[Clamav-users] FreeBSD install of 0.96

[Odhiambo Washington]

Hello list,

Is FreeBSD (8.0-STABLE) to blame for this one?


6 -fno-strict-aliasing -c -o check_clamav-check_bytecode.o `test -f
'check_bytecode.c' || echo './'`check_bytecode.c
  CCLD   check_clamav
  CC check_clamd-check_clamd.o
cc -DHAVE_CONFIG_H -I. -I..  -I..
 -DSRCDIR=\"/usr/ports/security/clamav/work/clamav-0.96/unit_tests\"
-DBUILDDIR=\"/usr/ports/security/clamav/wo
rk/clamav-0.96/unit_tests\" -I/usr/local/include  -O2 -pipe -march=i486
-fno-strict-aliasing -c -o check_clamd-check_clamd.o `test -f 'check_clam
d.c' || echo './'`check_clamd.c
  CCLD   check_clamd
`check_freshclam.sh' is up to date.
`check_sigtool.sh' is up to date.
cat ../unit_tests/.split/split.clam-phish-exeaa
../unit_tests/.split/split.clam-phish-exeab > clam-phish-exe
`check1_clamscan.sh' is up to date.
`check7_clamd_hg.sh' is up to date.
make  check-TESTS
PASS: check_clamav
PASS: check_freshclam.sh
PASS: check_sigtool.sh
SKIP: check_unit_vg.sh
PASS: check1_clamscan.sh
FAIL: check2_clamd.sh
PASS: check3_clamd.sh
PASS: check4_clamd.sh
SKIP: check5_clamd_vg.sh
SKIP: check6_clamd_vg.sh
SKIP: check7_clamd_hg.sh
SKIP: check8_clamd_hg.sh

1 of 7 tests failed
(5 tests were not run)
See unit_tests/test-suite.log
Please report to http://bugs.clamav.net/

*** Error code 1

Stop in /usr/ports/security/clamav/work/clamav-0.96/unit_tests.
*** Error code 1

Stop in /usr/ports/security/clamav/work/clamav-0.96/unit_tests.
*** Error code 1

Stop in /usr/ports/security/clamav/work/clamav-0.96/unit_tests.
*** Error code 1

Stop in /usr/ports/security/clamav/work/clamav-0.96.
*** Error code 1

Stop in /usr/ports/security/clamav.
*** Error code 1

Stop in /usr/ports/security/clamav.
** Command failed [exit code 1]: /usr/bin/script -qa
/tmp/portupgrade20100412-45007-n7nql6-0 env UPGRADE_TOOL=portupgrade
UPGRADE_PORT=clamav-0.9
5.3 UPGRADE_PORT_VER=0.95.3 make
** Fix the problem and try again.
** Listing the failed packages (-:ignored / *:skipped / !:failed)
    ! security/clamav (clamav-0.95.3)   (new compiler error)


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
  -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FreeBSD install of 0.96

[Odhiambo Washington]

2010/4/12 Török Edwin 

> On 04/12/2010 12:39 PM, Odhiambo Washington wrote:
>
>> Hello list,
>>
>> Is FreeBSD (8.0-STABLE) to blame for this one?
>>
>> 
>> 6 -fno-strict-aliasing -c -o check_clamav-check_bytecode.o `test -f
>> 'check_bytecode.c' || echo './'`check_bytecode.c
>>   CCLD   check_clamav
>>   CC check_clamd-check_clamd.o
>> cc -DHAVE_CONFIG_H -I. -I..  -I..
>>  -DSRCDIR=\"/usr/ports/security/clamav/work/clamav-0.96/unit_tests\"
>> -DBUILDDIR=\"/usr/ports/security/clamav/wo
>> rk/clamav-0.96/unit_tests\" -I/usr/local/include  -O2 -pipe -march=i486
>> -fno-strict-aliasing -c -o check_clamd-check_clamd.o `test -f 'check_clam
>> d.c' || echo './'`check_clamd.c
>>   CCLD   check_clamd
>> `check_freshclam.sh' is up to date.
>> `check_sigtool.sh' is up to date.
>> cat ../unit_tests/.split/split.clam-phish-exeaa
>> ../unit_tests/.split/split.clam-phish-exeab>  clam-phish-exe
>> `check1_clamscan.sh' is up to date.
>> `check7_clamd_hg.sh' is up to date.
>> make  check-TESTS
>> PASS: check_clamav
>> PASS: check_freshclam.sh
>> PASS: check_sigtool.sh
>> SKIP: check_unit_vg.sh
>> PASS: check1_clamscan.sh
>> FAIL: check2_clamd.sh
>> PASS: check3_clamd.sh
>> PASS: check4_clamd.sh
>> SKIP: check5_clamd_vg.sh
>> SKIP: check6_clamd_vg.sh
>> SKIP: check7_clamd_hg.sh
>> SKIP: check8_clamd_hg.sh
>> 
>> 1 of 7 tests failed
>> (5 tests were not run)
>> See unit_tests/test-suite.log
>>
>
> What does unit_tests/test-suite.log contain?
>
>
I did not check.


> Does it fail everytime, or is it a random failure?
>

Well, looks like a random failure. I tried a rebuild and not it died with
sig 11.

What I am finding quite strange is the time it takes to build on FreeBSD. I
am upgrading on two systems (6.4 and 8.0) and for the first time ever,
building takes not minutes it takes hours but that's could be coz
the port maintainer decided that gcc 4.2+ needs to be used...

Let me see if any of the systems will complete the process.

0.95.3 did not take this long:)


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
  -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FreeBSD install of 0.96

[Odhiambo Washington]

2010/4/12 Török Edwin 

> On 04/12/2010 01:43 PM, Odhiambo Washington wrote:
>
>> 2010/4/12 Török Edwin
>>
>>  On 04/12/2010 12:39 PM, Odhiambo Washington wrote:
>>>
>>>  Hello list,
>>>>
>>>> Is FreeBSD (8.0-STABLE) to blame for this one?
>>>>
>>>> 
>>>> 6 -fno-strict-aliasing -c -o check_clamav-check_bytecode.o `test -f
>>>> 'check_bytecode.c' || echo './'`check_bytecode.c
>>>>   CCLD   check_clamav
>>>>   CC check_clamd-check_clamd.o
>>>> cc -DHAVE_CONFIG_H -I. -I..  -I..
>>>>  -DSRCDIR=\"/usr/ports/security/clamav/work/clamav-0.96/unit_tests\"
>>>> -DBUILDDIR=\"/usr/ports/security/clamav/wo
>>>> rk/clamav-0.96/unit_tests\" -I/usr/local/include  -O2 -pipe -march=i486
>>>> -fno-strict-aliasing -c -o check_clamd-check_clamd.o `test -f
>>>> 'check_clam
>>>> d.c' || echo './'`check_clamd.c
>>>>   CCLD   check_clamd
>>>> `check_freshclam.sh' is up to date.
>>>> `check_sigtool.sh' is up to date.
>>>> cat ../unit_tests/.split/split.clam-phish-exeaa
>>>> ../unit_tests/.split/split.clam-phish-exeab>   clam-phish-exe
>>>> `check1_clamscan.sh' is up to date.
>>>> `check7_clamd_hg.sh' is up to date.
>>>> make  check-TESTS
>>>> PASS: check_clamav
>>>> PASS: check_freshclam.sh
>>>> PASS: check_sigtool.sh
>>>> SKIP: check_unit_vg.sh
>>>> PASS: check1_clamscan.sh
>>>> FAIL: check2_clamd.sh
>>>> PASS: check3_clamd.sh
>>>> PASS: check4_clamd.sh
>>>> SKIP: check5_clamd_vg.sh
>>>> SKIP: check6_clamd_vg.sh
>>>> SKIP: check7_clamd_hg.sh
>>>> SKIP: check8_clamd_hg.sh
>>>> 
>>>> 1 of 7 tests failed
>>>> (5 tests were not run)
>>>> See unit_tests/test-suite.log
>>>>
>>>>
>>> What does unit_tests/test-suite.log contain?
>>>
>>>
>>>  I did not check.
>>
>
> Can you upload it somewhere?
>
>
>
>>
>>  Does it fail everytime, or is it a random failure?
>>>
>>>
>> Well, looks like a random failure. I tried a rebuild and not it died with
>> sig 11.
>>
>
> You should be able to go here:
>
> /usr/ports/security/clamav/work/clamav-0.96/
>
> And just run 'make check' again.
>
>
Okay, here are the details from unit_tests/test-suite.log:



   ClamAV 0.96: unit_tests/test-suite.log


1 of 7 tests failed.  (5 tests were not run).

.. contents:: :depth: 2


SKIP: check_unit_vg.sh (exit: 77)
=

*** valgrind tests skipped by default, use 'make check VG=1' to activate

FAIL: check2_clamd.sh (exit: 42)


ERROR: FD send failed: Broken pipe
--
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-aspack.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-fsg.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-mew.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-nsis.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-pespin.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-petite.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
ERROR: FD send failed: Broken pipe
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-upx.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-v2.rar:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-v3.rar:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-wwpack.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-yc.exe:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam.7z:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam.arj:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam.bin-be.cpio:
ClamAV-Test-File.UNOFFICIAL FOUND
/usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/

Re: [Clamav-users] FreeBSD install of 0.96

[Odhiambo Washington]

2010/4/12 Török Edwin 

> On 04/12/2010 03:49 PM, Odhiambo Washington wrote:
>
>> Okay, here are the details from unit_tests/test-suite.log:
>>
>>
>> 
>>ClamAV 0.96: unit_tests/test-suite.log
>> 
>>
>> 1 of 7 tests failed.  (5 tests were not run).
>>
>> .. contents:: :depth: 2
>>
>>
>> SKIP: check_unit_vg.sh (exit: 77)
>> =
>>
>> *** valgrind tests skipped by default, use 'make check VG=1' to activate
>>
>> FAIL: check2_clamd.sh (exit: 42)
>> 
>>
>> ERROR: FD send failed: Broken pipe
>> --
>>
>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-aspack.exe:
>> ClamAV-Test-File.UNOFFICIAL FOUND
>>
>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-fsg.exe:
>> ClamAV-Test-File.UNOFFICIAL FOUND
>>
>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-mew.exe:
>> ClamAV-Test-File.UNOFFICIAL FOUND
>>
>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-nsis.exe:
>> ClamAV-Test-File.UNOFFICIAL FOUND
>>
>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-pespin.exe:
>> ClamAV-Test-File.UNOFFICIAL FOUND
>>
>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-petite.exe:
>> ClamAV-Test-File.UNOFFICIAL FOUND
>> ERROR: FD send failed: Broken pipe
>>
>
> Do you always get broken pipe as error?


This was the first time I looked at that file. I never did before.


>> My upgrade on FreeBSD 6.4-STABLE completed successfully though.
>>
>> I must mention this other box running FreeBSD 8.0 is an old one though,
>> but
>> that shouldn't be an issue right? It's been running 0.95.3
>>
>>
> I don't think that 0.95.3 had make check enabled in the ports.
>
>
Okay.

So I start another build process and see what error is next? I think even
before the same check failed.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
  -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FreeBSD install of 0.96

[Odhiambo Washington]

2010/4/12 Török Edwin 

> On 04/12/2010 03:57 PM, Odhiambo Washington wrote:
>
>> 2010/4/12 Török Edwin
>>
>>  On 04/12/2010 03:49 PM, Odhiambo Washington wrote:
>>>
>>>  Okay, here are the details from unit_tests/test-suite.log:
>>>>
>>>>
>>>> 
>>>>ClamAV 0.96: unit_tests/test-suite.log
>>>> 
>>>>
>>>> 1 of 7 tests failed.  (5 tests were not run).
>>>>
>>>> .. contents:: :depth: 2
>>>>
>>>>
>>>> SKIP: check_unit_vg.sh (exit: 77)
>>>> =
>>>>
>>>> *** valgrind tests skipped by default, use 'make check VG=1' to activate
>>>>
>>>> FAIL: check2_clamd.sh (exit: 42)
>>>> 
>>>>
>>>> ERROR: FD send failed: Broken pipe
>>>> --
>>>>
>>>>
>>>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-aspack.exe:
>>>> ClamAV-Test-File.UNOFFICIAL FOUND
>>>>
>>>>
>>>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-fsg.exe:
>>>> ClamAV-Test-File.UNOFFICIAL FOUND
>>>>
>>>>
>>>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-mew.exe:
>>>> ClamAV-Test-File.UNOFFICIAL FOUND
>>>>
>>>>
>>>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-nsis.exe:
>>>> ClamAV-Test-File.UNOFFICIAL FOUND
>>>>
>>>>
>>>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-pespin.exe:
>>>> ClamAV-Test-File.UNOFFICIAL FOUND
>>>>
>>>>
>>>> /usr/ports/security/clamav/work/clamav-0.96/unit_tests/../test/clam-petite.exe:
>>>> ClamAV-Test-File.UNOFFICIAL FOUND
>>>> ERROR: FD send failed: Broken pipe
>>>>
>>>>
>>> Do you always get broken pipe as error?
>>>
>>
>>
>> This was the first time I looked at that file. I never did before.
>>
>
> Try rerunning make check (not the full build) as I suggested in my previous
> email. Then look at the file again.
>
>
>
>>
>>  My upgrade on FreeBSD 6.4-STABLE completed successfully though.
>>>>
>>>> I must mention this other box running FreeBSD 8.0 is an old one though,
>>>> but
>>>> that shouldn't be an issue right? It's been running 0.95.3
>>>>
>>>>
>>>>  I don't think that 0.95.3 had make check enabled in the ports.
>>>
>>>
>>>  Okay.
>>
>> So I start another build process and see what error is next? I think even
>> before the same check failed.
>>
>
> No, just rerun make check and see if you consistenly get 'FD send failed:
> Broken pipe'.
>
>
Surprise, surprise! I did make check and nothing failed this time. Then
instead of going through the whole process of portupgrade again, I just did
cd ../../ && make deinstall && make install clean and now I have 0.96
running!


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
  -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FreeBSD 6.2 ClamAV/zlib problems and solution

[Odhiambo Washington]

2010/4/16 Török Edwin 

> Hi,
>
> I just had a chat on #clamav with 2 people having problem with ClamAV 0.96
> on FreeBSD 6.2. (everything was OK on FreeBSD 6.3)
>
> The symptom is that clamscan/clamd never starts, just loops infinitely
> trying to load the DB, --debug shows:
> Libclamav debug: in cli_tgzload()
>
> The system was using zlib 1.2.3, and gzseek() looked broken (it always
> returned 0 for gzseek(0, SEEK_CUR), in fact it moved the file position to 0
> again).
>
> Solution was to use upstream zlib 1.2.3 instead of system one:
> $ wget http://www.zlib.net/fossils/zlib-1.2.3.tar.gz
> $ tar xzvf zlib-1.2.3.tar.gz
> $ cd zlib-1.2.3
> $ ./configure --prefix=/usr -s
> $ make
> # make install
>
> Does FreeBSD 6.2 patch zlib in any way that could cause this error?
>
>
Not to answer your question but those people should upgrade to FreeBSD 6.4,
at least. There is no good reason to get stuck at 6.2.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
  -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] How to catch a coredump for ClamAv on FreeBSD

[Odhiambo Washington]

On Mon, Oct 4, 2010 at 4:24 PM, Jerry  wrote:

> On Mon, 4 Oct 2010 16:12:09 +0300
> Odhiambo Washington  articulated:
>
> > Oddly enough, after doing a  pkg_delete -dfv clamav\* (I'm in bash)
> > and then doing 'portinstall -N clamav' (I already have the config I
> > use so no need for make config), clamd has now started fine.
>
> I use Bash too. However, I sort of make it a practice of checking the
> port config files before doing an update of a critical application. I
> consider Clamav in that category. While it is rare, occasionally the
> port maintainer will modify the options for a specific port (Apache
> comes to mind offhand) and insuring that the port has the correct
> configuration could be vital.
>
>
I don't quite expect a major change for such a minor version revision. I
also do check the port configs before upgrading and even then I _must_ have
considered the reasons I want to upgrade, so checking the port config is one
of those considerations. What I meant was that in this particular case,
there was no such requirement (for me).

Thank you everyone.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
   -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] How to catch a coredump for ClamAv on FreeBSD

[Odhiambo Washington]

I have FreeBSD 8.1-STABLE. I have just updated from 0.96.2 to 0.96.3 and now
clamd won't start, giving segfault.

ct  4 11:06:11 mail kernel: pid 45864 (clamd), uid 26: exited on signal 11
Oct  4 11:06:22 mail kernel: pid 45917 (clamd), uid 26: exited on signal 11
Oct  4 11:06:30 mail kernel: pid 45957 (clamd), uid 26: exited on signal 11
Oct  4 11:06:38 mail kernel: pid 45991 (clamd), uid 26: exited on signal 11

I need to find out what is causing this.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
   -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] How to catch a coredump for ClamAv on FreeBSD

[Odhiambo Washington]

2010/10/4 Török Edwin 

> On Mon, 4 Oct 2010 16:12:09 +0300
> Odhiambo Washington  wrote:
>
> > On Mon, Oct 4, 2010 at 2:25 PM, Jerry 
> > wrote:
> >
> > > On Mon, 4 Oct 2010 13:12:28 +0300
> > > Odhiambo Washington  articulated:
> > >
> > > > I have FreeBSD 8.1-STABLE. I have just updated from 0.96.2 to
> > > > 0.96.3 and now clamd won't start, giving segfault.
> > > >
> > > > ct  4 11:06:11 mail kernel: pid 45864 (clamd), uid 26: exited on
> > > > signal 11 Oct  4 11:06:22 mail kernel: pid 45917 (clamd), uid 26:
> > > > exited on signal 11 Oct  4 11:06:30 mail kernel: pid 45957
> > > > (clamd), uid 26: exited on signal 11 Oct  4 11:06:38 mail kernel:
> > > > pid 45991 (clamd), uid 26: exited on signal 11
> > > >
> > > > I need to find out what is causing this.
> > >
> > > I am using FreeBSD 8.1/amd64 and have not experienced any problems.
> > > Just for grins, and assuming you are usihng the FreeBSD ports
> > > systemj to install Clamav, have you tried the following:
> > >
> > > 1) Empty the contents of "/usr/ports/distfiles"
> > >
> > > 2) Run: pkg_delete -dfv clamav*
> > >
> > > 3) Do: cd /usr/ports/security/clamav
> > >
> > > 4) Do: make config
> > >
> > > 5: Do: make install && make distclean
> > >
> > > Now, either manually start clamav, or reboot your system and make
> > > sure it starts correctly (my suggestion)
> > >
> > > If it still fails to start, you might want to contact the port
> > > maintainer: ga...@freebsd.org
> > >
> > >
> > Oddly enough, after doing a  pkg_delete -dfv clamav\* (I'm in bash)
> > and then doing 'portinstall -N clamav' (I already have the config I
> > use so no need for make config), clamd has now started fine.
> >
> > PS: Torok - supposed I had to proceed with debug, would the following
> > yield the required data?
> >ulimit -c unlimited
> >gdb -args /usr/local/sbin/clamd
> >>run
> >>bt full
> >
>
> Yes, you would run 'bt full' after clamd died (gdb will tell you when
> that happens).
> You'd have to set 'Foreground yes' in clamd.conf too.
>
> Best regards,
> --Edwin
>
>
Thanks. Given that my clamd uses Foreground already, all I need is to get a
crash.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
   -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] How to catch a coredump for ClamAv on FreeBSD

[Odhiambo Washington]

On Mon, Oct 4, 2010 at 2:25 PM, Jerry  wrote:

> On Mon, 4 Oct 2010 13:12:28 +0300
> Odhiambo Washington  articulated:
>
> > I have FreeBSD 8.1-STABLE. I have just updated from 0.96.2 to 0.96.3
> > and now clamd won't start, giving segfault.
> >
> > ct  4 11:06:11 mail kernel: pid 45864 (clamd), uid 26: exited on
> > signal 11 Oct  4 11:06:22 mail kernel: pid 45917 (clamd), uid 26:
> > exited on signal 11 Oct  4 11:06:30 mail kernel: pid 45957 (clamd),
> > uid 26: exited on signal 11 Oct  4 11:06:38 mail kernel: pid 45991
> > (clamd), uid 26: exited on signal 11
> >
> > I need to find out what is causing this.
>
> I am using FreeBSD 8.1/amd64 and have not experienced any problems.
> Just for grins, and assuming you are usihng the FreeBSD ports
> systemj to install Clamav, have you tried the following:
>
> 1) Empty the contents of "/usr/ports/distfiles"
>
> 2) Run: pkg_delete -dfv clamav*
>
> 3) Do: cd /usr/ports/security/clamav
>
> 4) Do: make config
>
> 5: Do: make install && make distclean
>
> Now, either manually start clamav, or reboot your system and make sure
> it starts correctly (my suggestion)
>
> If it still fails to start, you might want to contact the port
> maintainer: ga...@freebsd.org
>
>
Oddly enough, after doing a  pkg_delete -dfv clamav\* (I'm in bash) and then
doing 'portinstall -N clamav' (I already have the config I use so no need
for make config), clamd has now started fine.

PS: Torok - supposed I had to proceed with debug, would the following yield
the required data?
   ulimit -c unlimited
   gdb -args /usr/local/sbin/clamd
   >run
   >bt full

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
   -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] How to catch a coredump for ClamAv on FreeBSD

[Odhiambo Washington]

On Mon, Oct 4, 2010 at 2:25 PM, Jerry  wrote:

> On Mon, 4 Oct 2010 13:12:28 +0300
> Odhiambo Washington  articulated:
>
> > I have FreeBSD 8.1-STABLE. I have just updated from 0.96.2 to 0.96.3
> > and now clamd won't start, giving segfault.
> >
> > ct  4 11:06:11 mail kernel: pid 45864 (clamd), uid 26: exited on
> > signal 11 Oct  4 11:06:22 mail kernel: pid 45917 (clamd), uid 26:
> > exited on signal 11 Oct  4 11:06:30 mail kernel: pid 45957 (clamd),
> > uid 26: exited on signal 11 Oct  4 11:06:38 mail kernel: pid 45991
> > (clamd), uid 26: exited on signal 11
> >
> > I need to find out what is causing this.
>
> I am using FreeBSD 8.1/amd64 and have not experienced any problems.
> Just for grins, and assuming you are usihng the FreeBSD ports
> systemj to install Clamav, have you tried the following:
>
> 1) Empty the contents of "/usr/ports/distfiles"
>
> 2) Run: pkg_delete -dfv clamav*
>
> 3) Do: cd /usr/ports/security/clamav
>
> 4) Do: make config
>
> 5: Do: make install && make distclean
>
> Now, either manually start clamav, or reboot your system and make sure
> it starts correctly (my suggestion)
>
> If it still fails to start, you might want to contact the port maintainer:
> ga...@freebsd.org
>
>
I used portupgrade to move from 0.96.2 to 0.96.3 and I believe portupgrade
takes care of all that.
Given that the compile was successful, I believe the port maintainer is off
the hook on this one, unless he applied a funny patch.
So let me go debugging, but not before using your pkg_delete -dfv clamav\*
and reinstalling, just for the kicks!



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
   -- Lucky Dube
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] safe_clamd

[Odhiambo Washington]

On Thu, Oct 14, 2010 at 2:05 PM, Luca Gibelli  wrote:

> Hello,
>
> starting from the 0.96.2 release, our source tarball includes a script to
> automatically restart clamd in case the daemon crashes.
>
> The script is currently placed in the contrib/ directory. Latest version
> is always available from:
>
>
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=contrib/safe_clamd/safe_clamd
>
>
Hi Luca,

I have used ClamAv for a long time and it's the one that made me discover
daemontools.
Now, I really love ClamAv but I don't see how this script would add value to
it, especially when pit against apps such as
daemontools.

I can test it for you, but please tell me what I need to look for, what kind
of feedback you'd like to see.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] safe_clamd

[Odhiambo Washington]

On Thu, Oct 14, 2010 at 8:18 PM, Nathan Gibbs wrote:

> * Luca Gibelli wrote:
> > Hello,
> >
> > starting from the 0.96.2 release, our source tarball includes a script to
> > automatically restart clamd in case the daemon crashes.
> >
> > The script is currently placed in the contrib/ directory. Latest version
> > is always available from:
> >
> >
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=contrib/safe_clamd/safe_clamd
> >
> > We would like to make this script the preferred version to start clamd,
> > just like other OSS projects do (e.g. asterisk, mysql).
> >
> > Before we do, we would like to receive more feedback on this script.
> >
> No, Not as it is.
>
> Now if it was designed to work with freshclam and clamav-milter also, and
> had
> a conf file to tell it exactly what procs to worry about, maybe.
>
> As it stands, I'm not in favor of yet another abstraction layer, when the
> external event abstraction layer is in its current state of disarray.
>
>
Then we'll soon be asking that it is written in a format compliant with
FreeBSD rc scripts:-)



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)

[Odhiambo Washington]

On Mon, Nov 22, 2010 at 5:12 PM, Tomasz Kojm  wrote:

> Dear Users,
>
> we're going to release a new version of ClamAV on Monday, November 29.
> ClamAV 0.96.5 will include bugfixes and minor feature enhancements,
> such as improved handling of detection statistics, better file logging,
> and support for custom database URLs in freshclam. You can find more
> information in the ChangeLog:
>
>
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=HEAD
>
> and our Bugzilla:
>
>
> https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.5
>
> You can help by testing (or just running ./configure && make check) the
> latest code available in our Git repository - the latest snapshot
> tarball can be grabbed here:
>
>
Tested (./configure && make check) on FreeBSD 8.1-STABLE:


Making check in clamdtop
  CC optparser.o
  CC getopt.o
  CC misc.o
  CC clamdtop.o
  CCLD   clamdtop
Making check in clambc
  CC optparser.o
  CC getopt.o
  CC misc.o
  CC bcrun.o
  CCLD   clambc
Making check in unit_tests
make  check_clamav check_clamd check_freshclam.sh check_sigtool.sh
check_unit_vg.sh check1_clamscan.sh check2_clamd.sh check3_clamd.sh
check4_cla
md.sh check5_clamd_vg.sh check6_clamd_vg.sh check7_clamd_hg.sh
check8_clamd_hg.sh check9_clamscan_vg.sh
  CC check_clamav-check_clamav.o
  CC check_clamav-check_jsnorm.o
  CC check_clamav-check_str.o
  CC check_clamav-check_regex.o
  CC check_clamav-check_disasm.o
  CC check_clamav-check_uniq.o
  CC check_clamav-check_matchers.o
  CC check_clamav-check_htmlnorm.o
  CC check_clamav-check_bytecode.o
  CCLD   check_clamav
  CC check_clamd-check_clamd.o
  CCLD   check_clamd
`check_freshclam.sh' is up to date.
`check_sigtool.sh' is up to date.
cat ../unit_tests/.split/split.clam-phish-exeaa
../unit_tests/.split/split.clam-phish-exeab > clam-phish-exe
`check1_clamscan.sh' is up to date.
`check7_clamd_hg.sh' is up to date.
`check9_clamscan_vg.sh' is up to date.
make  check-TESTS
PASS: check_clamav
PASS: check_freshclam.sh
PASS: check_sigtool.sh
SKIP: check_unit_vg.sh
PASS: check1_clamscan.sh
PASS: check2_clamd.sh
PASS: check3_clamd.sh
PASS: check4_clamd.sh
SKIP: check5_clamd_vg.sh
SKIP: check6_clamd_vg.sh
SKIP: check7_clamd_hg.sh
SKIP: check8_clamd_hg.sh
SKIP: check9_clamscan_vg.sh
==
All 7 tests passed
(6 tests were not run)
==
[w...@mail ~/Tools/Clamav/clamav-devel]$ uname -a
FreeBSD mail.mediselkenya.com 8.1-STABLE FreeBSD 8.1-STABLE #0:



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)

[Odhiambo Washington]

On Mon, Nov 22, 2010 at 5:12 PM, Tomasz Kojm  wrote:

> Dear Users,
>
> we're going to release a new version of ClamAV on Monday, November 29.
> ClamAV 0.96.5 will include bugfixes and minor feature enhancements,
> such as improved handling of detection statistics, better file logging,
> and support for custom database URLs in freshclam. You can find more
> information in the ChangeLog:
>
>
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=HEAD
>
> and our Bugzilla:
>
>
> https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.5
>
> You can help by testing (or just running ./configure && make check) the
> latest code available in our Git repository - the latest snapshot
> tarball can be grabbed here:
>
>

I am now running it on FreeBSD 8.1-STABLE... I used the port infrastructure
to install it, by cheating:-)
I created a clamav-0.96.5.tar.gz from the tarball and then cheated the
system that I have a new port version. Hopefully, there is not much change
from 0.96.4 as far as the FreeBSD port is concerned, so it us running, so
far ..


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] 10 years of ClamAV

[Odhiambo Washington]

On Tue, Jun 19, 2012 at 4:52 PM, Tomasz Kojm  wrote:

> Dear ClamAV Users,
>
> This year, ClamAV celebrates its 10th anniversary. The first release was
> on May 8, 2002, and included the basic command line scanner “clamscan”
> and database update tool “freshclam”. With your help, the project that
> started as a hobby has become a complete antivirus solution and one of
> the most popular Open Source security tools. Today, ClamAV has more than
> 2 million active installations and scans hundreds of millions of files
> every day.
>
> We are incredibly proud of this project and of the development work we
> have been able to do since joining Sourcefire via acquisition in 2007.
> We’ve had the opportunity to build out the bytecode engine and logical
> signatures, and implement dozens of other major improvements that make
> ClamAV a powerful tool.
>
> While we are incredibly proud of this, it is time for us to make a
> change. ClamAV is now mature software and we are confident that
> Sourcefire will successfully continue its development, move it forward
> and maintain the integrity of its infrastructure. Matt Watchinski, who
> has headed Sourcefire’s Vulnerability Research Team (VRT™) for 10 years,
> will continue to lead this project. Joel Esler, the company's Open
> Source community manager, will also be your main point of contact and
> advocate.
>
> We cannot fully express how grateful we are to all of the people,
> organizations and companies that have supported us and who will continue
> to support the project. This includes all the individuals who have
> contributed virus signatures and the developers who have contributed
> code to ClamAV throughout the years, the public mirrors that host our
> virus databases worldwide, the entities that hosted our web site,
> nameservers and build farm; the developers and package maintainers who
> have integrated ClamAV into various Open Source products and
> distributions and, of course, the Open Source community as a whole.
>
> Finally, we would like to thank all who have trusted ClamAV for scanning
> and protecting some of the most valuable data on their networks.
>
> Sincerely,
>
> Tomasz Kojm  (twitter: @tkojm)
> Luca Gibelli  (twitter: @nervous)
> Alberto Wu 
> Edwin Török 
>
>
Congratulations to the ClamAV Team on this anniversary!!

I remember when I first encountered ClamAv and how quickly we were able to
(with the support of this great team) migrate to it from DrWeb.
I still use ClamAV todate and has never considered anything else to use
with Exim!!

Kudos!!



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Tutorial for installing ClamAV on FreeBSD?

[Odhiambo Washington]

On Sat, Nov 10, 2012 at 2:43 AM, Ed Flecko  wrote:

> Sure, that makes sense.
>
> So, I guess it's an individual preference, but if you're going to
> install from source...you're probably going to be scratching your head
> a whole lot more!
>
>
Wrong! You simply did ignore a lot of things. Next time you want to install
anything from source, make sure that you read the INSTALL/README/*
literature that comes packed with the source.
Once you do that, you should be able to see whether you need to run
`configure` with options or to first bootstrap the source. Then you should
read the  various options to `configure`. An easier
way of doing that is to run ./configure --help > build.sh
Look at that file named build.sh (you can name it anything you want, btw)
and edit the various options in there to your preference, according to the
way you understand them, and want your app to behave.
Many a times you will need to create a user and a group under which the app
should run, and this is while taking into consideration how the app will
integrate with other apps, e.g. clamav and the MTA.

That is what I always do whenever installing from source. You will always
find a build.sh that I create myself for reuse with that app and which I
always forget to edit sometimes as options are changed
across versions and which has always bitten me so badly at times. That is
why you're better off using the ports to install applications.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Configure on HPUX 11.11 with curl 7.15.10

[Odhiambo Washington]

* On 07/04/07 12:46 +0200, 192.168.0.2 wrote:
| Dear all,
| 
| while running configure I get this in config.log
| 
| configure:22625: checking for curl >= 7.10.0   
| configure:22649: result: FAILED
| configure:22651: WARNING: 7.15.0 is too old. Need version 7.10.0 or higher.

upgrade curl first!


-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+==+
|\  _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]>
Zzz /,`.-'`'-.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_) | GSM: +254 722 743223   +254 733 744121
+==+

Blore's Razor:
Given a choice between two theories, take the one which is
funnier.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Cannot build clamav-0.90.2 on FreeBSD 5.3-RELEASE

[Odhiambo Washington]

* On 13/04/07 17:40 +0400, George Eliozov wrote:
| Hello all!
| 
| I am tiring to update clamav from clamav-0.90.1 to clamav-0.90.2.
| Configure script complete successfully but when I run make, I get after
| while:
| 
| gcc -g -O2 -o .libs/clamd output.o cfgparser.o getopt.o misc.o network.o
| options.o clamd.o tcpserver.o localserver.o session.o thrmgr.o server-th.o
| scanner.o others.o clamuko.o dazukoio_compat12.o dazukoio.o
| -L/usr/local/lib ../libclamav/.libs/libclamav.so -liconv -lz -lbz2
| /usr/local/lib/libgmp.so -Wl,--rpath -Wl,/usr/local/lib
| network.o(.text+0x2b): In function `r_gethostbyname':
| ../shared/network.c:78: undefined reference to `gethostbyname_r'
| thrmgr.o(.text+0xa5): In function `thrmgr_destroy':
| /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:127: undefined
| reference to `pthread_attr_destroy'
| thrmgr.o(.text+0x18b): In function `thrmgr_new':
| /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:168: undefined
| reference to `pthread_attr_init'
| thrmgr.o(.text+0x19d):/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c
| :176: undefined reference to `pthread_attr_setdetachstate'
| thrmgr.o(.text+0x1ed):/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c
| :177: undefined reference to `pthread_attr_destroy'
| thrmgr.o(.text+0x28b): In function `thrmgr_worker':
| /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:217: undefined
| reference to `pthread_cond_timedwait'
| thrmgr.o(.text+0x483): In function `thrmgr_dispatch':
| /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:290: undefined
| reference to `pthread_create'
| *** Error code 1
| 
| Stop in /common/qmailrocks/clamav/clamav-0.90.2/clamd.
| *** Error code 1
| 
| Stop in /common/qmailrocks/clamav/clamav-0.90.2.
| *** Error code 1
| 
| Stop in /common/qmailrocks/clamav/clamav-0.90.2.
| 
| Thanks!



And here is how it fails on my FreeBSD 4.11 (yes, I still use this for 
production):


/bin/sh /usr/local/bin/libtool --tag=CC --mode=compile cc -DHAVE_CONFIG_H  -I. 
-I. -I.. -I.. -I./unrar  -I/usr/local/include   -I/usr/include -I/
usr/local/include   -O -pipe -c -o mbox.lo mbox.c
 cc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./unrar -I/usr/local/include 
-I/usr/include -I/usr/local/include -O -pipe -c mbox.c  -fPIC -DPIC -o .libs
/mbox.o
mbox.c: In function `rfc1341':
mbox.c:3858: warning: passing arg 3 of `readdir_r' from incompatible pointer 
type
mbox.c: In function `do_checkURLs':
mbox.c:4092: `args' undeclared (first use in this function)
mbox.c:4092: (Each undeclared identifier is reported only once
mbox.c:4092: for each function it appears in.)
*** Error code 1

Stop in /usr/ports/security/clamav/work/clamav-0.90.2/libclamav.
*** Error code 1

Stop in /usr/ports/security/clamav/work/clamav-0.90.2.
*** Error code 1

Stop in /usr/ports/security/clamav/work/clamav-0.90.2.
*** Error code 1

Stop in /usr/ports/security/clamav.
*** Error code 1

Stop in /usr/ports/security/clamav.




-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======+
|\  _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]>
Zzz /,`.-'`'-.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_) | GSM: +254 722 743223   +254 733 744121
+==+

Don't change the reason, just change the excuses!
-- Joe Cointment
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamd looping

[Odhiambo Washington]

Hello list

Long time since I was around here, but I have continued running Clamav
anyway and I have been happy until today.
On a very old OS (FreeBSD-5.5) I have always successfully compiled Clamav
from the ports by editing the ports Makefile and changing
--enable-gethostbyname_r to --disable-gethostbyname_r.
I updated from clamav-0.93.3 to 0.94.1 and now I can observe from the
clamd.log that clamd is continuously restarting... nonstop!
This is NOT happening on newer versions of FreeBSD (6.4 and 7.x) though.
Is there a way to arrest (I mean resolve) this situation other than
downgrading back to 0.93.3?



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Life must be understood backwards; but... it must be lived forward."
   - Soren Kierkegaard
"Oh My God! They killed init! You Bastards!"
   --from a /. post
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

[Odhiambo Washington]

On Wed, Nov 12, 2008 at 3:53 PM, Juergen Dankoweit <
[EMAIL PROTECTED]> wrote:

> Hello to the list,
>
> on my FreeBSD system I have strange problems with clamav:
> During detection a virus clamav blocks the whole mail traffic for ever.
> Only a restart of postfix, amavis and clamav solves this until the next
> virus.
>
> With clamav 0.93.3 there are no problems but it is too outdated.
>
> Because the ports tree is unupgradable I must use the original source
> from the web site. I compile clamav with the following options:
> ./configure --disable-clamuko --disable-ipv6
>

I encountered a problem with 0.94.1 on FreeBSD-5.5, but in my case, I
compiled it from the ports. Yes, the ports has it.
My problem is that clamd kept on restarting indefinately. This was not
happening with 0.93.3. So after pulling off so much of my hair , and posting
to the list and getting no responses, I decided to manually compile and see.
I used the following configure options:

./configure --prefix=/usr/local --with-group=clamav \
--disable-clamuko --with-user=mailnull \
--disable-gethostbyname_r \
--disable-zlib-vcheck \
--disable-clamav \
--enable-bigstack \
--enable-readdir_r \
--disable-dependency-tracking \
--disable-bzip2

Strangely, after I installed, it was able to run without the endless
restarting. I don't know what is in the ports that did this, but I think
it's not the ports. Rather it's something in 0.94.1. Not sure though,

I use Exim, as opposed to Postfix, so if you decide to try my way, be very
careful with the "--with-user=mailnull".

Not sure if that will help, but I am so far happy.

As regards upgrading from FreeBSD-5.5 as some may ask, I already have a
7.1-PRERELEASE which will replace this server. I am gonna migrate all the
services.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Life must be understood backwards; but... it must be lived forward."
   - Soren Kierkegaard
"Oh My God! They killed init! You Bastards!"
   --from a /. post
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

[Odhiambo Washington]

On Thu, Nov 13, 2008 at 9:03 PM, <[EMAIL PROTECTED]> wrote:

> Juergen Dankoweit wrote:
>
> > Because the ports tree is unupgradable I must use the original source
> > from the web site. I compile clamav with the following options:
> > ./configure --disable-clamuko --disable-ipv6
>
> Bah.  Upgrade your ports and edit the port Makefile.  Delete
> --enable-gethostbyname_r under CONFIGURE_ARGS= and change
> PTHREAD_LIBS= -lthr to PTHREAD_LIBS= -pthread.  Works with my 5.5.
>

Hello Steven,

You are a star! This works perfectly.


Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
   --from a /. post
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

[Odhiambo Washington]

On Fri, Nov 14, 2008 at 3:40 PM, Jürgen Dankoweit <
[EMAIL PROTECTED]> wrote:

> Hallo Steven,
>
> Am Donnerstag, den 13.11.2008, 11:03 -0700 schrieb [EMAIL PROTECTED]:
> > Juergen Dankoweit wrote:
> >
> > > Because the ports tree is unupgradable I must use the original source
> > > from the web site. I compile clamav with the following options:
> > > ./configure --disable-clamuko --disable-ipv6
> >
> > Bah.  Upgrade your ports and edit the port Makefile.  Delete
> > --enable-gethostbyname_r under CONFIGURE_ARGS= and change
> > PTHREAD_LIBS= -lthr to PTHREAD_LIBS= -pthread.  Works with my 5.5.
> >
> > Steven
>
> Thanks for the answer.
>
> I have the Makefile edited. Now I get this:
>
> # make
> ===>  Vulnerability check disabled, database not found
> ===>  Found saved configuration for clamav-0.94.1
> ===>  Extracting for clamav-0.94.1
> => MD5 Checksum OK for clamav-0.94.1.tar.gz.
> => SHA256 Checksum OK for clamav-0.94.1.tar.gz.
> ===>  Patching for clamav-0.94.1
> ===>  Applying FreeBSD patches for clamav-0.94.1
> File to patch:
>
> And now?
>
> As I wrote in the original posting the ports tree is unupgradable,
> because portsnap destroyed the most.
>

Hi Jürgen

Please use cvsup or csup to upgrade your ports tree. I use csup via cron and
I have never had a major problem, except where the OS version has been an
issue when compiling a port, like I had with this version of Clamav.
Give portsnap a break for now if it doesn't help you.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
   --from a /. post
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

[Odhiambo Washington]

On Fri, Nov 14, 2008 at 4:34 PM, Jürgen Dankoweit <
[EMAIL PROTECTED]> wrote:

>
> Am Freitag, den 14.11.2008, 15:58 +0300 schrieb Odhiambo Washington:
> > On Fri, Nov 14, 2008 at 3:40 PM, Jürgen Dankoweit <
> > [EMAIL PROTECTED]> wrote:
> >
> > > Hallo Steven,
> > >
> > > Am Donnerstag, den 13.11.2008, 11:03 -0700 schrieb [EMAIL PROTECTED]:
> > > > Juergen Dankoweit wrote:
> > > >
> > > > > Because the ports tree is unupgradable I must use the original
> source
> > > > > from the web site. I compile clamav with the following options:
> > > > > ./configure --disable-clamuko --disable-ipv6
> > > >
> > > > Bah.  Upgrade your ports and edit the port Makefile.  Delete
> > > > --enable-gethostbyname_r under CONFIGURE_ARGS= and change
> > > > PTHREAD_LIBS= -lthr to PTHREAD_LIBS= -pthread.  Works with my 5.5.
> > > >
> > > > Steven
> > >
> > > Thanks for the answer.
> > >
> > > I have the Makefile edited. Now I get this:
> > >
> > > # make
> > > ===>  Vulnerability check disabled, database not found
> > > ===>  Found saved configuration for clamav-0.94.1
> > > ===>  Extracting for clamav-0.94.1
> > > => MD5 Checksum OK for clamav-0.94.1.tar.gz.
> > > => SHA256 Checksum OK for clamav-0.94.1.tar.gz.
> > > ===>  Patching for clamav-0.94.1
> > > ===>  Applying FreeBSD patches for clamav-0.94.1
> > > File to patch:
> > >
> > > And now?
> > >
> > > As I wrote in the original posting the ports tree is unupgradable,
> > > because portsnap destroyed the most.
> > >
> >
> > Hi Jürgen
> >
> > Please use cvsup or csup to upgrade your ports tree. I use csup via cron
> and
> > I have never had a major problem, except where the OS version has been an
> > issue when compiling a port, like I had with this version of Clamav.
> > Give portsnap a break for now if it doesn't help you.
> >
>
> I have done this, too. After that many applications didn't run anymore
> because some libraries were updated. Thanks god I had a backup of the
> whole system.
>
> I have installed clamav 0.93.3 again.
>
> Thanks for all answers and all the help.


FreeBSD ports update does NOT affect the system at all! You are damn wrong
on this, to an extent I think you are not that familiar with FreeBSD.
I am offering you one thing: Give me access to your system and I will fix
whatever it is that the update of the ports tree breaks.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
   --from a /. post
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

[Odhiambo Washington]

On Fri, Nov 14, 2008 at 4:50 PM, Jürgen Dankoweit <
[EMAIL PROTECTED]> wrote:

>
> Am Freitag, den 14.11.2008, 16:43 +0300 schrieb Odhiambo Washington:
> > On Fri, Nov 14, 2008 at 4:34 PM, Jürgen Dankoweit <
> > [EMAIL PROTECTED]> wrote:
> >
> > >
> > > Am Freitag, den 14.11.2008, 15:58 +0300 schrieb Odhiambo Washington:
> > > > On Fri, Nov 14, 2008 at 3:40 PM, Jürgen Dankoweit <
> > > > [EMAIL PROTECTED]> wrote:
> > > >
> > > > > Hallo Steven,
> > > > >
> > > > > Am Donnerstag, den 13.11.2008, 11:03 -0700 schrieb
> [EMAIL PROTECTED]:
> > > > > > Juergen Dankoweit wrote:
> > > > > >
> > > > > > > Because the ports tree is unupgradable I must use the original
> > > source
> > > > > > > from the web site. I compile clamav with the following options:
> > > > > > > ./configure --disable-clamuko --disable-ipv6
> > > > > >
> > > > > > Bah.  Upgrade your ports and edit the port Makefile.  Delete
> > > > > > --enable-gethostbyname_r under CONFIGURE_ARGS= and change
> > > > > > PTHREAD_LIBS= -lthr to PTHREAD_LIBS= -pthread.  Works with my
> 5.5.
> > > > > >
> > > > > > Steven
> > > > >
> > > > > Thanks for the answer.
> > > > >
> > > > > I have the Makefile edited. Now I get this:
> > > > >
> > > > > # make
> > > > > ===>  Vulnerability check disabled, database not found
> > > > > ===>  Found saved configuration for clamav-0.94.1
> > > > > ===>  Extracting for clamav-0.94.1
> > > > > => MD5 Checksum OK for clamav-0.94.1.tar.gz.
> > > > > => SHA256 Checksum OK for clamav-0.94.1.tar.gz.
> > > > > ===>  Patching for clamav-0.94.1
> > > > > ===>  Applying FreeBSD patches for clamav-0.94.1
> > > > > File to patch:
> > > > >
> > > > > And now?
> > > > >
> > > > > As I wrote in the original posting the ports tree is unupgradable,
> > > > > because portsnap destroyed the most.
> > > > >
> > > >
> > > > Hi Jürgen
> > > >
> > > > Please use cvsup or csup to upgrade your ports tree. I use csup via
> cron
> > > and
> > > > I have never had a major problem, except where the OS version has
> been an
> > > > issue when compiling a port, like I had with this version of Clamav.
> > > > Give portsnap a break for now if it doesn't help you.
> > > >
> > >
> > > I have done this, too. After that many applications didn't run anymore
> > > because some libraries were updated. Thanks god I had a backup of the
> > > whole system.
> > >
> > > I have installed clamav 0.93.3 again.
> > >
> > > Thanks for all answers and all the help.
> >
> >
> > FreeBSD ports update does NOT affect the system at all! You are damn
> wrong
> > on this, to an extent I think you are not that familiar with FreeBSD.
> > I am offering you one thing: Give me access to your system and I will fix
> > whatever it is that the update of the ports tree breaks.
>
> I'm working about 15 years with FreeBSD. The ports tree is one of the
> weak points of the operating system. After updating the ports tree and
> then compiling clamav, some other libraries were "updated" too. I have
> seen this with my eyes!


Not possible, except for those related to Clamav. Not system libraries.
I've only used FreeBSD since 1999 and I make a livng out of building servers
from it.
My offer stands though. It doesn't mean anything. I just want to help.
The changes to the Makefile that were posted work very well.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
   --from a /. post
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Why is ClamAV signature file so unpopular?

[Odhiambo Washington]

On Fri, Nov 28, 2008 at 6:12 PM, Paul Kosinski <[EMAIL PROTECTED]> wrote:

> When I go to the download page for ClamAV at SourceForge,
> I observe that the signature file ("clamav-0.*.*.tar.gz.sig")
> is downloaded less than 10% of the time that the source code
> ("clamav-0.*.*.tar.gz") is downloaded. I find this strange,
> especially for anti-malware software, whose users presumably
> think about security more than the average SourceForge visitor.


We trust the site, and Kojm:-)

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Okay guys. This is Kenya. You pay taxes because you feel philanthropic,
unlike our MPs!"
-- Kenneth Marende, Speaker, 10th Parilament.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] 0.94.2 and SubmitDetectionStats

[Odhiambo Washington]

After upgrading from 0.94.1 to 0.94.2:

gw# freshclam -v
Current working dir is /var/db/clamav
Max retries == 5
ClamAV update process started at Sun Nov 30 20:48:14 2008
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 768
Software version from DNS: 0.94.2
main.cvd version from DNS: 49
main.cld is up to date (version: 49, sigs: 437972, f-level: 35, builder:
sven)
daily.cvd version from DNS: 8698
daily.cld is up to date (version: 8698, sigs: 31264, f-level: 38, builder:
mcichosz)
ERROR: SubmitDetectionStats: Failed to convert date string

So I have commented out that option, but why is it giving that error?
FreeBSD 7.1-PRERELEASE here.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Okay guys. This is Kenya. You pay taxes because you feel philanthropic,
unlike our MPs!"
-- Kenneth Marende, Speaker, 10th Parilament.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.94.2 and SubmitDetectionStats

[Odhiambo Washington]

On Sun, Nov 30, 2008 at 9:00 PM, Török Edwin <[EMAIL PROTECTED]> wrote:

> On 2008-11-30 19:51, Odhiambo Washington wrote:
> > After upgrading from 0.94.1 to 0.94.2:
> >
> > gw# freshclam -v
> > Current working dir is /var/db/clamav
> > Max retries == 5
> > ClamAV update process started at Sun Nov 30 20:48:14 2008
> > Using IPv6 aware code
> > Querying current.cvd.clamav.net
> > TTL: 768
> > Software version from DNS: 0.94.2
> > main.cvd version from DNS: 49
> > main.cld is up to date (version: 49, sigs: 437972, f-level: 35, builder:
> > sven)
> > daily.cvd version from DNS: 8698
> > daily.cld is up to date (version: 8698, sigs: 31264, f-level: 38,
> builder:
> > mcichosz)
> > ERROR: SubmitDetectionStats: Failed to convert date string
> >
> > So I have commented out that option, but why is it giving that error?
> > FreeBSD 7.1-PRERELEASE here.
>
> How do the last entries in your clamd.log look like?



Sun Nov 30 02:20:49 2008 -> SelfCheck: Database status OK.
Sun Nov 30 03:01:31 2008 -> SelfCheck: Database status OK.
Sun Nov 30 07:00:12 2008 -> SelfCheck: Database status OK.
Sun Nov 30 07:51:37 2008 -> SelfCheck: Database status OK.
Sun Nov 30 09:13:38 2008 -> SelfCheck: Database modification detected.
Forcing reload.
Sun Nov 30 09:13:38 2008 -> Reading databases from /var/db/clamav
Sun Nov 30 09:13:40 2008 -> Database correctly reloaded (468855 signatures)
Sun Nov 30 10:04:14 2008 -> SelfCheck: Database status OK.
Sun Nov 30 10:45:24 2008 -> SelfCheck: Database status OK.
Sun Nov 30 14:35:07 2008 -> SelfCheck: Database status OK.
Sun Nov 30 17:01:43 2008 -> SelfCheck: Database status OK.
Sun Nov 30 18:10:13 2008 -> SelfCheck: Database status OK.
Sun Nov 30 19:13:51 2008 -> SelfCheck: Database modification detected.
Forcing reload.



>
> Do you have LogTime on?


[EMAIL PROTECTED] ~]$ grep LogTime /usr/local/etc/clamd.conf
LogTime yes



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Okay guys. This is Kenya. You pay taxes because you feel philanthropic,
unlike our MPs!"
-- Kenneth Marende, Speaker, 10th Parilament.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.94.2 and SubmitDetectionStats

[Odhiambo Washington]

On Sun, Nov 30, 2008 at 9:34 PM, Török Edwin <[EMAIL PROTECTED]> wrote:

> On 2008-11-30 20:11, Odhiambo Washington wrote:
> > On Sun, Nov 30, 2008 at 9:00 PM, Török Edwin <[EMAIL PROTECTED]>
> wrote:
> >
> >
> >> On 2008-11-30 19:51, Odhiambo Washington wrote:
> >>
> >>> After upgrading from 0.94.1 to 0.94.2:
> >>>
> >>> gw# freshclam -v
> >>> Current working dir is /var/db/clamav
> >>> Max retries == 5
> >>> ClamAV update process started at Sun Nov 30 20:48:14 2008
> >>> Using IPv6 aware code
> >>> Querying current.cvd.clamav.net
> >>> TTL: 768
> >>> Software version from DNS: 0.94.2
> >>> main.cvd version from DNS: 49
> >>> main.cld is up to date (version: 49, sigs: 437972, f-level: 35,
> builder:
> >>> sven)
> >>> daily.cvd version from DNS: 8698
> >>> daily.cld is up to date (version: 8698, sigs: 31264, f-level: 38,
> >>>
> >> builder:
> >>
> >>> mcichosz)
> >>> ERROR: SubmitDetectionStats: Failed to convert date string
> >>>
> >>> So I have commented out that option, but why is it giving that error?
> >>> FreeBSD 7.1-PRERELEASE here.
> >>>
> >> How do the last entries in your clamd.log look like?
> >>
> >
> >
> >
> > Sun Nov 30 02:20:49 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 03:01:31 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 07:00:12 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 07:51:37 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 09:13:38 2008 -> SelfCheck: Database modification detected.
> > Forcing reload.
> > Sun Nov 30 09:13:38 2008 -> Reading databases from /var/db/clamav
> > Sun Nov 30 09:13:40 2008 -> Database correctly reloaded (468855
> signatures)
> > Sun Nov 30 10:04:14 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 10:45:24 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 14:35:07 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 17:01:43 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 18:10:13 2008 -> SelfCheck: Database status OK.
> > Sun Nov 30 19:13:51 2008 -> SelfCheck: Database modification detected.
> > Forcing reload.
> >
>
>
> How do lines that contain FOUND look like? Do they have anything unusual?
> What if you delete the logfile, and scan something (like test/), does
> freshclam submit then?


There are no lines with FOUND.. so far.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Okay guys. This is Kenya. You pay taxes because you feel philanthropic,
unlike our MPs!"
-- Kenneth Marende, Speaker, 10th Parilament.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.94.2 and SubmitDetectionStats

[Odhiambo Washington]

On Sun, Nov 30, 2008 at 9:51 PM, Török Edwin <[EMAIL PROTECTED]> wrote:

> On 2008-11-30 20:42, Odhiambo Washington wrote:
> > There are no lines with FOUND.. so far.
>
> Can you send me your logfile? (off-list)


I've sent you a URL link to it.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Okay guys. This is Kenya. You pay taxes because you feel philanthropic,
unlike our MPs!"
-- Kenneth Marende, Speaker, 10th Parilament.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.94.2 and SubmitDetectionStats

[Odhiambo Washington]

On Mon, Dec 1, 2008 at 10:35 AM, Török Edwin <[EMAIL PROTECTED]> wrote:

> On 2008-11-30 21:03, Odhiambo Washington wrote:
> > On Sun, Nov 30, 2008 at 9:51 PM, Török Edwin <[EMAIL PROTECTED]>
> wrote:
> >
> >
> >> On 2008-11-30 20:42, Odhiambo Washington wrote:
> >>
> >>> There are no lines with FOUND.. so far.
> >>>
> >> Can you send me your logfile? (off-list)
> >>
> >
> >
> > I've sent you a URL link to it.
>
> Everything seems to be ok with the file, and the testprogram has parsed
> it successfully.
> What if you delete the stats.dat file in /usr/local/share/clamav, does
> freshclam submit then?


In my setup, I use /var/db/clamav as opposed to  /usr/local/share/clamav and
there is no stats.dat file anywhere.
Whatever the case, I have bit the bullet and did:

gw# cp /dev/null /var/log/clamav/clamd.log
gw# freshclam -v
Current working dir is /var/db/clamav
Max retries == 5
ClamAV update process started at Mon Dec  1 23:26:42 2008
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 215
Software version from DNS: 0.94.2
main.cvd version from DNS: 49
main.cld is up to date (version: 49, sigs: 437972, f-level: 35, builder:
sven)
daily.cvd version from DNS: 8704
daily.cld is up to date (version: 8704, sigs: 31342, f-level: 38, builder:
ccordes)
SubmitDetectionStats: No detection records found



So let's see what happens next:-)
Perhaps there was something weird in the log file.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Okay guys. This is Kenya. You pay taxes because you feel philanthropic,
unlike our MPs!"
-- Kenneth Marende, Speaker, 10th Parilament.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Version mismatch error

[Odhiambo Washington]

On Sun, Dec 7, 2008 at 6:01 PM, Jerry <[EMAIL PROTECTED]> wrote:

> Running 'clamconf -n' produces this error message:
>
>
> Engine and signature databases
> --
> Engine version: 0.94.2-exp (with experimental code)
> WARNING: Version mismatch: clamconf: 0.94.2, libclamav: 0.94.2-exp
>
> Is this a problem, and how should I correct it? This is on a
> FreeBSD-6.3 machine.
>
>
Perhaps:

cd /usr/ports/security/clamav
make config  # Remove the EXPERIMENTAL bit
portupgrade -f clamav && freshclam -v

Then see if the message goes away.

I am seeing something different though (FreeBSD 6.4-STABLE):

*** MailMaxRecursion is DEPRECATED ***
*** ArchiveMaxFileSize is DEPRECATED ***
*** ArchiveMaxRecursion is DEPRECATED ***
*** ArchiveMaxFiles is DEPRECATED ***
*** ArchiveMaxCompressionRatio is DEPRECATED ***
*** ArchiveBlockMax is DEPRECATED ***

I am not sure why clamconf is spewing those, yet they are not in my
clamd.conf




-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Okay guys. This is Kenya. You pay taxes because you feel philanthropic,
unlike our MPs!"
-- Kenneth Marende, Speaker, 10th Parilament.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Australian Bush Fires

[Odhiambo Washington]

On Sun, Feb 8, 2009 at 10:24 AM, Bill Maidment  wrote:

> Guys
> I make no more apologies. It's getting worse.
> 65 are now confirmed dead. 700 properties destroyed.
> I know you cannot help practically, just as we felt unable to help at 9/11
> Keep praying.
>
> Regards VBill


Ok. You can blog about this somewhere away from the list. There's not much
than an individual person in this list can do. Someone must fight the fires
and evacuate the people. Just praying alone wouldn't help.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"The only time a woman really succeeds in changing a man is when he is a
baby."
 - Natalie Wood
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Australian Bush Fires

[Odhiambo Washington]

On Sun, Feb 8, 2009 at 9:38 AM, Bill Maidment  wrote:

> I'm sorry to hijack this thread, but I wish there was some way to avert the
> bush fire
> tragedies that are happening in Australia today.
> 49 people have lost their lives (and probably many more as complete
> townships have been
> wiped out). 650 homes are known to have been destroyed bu fire in the state
> of Victoria
> alone.
> While spam/viruses are responsible for a great deal of human suffering,
> please spare a
> few prayers for those suffering from the bushfire tragedies in Australia.
>
> I thank this community for it's fight against spam/viruses; it is greatly
> appreciated.
> Please spare a few thoughts for those families who have lost loved ones
> today.
>

I'm sorry for the families that have lost loved ones.
One thing worries me though: These bush fires are like an epidemic in Oz,
that has no cure?
Every year I hear about the bush fires in Oz, much like an epidemic without
medicine. Oz govt can create fire barriers around places inhabited by
people, no?

Then there are the California fires.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"The only time a woman really succeeds in changing a man is when he is a
baby."
 - Natalie Wood
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Australian Bush Fires

[Odhiambo Washington]

On Sun, Feb 8, 2009 at 2:54 PM, Bill Maidment  wrote:

> On Sun, 8 Feb 2009 11:40:47 + (GMT), G.W. Haywood wrote
> > Hi guys,
> >
> > On Sun, 8 Feb 2009 Bill Maidment wrote:
> >
> > [religious claptrap snipped]
> >
> > Please take the religion somewhere else, this is the 21st century.
> >
>
>
> Oh what a sad society we live in, that no one cares about the suffering of
> our fellow
> human beings.
>
> Is the clamav community so callous?


No. You just miss the point! The Oz fires are not of "global" importance.
If they were, the 130+ Kenyans who lost their lives to a fire explosion
following a fuel tanker accident would also be seen in the global
perspective.
The Clamav community is a global community, dealing with issues related to
Clamav _ONLY_, not other things from every side of the world. That is
nothing to do with callousness.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"The only time a woman really succeeds in changing a man is when he is a
baby."
 - Natalie Wood
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] MaxQueue in clamd.conf?

[Odhiambo Washington]

Thu Apr  2 08:33:07 2009 -> ERROR: Configuration error: MaxQueue should be
at least twice MaxThreads
Thu Apr  2 08:33:07 2009 -> ERROR: thrmgr_new failed

...yet there is no such param as MaxQueue in clamd.conf, but

FreeBSD-7# find clamav-0.95 -type f -exec grep -li 'MaxQueue' {} \;
clamav-0.95/clamd/server-th.c
clamav-0.95/clamd/thrmgr.c
clamav-0.95/unit_tests/test-clamd.conf
clamav-0.95/shared/optparser.c
clamav-0.95/clamdtop/clamdtop.c

Did someone forget to add a new config variable in clamd.conf with 0.95??



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"The only time a woman really succeeds in changing a man is when he is a
baby."
 - Natalie Wood
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] MaxQueue in clamd.conf?

[Odhiambo Washington]

Thu Apr  2 08:33:07 2009 -> ERROR: Configuration error: MaxQueue should be
at least twice MaxThreads
Thu Apr  2 08:33:07 2009 -> ERROR: thrmgr_new failed

...yet there is no such param as MaxQueue in clamd.conf, but

FreeBSD-7# find clamav-0.95 -type f -exec grep -li 'MaxQueue' {} \;
clamav-0.95/clamd/server-th.c
clamav-0.95/clamd/thrmgr.c
clamav-0.95/unit_tests/test-clamd.conf
clamav-0.95/shared/optparser.c
clamav-0.95/clamdtop/clamdtop.c

Did someone forget to add a new config variable in clamd.conf??



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"The only time a woman really succeeds in changing a man is when he is a
baby."
 - Natalie Wood
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Autochecking script for clamd

[Odhiambo Washington]

* Lynn Duerksen <[EMAIL PROTECTED]> [20031128 20:27]: wrote:
> > > echo $TIMESTAMP " restarting freshclam daemon"
> > > /usr/local/bin/freshclam -d -c 4
> > > --datadir=/var/amavisd/usr/local/share/clamav --log-verbose
> > > fi
> > > 
> > > 
> > > FYI - Since installing 0.65 this has recorded no restarts
> > 
> > Well, but why run freshclam all the time?
> > 
> 
> I suppose that I could have run a cron job.  But in dealing with the
> problems with clamd I found this easiest for me to manage and track.
> This computer's only role is to filter mail and pass it on to the main
> mail server for 50 users.  Not much overhead.  I think I tried the cron
> job at first but went to the daemon when troubleshooting clamd dieing.

Am I wrong in thinking this way? That:

You are wasting your bandwidth running freshclam (well, at some point the
virus db files are upto date so no data is tx-ed to your box) all the time.
You are making the database servers use cpu time that could be used for other
purposes. Nothing personal here though, just a question. ;)
 

cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Running as User amavis

[Odhiambo Washington]

* Sandy T. Santos <[EMAIL PROTECTED]> [20031201 09:26]: wrote:
> hi,
> 
> i've successfully compiled clamav-0.65 on my mandrake 8.2 but everytime i
> start clamd i get this error.
> 
> LibClamAV Error: cli_cvdload():  Can't create temporary
> directory /root/tmp/45293e6f36fa5577
> ERROR: Unable to create temporary directory.
> 
> here's my clamav.conf
> User amavis
> AllowSupplementaryGroups
> PidFile /var/amavis/clamd.pid
> LocalSocket /var/amavis/clamd
> 
> however when i comment the User directive in clamav.conf, clamd starts
> successfully. but i don't want it to run as root.

What is the $HOME of your clamav user? /root ???
I got such an error once when the owner of that $HOME was different than
the "User amavis" directive (in your case).
I solved it by

cd /usr/local/share/clamav
chown -R amavis .

[I am using your User]

When clamav is installed in my FreeBSd system, the clamav user has the
home in /usr/local/share/clamav. YMMV.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Running as User amavis

[Odhiambo Washington]

* Sandy T. Santos <[EMAIL PROTECTED]> [20031201 10:22]: wrote:
> Wash said:
> >What is the $HOME of your clamav user? /root ???
> >I got such an error once when the owner of that $HOME was different than
> >the "User amavis" directive (in your case).
> >I solved it by
> 
> the amavis user has '/var/amavis' as its home directory.
> i also have a clamav user with '/home/clamav' as its home dir.
> both home dirs are owned by their respective users.
> 
> this is my configure script.
> ./configure --prefix=/usr/local/clamav --with-user=amavis

how about 

./configure --prefix=/usr/local/clamav --disable-clamav --with-user=amavis



cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Re: Problems with clamav-milter + sendmail

[Odhiambo Washington]

* Patrik <[EMAIL PROTECTED]> [20031201 17:25]: wrote:
> Richard,
> 
> I have not generated a new /etc/mail/sendmail.cf
> Im not that familiar with sendmail, how do i generate a new one?

hehee, time to drop Sendmail on the floor and get an easier to use
MTA which does not require you to "generate XYZ when you make changes",
just a `kill -1 PID` ;-)

PS: This is personal opinion and may cause a flame war.


cheers
   - wash 
+--+---------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] clamav.conf

[Odhiambo Washington]

* Philipp Ringli <[EMAIL PROTECTED]> [20031203 18:03]: wrote:
> hi all,

Hi Ringli,

How is Schweiz? I've been there once 'in my dream' ;)


> 
> i get these errors:
> 
> ERROR: Malformed CVD header detected.
> ERROR: Can't read main.cvd header from database.clamav.net 
> (209.204.175.217)
> ERROR: Malformed CVD header detected.
> ERROR: Can't read main.cvd header from database.clamav.net 
> (64.69.64.158)
> ERROR: Malformed CVD header detected.
> ERROR: Can't read main.cvd header from database.clamav.net 
> (160.124.112.17)
> 
> and:
> 
> ERROR: Can't open config file /etc/clamav.conf !

You have to _have_ the file there.


> ERROR: Can't parse configuration file.
> 
> i do not have a clamav.conf file in /etc.
> i couldn't find anything in the list archive about the clamav.conf file.
> is there a default clamav.conf somewhere? like a recommended 
> clamav.conf?
> 
> i installed clamav using a rpm.

Do rpms come with a file name README or INSTALL or HOWTO?


> clamscan is used by a filter for xmail. seems to work fine.

Ok. Something  like this will help...

find / -name "clamav.conf -exec cp /etc/ {} \;
find / -type f -name "clamav.conf" | xargs cp /etc/clamav.conf

You have to edit that file once it is /etc and comment out the line
with 'Example'.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] clamav.conf

[Odhiambo Washington]

* Jakub Jankowski <[EMAIL PROTECTED]> [20031203 18:33]: wrote:
> On 2003-12-03, Odhiambo Washington wrote:
> 
> >Ok. Something  like this will help...
> >
> >find / -name "clamav.conf -exec cp /etc/ {} \;
> 
> Even if its syntax would be correct, it wouldn't work as expected by
> you. ;)
> 
> >find / -type f -name "clamav.conf" | xargs cp /etc/clamav.conf
> 
> You end up with a broken clamav setup if some your user placed a hostile
> clamav.conf file somewhere in a filesystem, and for some reason your
> find visits that place as the last one.
> 
> I wouldn't recommend your solution, especially over reading docs.

Yeah. I think my hands were faster than my brain in this. Thanks for the
correction. But surely, there was none in /etc previously, no?
I did not stop to think about a hostile user. You are right about this
but users with shell access on production systems _must_ be disciplined
users, otherwise they will put your ass on fire;)



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Upgrade from 6.0

[Odhiambo Washington]

* russ <[EMAIL PROTECTED]> [20031205 17:12]: wrote:
> I am looking to upgrade from 6.0 to 6.5.  I read the INSTALL, README,
> and FAQ and saw nothing pertaining to upgrading. I was just wondering if
> there are any known "gotch ya's" when doing this.


0.60 -> 0.65.


> I saw that I should remove the previous virus db's, that was about it.

More like it. You need to make sure the new version compiles on your box!



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Output of clam

[Odhiambo Washington]

* Jonas Bollden <[EMAIL PROTECTED]> [20031210 19:54]: wrote:
> Hi,
> 
> I would like to get an output from the clamd, I only get the messages in
> the log file and that's not enough for me, is there any way to do this?

By running in debug mode.



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

[Clamav-users] ScanMail (upteenth time)

[Odhiambo Washington]

Hello Antiviruslikes,

Can someone clarify to me whether or not ScanMail is an option that one
can be enabled in clamav.conf and still get some sleep?
I run ClamAv (CVS), but the version does not matter here. I also run on
FreeBSD.
Everytime I uncomment ScanMail in clamav.conf, I do not sleep at all,
unless I switch of my mobile phone and play armadillo ;-)
The same happens when I switch on ScanRaR.
Despite the fact that I run clamd under daemontools, this doesn't seem
to matter because when clamd dies, it dies for good.

To be able to make some final decisions (without necessarily looking at
the code, which for sure I wouldn't understand), can someone kindly take
a minute to explain to me whether

1. It's sane to enable those options (under FreeBSD, *BSD)
2. Does anyone run with those options in other *nix versions?
3. Do they get problems like I do?
4. Is there an explanation for the problems I see under FreeBSD?
   (I'm sure someone will say broken threads support).

As of today, I am running ClamAV version devel-20031211.
I enabled 'Process support'.

In a production env, I have reasons to ask all these, so bear with me.


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] ScanMail (upteenth time)

[Odhiambo Washington]

* zen <[EMAIL PROTECTED]> [20031211 12:33]: wrote:
> Hello Odhiambo,
> 
> Thursday, December 11, 2003, 4:19:24 PM, you wrote:
> 
> > Hello Antiviruslikes,
> 
> > Can someone clarify to me whether or not ScanMail is an option that one
> > can be enabled in clamav.conf and still get some sleep?
> > I run ClamAv (CVS), but the version does not matter here. I also run on
> > FreeBSD.
> > Everytime I uncomment ScanMail in clamav.conf, I do not sleep at all,
> > unless I switch of my mobile phone and play armadillo ;-)
> > The same happens when I switch on ScanRaR.
> > Despite the fact that I run clamd under daemontools, this doesn't seem
> > to matter because when clamd dies, it dies for good.
> 
> > To be able to make some final decisions (without necessarily looking at
> > the code, which for sure I wouldn't understand), can someone kindly take
> > a minute to explain to me whether
> 
> > 1. It's sane to enable those options (under FreeBSD, *BSD)
> > 2. Does anyone run with those options in other *nix versions?
> > 3. Do they get problems like I do?
> > 4. Is there an explanation for the problems I see under FreeBSD?
> >(I'm sure someone will say broken threads support).
> 
> > As of today, I am running ClamAV version devel-20031211.
> > I enabled 'Process support'.
> 
> > In a production env, I have reasons to ask all these, so bear with me.
> 
> 
> work smoothly with me.
> i`m running FBSD (4.9 STABLE, 4.8 STABLE and 4.7 STABLE) , and with
> those option enable and it goes well.
> it is a production server but the email load only bout 20 k per day.

I _must_ say that the server where I have had the problem is my primary
mx. It's a 4.9-STABLE box. The mail load processed on this server is, on
average, something like below:

Exim statistics from 2003-12-10 00:00:00 to 2003-12-10 23:55:40
Grand total summary
---
TOTAL   VolumeMessages   Domains Edomains
Received2383MB   55401  5219 9496
Delivered   3103MB   65088  3185 4631

Looks like it's twice your volume, but that should not be the problem afaiac.

Is it possible that some params in my clamav.conf (other than the ScanMail,
ScanRaR) are causing the failure? BTW, you haven't said what version you are
running. Could you kindly send your clamav.conf off list?


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: RES: [Clamav-users] Qmail-toaster and Clamav

[Odhiambo Washington]

* RL... <[EMAIL PROTECTED]> [20031217 15:35]: wrote:
> Hi, sorry about my poor english. This is not my native language...
> 
> But anyone can help-me???
> 
> Thanks
> 
> -Mensagem original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] nome de RL...
> Enviada em: terïa-feira, 16 de dezembro de 2003 10:40
> Para: [EMAIL PROTECTED]
> Assunto: [Clamav-users] Qmail-toaster and Clamav
> 
> Hi all,
> I'm new here and i hope can help you too.
> 
> How can i use the clamav with qmail-toaster???
>
> I am using redhat 9 with qmail-toaster (vpopmail, mysql - for user
> database - spamassassin, horde-toaster - webmail -)


Please refer to this howto but do things the RedHat way:

http://www.clamav.net/doc/FreeBSD-HowTo/qmail-scanner-how-to.html


cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

[Clamav-users] Segfault without trace?

[Odhiambo Washington]

Hi,

I guess guys are preparing for Christmas so not so much activity on this
list ;)
I am running clamav-devel-20031211.

It has died just a few minutes ago, and not ever the supervise daemon
could revive it.

When I checked on clamd.log, all I see is:


Thu Dec 18 16:09:17 2003 -> Segmentation fault :-( Bye..

I am running with Debug on. I do have the debug log but unfortunately I
cannot discern anything from it, because I see no time stamp in it.

Is there anything else I need to provide to help with this situation?
Where do I look?


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Segfault without trace?

[Odhiambo Washington]

* Michael Dankov <[EMAIL PROTECTED]> [20031218 19:32]: wrote:
> On Thu, 18 Dec 2003, Odhiambo Washington wrote:
> 
> 
> OW>I am running clamav-devel-20031211.
> OW>
> OW>Is there anything else I need to provide to help with this situation?
> OW>Where do I look?
> 
> At the latest CVS you do :) I believe this was fixed Dec 14 2003.

Okay. I have UPped to 20031218 ;)



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] How to update virus.db?

[Odhiambo Washington]

* Marino, Santiago Maximiliano <[EMAIL PROTECTED]> [20031219 11:41]: wrote:
> Hello list, I have "virus.db" file!
> Where is documentation "How Update VirusDB" 
> thanks!

See the documentation on the website, specifically:

http://www.clamav.net/doc/html/node13.html

You need to read the whole documentation though, as it seems you never
did. Spend some time going through it to the end. It's not so big.


cheers
   - wash 
+--+---------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Session 0 stopped due to timeout.

[Odhiambo Washington]

Since Patrich top-posted, I will break the rules and do the same:

* Patrick Boutilier <[EMAIL PROTECTED]> [20031222 16:02]: wrote:
> Do you have the ScanMail option enabled in clamav.conf ? If so, try 
> removing it.

Do you care to explain why you suggest he removes ScanMail?


> 
> 
> Laurent Luyckx wrote:
> >Le dim 21/12/2003 à 05:19, Tomasz Kojm a écrit :
> >
> >>On Fri, 19 Dec 2003 15:47:50 -0600
> >>Bob Tanner <[EMAIL PROTECTED]> wrote:
> >>
> >>
> >>>After upgrade to clamav-0.65, I'm seeing this in my clamd.log file:
> >>>
> >>>Fri Dec 19 14:43:38 2003 -> Session 0 stopped due to timeout.
> >>>Fri Dec 19 14:43:59 2003 -> Session 1 stopped due to timeout.
> >>
> >>Are you using clamav-milter ?
> >
> >
> >I already sent a mail about this problem some time ago... but no answer.
> >I've stopped running clamav because of this problem cause I didn't had
> >the time to dig into the problem.
> >
> >I've exactly the same problem as Bob. I'm using in combination with
> >exim+exiscan. Exim is refusing connection few time after clamd gives the
> >"Session x stopped due to timeout"...
> >
> >And I'm not using clamav-milter...
> >
> >If someone as any clues I would be happy...
> >
> >Thx.
> >
> >Laurent.
> >
> >
> >>Best regards,
> >>Tomasz Kojm
> 
> 
> ---
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Session 0 stopped due to timeout.

[Odhiambo Washington]

* Patrick Boutilier <[EMAIL PROTECTED]> [20031222 19:10]: wrote:
> 
> 
> Odhiambo Washington wrote:
> >Since Patrich top-posted, I will break the rules and do the same:
> >
> >* Patrick Boutilier <[EMAIL PROTECTED]> [20031222 16:02]: wrote:
> >
> >>Do you have the ScanMail option enabled in clamav.conf ? If so, try 
> >>removing it.
> >
> >
> >Do you care to explain why you suggest he removes ScanMail?
> >
> >
> >
> 
> 
> I was having the same problems with exiscan until I removed ScanMail 
> from clamav.conf. Exiscan demimes the message anyhow so I don't see the 
> need for ScanMail when using exiscan.


Thank you for that Patrick.

May you, and all the other users of ClamAv, have a merry Christmas!


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Critical bug in virus scanning engine (development versions only)

[Odhiambo Washington]

* Tomasz Kojm <[EMAIL PROTECTED]> [20040103 13:43]: wrote:
> Dear Users,
> 
> all ClamAV snapshots newer than clamav-20031201 contain a bug that
> completely disables detection of polymorphic viruses (Hybris, Magistr)
> and other malware with multipart signatures. Please update to the latest
> version and make sure the changelog contains the following entry:
> 
> * libclamav: fixed handling of multipart signatures (broken since
>Dec 2). The bug was introduced by _me_ and not by the
>  Thomas Lamy's patch. Problem found and reported by René
>  Bellora , Jean-Christophe
>  Heger  and Tomasz Papszun
>  .  Many thanks !
> 
> ClamAV 0.65 is NOT affected by this problem.


Since the cvs servers are acting up, could you kindly post a tarball of
the "latest" to the list. The lastest snapshot on the website is
non-conformant with your assertion.



cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] clamscan --mbox doesn't detect a virus

[Odhiambo Washington]

* Nigel Horne <[EMAIL PROTECTED]> [20040105 18:53]: wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Monday 05 Jan 2004 3:44 pm, René Bellora wrote:
> > hi!
> >
> > clamscan doesn't detect a virus in this email (using --mbox):
> >
> > <http://rana.dyndns.org/mailpack.klez>
> 
> > # clamscan --mbox mailpack
> > mailpack: OK
> 
> I downloaded your file and got this:
> 
> [EMAIL PROTECTED] tmp]$ clamscan --mbox 9675.0.mailpack.klez
> 9675.0.mailpack.klez: Exploit.IFrame.Gen FOUND
> 
> - --- SCAN SUMMARY ---
> Known viruses: 9902
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> I/O buffer size: 131072 bytes
> Time: 30.744 sec (0 m 30 s)
> 
> Please run freshclam and try again.
> 

[EMAIL PROTECTED] --version
clamscan / ClamAV version devel-20040105
[EMAIL PROTECTED] --mbox mailpack.klez
mailpack.klez: OK

--- SCAN SUMMARY ---
Known viruses: 12013
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.11 MB
I/O buffer size: 131072 bytes
Time: 0.743 sec (0 m 0 s)

[EMAIL PROTECTED] --mbox mailpack.klez
/wananchi/home/wash/mailpack.klez: OK

--- SCAN SUMMARY ---
Infected files: 0
Time: 0.013 sec (0 m 0 s)


My dbs are uptodate ;)




    cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] clamscan doesn't detect virus in .zip

[Odhiambo Washington]

* René Bellora <[EMAIL PROTECTED]> [20040105 18:55]: wrote:
> hi!
> 
>i have this .zip:
> 
> <http://rana.dyndns.org/videos.zip>
> 
>clamscan doesn't detect a virus in it, but it detects it once unpacked


Sadly, this is true for the latest snapshot also!!! I mean the
clamav-20040103-fixed.tar.gz 



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] clamscan --mbox doesn't detect a virus

[Odhiambo Washington]

* Diego d'Ambra <[EMAIL PROTECTED]> [20040105 19:04]: wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:clamav-users-
> > [EMAIL PROTECTED] On Behalf Of Nigel Horne
> > Sent: 5. januar 2004 16:49
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Clamav-users] clamscan --mbox doesn't detect a virus
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> > 
> > On Monday 05 Jan 2004 3:44 pm, René Bellora wrote:
> > > hi!
> > >
> > > clamscan doesn't detect a virus in this email (using --mbox):
> > >
> > > <http://rana.dyndns.org/mailpack.klez>
> > 
> > > # clamscan --mbox mailpack
> > > mailpack: OK
> > 
> > I downloaded your file and got this:
> > 
> > [EMAIL PROTECTED] tmp]$ clamscan --mbox 9675.0.mailpack.klez
> > 9675.0.mailpack.klez: Exploit.IFrame.Gen FOUND
> > 
> > - --- SCAN SUMMARY ---
> > Known viruses: 9902
> > Scanned directories: 0
> > Scanned files: 1
> > Infected files: 1
> > Data scanned: 0.00 MB
> > I/O buffer size: 131072 bytes
> > Time: 30.744 sec (0 m 30 s)
> > 
> > Please run freshclam and try again.
> > 
> 
> Please note that your clamscan only knows 9902 viruses (I guess it
> should be you how upgrade the DB). 


How about the output of my test??



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] clamscan doesn't detect virus in .zip

[Odhiambo Washington]

* Tomasz Papszun <[EMAIL PROTECTED]> [20040105 19:50]: wrote:
> On Mon, 05 Jan 2004 at 13:32:31 -0300, René Bellora wrote:
> > Tomasz Papszun wrote:
> > 
> > >A blind shot: does it make a difference if you run
> > >'clamscan -r videos.zip'?...
> > >
> > it doesn't:
> > 
> > # clamscan -r  videos.zip
> > videos.zip: OK
> > 
> > --- SCAN SUMMARY ---
> > Known viruses: 12013
> 
> And what about this? :
> 
> clamscan --disable-archive --unzip -r videos.zip

clamscan -r does _NOT_ work either, but

[EMAIL PROTECTED] ~]
 14$ clamscan --disable-archive --unzip -r videos.zip
Archive:  /wananchi/home/wash/videos.zip
  inflating: 2453.exe
/var/tmp//5037057d59ab36c3/2453.exe: TR/XEV.Dialer FOUND
/wananchi/home/wash/videos.zip: Infected Archive FOUND

--- SCAN SUMMARY ---
Known viruses: 12013
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
I/O buffer size: 131072 bytes
Time: 1.667 sec (0 m 1 s)


[EMAIL PROTECTED] ~]
 15$ clamdscan --disable-archive --unzip -r videos.zip
/wananchi/home/wash/videos.zip: OK

--- SCAN SUMMARY ---
Infected files: 0
Time: 0.006 sec (0 m 0 s)
[EMAIL PROTECTED] ~]



    cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] clamav-milter problem

[Odhiambo Washington]

* Alikhani <[EMAIL PROTECTED]> [20040110 09:47]: wrote:
> Hi all
> I am new that use clamav on my server suse-smp.
> I install clamav.0-65 , when I use this command :
> /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock
> it saya
> You must select server type (local/TCP) in /usr/local/etc/clamav.conf
> 
> What must I do ?

"You must select server type (local/TCP) in /usr/local/etc/clamav.conf" ;)

Look at that file and comment out the line that has:

TCPSocket 3310

(My recommendation). YMMV.


cheers
   - wash 
+--+---------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] clamav-milter compile problem

[Odhiambo Washington]

* EyedMax <[EMAIL PROTECTED]> [20040114 11:58]: wrote:
> Daniel Wiberg wrote:
> 
> >on 2004-01-13 15:33 Ing. Germán González B. said the following:
> >
> >>>EyedMax wrote:
> >>>
> >>>>I can't compile clamav-milter on my FREE-BSD 4.4-RELEASE system :(
> >>>>Everything looks fine, except a few warnings about crypt, but no 
> >>>>errors...
> >>>>clamav-milter itself isn't appears after make.
> >>
> >>
> >>Did you configure with --enable-milter option?
> >
> >
> >Or 'cd /usr/ports/security/clamav && make -DWITH_MILTER install'
> >
> >if building from ports.
> >
> >//daniel wiberg
> 
> I do not have clamv in my ports collection... FREE-BSD 4.4... =(
> 
> I run from my homedir:
> > cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav co 
> clamav-devel
> 
> How can I obtain this port?

By reading the FreeBSD HandBook , the section that deals with fetching
ports via "cvsup" ;)


> Step by step if you please =)

At least those are in the HandBook =)

Anyway, nothing is so wrong with the way you run now, Running CVS is
okay. I do it here everyday.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65

[Odhiambo Washington]

* Craig Daters <[EMAIL PROTECTED]> [20040216 18:37]: wrote:
> I installed 0.65 on a RH9 system using the source install (as opposed 
> to the RPM) and I now want to upgrade to 0.67 using the same method. 
> What is the proper way to do this? Is there and uninstall/upgrade 
> method for doing this?
> 
> Or, do I just download it, un-tar the 0.67 files then run:
> 
> $ ./configure --sysconfdir=/etc

I do the same, but I am particular about the options I pass to
configure.


> $ make

Me does that too.


> $ su -c "make install"

Yeah.


> I seem to recall that someone had asked this, but cannot find it in the 
> list.


Since I mostly use CVS code, I always seem to need to delete the old
clamav libs before the new source code compiles.


> If I do have to un-install the 0.65 install, how do I go about this?

These files will be overwritten by the new ones, I believe, so no need
to do unistall.


> I am used to working with RPM binaries, but I want to get into 
> installing from source files instead to get a better idea of the 
> installation process.

You are on the right path, but again, I am not that familiar with the
way linux works. If the last time you installed it did not complain
about any missing libs, then it should be fine this time round.



cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65

[Odhiambo Washington]

* Craig Daters <[EMAIL PROTECTED]> [20040216 21:11]: wrote:
> > > $ ./configure --sysconfdir=/etc
> >
> >I do the same, but I am particular about the options I pass to
> >configure.
> 
> What kind of options are you particular about? Should I be particular 
> about them too?

./configure --disable-clamav --enable-bigstack --with-group=mail \
--disable-clamuko --with-user=exim

You can see what they do by doing ./configure --help | more



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] freshclam in deamon mode

[Odhiambo Washington]

Ok, after a couple days off, my brain is kinda eroded.
How do people run freshclam in daemon mode, as opposed to via crontab?
I hope I am not dreaming ;)


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam in deamon mode

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040217 12:52]: wrote:
> Odhiambo Washington wrote:
> 
> >How do people run freshclam in daemon mode, 
> >
> I'm not sure what you mean here.
> Tried freshclam -d yet?

From cron???

> 
> >as opposed to via crontab?
> > 
> >
> Well, when people put entry in crontab
> 0 * * * * /usr/local/bin/freshclam
> 
> all updates will happen at hour-change (bad for database mirrors).
> If you run freshclam -d, it will check for updates every few hours.
> Suppose I run freshclam -d at Tue Feb 17 05:01:13 2004, and have
> Checks 12 in my freshclam.conf. Then updates will happen like these :

At the moment I run it via cron like this:

0 */8 * * * root /usr/local/bin/freshclam --quiet -d -c 4 -l 
/usr/local/share/clamav/clam-update.log


> Again, I'm not sure if this is what you meant.

I meant like running clamd in daemon mode ;)



cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam in deamon mode

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040217 13:49]: wrote:
> Odhiambo Washington wrote:
> 
> >>>How do people run freshclam in daemon mode, 
> >>> 
> >>>
> >>Tried freshclam -d yet?
> >>   
> >>
> >
> >From cron???
> >
> > 
> >
> No, from command line. Just execute `/usr/local/bin/freshclam -d` as 
> root or as clamav user.
> You can monitor its activities from freshclam.log (look for 
> UpdateLogFile on /usr/local/etc/freshclam.log)
> 
> >At the moment I run it via cron like this:
> >
> >0 */8 * * * root /usr/local/bin/freshclam --quiet -d -c 4 -l 
> >/usr/local/share/clamav/clam-update.log
> >
> > 
> >
> Which means you spawn multiple freshclam daemon every 8 hours!. 

unfortunately ;)


> Freshclam entry in crontab do not require "-d"

Thanks for this. Since when did this change though?


> Check your system process : there must be only one freshclam process 
> running. Kill other freshclam processess.

Ok. I must comply.


> Besides, the "-c" and "-l" is deprecated on new clamav releases. Modify 
> freshclam.conf instead.
> All you need is freshclam -d, run from command line. Not from crontab.


So what do you recommend for crontab?

> >I meant like running clamd in daemon mode ;)
> >
> > 
> >
> Then my answer is right :)


Again, unfortunately ;)



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] How to handle quarantined SPAM

[Odhiambo Washington]

* Luc de Louw <[EMAIL PROTECTED]> [20040218 03:34]: wrote:
> Hi all,
> 
> Does someone know a software, that allows users to browse and handle 
> quarantined Mails?
> 
> Preferably a Web-interface...

Could you please tell us how you quarantine them? The methodology?
If that's too much to ask, I suppose you could find a way of storing the
mails in an IMAP folder and that way you give each user access to their
mail via any webmail interface, like squirrelmail.



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam in deamon mode

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040217 15:31]: wrote:
> Odhiambo Washington wrote:
> 
> >So what do you recommend for crontab?
> > 
> >
> Earlier post from Luke Scharf suggests you put in crontab
> 
>SHELL=/bin/bash
>0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet
> 
> 
> I would prefer daemon mode, but a simple
> 
> 19 * * * * /usr/bin/freshclam --quiet
> 
> in crontab could work. Why the minute 19? Because I like it and it wont 
> flood mirrors at hour change,


Thank you very much for that!



cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Freshclam and Daemontools

[Odhiambo Washington]

* Jason Frisvold <[EMAIL PROTECTED]> [20040218 19:00]: wrote:
> Hi all!
> 
>   Is there a way to set up Daemontools to monitor and run freshclam? 
> Similar to how clamd is set up with daemontools?  I want to ensure that
> freshclam never dies for no apparent reason...

Why do I feel that that would be outrageous? Are you saying that "you
want freshclam permanently connected to the db servers"? How are you
looking at it?



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ArchiveDetectEncrypted and --detect-encrypted

[Odhiambo Washington]

* Tomasz Kojm <[EMAIL PROTECTED]> [20040304 14:48]: wrote:
> On Wed, 03 Mar 2004 20:40:09 -0600
> Ted Fines <[EMAIL PROTECTED]> wrote:
> 
> > I think I speak for everyone when I say, You rock, Tomasz.
> 
> Thank you, but the credit for the patch goes to Michael Torrie.
> 
> Also I think, the real ClamAV hero is Diego d'Ambra who spent 
> the whole day yesterday providing an instant protection against the
> latest threats. 
> 
> To use the new feature you have to check out the CVS tree:
> 
> cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav co
> clamav-devel


Two checkouts today, morning and now() but still the feature seems not
to have been commited to cvs ;)




cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan configuration

[Odhiambo Washington]

* Chris Lopeman <[EMAIL PROTECTED]> [20040311 05:42]: wrote:
> Hi All,
> 
> I have installed clam scan on Fedora.  My needs are simple.  I want to 
> run a periodic scan of almost all files on the system.  This seems 
> simple enough.  However, I am not interested in running the daemon, just 
> clamscan.  However, the clamav.conf seems to only apply to the daemon.  
> Is there no configuration file for clamscan?  Is there no way to get it 
> to use the clamav.conf?

Looking at the documentation, it is at least very clear on what you
intend to do.


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ifupdown error

[Odhiambo Washington]

* Rick Weinbender <[EMAIL PROTECTED]> [20040311 05:11]: wrote:
> After installing clamav I get the following errors on boot.
> 
> Configuring network interfaces:  run-parts:  failed to exec
> /etc/network/if-up.d/clamav-freshclam-ifupdown:  Permission Denied
> run-parts:  /etc/network/if-up.d/clamav-freshclam-ifupdown  exited with
> return code 1
> 
> this error repeats twice.
> 
> any ideas what might cause this?

First guess:

chmod 755 /etc/network/if-up.d/clamav*

Else check the permissions.


cheers
   - wash 
+--+---------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] --detect-encrypted?

[Odhiambo Washington]

Since this option was mentioned, I have done checked out the cvs version
but ./configure refuses to accept that option.
Even from a cvs checkout I did today ;)


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] --detect-encrypted?

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040311 17:49]: wrote:
> Odhiambo Washington wrote:
> 
> >Since this option was mentioned, I have done checked out the cvs version
> >but ./configure refuses to accept that option.
> >Even from a cvs checkout I did today ;)
> >
> > 
> >
> It's not ./configure option. It's clamscan option.
> With clamd, it's
> 
> ArchiveDetectEncrypted
> 
> in clamav.conf.


hehee, I noticed that and added 2 days ago, but just today Tomas
(Kojm) wrote to the list with that option again ;)


cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] --detect-encrypted?

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040311 19:30]: wrote:
> Odhiambo Washington wrote:
> 
> >hehee, I noticed that and added 2 days ago, but just today Tomas
> >(Kojm) wrote to the list with that option again ;)
> >
> > 
> >
> You mean the one with
> "
> 
> But anyway you should check the
> --detect-encrypted option (CVS).
> "
> 
> I assume he meant it as an option for clamscan (as stated in ChangeLog)

Thanks for the clarification. I will be more careful to spare time to
also read the Changelog, besides what I see being discussed ;(.
All along I had thought that it was an option to ./configure.


cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Logfile

[Odhiambo Washington]

* Betsy Schwartz <[EMAIL PROTECTED]> [20040311 22:44]: wrote:
> At 12:41 PM 3/11/2004, John Jolet wrote:
> >why not just run logrotate and have done with it?
> 
> It would help if clamd took a "kill -HUP" and started a new logfile.
> 
I support the original poster. It would be a nice feature if it were
done inside clamav itself, as he argued.


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Logfile

[Odhiambo Washington]

* Trog <[EMAIL PROTECTED]> [20040312 12:08]: wrote:
> On Fri, 2004-03-12 at 05:33, Odhiambo Washington wrote:
> > * Betsy Schwartz <[EMAIL PROTECTED]> [20040311 22:44]: wrote:
> > > At 12:41 PM 3/11/2004, John Jolet wrote:
> > > >why not just run logrotate and have done with it?
> > > 
> > > It would help if clamd took a "kill -HUP" and started a new logfile.
> > > 
> > I support the original poster. It would be a nice feature if it were
> > done inside clamav itself, as he argued.
> 
> Well, he's wrong :-)
> 
> The UNIX philosophy is that each program should do all it needs to do
> and do it well. So, it's clamds job to scan for viruses. It's logrotates
> job to rotate log files.


I guess you are right on that philosophy, so I retract my support ;)


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Errors with ScanOLE2

[Odhiambo Washington]

Running latest cvs code, with OLE2 support enabled in clamav.conf,
I see these in clamd.log:


Sat Mar 13 08:53:15 2004 -> 
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: Unable to open file 
or directory. ERROR
Sat Mar 13 08:54:08 2004 -> 
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: Unable to open file 
or directory. ERROR



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Errors with ScanOLE2

[Odhiambo Washington]

Latest cvs code ... with OLE2 support enabled...

Sat Mar 13 08:53:15 2004 -> 
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: Unable to open file 
or directory. ERROR
Sat Mar 13 08:54:08 2004 -> 
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: Unable to open file 
or directory. ERROR


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Errors with ScanOLE2

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040313 15:01]: wrote:
> Odhiambo Washington wrote:
> 
> >Latest cvs code ... with OLE2 support enabled...
> >
> >Sat Mar 13 08:53:15 2004 -> 
> >/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: Unable 
> >to open file or directory. ERROR
> >Sat Mar 13 08:54:08 2004 -> 
> >/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: *Unable 
> >to open file or directory*. ERROR
> >
> > 
> >
> That don't look like OLE errors to me ... More like permission problem.

I doubt it, unless I ignored something so obvious ... other instances of
scanning don't exhibit the same signs. See attached clamd.log.


> After enabling ScanOLE2 on clamav.conf , I tested with command line
> 
> bash-2.03# clamscan /tmp/Aplikasi-DC.doc
> /tmp/Aplikasi-DC.doc: OK
> 
> --- SCAN SUMMARY ---
> Known viruses: 20470
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.09 MB
> I/O buffer size: 131072 bytes
> Time: 6.231 sec (0 m 6 s)
> bash-2.03# clamdscan /tmp/Aplikasi-DC.doc
> /tmp/Aplikasi-DC.doc: OK
> 
> --- SCAN SUMMARY ---
> Infected files: 0
> Time: 0.922 sec (0 m 0 s)
> bash-2.03# clamd -V
> clamd / ClamAV version devel-20040313
> 
> 
> and by sending mail, it's OK. No error occured. I use clean (non-virus 
> infected) *.doc though.
> Is there something special about the .doc file you used? Do you still 
> have it? What does
> clamdscan say?
> 
> Regards,
> 
> Fajar
> 
> PS : I'm running clamd as the same user as exim.

me too. that is why I see this occurence as strange.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post
Sat Mar 13 06:35:07 2004 -> SelfCheck: Database status OK.
Sat Mar 13 07:06:26 2004 -> 
/var/spool/exim/scan/1B20Pc-0006bu-KY/1B20Pc-0006bu-KY-0.zip: Worm.SomeFool.Gen-1 
FOUND
Sat Mar 13 07:35:09 2004 -> SelfCheck: Database status OK.
Sat Mar 13 07:53:57 2004 -> 
/var/spool/exim/scan/1B219D-000LC7-57/1B219D-000LC7-57-0.zip: Worm.SomeFool.Gen-1 
FOUND
Sat Mar 13 08:04:06 2004 -> 
/var/spool/exim/scan/1B21Jb-000N5u-0M/1B21Jb-000N5u-0M-0.zip: Worm.SomeFool.Gen-1 
FOUND
Sat Mar 13 08:13:12 2004 -> Reading databases from /usr/local/share/clamav
Sat Mar 13 08:13:13 2004 -> Database correctly reloaded (20470 viruses)
Sat Mar 13 08:35:16 2004 -> SelfCheck: Database status OK.
Sat Mar 13 08:35:22 2004 -> 
/var/spool/exim/scan/1B21lp-0001YY-3y/1B21lp-0001YY-3y-0.zip: Worm.SomeFool.Gen-1 
FOUND
Sat Mar 13 08:47:15 2004 -> 
/var/spool/exim/scan/1B21yv-0003Mr-JQ/1B21yv-0003Mr-JQ-0.zip: Worm.SomeFool.Gen-1 
FOUND
Sat Mar 13 08:53:15 2004 -> 
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: Unable to open file 
or directory. ERROR
Sat Mar 13 08:54:08 2004 -> 
/var/spool/exim/scan/1B222u-0003ra-Re/1B222u-0003ra-Re-1.doc: Unable to open file 
or directory. ERROR
Sat Mar 13 09:23:45 2004 -> 
/var/spool/exim/scan/1B22Yd-00089X-V2/1B22Yd-00089X-V2-0.zip: Worm.SomeFool.Gen-2 
FOUND
Sat Mar 13 09:35:24 2004 -> SelfCheck: Database status OK.
Sat Mar 13 09:38:45 2004 -> 
/var/spool/exim/scan/1B22nA-0009uH-AK/1B22nA-0009uH-AK-0.zip: Worm.SomeFool.Gen-1 
FOUND
Sat Mar 13 09:41:10 2004 -> 
/var/spool/exim/scan/1B22pO-000AEW-JE/1B22pO-000AEW-JE.eml: VBS.Redlof.Encoded.gen 
FOUND
Sat Mar 13 09:55:34 2004 -> 
/var/spool/exim/scan/1B233P-000CEO-0l/1B233P-000CEO-0l-0.zip: Worm.SCO.A-unp FOUND
Sat Mar 13 09:59:01 2004 -> +++ Started at Sat Mar 13 09:59:01 2004
Sat Mar 13 09:59:01 2004 -> Log file size limited to 15728640 bytes.
Sat Mar 13 09:59:01 2004 -> Reading databases from /usr/local/share/clamav
Sat Mar 13 09:59:01 2004 -> Protecting against 20470 viruses.
Sat Mar 13 09:59:02 2004 -> Unix socket file /var/spool/exim/clamd.sock
Sat Mar 13 09:59:02 2004 -> Setting connection queue length to 100
Sat Mar 13 09:59:02 2004 -> Archive: Archived file size limit set to 26214400 bytes.
Sat Mar 13 09:59:02 2004 -> Archive: Recursion level limit set to 5.
Sat Mar 13 09:59:02 2004 -> Archive: Files limit set to 1000.
Sat Mar 13 09:59:02 2004 -> Archive: Compression ratio limi

Re: [Clamav-users] New varient of password compressed virus

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040315 06:20]: wrote:
> Michael Torrie wrote:
> 
> >In another escalation of the arms war, the latest variant of
> >password-encrypted archive virus now distributes itself in an encrypted
> >rar file, and the password is an attached bitmap to eliminate the
> >possibility of using the password in the body of the message to open the
> >archive in antivirus programs.
> >
> > 
> >
> An interesting fact on ChangeLog:
> 
> Thu Mar 11 21:50:32 CET 2004 (tk)
> -
>  * libclamav: rar: added support for encrypted archive (Encrypted.RAR)
>  detection
> 

Tomasz is really upto this!! Thanks Tomasz (Kojm).


> >At his rate, I give e-mail another year of usefulness.  So much for the
> >usefulness of attachments too.  Thanks a lot spammers and virus
> >writers.  The good news is we'll have to replace SMTP with a better,
> >more robust, and more secure system.


> Changing a well-known system is hard. I'm trying to replace telnet with 
> ssh and ftp with sftp for some time now, for a small community, and still 
> haven't 100% successfull.
> Mainly due to the fact that most user still use M$ Win and it don't have 
> builtin clients for ssh or sftp.

Just get them putty.exe for ssh then close the telnet port.
Where you download putty.exe, there are other FREE clients.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] FreeBSD and log rotation

[Odhiambo Washington]

* Bart Silverstrim <[EMAIL PROTECTED]> [20040316 01:46]: wrote:
> I'm running clamscan / ClamAV version 0.67-1 on FreeBSD 4.9 (clamav 
> from ports collection), using clamd to scan incoming email for viruses. 

I also run on FreeBSD 4.9-STABLE, but I have been running CVS code for
ages now. Interestingly, I have only had very very minor problems, so
I am extremely happy with ClamAV.


>  I have seen some people on the list say that clamd will stop working 
> if the maximum logfile size is hit?

Well, that was discussed, but they also gave solutions with the use of
logrotate.


> Is there anyone using newsyslog to rotate the logs for clamd, and if so 
> what is  your conf file line to do it?

BTW, there are new versions on the website, so go for them. There is an
entry in the Changelog from the CVS checkout I just did a few minutes
ago:


Tue Feb 17 17:09:24 GMT 2004 (trog)
---
  * clamd: SIGHUP re-open log file support


With that, I believe you could do the following in newsyslog.conf:

/var/log/clamav/clamd.log exim:mail 640  7 *@T00  Z /var/run/clamd.pid 1

> Is there something that has to be changed in clamav.conf also?

Yes, the PidFile specification must much the one you specify above.
I run clamd as user exim, in group mail. YMMV.

PS: I use daemontools to monitor clamd, and I use other methods to
rotate my log file, so don't blame me if the above approach makes
your box to go up in flames ;)



cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Where is the "sock" file

[Odhiambo Washington]

* Dilip M <[EMAIL PROTECTED]> [20040316 09:10]: wrote:
> Hi,
> 
> I have these RPMS installed .
> # rpm -qa|grep clam
> clamav-devel-0.67-1
> clamav-0.67-1
> 
> 
> Where is the "sock" file ?

What is a "sock" file?
Do you have a file clamav.conf??



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Where is the "sock" file

[Odhiambo Washington]

* Dilip M <[EMAIL PROTECTED]> [20040316 09:52]: wrote:
> On Tue, 16 Mar 2004 09:11:40 +0300, Odhiambo Washington 
> <[EMAIL PROTECTED]> wrote:
> 
> >* Dilip M <[EMAIL PROTECTED]> [20040316 09:10]: wrote:
> >>Hi,
> >>
> >>I have these RPMS installed .
> >># rpm -qa|grep clam
> >>clamav-devel-0.67-1
> >>clamav-0.67-1
> >>
> >>
> >>Where is the "sock" file ?
> >
> >What is a "sock" file?
> >Do you have a file clamav.conf??
> >
> >
> I'm talking about "socket" file ?
> Is there a way to coonect to CLAM using socket ??


Very much! Go slowly and read the installation docs. The answers are
there. That is why I asked you if you even have a file called
clamav.conf. The fact that you are asking this question shows that
you obviously haven't read anything to do with install, or if you
did, you were in a great hurry, which is not good for you in the long
run.
I know soon someone here is gonna tell you to RTM. Badly enough, I
happen to have just done it;(


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Verification of signature on ClamAV software

[Odhiambo Washington]

* Johnny Johansen <[EMAIL PROTECTED]> [20040317 13:33]: wrote:
> Hi ,
> 
> I'm considering using ClamAV, and I have downloaded the latest 
> softwareversion including the digital signature file. I want to verify 
> (GPG) the signature before trying to use the software, but I can't find 
> the public key matching the secret key used for signing. I tried to search 
> the mail-archive, I browsed/searched through the FAQ, and I checked the 
> homepage http://www.clamav.net
> 
> Could someone please direct me ?


The file is signed by Tomasz Kojm. His PGP key is available at
http://www.clamav.net/gpg/tkojm.gpg , among others.


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Exim & Clam : demime acl condition: error while creating mbox spool file

[Odhiambo Washington]

* Dilip M <[EMAIL PROTECTED]> [20040322 14:52]: wrote:
> 
> When ever the mail comes i see this log in 'main.log' and 'panic.log'
> 
> # tail -f main.log
> 2004-03-22 17:03:43 1B5Ngd-00014I-9a malware acl condition: clamd: ClamAV 
> returned /var/spool/exim/scan/1B5Ngd-00014I-9a: Can't access the file ERROR

The easiet way is to put the output of `exim -bP exim_user` in your
clamav.conf.

User `exim -bP exim_user`

Do the substitution!!!1


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] (no subject)

[Odhiambo Washington]

* Santiago Hoyos Restrepo <[EMAIL PROTECTED]> [20040324 18:29]: wrote:
> command

Yes, Sir!!


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam debugging help

[Odhiambo Washington]

* Tomasz Papszun <[EMAIL PROTECTED]> [20040324 23:19]: wrote:
> On Wed, 24 Mar 2004 at 13:09:27 -0500, Colin A. Bartlett wrote:
> [...]
> > Checking for a new database - started at Wed Mar 24 13:01:07 2004
> > Connected to clamav.elektrapro.com.
> > Reading md5 sum (viruses.md5): OK
> > viruses.db is up to date.
> > Reading md5 sum (viruses2.md5): OK
> > ERROR: Can't open new file ./1c136a7d92ca0d50 to write
> > open: Permission denied
> > ERROR: Can't download viruses.db2 from clamav.elektrapro.com

I have seen that error when the DataDirectory (OLD
directive in clamav.conf) or DatabaseDirectory is not writeable by
the clamav User.



cheers
   - wash 
+------+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] RE: memory leak?

[Odhiambo Washington]

* Jesse Guardiani <[EMAIL PROTECTED]> [20040324 00:14]: wrote:
> Lucas Albers wrote:
> 
> > I'm a bit hesitant of upgrading to .68 or .70-rc if it appears to have a
> > memory leak. At what point can the developers say:
> > "this x release does not have a memory leak."

All these memory leaks!! I don't see them in my system which uses just
Exiscan and clamd.

cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

[Odhiambo Washington]

* Ralph Angenendt <[EMAIL PROTECTED]> [20040325 14:04]: wrote:
> Dilip M wrote:
> > I have
> > # rpm -qa|grep clam
> > clamav-0.67-1
> > clamav-devel-0.67-1
> > 
> > 
> > # exim -bV
> > How can i get this work my side ?
> 
> On a machine with amavisd-new clamav *and* kaspersky, I just grep
> through the mail.log for infected files. If you only have clamav, you
> might just grep through /var/log/messages (this is a linux box here).
> clamd outputs this into /var/log/messages:
> 
> Mar 25 10:45:22 mail-gw-1 clamd[11873]: 
> /var/amavis/amavis-20040325T104422-11686/parts/part-2: Yaha.P FOUND
> 
> For this you need "LogSyslog" enabled in /etc/clamav/clamav.conf, though
> I don't know if clamscan also writes to syslog if you're using this,
> clamd does.
> 
> As we now know, what the string we're searching looks like, it's just a
> little sed, grep, sort:
> 
> grep FOUND /var/log/messages \
> | cut -d ":" -f 5 \
> | sed -e "s/\ FOUND//" \
> | sort \
> | uniq -c \
> | sort -r
> 
> This gives us the following output (yes, no percentages, one might hack
> that into it):
> 
>9353  Worm.SomeFool.Gen-1
>3647  Worm.SomeFool.P
>2312  Worm.SomeFool.Gen-2
> 912  Worm.Sober.D
> 521  Worm.Dumaru.A
> 174  Worm.SomeFool.I
>  55  Worm.Mydoom.F
>  53  Worm.Dumaru.K
>  39  Worm.Dumaru.Y
>  35  Worm.Bagle.Gen-zippwd
>  23  Worm.Bagle.Gen-1
>  [...]


If you use clamd and it logs to clamd.log, the following line can also
give you the stats:

grep FOUND /var/log/clamav/clamd.log  | awk '{print $8}' | \
sed -e "s/\ FOUND//"  | sort | uniq -c



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segfault on password protected rar?

[Odhiambo Washington]

* Ethan P <[EMAIL PROTECTED]> [20040326 19:15]: wrote:
> I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3. 

Does it still behave the same if you upgrade to higher version?


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Dumb Q about clamd & freshclam

[Odhiambo Washington]

* russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote:
> On Tue, 2004-03-30 at 20:28, Tim B wrote:
> 
> > When using clamd, and freshclam, and new virus list comes out, do I have 
> > to restart or reload clamd to recognize the new definitions or does it 
> > do it automatically?
> 
> It does it automatically.

Even when NotifyClamd is not enabled in freshclam.conf?


cheers
   - wash 
+--+---------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Dumb Q about clamd & freshclam

[Odhiambo Washington]

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040331 08:36]: wrote:
> Odhiambo Washington wrote:
> 
> >* russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote:
> > 
> >
> >>On Tue, 2004-03-30 at 20:28, Tim B wrote:
> >>
> >>   
> >>
> >>>When using clamd, and freshclam, and new virus list comes out, do I have 
> >>>to restart or reload clamd to recognize the new definitions or does it 
> >>>do it automatically?
> >>> 
> >>>
> >>It does it automatically.
> >>   
> >>
> >
> >Even when NotifyClamd is not enabled in freshclam.conf?
> >
> > 
> >
> Yes, but it will be slower. Depends on SelfCheck interval (at least this 
> is true for older versions).
> Strangely enough, NotifyClamd is NOT on the default clamav.conf on 
> latest CVS snapshot (not even "present but commented out" like LogTime).
> I guess it's on by default now.


NotifyClamd is part of freshclam.conf


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1

[Odhiambo Washington]

* jamie <[EMAIL PROTECTED]> [20040401 08:29]: wrote:
> 
> 
> On Thu, 25 Mar 2004, Todd Lyons wrote:
> 
> > On Thu, 2004-03-25 at 08:36, Claudio Alonso wrote:
> > > Hi,
> > > Yesterday I installed clamav-0.70rc-1 from rpm on my RedHat 9.0 (kernel 
> > > 2.4.20-30.9) and started
> > > clamd just to test it's current stability
> > > The computer was on all night and today I found the following in the rotated 
> > > logs:
> > > Thu Mar 25 04:02:33 2004 -> No stats for Database check - forcing reload
> > > Thu Mar 25 04:02:35 2004 -> Reading databases from /var/lib/clamav
> > > Thu Mar 25 04:02:36 2004 -> Segmentation fault :-( Bye..
> > > I've been looking in the archives and found some segmentation problems with this 
> > > version but I'm
> > > not using milter and my logs don't refer to any "accept() failed" nor 
> > > "pthread_create failed" (nor
> > > in this log nor in the previous before rotate, which only shows "SIGHUP caught: 
> > > re-opening log
> > > file." before rotate.
> >
> > You probably saw some of my issues.  I'm using RH 9.0 as well and have
> > problems with spamd SegFaulting.  I personally think it's pthread
> > related, but have zero data to back it up.  On my system, clamd handles
> > 20K or 30K messages in about 12 hours and then dies.  I upgraded to 0.70
> > cvs on Tuesday.  clamd stopped segfaulting, but would lock up and
> > clamav-milter would then die.  I've had to disable it until I figure out
> > what to do to make it stable.
> >
> > I'd love to figure out what's causing this.
> >
> > Blue skies...   Todd
> 
> 
>I'm having the same problem on FreeBSD 4.8. After about 15-20 hours
> clamd will just die. First time it happened I got the SegFault error. Now
> it dies after approx 15 hours without any error messages and it leaves no
> core files behind.
> 
>I started out running version 0.70 but I've cut back to 0.68. I noticed
> 0.70 has a new thread manager, so I thought that may be the problem.
> I'd really like to know what's going on, also.
> 
>  - Jamie

And I am running the CVS version (even as of yesterday) on FreeBSD
4.9-STABLE and it doesn't die at all. I've always ran cvs because of
1. Outstanding support from the developers
2. It's the one that seems more "stable" (word on this list has it so).

BTW, Jamie, as an aside, what is the reason you are running 4.8 ver?

Another thing: I run clamd using daemontools. Interestingly, the
supervise program always dies on this box (I can't figure out why), but
clamd is always alive. I am thinking of using clamdwatch from today or
tomorrow.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] exiscan and clamd 0.70 devel-20040316

[Odhiambo Washington]

* Michael V. Sokolov <[EMAIL PROTECTED]> [20040402 10:09]: wrote:
> 
> sirs, we have quite uncomfortable situation: messages with size >1 mb 
> periodically resends to us, because remote side got:
> delay=1539, status=deferred (conversation with proton.ecros.ru[62.141.114.178] 
> timed out while sending end of data -- message may be sent more than once)
> 
> On the other hand -- some messages passes through clamd check at smtp time 
> without any problems. What can i do to avoid such situation in future ?

Why check messages larger than 1MB for viruses? I seriuosly doubt they
could contain malware, though it's possible. I don't scan messages >1MB.


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] exiscan and clamd 0.70 devel-20040316

[Odhiambo Washington]

* Michael V. Sokolov <[EMAIL PROTECTED]> [20040402 11:51]: wrote:
> On Friday 02 April 2004 12:05, Odhiambo Washington wrote:
> 
> > Why check messages larger than 1MB for viruses? I seriuosly doubt they
> > could contain malware, though it's possible. I don't scan messages >1MB.
> 
> m-m-m, seems, that sounds quite wisely, because anyway we have second stage TM 
> Mailscan and personal NAV installed at end users.
> 
> So, how much limit is optimal to set up ?



Let's hear other people's opinions.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV CVS version devel-20040325 instability

[Odhiambo Washington]

* Jesse Guardiani <[EMAIL PROTECTED]> [20040402 20:12]: wrote:
> Howdy list,
> 
> We've been running CVS version devel-20040325
> for about a week with great success, but just
> this morning it locked up. I tried:


I haven't had the same problems you are seeing in ages. Not a mockery,
but the only differences btn my system and yours could be:

1. Versions - I run FreeBSD 4.9-STABLE
2. Loads- I process far too much mail load ;-)
3. I run Exim+Exiscan+Clamd+SA


I have been running CVS ever since. See attached file.

So I think something else is locking your system up.

What combo do you run??


cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post
FreeBSD ns2.wananchi.com 4.9-STABLE FreeBSD 4.9-STABLE #0: Sat Mar 20 10:51:31 EAT 2004
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/SRV4.x  i386

clamd / ClamAV version devel-20040331

##
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 15M
LogTime
LogSyslog
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/spool/exim/clamd.sock 
FixStaleSocket
TCPAddr 127.0.0.1
MaxConnectionQueueLength 100 
StreamSaveToDisk
StreamMaxLength 10M
MaxThreads 100 
ReadTimeout 500
MaxDirectoryRecursion 15
FollowDirectorySymlinks
FollowFileSymlinks
User exim
AllowSupplementaryGroups
Foreground
Debug
ScanArchive
ArchiveMaxFileSize 25M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
ArchiveLimitMemoryUsage
ArchiveDetectEncrypted
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
ClamukoMaxFileSize 1M
ClamukoScanArchive

Re: [Clamav-users] Re: ClamAV CVS version devel-20040325 instability

[Odhiambo Washington]

* Jesse Guardiani <[EMAIL PROTECTED]> [20040402 23:24]: wrote:
> Odhiambo Washington wrote:
> 
> > * Jesse Guardiani <[EMAIL PROTECTED]> [20040402 20:12]: wrote:
> >> Howdy list,
> >> 
> >> We've been running CVS version devel-20040325
> >> for about a week with great success, but just
> >> this morning it locked up. I tried:
> > 
> > 
> > I haven't had the same problems you are seeing in ages. Not a mockery,
> > but the only differences btn my system and yours could be:
> > 
> > 1. Versions - I run FreeBSD 4.9-STABLE
> > 2. Loads- I process far too much mail load ;-)
> 
> This problem JUST started this morning. I'd been running this version
> of clamd for about a week with no problems before this. Load is higher
> than usual today, but I'm not sure if that's because clamd was rejecting
> mail from 5AM to 9AM and is still catching up or if we're the target
> of a spam run.
> 
> 
> > 3. I run Exim+Exiscan+Clamd+SA
> > 
> > 
> > I have been running CVS ever since.
> 
> Ever since what?

Well, this is to say I really don't remember when I installed any of
those "stable" versions on the site. It's always been CVS since the
very first days I knew about clamav. Before that I was using drweb.


> > So I think something else is locking your system up.
> 
> 
> :) I'm a programmer (C/C++/Java/Perl/Python/etc...), but for some
> reason EVERYONE seems to be telling me lately that something else is
> causing the bugs I find (no, these unrelated bugs aren't on the same
> machine either).
> 
> "No no, surely it can't be a bug in a  C program."
> It's not like C makes it EASY to write bug free code or anything. :) Come on
> guys. At least give me the benefit of the doubt here. You could *look* at C
> code the wrong way and introduce a bug.

OK. I give you the benefit of doubt myself ;)


> > What combo do you run??
> 
> Qmail + QMAILQUEUE + custom-python-script + qmail-scanner-1.21 + clamdscan
> 
> The only really notable things about your clamav.conf compared with mine
> are:
> 
> A.) You're running a TON of concurrent threads on a system that can't spread
> those threads out over multiple CPUs (FreeBSD 4.x). Why don't you reduce
> that to something reasonable and raise your MaxConnectionQueueLength?
> 
> You'll probably save some CPU that way.

Thanks. I will act on that today, though you, being an expert in C,
could have given me some recommendation on values.


> B.) You're running Clamuko and I'm not.

No. I don't run Clamuko. Those values just seemed enabled, but Clamuko,
AFAIK, is not for *BSD. Clamuko is DISABLED. Once ClamukoScanOnline is
commented out, the other Clamuko options are of no consequence.


> C.) You've set StreamMaxLength and I haven't. (company policy. Don't ask.)

OK.


> D.) You've specified FixStaleSocket, which I don't use and can't find in the
> documentation. What does that do?

It's in CVS, an option for clamd. From the combo you run, am I right in
assuming you don't use clamd at all, but only clamdscan??? In that case
then you don't run clamd as a daemon and FixStaleSocket really becomes
irrelevant in your case.


> The StreamMaxLength and FixStaleSocket options are the most interesting to
> me.

Since you said the former is because of company policy, and the later is
for clamd daemon, I am sure you are alright with those two the way they
are, no?


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ScanOLE2 - who is using this successfully?

[Odhiambo Washington]

Hello all,

For quite sometime, I've had to resist the enabling of this option in
clamav.conf because whenever I do, I get the following message:

Can't open /var/tmp//da538de874b4bc60/_VBA_PROJECT in the debug info.
There is a corresponding msg in clamd.log which is almost similar.
Perhaps I've sent that to the list b4? I don't have one now.

What is this that I could be missing?

cheers
   - wash 
+--+-----+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav and milter - dedicated mailing list.

[Odhiambo Washington]

May I propose a separate mailing list for milter users? There seems to
be alot of discussions about milter (now I even know it's some form of
sendmail plugin) that warrants this.
Some of us use Exiscan and we find milter quite a 'strange' idea ;-))
The list could be named clamav-milter-users.
I believe the usage of ClamAv has grown to an extent that this now
warranted.

Any seconders


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Complete system scan...

[Odhiambo Washington]

* Mike van Vugt <[EMAIL PROTECTED]> [20040415 19:54]: wrote:
> Hi,
> 
> What command can I use to scan my compleet system ???


http://www.clamav.net/doc/0.70/html/node17.html

That section deals with Usage of ClamAv.

HTH


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users