Re: [Clamav-users] Clamav 0.92.1 for Solaris 8
Fajar and Peter, thanks for your answers. Peter, in my case I'm restricted to use blastwave in my mail server, so I will need to download the binary build. Fajar, I've seen you've just published clamav-0.92.1.sol8.tar.gz in http://clamav.or.id/stable/ so I will try it today. Thank you very much, --Claudio -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fajar A. Nugraha Sent: Thursday, February 21, 2008 1:17 AM To: ClamAV users ML Subject: Re: [Clamav-users] Clamav 0.92.1 for Solaris 8 Alonso, Claudio Fabian wrote: > Good morning, > I'd like to know if you are planning to include in the download page a > complied version of clamav-0.92.1 for Solaris 8 as you did for previous > versions. > I assume your mail is intended for me :D To tell the truth, I've been kinda holding back building 0.92.1 binaries, mostly because of some bugs mention (for example) on http://lurker.clamav.net/message/20080212.151501.833f926c.en.html Strangely enough, when I try it today I get this results : bash-2.03# uname -a SunOS 5.8 Generic_108528-13 sun4u sparc SUNW,UltraAX-i2 bash-2.03# clamd --version ClamAV 0.92.1/5901/Thu Feb 21 09:26:03 2008 It works correctly. So perhaps the bug is somehere in the build environment, not on the source code. As usual, my binary build is available on http://clamav.or.id As peter pointed out though, if you also use a lot of blastwave packages you MIGHT be better of with their binary (assuming they've fixed the bug). In my case, the original reason I make my own build is that I can't use blastwave packages on Sol8 because I'm not allowed to patch the OS to match blastwave's requirement. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html .. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] what does it scan
Friends, I have ClamAV running on a RedHat es3 server that is used for file sharing ( with windows machines ) and FTP. My location of share & ftp dir is on a second drive [ mnt/data ] So I am thinking that is where ...trouble would come through the door My question is : Is Clam AV scanning that location ? Is it scanning all the time? I have experience with ClamAVx on a Mac where you have to tell it what to scan. And I have experience ( bad ) with Norton Anti Virus where you can see processes running. so - what is being scanned? when? do i need to config something. I , of course , have edited the clamd.conf - but I do not see a where you declare what gets scanned. thanks! jim s ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] what does it scan
Jim Shupert, Jr. wrote: > Friends, > > I have ClamAV running on a RedHat es3 server that is used for file sharing ( > with windows machines ) > and FTP. My location of share & ftp dir is on a second drive [ mnt/data ] > So I am thinking that is where ...trouble would come through the door > > My question is : Is Clam AV scanning that location ? Is it scanning all the > time? > I have experience with ClamAVx on a Mac where you have to tell it what to > scan. > And I have experience ( bad ) with Norton Anti Virus where you can see > processes running. > > so - what is being scanned? when? do i need to config something. > I , of course , have edited the clamd.conf - but I do not see a where you > declare what gets scanned. > > thanks! > It scans what you tell it to scan, when you tell it to scan. Have you set up a cron job for clamscan or clamdscan for this? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain
Hello, I have site that once in a while sends e-mail alerts about new book reviews published in the site. Recently I noticed that some Dutch e-mail servers were rejecting the review alert messages because the site IP address was listed in VirBL . I tracked down the issue and found that ClamAV was marking the messages as Phishing, specifically Phishing.Heuristics.Email.SpoofedDomain . I tested the message and isolated the HTML excerpt that seemed to trigger that classification. If I removed it, the message passes all ClamAV tests. Here follows the relevant excerpt (already decoded from the original quoted-printable message part). http://www.phpclasses.org/reviews/order/1593271204.html";>http://images.amazon.com/images/P/1593271204.01.MZZZ.jpg"; width="121" height="160" border="1"/> This is a picture of the book cover from Amazon with a link to a page in the site that lets the user choose from which of the several Amazon stores that sell the book. What I would like to know is why is this considered Phishing? What characterizes Phishing.Heuristics.Email.SpoofedDomain classification? What can I do to avoid such classification? -- Regards, Manuel Lemos PHP professionals looking for PHP jobs http://www.phpclasses.org/professionals/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV crash - too many signatures?
Hi All, My clamd daemon died today. The log shows the following (see below). The interesting message is Thu Feb 21 10:33:18 2008 -> ERROR: reload db failed: Malformed database Also interesting is the number of signature loaded: 406263 . Freshclam reports 169676 I suspect a SaneSecurity update problem because I found 3 update cron jobs still running. But the question is. Why does the loaded database contains so many signatures? If somebody found something similar before, I really appreciate any help. Thanks in advance. Regards, Jose SNIP --- Thu Feb 21 09:02:42 2008 -> SelfCheck: Database modification detected. Forcing reload. Thu Feb 21 09:02:42 2008 -> Reading databases from /var/lib/clamav Thu Feb 21 09:02:48 2008 -> Database correctly reloaded (406172 signatures) Thu Feb 21 09:32:52 2008 -> SelfCheck: Database status OK. Thu Feb 21 10:02:54 2008 -> SelfCheck: Database modification detected. Forcing reload. Thu Feb 21 10:02:54 2008 -> Reading databases from /var/lib/clamav Thu Feb 21 10:03:01 2008 -> Database correctly reloaded (406198 signatures) Thu Feb 21 10:33:12 2008 -> SelfCheck: Database modification detected. Forcing reload. Thu Feb 21 10:33:12 2008 -> Reading databases from /var/lib/clamav Thu Feb 21 10:33:18 2008 -> ERROR: reload db failed: Malformed database Thu Feb 21 10:33:18 2008 -> Terminating because of a fatal error. Thu Feb 21 10:33:18 2008 -> Socket file removed. Thu Feb 21 10:33:18 2008 -> Pid file removed. Thu Feb 21 10:33:18 2008 -> --- Stopped at Thu Feb 21 10:33:18 2008 Thu Feb 21 15:20:27 2008 -> +++ Started at Thu Feb 21 15:20:27 2008 Thu Feb 21 15:20:27 2008 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH: i386, CPU: i686) Thu Feb 21 15:20:27 2008 -> Running as user amavis (UID 104, GID 106) Thu Feb 21 15:20:27 2008 -> Log file size limited to 1048576 bytes. Thu Feb 21 15:20:27 2008 -> Reading databases from /var/lib/clamav Thu Feb 21 15:20:27 2008 -> Not loading PUA signatures. Thu Feb 21 15:20:32 2008 -> Loaded 406263 signatures. - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Why load virus database and scan cost so much processor ability?
Hi, My clamav run on my Linux server good before. But yesterday it has something wrong. First, it read database error. Wed Feb 20 20:45:07 2008 -> ERROR: reload db failed: Unable to open file or directory Wed Feb 20 20:45:07 2008 -> Terminating because of a fatal error.Wed Feb 20 20:45:07 2008 -> Socket file removed. The next morning, I restarted the clamd, it cost much time to load virus database, 35 minutes!! Before just 15 minues. Thu Feb 21 15:35:30 2008 -> +++ Started at Thu Feb 21 15:35:30 2008 Thu Feb 21 15:35:30 2008 -> clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i486) Thu Feb 21 15:35:30 2008 -> Log file size limited to 1048576 bytes. Thu Feb 21 15:35:30 2008 -> Reading databases from /var/lib/clamav/ Thu Feb 21 16:08:52 2008 -> Loaded 263291 signatures. Thu Feb 21 16:08:52 2008 -> Unix socket file /var/run/clamav/clamd Thu Feb 21 16:08:52 2008 -> Setting connection queue length to 15 Thu Feb 21 16:08:52 2008 -> Archive: Archived file size limit set to 10485760 bytes. Thu Feb 21 16:08:52 2008 -> Archive: Recursion level limit set to 8. Thu Feb 21 16:08:52 2008 -> Archive: Files limit set to 1000. Thu Feb 21 16:08:52 2008 -> Archive: Compression ratio limit set to 250. Thu Feb 21 16:08:52 2008 -> Archive support enabled. Thu Feb 21 16:08:52 2008 -> Algorithmic detection enabled. Thu Feb 21 16:08:52 2008 -> Portable Executable support enabled. Thu Feb 21 16:08:52 2008 -> ELF support enabled. Thu Feb 21 16:08:52 2008 -> Mail files support enabled. And clamd use more processor ability now: Tasks: 216 total, 4 running, 212 sleeping, 0 stopped, 0 zombie Cpu(s): 99.3%us, 0.5%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st Mem: 2076000k total, 771452k used, 1304548k free, 130120k buffers Swap: 979956k total,0k used, 979956k free, 261016k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 5672 amavis25 0 33692 28m 1088 R 97 1.4 1:21.93 clamscan 5671 amavis25 0 32768 27m 1088 R 50 1.3 0:45.94 clamscan 3612 root 25 0 41744 35m 876 R 49 1.8 13:55.15 clamd 5091 wlipsett 17 0 4760 2144 1140 S2 0.1 0:01.00 imapd 5316 rlucyshy 15 0 4152 1488 1140 S1 0.1 0:00.44 imapd Tasks: 264 total, 2 running, 262 sleeping, 0 stopped, 0 zombie Cpu(s): 50.1%us, 0.3%sy, 0.0%ni, 47.4%id, 2.0%wa, 0.0%hi, 0.2%si, 0.0%st Mem: 2076000k total, 1997228k used,78772k free, 283596k buffers Swap: 979956k total, 76k used, 979880k free, 1027308k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 17486 root 25 0 116m 79m 1136 R 99 3.9 90:57.82 clamd 1203 root 16 0 7688 3524 2464 R1 0.2 0:00.21 top 27018 breeve16 0 4240 1604 1136 S0 0.1 0:24.03 imapd 1 root 16 0 1580 528 460 S0 0.0 0:03.40 init When I use clamav, it will delay email about 1-2 hours, when I bypass it, the Email receive and send is very fast. My company's Linux server is two P3 1Ghz cpu DELL 1G memory. Is it two old? My Linux operation system is Ubuntu. Version Linux LinuxDemo 2.6.20-15-generic #2 SMP Sun Apr 15 07:36:31 UTC 2007 i686 GNU/Linux. Any good suggestion? Thanks ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Why load virus database and scan cost so much processor ability?
On Thu, 21 Feb 2008 16:58:46 -0700 (MST) "David Liang" <[EMAIL PROTECTED]> wrote: > Any good suggestion? upgrade -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Feb 22 01:46:01 CET 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Why load virus database and scan cost so much processor ability?
David Liang wrote: > My Linux operation system is Ubuntu. Version > Linux LinuxDemo 2.6.20-15-generic #2 SMP Sun Apr 15 07:36:31 UTC 2007 i686 > GNU/Linux. > > Any good suggestion? What is the output from typing at a command line: ls -lR /var/lib/clamav/ What is the result of running the clamconf utility? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
