[Clamav-users] Clamav-Milter Unsafe
Hi, i've looking for information about this error(?) , the Logwatch of my CentOS send a daily mail to root, always appears this lines Milter (clamav-milter): local socket name /var/clamav/clmilter.sock' unsafe: 10 Time(s) Milter (clamav-milter): to error state: 10 Time(s) i have the clamav-milter as a service , so clamd. Here i send the listing of /var/clamav [EMAIL PROTECTED] ~]# ll /var/clamav/ total 14580 srwxr-xr-x 1 root root 0 dic 13 17:14 clmilter.sock -rw-r--r-- 1 clamav clamav 848771 dic 14 06:42 daily.cvd -rw-r--r-- 1 clamav clamav 170372 nov 5 17:16 daily.cvd.rpmnew -rw-r--r-- 1 clamav clamav 6924820 nov 4 06:30 main.cvd -rw-r--r-- 1 clamav clamav 6924820 nov 5 17:16 main.cvd.rpmnew i think this is a permission trouble, btu i'm not sure, here is the /etc/sysconfig/clamav-milter file: [EMAIL PROTECTED] ~]# more /etc/sysconfig/clamav-milter ### Simple config file for clamav-milter, you should ### read the documentation and tweak it as you wish. CLAMAV_FLAGS=" --config-file=/etc/clamd.conf --max-children=5 --force-scan --quiet --dont-log-clean --noreject [EMAIL PROTECTED] --postmaster-only -obl local:/var/clamav/clmilter.sock " CLAMAV_USER='clamav' [EMAIL PROTECTED] ~]# and the /etc/clamd.conf [EMAIL PROTECTED] ~]# more /etc/clamd.conf ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if you want to run another clamd instance, # please # copy the configuration file, change the LogFile variable, and run # the daemon with the --config-file option). # This option disables log file locking. # Default: disabled #LogFileUnlock # Maximal size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 0 # Log time with each message. # Default: disabled LogTime # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: disabled #LogClean # Use system logger (can work together with LogFile). # Default: disabled LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: disabled #LogVerbose # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). TemporaryDirectory /var/tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled #LocalSocket /var/run/clamav/clamd.sock # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket # TCP port address. # Default: disabled TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 MaxConnectionQueueLength 30 # Clamd uses FTP-like protocol to receive data from remote clients. # If you are using clamav-milter to balance load between remote clamd daemons # on firewall servers you may need to tune the options below. # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximal attachment size. # Default: 10M #StreamMaxLength 20M # Limit port range. # Default: 1024 #StreamMinPort 3 # Default: 2048 #StreamMaxPort 32000 # Maximal number of threads running at the same time. # Default: 10 #MaxThreads 20 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 ReadTimeout 300 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Maximal depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: disabled #FollowDirectorySymlinks # Follow regular file symlinks. # Default: disabled #FollowFileSymlinks # Perform internal sanity check (database integrity and freshness). # Default: 1800 (30 min) #SelfCheck 600 #
Re: [Clamav-users] Clamav-Milter Unsafe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Departamento de Informatica wrote: > Hi, i've looking for information about this error(?) , the Logwatch of > my CentOS send a daily mail to root, always appears this lines > > Milter (clamav-milter): local socket name /var/clamav/clmilter.sock' > unsafe: 10 Time(s) > Milter (clamav-milter): to error state: 10 Time(s) > > i have the clamav-milter as a service , so clamd. Here i send the > listing of /var/clamav > > [EMAIL PROTECTED] ~]# ll /var/clamav/ > total 14580 > srwxr-xr-x 1 root root 0 dic 13 17:14 clmilter.sock > -rw-r--r-- 1 clamav clamav 848771 dic 14 06:42 daily.cvd > -rw-r--r-- 1 clamav clamav 170372 nov 5 17:16 daily.cvd.rpmnew > -rw-r--r-- 1 clamav clamav 6924820 nov 4 06:30 main.cvd > -rw-r--r-- 1 clamav clamav 6924820 nov 5 17:16 main.cvd.rpmnew > > > i think this is a permission trouble, btu i'm not sure, here is the > /etc/sysconfig/clamav-milter file: [snip] On my system, srwx-- 1 clamav clamav 0 Dec 13 18:23 clamav-milter.sock - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFgVCmeERILVgMyvARAmmYAJwNhbobntAP2C6/WYfEN4nfPpuRgACfczaZ 3MqFcidcPUijCh1i83HpfJ0= =LFTa -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-Milter Unsafe
That's what i want to do, so i put the line CLAMAV_USER='clamav' in /etc/sysconfig/clamav-milterso, how could i do to start clamav-milter as 'clamav' user?? Sorry for the 'newbie' question 2006/12/14, Steven Stern <[EMAIL PROTECTED]>: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Departamento de Informatica wrote: > Hi, i've looking for information about this error(?) , the Logwatch of > my CentOS send a daily mail to root, always appears this lines > > Milter (clamav-milter): local socket name /var/clamav/clmilter.sock' > unsafe: 10 Time(s) > Milter (clamav-milter): to error state: 10 Time(s) > > i have the clamav-milter as a service , so clamd. Here i send the > listing of /var/clamav > > [EMAIL PROTECTED] ~]# ll /var/clamav/ > total 14580 > srwxr-xr-x 1 root root 0 dic 13 17:14 clmilter.sock > -rw-r--r-- 1 clamav clamav 848771 dic 14 06:42 daily.cvd > -rw-r--r-- 1 clamav clamav 170372 nov 5 17:16 daily.cvd.rpmnew > -rw-r--r-- 1 clamav clamav 6924820 nov 4 06:30 main.cvd > -rw-r--r-- 1 clamav clamav 6924820 nov 5 17:16 main.cvd.rpmnew > > > i think this is a permission trouble, btu i'm not sure, here is the > /etc/sysconfig/clamav-milter file: [snip] On my system, srwx-- 1 clamav clamav 0 Dec 13 18:23 clamav-milter.sock - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFgVCmeERILVgMyvARAmmYAJwNhbobntAP2C6/WYfEN4nfPpuRgACfczaZ 3MqFcidcPUijCh1i83HpfJ0= =LFTa -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Protection from W32.Sality.U
BG Mahesh wrote: hi I am getting few emails which are passing thru clamav. Norton says the email is infected with W32.Sality.U Is there an update for clamav which can protect me from W32.Sality.U? I am using 0.88.7 Have you submitted a sample to www.clamav.net? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-Milter Unsafe
CLAMAV_FLAGS=" --config-file=/etc/clamd.conf --max-children=5 --force-scan --quiet --dont-log-clean --noreject [EMAIL PROTECTED] --postmaster-only -obl local:/var/clamav/clmilter.sock Don't use the -b option. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Double notification when Defs update
On 13/12/06 21:07, Craig Jackson wrote: Hi, Sorry about the double post but I accidently hit control return before I was finished. I have configured Clamav to send me a email notice when it the definitions update. Yesterday I started receiving 2 of them which appear identical. Why is this happening and how can I turn it off? Using clamav-0.90RC1.1.tar.gz This from the log: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.90RC1.1 Recommended version: 0.88.7 I checked the FAQ but saw nothing. I don't want to upgrade anything and I don't want double notices. It's a minor bug fixed in 0.90rc2. If you don't want to upgrade to 0.90rc2, change line 1166 of freshclam/manager.c to check for "RC" instead of "rc", then rebuild and reinstall. Note that "make install" may fail in the "database" subdirectory, but it will have already reinstalled the important thing, which is freshclam. (If upgrading to 0.90rc2, you will need to issue a "make install" in the "docs" and "clamav-milter" subdirectories after it fails in the "database" subdirectory.) -- -=( Ian Abbott @ MEV Ltd.E-mail: <[EMAIL PROTECTED]>)=- -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Clamav-Milter Unsafe
On 14/12/06 13:51, Departamento de Informatica wrote: That's what i want to do, so i put the line CLAMAV_USER='clamav' in /etc/sysconfig/clamav-milterso, how could i do to start clamav-milter as 'clamav' user?? Sorry for the 'newbie' question You can put User=clamav in the clamd.conf file (probably /etc/clamd.conf if installed from an RPM file, or /usr/local/etc/clamd.conf if installed from source without any ./configure options). -- -=( Ian Abbott @ MEV Ltd.E-mail: <[EMAIL PROTECTED]>)=- -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Clamav-Milter Unsafe
# Run as a selected user (clamd must be started by root). # Default: disabled User root says in clamd.conf "clamd must be started by root", so nothing will gonna happens if i changue the line User root for User clamav ?? Well I'm gonna try this, hope it works, thanks again for patience 2006/12/14, Ian Abbott <[EMAIL PROTECTED]>: On 14/12/06 13:51, Departamento de Informatica wrote: > That's what i want to do, so i put the line > > CLAMAV_USER='clamav' > > in /etc/sysconfig/clamav-milterso, how could i do to start > clamav-milter as 'clamav' user?? > > Sorry for the 'newbie' question You can put User=clamav in the clamd.conf file (probably /etc/clamd.conf if installed from an RPM file, or /usr/local/etc/clamd.conf if installed from source without any ./configure options). -- -=( Ian Abbott @ MEV Ltd.E-mail: <[EMAIL PROTECTED]>)=- -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-Milter Unsafe
make sure the folloowing are in your init script?
# Local clamav-milter config
CLAMAV_FLAGS=
test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
and
start() {
echo -n "Starting clamav-milter: "
daemon clamav-milter ${CLAMAV_FLAGS} -loNP --max-children=8 --timeout=0
\
local:/var/run/clamav/clmilter.sock -c /etc/clamav.conf \
-U /tmp/quarantine
RETVAL=$?
echo
test $RETVAL -eq 0 && touch /var/lock/subsys/clamav-milter
return $RETVAL
}
Your deamon settings may vary but the ${CLAMAV_FLAGS} is the impt. one...
hth
Ed
. . . . . . . . . . . . . . .
Randomly generated quote:
Until he extends the circle of his compassion to all living
things, man will not himself find peace. -Albert Schweitzer
On Thu, 14 Dec 2006, Departamento de Informatica wrote:
That's what i want to do, so i put the line
CLAMAV_USER='clamav'
in /etc/sysconfig/clamav-milterso, how could i do to start
clamav-milter as 'clamav' user??
Sorry for the 'newbie' question
2006/12/14, Steven Stern <[EMAIL PROTECTED]>:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Departamento de Informatica wrote:
> Hi, i've looking for information about this error(?) , the Logwatch of
> my CentOS send a daily mail to root, always appears this lines
>
> Milter (clamav-milter): local socket name /var/clamav/clmilter.sock'
> unsafe: 10 Time(s)
> Milter (clamav-milter): to error state: 10 Time(s)
>
> i have the clamav-milter as a service , so clamd. Here i send the
> listing of /var/clamav
>
> [EMAIL PROTECTED] ~]# ll /var/clamav/
> total 14580
> srwxr-xr-x 1 root root 0 dic 13 17:14 clmilter.sock
> -rw-r--r-- 1 clamav clamav 848771 dic 14 06:42 daily.cvd
> -rw-r--r-- 1 clamav clamav 170372 nov 5 17:16 daily.cvd.rpmnew
> -rw-r--r-- 1 clamav clamav 6924820 nov 4 06:30 main.cvd
> -rw-r--r-- 1 clamav clamav 6924820 nov 5 17:16 main.cvd.rpmnew
>
>
> i think this is a permission trouble, btu i'm not sure, here is the
> /etc/sysconfig/clamav-milter file:
[snip]
On my system,
srwx-- 1 clamav clamav 0 Dec 13 18:23 clamav-milter.sock
- --
Steve
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFFgVCmeERILVgMyvARAmmYAJwNhbobntAP2C6/WYfEN4nfPpuRgACfczaZ
3MqFcidcPUijCh1i83HpfJ0=
=LFTa
-END PGP SIGNATURE-
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Double notification when Defs update
On 14/12/06 14:31, Ian Abbott wrote: It's a minor bug fixed in 0.90rc2. If you don't want to upgrade to 0.90rc2, change line 1166 of freshclam/manager.c to check for "RC" Sorry, I mean line 1031. -- -=( Ian Abbott @ MEV Ltd.E-mail: <[EMAIL PROTECTED]>)=- -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Clamav-Milter Unsafe
Departamento de Informatica wrote: # Run as a selected user (clamd must be started by root). # Default: disabled User root says in clamd.conf "clamd must be started by root", so nothing will gonna happens if i changue the line User root for User clamav ?? Well I'm gonna try this, hope it works, thanks again for patience When clamd is started as root it looks to see who it should run as and "su's" itself to that owner. All files created after this point are owned by the run-as user. If you change the run-as owner to clamav (and you should) be sure to manually change the ownership of any files created by the previous owner (root, probably) to clamav or you will have other failures. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-Milter Unsafe
- Original Message - From: "Departamento de Informatica" <[EMAIL PROTECTED]> # Run as a selected user (clamd must be started by root). # Default: disabled User root ~~ Check if you created user clamav and change in clamd.conf ( /etc/clamd.conf) = # Run as a selected user (clamd must be started by root). # Default: disabled User clamav = then restart clamav-milter and clamd daemon Regards, Jurek ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-Milter Unsafe
That's Ok Ed, so , could i put in the line
CLAMAV_FLAGS
the options of clamav milter (ex. --postmaster-only ) etc ??
2006/12/14, Ed Kasky <[EMAIL PROTECTED]>:
make sure the folloowing are in your init script?
# Local clamav-milter config
CLAMAV_FLAGS=
test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
and
start() {
echo -n "Starting clamav-milter: "
daemon clamav-milter ${CLAMAV_FLAGS} -loNP --max-children=8
--timeout=0 \
local:/var/run/clamav/clmilter.sock -c /etc/clamav.conf \
-U /tmp/quarantine
RETVAL=$?
echo
test $RETVAL -eq 0 && touch /var/lock/subsys/clamav-milter
return $RETVAL
}
Your deamon settings may vary but the ${CLAMAV_FLAGS} is the impt. one...
hth
Ed
. . . . . . . . . . . . . . .
Randomly generated quote:
Until he extends the circle of his compassion to all living
things, man will not himself find peace. -Albert Schweitzer
On Thu, 14 Dec 2006, Departamento de Informatica wrote:
> That's what i want to do, so i put the line
>
> CLAMAV_USER='clamav'
>
> in /etc/sysconfig/clamav-milterso, how could i do to start
> clamav-milter as 'clamav' user??
>
> Sorry for the 'newbie' question
>
> 2006/12/14, Steven Stern <[EMAIL PROTECTED]>:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Departamento de Informatica wrote:
>> > Hi, i've looking for information about this error(?) , the Logwatch of
>> > my CentOS send a daily mail to root, always appears this lines
>> >
>> > Milter (clamav-milter): local socket name /var/clamav/clmilter.sock'
>> > unsafe: 10 Time(s)
>> > Milter (clamav-milter): to error state: 10 Time(s)
>> >
>> > i have the clamav-milter as a service , so clamd. Here i send the
>> > listing of /var/clamav
>> >
>> > [EMAIL PROTECTED] ~]# ll /var/clamav/
>> > total 14580
>> > srwxr-xr-x 1 root root 0 dic 13 17:14 clmilter.sock
>> > -rw-r--r-- 1 clamav clamav 848771 dic 14 06:42 daily.cvd
>> > -rw-r--r-- 1 clamav clamav 170372 nov 5 17:16 daily.cvd.rpmnew
>> > -rw-r--r-- 1 clamav clamav 6924820 nov 4 06:30 main.cvd
>> > -rw-r--r-- 1 clamav clamav 6924820 nov 5 17:16 main.cvd.rpmnew
>> >
>> >
>> > i think this is a permission trouble, btu i'm not sure, here is the
>> > /etc/sysconfig/clamav-milter file:
>>
>> [snip]
>>
>> On my system,
>>
>> srwx-- 1 clamav clamav 0 Dec 13 18:23 clamav-milter.sock
>>
>>
>>
>> - --
>>
>> Steve
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.6 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>
>> iD8DBQFFgVCmeERILVgMyvARAmmYAJwNhbobntAP2C6/WYfEN4nfPpuRgACfczaZ
>> 3MqFcidcPUijCh1i83HpfJ0=
>> =LFTa
>> -END PGP SIGNATURE-
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://lurker.clamav.net/list/clamav-users.html
>>
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-Milter Unsafe
Thanks Jurek, Now mi /var/clamav/clmilter.sock is "chowned" to clamav:clamav, but the permisions still are 744, how could establish to 700 when the system reboots? 2006/12/14, Jerzy Sakol <[EMAIL PROTECTED]>: - Original Message - From: "Departamento de Informatica" <[EMAIL PROTECTED]> > > # Run as a selected user (clamd must be started by root). > # Default: disabled > User root ~~ Check if you created user clamav and change in clamd.conf ( /etc/clamd.conf) = # Run as a selected user (clamd must be started by root). # Default: disabled User clamav = then restart clamav-milter and clamd daemon Regards, Jurek ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Maybe Oversized.Zip bug in clamav 0.88.7
Hi List, Yesterday I updated on my server from clamav 0.88.6 to clamav 0.88.7. In daytime ClamAV detected a lot of Oversized.Zip from our partners. It was a little bit starnge because they're sending mails as usually earlier. Ok. At first try I changed ArchiveMaxCompressionRatio upto 1000. It didn't helped. Oversized.Zip virus detection still worked. I made a simply zip archive with zip's default settings. (Zip 2.32 (June 19th 2006)) and sent to an address to the server. Unfortunetly Oversized.Zip still signed. I downgraded to clamav 0.88.6. The problem resolved. So I think maybe it's a bug of clamav 0.88.7. Have a nice day: Peter ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav-milter installation
Hi Blues, I need your help with clamav-milter configuration. OS=CentOS-4.4, MTA=Sendmail-8.13, ClamAV=0.88.7 4 packages installed: clamd-0.88.7-1.el4.rf clamav-0.88.7-1.el4.rf clamav-milter-0.88.7-1.el4.rf clamav-db-0.88.7-1.el4.rf It says in docs that the milter can work with libclam, which is present in the system: /usr/lib/libclamav.so.1.0.19 It also says that clamd could be spared then. How do I make it work this way? Couldn't figure out in docs. Right now there are 2 services -- clamav-milter & clamd -- on. If I turn clamd off, I get an error from freshclam regarding it. The whole purpose of disabling clamd is: a) save some resources, b) less services in the system, i.e. less possible troubles. :) Best, -- Arthur Sherman +972-52-4878851 CPTeam ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Double notification when Defs update
Q!-Original Message- Q!From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Abbott Q!Sent: Thursday, December 14, 2006 9:11 AM Q!To: ClamAV users ML Q!Subject: [Clamav-users] Re: Double notification when Defs update Q!On 14/12/06 14:31, Ian Abbott wrote: Q!> It's a minor bug fixed in 0.90rc2. If you don't want to upgrade to Q!> 0.90rc2, change line 1166 of freshclam/manager.c to check for "RC" Q!Sorry, I mean line 1031. Q!-- Q!-=( Ian Abbott @ MEV Ltd.E-mail: <[EMAIL PROTECTED]>)=- Thanks. I think I'll upgrade. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] 0.88.7 possible error
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: 13 December 2006 21:13 > To: ClamAV users ML > Subject: Re: [Clamav-users] 0.88.7 possible error > > Robert Isaac wrote: > >> -Original Message- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of > >> [EMAIL PROTECTED] > >> Sent: 13 December 2006 18:55 > >> To: ClamAV users ML > >> Subject: Re: [Clamav-users] 0.88.7 possible error > >> > >> Robert Isaac wrote: > >>> Yesterday I installed 0.88.7 on our server running RHESL-4 > >> using the > >>> rpms from DAG, previously using 0.88.6. Our LogWatch file > >> this morning shows: > >>> **Unmatched Entries** > >>> clamd shutdown succeeded > >>> clamd shutdown failed > >>> clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: > i386) Bound to > >>> address > >>> 127.0.0.1 on port 3310 Portable Executable support enabled. > >>> Detection of broken executables enabled. > >>> clamd startup succeeded > >>> Mail: Recursion level limit set to 64. > >>> HTML support enabled. > >>> clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386) > >>> bind() error: Address already in use > >>> > >>> Is there a problem here somewhere? Thanks > >>> > >> Did you stop the old clamd server before starting the new one? > >> > >> Steve > >> ___ > > > > > > No I didn't. Ooops. What should I do now? > > > > Bob > > > > > > Just kill all instances of clamd and then start up clamd again. > > Steve > There was only one instance running. Killed it and restarted it. Then in today's LogWatch: **Unmatched Entries** clamd shutdown failed clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386) Bound to address 127.0.0.1 on port 3310 clamd startup succeeded Portable Executable support enabled. Detection of broken executables enabled. Mail: Recursion level limit set to 64. HTML support enabled. Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88.7 possible error
Robert Isaac wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 13 December 2006 21:13 To: ClamAV users ML Subject: Re: [Clamav-users] 0.88.7 possible error Robert Isaac wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 13 December 2006 18:55 To: ClamAV users ML Subject: Re: [Clamav-users] 0.88.7 possible error Robert Isaac wrote: Yesterday I installed 0.88.7 on our server running RHESL-4 using the rpms from DAG, previously using 0.88.6. Our LogWatch file this morning shows: **Unmatched Entries** clamd shutdown succeeded clamd shutdown failed clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386) Bound to address 127.0.0.1 on port 3310 Portable Executable support enabled. Detection of broken executables enabled. clamd startup succeeded Mail: Recursion level limit set to 64. HTML support enabled. clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386) bind() error: Address already in use Is there a problem here somewhere? Thanks Did you stop the old clamd server before starting the new one? Steve ___ No I didn't. Ooops. What should I do now? Bob Just kill all instances of clamd and then start up clamd again. Steve There was only one instance running. Killed it and restarted it. Then in today's LogWatch: **Unmatched Entries** clamd shutdown failed I already pointed this out, but perhaps its worth repeating. Whatever script is trying to shutdown clamd is failing. You need to figure out why this is happening. If clamd does not shut down correctly, it will ALWAYS fail when trying to start it back up. Killing it manually is not a fix, its a workaround. clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386) Bound to address 127.0.0.1 on port 3310 clamd startup succeeded Portable Executable support enabled. Detection of broken executables enabled. Mail: Recursion level limit set to 64. HTML support enabled. Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88.7 possible error
Robert Isaac wrote: There was only one instance running. Killed it and restarted it. Then in today's LogWatch: **Unmatched Entries** clamd shutdown failed clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386) Bound to address 127.0.0.1 on port 3310 clamd startup succeeded Portable Executable support enabled. Detection of broken executables enabled. Mail: Recursion level limit set to 64. HTML support enabled. So what is the problem? It looks like it started ok. I am thinking that your script is saying "clamd shutdown failed" because you told the script to restart instead of start after you had already killed the process. I guess the question boils down to is this: Is it working? Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Newbie-inquiry
Hi everyone, I'm having a bit of a problem with clamav on my server- I'm getting about 3 to 4 of these per hour- and I dont know why its happening "malware acl condition: clamd: unable to read from socket (Operation timed out)" and yes mail is still coming in- and clamd is running if this not the right list please excuse me thx _ MSN Shopping has everything on your holiday list. Get expert picks by style, age, and price. Try it! http://shopping.msn.com/content/shp/?ctId=8000,ptnrid=176,ptnrdata=200601&tcode=wlmtagline ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Newbie-inquiry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-paul natola wrote: > Hi everyone, Hello. > I'm having a bit of a problem with clamav on my server- > I'm getting about 3 to 4 of these per hour- and I dont know why its > happening > > "malware acl condition: clamd: unable to read from socket (Operation > timed out)" > > and yes mail is still coming in- and clamd is running Start by describing your problem in detail: complete list of software and versions involved, where are those messages appearing, what does clamd log say, what have you already tried to detect/eliminate the problem, and anything else you consider relevant. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgd2CL3NNweKTRgwRAjvCAKCckvir2NaTwjha7GImySpXnukXNgCfahrn rCb1HnEruwveYl49zKgVcr8= =cE3b -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88.7 possible error
Robert Isaac wrote: There was only one instance running. Killed it and restarted it. Then in today's LogWatch: **Unmatched Entries** clamd shutdown failed clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386) Bound to address 127.0.0.1 on port 3310 clamd startup succeeded Portable Executable support enabled. Detection of broken executables enabled. Mail: Recursion level limit set to 64. HTML support enabled. Bob Did you happen to notice if the PID of the new process was different than the earlier PID? Is the PID of the current process the same as in the clamav.pid file as defined by the clamd.conf PidFile definition? The reason I ask is that sometimes this location gets changed between the startup/shutdown script and the clamd.conf script and the script tries to kill the wrong process, or can't find a process identified in the clamav.pid file. Just a thought. In any event, check the script and clamd.conf to be sure they're both looking at the same pid file. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Newbie-inquiry
René Berber wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-paul natola wrote: Hi everyone, Hello. I'm having a bit of a problem with clamav on my server- I'm getting about 3 to 4 of these per hour- and I dont know why its happening "malware acl condition: clamd: unable to read from socket (Operation timed out)" and yes mail is still coming in- and clamd is running Start by describing your problem in detail: complete list of software and versions involved, where are those messages appearing, what does clamd log say, what have you already tried to detect/eliminate the problem, and anything else you consider relevant. Right about here I keep wishing clamd and freshclam had a --show-conf argument that showed what the current config file says, where it found it, sans comments. Like postconf in the postfix product, I suppose. How hard could it be? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Newbie-inquiry
On Thu, 14 Dec 2006 16:59:23 -0800 Dennis Peterson <[EMAIL PROTECTED]> wrote: > Right about here I keep wishing clamd and freshclam had a --show-conf > argument that showed what the current config file says, where it found > it, sans comments. Like postconf in the postfix product, I suppose. How > hard could it be? Sat Apr 15 19:55:35 CEST 2006 (tk) -- * clamconf: initial version of configuration tool Requested by Tomasz Papszun -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Dec 15 02:01:48 CET 2006 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Newbie-inquiry
Tomasz Kojm wrote: On Thu, 14 Dec 2006 16:59:23 -0800 Dennis Peterson <[EMAIL PROTECTED]> wrote: Right about here I keep wishing clamd and freshclam had a --show-conf argument that showed what the current config file says, where it found it, sans comments. Like postconf in the postfix product, I suppose. How hard could it be? Sat Apr 15 19:55:35 CEST 2006 (tk) -- * clamconf: initial version of configuration tool Requested by Tomasz Papszun I knew that - I was making a point. I even left a clue. Probably too obtuse even by my standards :) dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
