[clamav-users] Problem while combining clamav-milter 0.97 and sendmail
Hello,
I'm running clamav 0.97 on Fedora 13. Everything is fine if I just do
a manual virus scan or virus database update. When I try to combine
clamav-milter and sendmail, I run into some problems. Because there is
a big difference between clamav 0.97 and the old version, it is hard
to google some helpful information about clamav 0.97.
1. I have added the following 2 macros in sendmail.mc and compiled to
generate sendmail.cf, but I still get ".. Message from to
infected by Worm .." in the clamav-milter.log. How can I
do to change into the recipient address?
define(`confMILTER_MACROS_ENVFROM', `i, {auth_type}, {auth_authen},
{auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr},
{rcpt_addr}')
define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')
2. Can we change the location of the quarantine folder and where if
possible? The present location is "/var/spool/mqueue".
3. Can we enable virus alert mail and where if possible?
Thank you for your assistance.
Michael
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamav-users] Problem while combining clamav-milter 0.97 and sendmail
2011/3/13 :
> Message: 1
> Date: Sun, 13 Mar 2011 00:13:42 +0800
> From: Michael Wu
> Subject: [clamav-users] Problem while combining clamav-milter 0.97 and
> sendmail
> To: clamav-users@lists.clamav.net
> Message-ID:
>
> Content-Type: text/plain; charset=UTF-8
>
> Hello,
>
> I'm running clamav 0.97 on Fedora 13. Everything is fine if I just do
> a manual virus scan or virus database update. When I try to combine
> clamav-milter and sendmail, I run into some problems. Because there is
> a big difference between clamav 0.97 and the old version, it is hard
> to google some helpful information about clamav 0.97.
>
> 1. I have added the following 2 macros in sendmail.mc and compiled to
> generate sendmail.cf, but I still get ".. Message from to
> infected by Worm .." in the clamav-milter.log. How can I
> do to change into the recipient address?
>
> define(`confMILTER_MACROS_ENVFROM', `i, {auth_type}, {auth_authen},
> {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr},
> {rcpt_addr}')
>
> define(`confMILTER_MACROS_EOM', `{msg_id},?{mail_addr}, {rcpt_addr}, i')
>
> 2. Can we change the location of the quarantine folder and where if
> possible? The present location is "/var/spool/mqueue".
>
> 3. Can we enable virus alert mail and where if possible?
>
> Thank you for your assistance.
>
> Michael
>
Thanks Richard ( lists-clamav ) to give me some hints that I can clean
the quarantined mails with the command "qtool.pl -d -Q
/var/spool/mqueue". On Fedora 13, the sendmail-doc rpm must be
installed to get "qtool.pl". Because I am not an expert in coding,
where can I get a sample script file for VirusAction that I can modify
it to meet my needs ? Thank you for your assistance.
Michael
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamav-users] Problem while combining clamav-milter 0.97 and sendmail (solved)
> 1. I have added the following 2 macros in sendmail.mc and compiled
to generate sendmail.cf, but I still get ".. Message from
to infected by Worm .."
> in the clamav-milter.log. How can I do to change into the
recipient address?
> define(`confMILTER_MACROS_ENVFROM', `i, {auth_type},
{auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host},
{mail_addr}, {rcpt_addr}')
> define(`confMILTER_MACROS_EOM', `{msg_id},?{mail_addr}, {rcpt_addr},
i')
*Thank Annette Jaekel ( Message-Subject : problem with clamav-milter
recipient notification ) to remind me that I have missed the macro
definition "MILTER_MACROS_ENVRCPT". Once I add this macro definition and
recompile sendmail.mc, the text is replaced with the recipient
address. Hope it helps and thank to all.*
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
[clamav-users] outdated message notice disappeared
Hello, In the earlier version before clamav 0.97.1, we will see the outdated message notice "This version of the ClamAV engine is outdated" once the new version is released. However, with the version 0.97.1, we do not see the outdated message notice when the version 0.97.2 is available. Please help to check it is normal or not. We compile the clamav from the source and we run it on Fedora 13. Thank you for your assistance. Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] The error log message "milter=clmilter, tempfail"
Hello, In the /var/log/maillog, sometimes we will see the log message "milter=clmilter, tempfail". Is there anything that we should notice? The Clamd service is still running and quarantines the suspicious mails normally. We compile the clamav from the source ( the latest stable release 0.97.2 ) and use sendmail ( 8.13.8 ) as the mail server. Thank you for your assistance. Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] The error log message "milter=clmilter, tempfail"
> > Message: 2 > Date: Thu, 18 Aug 2011 13:11:57 +0300 > From: T?r?k Edwin > Subject: Re: [clamav-users] The error log message "milter=clmilter, >tempfail" > To: clamav-users@lists.clamav.net > Message-ID: <4e4ce56d.3050...@gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > On 08/18/2011 01:05 PM, Michael Wu wrote: > > Hello, > > > > In the /var/log/maillog, sometimes we will see the log message > > "milter=clmilter, tempfail". Is there anything that we should notice? The > > Clamd service is still running and quarantines the suspicious mails > > normally. We compile the clamav from the source ( the latest stable > release > > 0.97.2 ) and use sendmail ( 8.13.8 ) as the mail server. > > > > Is there anything in the clamav milter's logs? > (note that those logs are separate from clamd's, unless you use SysLog of > course). > > Best regards, > --Edwin > > Hi Edwin, We will see the following messages in the clamav milter's logs : "ERROR: clamfi_eom: FD send failed: Broken pipe" "ERROR: FD send failed" Best Regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] The error log message "milter=clmilter, tempfail"
> > Message: 2 > Date: Fri, 19 Aug 2011 19:19:01 +0200 > From: aCaB > Subject: Re: [clamav-users] The error log message "milter=clmilter, >tempfail" > To: ClamAV users ML > Message-ID: <4e4e9b05.60...@digitalfuture.it> > Content-Type: text/plain; charset=ISO-8859-1 > > On 08/19/11 19:13, Michael Wu wrote: > > We will see the following messages in the clamav milter's logs : > > > > "ERROR: clamfi_eom: FD send failed: Broken pipe" > > "ERROR: FD send failed" > > Michael, > Looks like clamd went down. Or was bored for the long wait time and shut > the socket down. > Either way you probably have some corresponding error in clamd.log. > Can you look them up as well? > > Cheers, > --aCaB > > Hi aCaB, Sorry, we don't see any error message in clamd.log but, "SelfCheck: Database status OK." or "SelfCheck: Database modification detected. Forcing reload." Besides, clamd and clamav-milter continue to run normally. Best Regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Please help to check the Mirror 140.128.9.18
Hello, In the logwatch report, we see the message as follows, "Last Status: main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Downloading daily-14952.cdiff [100%] Downloading daily-14953.cdiff [100%] WARNING: getfile: daily-14954.cdiff not found on remote server (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-14954.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-14954.cdiff from database.clamav.net ERROR: getpatch: Can't download daily-14954.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: Mirror 140.128.9.18 is not synchronized. Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons." Please help to check if the Mirror 140.128.9.18 is normal or not. In our freshclam.conf, we use the default setting "DatabaseMirror database.clamav.net". Thank you for assistance and best regards, Michael P.S.: I haven't received this mailinglist letter since 05/19. Is that normal ? The last mail I receive is "Vol. 92 issue 13". Thank you. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Please help to check the Mirror 140.128.9.18 ( update )
Sorry for mistaken typing; the last mailinglist mail received should be "Vol. 92 issue 14", not "Vol. 92 issue 13". Thank you and regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Please help to check the Mirror 140.128.9.18
> Message: 8 > Date: Thu, 24 May 2012 09:02:28 +0800 > From: Michael Wu > Subject: [clamav-users] Please help to check the Mirror 140.128.9.18 > To: clamav-users@lists.clamav.net > Message-ID: > > > Content-Type: text/plain; charset=UTF-8 > >Hello, > >In the logwatch report, we see the message as follows, > > "Last Status: >main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, > builder: sven) >Downloading daily-14952.cdiff [100%] >Downloading daily-14953.cdiff [100%] >WARNING: getfile: daily-14954.cdiff not found on remote server (IP: > 140.128.9.18) >WARNING: getpatch: Can't download daily-14954.cdiff from > database.clamav.net >WARNING: getpatch: Can't download daily-14954.cdiff from > database.clamav.net >ERROR: getpatch: Can't download daily-14954.cdiff from > database.clamav.net >WARNING: Incremental update failed, trying to download daily.cvd >Downloading daily.cvd [100%] >WARNING: Mirror 140.128.9.18 is not synchronized. >Update failed. Your network may be down or none of the mirrors listed > in /etc/freshclam.conf is working. Check > http://www.clamav.net/support/mirror-problem for possible reasons." > >Please help to check if the Mirror 140.128.9.18 is normal or not. In > our freshclam.conf, we use the default setting "DatabaseMirror > database.clamav.net". > >Thank you for assistance and best regards, > > > Michael > > P.S.: I haven't received this mailinglist letter since 05/19. Is that > normal ? The last mail I receive is "Vol. 92 issue 13". Thank you. > > > > It is seemed that the Mirror 140.128.9.18 is back to normal again and I have received the mailinglist letter. Thank you. Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Help to download ClamAV 0.97.5
Hello, We try to download ClamAV 0.97.5 from " http://www.clamav.net/lang/en/download/sources/ ", but only get the download "clamav-0.97.4.tar.gz". Please help to check if the file is not updated. Thank you. Regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] 10 years of ClamAV
Dear the ClamAV Team, Thank you for your great work that makes the Linux servers much safer and better. Maybe the user interface in not so gorgeous, it will never cover up the solid antivirus capability. Thank you once more and happy tenth birthday to you all !! Best Regards, Michael 2012/6/20 > Message: 2 > Date: Tue, 19 Jun 2012 15:52:58 +0200 > From: Tomasz Kojm > Subject: [clamav-users] 10 years of ClamAV > To: ClamAV users ML > Message-ID: <4fe0843a.8000...@gmail.com> > Content-Type: text/plain; charset="windows-1252" > > Dear ClamAV Users, > > This year, ClamAV celebrates its 10th anniversary. The first release was > on May 8, 2002, and included the basic command line scanner ?clamscan? > and database update tool ?freshclam?. With your help, the project that > started as a hobby has become a complete antivirus solution and one of > the most popular Open Source security tools. Today, ClamAV has more than > 2 million active installations and scans hundreds of millions of files > every day. > > We are incredibly proud of this project and of the development work we > have been able to do since joining Sourcefire via acquisition in 2007. > We?ve had the opportunity to build out the bytecode engine and logical > signatures, and implement dozens of other major improvements that make > ClamAV a powerful tool. > > While we are incredibly proud of this, it is time for us to make a > change. ClamAV is now mature software and we are confident that > Sourcefire will successfully continue its development, move it forward > and maintain the integrity of its infrastructure. Matt Watchinski, who > has headed Sourcefire?s Vulnerability Research Team (VRT?) for 10 years, > will continue to lead this project. Joel Esler, the company's Open > Source community manager, will also be your main point of contact and > advocate. > > We cannot fully express how grateful we are to all of the people, > organizations and companies that have supported us and who will continue > to support the project. This includes all the individuals who have > contributed virus signatures and the developers who have contributed > code to ClamAV throughout the years, the public mirrors that host our > virus databases worldwide, the entities that hosted our web site, > nameservers and build farm; the developers and package maintainers who > have integrated ClamAV into various Open Source products and > distributions and, of course, the Open Source community as a whole. > > Finally, we would like to thank all who have trusted ClamAV for scanning > and protecting some of the most valuable data on their networks. > > Sincerely, > > Tomasz Kojm (twitter: @tkojm) > Luca Gibelli (twitter: @nervous) > Alberto Wu > Edwin T?r?k > > -- next part -- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 262 bytes > Desc: OpenPGP digital signature > URL: < > http://lists.clamav.net/pipermail/clamav-users/attachments/20120619/11a40b59/attachment.pgp > > > > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Help to download ClamAV 0.97.6 tar.gz source code
Dear all, We try to download ClamAV 0.97.6 official source code from " http://www.clamav.net/lang/en/download/sources/ ", but only get the download "Setup-x64.msi". Please help to check where we can download the tar.gz source code. Thank you. Regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] clamav-users Digest, Vol 96, Issue 14
> Message: 9 > Date: Tue, 18 Sep 2012 19:09:50 -0700 > From: Al Varnell > Subject: Re: [clamav-users] Help to download ClamAV 0.97.6 tar.gz > source code > To: ClamAV users ML > Message-ID: > Content-Type: text/plain; CHARSET=US-ASCII > > On 9/18/12 5:54 PM, "Michael Wu" wrote: > > > We try to download ClamAV 0.97.6 official source code from " > > http://www.clamav.net/lang/en/download/sources/ ", but only get the > > download "Setup-x64.msi". Please help to check where we can download the > > tar.gz source code. > > > I'm not having any problem and there are two alternate links on the > download > page that seem to both be working, as well. > > Try > <http://sourceforge.net/projects/clamav/files/latest/download?source=files > > > > > > -Al- > > -- > Al Varnell > Mountain View, CA > Hi Al, We are sorry we still can only get the Windows version from the download site " http://sourceforge.net/projects/clamav/files/latest/download?source=files " . Maybe we need to wait some time to try to download again. Thanks and regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] clamav-users Digest, Vol 96, Issue 14
2012/9/19 Michael Wu > > Message: 9 >> Date: Tue, 18 Sep 2012 19:09:50 -0700 >> From: Al Varnell >> Subject: Re: [clamav-users] Help to download ClamAV 0.97.6 tar.gz >> source code >> To: ClamAV users ML >> Message-ID: >> Content-Type: text/plain; CHARSET=US-ASCII >> >> On 9/18/12 5:54 PM, "Michael Wu" wrote: >> >> > We try to download ClamAV 0.97.6 official source code from " >> > http://www.clamav.net/lang/en/download/sources/ ", but only get the >> > download "Setup-x64.msi". Please help to check where we can download the >> > tar.gz source code. >> > >> I'm not having any problem and there are two alternate links on the >> download >> page that seem to both be working, as well. >> >> Try >> < >> http://sourceforge.net/projects/clamav/files/latest/download?source=files >> > >> >> >> >> -Al- >> >> -- >> Al Varnell >> Mountain View, CA >> > > Hi Al, > > We are sorry we still can only get the Windows version from the > download site " > http://sourceforge.net/projects/clamav/files/latest/download?source=files"; . > Maybe we need to wait some time to try to download again. > > Thanks and regards, > > > Michael > Hi Al, We can download the ClamAV 0.97.6 official source code. Thanks and regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Fail to connect to the mirror server
Dear all, We have used the following setting in "/etc/freshclam.conf" for virus database update. "DatabaseMirror database.clamav.net" And the update process keeps working fine for years. However, we have received the following error messages repeatedly since yesterday. ClamAV update process started at Wed Nov 7 22:05:01 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: getfile: daily-15548.cdiff not found on remote server (IP: 120.119.118.1) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) Trying host database.clamav.net (120.119.118.1)... Downloading daily.cvd [100%] WARNING: Mirror 120.119.118.1 is not synchronized. Trying again in 5 secs... ClamAV update process started at Wed Nov 7 22:08:02 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: Mirror 120.119.118.1 is not synchronized. Trying again in 5 secs... ClamAV update process started at Wed Nov 7 22:09:57 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) WARNING: getpatch: Can't download daily-15548.cdiff from database.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) ERROR: getpatch: Can't download daily-15548.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host database.clamav.net (IP: 140.128.9.18) Trying host database.clamav.net (120.119.118.1)... Downloading daily.cvd [100%] WARNING: Mirror 120.119.118.1 is not synchronized. Giving up on database.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. Please help to check what the problem is and what we can do about it. Thank you. Regards, Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
