[Clamav-users] Clamav and MRTG
Andrew McGlashan wrote >Tarak Ranjan wrote: >> i m trying to configured MRTG for clamd but it;s giving me 0 out put > That is probably because MRTG is a "Multi-Router Traffic Grapher" and all > your clamav traffic is local, ie not routing anywhere. Sorry Andrew, but MRTG really does do more than just monitor routers. I was searching for the same solution as Tarak as I just managed to get Spamassasin to graph. Spamassasin attaches via a socket or a local tcp connection. One can also use mrtg to monitor things such as CPU, Memory and the like. See http://www.inter7.com/qmailmrtg/ for an example. Within that example is a listing for Clamav so SOMEONE's done it. Once I dig through it all and figure it out, I'll post it here. For now, the answer to his 0/0 question is simple: It's looking for a line starting with @nnn from multilog and clamd.log isn't in multilog format. Gary L. Burnore gburn...@databasix.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav and MRTG
Kurt Buff wrote: > > MRTG is something of a misnomer. It's actually more accurate to say > it's an SNMP grapher, as it polls devices with snmp enabled, and > graphs the results. > > If you can get an snmp counter to increment, you can graph it. Maybe they should call it graphjustaboutanything. :) I was able to get it to count the confirmed virus lines in the log, but without something a to-the-second timestamp, it re-reads the entire log each time so the graph only goes up. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav and MRTG
Dennis Peterson wrote > Gary L Burnore wrote: > > Once I dig through it all and figure it out, I'll post it here. > > > rrd-tools may be easier to set up and use. Might be, but I got it Obviously, stopping the current clamd first... Make the following changes in clamd.conf: Comment out #LogFile Comment out #LogTime Uncomment LogSyslog yes Uncomment MaxThreads I'm trying 20 for now Uncomment User Set to qscand (or your user for clamav) Uncomment Foreground yes Uncomment ScanMail yes cd to your supervise dir and make dirs: mkdir -p qmail-clamav/log in qmail-clamav/run: #! /bin/sh . /etc/profile # or however you'd want to set your paths and such exec 2>&1 exec /usr/local/sbin/clamd in qmail-clamav/log/run: #! /bin/sh exec /usr/local/bin/multilog t s100 n20 /var/log/clamd Assuming you're running qmail, add the following to your qmailctl script: (remove call to /etc/init.d/clamd if you have one) Just after "start)" if svok /service/qmail-clamd ; then echo "Starting clamd" svc -u /service/qmail-clamd /service/qmail-clamd/log else echo "qmail-clamd supervise not running" fi At the end of "stop)" echo " qmail-clamd" svc -d /service/qmail-clamd /service/qmail-clamd/log pkill -9 clamd # optional to be sure... At the end of "stat|status)" svstat /service/qmail-clamd svstat /service/qmail-clamd/log Within "restart)", just before the line echo "* Sending qmail-send SIGTERM and restarting." Add the following: echo "* Stopping clamd." svc -d /service/qmail-clamd /service/qmail-clamd/log sleep 5 echo "* Restarting qmail-clamd." svc -u /service/qmail-clamd /service/qmail-clamd/log Again, make sure there's not a current clamd running, Symlink the qmail-clamd dir to your service dir. It'll start running almost right away mailctl status to see ... 420r:/var/log/qscand # qmailctl status /service/qmail-send: up (pid 20890) 7 seconds /service/qmail-send/log: up (pid 20891) 7 seconds /service/qmail-smtpd: up (pid 20914) 7 seconds /service/qmail-smtpd2: up (pid 20923) 7 seconds /service/qmail-smtpd/log: up (pid 20915) 7 seconds /service/qmail-smtpd2/log: up (pid 20924) 7 seconds /service/qmail-pop3d: up (pid 20904) 7 seconds /service/qmail-pop3d2: up (pid 20909) 7 seconds /service/qmail-pop3d/log: up (pid 20905) 7 seconds /service/qmail-pop3d2/log: up (pid 20910) 7 seconds /service/qmail-spamd: up (pid 20884) 8 seconds /service/qmail-spamd/log: up (pid 20885) 8 seconds /service/qmail-clamd: up (pid 20879) 8 seconds /service/qmail-clamd/log: up (pid 20881) 8 seconds messages in queue: 173 messages in queue but not yet preprocessed: 0 Now you're running with multilog so the mrtg will work. :) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] please remove
> Stuart Rowan wrote: > > Alpine and afaicr pine expose this information. Each ML mail has a link > at > > the bottom in the mail viewer which gives you a list of all the things > you > > can do e.g. unsubscribe. > > > > Stu. > > > > On Thu, 19 Feb 2009, Ian Eiloart wrote: > > > > > >> --On 18 February 2009 14:26:11 -0800 Dennis Peterson > > >> As long as most MTAs don't expose the List-Unsubscribe: header (none do > by > >> default, as far as I'm aware), it can't be described as "easy to use". > Some > >> MTAs even make it really hard to find the full message headers. > >> > >> > Thunderbird doesn't by default, but has a plugin that *does*... Alpine and Pine are not MTAs. Thunderbird is not an MTA. Alpine, Pine, Thunderbird, Outlook, Eudora etc are MUAs. Gary L. Burnore gburn...@databasix.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] please remove
Gary L. Burnore gburn...@databasix.com > -Original Message- > From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users- > boun...@lists.clamav.net] On Behalf Of Ian Eiloart > Sent: Thursday, February 19, 2009 5:51 AM > To: ClamAV users ML > Subject: Re: [Clamav-users] please remove > > > > --On 18 February 2009 14:26:11 -0800 Dennis Peterson > wrote: > > > Jim Potter wrote: > >> please remove me from your mailing list. thank you. > >> > > > > The instructions for you to follow to get this done are in the headers > of > > every post from this list server. It's pretty much self-service. > > > > dp > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > Can we not have the list unsubscribe link in the footer, too? It's a legal > requirement in the UK to have an easy to use mechanism to unsubscribe to > marketing emails. The definition of marketing would definitely extend to > promotion of free open source software. Whether it also extends to a > support list like this might be debatable, That's not even remotely logical. One needs to subscribe and approve a subscription to this list. It is, in no way, a marketing email. > but surely the developers of > software developed mainly in response to the spamming industry ought to be > following best practice. Best practice is to have a challenge system set up for subscribing. That's been done. > As long as most MTAs don't expose the List-Unsubscribe: header (none do by > default, as far as I'm aware), it can't be described as "easy to use". If you can figure out how to subscribe, you can figure out how to unsubscribe. It's a standard mailing list, not a one way advertisement. > Some MTAs even make it really hard to find the full message headers. MTA's? HUH? Maybe you mean mail clients, mot MTA? Either way, it'd be NICE to put something in the footer, but nothing demands it, it's not a best practices issue and it's certainly not illegal for it not to be there. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] please remove
> -Original Message- > From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users- > boun...@lists.clamav.net] On Behalf Of Ian Eiloart > Sent: Thursday, February 19, 2009 8:15 AM > To: ClamAV users ML > Subject: Re: [Clamav-users] please remove > > > > >> > >> Can we not have the list unsubscribe link in the footer, too? It's a > >> legal requirement in the UK to have an easy to use mechanism to > >> unsubscribe to marketing emails. The definition of marketing would > >> definitely extend to promotion of free open source software. Whether it > >> also extends to a support list like this might be debatable, > > > > That's not even remotely logical. One needs to subscribe and approve a > > subscription to this list. It is, in no way, a marketing email. > > The fact that you've subscribed is irrelevant to whether it's marketing. > It's marketing if it promotes use of a service or a product. The UK > legislation is absolutely explicit about that. Sorry, don't mean to argue, but I didn't say subscription is relevant to marketing in this case. Those two separate sentences were two separate thoughts. This is not a marketing list. This is a support list. Were it a marketing list, I would not be subscribed. > >> but surely the developers of > >> software developed mainly in response to the spamming industry ought to > >> be following best practice. > > > > Best practice is to have a challenge system set up for subscribing. > That's > > been done. > > But this is not about preventing people from getting subscribed, it's > about > making it easy for them to unsubscribe when they change their mind. I don't disagree that there should be something telling them where to find info on unsubscribing. I like the idea of having it on the page listed in the url at the bottom. > >> As long as most MTAs don't expose the List-Unsubscribe: header (none do > >> by default, as far as I'm aware), it can't be described as "easy to > use". > > > > If you can figure out how to subscribe, you can figure out how to > > unsubscribe. It's a standard mailing list, not a one way advertisement. > > I can figure it out. I can also figure out the volume of space > circumscribed by the earth in three months of its orbit. Which, of course, is more fun. > The question is not whether I can figure it out, but whether its easy. It'd be easy for those who want to unsubscribe to simply ask on this list and have you go do it for them. But I'm sure that's not what you mean. Easy is a relative term as you well know. Put a link at the bottom of the page and someone will want instructions next time. Put the instructions at the bottom of the page and the next person will want an unsubscribe button they can click. On and on. > >> Some MTAs even make it really hard to find the full message headers. > > > > MTA's? HUH? Maybe you mean mail clients, mot MTA? > > Yes. Figured. :) > > > Either way, it'd be NICE to put something in the footer, but nothing > > demands it, it's not a best practices issue and it's certainly not > > illegal for it not to be there. > > Well, as I say it's debatable, but the more I think about it, the more I'm > convinced that a support mailing list for a product probably does qualify > as marketing in UK law. Fortunately, you're not a UK lawyer. Nor am I. If you'd like to make case law, go for it. Until some UK judge says a mailing list set up to support a product is now a marketing list, it's not. > Anyway, I don't want to convince anyone of the > fact, but if we want to avoid reading unsubscribe requests, then we > definitely need to make the unsubscribe URL more discoverable. Agreed. How about: > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml List Info: http://www.clamav.net/listinfo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] please remove
> -Original Message- > From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users- > boun...@lists.clamav.net] On Behalf Of Ian Eiloart > Sent: Friday, February 20, 2009 9:32 AM > To: ClamAV users ML > Subject: Re: [Clamav-users] please remove > > > > --On 19 February 2009 08:29:23 -0500 Gary L Burnore > wrote: > > > > > Fortunately, you're not a UK lawyer. Nor am I. If you'd like to make > case > > law, go for it. Until some UK judge says a mailing list set up to > > support a product is now a marketing list, it's not. > > > > Well, perhaps it isn't, but I think the principles should be applied where > possible. I don't. > > Here's what the Information Commissioner says about "marketing": I don't care what he says. He's not my problem. > Tell him how to unsubscribe. Then set up your own list, just for uk. > -- > Ian Eiloart > IT Services, University of Sussex > x3148 > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] OT: Re: please remove
-
> From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
> boun...@lists.clamav.net] On Behalf Of Laurens
> Sent: Friday, February 20, 2009 10:09 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] OT: Re: please remove
>
> I have been wanting to unsubscribe from this fucking thing for over a
> year can not remember log in details etc and as a result I keep
> getting
> this shit.
Ok, someone's gotta say it, YOU are a fucking moron. The info can be found
at the bottom of every one of these posts,
> I have written, mailed and asked politely all to no avail it is
> now called spam.
No, it's not. But feel free to believe anything your little brain desires.
>
> STOP THIS SHIT PLEASE
DO it yourself. Go to this page http://www.clamav.net/support/ml
Click on the link that says clamav-users obtaining support for UNIX
platforms. It will take you here:
http://lists.clamav.net/mailman/listinfo/clamav-users
Look down at the bottom, (that's the opposite of where you like to post) and
see this:
To unsubscribe from clamav-users, get a password reminder, or change your
subscription options enter your subscription email address:
And a little box. Type your email address in the little box and click The
big box that says "Unsubscribe or edit options" and when you see the next
page, click on the button that says Unsubscribe, you'll get an email
By clicking on the Unsubscribe button, a confirmation message will be
emailed to you. This message will have a link that you should click on to
complete the removal process (you can also confirm by email; see the
instructions in the confirmation message).
Oh, and thank you for proving we don't need to see anything ELSE at the
bottom of the page as fools will ignore it anyway.
>
>
>
>
> On Thu, Feb 19, 2009 at 10:17 PM, Karsten Bräckelmann <
> guent...@rudersport.de> wrote:
>
> > On Thu, 2009-02-19 at 10:50 +, Ian Eiloart wrote:
> > > > http://www.clamav.net/support/ml
> > >
> > > Can we not have the list unsubscribe link in the footer, too? It's a
> > legal
> >
> > Maybe start by following the link you quoted... ;)
> >
> > > requirement in the UK to have an easy to use mechanism to unsubscribe
> to
> > > marketing emails. The definition of marketing would definitely extend
> to
> > > promotion of free open source software. Whether it also extends to a
> >
> > This is NOT marketing, neither promotion.
> >
> > > support list like this might be debatable, but surely the developers
> of
> > > software developed mainly in response to the spamming industry ought
> to
> > be
> > > following best practice.
> >
> > Those guys managed to subscribe themselfs, somehow. Too bad some (quite
> > rare on technical lists) individuals seem to forget how they did that.
> > *shrug*
> >
> > > As long as most MTAs don't expose the List-Unsubscribe: header (none
> do
> > by
> > > default, as far as I'm aware), it can't be described as "easy to use".
> > Some
> > > MTAs even make it really hard to find the full message headers.
> >
> > Evolution does. Nope, doesn't display the header verbatim, but offers
> > Unsubscribe, Get Info and other actions on all mailing list posts.
> >
> > guenther -- crawls back into his hole for more coffee
> >
> >
> > --
> > char *t="\10pse\0r\0dtu...@ghno
> > \x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> > main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i > c<<=1:
> > (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){
> putchar(t[s]);h=m;s=0;
> > }}}
> >
> > ___
> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > http://www.clamav.net/support/ml
> >
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] please remove
> -Original Message- > From: clamav-users-boun...@lists.clamav.net > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of cc > Sent: Thursday, February 26, 2009 2:46 AM > To: ClamAV users ML > Subject: Re: [Clamav-users] please remove > > Dennis Peterson wrote: > > > > > In nearly 30 years of running mail systems I have never > seen nor heard > > of such a thing. Color me lucky, I guess. > > > > Yes. Do colour yourself lucky. At work, the boss loves top-posting. > I got an e-mail from the boss telling me that I need to stop > bottom posting and I should top post. I nearly flipped out; > but, I kept my cool. So now, at work I top post. Elsewhere, > I bottom post. The part that you snipped was where someone says there's software that FORCES the new text to be at the top. I've still not found anything that will do that or I'd use it to force things to the bottom or interspersed in a heartbeat. > > What irks me even more is having to receive e-mail from > people that quote the whole darn message only to mention > "thnxs" at the top of the message. Yet it happens regularly. > It's sad really. No, sad is when you gen an email on your blackberry or Itouch that has 50 people in the To: line. :) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
You can use inttypes.h instead, but you'd do well to just upgrade to Solaris 10 as there are MANY good reasons to do so. Look up ZFS. Gary L. Burnore gburn...@databasix.com > -Original Message- > From: clamav-users-boun...@lists.clamav.net > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of > Dennis Peterson > Sent: Friday, February 27, 2009 6:46 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] 0.95 rc1 in Solaris 9 > > Dennis Peterson wrote: > > There is no stdinit.h in my system so clamdtop failed. I > disabled the > > #include in the clamdtop.c code and it built and linked. > Not sure what > > it might fail to do later. > > > > $ gcc --version > > gcc (GCC) 3.3.2 > > > > It built fine in RedHat Linux 2.6.9-67.0.15.EL, 32-bit Intel. > > > > dp > > Fat fingers - that should be stdint.h. Sorry. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
> -Original Message-
> From: clamav-users-boun...@lists.clamav.net
> [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of
> Bill Landry
> Sent: Saturday, February 28, 2009 6:51 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] 0.95 rc1 in Solaris 9
>
> Nathan Brink wrote:
> > Steve Holdoway wrote:
> >> On Sat, 28 Feb 2009 14:38:04 -0800
> >> Bill Landry wrote:
> >>
> >>> I am not running any GUI,
> > I'm pretty sure this means that he is logging in and
> running ssh from
> > vt1, not using X at all.
> >>> I ssh into the server and launch clamdtop, and
> >>> F1 is just ignored. Do I need to be on the server in GUI mode to
> >>> see any F1 results?
> >>>
> > If you do need to be in X for F1 to work, then maybe the problem is
> > ssh itself or the TERM variable not being set correctly? I
> really have
> > no idea what is the case, but maybe ``echo ${TERM}'' run on
> the local
> > and remote machine would be useful...though this is
> unlikely to be the problem.
> >> ssh -X server may help ( no I haven't a clue whether it will, but
> >> that way a remote X client can use your local X server... )
> >>
> > I think no GUI means no X.
>
> That is correct, no X.
Get yourself a copy of Xming (free) and set it up. You'll have X.
Make sure some sort of display variable is set.
(The ssh -X merely enables X connections if it's not already part of your
shell). If xclock or xterm aren't in your path, find where they exist and
add that dir. Then
xterm &
To start a copy of an X terminal.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Two suggestions
Gary L. Burnore gburn...@databasix.com > -Original Message- > From: clamav-users-boun...@lists.clamav.net > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of > Jose-Marcio Martins da Cruz > Sent: Sunday, March 01, 2009 4:33 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] Two suggestions > > Nathan Brink wrote: > > >> > > I don't think it is a good idea to add extra summary code to > > ./configure. I don't like it when other programs do this because it > > departs from the normal output of ./configure scripts. Maybe if a > > configure option --enable-all or --with-all was added, the > configure > > script could die immediately after a test fails and a > certain part of > > clamav is disabled. Then the user could add --disable-feature or > > --without-package until all tests passed - then he'd know > exactly what > > his clamav can/can't do. > > Some examples about clamav : > > * Solaris don't have ncurses library - so, clamdtop won't be > built. This isn't critical. But it's interesting to know that > clamdtop won't be built and the library wasn't found. And > configure shall not stop if ncurses wasn't found. "Solaris doesn't" not "Solaris don't". However, www.sunfreeware.com has ncurses 5.6 in pkg form which is usually installed for other reasons anyway. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
