > transfers near impossible. The up side is that > my mail is virus free. :) But I'd really love > to see a solution to this problem. > > -- > Jesse Guardiani, Systems Administrator > WingNET Internet Services, > P.O. Box 2605 // Cleveland, TN 37320-2605 > 423-559-LINK (v) 423-559-5145 (f) > http://www.wingnet.net > > > > > --- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: FreeBSD 4.8-RELEASE + clamd 0.70 (stable) hanging
NOC - St. Ichthus ICT wrote: > Hello Jesse, > > I am affraid you are NOT the only person who is experiancing this kind of > problems. We are a Dutch internetprovider using Clamav as virusscanner for > our mailplatform using clamavmilter / sendmail. One or two times a day > clamav hangs. We have tried to use network and file sockets: does not make > any difference. When the load is high, clamd hangs more than under normal > load. On an other platform with 2 loadbalanced fast intel machines, we > have no troubles. > > If clamd hangs, we only have left 2 clamd processes and 1 milter process. Well, it's good to know I'm not alone. Just to clarify: What is your clamav version? What is your OS? I experienced some really regular hanging all last week, and I think I found the email that causes the problem, but I can't reproduce it yet. My experience with Bacula on FreeBSD leads me to suspect a pthreads (libc_r) bug, but it may very well just be a ClamAV bug. I'm personally doing everything I can to track this down, but it's slow going. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Freshclam not responding
On Tue, 2004-06-01 at 22:09, Fajar A. Nugraha wrote: > Gervase wrote: > > >ERROR: Can't get information about database.clamav.net host. > > > > > Seems like DNS problem. Configure your DNS server properly, > or use proxy (edit freshclam.conf) Make sure your firewall allows DNS over both UDP _and_ TCP, because clam has so many mirrors the DNS response stopped fitting in a UDP packet so has to use a TCP packet instead, if your firewall doesn't allow through TCP packets it won't work. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: Freshclam not responding
> Following my own question of Tue, 2004-06-01 at 15:05, in > which I wrote: > > I have been using Clamav 0.70 without problem for some time > but without > > warning freshclam recently stopped responding. No error > message except > > the usual notification that I had no digital signature, > which is another > > problem which I have not solved but am not too concerned > about at this > > stage. The link just stopped responding. There were a spate of these a couple of months back when the database started getted hosted at a lot of places and they all received dns records. When the udp dns response comes back, it can't all fit in the packet so your dns resolver is supposed to query again via tcp. If your firewall has recently been modified to not allow tcp dns queries, you would probably see just what you are seeing above. To narrow down the problem further (and eliminate either dns or clamav), try doing the dns query from wherever freshclam is running. -ron --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: FreeBSD 4.8-RELEASE + clamd 0.70 (stable) hanging
Jesse Guardiani wrote: Well, it's good to know I'm not alone. Just to clarify: What is your clamav version? What is your OS? I experienced some really regular hanging all last week, and I think I found the email that causes the problem, but I can't reproduce it yet. My experience with Bacula on FreeBSD leads me to suspect a pthreads (libc_r) bug, but it may very well just be a ClamAV bug. I'm personally doing everything I can to track this down, but it's slow going. I run clamd on a variety of mail servers from FreeBSD 4.7-4.9 with no problems on this. The last time I saw clamd hang was on the old /dev/urandom issue which was fixed in 0.70. One thing I do have different is I do NOT link with libc_r at least from what I can tell. What I suggest to try is installing the pthreads port in /usr/ports/dev/pth, then make sure pthreads is pathed correctly by running the rc.d script it installs. Secondly install clamav from the ports tree again after pthreads is installed. /usr/ports/security/clamav will install 0.71. But first what I would do is make sure that any old libraries from previous clamav installations are removed. /usr/local/lib for starters. We had a heck of a time tracing some bugs/compile time crashes when old lib versions stuck around. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 A computer program does what you tell it to do, not what you want it to do. --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] License limit error
I have updated to ClamAV 0.71 and am running CGPAV 1.3b on OS X 10.3.3 I forgot to uninstall the old ClamAV before installing the new one... However, when the mail server now gets messages, I get the following log information: 17:29:16.92 2 QUEUE([460002]) from <[EMAIL PROTECTED]>, 1459 bytes (<[EMAIL PROTECTED]>) 17:29:16.92 2 ENQUEUERRULES [460002] rule(ClamAV) action #0: added header 'X-VirusScan-2: SUBMITTED' 17:29:16.92 4 EXTFILTER(cgpav) out(9): 1 INTF 3\n 17:29:16.92 4 EXTFILTER(cgpav) inp(8): 1 INTF 2 17:29:16.92 2 EXTFILTER(cgpav) interfaceLevel = 2 17:29:16.92 4 EXTFILTER(cgpav) out(24): 2 FILE Queue/460002.msg\n 17:29:16.95 4 EXTFILTER(cgpav) inp(67): 2 REJECTED "No connection to the Antiviral filter. Will try later." 17:29:16.95 3 EXTFILTER(cgpav) license limit: REJECTED "No connection to the Antiviral filter. Will try later." and the mail stays in the que until I shut down the CGPAV helper script. This may be more of a question to CGPAV but there is no mail list for them. I have made no other configuration changes to the server other than upgrading CGPAV and ClamAV and running the installers (following the same configurations I did the first time at: http://www.spiffin.net/forum/viewtopic.php?t=33) If I test clamscan against a folder I know has virus files in it, it does correctly find them. --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ScanStream: accept timeout
Hello, I am using clamav 0.71 on RH 7.3 2.4.24 and it works fine. No major problems. I have found several messages in clamd.log like this: ERROR: ScanStream: accept timeout. What does this message mean? Also I wonder what happens to message which triggers the following warning: WARNING: ScanStream: Size limit reached ( max: 10485760) Is it bounced back or pass through without scanning? Thanks in advance. Best Regards, -- George Chelidze --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
