Re: [Clamav-users] Virus not detected by clamav
Not detected here too, oldest clamav versions detect it well. Linux cubo 2.4.27-2-686 #1 Mon May 16 17:03:22 JST 2005 i686 GNU/Linux ClamAV 0.87.1/1213/Mon Dec 19 15:48:34 2005 ([EMAIL PROTECTED]:~)# clamscan attreg.zip attreg.zip: OK ([EMAIL PROTECTED]:~)# f-prot -ver Program version: 4.6.3 Engine version: 3.16.10 ([EMAIL PROTECTED]:~)# f-prot attreg.zip /root/attreg.zip->File-packed_dataInfo.exe Infection: W32/Sober ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virus not detected by clamav
On Dec 20, 2005, at 04:40 , Luis Miguel R. wrote: Not detected here too, oldest clamav versions detect it well. Detection of viruses in a buffer scan isn't working well either, it doesn't recognize most viruses including the ClamAV test viruses that the older versions (pre 0.87) recognize. SEE: http://www.daleenterprise.com/test.php Linux cubo 2.4.27-2-686 #1 Mon May 16 17:03:22 JST 2005 i686 GNU/Linux ClamAV 0.87.1/1213/Mon Dec 19 15:48:34 2005 ([EMAIL PROTECTED]:~)# clamscan attreg.zip attreg.zip: OK ([EMAIL PROTECTED]:~)# f-prot -ver Program version: 4.6.3 Engine version: 3.16.10 ([EMAIL PROTECTED]:~)# f-prot attreg.zip /root/attreg.zip->File-packed_dataInfo.exe Infection: W32/Sober Tomasz, I've resolved the crashing issue with libclamav and apache, I have solid code for a PHP extension that has been tested on several OS's without any issues. Do you wish to add this to the contrib ??? SEE: http://www.daleenterprise.com/clamav_info.php -- Dale ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] samba stalls
I had the following problem. sometimes samba does not react for a longer period. After this time of waiting it works normally sin the next time of stalling. I found the following in my logfile. Could this be the reason? What happens here? What to do against? Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: [2005/12/20 16:06:29, 0] smbd/oplock.c:oplock_break(847) Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: oplock_break: receive_smb timed out after 30 seconds. Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: oplock_break failed for file Vorlagen/Normal.dot (dev = 2b01, inode = 575870, file_id = 30) . Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: [2005/12/20 16:06:29, 0] smbd/oplock.c:oplock_break(919) Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: oplock_break: client failure in oplock break in file Vorlagen/Normal.dot Thanks in advance for every hint. R.Hnat ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] samba stalls
Reinhard Hnat wrote: > I had the following problem. sometimes samba does not react for a longer > period. After this time of waiting it works normally sin the next time of > stalling. I found the following in my logfile. Could this be the reason? > What happens here? What to do against? > > Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: [2005/12/20 16:06:29, 0] > smbd/oplock.c:oplock_break(847) > Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: oplock_break: receive_smb > timed out after 30 seconds. > Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: oplock_break failed for > file Vorlagen/Normal.dot (dev = 2b01, inode = 575870, file_id = 30) > . > Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: [2005/12/20 16:06:29, 0] > smbd/oplock.c:oplock_break(919) > Dec 20 16:06:29 mozart smbd_vscan-clamav[15145]: oplock_break: client > failure in oplock break in file Vorlagen/Normal.dot > > Thanks in advance for every hint. > > R.Hnat What versions of clamav / samba / samba_vscan are you running? What distro? What is your client (I assume Windows based on the Word document template but what version?) I'm not sure if anyone here uses samba_vscan. I'll give you any 'hint' I can, though. You might get more relevant help on the openantivirus lists: http://sourceforge.net/mail/?group_id=10590 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] postfix and clamav
Greetings, I have been using postfix for a while, and would like to integrate clamav for scanning email. What is the best and most simple way to achieve this? I have tried mailnees, clamfilter, clapf, and openprotect, but I cannot get any of them to work ( very frustrating ). Does anyone have any of these methods working? Thank you for any pointers or advice. Take care. S ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] postfix and clamav
> -Original Message- > From: Shannon Scott [mailto:[EMAIL PROTECTED] > Sent: 20 December 2005 16:48 > To: clamav-users@lists.clamav.net > Subject: [Clamav-users] postfix and clamav > > > Greetings, > I have been using postfix for a while, and would like to integrate > clamav for scanning email. > What is the best and most simple way to achieve this? > I have tried mailnees, clamfilter, clapf, and openprotect, > but I cannot > get any of them to work ( very frustrating ). > Does anyone have any of these methods working? > Thank you for any pointers or advice. > Take care. Probably your best bet is amavisd-new http://www.ijs.si/software/amavisd/ works perfectly with clamd .. plus theres several dozen FAQs and wikis out there dedicated to postfix/amavisd/clamav/spamassassin setups to guide you through the installation and configuration. Ken ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] postfix and clamav
On Dec 20, 2005, at 10:48 AM, Shannon Scott wrote: Greetings, I have been using postfix for a while, and would like to integrate clamav for scanning email. What is the best and most simple way to achieve this? I have tried mailnees, clamfilter, clapf, and openprotect, but I cannot get any of them to work ( very frustrating ). Does anyone have any of these methods working? Thank you for any pointers or advice. Take care. S I'm using amavis-new on both a fedora core 4 and suse 10 boxes. ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] postfix and clamav
> Greetings, > I have been using postfix for a while, and would like to integrate > clamav for scanning email. > What is the best and most simple way to achieve this? > I have tried mailnees, clamfilter, clapf, and openprotect, but I cannot > get any of them to work ( very frustrating ). > Does anyone have any of these methods working? > Thank you for any pointers or advice. > Take care. > S Try... http://memberwebs.com/nielsen/software/clamsmtp/ Bin using it for 2 months ... works without issues and was easy to setup. Christopher Checca Packard Transport, Inc. IT Department 24021 South Municipal Dr PO Box 380 Channahon, IL. 60410 815 467 9260 815 467 6939 Fax [EMAIL PROTECTED] www.packardtransport.com ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: getting nag screen about old installation even after installing 0.87.1
Hi there, On Tue, 20 Dec 2005 C. Andrews Lavarre wrote: [901 lines of garbage about top-posting trimmed - I'm on the digest.] > [EMAIL PROTECTED] ~]# which clamscan > /usr/local/bin/clamscan > [EMAIL PROTECTED] ~]# cd /usr/local/bin/ > [EMAIL PROTECTED] bin]# clamscan -V > ClamAV 0.87.1/1211/Fri Dec 16 17:51:35 2005 No point in changing directory unless the value of your PATH variable starts with a dot. Did you use DOS once? :) Under Linux, you don't necessarily get what you think you get when you change directory and run a binary like that. DOS (and for all I know, Windoze too) will first look in the current directory for an executable but Linux won't, unless it's been told to. My guess is that it hasn't in this case. To be sure which binary you'll be running (unless you're sure which binary you'll be running:) you need to give the full path. [519 more lines snipped. Sigh.] 73, Ged. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: getting nag screen about old installation even after installing 0.87.1
On 12/20/05, G.W. Haywood <[EMAIL PROTECTED]> wrote: > Hi there, > > No point in changing directory unless the value of your PATH variable > starts with a dot. Did you use DOS once? :) > > Under Linux, you don't necessarily get what you think you get when you > change directory and run a binary like that. DOS (and for all I know, > Windoze too) will first look in the current directory for an executable > but Linux won't, unless it's been told to. My guess is that it hasn't > in this case. To be sure which binary you'll be running (unless you're > sure which binary you'll be running:) you need to give the full path. Ged is correct. Type # which clamscan at your shell prompt and it will tell you where in your $PATH it is finding the executable. Jeff D ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: getting nag screen about old installation even
> > On 12/20/05, G.W. Haywood <[EMAIL PROTECTED]> wrote: > > Hi there, > > > > No point in changing directory unless the value of your PATH variable > > starts with a dot. Did you use DOS once? :) > > > > Under Linux, you don't necessarily get what you think you get when you > > change directory and run a binary like that. DOS (and for all I know, > > Windoze too) will first look in the current directory for an executable > > but Linux won't, unless it's been told to. My guess is that it hasn't > > in this case. To be sure which binary you'll be running (unless you're > > sure which binary you'll be running:) you need to give the full path. > > Ged is correct. > > Type > > # which clamscan > > at your shell prompt and it will tell you where in your $PATH it is > finding the executable. In this case it is not very important as it was still in his path after he'd issued the cd command. Understanding one's path is a good point, but this isn't the best example with which to make it. The real point of education is that these duplicate files can and do exist and that a good clean uninstall is needed for a good clean install. dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: getting nag screen about old installation even after installing 0.87.1
G.W., Hi, thanks for the insights: > [901 lines of garbage about top-posting trimmed - I'm on the digest.] Amen. I'm on the newsgroup (see below), but fwiw I LIKE top posting, I immediately know what is latest... But I digress ... The solution is to leave the digest and use the newsgroup, details below. > No point in changing directory unless the value of your PATH variable > starts with a dot. Nope: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin Did you use DOS once? :) Blush, yes. :-( > To be sure which binary you'll be running (unless you're > sure which binary you'll be running:) you need to give the full path. Thanks, I have just run the following as root in the root directory: [EMAIL PROTECTED] /]# /usr/local/bin/clamscan -V resulting in ClamAV 0.87.1/1213/Mon Dec 19 09:48:34 2005 So clearly I have the right version? But, despite the nuking action reported last night, I still get the nag. Below under the signature is this morning's complaint. It would seem that clam-update is generating the problem, since clamscan.cron is in the weekly cron, not the daily. Hmmm. [EMAIL PROTECTED] /]# locate clam-update gives /etc/log.d/scripts/services/clam-update /etc/log.d/conf/logfiles/clam-update.conf /etc/log.d/conf/services/clam-update.conf Examining the services directory [EMAIL PROTECTED] /]# cd /etc/log.d/scripts/services/ [EMAIL PROTECTED] services]# ls -l shows an April 25 version of clamav, -rwxr-xr-x 1 root root 3375 Apr 25 2005 clamav -rwxr-xr-x 1 root root 3030 Apr 25 2005 clamav-milter -rwxr-xr-x 1 root root 7819 Apr 25 2005 clam-update rather than a December date. My clamscan is a December version; so perhaps the older clam-update is out of date? = The .conf file states that clam-update "Analyzes the Clam Anti-Virus update log". It also refers to /var/log/clam-update, which is a directory on my system. Hmmm. This contains freshclam.log and a number of backups. And indeed this file has entries from before my update. In fact, the latest entry is BEFORE my update. So perhaps clam-update is reading this file, and if it sees an older complaint about being outdated simply echoes that complaint, rather than checking to see if the complaint is any longer valid? So I will save the log to backup, then clean out all the older freshclam nags, and see what happens now. I just ran freshclam: [EMAIL PROTECTED] services]# freshclam ClamAV update process started at Tue Dec 20 20:19:28 2005 main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 1213, sigs: 1844, f-level: 6, builder: diego) and then checked freshclam.log. IT IS EMPTY! So it looks like clam-update is simply checking the freshclam log and echoing any complaints found there. FWIW, running clam-update in the foreground just hangs... Maybe it's waiting for a server. So I've just kicked it off in the background, we'll see if the same nag appears. What's frustrating here is that cron.daily has no reference to clam-update, but as the above shows, something is triggering it besides me (I'm asleep at 4AM) and it ain't cron doing it either. Very interesting problem... :-) > [519 more lines snipped. Sigh.] :-( I feel your pain... What I did to resolve this was 1) sign up for the digest, which gives me access to the newsgroup, but then while not UNsubscribing, 2) still turning off the digest. So now I can use the newsgroup and not have to worry about snipping. The process is available, although not highlighted in the digest, FAQ, etc. But hey, it's free and it is yet another puzzle to solve, which I have done, (and can put on my resume :-), so fun: + Go to http://lists.clamav.net/mailman/listinfo/clamav-users + Go to the bottom of the page, enter your email address and click "Unsubscribe or edit options" This takes you to http://lists.clamav.net/cgi-bin/mailman/options/clamav-users + Go to the section "clamav-users list: member options for user [EMAIL PROTECTED]" and enter your password and click "Log In" This takes you to http://lists.clamav.net/cgi-bin/mailman/options/clamav-users + Page down to "mail delivery" and click the "Disabled" option box. + Go back to the top and log out. NOW, use your favorite news client (I'm using Thunderbird; there is a raft of others) to set up an ordinary nntp news account with news.gmane.org (Port 119) and follow the rules for your client to complete the action, then ask it to subscribe. Then search for the newsgroup gmane.comp.security.virus.clamav.user and subscribe to it. You'll never have to read about top-posting again. Thanks again. > 73, 73, WA6VCT Andy #
[Clamav-users] Re: getting nag screen about old installation even after installing 0.87.1
Jeff hi, thanks > Ged is correct. > > Type > > # which clamscan > > at your shell prompt and it will tell you where in your $PATH it is > finding the executable. This returns: [EMAIL PROTECTED] services]# which clamscan /usr/local/bin/clamscan So the installation is indeed the latest for which the version check returns the latest. I think it is the issue with freshclam.log discussed with Ged. Thanks, Andy ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: getting nag screen about old installation even
Dennis hi > The real point of education is that these duplicate files can and do exist > and that a good clean uninstall is needed for a good clean install. I agree. I'll report back tomorrow, but it looks like the old freshclam.log was generating the issue with clam-update. I've now nuked all older versions of freshclam and clamscan, cleaned out the freshclam.log of older entries, still haven't figured out what is triggering clam-update since it isn't in any .cron directory... Cheers, Andy ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: getting nag screen about old installation even after installing 0.87.1
Fajar hi, thanks. > My guess is you have both /usr/bin/clamscan ( from RPM) and > /usr/local/bin/clamscan (from manual build). The same goes for libs also. . You are correct, thanks: /usr/bin/ contains May 18, 2005 versions of clamav-config clamdscan clamscan freshclam /usr/loca/bin contains December 12, 2005 versions of the same files... So I'll nuke the older ones... Thanks! > Mixing RPMs and manual builds can lead to unexpected results, like the > one you have. Unless you really know what you're doing. Clearly I don't... :-( but I'm learning... > BTW, is you use clamdscan then don't forget to restart clamd after upgrade. mmm. It was part of the install, but I'm not really sure why I need it, since cron invokes basic clamscan weekly? Thanks again for the info... Best regards, Andy ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: getting nag screen about old installation even after installing 0.87.1
C. Andrews Lavarre said: > >> BTW, is you use clamdscan then don't forget to restart clamd after >> upgrade. > mmm. It was part of the install, but I'm not really sure why I need > it, since cron invokes basic clamscan weekly? > > Clamdscan uses clamd which runs in daemon mode. Clamd will continue to run even if you have removed and replaced the executable file. You need to kill it then start it to ensure clamdscan accesses to the new executable. The other scanner, clamscan, does not use clamd. dp ___ http://lurker.clamav.net/list/clamav-users.html
