Re: [Clamav-users] Clamav Update with Fedora Core
On Tue, 20 Sep 2005 23:53:55 -0700 (PDT) in [EMAIL PROTECTED] doei <[EMAIL PROTECTED]> wrote: > I'm use clamav versi 0.80 with Fedora Core 2, I want > to upgrade my clamav software, where i can found the > documentations clamav upgrade with fedora core 2. I > can't upgrade because i don't wanna take a risk my > mail server. You're taking far more of a risk with your server and your users by not upgrading. 0.80 is now sufficiently old that it provides little protection and certainly won't get many offers of support here. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Update with Fedora Core
On Wed, 2005-09-21 at 07:53, doei wrote: > I'm use clamav versi 0.80 with Fedora Core 2, I want > to upgrade my clamav software, where i can found the > documentations clamav upgrade with fedora core 2. I > can't upgrade because i don't wanna take a risk my > mail server. You are taking risks by running out of date software. ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamdscan doens't recognize virus
Hello everybody. I'm using clam 0.87 with mimedefang. This moring a virus has been slipped through. This is the output from clamdscan: /tmp/photo.zip: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.143 sec (0 m 0 s) and this is the output from clamscan: photo.zip: Trojan.W32.PWS.Prostor.A FOUND --- SCAN SUMMARY --- Known viruses: 40212 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.20 MB Time: 5.939 sec (0 m 5 s) Clearly clamd doesn't recognize it as a virus. Hints? ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] How to check since when particular worm is detected?
Hi A user forwarded an email with worm to me. This email passed our clamav on 2005.09.20 22:10:41 CEST. When I checked forwarded email with clamscan around 2005.09.21 10:00:00 CEST it correctly detected Worm.Bagle.Gen-5. Between an original email and my test there were two auto updates of DB. How can I chceck if the worm passed because its signature wasn't present in DB at that time? I want to know if that worm passed because of stale DB, not because of other flaw in our AV mechanism. Regards -- --= Michal Kochanowicz =--==--==BOFH==--==--= [EMAIL PROTECTED] =-- --= finger me for PGP public key or visit http://michal.waw.pl/PGP =-- --==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==-- A chodzenie po górach SSIE!!! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan doens't recognize virus
Sorry I was forgotting... This is my clamd.conf ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled #LogFile /tmp/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: disabled #LogFileUnlock # Maximal size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M #LogFileMaxSize 2M # Log time with each message. # Default: disabled #LogTime # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: disabled #LogClean # Use system logger (can work together with LogFile). # Default: disabled #LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: disabled #LogVerbose # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/ClamAV/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). #TemporaryDirectory /var/tmp # Path to the database directory. # Default: hardcoded (depends on installation options) #DatabaseDirectory /var/lib/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled LocalSocket /var/spool/MIMEDefang/clamd.sock # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket # TCP port address. # Default: disabled #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 #MaxConnectionQueueLength 30 # Close the connection if this limit is exceeded. # Default: 10M #StreamMaxLength 20M # Maximal number of threads running at the same time. # Default: 10 #MaxThreads 20 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 #ReadTimeout 300 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Maximal depth directories are scanned at. # Default: 15 MaxDirectoryRecursion 15 # Follow directory symlinks. # Default: disabled #FollowDirectorySymlinks # Follow regular file symlinks. # Default: disabled #FollowFileSymlinks # Perform internal sanity check (database integrity and freshness). # Default: 1800 (30 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced by a virus name. # Default: disabled #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" # Run as a selected user (clamd must be started by root). # Default: disabled User defang # Initialize supplementary group access (clamd must be started by root). # Default: disabled #AllowSupplementaryGroups # Don't fork into background. # Default: disabled #Foreground # Enable debug messages in libclamav. # Default: disabled #Debug # Do not remove temporary files (for debug purposes). # Default: disabled #LeaveTemporaryFiles # By default clamd uses scan options recommended by libclamav. This option # disables recommended options and allows you to enable selected ones below. # DO NOT TOUCH IT unless you know what you are doing. # Default: disabled #DisableDefaultScanOptions ## ## Executable files ## # PE stands for Portable Executable - it's an executable file format used # in all 32-bit versions of Windows operating systems. This option allows # ClamAV to perform a deeper analysis of executable files and it's also # required for decompression of popular executable packers such as UPX, FSG, # and Petite. # Default: enabled #ScanPE # With this option clamav will try to detect broken executables and mark # them as Broken.Executable # Default: disabled #DetectBrokenExecutables ## ## Documents ## # This option enables scanning of Microsoft Office document macros. # Default: enabled #ScanOLE2 ## ## Mail files ## # Enable internal e-mail scanner. # Default: enabled ScanMail # If an email contains URLs ClamAV can download and scan them. # WARNING: This option may open your system to a DoS at
Re: [Clamav-users] Clamav Update with Fedora Core
The best bet would be to get the latest SRPM from fedora extras or dag's repository, and then doing the following on a machine that has a fedora core 2 build environment wget http://fedoraproject.org/extras/3/i386/fedora-rpmdevtools-1.1-1.fc3.noarch.rpm su root rpm -ivh fedora-rpmdevtools-1.1-1.fc3.noarch.rpm exit /usr/bin/fedora-buildrpmtree wget http://fedoraproject.org/extras/3/SRPMS/clamav-0.87-1.fc3.src.rpm rpm -ivh clamav-0.87-1.fc3.src.rpm cd rpmbuild/SPECS rpmbuild -ba clamav.spec this should work.. but Fed Core 2 is rather old and eol so I cant help much on any compile errors at this point. Now you will need to drop your mail server for a bit and remove all the old clamav binaries. If they were not done with rpms.. its best to use find and grep for clamav for stuff. cd ~/rpmbuild/RPMS/i386 su root rpm -Uvh clamav-* then you will need to test that sendmail works with it.. and it should work. On 9/21/05, doei <[EMAIL PROTECTED]> wrote: > I'm use clamav versi 0.80 with Fedora Core 2, I want > to upgrade my clamav software, where i can found the > documentations clamav upgrade with fedora core 2. I > can't upgrade because i don't wanna take a risk my > mail server. > > Anyone can help me where I found the documentations > ??? > > Thanks before ... > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > ___ > http://lurker.clamav.net/list/clamav-users.html > -- Stephen J Smoogen. CSIRT/Linux System Administrator ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Compile problems ClamAV on OpenBSD 3.6
All, I've tried to install ClamAV-0.87 on a OpenBSD 3.6 system. During compile time, I get these errors: output.o(.text+0x7f): In function `logg_close': /root/source/clamav-0.87/clamscan/../shared/output.c:83: undefined reference to `pthread_mutex_lock' output.o(.text+0xae):/root/source/clamav-0.87/clamscan/../shared/output.c:90: undefined reference to `pthread_mutex_unlock' output.o(.text+0xfb): In function `logg': /root/source/clamav-0.87/clamscan/../shared/output.c:116: undefined reference to `pthread_mutex_lock' output.o(.text+0x14d):/root/source/clamav-0.87/clamscan/../shared/output.c:123: undefined reference to `pthread_mutex_unlock' output.o(.text+0x1cd):/root/source/clamav-0.87/clamscan/../shared/output.c:134: undefined reference to `pthread_mutex_unlock' output.o(.text+0x308):/root/source/clamav-0.87/clamscan/../shared/output.c:162: undefined reference to `pthread_mutex_unlock' output.o(.text+0x3c7):/root/source/clamav-0.87/clamscan/../shared/output.c:185: undefined reference to `pthread_mutex_unlock' collect2: ld returned 1 exit status *** Error code 1 Stop in /root/source/clamav-0.87/clamscan (line 290 of Makefile). *** Error code 1 Stop in /root/source/clamav-0.87 (line 368 of Makefile). *** Error code 1 Stop in /root/source/clamav-0.87 (line 227 of Makefile). I've tried to change in the configure files '-lc_r' to '-lpthread', but didn't work out. Anyone ideas ? Regards, Carol Overes ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
On Wed, 2005-09-21 at 14:59, Carol Overes wrote: > All, > > I've tried to install ClamAV-0.87 on a OpenBSD 3.6 system. During > compile time, I get these errors: > > output.o(.text+0x7f): In function `logg_close': > /root/source/clamav-0.87/clamscan/../shared/output.c:83: undefined > reference to `pthread_mutex_lock' > output.o(.text+0xae):/root/source/clamav-0.87/clamscan/../shared/output.c:90: > undefined reference to `pthread_mutex_unlock' > output.o(.text+0xfb): In function `logg': > /root/source/clamav-0.87/clamscan/../shared/output.c:116: undefined > reference to `pthread_mutex_lock' > output.o(.text+0x14d):/root/source/clamav-0.87/clamscan/../shared/output.c:123: > undefined reference to `pthread_mutex_unlock' > output.o(.text+0x1cd):/root/source/clamav-0.87/clamscan/../shared/output.c:134: > undefined reference to `pthread_mutex_unlock' > output.o(.text+0x308):/root/source/clamav-0.87/clamscan/../shared/output.c:162: > undefined reference to `pthread_mutex_unlock' > output.o(.text+0x3c7):/root/source/clamav-0.87/clamscan/../shared/output.c:185: > undefined reference to `pthread_mutex_unlock' > collect2: ld returned 1 exit status > *** Error code 1 > > Stop in /root/source/clamav-0.87/clamscan (line 290 of Makefile). > *** Error code 1 > > Stop in /root/source/clamav-0.87 (line 368 of Makefile). > *** Error code 1 > > Stop in /root/source/clamav-0.87 (line 227 of Makefile). > > I've tried to change in the configure files '-lc_r' to '-lpthread', but > didn't work out. configure --disable-pthreads > > Anyone ideas ? > > Regards, > > Carol Overes > ___ > http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
Hi Nigel and others, Nigel Horne wrote: > configure --disable-pthreads Thanks for this alternative, but I've tried this option as well. But after a successful installation, the binary 'clamd' was missing on the system. Any idea what caused this problem ? Regards, Carol ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
> Thanks for this alternative, but I've tried this option as well. But > after a successful installation, the binary 'clamd' was missing on the > system. What I normally do with my OpenBSD servers, is manually apply the patches from the official port to the new source. They usually apply cleanly, and then it builds just fine. HTH, Benny -- "Now, that next spring you find in your garage a creature that looks like a cross-bred badger and anaconda. A badgerconda." -- bash.org ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
On Wed, 2005-09-21 at 15:45, Carol Overes wrote: > Hi Nigel and others, > > Nigel Horne wrote: > > configure --disable-pthreads > > Thanks for this alternative, but I've tried this option as well. But > after a successful installation, the binary 'clamd' was missing on the > system. > > Any idea what caused this problem ? I'm confused, you say clamd was missing, but you also say that the installation was successful. > > Regards, > > Carol -Nigel ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] non reject and clean
> Kevin B wrote: > >>Hello >>clamav-milter man page says with '-N' I can set >>the milter not to reject an infected email. >>What is the correct syntax to add the option >> and will it still clean the virii?? >> >>I'm not sure where to add the -N amongst the quotes below... >> >>INPUT_MAIL_FILTER(`clamav-milter', >>`S=local:/var/run/clamav/clamav-milter.sock, F=T,T=S:4m;R:4m;E:10m') >> >> > You're looking in the wrong place. Where the right place is will depend > on your operating system, which you haven't told us. > >> >>Thanks in advance >>Kevin >> >> > -Nigel Good morning. Centos 4.1 and clamav and clamav-milter were from RPM's that I built from the SRPM provided by Petr Kristof. http://crash.fce.vutbr.cz/crash-hat/4/clamav/ I know they are for FC4 but work fine on Centos 4.1. Thanks Nigel Kevin ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
Hi Nigel and others, Nigel Horne wrote: > I'm confused, you say clamd was missing, but you also say that the > installation was successful. I can imagine :) During compile time and installation of the binaries on the system, there are no errors. There is a Makefile in the source dir 'clamd' of the tar file. But during compile time there's no 'clamd' binary created. And with 'make install', I see: Making install in clamd test -z "/usr/local/sbin" || /bin/sh ../mkinstalldirs "/usr/local/sbin" So, I expect that 'clamd' is installed in '/usr/local/sbin', but that's not the case. I can imagine, that such a crucial binary missing on my system, is not an error in the installation process. Otherwise others would have complained as well. But I'm trying to find what I'm doing wrong. Kind regards, Carol ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] non reject and clean
On Wed, 2005-09-21 at 15:58, Kevin B wrote: > > Kevin B wrote: > > > >>Hello > >>clamav-milter man page says with '-N' I can set > >>the milter not to reject an infected email. > >>What is the correct syntax to add the option > >> and will it still clean the virii?? > >> > >>I'm not sure where to add the -N amongst the quotes below... > >> > >>INPUT_MAIL_FILTER(`clamav-milter', > >>`S=local:/var/run/clamav/clamav-milter.sock, F=T,T=S:4m;R:4m;E:10m') > >> > >> > > You're looking in the wrong place. Where the right place is will depend > > on your operating system, which you haven't told us. > > > >> > >>Thanks in advance > >>Kevin > >> > >> > > -Nigel > > > Good morning. > > Centos 4.1 and clamav and clamav-milter were from RPM's > that I built from the SRPM provided by Petr Kristof. > http://crash.fce.vutbr.cz/crash-hat/4/clamav/ > I know they are for FC4 but work fine on Centos 4.1. I don't know Centos, so I have no idea where options are held. Best to ask Petr Kristof. On FC4 it is in /etc/sysconfig/clamav-milter, but that may not be the same on Centos, also since you're using a 3rd party distribution, Petr may have moved files' locations. > > Thanks Nigel > > Kevin -Nigel ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
On Wed, 2005-09-21 at 16:07, Carol Overes wrote: > Hi Nigel and others, > > Nigel Horne wrote: > > I'm confused, you say clamd was missing, but you also say that the > > installation was successful. > > I can imagine :) > > During compile time and installation of the binaries on the system, > there are no errors. There is a Makefile in the source dir 'clamd' of > the tar file. But during compile time there's no 'clamd' binary created. > And with 'make install', I see: I don't see how running 'make' produces no errors if it produces no clamd program. Remember to run "make distclean" before rerunning configure with the --disable-pthreads option. > > Making install in clamd > test -z "/usr/local/sbin" || /bin/sh ../mkinstalldirs "/usr/local/sbin" > > So, I expect that 'clamd' is installed in '/usr/local/sbin', but that's > not the case. > > I can imagine, that such a crucial binary missing on my system, is not > an error in the installation process. Otherwise others would have > complained as well. But I'm trying to find what I'm doing wrong. > > Kind regards, > > Carol > ___ > http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Update with Fedora Core
I'm use clamav versi 0.80 with Fedora Core 2, I want to upgrade my clamav software, where i can found the documentations clamav upgrade with fedora core 2. I can't upgrade because i don't wanna take a risk my mail server. Try this way it work for me. go to http://www.clamav.net click on Download >> binary packages and ports click on Fedora2: http://crash.fce.vutbr.cz/crash-hat/2/clamav/ then download clamav-0.87-1.i386.rpm and clamav-devel-0.87-1.i386.rpm into some directory that belong to you. goto the directory that you download files into it use the rpm command to update for examp. rpm -Uhv clamav* the option -U mean upgrade package Anyone can help me where I found the documentations ??? Thanks before ... __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html Tawee Moonton KOL Net Co. Ltd Tel: +66-4-434-2888 Mobile: +66-9-213-7584 http://www.kol.co.th/ Thailand ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] non reject and clean
Kevin B wrote: Hello clamav-milter man page says with '-N' I can set the milter not to reject an infected email. What is the correct syntax to add the option and will it still clean the virii?? I'm not sure where to add the -N amongst the quotes below... INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav/clamav-milter.sock, F=T,T=S:4m;R:4m;E:10m') You're looking in the wrong place. Where the right place is will depend on your operating system, which you haven't told us. Thanks in advance Kevin -Nigel Good morning. Centos 4.1 and clamav and clamav-milter were from RPM's that I built from the SRPM provided by Petr Kristof. http://crash.fce.vutbr.cz/crash-hat/4/clamav/ I know they are for FC4 but work fine on Centos 4.1. CentOS 4.x = FC3 =RHEL4 http://crash.fce.vutbr.cz/crash-hat/3/clamav/ is suitable for it Thanks Nigel Kevin ___ http://lurker.clamav.net/list/clamav-users.html Tawee Moonton KOL Net Co. Ltd Tel: +66-4-434-2888 Mobile: +66-9-213-7584 http://www.kol.co.th/ Thailand ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] zip files and clamav-milter
I am consistently seeing zip files with the Worm.Bagle.Gen-* payload getting through the clamav-milter (clamav-0.87). The milter is at least partially working: X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on xxx.xxx.xxx X-Virus-Status: Clean Manually scanning the zip archive reveals: new__price2.zip: Worm.Bagle.Gen-5 FOUND --- SCAN SUMMARY --- Known viruses: 40212 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.03 MB Time: 1.234 sec (0 m 1 s) Suggestions? ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] zip files and clamav-milter
Nick Golder wrote: > I am consistently seeing zip files with the Worm.Bagle.Gen-* payload > getting through the clamav-milter (clamav-0.87). The milter is at > least partially working: > X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on > xxx.xxx.xxx X-Virus-Status: Clean > Are you using --external? How does clamav-milter know when new virus definitions are available? I assume freshclam doesn't notify clamav-milter threads. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
Hi Nigel, The only warning that have got during 'configure' is: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## I've checked the output during installation, but I haven't seen any errors. Any help is much appreciated. Regards, Carol Nigel Horne wrote: On Wed, 2005-09-21 at 16:07, Carol Overes wrote: Hi Nigel and others, Nigel Horne wrote: I'm confused, you say clamd was missing, but you also say that the installation was successful. I can imagine :) During compile time and installation of the binaries on the system, there are no errors. There is a Makefile in the source dir 'clamd' of the tar file. But during compile time there's no 'clamd' binary created. And with 'make install', I see: I don't see how running 'make' produces no errors if it produces no clamd program. Remember to run "make distclean" before rerunning configure with the --disable-pthreads option. Making install in clamd test -z "/usr/local/sbin" || /bin/sh ../mkinstalldirs "/usr/local/sbin" So, I expect that 'clamd' is installed in '/usr/local/sbin', but that's not the case. I can imagine, that such a crucial binary missing on my system, is not an error in the installation process. Otherwise others would have complained as well. But I'm trying to find what I'm doing wrong. Kind regards, Carol ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to check since when particular worm is detected?
Michal Kochanowicz wanted us to know: >A user forwarded an email with worm to me. This email passed our >clamav on 2005.09.20 22:10:41 CEST. When I checked forwarded email with >clamscan around 2005.09.21 10:00:00 CEST it correctly detected >Worm.Bagle.Gen-5. >Between an original email and my test there were two auto updates of DB. >How can I chceck if the worm passed because its signature wasn't present >in DB at that time? >I want to know if that worm passed because of stale DB, not because of >other flaw in our AV mechanism. Go to http://www.clamav.net, go to the mailing lists page, and join the clamav-virusdb mailing list. In it, you would have seen: ClamAV database updated (2005-Sep-20 22:21 +): daily.cvd version: 1095 Submission: 108225 Sender: Rafa?? Kupka Added: Worm.Bagle.Gen-5 Virus name alias: Email-Worm.Win32.Bagle.ds (Kaspersky AVP), Win32.HLLM.Beagle.35146 (Drweb) So you got it at 22:10:41 CEST, and the signature was available 22:21 UTC. Sounds like you had a stale DB. Make sure that your freshclam is notifying the daemon to reload the database, rather than clamd itself notice that the files have changed and reads it in for that reason. -- Regards... Todd OS X: We've been fighting the "It's a mac" syndrome with upper management for years now. Lately we've taken to just referring to new mac installations as "Unix" installations when presenting proposals and updates. For some reason, they have no problem with that. -- /. Linux kernel 2.6.11-12mdksmp load average: 0.13, 0.15, 0.10 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
On Wed, 21 Sep 2005, Nigel Horne wrote: ; On Wed, 2005-09-21 at 16:07, Carol Overes wrote: ; > Hi Nigel and others, ; > ; > Nigel Horne wrote: ; > > I'm confused, you say clamd was missing, but you also say that the ; > > installation was successful. ; > ; > I can imagine :) ; > ; > During compile time and installation of the binaries on the system, ; > there are no errors. There is a Makefile in the source dir 'clamd' of ; > the tar file. But during compile time there's no 'clamd' binary created. ; > And with 'make install', I see: ; ; I don't see how running 'make' produces no errors if it produces no ; clamd program. Remember to run "make distclean" before rerunning ; configure ; with the --disable-pthreads option. Given that clamd is a threaded application and that the library has been built without threading support, clamd will not be built. >From configure.in if test "$have_pthreads" = "yes" then AC_DEFINE(BUILD_CLAMD, 1, "build clamd") fi Andy ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] zip files and clamav-milter
On 2005-09-21 09:51 -0700, [EMAIL PROTECTED] wrote: > Are you using --external? Currenlty I am using LocalSocket. Using --external didn't make a difference. > > How does clamav-milter know when new virus definitions are available? > I assume freshclam doesn't notify clamav-milter threads. Is clamd, via LocalSocket, being used by clamav-milter if --external isn't being used? Right now, freshclam notifies clamd. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] zip files and clamav-milter
Nick Golder wrote: > On 2005-09-21 09:51 -0700, [EMAIL PROTECTED] wrote: >> Are you using --external? > > Currenlty I am using LocalSocket. Using --external didn't make a > difference. Did you manually scan with clamscan or clamdscan? Try both ways. > Is clamd, via LocalSocket, being used by clamav-milter if --external > isn't being used? Right now, freshclam notifies clamd. clamd is used by clamav-milter iff --external is used. If --external is NOT used, clamav-milter does its own scanning via libclamav. In which case, the question of virus definition update notification becomes important. How/when does clamav-milter find out about virus definition updates? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan doens't recognize virus
Marco Berizzi wrote: Hello everybody. I'm using clam 0.87 with mimedefang. This moring a virus has been slipped through. This is the output from clamdscan: /tmp/photo.zip: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.143 sec (0 m 0 s) and this is the output from clamscan: photo.zip: Trojan.W32.PWS.Prostor.A FOUND --- SCAN SUMMARY --- Known viruses: 40212 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.20 MB Time: 5.939 sec (0 m 5 s) Clearly clamd doesn't recognize it as a virus. Hints? ___ http://lurker.clamav.net/list/clamav-users.html Did you specify --daemon-notify when you ran/run freshclam? Waiting for the daemon to notice the change and update itself seems to take a while. -- David Filion [EMAIL PROTECTED] System / Network Administrator Auto123.com / XPrima Corporation (450)681-5868 ext. 252 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
Carol Overes wrote: Hi Nigel, The only warning that have got during 'configure' is: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## I've checked the output during installation, but I haven't seen any errors. Any help is much appreciated. You didn't confirm that you'd followed my instructions about make distclean etc. You also didn't mention what output you got from 'make'. I know that you discussed that in an earlier post, however I still want to see all the output of the commands I stipulated, in the order I mentioned. Regards, Carol Nigel Horne wrote: On Wed, 2005-09-21 at 16:07, Carol Overes wrote: Hi Nigel and others, Nigel Horne wrote: I'm confused, you say clamd was missing, but you also say that the installation was successful. I can imagine :) During compile time and installation of the binaries on the system, there are no errors. There is a Makefile in the source dir 'clamd' of the tar file. But during compile time there's no 'clamd' binary created. And with 'make install', I see: I don't see how running 'make' produces no errors if it produces no clamd program. Remember to run "make distclean" before rerunning configure with the --disable-pthreads option. Making install in clamd test -z "/usr/local/sbin" || /bin/sh ../mkinstalldirs "/usr/local/sbin" So, I expect that 'clamd' is installed in '/usr/local/sbin', but that's not the case. I can imagine, that such a crucial binary missing on my system, is not an error in the installation process. Otherwise others would have complained as well. But I'm trying to find what I'm doing wrong. Kind regards, Carol -Nigel ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav Upgrade with Fedora Core
This My clamav on my server [EMAIL PROTECTED] clamav]# rpm -qa |grep clamav clamav-devel-0.80-1 clamav-0.80-1 I'm download clamav update from http://crash.fce.vutbr.cz/crash-hat/2/clamav/ when i wanna upgrade my clamav this error open : [EMAIL PROTECTED] clamav]# rpm -Uhv clamav-0.87-1.i386.rpm clamav-devel-0.87-1.i386.rpm warning: clamav-0.87-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1 error: Failed dependencies: libcurl.so.2 is needed by clamav-0.87-1 zlib >= 1.2.1.2 is needed by clamav-0.87-1 why my clamav can not upgrade to new version. Anybody can help me? Thanks before for your support. Regards, __ Yahoo! for Good Donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] how to upgrade clamav with fedora core
My Server Spec: - Fedora Core 2 - qmail+qmailscanner - zlib-1.2.1.1-2.1 This My clamav on my server [EMAIL PROTECTED] clamav]# rpm -qa |grep clamav clamav-devel-0.80-1 clamav-0.80-1 I'm download clamav update from http://crash.fce.vutbr.cz/crash-hat/2/clamav/ when i wanna upgrade my clamav this error open : [EMAIL PROTECTED] clamav]# rpm -Uhv clamav-0.87-1.i386.rpm clamav-devel-0.87-1.i386.rpm warning: clamav-0.87-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1 error: Failed dependencies: libcurl.so.2 is needed by clamav-0.87-1 zlib >= 1.2.1.2 is needed by clamav-0.87-1 why my clamav can not upgrade to new version. why need zlib 1.2.1.2 but i'm use zlib 1.2.1.1-2.1? Anybody can help me? Thanks before for your support. Regards, __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] how to upgrade clamav with fedora core
My Server Spec: - Fedora Core 2 - qmail+qmailscanner - zlib-1.2.1.1-2.1 This My clamav on my server [EMAIL PROTECTED] clamav]# rpm -qa |grep clamav clamav-devel-0.80-1 clamav-0.80-1 I'm download clamav update from http://crash.fce.vutbr.cz/crash-hat/2/clamav/ when i wanna upgrade my clamav this error open : [EMAIL PROTECTED] clamav]# rpm -Uhv clamav-0.87-1.i386.rpm clamav-devel-0.87-1.i386.rpm warning: clamav-0.87-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1 error: Failed dependencies: libcurl.so.2 is needed by clamav-0.87-1 zlib >= 1.2.1.2 is needed by clamav-0.87-1 why my clamav can not upgrade to new version. why need zlib 1.2.1.2 but i'm use zlib 1.2.1.1-2.1? Anybody can help me? Thanks before for your support. Regards, __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html Ok. I have the same problem with you. I had upgrade package by 1. wget ftp://rpmfind.net/linux/fedora/core/development/i386/Fedora/RPMS/zlib-1.2.3-1.i386.rpm 2. rpm -Uhv zlib-1.2.3-1.i386.rpm then upgade ur ClamAV again Remember, This package is Fedora Core Development tree. It will be have some bug. For my FC2 server I don't have any proble after upgrade it Best regard Tawee Moonton KOL Net Co. Ltd Tel: +66-4-434-2888 Mobile: +66-9-213-7584 http://www.kol.co.th/ Thailand ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] howto upgrade clamav with fedora core
My Server Spec: - Fedora Core 2 - qmail+qmailscanner - zlib-devel-1.2.1.2-0.fc2 - zlib-1.2.1.2-0.fc2 This My clamav on my server [EMAIL PROTECTED] clamav]# rpm -qa |grep clamav clamav-devel-0.80-1 clamav-0.80-1 I'm download clamav update from: http://crash.fce.vutbr.cz/crash-hat/2/clamav/ I'm update my fedora from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/ when i wanna upgrade my clamav this error open : [EMAIL PROTECTED] clamav]# rpm -Uhv clamav-0.87-1.i386.rpm clamav-devel-0.87-1.i386.rpm warning: clamav-0.87-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1 error: Failed dependencies: libcurl.so.2 is needed by clamav-0.87-1 why my clamav can not upgrade to new version. why need libcurl.so.2 but libcurl.so.2 files in /usr/lib/ Anybody can help me? Thanks before for your support. Regards, __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav oddity w.r.t Worm.Bagle.Gen-3?
Fernando Durango wrote: Hello all, Just wondering if anyone else noticed something strange recently with Worm.Bagle.Gen-3 viruses. Using exim+exiscan-acl+clamav, we have been seeing several of these viruses sneak thru. Decided to test out 0.87 (upgrading from 0.86.2) on one of the servers where the virus has been coming thru, we ./configure, make, make install, restart clamd, run a freshclam --daemon-notify, then do the following: $ clamdscan price_09.zip /price_09.zip: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.200 sec (0 m 0 s) $ unzip price_09.zip Archive: price_09.zip inflating: 03.exe $ clamdscan 03.exe /03.exe: Worm.Bagle.Gen-3 FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.036 sec (0 m 0 s) $ clamdscan price_09.zip /price_09.zip: Worm.Bagle.Gen-3 FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.039 sec (0 m 0 s) These commands were issued over the course of 30-45 seconds, after a fresh upgrade and after a freshclam sync. So, first time thru it's fine, next time not? The signature Worm.Bagle.Gen-3 has been updated several times. Maybe your update was just between two db updates (you should be able to verify this by comparing db update notifications and your installation time). Best regards, Diego d'Ambra ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] mytob.gh = morphine-packed binaries and bagle.bb-gen = pex-packed binaries?
Helga Fcours wrote: Does the mytob.gh signature match on most morphine/mew packed binaries? Bagle.BB-gen matches all pex packed binaries that are not infected (notepad and wordpad included) and the pex packer binary itself as Bagle.BB-gen, so I suspect that this mytob signature might be doing the same thing. Clam, in a similar way, detects the morphine packer itself as mytob.gh and it is not infected. What is the sig targeting? Both signatures probably detects the packer (I know for a fact that Bagle.BB-gen does). These signatures has been successful in preventing outbreaks of new of Mytob/Bagle variants, which is why they're still in the db. FP has been handled by explicit whitelisting binaries that also uses these packers (e.g. IIRC an older version Kazaa). Your FP submissions are packed notepad samples. It would serve no "benefit" to whitelist them - had it been "useful" binaries I would gladly have added them :-) BTW: You may encounter same problem with other av-scanners. Best regards, Diego d'Ambra ___ http://lurker.clamav.net/list/clamav-users.html
