Re: [Clamav-users] Latest daily.cld update causes segfault
> See http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html Interesting. My OpenBSD-CURRENT-ish (32-bit) system loaded the flawed update, but did not have issues. It's running 0.95.3 for the moment. Fri May 7 03:27:19 2010 -> Trying host db.us.clamav.net (213.165.80.159)... Fri May 7 03:27:20 2010 -> Downloading daily-10936.cdiff [100%] Fri May 7 03:27:20 2010 -> Downloading daily-10937.cdiff [100%] Fri May 7 03:27:20 2010 -> Downloading daily-10938.cdiff [100%] Fri May 7 03:27:23 2010 -> daily.cld updated (version: 10938, sigs: 63540, f-level: 51, builder: edwin) Not that I'm complaining, of course. :) Benny -- Me: 'How big a monster can you take out with one of those? Would you win a fight with Godzilla?' Jim: 'You could disassemble Godzilla at a range of seven miles.' -- Blog entry about the 76mm Melera, a gun on a US Navy Perry-class frigate that Somali pirates tried to seize ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-milter not properly detecting viruses
>> On 10.08.10 06:35, Steve Thompson wrote: >>> Clamav-milter is used to check incoming e-mail. There are many examples >>> that are passed as clean and delivered, with these headers inserted: >>> >>> X-Virus-Scanned: clamav-milter 0.96.1 at >>> X-Virus-Status: Clean >>> >>> However, a clamscan of the delivered messages (maildir format) reveals >>> that they are not clean: >>> >>> : Trojan.Agent-167068 FOUND >>> >>> How is this possible? >> >> it's possible that the signature was not available at the time mail was >> received but it is available now. > > Yes, this is true in general, but in my case the available signatures were > the same in both cases (clamscan was run only an hour or two after the > e-mail had been delivered, and the clamscan was run on the same system > that delivered the e-mail, and freshclam had not been run in the > meantime). I forget whether clamav-milter uses clamd, but I notice that you ran *clamscan* instead of *clamdscan*. Clamscan will load up the databases itself, so there exists the possibility that it's using *different* databases than clamd/clamav-milter is. Benny -- "Something's going on in this house - last night, I saw a face!" "Did it have a nose?" "Yes!" "That sounds like a face all right." -- Scary Movie 4 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-milter not properly detecting viruses
>> I forget whether clamav-milter uses clamd, but I notice that you >> ran *clamscan* instead of *clamdscan*. Clamscan will load up >> the databases itself, so there exists the possibility that it's >> using *different* databases than clamd/clamav-milter is. > > You're right; I used clamscan and not clamdscan. The latter cannot be used > in this instance, because clamd does not have sufficient privileges to > read the files from within a user account (even if run as root), whereas > clamscan can be run directly as the user. If that's the case, I'd make sure your clamscan is using the database you think it is; likewise for clamav-milter. To me, it sounds like you have two versions of the ClamAV database on your system, one that's getting updated and one that's not. Benny -- "Something's going on in this house - last night, I saw a face!" "Did it have a nose?" "Yes!" "That sounds like a face all right." -- Scary Movie 4 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] freshclam 0.96.4 retrying too fast when no route exists to update server
Hey folks, I ran into an interesting situation just a bit ago while building a new mail server. I did not have my firewall rules ready yet, so freshclam was not able to retrieve the databases. Unfortunately, though, it did not fail gracefully: [r...@host ~]# head -3 /var/log/freshclam.log ; echo "" ; tail -3 /var/log/freshclam.log Tue Nov 23 18:52:32 2010 -> -- Tue Nov 23 18:52:32 2010 -> freshclam daemon 0.96.4 (OS: openbsd4.8, ARCH: x86_64, CPU: x86_64) Tue Nov 23 18:52:32 2010 -> ClamAV update process started at Tue Nov 23 18:52:32 2010 Tue Nov 23 18:52:39 2010 -> Trying host db.us.clamav.net (213.165.80.159)... Log size = 12582977, max = 12582912 LOGGING DISABLED (Maximal log file size exceeded). [r...@host ~]# wc -l /var/log/freshclam.log 142451 /var/log/freshclam.log Yes, that's right - in *seven seconds*, it wrote out 142,000+ log entries and managed to disable logging due to the log's new *12MB* size. Now, obviously this is my bad, as I didn't give freshclam a chance. However, it shouldn't retry 47,482 times (literally) in seven seconds when it doesn't have a route to host: Tue Nov 23 18:52:32 2010 -> freshclam daemon 0.96.4 (OS: openbsd4.8, ARCH: x86_64, CPU: x86_64) Tue Nov 23 18:52:32 2010 -> ClamAV update process started at Tue Nov 23 18:52:32 2010 Tue Nov 23 18:52:32 2010 -> nonblock_connect: connect(): fd=6 errno=65: No route to host Tue Nov 23 18:52:32 2010 -> Can't connect to port 80 of host db.us.clamav.net (IP: 155.98.64.87) Tue Nov 23 18:52:32 2010 -> Trying host db.us.clamav.net (213.165.80.159)... Tue Nov 23 18:52:32 2010 -> nonblock_connect: connect(): fd=6 errno=65: No route to host Tue Nov 23 18:52:32 2010 -> Can't connect to port 80 of host db.us.clamav.net (IP: 213.165.80.159) Tue Nov 23 18:52:32 2010 -> Trying host db.us.clamav.net (213.165.80.159)... Tue Nov 23 18:52:32 2010 -> nonblock_connect: connect(): fd=6 errno=65: No route to host ... etc etc etc This is 0.96.4 on OpenBSD -CURRENT on amd64 architecture. I know 0.96.5 is due out shortly, but I don't recall seeing any similar issues on the mailing list so I don't know if this is a known issue. This is a config file I've used over several versions, so perhaps there is something wrong there? Here are the non-default, uncommented lines from freshclam.conf: DatabaseDirectory /var/db/clamav UpdateLogFile /var/log/freshclam.log LogFileMaxSize 12M LogTime yes DatabaseOwner _clamav AllowSupplementaryGroups yes DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.us.clamav.net DatabaseMirror database.clamav.net Checks 13 NotifyClamd /etc/clamd.conf Please let me know if there's any other information you might need to help track this down... Thanks! Benny -- "No matter how many shorts we have in the system, my guards will be instructed to treat every surveillance camera malfunction as a full-scale emergency." -- Peter Anspach's Evil Overlord List, #67 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] freshclam 0.96.4 retrying too fast when no route exists to update server
> This is already fixed for the upcoming 0.96.5: > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2389 Fantastic. Thanks, Edwin! Benny -- "No matter how many shorts we have in the system, my guards will be instructed to treat every surveillance camera malfunction as a full-scale emergency." -- Peter Anspach's Evil Overlord List, #67 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Source RPM for RHEL?
Hey folks, So, I can't seem to find an SRPM for RHEL that actually matches its checksum, which makes me a bit .. uneasy, given the nature of the software. The RPMforge one fails its MD5 sum check. The second site listed on clamav.net doesn't even have it that I could find. Are there any official SRPMs out there? Anyone know how to contact the RPMforge folks to look into their package? Thanks! Benny -- "Open your door, or I open your wall." -- Seen on an image on fukung.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Source RPM for RHEL?
> On 2011-08-23 21:48, C. Bensend wrote: >> >> Hey folks, >> >>So, I can't seem to find an SRPM for RHEL that actually matches >> its checksum, which makes me a bit .. uneasy, given the nature >> of the software. >> >>The RPMforge one fails its MD5 sum check. The second site listed >> on clamav.net doesn't even have it that I could find. > > You have to import the repository's key, and then it works: > > $ wget http://pkgs.repoforge.org/clamav/clamav-0.97.2-1.rf.src.rpm > $ wget http://apt.sw.be/RPM-GPG-KEY.dag.txt > $ rpm --import RPM-GPG-KEY.dag.txt > $ rpm -K clamav-0.97.2-1.rf.src.rpm > clamav-0.97.2-1.rf.src.rpm: (sha1) dsa sha1 md5 gpg OK > > If you get something else maybe your download got corrupted. Thanks for that... However, I still get the same problem: rpm -ivh clamav-0.97.2-1.rf.src.rpm 1:clamavwarning: user dag does not exist - using root warning: group dag does not exist - using root ### [100%] error: unpacking of archive failed on file /home/rpm/SOURCES/clamav-0.97.2.tar.gz;4e53fe2c: cpio: MD5 sum mismatch (I hand-transcribed that but I think it's accurate) I *did* verify the signature on the RPM, that worked fine. Benny -- "Open your door, or I open your wall." -- Seen on an image on fukung.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Source RPM for RHEL?
> On 2011-08-23 22:27, C. Bensend wrote: >> >>> On 2011-08-23 21:48, C. Bensend wrote: >>>> >>>> Hey folks, >>>> >>>>So, I can't seem to find an SRPM for RHEL that actually matches >>>> its checksum, which makes me a bit .. uneasy, given the nature >>>> of the software. >>>> >>>>The RPMforge one fails its MD5 sum check. The second site listed >>>> on clamav.net doesn't even have it that I could find. >>> >>> You have to import the repository's key, and then it works: >>> >>> $ wget http://pkgs.repoforge.org/clamav/clamav-0.97.2-1.rf.src.rpm >>> $ wget http://apt.sw.be/RPM-GPG-KEY.dag.txt >>> $ rpm --import RPM-GPG-KEY.dag.txt >>> $ rpm -K clamav-0.97.2-1.rf.src.rpm >>> clamav-0.97.2-1.rf.src.rpm: (sha1) dsa sha1 md5 gpg OK >>> >>> If you get something else maybe your download got corrupted. >> >> Thanks for that... However, I still get the same problem: >> >> rpm -ivh clamav-0.97.2-1.rf.src.rpm >>1:clamavwarning: user dag does not exist - using root >> warning: group dag does not exist - using root >> ### [100%] >> error: unpacking of archive failed on file >> /home/rpm/SOURCES/clamav-0.97.2.tar.gz;4e53fe2c: cpio: MD5 sum mismatch >> >> (I hand-transcribed that but I think it's accurate) > > I think this is because your RPM lacks SHA256 support, and the .src.rpm > uses SHA256: > https://bugzilla.redhat.com/show_bug.cgi?id=490613 > > If I try your rpm -ihv command on a RHEL 5.x box indeed I get same error > as you, > if I try it on something modern like Fedora 14 its all OK. > > Just use rpm --no-md5 -ihv for now, you verified the digital signature > with -K > so it should be fine. OK, I used --nomd5, that worked. If the second site listed on clamav.net for the SRPMs is dead, can it be removed? Thanks so much! Benny -- "Open your door, or I open your wall." -- Seen on an image on fukung.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav suddenly died on several boxes
> Same here, three servers. Had this happen a few weeks ago on one of > those servers, but I thought it was an isolated incident.. Well, on the opposite end of the spectrum, all four of my OpenBSD servers running 0.90.1 got the update just fine, and none of them died. I saw a few complaints in the freshclam log about not being able to download the update, but they all chugged right along and got it a bit later. Since 0.9x, I haven't had _any_ of my clamd or freshclam processes die. Benny -- I've said it before and I'll say it again: If I ever catch a spammer, I will hang him upside down with rusty barbed wire by his nether-regions over a pit of rabid lawyers who haven't eaten in days... -- Benjamin A. Shelton ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd 0.93.2 dying on CentOS 5.2 x86_x64
Hey folks,
Yesterday's yum update to the latest version of ClamAV on my
mailserver doesn't seem to be doing real great for me... clamd
is dying every now and again (I don't know that it's lasted more
than a few hours so far):
clone(Process 20592 attached
child_stack=0x40f56250,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0x40f569d0, tls=0x40f56940, child_tidptr=0x40f569d0) = 20592
[pid 19320] poll(
[pid 20592] set_robust_list(0x40f569e0, 0x18) = 0
[pid 20592] rt_sigprocmask(SIG_SETMASK, ~[ILL BUS FPE SEGV RTMIN RT_1],
NULL, 8) = 0
[pid 20592] poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 30) = 1
[pid 20592] recvfrom(7, "PING", 1024, MSG_PEEK, NULL, NULL) = 4
[pid 20592] recvfrom(7, "PING", 1024, 0, NULL, NULL) = 4
[pid 20592] sendto(7, "PONG\n", 5, 0, NULL, 0) = 5
[pid 20592] shutdown(7, 2 /* send and receive */) = 0
[pid 20592] close(7)= 0
[pid 20592] clock_gettime(CLOCK_REALTIME, {1215698173, 143555000}) = 0
[pid 20592] futex(0x1b3ec8ac, FUTEX_WAIT, 15, {29, 856445000}) = -1
ETIMEDOUT (Connection timed out)
[pid 20592] futex(0x1b3ec880, FUTEX_WAKE, 1) = 0
[pid 20592] _exit(0)= ?
Process 20592 detached
<... poll resumed> [{fd=5, events=POLLIN, revents=POLLIN}, {fd=6,
events=POLLIN}], 2, -1) = 1
fstat(5, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
accept(5, 0, NULL) = 7
clone(Process 20745 attached
child_stack=0x40f56250,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0x40f569d0, tls=0x40f56940, child_tidptr=0x40f569d0) = 20745
[pid 19320] poll(
[pid 20745] set_robust_list(0x40f569e0, 0x18) = 0
[pid 20745] rt_sigprocmask(SIG_SETMASK, ~[ILL BUS FPE SEGV RTMIN RT_1],
NULL, 8) = 0
[pid 20745] poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 30) = 1
[pid 20745] recvfrom(7, "PING", 1024, MSG_PEEK, NULL, NULL) = 4
[pid 20745] recvfrom(7, "PING", 1024, 0, NULL, NULL) = 4
[pid 20745] sendto(7, "PONG\n", 5, 0, NULL, 0) = 5
[pid 20745] shutdown(7, 2 /* send and receive */) = 0
[pid 20745] close(7)= 0
[pid 20745] clock_gettime(CLOCK_REALTIME, {1215698353, 203799000}) = 0
[pid 20745] futex(0x1b3ec8ac, FUTEX_WAIT, 17, {29, 796201000}) = -1
ETIMEDOUT (Connection timed out)
[pid 20745] futex(0x1b3ec880, FUTEX_WAKE, 1) = 0
[pid 20745] _exit(0)= ?
Process 20745 detached
<... poll resumed> [{fd=5, events=POLLIN, revents=POLLIN}, {fd=6,
events=POLLIN}], 2, -1) = 1
fstat(5, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
accept(5, 0, NULL) = 7
clone(Process 20922 attached
child_stack=0x40f56250,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0x40f569d0, tls=0x40f56940, child_tidptr=0x40f569d0) = 20922
[pid 19320] poll(
[pid 20922] set_robust_list(0x40f569e0, 0x18) = 0
[pid 20922] rt_sigprocmask(SIG_SETMASK, ~[ILL BUS FPE SEGV RTMIN RT_1],
NULL, 8) = 0
[pid 20922] poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 30) = 1
[pid 20922] recvfrom(7, "PING", 1024, MSG_PEEK, NULL, NULL) = 4
[pid 20922] recvfrom(7, "PING", 1024, 0, NULL, NULL) = 4
[pid 20922] sendto(7, "PONG\n", 5, 0, NULL, 0) = 5
[pid 20922] shutdown(7, 2 /* send and receive */) = 0
[pid 20922] close(7)= 0
[pid 20922] clock_gettime(CLOCK_REALTIME, {1215698533, 79357000}) = 0
[pid 20922] futex(0x1b3ec8ac, FUTEX_WAIT, 19, {29, 920643000}) = -1
ETIMEDOUT (Connection timed out)
[pid 20922] futex(0x1b3ec880, FUTEX_WAKE, 1) = 0
[pid 20922] _exit(0)= ?
Process 20922 detached
<... poll resumed> [{fd=5, events=POLLIN, revents=POLLIN}, {fd=6,
events=POLLIN}], 2, -1) = 1
fstat(5, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
accept(5, 0, NULL) = 7
clone(Process 21100 attached
child_stack=0x40f56250,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0x40f569d0, tls=0x40f56940, child_tidptr=0x40f569d0) = 21100
[pid 19320] write(3, "Thu Jul 10 09:05:13 2008 -> No s"..., 73) = 73
[pid 19320] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3543,
...}) = 0
[pid 19320] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3543,
...}) = 0
[pid 19320] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3543,
...}) = 0
[pid 19320] sendto(4, "<182>Jul 10 09:05:13 clamd[19320"..., 80,
MSG_NOSIGNAL, NULL, 0) = 80
[pid 19320] write(1, "No stats for Database check - fo"..., 45) = 45
[pid 19320] write(3, "Thu Jul 10 09:05:13 2008 -> Read"..., 63) = 63
[pid 19320] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3543,
...}) = 0
[pid 19320] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3543,
...}) = 0
[pid 19320] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3543,
...}) = 0
[pid
Re: [Clamav-users] clamd 0.93.2 dying on CentOS 5.2 x86_x64
> 0.93.2 had a pretty serious bug dealing with older definitions I believe. > From the log, it looks like that is what your problem is. Try upgrading to > 0.93.3. I absolutely will; it's just not available via my channels yet. Thanks, Benny -- "If I could drop dead right now, I'd be the happiest man alive!" --Samuel Goldwyn ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamdscan / clamscan / --move option
Hey folks, I am just starting to use ClamAV on an OpenBSD 3.5-STABLE machine, and I needed to verify a thing or two. I am running clamd and freshclam successfully. I'd like to use clamdscan to speed things up, but it doesn't appear to support the --move option that clamscan does. It points me to clamd.conf, which doesn't mention anything about a config file option for --move functionality. However, in the README, it's implied that if invalid options are passed to clamdscan, the error message should refer the user to clamscan if those options are available there. If 'clamdscan --move whatever' points me to clamd.conf, is that functionality present in clamd/clamdscan? Or is this a documentation oops, and I will need to use clamscan? Thanks much! Benny -- "Fry cracked corn, and I don't care, Leela cracked corn, and still don't care, Bender cracked corn, and he is great! Take THAT you stupid corn!" -- Bender, Futurama ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamdscan / clamscan / --move option
> Adding "--move" feature to clamd/clamdscan is on the "TODO" list for > 0.81 version. Excellent. Thank you! :) > Until it is added, you'll have to use clamscan. Note though, that if you > scan many files at once (with one launching of clamscan), performance > increasing thanks to using clamdscan instead of clamscan - is > negligible (because the program and the database are loaded only one > time). Yes, I just noticed that last night - until then, my performance tests had been on small amounts of files, where the difference is quite large (12s -vs- 0.5s, etc). However, when I opened up clamscan and clamdscan on a real directory (114,000 files), the totals were like 38m (clamscan) -vs- 34m (clamdscan). Thanks for the information! Benny -- "Fry cracked corn, and I don't care, Leela cracked corn, and still don't care, Bender cracked corn, and he is great! Take THAT you stupid corn!" -- Bender, Futurama ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamdscan / clamscan / --move option
> Or as a workaround, clamd can be wrapped in a shell script which will > move the infected files to a quarantine directory. I'm assuming you meant 'clamdscan' above? I thought about that, but I don't think I need to worry that much about using one over the other yet. I was mostly concerned with whether I was missing something about clamdscan options. Benny -- "Fry cracked corn, and I don't care, Leela cracked corn, and still don't care, Bender cracked corn, and he is great! Take THAT you stupid corn!" -- Bender, Futurama ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] --move function and file attributes. . .
> Already fixed in CVS: > > Tue Nov 23 23:23:45 CET 2004 (tk) > - > * clamscan: --move: preserve original access and modification times > (requested by Tomasz Papszun); optimise Out of hopeful curiousity, will this also be the case for the upcoming addition of --move to clamdscan? :) Benny -- "Fry cracked corn, and I don't care, Leela cracked corn, and still don't care, Bender cracked corn, and he is great! Take THAT you stupid corn!" -- Bender, Futurama ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] --move function and file attributes. . .
>> Out of hopeful curiousity, will this also be the case for the upcoming >> addition of --move to clamdscan? :) > > Done. > > Mon Nov 29 00:23:55 CET 2004 (tk) > - > * clamdscan: added support for --move and --remove options Thank you very much, Tomasz. It's greatly appreciated. :) Benny -- "Fry cracked corn, and I don't care, Leela cracked corn, and still don't care, Bender cracked corn, and he is great! Take THAT you stupid corn!" -- Bender, Futurama ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
> # ls -l /usr/ccs/bin/ar > -r-xr-xr-x 1 root bin30140 May 10 2004 /usr/ccs/bin/ar OK. > # echo $PATH > /usr/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/bin:/usr/ucb:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin OK again. What does 'which ar' say? -- "Fry cracked corn, and I don't care, Leela cracked corn, and still don't care, Bender cracked corn, and he is great! Take THAT you stupid corn!" -- Bender, Futurama ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OpenBSD 3.6 (and others?) build problem
>> Could someone offer me some assistance so I can find out where this is >> breaking for me? I use the unofficial port, and it works great. I had to do some pthread and lib fiddling to get it to build natively on my 3.6 machines. Benny -- "... i want to be a farting burping maniac." -- "kerry", on MentalDischarge ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OpenBSD 3.6 (and others?) build problem
> There are some environment variable that you can set to specify > arguments to gcc, such as additional include paths and additional > library paths. Something like: > CFLAGS="-I/usr/local/include -L/usr/local/lib" > > I don't often have to specify them, so I can't remember exactly what > they are, but if you google around, you ought to be able to find it. I think that's pretty much what I did - I don't recall exactly right now; I'm on the road for work. IIRC ClamAV wasn't picking up on the packages installed (curl was one, don't recall the other - perhaps db?) in /usr/local. Benny -- "... i want to be a farting burping maniac." -- "kerry", on MentalDischarge ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] How does freshclam execute OnUpdateExecute program?
Hey folks, I'm working on a new server, and things are running beautifully. I did, however, notice something I thought was a little odd... I wrote a pair of shell scripts that will email me an alert when freshclam updates the database successfully, and also if it fails. I tested, and it worked perfectly. ... Until I set the user (_qscand) that clamd/freshclam run as to have a restricted (/sbin/nologin) shell, that is. Then, I didn't get any further alerts. Just to make sure I wasn't smoking the bad crack, I changed the shell back to bash, and I got alerts again. How does freshclam actually execute this command? Is there a way around this? I'd rather run that user without a real shell if possible. If not, no huge deal, but it would be nice. Also, a tiny feature request - it would have been much easier to debug this issue I'm having, if freshclam could log when it attempts to run the OnUpdateExecute or OnErrorExecute commands. :) Thanks much! Benny ps: OpenBSD 3.6-STABLE, ClamAV 0.80 running as _qscand user, freshclam running in daemon mode -- "... i want to be a farting burping maniac." -- "kerry", on MentalDischarge ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] How does freshclam execute OnUpdateExecute program?
> This is the way I do it: > OnUpdateExecute BASH_ENV=~clamav/.bashrc HOME=~clamav > /usr/local/bin/propagate_bd_clamav.sh | mail [EMAIL PROTECTED] -s "Freshclam > update $HOSTNAME" > OnErrorExecute tail /var/log/clamav/freshclam.log | mail [EMAIL PROTECTED] -s > "Freshclam error $HOSTNAME" > > propagate_bd_clamav.sh is a /bin/bash script that propagates the cvds to > other servers via sftp. that way they don't have to download it again. it > prints out its results to stdout, so it gets delivered by mail to > [EMAIL PROTECTED] > User clamav doesn't have a valid shell and I had to add the env variables > to > make it work. Hi Samuel, Hmmm... Do you recall if you got an error message before you added the BASH_ENV stuff? I'm not getting any errors at all - it's just like nothing ever happened, even though both freshclam and clamd both report the database update. Also, what do you have in the .bashrc, if you don't mind me asking? Thanks! Benny -- "... i want to be a farting burping maniac." -- "kerry", on MentalDischarge ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] problems compiling
> I'm running OpenBSD 3.1 and have ClamAV 0.60 - should have upgraded long > ago... Yes. Both ClamAV _and_ the OS. They're working on 3.7 now. ;) > I can't get ClamAV 0.80 to compile with the following error: > > gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c > mbox.c > -Wp,-MD,.deps/mbox.TPlo -o mbox.o > mbox.c:568: curl/curl.h: No such file or directory > *** Error code 1 Install curl? It's in the ports tree. :) Benny -- "I'm on the Zoloft to keep from killing y'all." -- Mike Tyson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] problems compiling
> The libclamav build step gets linked with -lpthread, which should then > get built into clamscan as well. > > All I can suggest at the moment is you try and link it by hand, with > something like: > > cd clamscan > gcc -g -O2 -o clamscan output.o getopt.o memory.o cfgparser.o misc.o > clamscan.o options.o others.o manager.o treewalk.o > ../libclamav/.libs/libclamav.a -lz -lbz2 -pthread Back in the 3.1 days, IIRC, pthreads were not so stable on OpenBSD. I would try without pthreads first. Benny -- "I'm on the Zoloft to keep from killing y'all." -- Mike Tyson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Phishing Questions
> Ok, so its not a virus, and its not spam. So neither product should > detect it your saying? How about both products detect it, we have > overlap, and users are happy cause they dont have to deal with this crap > in their inbox. Personally, I'd love to have it as a config option in clamd.conf. Make it catch phishes by default out-of-the-box, but being able to disable that would be nice. I am working on a spam research project and ClamAV skews my results slightly because it nabs the phishes. But I'm absolutely OK with that, because ClamAV works so damned well. Thanks, ClamAV developers. :) Benny -- "I'm on the Zoloft to keep from killing y'all." -- Mike Tyson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] 0.81 on OpenBsd 3.5
> ./configure --disable-clamav --enable-dependency-tracking > --disable-clamuko --enable-bigstack \ > --with-user=_clamav --with-group=_clamav --disable-cr > --with-dbdir=/usr/local/share/clamav \ > --disable-gethostbyname_r --prefix=/usr/local --sysconfdir=/etc > --disable-zlib-vcheck > > and get the ff. error:- > > configure: WARNING: ** GNU MP 2 or newer NOT FOUND - digital > signature support will be disabled ! Hi Abdul, What I did on my 3.6-STABLE machines, is checkout the ClamAV port (it's only in -CURRENT so far), apply the patches manually, and it then built fine. I'm not quite sure why it was so picky on OpenBSD, it's almost like it wasn't finding the libs in /usr/local/lib (and yes, my system is set to add them to the lib search path). If I figure out why, I'll let the developers know. Benny -- "I'm on the Zoloft to keep from killing y'all." -- Mike Tyson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] 0.81 on OpenBsd 3.5
> How about you guys checking Jerome LOYET's page? I think he maintains > OBSD ports, somehow. > Of late I believe he's on sabbatical from this list ;) Check it now. :) He's passed the port on to Marc Balmer, and Marc is not going to release packages for 3.5 and 3.6 -STABLE like Jerome did. Marc has committed it to the -CURRENT tree, so it'll be in 3.7 when it's released. Benny -- "I'm on the Zoloft to keep from killing y'all." -- Mike Tyson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] 0.81 on OpenBsd 3.5
> I'll made a port for 3.6-STABLE. I can't do it thoses days because I'm > very > busy. I'll try to do it early last week. That is very much appreciated, Jerome. Thank you. :) Benny -- "I'm on the Zoloft to keep from killing y'all." -- Mike Tyson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] How to use clamd?
> No such file as /etc/ld.so.conf. I checked on gmp.h, and did find it > in /usr/local/include, so I assume I'm OK on that front. I even went > so far as to install the OpenBSD package (similar to an RPM) for GMP > v4.1.2 (I had originally compiled source for 4.1.3) and it still > didn't work. If the lib is in /usr/local/lib and /usr/local/lib is in the shlib_dirs option in /etc/rc.conf or /etc/rc.conf.local, it should pick up on it. Excuse me if this has been answered already, I haven't paid attention to every mail in this thread - have you tried the obvious, and installed the OpenBSD _package_ (or port)? I don't recall what version of OpenBSD you're running... But when ClamAV was updated, it took me just a few minutes to apply the patches from the -CURRENT port to a pristine 0.83 source tree, and build from scratch. That was on both 3.5 and 3.6-STABLE. Benny -- "I'm so Goth, my wrists slit themselves." -- bash.org ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Tool to upgrade
> Seriously though, why don't you just make a small script which > contains the "settings" and use that every time? This is exactly what I do on my OpenBSD systems. I have a script called 'reconfig' that simply does a ./configure with the options that I prefer. A new version is released, I do a 'sh reconfig', 'gmake', 'gmake install', and my new version is installed with exactly the same options as the previous. Benny -- "So scary, Steven King shiat his pants." -- Photoshop contest, Fark ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compile problems ClamAV on OpenBSD 3.6
> Thanks for this alternative, but I've tried this option as well. But > after a successful installation, the binary 'clamd' was missing on the > system. What I normally do with my OpenBSD servers, is manually apply the patches from the official port to the new source. They usually apply cleanly, and then it builds just fine. HTH, Benny -- "Now, that next spring you find in your garage a creature that looks like a cross-bred badger and anaconda. A badgerconda." -- bash.org ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Hmmmm. Trojan.Clicker.Small-100 ?
Hey folks, So, my Samba server did its weekly scan this morning, and imagine my surprise when it tagged Google's video player installer as "Trojan.Clicker.Small-100". I looked this up in the database, and it didn't give a lot of information, really. Of all the companies out there that I'd mostly trust not to bundle some crapware with their software, Google would be right up there. Is this a false positive? Or did Google let the marketing weenies out of their cages too early, and they are indeed bundling some crapware with their video installer? Norton Anti-Virus 2006 doesn't alert on it, as a point of reference. Thanks, Benny -- "A computer lets you make more mistakes faster than any invention in human history, with the possible exceptions of handguns and tequila." -- Dave Pooser ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Hmmmm. Trojan.Clicker.Small-100 ?
> The signature was removed a couple of days ago: > > http://lurker.clamav.net/message/20060219.164618.4a9cd08f.en.html Ah, thank you for the replies, everyone. I appreciate it. :) Benny -- "A computer lets you make more mistakes faster than any invention in human history, with the possible exceptions of handguns and tequila." -- Dave Pooser ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Warning: The virus database is older than 7 days.
> Okay I did that and still the same warning message. > > > snip > > # cd /usr/local/share/clamav > # ls -l > total 4544 > -rw-r--r-- 1 clamav clamav 641509 May 19 08:48 daily.cvd > -rw-r--r-- 1 clamav clamav 3950054 Apr 22 01:11 main.cvd > # date > Fri May 19 08:55:13 PDT 2006 > # freshclam > ClamAV update process started at Fri May 19 08:55:36 2006 > main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: > tkojm) > daily.cvd is up to date (version: 1471, sigs: 4433, f-level: 8, builder: > ccordes) > # /usr/local/etc/rc.d/clamav-clamd.sh restart > Stopping clamav_clamd. > Waiting for PIDS: 49921. > Starting clamav_clamd. > LibClamAV Warning: ** > LibClamAV Warning: *** The virus database is older than 7 days. *** > LibClamAV Warning: ***Please update it IMMEDIATELY! *** > LibClamAV Warning: ** I'd check your clamd.conf and freshclam.conf... I wonder if clamd is not using the database files you think it may be. Benny -- "God help us all if cats had thumbs." -- Me, 2006 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Database is update or not ?
> Hi, I use the 0.88.2 but I don't understood if the database is updated or > no > !...in mail from 'Content-filter at mail' there is writes: > > The message WAS NOT delivered to: > <[EMAIL PROTECTED]>: >250 2.7.1 Ok, discarded, id=01254-03 - VIRUS: Worm.Nyxem.E, Worm.VB-9 > > Virus scanner output: > LibClamAV Warning: ** > LibClamAV Warning: *** The virus database is older than 7 days. *** > LibClamAV Warning: ***Please update it IMMEDIATELY! *** > LibClamAV Warning: ** > p004: Worm.Nyxem.E FOUND > p002: Worm.VB-9 FOUND > p001: OK > > ..but in freshclam log I have: > > [EMAIL PROTECTED] root]# tail /var/log/clamav/freshclam.log > Received signal: wake up > ClamAV update process started at Mon Jun 5 14:38:04 2006 > main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: > tkojm) > daily.cvd is up to date (version: 1512, sigs: 7208, f-level: 8, builder: > arnaud) > -- > Received signal: wake up > ClamAV update process started at Mon Jun 5 15:38:04 2006 > main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: > tkojm) > daily.cvd is up to date (version: 1512, sigs: 7208, f-level: 8, builder: > arnaud FAQ. Check your freshclam.conf and clamd.conf. They likely do not agree on where your database is. Benny -- "God help us all if cats had thumbs." -- Me, 2006 ___ http://lurker.clamav.net/list/clamav-users.html
