date:20070126

[Clamav-users] Re: scan performance

2007-01-26 Thread Helmut Schneider


Christopher X. Candreva ([EMAIL PROTECTED]) wrote:


On Thu, 25 Jan 2007, Helmut Schneider wrote:


I don't want to discuss about performance in general, I would just
like to know if this is "normal" and/or if there is a way to tune up
that process.
I use 0.88.7


Yes, it is normal for 0.88.x

The 0.90rc2 release has greatly improved performance.


OK. Could you define "greatly improved"? I'm quite happy with clamav but I 
use postfix/amavis with pre-queueing and therefore... :)


--
Please do not feed my mailbox, Swen still does his job well 



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: scan performance

2007-01-26 Thread Christopher X. Candreva

On Fri, 26 Jan 2007, Helmut Schneider wrote:

> > The 0.90rc2 release has greatly improved performance.
> 
> OK. Could you define "greatly improved"? I'm quite happy with clamav but I use
> postfix/amavis with pre-queueing and therefore... :)

It's been a while, but things that took minutes to scan now take seconds.

==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav is not returning virus name to exim

2007-01-26 Thread Haris Khan


Hello,


I'm new to clamav. I'm running exim 4.66 and clamav (ClamAV 0.88.7/2487/Wed
Jan 24 10:53:17 2007). There are two issues at hand;

1)   clam is not returning the name! of virus it caught in mails. Exim
has a $malware_name variable which should have it, which is coming up as
empty in exim rejectlog
2)   Below, I have copied some sample log entries I found in exim
rejectlog. Is this normal output?


Here is my exim.conf;
--

av_scanner = clamd:/var/run/clamav/clamd

# Reject all messages infected with any virus
 deny message = This email is infected with ($malware_name). Please check
the system for infection.
 warn message = X-Virus-Scanner: ClamAV on $primary_hostname
   demime = *
  malware = */defer_ok

# Now accept all
 accept


Sample 1 from log;
--

2007-01-25 04:09:25 1HA0bk-000Dbi-H4 H=(static-66-13-44-10.bdsl.verizon.net)
[66.13.44.10] F=<[EMAIL PROTECTED]> rejected after DATA: This email is
infected with (). Please check the system for infection.
Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from [66.13.44.10] (helo=static-66-13-44-10.bdsl.verizon.net)
   by my.production-server.com with smtp (Exim 4.66 (FreeBSD))
   (envelope-from <[EMAIL PROTECTED]>)
   id 1HA0bk-000Dbi-H4
   for [EMAIL PROTECTED]; Thu, 25 Jan 2007
04:09:25 -0500
P Received: from veivya ([151.49.43.128]) by
static-66-13-44-10.bdsl.verizon.net with Microsoft SMTPSVC(5.0.2195.4905);
Thu, 25 Jan 2007 03:07:19 -0600
I Message-ID: <[EMAIL PROTECTED]>
 Date: Thu, 25 Jan 2007 03:07:19 -0600
F From: Kirk <[EMAIL PROTECTED]>
 User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
 MIME-Version: 1.0
T To: [EMAIL PROTECTED]
 Subject: IT Conversations adds value by collecting good content together
andmaking it easy for listeners to find things they like.
 Content-Type: multipart/related;
boundary="040608090804040707090206"


Sample 2 from log;
--

2007-01-25 04:10:47 1HA0d5-000Dcb-3D H=(iaetc.com) [218.148.3.228] F=<
[EMAIL PROTECTED]> rejected after DATA: This email is infected with ().
Please check the system for infection.
Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from [218.148.3.228] (helo=iaetc.com)
   by my.production-server.com with smtp (Exim 4.66 (FreeBSD))
   (envelope-from <[EMAIL PROTECTED]>)
   id 1HA0d5-000Dcb-3D
   for [EMAIL PROTECTED]; Thu, 25 Jan 2007 04:10:47 -0500
I Message-ID: <[EMAIL PROTECTED]>
R Reply-To: "Jeri Clough" <[EMAIL PROTECTED]>
F From: "Jeri Clough" <[EMAIL PROTECTED]>
T To: "Henryk Hendrick" <[EMAIL PROTECTED]>
 Subject: Re: my EDavowa
 Date: Thu, 25 Jan 2007 18:07:22 +0900
 MIME-Version: 1.0
 Content-Type: text/plain;
   charset="us-ascii"
 Content-Transfer-Encoding: 7bit
 X-Priority: 3
 X-MSMail-Priority: Normal
 X-Mailer: Microsoft Outlook Express 6.00.2800.1106
 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106


Sample 3 from log;
---
2007-01-25 04:10:49 1HA0d7-000Dcd-BR H=([195.95.215.209]) [195.95.215.209]
F=<[EMAIL PROTECTED]> rejected after DATA: This email is infected with
(). Please check the system for infection.
Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from [195.95.215.209]
   by my.production-server.com with esmtp (Exim 4.66 (FreeBSD))
   (envelope-from <[EMAIL PROTECTED]>)
   id 1HA0d7-000Dcd-BR
   for [EMAIL PROTECTED];
Thu, 25 Jan 2007 04:10:49 -0500
F From: "Toys READER" <[EMAIL PROTECTED]>
T To: [EMAIL PROTECTED]
 Subject: All you favorite games
 Date: Thu, 25 Jan 2007 12:10:35 -0300
 MIME-Version: 1.0
 Content-Type: multipart/related;
   boundary="=_NextPart_000_0005_01C74079.D1D02C90"
 X-Mailer: Microsoft Office Outlook, Build 11.0.5510
 Thread-Index: AcdAedHQnawnt7meT2y+dVznY/695A==
 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
I Message-Id: [EMAIL PROTECTED]


Are these log outputs normal for clamav?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Re: clamav is not returning virus name to exim

2007-01-26 Thread René Berber

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Haris Khan wrote:

> I'm new to clamav. I'm running exim 4.66 and clamav (ClamAV 0.88.7/2487/Wed
> Jan 24 10:53:17 2007). There are two issues at hand;
> 
> 1)   clam is not returning the name! of virus it caught in mails. Exim
> has a $malware_name variable which should have it, which is coming up as
> empty in exim rejectlog
> 2)   Below, I have copied some sample log entries I found in exim
> rejectlog. Is this normal output?

No.  I'm not an exim expert but...

> Here is my exim.conf;
> --
> 
> av_scanner = clamd:/var/run/clamav/clamd
> 
> # Reject all messages infected with any virus
>  deny message = This email is infected with ($malware_name). Please check
> the system for infection.
>  warn message = X-Virus-Scanner: ClamAV on $primary_hostname

This probably should be:

warn add_header = X-Virus-Scanner: ClamAV on $primary_hostname

but I don't think message + warn will/should fire together.

>demime = *
>   malware = */defer_ok

I don't use the above two, instead only:

denymalware   = *

> # Now accept all
>  accept
> 
> 
> Sample 1 from log;
> --
> 
> 2007-01-25 04:09:25 1HA0bk-000Dbi-H4
> H=(static-66-13-44-10.bdsl.verizon.net)
> [66.13.44.10] F=<[EMAIL PROTECTED]> rejected after DATA: This email is
> infected with (). Please check the system for infection.
...

> Are these log outputs normal for clamav?

I get lines like this:

2007-01-14 14:48:51 JBVLTF-000260-61 H=black [192.168.10.2] F=<[EMAIL 
PROTECTED]>
rejected after DATA: This message contains a virus
(Email.Spam.Gen041.Sanesecurity.06121902).

The only real difference is that "*/defer_ok", but I don't know what it does or
if that is the problem.  Could be something else, like restarting the server
after changing the configuration, or that I'm using Exim 4.63 .
- --
René Berber
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFuuADL3NNweKTRgwRAoVJAKDgic0eX/MBDd5kagCp/AzGt74GfgCgniFD
SIM7hOmHgZGXOfSXWnrcBEY=
=RtBI
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Re: scan performance

Re: [Clamav-users] Re: scan performance

[Clamav-users] clamav is not returning virus name to exim

[Clamav-users] Re: clamav is not returning virus name to exim

4 matches

Site Navigation

Mail list logo

Footer information