Re: [clamav-users] Problem while combining clamav-milter 0.97 and sendmail
2011/3/13 :
> Message: 1
> Date: Sun, 13 Mar 2011 00:13:42 +0800
> From: Michael Wu
> Subject: [clamav-users] Problem while combining clamav-milter 0.97 and
> sendmail
> To: clamav-users@lists.clamav.net
> Message-ID:
>
> Content-Type: text/plain; charset=UTF-8
>
> Hello,
>
> I'm running clamav 0.97 on Fedora 13. Everything is fine if I just do
> a manual virus scan or virus database update. When I try to combine
> clamav-milter and sendmail, I run into some problems. Because there is
> a big difference between clamav 0.97 and the old version, it is hard
> to google some helpful information about clamav 0.97.
>
> 1. I have added the following 2 macros in sendmail.mc and compiled to
> generate sendmail.cf, but I still get ".. Message from to
> infected by Worm .." in the clamav-milter.log. How can I
> do to change into the recipient address?
>
> define(`confMILTER_MACROS_ENVFROM', `i, {auth_type}, {auth_authen},
> {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr},
> {rcpt_addr}')
>
> define(`confMILTER_MACROS_EOM', `{msg_id},?{mail_addr}, {rcpt_addr}, i')
>
> 2. Can we change the location of the quarantine folder and where if
> possible? The present location is "/var/spool/mqueue".
>
> 3. Can we enable virus alert mail and where if possible?
>
> Thank you for your assistance.
>
> Michael
>
Thanks Richard ( lists-clamav ) to give me some hints that I can clean
the quarantined mails with the command "qtool.pl -d -Q
/var/spool/mqueue". On Fedora 13, the sendmail-doc rpm must be
installed to get "qtool.pl". Because I am not an expert in coding,
where can I get a sample script file for VirusAction that I can modify
it to meet my needs ? Thank you for your assistance.
Michael
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamav-users] Upgrade 0.95.3 to 0.97
Em 14-03-2011 16:14, Brian Morrison escreveu: On Mon, 14 Mar 2011 15:15:09 -0300 Clovis Tristao wrote: How do I upgrade ClamAV version 0.95.3 package for Fedora 12 in ClamAV 0.97 tar.gz? There is a version 0.97 in yum package for this version of Fedora? It's fairly simple to do, you need to install the source rpm for the newest version of Clamav, then create a new directory for the source of 0.97 and copy any patches in the source rpm into this directory. Modify the version in the spec file, and then do an rpmbuild -bb clamav.spec which will build the new versions. You may then need to edit the .conf files for clamd and freshclam if you use them, an easy way of doing that is using meld to see the diffs between the files you have and the .rpmnew files created by the rpm build process. Doesn't take long to do, each new clamav update takes me about 10 minutes to have the new daemons installed and running. Hi Folks, I have try to upgrade, thanks a lot. Clóvis -- Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola Administrador de Redes - Secao de Informatica (SINFO) E-mail: clo...@feagri.unicamp.br http://www.feagri.unicamp.br MSN: clovis_trista...@hotmail.com Fone: 55(19) 35211031-35211038-91173116 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Problem while combining clamav-milter 0.97 and sendmail
* Michael Wu wrote: > Thanks Richard ( lists-clamav ) to give me some hints that I can clean > the quarantined mails with the command "qtool.pl -d -Q > /var/spool/mqueue". On Fedora 13, the sendmail-doc rpm must be > installed to get "qtool.pl". Because I am not an expert in coding, > where can I get a sample script file for VirusAction that I can modify > it to meet my needs ? Thank you for your assistance. Clamav Unified Event System (CLUES) http://www.cmpublishers.com/oss :-) -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Improving Scan Speeds on OS X.4.11
Hello, I'm running clamav 0.965 on a G5 (1 processor) with OS X Server 10.4.11. Clamav runs as root. This machine is primarily used as a file server, with a mixture of OS X and Windows clients. A launchdaemon automatically kicks off an overnight scan by sending a command to clamdscan. Only directories that are used by the Windows machines are scanned. Because of the huge volume of data being scanned (70 Gb), the scan takes about 6 hours to complete. Is there a practical way to reduce the scan time? Thanks. - Russ Tyndall Wake Forest, NC ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
Add RAM if you haven't maxed it out yet. Purchase a faster, Intel Mac. Apple has not supported your OS since 2009 and seems to have removed support for PPC Macs from a software development standpoint. -Al- -- Al Varnell Mountain View, CA On 3/15/11 12:21 PM, "Russ Tyndall" wrote: > I'm running clamav 0.965 on a G5 (1 processor) with OS X Server 10.4.11. > Clamav runs as root. This machine is primarily used as a file server, with a > mixture of OS X and Windows clients. > > A launchdaemon automatically kicks off an overnight scan by sending a command > to clamdscan. Only directories that are used by the Windows machines are > scanned. > > Because of the huge volume of data being scanned (70 Gb), the scan takes about > 6 hours to complete. > > Is there a practical way to reduce the scan time? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
Russ, Look at your config file. You don't need to scan all more than probably 200KB of a file. If you're using google; don't. It will help for email but probably will not help finding badness on a file server. Likewise with unofficials. Not all unofficials are appropriate for your application. Lastly when you complied you clamd what compiler options did you pick? Tom On Mar 15, 2011, at 3:21 PM, Russ Tyndall wrote: > Hello, > > I'm running clamav 0.965 on a G5 (1 processor) with OS X Server 10.4.11. > Clamav runs as root. This machine is primarily used as a file server, with a > mixture of OS X and Windows clients. > > A launchdaemon automatically kicks off an overnight scan by sending a command > to clamdscan. Only directories that are used by the Windows machines are > scanned. > > Because of the huge volume of data being scanned (70 Gb), the scan takes > about 6 hours to complete. > > Is there a practical way to reduce the scan time? > > Thanks. > > - > Russ Tyndall > Wake Forest, NC > > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
On Mar 15, 2011, at 12:21 PM, Russ Tyndall wrote: > Because of the huge volume of data being scanned (70 Gb), the scan takes > about 6 hours to complete. > > Is there a practical way to reduce the scan time? As Al noted, 10.4 is about six years old-- released April 2005, last patch was 10.4.11 in Nov 2007. One thing you might consider doing is using "find /location -mtime 1" to generate a list of which files have been modified over the past day, and only scanning these via clamdscan -f. Doing this safely depends on whether files can spoof their last-modified timestamp, which depends on how the fileserver is being accessed by clients. If additional safety is required, you can use tools like tripwire, which create checksums of the content and can thus identify files which have changed regardless of the mtime, and use that to generate the list of changed filed to be re-scanned. Regards, -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
On Tue, 2011-03-15 at 13:51 -0700, Chuck Swiger wrote: > On Mar 15, 2011, at 12:21 PM, Russ Tyndall wrote: > > Because of the huge volume of data being scanned (70 Gb), the scan takes > > about 6 hours to complete. > > > > Is there a practical way to reduce the scan time? > > As Al noted, 10.4 is about six years old-- released April 2005, last patch > was 10.4.11 in Nov 2007. > > One thing you might consider doing is using "find /location -mtime 1" to > generate a list of which files have been modified over the past day, and only > scanning these via clamdscan -f. > > Doing this safely depends on whether files can spoof their last-modified > timestamp, which depends on how the fileserver is being accessed by clients. > If additional safety is required, you can use tools like tripwire, which > create checksums of the content and can thus identify files which have > changed regardless of the mtime, and use that to generate the list of changed > filed to be re-scanned. > > Regards, find /location -mtime -1 = modified less than a day ago... Steve -- Steve Holdoway BSc(Hons) MNZCS http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
On Mar 15, 2011, at 3:37 PM, Al Varnell wrote: > Add RAM if you haven't maxed it out yet. > > Purchase a faster, Intel Mac. Apple has not supported your OS since 2009 > and seems to have removed support for PPC Macs from a software development > standpoint. Shucks, I would be thrilled with an older PowerPC Mac as long as it had dual processors. In some very unscientific testing with a dual processor G5, when I call clamdscan -m, the scan times improve by 75%. I tested clamdscan -m on the single processor G5 I am working with it but there was only minor scan time improvement and the CPU spiked at 100% for the duration of the scan. This environment is stuck with 10.4 indefinitely. - Russ Tyndall Wake Forest, NC ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
On Mar 15, 2011, at 4:48 PM, TR Shaw wrote: > Look at your config file. You don't need to scan all more than probably 200KB > of a file. So you are suggesting I use the MaxScanSize directive to limit scans to the first 200KB of each file? (i.e., add a line to clamd.conf: MaxScanSize 200KB). I imagine that would speed things up nicely :-) > If you're using google; don't. It will help for email but probably will not > help finding badness on a file server. Likewise with unofficials. Not all > unofficials are appropriate for your application. Sorry, Tom, I don't have the knowledge to understand this. > > Lastly when you complied you clamd what compiler options did you pick? I updated the bzip-related libraries and made sure I was using GCC 3.3. LDFLAGS="-O3 -L/opt/local/lib" ./configure --prefix=/usr/local --mandir=/usr/local/share/man --sysconfdir=/private/etc/spam/clamav/new --enable-bigstack --with-user=clamav --enable-static --with-group=clamav --with-dbdir=/var/clamav --datadir=/var/clamav Then, make and install. - Russ Tyndall Wake Forest, NC ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
On Mar 15, 2011, at 6:56 PM, Russ Tyndall wrote: > > On Mar 15, 2011, at 4:48 PM, TR Shaw wrote: > >> Look at your config file. You don't need to scan all more than probably >> 200KB of a file. > > So you are suggesting I use the MaxScanSize directive to limit scans to the > first 200KB of each file? (i.e., add a line to clamd.conf: MaxScanSize > 200KB). > > I imagine that would speed things up nicely :-) > Yes. Pick a size you feel comfy with but I believe there are few signatures that span large file sizes. You might want to override this once a week to check large zip/gz files but in general this should be good. Let me know how it helps. > >> If you're using google; don't. It will help for email but probably will not >> help finding badness on a file server. Likewise with unofficials. Not all >> unofficials are appropriate for your application. > > Sorry, Tom, I don't have the knowledge to understand this. If you haven't enabled this in your config or added other sigs then just ignore me here ;-) > >> >> Lastly when you complied you clamd what compiler options did you pick? > > I updated the bzip-related libraries and made sure I was using GCC 3.3. > > LDFLAGS="-O3 -L/opt/local/lib" > > ./configure --prefix=/usr/local --mandir=/usr/local/share/man > --sysconfdir=/private/etc/spam/clamav/new --enable-bigstack > --with-user=clamav --enable-static --with-group=clamav > --with-dbdir=/var/clamav --datadir=/var/clamav > > Then, make and install. > That's probably as good as you can do for now. If you can get a 10.5 lics then do it as 10.5 fixes some low level process switch slowdowns that were in Tiger. It isn't a panacea but it should help a bit also. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] daily.cvd Corruption
Several users complained after initial installation of ClamXav that they were getting the following results: > main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) > Downloading daily.cvd [100%] > ERROR: Verification: Can't verify database integrity > Giving up on database.clamav.net... > Update failed. Your network may be down or none of the mirrors listed in > /usr/local/clamXav/etc/freshclam.conf is working. Check > http://www.clamav.net/support/mirror-problem for possible reasons. > Since I wasn't having any problems with incremental updates, I removed daily.cld from my database and reran with the same results they had. Seems that you daily.cvd is corrupt. -Al- -- Al Varnell Mountain View, CA ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Downloading daily.cvd seems to be corrupt
Hi folks, The daily.cvd file appears to be corrupt. The diff files are ok, so scripted updates still work fine, but for people who have scripted updates turned off (or have no defs to begin with) running freshclam fails. Mark [colossus] mark% freshclam -v Current working dir is /usr/local/share/clamav Max retries == 3 ClamAV update process started at Tue Mar 15 23:01:04 2011 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 444 Software version from DNS: 0.97 main.cvd version from DNS: 53 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) Retrieving http://database.clamav.net/daily.cvd Trying to download http://database.clamav.net/daily.cvd (IP: 217.135.32.99) Downloading daily.cvd [100%] ERROR: Verification: Can't verify database integrity Trying again in 5 secs... ClamAV update process started at Tue Mar 15 23:01:10 2011 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 439 Software version from DNS: 0.97 main.cvd version from DNS: 53 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) Retrieving http://database.clamav.net/daily.cvd Trying to download http://database.clamav.net/daily.cvd (IP: 163.1.3.8) Downloading daily.cvd [100%] ERROR: Verification: Can't verify database integrity Trying again in 5 secs... ClamAV update process started at Tue Mar 15 23:01:15 2011 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 433 Software version from DNS: 0.97 main.cvd version from DNS: 53 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) Retrieving http://database.clamav.net/daily.cvd Trying to download http://database.clamav.net/daily.cvd (IP: 81.91.100.173) Downloading daily.cvd [100%] ERROR: Verification: Can't verify database integrity Giving up on database.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. [colossus] mark% ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Downloading daily.cvd seems to be corrupt [ignore last]
...and of course, it's working again now - before my message even hits the mailing list. Sorry! Mark ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
On 3/15/11 1:51 PM, "Chuck Swiger" wrote: > As Al noted, 10.4 is about six years old-- released April 2005, last patch was > 10.4.11 in Nov 2007. > True enough. Apple's rule of thumb is that they only support the current and one previous release which would have made 10.4 unsupported when 10.6 was release in Aug 2009. I usually judge OS support by security updates. The last Java update was Release 9 (Jun 2009) and the last Security update was 2009-005 (Sep 2009), although I see they continued to update compatible versions of iTunes 9.2.1 (Jul 2010) and Safari 4.1.2 (Sep 2010) after that. -Al- -- Al Varnell Mountain View, CA ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
