[Clamav-users] race condition with restart clamd & clamav-milter
Hello. I found a problem with start clamd and clamav-milter: # service clamd restart && service clamav-milter restart Stopping clamd service: [ DONE ] Starting clamd service: [ DONE ] Stopping clamav-milter service: [ DONE ] Starting clamav-milter service: /var/lib/clamav/clamd.socket: No such file or directory Can't talk to clamd server via /var/lib/clamav/clamd.socket Check your entry for LocalSocket in /etc/clamav/clamd.conf [FAILED] But it can be fixed by # service clamd restart && sleep 1 && service clamav-milter restart Stopping clamd service: [ DONE ] Starting clamd service: [ DONE ] Stopping clamav-milter service: [ DONE ] Starting clamav-milter service: [ DONE ] I added a sleep to my startup script for clamd, but I think that clamd must wait for creating socket during startup. OS: Linux, ClamAV 0.90.1 -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter
On Tuesday 13 March 2007, Claudio Mundin wrote: > I'm using clamav 0.9 and for integrate with sendmail i use clamav-milter. > Now I want that when a virus is detected in a mail, in automatic form > send mail of notification to the address destination of the mail. 1. Are you sure that you need it ? 2. Yes ? Then think again. :-) All still yes ? Ok. :-( clamav-milter can not do it, if I am not mistaken. But you can attempt to use mailfomd as replacement for clamav-milter. It is mail scanner (milter also) with big number features. One of feature the scanning via clamd. mailfomd can generate mail for any events to any recipients with any text. -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] race condition with restart clamd & clamav-milter
Sergey wrote: Hello. I found a problem with start clamd and clamav-milter: # service clamd restart && service clamav-milter restart Stopping clamd service: [ DONE ] Starting clamd service: [ DONE ] Stopping clamav-milter service: [ DONE ] Starting clamav-milter service: /var/lib/clamav/clamd.socket: No such file or directory Can't talk to clamd server via /var/lib/clamav/clamd.socket Check your entry for LocalSocket in /etc/clamav/clamd.conf [FAILED] But it can be fixed by # service clamd restart && sleep 1 && service clamav-milter restart OS: Linux, ClamAV 0.90.1 You haven't found the problem, it's been known about for some time which is why the startup script in .../contrib/init/RedHat/clamav-milter already has that sleep. -Nigel -- Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Tutor, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Where to submit a supposed false positive ?
On Tue, 13 Mar 2007 23:07:43 +0100 Pascal Duchatelle <[EMAIL PROTECTED]> wrote: > As a hint : it is a zipped file with a size that is about the sum of its > unzipped content. Maybe not that much interesting. Please tune your archive settings instead of submitting this file. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 14 10:07:46 CET 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re[2]: [Clamav-users] again "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES"
Rob MacGregor <[EMAIL PROTECTED]> wrote: RM> Have you tried using the ports to install clamav? That will almost RM> certainly resolve your problem. First, as well as it is usual, I installed from sources taken with www.clamav.net After, I tried to install from ports. RM> Just remember to update your ports RM> tree first: Ok, I shall try to update ports and to recompile clamav Thanks, Flanker --- Powered by ClamAV www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virustotal Clamav Engine Problem!!!
On Wed, 2007-03-14 at 07:37 +0100, Julio Canto wrote: > > There seems to be a problem with virustotal.com clamav scan engine. > The engine we're using now is very old. The versions that theoretically > could fix that problem doesn't fit well in the VirusTotal framework (for > instance, it needs .NET for working). If we don't find something > suitable in the next weeks, we'll disable that engine of the service. Have you tried the official ClamAV win32 port? http://w32.clamav.net/ -trog ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV on an local network without internet connection
On Tue, 13 Mar 2007 17:25:06 +0100 [EMAIL PROTECTED] wrote: > Hi the list, > > I'm running ClamAV on many clients and I want to have a server for > updating client database. My server isn't connected to internet. So no > updating is possible. > > How can i setup my server for delivering the two files (daily.cvd and > main.cvd) ? The server database will be updated manually. http://www.clamav.net/support/faq/ -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 14 10:20:00 CET 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.90.1 and amavis 0.3.13pre2 Error Code:44
On Tue, 13 Mar 2007 09:29:31 +0100 Jens Strohschnitter <[EMAIL PROTECTED]> wrote: > Hi list, > > after updating my installation of clamav 0.88 to 0.90.1 the clamscan > failed with the following error: > > Virus scanner failure: /usr/local/bin/clamscan (error code: 40) 40 means that clamscan didn't recognize some command line option, make sure amavis is not calling clamscan with some ancient switches (eg. -w, --mbox) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 14 10:22:28 CET 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: 0.90.1 freshclam error
On Tue, 13 Mar 2007 21:09:48 - "Robert Isaac" <[EMAIL PROTECTED]> wrote: > > >> >> clamd.conf is shown 644 root:root, should it be 644 clamav:clamav? > >> > > >> >That's not the problem. /var/lib/clamav/clamd.socket, or > >wherever you > >> >have put it, is the likely issue. > >> > > >> >-- > >> >Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX > >> > >>I don't have clamd.socket > > > >That was an example. To find the path to the socket you are using, try > > > ># grep LocalSocket clamd.conf > > > >-- > >Noel Jones > > Thanks. This gave > > [EMAIL PROTECTED] etc]# grep LocalSocket clamd.conf > # LocalSocket /tmp/clamd > LocalSocket /usr/sbin Ouch, pointing LocalSocket to /usr/sbin is not a good idea. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 14 10:26:44 CET 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] race condition with restart clamd & clamav-milter
On Wednesday 14 March 2007, Nigel Horne wrote: > You haven't found the problem, it's been known about for some time which is > why the startup script in .../contrib/init/RedHat/clamav-milter already has > that > sleep. Ou, ok. Sorry. :-) although... No, this is a bug: sleep must be placed to clamd's startup. Not only clamav-milter can use clamd. -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: Re[2]: [Clamav-users] again "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES"
On 3/14/07, Sergey Shilov <[EMAIL PROTECTED]> wrote: Ok, I shall try to update ports and to recompile clamav Well, update the ports tree, uninstall/remove the existing clamav install and then install clamav from the ports instead :) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virustotal Clamav Engine Problem!!!
Julio Canto wrote: mr.dan.watson wrote: Hello There seems to be a problem with virustotal.com clamav scan engine. The engine we're using now is very old. The versions that theoretically could fix that problem doesn't fit well in the VirusTotal framework (for instance, it needs .NET for working). If we don't find something suitable in the next weeks, we'll disable that engine of the service. We've updated to a 0.90.1 version that works ok in the VT framework (thanks to Steve Basford for pointing this http://hideout.ath.cx/clamav/clamav-090-1.exe). We'll start working to integrate the ClamWin version as it looks like prefered over cygwin ports. Thanks a lot everybody! -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam can't parse INTERMITTENT error?
- Original Message - From: "Gary V" <[EMAIL PROTECTED]> To: Sent: Tuesday, March 13, 2007 9:13 PM Subject: Re: [Clamav-users] Freshclam can't parse INTERMITTENT error? > BTW, I didn't have any problems getting the install from volatile to take automatically. I'm not sure what you meant about "including it in the list". - John Sorry, I used to be able to run: apt-get -t sarge install clamav clamav-daemon but this did not upgrade freshclam from 0.87 to 0.90. So, in the future I will run: apt-get -t sarge install clamav clamav-daemon clamav-freshclam (I don't use the milter) Gary V I have volatile in my sources.list along with sarge, and I already had clamav and freshclam installed, so it automatically got and installed the latest versions of clamav and freshclam. I see what you mean above hough. - John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] again "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES"
On Wednesday March 14, 2007 at 06:28:20 (AM) Rob MacGregor wrote: > Well, update the ports tree, uninstall/remove the existing clamav > install and then install clamav from the ports instead :) You might want to make sure that you kill all of the running clamav processes first as a precaution. Also, if you have not all ready, place the following in the '/etc/rc.conf' file. clamav_clamd_enable="YES" clamav_freshclam_enable="YES" Make any changes you require to both the /usr/local/etc/clamd.conf and freshclam.conf files. Reboot and you should be good to go. Ciao! -- Gerard ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter
I try to search information of mailfomd but I cant't find anything. You can tell me where I can found this information? Thank 2007/3/14, Sergey <[EMAIL PROTECTED]>: On Tuesday 13 March 2007, Claudio Mundin wrote: > I'm using clamav 0.9 and for integrate with sendmail i use clamav-milter. > Now I want that when a virus is detected in a mail, in automatic form > send mail of notification to the address destination of the mail. 1. Are you sure that you need it ? 2. Yes ? Then think again. :-) All still yes ? Ok. :-( clamav-milter can not do it, if I am not mistaken. But you can attempt to use mailfomd as replacement for clamav-milter. It is mail scanner (milter also) with big number features. One of feature the scanning via clamd. mailfomd can generate mail for any events to any recipients with any text. -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re[2]: [Clamav-users] again "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES"
Gerard Seibert <[EMAIL PROTECTED]> wrote: GS> You might want to make sure that you kill all of the running clamav GS> processes first as a precaution. Also, if you have not all ready, place GS> the following in the '/etc/rc.conf' file. GS> clamav_clamd_enable="YES" GS> clamav_freshclam_enable="YES" GS> Make any changes you require to both the /usr/local/etc/clamd.conf and GS> freshclam.conf files. GS> Reboot and you should be good to go. GS> Ciao! It is a little not on a theme: Ciao is cheerfully. You probably from Italy? I have brother, he lives in Italy in place Forni di Sotto ... And now on a theme: The problem is visible into logs at a stage of configure. Clamav-0.87 finds GMP libraries (libgmp-4.1.4_2), and clamav-0.90.1 does not find Thanks, Flanker - Powered by ClamAV www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] again "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES"
On Wednesday March 14, 2007 at 08:15:15 (AM) Sergey Shilov wrote: > > And now on a theme: > The problem is visible into logs at a stage of configure. > Clamav-0.87 finds GMP libraries (libgmp-4.1.4_2), and clamav-0.90.1 does not > find OK, we have ascertained that you are using FreeBSD. Try this, assuming you have the 'portupgrade' suite installed. 1) If you do not have the latest version of 'portmanager' installed, install it. 2) cd /usr/ports/distfiles 3) rm -rdf * 4) portsclean -C -D -L -PP 5) Update your ports tree 6) cd /usr/ports/security/clamav-devel 7) make config 8) make config-recursive 9) script -ak ~/pm-update.log portmanager /security/clamav-devel -l -f I am assuming that you have removed the old version of clamav that was installed on your system prior to attempting the above. If not, do that first. You will get a full log of what transpired. Also, check the /var/log/portmanager.log and see what it has to say. Contact me if this did not work. HTH -- Gerard ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: Re[2]: [Clamav-users] again "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES"
On 3/14/07, Sergey Shilov <[EMAIL PROTECTED]> wrote: And now on a theme: The problem is visible into logs at a stage of configure. Clamav-0.87 finds GMP libraries (libgmp-4.1.4_2), and clamav-0.90.1 does not find But does the port find it (translation - the people responsible for the FreeBSD ports put a lot of effort into ensuring they work, you can save yourself the trouble of repeating their effort by using the port). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.90.1 and amavis 0.3.13pre2 Error Code:44
> > > > after updating my installation of clamav 0.88 to 0.90.1 the clamscan > > failed with the following error: > > > > Virus scanner failure: /usr/local/bin/clamscan (error code: 40) > > 40 means that clamscan didn't recognize some command line option, make sure > amavis is not calling clamscan with some ancient switches (eg. -w, --mbox) Hi thanx! --one-virus and -w are the options that can't be recognized. Now it works. Thanx. __ Raiffeisen Waren-Zentrale Rhein-Main eG 50668 Koeln, Altenberger Str. 1a Tel: 0221/1638-0 Fax: 0221/1638-254 Sitz: Koeln Amtsgericht Koeln, GnR 728 Vorstand: Hans-Josef Hilgers (Sprecher) Markus Stuettgen Dr. Karl-Heinrich Suemmermann Friedhelm Decker (Vorsitzender) Ingo Steitz Vorsitzender des Aufsichtsrates: Peter Bleser (MdB) St.Nr.: 215/5938/0152 Bankverbindung: WGZ Bank AG, Duesseldorf (BLZ 300 600 10) Konto-Nr.: 300 011 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter
On Wednesday 14 March 2007, Claudio Mundin wrote:
> I try to search information of mailfomd but I cant't find anything.
> You can tell me where I can found this information?
http://puszcza.gnu.org.ua/projects/mailfromd/
You need of flex-2.5.4a (not never !), texinfo-4.8 and mailutils-1.0
(http://www.gnu.org/software/mailutils/mailutils.html) for building.
mailutils needs the patch (this is impotant for sending mail from
mailfromd):
Index: mailbox/sendmail.c
===
RCS file: /cvsroot/mailutils/mailutils/mailbox/sendmail.c,v
retrieving revision 1.33
diff -p -u -r1.33 sendmail.c
--- mailbox/sendmail.c 26 Apr 2006 11:56:31 - 1.33
+++ mailbox/sendmail.c 13 Dec 2006 08:50:43 -
@@ -441,10 +441,15 @@ sendmail_send_message (mu_mailer_t maile
if (rc < 0)
{
- status = errno;
- MAILER_DEBUG2 (mailer, MU_DEBUG_TRACE,
- "waitpid(%d) failed: %s\n",
- sendmail->pid, strerror (status));
+ if (errno == ECHILD)
+ status = 0;
+ else
+ {
+ status = errno;
+ MAILER_DEBUG2 (mailer, MU_DEBUG_TRACE,
+ "waitpid(%d) failed: %s\n",
+ sendmail->pid, strerror (status));
+ }
}
else if (WIFEXITED (exit_status))
{
--
Regards,
Sergey
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
>> Thanks. This gave >> >> [EMAIL PROTECTED] etc]# grep LocalSocket clamd.conf >> # LocalSocket /tmp/clamd >> LocalSocket /usr/sbin > >Ouch, pointing LocalSocket to /usr/sbin is not a good idea. > >-- > oo. Tomasz Kojm <[EMAIL PROTECTED]> > (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg I have removed all of clamav/clamd and reinstalled the rpms and clamd was put in /usr/bin, but /etc/clamd.conf shows LocalSocket /tmp/clamd Is this correct? Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] New freshclam error
I have removed all clamav/clamd and reinstalled the 0.90.1 rpms (DAG). When I run freshclam I get [EMAIL PROTECTED] etc]# freshclam ERROR: Please edit the example config file /etc/freshclam.conf. WARNING: You must specify at least one database mirror. This is what I have in freshclam.conf # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. DatabaseMirror db.gb.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror db.gb.clamav.net DatabaseMirror db.local.clamav.net Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
On Wed, March 14, 2007 10:08 am, Robert Isaac said: > >>> Thanks. This gave >>> >>> [EMAIL PROTECTED] etc]# grep LocalSocket clamd.conf >>> # LocalSocket /tmp/clamd >>> LocalSocket /usr/sbin >> >>Ouch, pointing LocalSocket to /usr/sbin is not a good idea. >> >>-- >> oo. Tomasz Kojm <[EMAIL PROTECTED]> >> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg > > I have removed all of clamav/clamd and reinstalled the rpms and clamd was > put in /usr/bin, but /etc/clamd.conf shows LocalSocket /tmp/clamd Is this > correct? Yes. The socket is not the program, it is a connector, _created by_ the program. /tmp or /var/run are common places for it. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter
Claudio Mundin wrote: I try to search information of mailfomd but I cant't find anything. You can tell me where I can found this information? Another milter able to do that is j-chkmail : http://j-chkmail.ensmp.fr Thank 2007/3/14, Sergey <[EMAIL PROTECTED]>: On Tuesday 13 March 2007, Claudio Mundin wrote: > I'm using clamav 0.9 and for integrate with sendmail i use clamav-milter. > Now I want that when a virus is detected in a mail, in automatic form > send mail of notification to the address destination of the mail. 1. Are you sure that you need it ? 2. Yes ? Then think again. :-) All still yes ? Ok. :-( clamav-milter can not do it, if I am not mistaken. But you can attempt to use mailfomd as replacement for clamav-milter. It is mail scanner (milter also) with big number features. One of feature the scanning via clamd. mailfomd can generate mail for any events to any recipients with any text. -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- --- Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41 Ecole des Mines de Paris http://j-chkmail.ensmp.fr 60, bd Saint Michelhttp://www.ensmp.fr/~martins 75272 - PARIS CEDEX 06 mailto:[EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: 0.90.1 freshclam error
Daniel T. Staal wrote: On Wed, March 14, 2007 10:08 am, Robert Isaac said: Thanks. This gave [EMAIL PROTECTED] etc]# grep LocalSocket clamd.conf # LocalSocket /tmp/clamd LocalSocket /usr/sbin Ouch, pointing LocalSocket to /usr/sbin is not a good idea. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg I have removed all of clamav/clamd and reinstalled the rpms and clamd was put in /usr/bin, but /etc/clamd.conf shows LocalSocket /tmp/clamd Is this correct? Yes. The socket is not the program, it is a connector, _created by_ the program. /tmp or /var/run are common places for it. Yes, you seem to be confusing the binary program /usr/bin/clamd with the socket file which is created by clamd when it starts up. With the clamd.conf setting you had originally: LocalSocket /usr/sbin You are attempting to overwrite the clamd executable with the socket. I cant even imagine what results this would produce. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: 0.90.1 freshclam error
Yes, you seem to be confusing the binary program /usr/bin/clamd with the socket file which is created by clamd when it starts up. With the clamd.conf setting you had originally: LocalSocket /usr/sbin You are attempting to overwrite the clamd executable with the socket. I cant even imagine what results this would produce. -Jim At the very least it has triggered the sequence of events that will cause the sun to expand to the point the earth is totally torched. Sure, it won't happen in our lifetime, but what about the children? Gary V _ Find what you need at prices youll love. Compare products and save at MSN® Shopping. http://shopping.msn.com/default/shp/?ptnrid=37,ptnrdata=24102&tcode=T001MSN20A0701 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
>>Yes, you seem to be confusing the binary program >/usr/bin/clamd with the >>socket file which is created by clamd when it starts up. With the >>clamd.conf setting you had originally: >> >> LocalSocket /usr/sbin >> >>You are attempting to overwrite the clamd executable with the >socket. I >>cant even imagine what results this would produce. >> >>-Jim > >At the very least it has triggered the sequence of events that >will cause >the sun to expand to the point the earth is totally torched. >Sure, it won't >happen in our lifetime, but what about the children? > >Gary V OMG, what have I done. I must consult my ancient book of spells recovered from Merlin's cave. Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
- Original Message - >>>Yes, you seem to be confusing the binary program >>/usr/bin/clamd with the >>>socket file which is created by clamd when it starts up. With the >>>clamd.conf setting you had originally: >>> >>> LocalSocket /usr/sbin >>> >>>You are attempting to overwrite the clamd executable with the >>socket. I >>>cant even imagine what results this would produce. >>> >>>-Jim >> >>At the very least it has triggered the sequence of events that >>will cause >>the sun to expand to the point the earth is totally torched. >>Sure, it won't >>happen in our lifetime, but what about the children? >> >>Gary V > >OMG, what have I done. I must consult my ancient book of spells recovered >from Merlin's cave. My Uncle's friend's sister's boyfriend read a book about Nostradamus where it claims he predicted that event = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca --- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd dying.
Hello, Last night my clamd died on my server here what my logs say: Tue Mar 13 20:48:07 2007 -> SelfCheck: Database status OK. Tue Mar 13 20:58:10 2007 -> SelfCheck: Database modification detected. Forcing reload. Tue Mar 13 20:58:10 2007 -> Reading databases from /var/lib/clamav Tue Mar 13 20:58:10 2007 -> /var/spool/qmailscan/tmp/117384468772212046/1173844690.430-0: HTML.Phishing.Bank-1156 FOUND Tue Mar 13 20:58:12 2007 -> ERROR: reload db failed: Malformed database Tue Mar 13 20:58:12 2007 -> Terminating because of a fatal error. Tue Mar 13 20:58:12 2007 -> Shutting down the main sockets. Tue Mar 13 20:58:12 2007 -> Closing the main sockets. Tue Mar 13 20:58:12 2007 -> Socket file removed.Tue Mar 13 20:58:12 2007 -> ERROR: Can't unlink the pid file /var/run/clamd.pid Tue Mar 13 20:58:12 2007 -> --- Stopped at Tue Mar 13 20:58:12 2007 What could be the cause of this problem? Thank you, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] mailbox to maildir transform help
Hello, I don't understand how formail works. It is said in the clamav FAQ that it can change mailbox format to maildir. I would like to do that to a thunderbird mailbox in order to get rid of a message that is infected. I did not find options to do that. What syntax should I use with formail ? Another solution would be that a fedora user tells how(where) to get the rpm of mbox2mdir and mdir2mbox. Thank you. Pascal ___ Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire. http://fr.mail.yahoo.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter
On Wed, Mar 14, 2007 at 05:33:05PM +0400, Sergey wrote: > On Wednesday 14 March 2007, Claudio Mundin wrote: > > > I try to search information of mailfomd but I cant't find anything. > > You can tell me where I can found this information? [removed build info requiring unmaintained software, exact phase of the moon, and the sacrificial death of some small rodents.] Or you could use mimedefang (www.mimedefang.org), which gives you the power of perl in sendmail, comes with a relatively friendly example script that you can modify to your needs. You'd need to write a bit of perl to do what you need (because nobody is currently insane enough to shoot holes in his or her feet like you want to), but it wouldn't be particularly hard to do. PS: If the above wasn't obvious, please reconsider what you want to do. At the very least make _VERY_ sure that, if you ever send a notification "an email was addressed to you but it contained a virus", that you will NOT send such notifications outside of your own organisation, EVER. Not even in the form of an out-of-office reply to such a message. -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] mailbox to maildir transform help
> I don't understand how formail works. It is said in the > clamav FAQ that it can change mailbox format to maildir. I > would like to do that to a thunderbird mailbox in order to > get rid of a message that is infected. I did not find options > to do that. What syntax should I use with formail ? > Another solution would be that a fedora user tells how(where) > to get the rpm of mbox2mdir and mdir2mbox. > Thank you. > Pascal Perhaps I'm misunderstanding... but this seems to be the long way around the barn. Are you unable to simply delete the message from within Thunderbird? MrC ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] did a funny experiment, found a weird result !!
Since I was looking for a way to split my mailbox (mailbox format) in maildir format, I looked around. I installed Sylpheed-claws since I read in the doc that it handles both formats. After the install I opened it and in the menus I choose to import mail from a mbox type mailbox i.e. the Inbox of one of my accounts (in fact a copy of it. This file is normally in my thunderbird directory (good idea because the transfert emptied it)). To my surprise I got back a all bunch of junk mail (that I didn't even open at the time I received it) and old stuffs that I deleted long ago (weird!! :-\ ) but I got all the message seperated from each other in individual files. Just as I expected it. In claws, in the list they are displayed with their attached documents. I open a safe one and it showed up the attached document just fine. So AVIS AUX AMATEURS 8-) ! Then I ran clamscan (with the debug option ) on the Mail directory created by Sylpheed-claws hoping to get the number of the infected message. Clamscan did not find any trace of infection !!! :-( Can someone tell me what has gone wrong there ? Was there really a infection in the first place ? Or could Sylpheed-claws have just gotten rid of it ? To sleep well I will need to understand this one. Cheers Pascal ___ Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire. http://fr.mail.yahoo.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] mailbox to maildir transform help
MrC a écrit : I don't understand how formail works. It is said in the clamav FAQ that it can change mailbox format to maildir. I would like to do that to a thunderbird mailbox in order to get rid of a message that is infected. I did not find options to do that. What syntax should I use with formail ? Another solution would be that a fedora user tells how(where) to get the rpm of mbox2mdir and mdir2mbox. Thank you. Pascal Perhaps I'm misunderstanding... but this seems to be the long way around the barn. Are you unable to simply delete the message from within Thunderbird? MrC In fact I posted a new message describing what I did. But clamscan tells me my Inbox of one of my account in thunderbird is infected and I don't know what message that could be. Since the virus is of worm type (I guess attached to mail) and all the mail that I keep in my inbox (after sorting to different folders) is devoided of junk, unknown sender's message, etc., I thought it clean. I read in the FAQ that clamscan is not able to tell which message is infected but if one does what I was trying to do then it becomes possible (FAQ again). That it is why I was looking for such a solution. And of course all this hastle because I don't want to just dump everything (even the precious ones) if I can do otherwise. Pascal -- Laboratoire de Pharmacologie - Physiologie CERMN UFR des Sciences Pharmaceutiques Université de Caen Basse Normandie 5 rue Vaubénard 14032 Caen cedex Tél/fax (33) 02 31 94 72 55 ___ Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire. http://fr.mail.yahoo.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav log file mystery on 0.90.1
Hi I have a small mystery on file permissions for the clamav log file. I am running clamd through mimedefang (user defang) and so in /etc/group I have: > defang:x:2504: > clamav:x:2505:clamav,defang and the log file has: > -rw-rw 1 clamav clamav 35736 Mar 6 15:13 /var/log/clam-update.log But, I get the following when I start clamd Starting clamd: Running as user defang (UID 2504, GID 2504) > ERROR: Can't open /var/log/clam-update.log in append mode (check > permissions!). > ERROR: Problem with internal logger. Please check the permissions on the /var/log/clam-update.log file. >[FAILED] When I change the permissions on /var/log/clam-update.log to 0666 it works OK. This error has only occurred since I updated from 0.88.7 to 0.90.1 Any ideas on what I have got wrong? Or is this a new "feature"? Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav log file mystery on 0.90.1
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Bill Maidment > Sent: donderdag 15 maart 2007 0:28 > To: clamav-users@lists.clamav.net > Subject: [Clamav-users] clamav log file mystery on 0.90.1 > > But, I get the following when I start clamd > Starting clamd: Running as user defang (UID 2504, GID 2504) > > ERROR: Can't open /var/log/clam-update.log in append mode > (check permissions!). > > ERROR: Problem with internal logger. Please check the > permissions on the /var/log/clam-update.log file. > > > When I change the permissions on /var/log/clam-update.log to > 0666 it works OK. > This error has only occurred since I updated from 0.88.7 to 0.90.1 > Any ideas on what I have got wrong? Did you put this in its new format? (with booleans). "AllowSupplementaryGroups true" - Mark ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: mailbox to maildir transform help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pascal Duchatelle wrote: > I don't understand how formail works. [snip] You have to read the manual... from the examples in `man formail` I would guess that you need something like: formail -Ys < old_mailbox | tee temp.file | clamdscan --quiet - && cat < temp.file >> new_mailbox (is one line) - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+IwOL3NNweKTRgwRCKBfAJ94pCs4XH5J9rKEmxZ9JFrL4tq+4wCgjDSg dgqIMO8nbqt7oJFyzd712dM= =s1y6 -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav log file mystery on 0.90.1
On Wed, 14 Mar 2007 23:45:05 GMT, Mark wrote > > -Original Message- > > Did you put this in its new format? (with booleans). > > "AllowSupplementaryGroups true" > Ah! The new feature :-) I missed that. Thanks. All working well now. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9
On Mon, 12 Mar 2007 15:01:06 +0200 (SAST) "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > I am experiencing the same problems. > > We have two quad CPU E450's running Solaris 9 handling the incomming > mail on our domains. These servers are generally very busy. No experimental code here. This is from Sébastien Cat. Send a .zip file through clamav 0.90.1 with ScanArchive enabled. I just did this and clamd crashed. I disabled ScanArchive and restarted clamd. The email scanned without crashing 0.90.1 This sure looks like the reason for the occasional clamd crash here! I have had this option enabled for as long as I can remember and this is the first time that clamd has crashed from a zipped file. Can anyone confirm this on your Solaris installation? Thanks, Alex -- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] New freshclam error
edit freshclam.conf and comment out the word example. -Marco - Original Message - From: "Robert Isaac" <[EMAIL PROTECTED]> To: "'ClamAV users ML'" Sent: Wednesday, March 14, 2007 10:08 AM Subject: [Clamav-users] New freshclam error I have removed all clamav/clamd and reinstalled the 0.90.1 rpms (DAG). When I run freshclam I get [EMAIL PROTECTED] etc]# freshclam ERROR: Please edit the example config file /etc/freshclam.conf. WARNING: You must specify at least one database mirror. This is what I have in freshclam.conf # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. DatabaseMirror db.gb.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror db.gb.clamav.net DatabaseMirror db.local.clamav.net Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.11/722 - Release Date: 3/14/2007 3:38 PM ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9
Alex Moore wrote: On Mon, 12 Mar 2007 15:01:06 +0200 (SAST) "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: I am experiencing the same problems. We have two quad CPU E450's running Solaris 9 handling the incomming mail on our domains. These servers are generally very busy. No experimental code here. This is from Sébastien Cat. Send a .zip file through clamav 0.90.1 with ScanArchive enabled. I just did this and clamd crashed. I disabled ScanArchive and restarted clamd. The email scanned without crashing 0.90.1 This sure looks like the reason for the occasional clamd crash here! I have had this option enabled for as long as I can remember and this is the first time that clamd has crashed from a zipped file. Can anyone confirm this on your Solaris installation? Thanks, Alex My systems handle about 1 million messages/week and none have suffered a crashed clamd since I installed a self-built version 0.90.1. I did not enable experimental, and I don't use scripted updates. My milter is the elegant but simple to use J-Chkmail which the fine author, Jose-Marcio, mentioned earlier today. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9
On Wed, 14 Mar 2007 17:54:12 -0700 Dennis Peterson <[EMAIL PROTECTED]> wrote: > My systems handle about 1 million messages/week and none have > suffered a crashed clamd since I installed a self-built version > 0.90.1. I did not enable experimental, and I don't use scripted > updates. My milter is the elegant but simple to use J-Chkmail which > the fine author, Jose-Marcio, mentioned earlier today. And you have ScanArchive enabled in clamd.conf? Alex -- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.90.1 not finding viruses
I just realized to my horror that clamav has not found a virus in any email handled by my server since March 5th when I upgraded to clamav 0.90.1. The messages are being tagged appropriately, e.g.: X-Virus-Status: No X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 with ClamAV 0.90.1/2839/Wed Mar 14 05:24:32 2007 signatures 42. - And the clamav log is free of errors and indicated that the database is updated appropriately and clamd is being notified of changes. Since I usually see viruses daily, I can't believe that there have simply been no viruses since March 5th! Thoughts please? Thanks - John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 not finding viruses
On Wed, 14 Mar 2007 21:12:37 -0400 "John Fleming" <[EMAIL PROTECTED]> wrote: > I just realized to my horror that clamav has not found a virus in any > email handled by my server since March 5th when I upgraded to clamav > 0.90.1. The messages are being tagged appropriately, e.g.: > > X-Virus-Status: No > X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 > with ClamAV 0.90.1/2839/Wed Mar 14 05:24:32 2007 signatures 42. Are you sure about that signature number. This is from my clamd.log: Database correctly reloaded (268167 signatures) > - And the clamav log is free of errors and indicated that the > database is updated appropriately and clamd is being notified of > changes. Since I usually see viruses daily, I can't believe that > there have simply been no viruses since March 5th! It does seem rather strange, doesn't it. -- Gerard Jacquin's Postulate on Democratic Government: No man's life, liberty, or property are safe while the legislature is in session. signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9
Alex Moore wrote: On Wed, 14 Mar 2007 17:54:12 -0700 Dennis Peterson <[EMAIL PROTECTED]> wrote: My systems handle about 1 million messages/week and none have suffered a crashed clamd since I installed a self-built version 0.90.1. I did not enable experimental, and I don't use scripted updates. My milter is the elegant but simple to use J-Chkmail which the fine author, Jose-Marcio, mentioned earlier today. And you have ScanArchive enabled in clamd.conf? Alex Yes. Here's the archive section from clamconf: ScanArchive = yes ArchiveMaxFileSize = 0 ArchiveMaxRecursion = 8 ArchiveMaxFiles = 1000 ArchiveMaxCompressionRatio = 250 ArchiveLimitMemoryUsage = no ArchiveBlockEncrypted = no ArchiveBlockMax = yes J-Chkmail extracts attachments to a working directory then invokes clamd via a Unix socket with a path to the file. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 not finding viruses
John Fleming wrote: I just realized to my horror that clamav has not found a virus in any email handled by my server since March 5th when I upgraded to clamav 0.90.1. The messages are being tagged appropriately, e.g.: X-Virus-Status: No X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 with ClamAV 0.90.1/2839/Wed Mar 14 05:24:32 2007 signatures 42. - And the clamav log is free of errors and indicated that the database is updated appropriately and clamd is being notified of changes. Since I usually see viruses daily, I can't believe that there have simply been no viruses since March 5th! Thoughts please? Thanks - John Is there a clamassassin log? 42 signatures is very small - something is wrong with that. Run clamconf and check the report against your clamassassin configuration and what you believe the configuration should be. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 not finding viruses
- Original Message - From: "Gerard Seibert" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Wednesday, March 14, 2007 9:24 PM Subject: Re: [Clamav-users] 0.90.1 not finding viruses X-Virus-Status: No X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 with ClamAV 0.90.1/2839/Wed Mar 14 05:24:32 2007 signatures 42. Are you sure about that signature number. This is from my clamd.log: That's what's in the headers, but here's clamav.log: (Still doesn't agree with yours!) Wed Mar 14 00:37:32 2007 -> SelfCheck: Database modification detected. Forcing reload. Wed Mar 14 00:37:32 2007 -> Reading databases from /var/lib/clamav/ Wed Mar 14 00:37:39 2007 -> Database correctly reloaded (99273 signatures) Wed Mar 14 02:37:45 2007 -> SelfCheck: Database modification detected. Forcing reload. Wed Mar 14 02:37:45 2007 -> Reading databases from /var/lib/clamav/ Wed Mar 14 02:37:53 2007 -> Database correctly reloaded (99280 signatures) Wed Mar 14 04:37:57 2007 -> SelfCheck: Database modification detected. Forcing reload. Wed Mar 14 04:37:57 2007 -> Reading databases from /var/lib/clamav/ Wed Mar 14 04:38:05 2007 -> Database correctly reloaded (99277 signatures) Wed Mar 14 05:37:58 2007 -> SelfCheck: Database modification detected. Forcing reload. Wed Mar 14 05:37:58 2007 -> Reading databases from /var/lib/clamav/ Wed Mar 14 05:38:05 2007 -> Database correctly reloaded (99282 signatures) Wed Mar 14 06:52:57 2007 -> SelfCheck: Database status OK. And from the freshclam log: (6 hrs later than the above, so more sigs.) -- Received signal: wake up ClamAV update process started at Wed Mar 14 05:37:57 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) Downloading daily-2839.cdiff [100%] daily.inc updated (version: 2839, sigs: 15331, f-level: 14, builder: ccordes) Database updated (99282 signatures) from db.local.clamav.net (IP: 64.186.240.114) Clamd successfully notified about the update. -- Received signal: wake up ClamAV update process started at Wed Mar 14 06:37:58 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) daily.inc is up to date (version: 2839, sigs: 15331, f-level: 14, builder: ccordes) -- I notice above that the main.cvd version is "42", the same number reported for the signatures in my headers. Coincidence?? I have no idea what to do with this. - John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9
On Wed, 14 Mar 2007 18:34:14 -0700 Dennis Peterson <[EMAIL PROTECTED]> wrote: > ScanArchive = yes > ArchiveMaxFileSize = 0 > ArchiveMaxRecursion = 8 > ArchiveMaxFiles = 1000 > ArchiveMaxCompressionRatio = 250 > ArchiveLimitMemoryUsage = no > ArchiveBlockEncrypted = no > ArchiveBlockMax = yes > > J-Chkmail extracts attachments to a working directory then invokes > clamd via a Unix socket with a path to the file. Thanks for the detail. From these keywords, I have the following differences. ArchiveMaxFileSize 10M ArchiveBlockEncrypted yes ArchiveBlockMax no I use MIMEDefang to do the same type of scans for the email parts from a working directory and I also scan the email with clamd/clamav-milter. I will try disabling the scan from the clamd/clamav-milter combination and see what happens. Anyone else on Solaris with ScanArchive enabled having problems? Alex -- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 not finding viruses
- Original Message - From: "Dennis Peterson" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Wednesday, March 14, 2007 9:40 PM Subject: Re: [Clamav-users] 0.90.1 not finding viruses John Fleming wrote: I just realized to my horror that clamav has not found a virus in any email handled by my server since March 5th when I upgraded to clamav 0.90.1. The messages are being tagged appropriately, e.g.: X-Virus-Status: No X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 with ClamAV 0.90.1/2839/Wed Mar 14 05:24:32 2007 signatures 42. - And the clamav log is free of errors and indicated that the database is updated appropriately and clamd is being notified of changes. Since I usually see viruses daily, I can't believe that there have simply been no viruses since March 5th! Thoughts please? Thanks - John Is there a clamassassin log? 42 signatures is very small - something is wrong with that. Run clamconf and check the report against your clamassassin configuration and what you believe the configuration should be. No, there's no clamassassin log. clamconf gives the proper data. I sent myself the eicar test and it was detected and filed in the virus IMAP folder as expected. However, there is no evidence of this in the clamav lag! I upgraded my clamassassin - I had manually updated an older one so that clamd would be correctly notified of database updates. This really doesn't pertain to what we're talking about it, but mention it to be complete and because the headers are different now - missing the number of signatures altogether. HOwever, the clamav log indicates that 90-some thousand signatures are correctly loaded. Not sure why it's not 200-some thousand like yours... I know from past experience that EICAR should get logged in clamav log unless something's changed! Any other thoughts about this? - John X-Virus-Status: Yes X-Virus-Report: Eicar-Test-Signature FOUND X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 0.90.1/2839/Wed Mar 14 05:24:32 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] race condition with restart clamd & clamav-milter
On Wednesday 14 March 2007, Nigel Horne wrote: > the startup script in .../contrib/init/RedHat/clamav-milter already has that > sleep. 1 second is too low in some case. :-( # service clamd restart && ls /var/lib/clamav/* && sleep 5 && ls /var/lib/clamav/* && service clamav-milter restart Stopping clamd service: [ DONE ] Starting clamd service: [ DONE ] /var/lib/clamav/daily.cvd /var/lib/clamav/main.cvd /var/lib/clamav/daily.cvd /var/lib/clamav/main.cvd Stopping clamav-milter service: [ DONE ] Starting clamav-milter service: /var/lib/clamav/clamd.socket: No such file or directory Can't talk to clamd server via /var/lib/clamav/clamd.socket Check your entry for LocalSocket in /etc/clamav-milter.conf [FAILED] I use 2 seconds in clamd's init. So, 7 seconds too low for 2xPentium III 450 system. :-( load average: 2.29, 1.78, 1.30 -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9
On 3/15/07, Alex Moore <[EMAIL PROTECTED]> wrote: <---SNIP---> Anyone else on Solaris with ScanArchive enabled having problems? Not Solaris, but on FreeBSD 5.4 I'm finding 0.90.1 (built from the FreeBSD ports) silently dying at random intervals, when 0.90 didn't. I've got it running with debug logging turned on right now to see if I can log a cause (it is passing zip files ok). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
