[Clamav-users] Can anybody direct me to the correct postfix/amavis-new clamav configuration
I'm running postfix and amavisd-new, spamassassin and clamav. I have all the daemons running and mail is getting filtered through amavisd-new (as per the header), I'm trying to get spammassassin and clamav configured with postfix. I don't know if my mail is being filtered. Could someone point me in the right direction, Google is wearing me out. Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Can anybody direct me to the correct postfix/amavis-new clamav configuration
Goodman, William wrote: > I'm running postfix and amavisd-new, spamassassin and clamav. I have all > the daemons running and mail is getting > filtered through amavisd-new (as per the header), I'm trying to get > spammassassin and clamav configured with > postfix. I don't know if my mail is being filtered. Could someone point > me in the right direction, Google is wearing me out. > Amavisd-new controls spamassassin and clamav filtering, no extra configuration is needed in postfix. Activate these features in the amavisd.conf file. See the INSTALL, RELAEASE_NOTES, and README.postfix included with amavisd-new for detailed instructions. http://www.ijs.si/software/amavisd/#doc -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] 0.95RC1 availability
Folks, 0.95 RC1 was published on Wednesday 25/2/09. For details of the new features please refer to the Changelog. A what's new document that gives an overview of the new and improved features is currently in preparation for publication on www.clamav.net. For technical information please refer to https://wiki.clamav.net/Main/UpgradeNotes095 . We encourage as many people as possible to test this release candidate by downloading it from www.clamav.net. If you don't have access to a test machine you can still help us by downloading it and checking that it compiles and links on your platform. If you do have a test machine/model/network please help us by loading ClamAV 0.95RC1 and testing it. All bug reports should be filed at http://bugs.clamav.net. We also encourage all 3rd party developers of products and distribution/port maintainers to download and check this update so that you can go live as soon as the final version is released. The release is scheduled for 16th March. Thank you for your continued support and help, -Nigel -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Can anybody direct me to the correct postfix/amavis-new clamav configuration
On February 27, 2009 8:32 am Goodman, William wrote: > I'm running postfix and amavisd-new, spamassassin and clamav. I have all > the daemons running and mail is getting > filtered through amavisd-new (as per the header), I'm trying to get > spammassassin and clamav configured with > postfix. I don't know if my mail is being filtered. Could someone point > me in the right direction, Google is wearing me out. You don't configure SpamAssassin and ClamAV to work with Postfix. You configure them to work with Amavisd-new. Amavisd-new provides the glue between postfix and all the scanners/filters. So long as Postfix can send mail to amavisd-new, and amavisd-new can send the mail back to Postfix, then all you have to do is make sure amavisd-new is configured to correctly use SA and Clam. -- Freddie fjwc...@gmail.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Can anybody direct me to the correct postfix/a mavis-new clamav configuration
Freddie Cash wrote: > On February 27, 2009 8:32 am Goodman, William wrote: > > I'm running postfix and amavisd-new, spamassassin and clamav. I > > have all the daemons running and mail is getting > > filtered through amavisd-new (as per the header), I'm trying to get > > spammassassin and clamav configured with > > postfix. I don't know if my mail is being filtered. Could someone > > point me in the right direction, Google is wearing me out. > > You don't configure SpamAssassin and ClamAV to work with Postfix. You > configure them to work with Amavisd-new. Amavisd-new provides the > glue between postfix and all the scanners/filters. > > So long as Postfix can send mail to amavisd-new, and amavisd-new can > send the mail back to Postfix, then all you have to do is make sure > amavisd-new is configured to correctly use SA and Clam. Also, since amavisd-new incorporates SpamAssassin into itself, you do not need the spamd daemon when using SA via amavisd-new. -- Bowie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [sanesecurity] Re: clamd crashes - further testing
Nigel Horne wrote: > Folks, > > 0.95 RC1 was published on Wednesday 25/2/09. > > It would help us a lot to see if this problem still exists in the new > ewlease if as many people as possible were to test this release > candidate by downloading it from www.clamav.net. If you have a test > machine/model/network please help us by loading ClamAV 0.95RC1 and > testing it. > > All bug reports should be filed at http://bugs.clamav.net. > > The full release of ClamAV 0.95 is scheduled for 16th March. > > Thank you for your continued support and help, > > -Nigel Hi Nigel, ClamAV 0.95rc1 compiles and installs fine on Fedora 10. However, the "clamscan -d" test now appears to be more restrictive in what it finds and reports as "malformed". I have created a file of what was not detected with the ClamAV 0.94.2 version of "clamscan -d", but is now detected as malformed with the ClamAV 0.95rc1 version of "clamscan -d". The only file that reported errors was SecuriteInfo's securiteinfo.hdb signature database file. The reported malformed lines can be viewed at: http://www.inetmsg.com/pub/securiteinfo.hdb-malformed.txt and an updated version of the file with the malformed lines removed is available at: http://www.inetmsg.com/pub/securiteinfo.hdb Before I report this to Arnaud Jacques (of SecuriteInfo), could these now reported malformed lines possibly be the cause of the clamd crashes some of us have been experiencing? Bill ps, I've cross-posted this to both the SaneSecurity and ClamAV-Users lists. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Can anybody direct me to the correct postfix/a mavis-new clamav configuration
On Feb 27, 2009, at 9:32 AM, Bowie Bailey wrote: >> So long as Postfix can send mail to amavisd-new, and amavisd-new can >> send the mail back to Postfix, then all you have to do is make sure >> amavisd-new is configured to correctly use SA and Clam. > > Also, since amavisd-new incorporates SpamAssassin into itself, you do > not need the spamd daemon when using SA via amavisd-new. Both of these points are well-said and worth repetition. :-) Given how much memory a bunch of amavisd child processes can consume, not having to run spamd in addition helps conserve memory. Note that just like when running spamd, however, you'll want to train SA within Amavisd against 200 or more ham and spam messages by running sa-learn as amavisd (or vscan or whatever user you run amavisd as). Regards, -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
Nigel Horne wrote: > Folks, > > 0.95 RC1 was published on Wednesday 25/2/09. > > For details of the new features please refer to the Changelog. > > A what's new document that gives an overview of the new and improved > features is currently in preparation for publication on www.clamav.net. > > For technical information please refer to > https://wiki.clamav.net/Main/UpgradeNotes095 . > > We encourage as many people as possible to test this release candidate > by downloading it from www.clamav.net. If you don't have access to a > test machine you can still help us by downloading it and checking that > it compiles and links on your platform. If you do have a test > machine/model/network please help us by loading ClamAV 0.95RC1 and > testing it. > > All bug reports should be filed at http://bugs.clamav.net. > > We also encourage all 3rd party developers of products and > distribution/port maintainers to download and check this update so that > you can go live as soon as the final version is released. The release > is scheduled for 16th March. > > Thank you for your continued support and help, > > -Nigel > Nigel, Compiles and links in FC1. I know it is old; but, nothing is broken in the compiling. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
On Fri, 2009-02-27 at 15:36 -0500, James Kosin wrote: > Nigel Horne wrote: > > Folks, > > > > 0.95 RC1 was published on Wednesday 25/2/09. > > > Nigel, > > Compiles and links in FC1. I know it is old; but, nothing is broken in > the compiling. Just finished altering the mandriva spec file so it will compile on 2009.0. I'll be glad to share the config patch and the new spec file with anyone who wants it. If it works well (without crashing for a few days) on my 2009.0 system, I'll try compiling it on Corporate Server 4 -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
On Fri, 2009-02-27 at 14:48 -0600, McDonald, Dan wrote: > On Fri, 2009-02-27 at 15:36 -0500, James Kosin wrote: > > Nigel Horne wrote: > > > Folks, > > > > > > 0.95 RC1 was published on Wednesday 25/2/09. > > > > > Nigel, > > > > Compiles and links in FC1. I know it is old; but, nothing is broken in > > the compiling. > > Just finished altering the mandriva spec file so it will compile on > 2009.0. I'll be glad to share the config patch and the new spec file > with anyone who wants it. > > If it works well (without crashing for a few days) on my 2009.0 system, > I'll try compiling it on Corporate Server 4 This is new. Is there another library that has been added to the requirements? Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file not found - unrar support unavailable -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
Nigel Horne wrote: > Folks, > > 0.95 RC1 was published on Wednesday 25/2/09. > > For details of the new features please refer to the Changelog. > > A what's new document that gives an overview of the new and improved > features is currently in preparation for publication on www.clamav.net. > > For technical information please refer to > https://wiki.clamav.net/Main/UpgradeNotes095 . > > We encourage as many people as possible to test this release candidate > by downloading it from www.clamav.net. If you don't have access to a > test machine you can still help us by downloading it and checking that > it compiles and links on your platform. If you do have a test > machine/model/network please help us by loading ClamAV 0.95RC1 and > testing it. > > All bug reports should be filed at http://bugs.clamav.net. > > We also encourage all 3rd party developers of products and > distribution/port maintainers to download and check this update so that > you can go live as soon as the final version is released. The release > is scheduled for 16th March. > > Thank you for your continued support and help, > > -Nigel Just to update this thread, RC1 compiles and installs without error/issue on Fedora 10. The one thing I have noticed is that when I stop the clamd service now (service clamd stop), I see the following in the clamd.log: WARNING: Syncpipe write failed Here are all of the lines written to the log when clamd is stopped: Fri Feb 27 13:18:15 2009 -> WARNING: Syncpipe write failed Fri Feb 27 13:18:16 2009 -> Pid file removed. Fri Feb 27 13:18:16 2009 -> --- Stopped at Fri Feb 27 13:18:16 2009 Fri Feb 27 13:18:16 2009 -> Socket file removed. Is this something I should be concerned about? Thanks, Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [sanesecurity] Re: clamd crashes - further testing
Bill Landry wrote: Nigel, > > ClamAV 0.95rc1 compiles and installs fine on Fedora 10. However, the > "clamscan -d" test now appears to be more restrictive in what it finds > and reports as "malformed". Hi Bill, Thanks very much for trying this for us. > > I have created a file of what was not detected with the ClamAV 0.94.2 > version of "clamscan -d", but is now detected as malformed with the > ClamAV 0.95rc1 version of "clamscan -d". The only file that reported > errors was SecuriteInfo's securiteinfo.hdb signature database file. The > reported malformed lines can be viewed at: > >http://www.inetmsg.com/pub/securiteinfo.hdb-malformed.txt This could be of use. I can't say yet if it is the cause of the problem that the Sanesecurity users are seeing, but it is definitely worth pursuing. Please let us know if changing the signatures helps clamd. > and an updated version of the file with the malformed lines removed is > available at: > >http://www.inetmsg.com/pub/securiteinfo.hdb Thanks! -Nigel -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
Bill Landry wrote: > Just to update this thread, RC1 compiles and installs without > error/issue on Fedora 10. The one thing I have noticed is that when I > stop the clamd service now (service clamd stop), I see the following in > the clamd.log: > >WARNING: Syncpipe write failed > > Here are all of the lines written to the log when clamd is stopped: > > Fri Feb 27 13:18:15 2009 -> WARNING: Syncpipe write failed > Fri Feb 27 13:18:16 2009 -> Pid file removed. > Fri Feb 27 13:18:16 2009 -> --- Stopped at Fri Feb 27 13:18:16 2009 > Fri Feb 27 13:18:16 2009 -> Socket file removed. > > Is this something I should be concerned about? Thanks, Bill, for posting this. You can safely ignore this message. We are aware of it (see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1433) and we expect that it will be addressed in the final release. -Nigel (left hand starting to work - I can now type with two hands for as much as 2 minutes before I have to give up in pain - X rays available on request ;-) ) -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
On 2009-02-27 22:58, McDonald, Dan wrote: > This is new. Is there another library that has been added to the > requirements? > > Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file > not found - unrar support unavailable > This is clamav's libclamunrar. If you've built without rar support .. it won't find it. However you can later build&install libclamunrar, and clamav will find, without rebuilding clamd/clamscan/libclamav. See https://wiki.clamav.net/Main/UpgradeNotes095#Packaging_and_Dependencies Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
On Fri, 27 Feb 2009 12:08:11 -0500 Nigel Horne wrote: > If you don't have access to a > test machine you can still help us by downloading it and checking that > it compiles and links on your platform. I successfully built RPMs in the usual way on my rather old Redhat 9 system. -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
Török Edwin wrote: > On 2009-02-27 22:58, McDonald, Dan wrote: >> This is new. Is there another library that has been added to the >> requirements? >> >> Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file >> not found - unrar support unavailable >> > > This is clamav's libclamunrar. If you've built without rar support .. it > won't find it. > However you can later build&install libclamunrar, and clamav will find, > without rebuilding clamd/clamscan/libclamav. > See https://wiki.clamav.net/Main/UpgradeNotes095#Packaging_and_Dependencies Not sure... Solaris 10 / Sparc... I had the same message. It disappears if I add "--disable-unrar" to configure options. Compiled this way : ./configure --prefix=/opt/clamav \ --enable-shared \ --disable-clamav ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
On Fri, 2009-02-27 at 23:34 +0200, Török Edwin wrote: > On 2009-02-27 22:58, McDonald, Dan wrote: > > This is new. Is there another library that has been added to the > > requirements? > > > > Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file > > not found - unrar support unavailable > > > > This is clamav's libclamunrar. If you've built without rar support .. it > won't find it. > However you can later build&install libclamunrar, and clamav will find, > without rebuilding clamd/clamscan/libclamav. > See https://wiki.clamav.net/Main/UpgradeNotes095#Packaging_and_Dependencies I created a separate package for it, and the message is no longer displayed. But I don't see "unrar support enabled" in the clamd logfile. Since the issue raised on the wiki with libunrar appears to be license, what license should I associate the package with? I assume this is wrong: [~]$ rpm -ql libclamav6-unrar /usr/lib/libclamunrar.so.6 /usr/lib/libclamunrar_iface.so.6 [~]$ rpm -qi libclamav6-unrar Name: libclamav6-unrar Relocations: (not relocatable) Version : 0.95 Vendor: Austin Energy Release : 1mdv2009.0Build Date: Fri 27 Feb 2009 04:58:10 PM CST Install Date: Fri 27 Feb 2009 05:02:09 PM CST Build Host: mcd.example.net Group : System/Libraries Source RPM: clamav-0.95-1mdv2009.0.src.rpm Size: 0License: GPL Signature : (none) URL : http://clamav.sourceforge.net/ Summary : Shared unrar libraries for clamav Description : This package contains the shared libclamav6 library for unrar support -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] 0.95 rc1 in Solaris 9
There is no stdinit.h in my system so clamdtop failed. I disabled the #include in the clamdtop.c code and it built and linked. Not sure what it might fail to do later. $ gcc --version gcc (GCC) 3.3.2 It built fine in RedHat Linux 2.6.9-67.0.15.EL, 32-bit Intel. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
Dennis Peterson wrote: > There is no stdinit.h in my system so clamdtop failed. I disabled the > #include > in the clamdtop.c code and it built and linked. Not sure what it might fail > to > do later. > > $ gcc --version > gcc (GCC) 3.3.2 > > It built fine in RedHat Linux 2.6.9-67.0.15.EL, 32-bit Intel. > > dp Fat fingers - that should be stdint.h. Sorry. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
You can use inttypes.h instead, but you'd do well to just upgrade to Solaris 10 as there are MANY good reasons to do so. Look up ZFS. Gary L. Burnore gburn...@databasix.com > -Original Message- > From: clamav-users-boun...@lists.clamav.net > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of > Dennis Peterson > Sent: Friday, February 27, 2009 6:46 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] 0.95 rc1 in Solaris 9 > > Dennis Peterson wrote: > > There is no stdinit.h in my system so clamdtop failed. I > disabled the > > #include in the clamdtop.c code and it built and linked. > Not sure what > > it might fail to do later. > > > > $ gcc --version > > gcc (GCC) 3.3.2 > > > > It built fine in RedHat Linux 2.6.9-67.0.15.EL, 32-bit Intel. > > > > dp > > Fat fingers - that should be stdint.h. Sorry. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
Gary L Burnore wrote: > You can use inttypes.h instead, but you'd do well to just upgrade to > Solaris 10 as there are MANY good reasons to do so. > > Look up ZFS. > > > Gary L. Burnore > gburn...@databasix.com > There are not enough reasons to do so - it's a very big job to drag a lot of user-level application support forward. I have Sol 10 installed on several other systems including the data store running ZFS. It is very nice! Regarding stdint.h, I'm surprised the code linked without it. I can't expect this to be the only surprise. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
Dennis Peterson wrote: > Regarding stdint.h, I'm surprised the code linked without it. I can't expect > this to be the only surprise. > stdint.h and other includes like stdio.h, unistd.h all define things found in the standard C library. GCC always links your program against the standard C library and even has some built-in replacements/support for functions in libc. In fact, IIRC, GCC will complain about improper use of certain libc functions even when the proper header file isn't included. I think that gcc-4.3.1 will require you to #include stdint.h but gcc-3.* implicitly defines things in stdint.h... And stdint.h defines typedefs, not functions that the program needs to link against. I am guessing you are missing stdint.h because you have an old libc. This is because of the overall age of the OS you are using which has already been mentioned. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
On Fri, 2009-02-27 at 14:58 -0600, McDonald, Dan wrote: > This is new. Is there another library that has been added to the > requirements? > > Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file > not found - unrar support unavailable > Dan, nothing to do actually with the subject but when viewing your post I see: Signature exists, but need public key When clicking on an icon next to the above a popup says - This message is signed with a signature but there is no corresponding public key - then the below: gpg: using character set `utf-8' gpg: armor: BEGIN PGP SIGNATURE gpg: armor header: Version: GnuPG v1.4.9 (GNU/Linux) :signature packet: algo 17, keyid 1AF842535DF3EC88 version 4, created 1235768333, md5len 0, sigclass 0x00 digest algo 2, begin of digest 2c fb hashed subpkt 2 len 4 (sig created 2009-02-27) subpkt 16 len 8 (issuer key ID 1AF842535DF3EC88) data: [158 bits] data: [160 bits] gpg: Signature made Fri 27 Feb 2009 02:58:53 PM CST using DSA key ID 5DF3EC88 gpg: requesting key 5DF3EC88 from hkp server pool.sks-keyservers.net gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found Looks like your public key can't be found unless I'm havng an issue here but this is the first time I've noticed something like this. Chris -- KeyID 0xE372A7DA98E6705C Live - Elton John - All Across The Havens [www.X1FM.com] (X1FM Classic Rock) signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
