Re: [clamav-users] Clam in a very low memory environment?
Thomas Cameron wrote: > I am taking advantage of the free tier at Amazon (640M memory) to host > my e-mail server. > > Naturally, my first move was to install SpamAssassin and ClamAV for > mail filtering, but I got out of memory errors when starting Clam. > > Is anyone running Clam in a very low memory configuration? Is it > do-able? Sure, my test-system nodes only have about 400M RAM. I use my own clam daemon, but the functionality is the same. -- Per Jessen, Zürich (5.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] ClamAV 0.103.2 security patch release
G.W. Haywood wrote: > Hi there, > > On Sat, 10 Apr 2021, Per Jessen wrote: > >> When I built $SUBJ just now, I see >> >> libclammspack.so.0 >> => >> /home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0 >> >> ie. with a fixed path ? How do I avoid that? > > Is this before 'make install'? Yes. See below. > After you install it I'd expect something more like > > # ldd `which clamd-0.103.2-allmatchstream` | grep libclammspack > libclammspack.so.0 => /usr/local/lib/libclammspack.so.0 > (0xb6734000) Ditto, and that's what I got with e.g. 102.1. > If this is after install, exactly how did you build it? I don't normally do a "make install", I copy the libraries to the destination servers directly. I only need the libraries. > Not sure this should be on the development list. Agree. -- Per Jessen, Zürich (16.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.2 security patch release
Per Jessen wrote: > >> If this is after install, exactly how did you build it? > > I don't normally do a "make install", I copy the libraries to the > destination servers directly. I only need the libraries. Having just built and installed on another machine, this is what is causing my issue. -- Per Jessen, Zürich (15.4°C) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.2 security patch release
G.W. Haywood via clamav-users wrote: > Hi there, > > On Sat, 10 Apr 2021, Per Jessen wrote: >> G.W. Haywood wrote: >>> On Sat, 10 Apr 2021, Per Jessen wrote: >>> >>>> When I built $SUBJ just now, I see >>>> >>>> libclammspack.so.0 >>>> => >>>> /home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0 >>> >>> Is this before 'make install'? >> >> Yes. See below. >> >>> After you install it I'd expect something more like >>> >>> # ldd `which clamd-0.103.2-allmatchstream` | grep libclammspack >>> libclammspack.so.0 => /usr/local/lib/libclammspack.so.0 >>> (0xb6734000) >> >> Ditto, and that's what I got with e.g. 102.1. > > You mean 0.103.2 doesn't behave like 0.102.1 in this regard? > If it does not, that sounds like one for the ClamAV Bugzilla. I'll doublecheck first, but I don't remember seeing this issue before. >> I don't normally do a "make install", I copy the libraries to the >> destination servers directly. I only need the libraries. > > Seems you're not a typical user. :) Yeah :-) Thanks, -- Per Jessen, Zürich (15.1°C) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[Clamav-users] Suggestion - make the source package available without the main.cvd database
Any chance of making the source package available without the current cvd databases? The current package is 24Mb, without the CVD it's only 3Mb. Just a suggestion, but it might just save some bandwidth. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] freshclam - how to hard-code to specific IP?
W S wrote: > Folks, > > Is there anyway to Hard-Code IP address for updating ClamAV db? > I see this keep changing: > > % host database.clamav.net > database.clamav.net is an alias for db.local.clamav.net. You could probably amend /etc/hosts with a permanent entry for 'database.clamav.net' pointing to whereever you want. Or you just update /etc/freshclam.conf to point to only only mirror. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] third party signatures are given preference ?
I use the official clamav databases plus third party signatures from sanesecurity to scan email for virus - when an email would potentially hit two signatures, it seems to prefer the third party over the official clamav sigs. Is this intentional or am I missing something? A recent example is Email.Trojan.GZC aka Sanesecurity.Malware.8825. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] ClamAV Memory Usage
Gordan Bobic wrote: > Hi, > > Can anyone explain why clamd 0.95.3 might use 190MB of RAM after 5 > days of light usage (few hundred emails)? It is the single biggest > process on my mail servers, and I'm not convinced it's size is > reasonably justifiable. The database files under /var/lib/clamav use > about 70MB. So, even assuming this is kept in memory at all times, > where does the other 120MB come from? Maybe when the database is reloaded? I don't know clamd that well, but I suspect it'll probably have two copies of the database in core during reload. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] lastest daily.cvd (10938) might cause an issue for clamd users who have not upgraded to libclamav 0.96
I'm running my own custom clamav daemon, and just now I ran into an issue when reloading the latest daily.cvd. cl_load() seems to be looking for a file named 'daily.ldb' - it isn't found, which causes a segfault. I don't yet know if this is purely my issue or if it might also affect clamd users, but I'm posting this "just in case". /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] lastest daily.cvd (10938) might cause an issue for clamd users who have not upgraded to libclamav 0.96
Per Jessen wrote: > I'm running my own custom clamav daemon, and just now I ran into an > issue when reloading the latest daily.cvd. cl_load() seems to be > looking for a file named 'daily.ldb' - it isn't found, which causes a > segfault. I don't yet know if this is purely my issue or if it might > also affect clamd users, but I'm posting this "just in case". > See http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
Toby Bryans wrote: > Thanks Luca, I obviously should have checked there in retrospect! > It was posted 8 minutes after your posting, so checking there wouldn't have done you any good :-) /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
Toby Bryans wrote: > On 7 May 2010 12:28, Per Jessen wrote: > >> Toby Bryans wrote: >> >> > Thanks Luca, I obviously should have checked there in retrospect! >> > >> >> It was posted 8 minutes after your posting, so checking there >> wouldn't have done you any good :-) > > > :) > > I can confirm that the latest update definitely works, thanks all. > > I haven't yet received the announcement about the latest update though > - obviously a lot of people are subscribed to the announcement list! > Perhaps this sort of thing should be twittered (or some other > broadcast media) as well? Personally, I don't use twitter, and the mailing list announcement is fully sufficient. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] How can I have clamd reject items that can't be scanned?
Peter Bradeen wrote: > I see that there are ways to limit the level of archive that will be > scanned as well as the size of the entities to be scanned. Is there a > way for CLAMAV to then flag them as not allowed? Seem that if you > can't scan it, it should be rejected. It's not about not being able to scan, it's about not wanting to scan. Regardless, clamav doesn't reject or approve mails, that's for your MTA to do. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] How can I have clamd reject items that can't be scanned?
Rob Sterenborg (lists) wrote: > On Wed, 2011-11-09 at 10:31 +0100, Per Jessen wrote: >> Peter Bradeen wrote: >> >> > I see that there are ways to limit the level of archive that will >> > be >> > scanned as well as the size of the entities to be scanned. Is >> > there a >> > way for CLAMAV to then flag them as not allowed? Seem that if you >> > can't scan it, it should be rejected. >> >> It's not about not being able to scan, it's about not wanting to >> scan. Regardless, clamav doesn't reject or approve mails, that's for >> your MTA to do. > > If you use ClamAV as milter, it's up to ClamAV to tell the MTA what to > do so I guess there's a task for ClamAV too.. Well, I guess it depends on your point of view. Personally I see the MTA doing the rejection, possibly based on information from elsewhere (DNS, blacklists, clamav, wherever). /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] How can I have clamd reject items that can't be scanned?
Simon Hobson wrote: > Per Jessen wrote: > >> >> It's not about not being able to scan, it's about not wanting to >>>> scan. Regardless, clamav doesn't reject or approve mails, that's >>>> for your MTA to do. >>> >>> If you use ClamAV as milter, it's up to ClamAV to tell the MTA what >>> to do so I guess there's a task for ClamAV too.. >> >>Well, I guess it depends on your point of view. Personally I see the >>MTA doing the rejection, possibly based on information from elsewhere >>(DNS, blacklists, clamav, wherever). > > This is a rather pointless argument about semantics which doesn't > answer the original question. I'll rephrase it for the pedants : > >>I see that there are ways to limit the level of archive that will be >>scanned as well as the size of the entities to be scanned. Is there >>a way for CLAMAV to then flag them as not allowed? > > Oh, I see it works without modification. Is it possible for ClamAV to > flag that the message should be rejected if it can't be scanned - > seems a reasonable question to me. The OP started by saying "there are ways to limit the level of archive that will be scanned as well as the size of the entities to be scanned", which are performance optimizing options one can use if desired. To which I commented that it's not about a message that can't be scanned, but whether your limits allow it to be scanned. Remove the limits, and everything is scanned (presumbly only limited by hardware resources). Nonetheless, it is actually an interesting question - should/does clamav return "not-scanned-due-to-user-restriction" in such cases? /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] scriptedupdates ignored if daily.inc exists
I upgraded my test-system to 0.90.1 without realising that freshclams default behaviour had changed to using the diff-method rather than downloading the full cvd file. WHen I found out a bit later, I updated freshclam.conf, but this seemed to have no effect. This turned out to be because I'd left the daily.inc directory. When I removed it, freshclam retrieved the daily cvd on the next attempt. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with big mails
[EMAIL PROTECTED] wrote: > Hey all; > I'm running ClamAV 0.90.1 on FreeBSD 6.2. > In front of this server I have 3 other, which gather traffic and run > it through my ClamAV-server. > > Everything is running smothly, except some mails, that are large. > Right now I have 4 mails on one of the servers that vary in size from > 20MB to 60 MB. Virus-scanning anything bigger than 1-2Mb makes little sense. ANything as big as 20Mb, I would just skip without further consideration. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav gcc dependendencies ...
I guess there was no other way than to make clamav dependent on gcc, but it sure is bad timing. Only a week before Christmas, most systems are frozen, people have already left for vacation etc. Updating clamav is within reason for us, but upgrading gcc too ... Was/is there absolutely no way of fixing this gcc problem in the clamav source? /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav gcc dependendencies ...
Török Edwin wrote: > You don't need to upgrade to 4.1.2/4.2.x. > gcc-3.4 can be nicely installed side-by-side with a 4.0.x/4.1.0 series > gcc, all you need to do is: > > # apt-get install gcc-3.4 > $ export CC=gcc-3.4 > $ ./configure All our systems are frozen - no changes until mid-Jan. clamav is one of very few exceptions. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam complains about /etc/clamd.conf ?
I've just completed our upgrade to 0.92 - when I restarted freshclam, I got the following: ERROR: Parse error at line 37: Unknown option ScriptedUpdates. ERROR: Please edit the example config file /etc/clamd.conf. ERROR: Can't parse the config file /etc/clamd.conf I'm not using clamd - any reason why freshclam should complain about /etc/clamd.conf ? /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam complains about /etc/clamd.conf ?
Ismail M. Settenda wrote: > Go edit the said file (/etc/clamd.conf) and comment out the line > > Example > > Then restart freshclam Wait - I didn't ask how to fix the problem. I'm more interested to know why freshclam complains about this _unused_ config-file when it has never done so before. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam complains about /etc/clamd.conf ?
Per Jessen wrote: > Wait - I didn't ask how to fix the problem. I'm more interested to > know why freshclam complains about this _unused_ config-file when it > has never done so before. Please ignore - problem found and solved. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam logfile size
Am I the first person to suggest the default max logsize should be 0 instead of 1M (or some other arbitrary value) ? /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] What's the benefit of having libiconv installed?
I'm was about to deploy libclamav* on some new machines, when I noticed that the libraries needed libiconv. The build-machine obviously had this library installed so it got selected automagically. Before I go and install libiconv on my new servers, I was just wondering what the advantage of it is in relation to clamav? It's obviously optional, and clamav sems to do quite well without it. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] file not recognised by clamav, but by many others?
A friend of mine sent me a windows executable that ClamAV had let through (back in 2016) - I had it scanned at https://www.virustotal.com : https://www.virustotal.com/de/file/8b6d6f3220f5423bce085a70949890ed5147b9ba06960ac5666b79611f92eb2f/analysis/1521538774/ ClamAV reports clean (also on my system), but it is recognised by many others. https://files.jessen.ch/materials-20161511_121132836553-doc.exe -- Per Jessen, Zürich (-0.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] file not recognised by clamav, but by many others?
Al Varnell wrote: > The virus database is kept up to date with the help of the community. > If you find a new virus that ClamAV does not detect, please report the > suspicious file to the ClamAV team > <https://www.clamav.net/reports/malware>. Sure, I am well aware. I was just curious that such a relatively old virus is not identified by ClamAV. (nor by Sanesec signatures for that matter). -- Per Jessen, Zürich (0.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] unable to build with --enable-libclamav-only
I've just stumbled on this new config option - "--enable-libclamav-only ". However, I still get complaints about libcurl (for freshclam and clamdsubmit) ? This is my invocation: ./configure --prefix=/usr --enable-libclamav-only --with-dbdir=/var/lib/clamav --sysconfdir=/etc --mandir=/usr/share/man I must be missing something? -- Per Jessen, Zürich (15.5°C) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] unable to build with --enable-libclamav-only
Michael Orlitzky via clamav-users wrote: > On 2/24/20 5:28 AM, Per Jessen wrote: >> I've just stumbled on this new config >> option - "--enable-libclamav-only ". However, I still get complaints >> about libcurl (for freshclam and clamdsubmit) ? >> > > I reported this already (bug is still private): > > https://bugzilla.clamav.net/show_bug.cgi?id=12494 > > It's just a bug in the build system, nothing exciting. Okay, thanks for letting me know. I guess it would be easy to update in configure.ac ? -- Per Jessen, Zürich (12.2°C) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Services Difference & Memory Utilization
G.W. Haywood via clamav-users wrote: > Hi there, > > On Sun, 13 Sep 2020, bobby via clamav-users wrote: > >> I noticed on my CentOS 8 machine, there are two different services >> listed: clamd@multi-user.service and system-clamd.slice. I don't >> have enough memory to run the first one, but only the second one >> (192M). Is clamd really running? What is the difference between >> these two services? I only have 2 GB of memory. Is there any way to >> run clamd? I get this error when I try to run it ... > > You *might* *just* *possibly* be able to run clamd on a system with > only 2G of RAM It _can_ be done, using cgroups to restrict the amount of memory used, but it'll be doing a bit of swapping. For email processing, we run clamd on virtual machines with slightly less than 3Gb memory, of which clamd takes up 1Gb. -- Per Jessen, Zürich (19.5°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[Clamav-users] clamav-virusdb-xml ?
I haven't seen any mails from the XML-list since Feb4 - what's the story? Was I accidentally unsubscribed or is the list down? /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam and Cron
On Tue, 22 Feb 2005 09:53:13 -0600, [EMAIL PROTECTED] wrote: >Freshclam via cron > >What sort of update intervals are people using, and can someone show me a >working crontab entry? I've tried calling freshclam like this via a crontab >entry > >06 0 * * * /usr/local/bin/freshclam > This is mine: From /etc/cron.d/clamav: 2 * * * * root /usr/bin/freshclam /Per Jessen -- http://www.spamchek.ch/freetrial - lassen Sie sich überzeugen - 30 Tage Kostenlos! ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: clamav-virusdb-xml ?
Luca Gibelli wrote: > Hello Per Jessen, > >> I haven't seen any mails from the XML-list since Feb4 - what's the story? >> Was >> I accidentally unsubscribed or is the list down? > > We sent a message announcing that we were taking down the service. We'll > be providing a new (better, we hope) service by the end of the month[*]. Thanks, I obviously missed that one. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] triggering a freshclam off the clamav-virusdb notify?
I've setup a freshclam that is triggered off the incoming notify for clamav-virusdb. For 722 at 0046CET today, I got the email, but freshclam did not load a new version. Version 722 wasn't downloaded till the hourly cronjob ran at 0102CET. Is that due to the DNS not being updated or the mirror or what? /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: triggering a freshclam off the clamav-virusdb notify?
Brian Morrison wrote: > On Thu, 24 Feb 2005 09:09:23 +0100 in [EMAIL PROTECTED] Per > Jessen <[EMAIL PROTECTED]> wrote: > >> I've setup a freshclam that is triggered off the incoming notify for >> clamav-virusdb. For 722 at 0046CET today, I got the email, but >> freshclam did not load a new version. Version 722 wasn't downloaded >> till the hourly cronjob ran at 0102CET. >> >> Is that due to the DNS not being updated or the mirror or what? > > Since you are using a mirror I assume, you have to wait for the mirror > to sync. That's what I suspect - I just thought perhaps the mirrors were actively (push) synchronised. And if the desired/current database version wasn't available at a mirror, I'd see a fallback to the next one? > A delay of 16 minutes is hardly major though, Absolutely - I was just wondering - shouldn't the DNS check have been positive, i.e. indicated a new database? /etc/freshclam.conf: DNSDatabaseInfo current.cvd.clamav.net What I saw was this: 1) email says "new version available". 2) freshclam tries DNS - DNS says no. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Re: triggering a freshclam off the clamav-virusdb notify?
Luca Gibelli wrote: > This matter has been discussed _many_ times. In short: > > - the TTL of current.cvd.clamav.net is 900 secs > - if you run freshclam (with DNSDatabaseInfo) more often than 900 secs, > you just overload _your_ dns. Hardly overload, but I take your point. > Calling freshclam when a new message from clamav-virusdb@ > arrives is silly. OK, I'm beginning to realise that. I *was* concerned about the potential overload of servers, but I'd figured that the clamav-virusdb notification would take a while to propagate too, thereby spreading the load. Anyway, thanks for the clarification. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] OnUpdateExecute
This might have been more appropriate on the developer-list, I'm not sure - earlier this morning I saw OnUpdateExecute effectively hang up my freshclamd. I run a make off OnUpdateExecute to distribute the new databases etc., and somehow this process got stuck. OK, these things happen - but I hadn't expected it to also stop freshclam checking for new updates. I guess freshclam is waiting for it to finish before continuing - surely not the intentional behaviour? /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: OnUpdateExecute
Brian Morrison wrote: > What command did you give it? It would make sense for whatever you do to > include an & in the script file you call to put the process you launch > in the background. The command is: /usr/bin/make -C /var/lib/clamav/ | mail [EMAIL PROTECTED] Sticking an amphersand on the end might make some sense, but I'd still rather see freshclam use fork() instead of system() when it's running as a daemon. Here is a patch for clamav-0.83: http://jessen.ch/files/patch-clamav-0.83-freshclam-with-fork With this, freshclam will use a fork() for OnErrorExecute and OnUpdateExecute when it's running as a daemon - as commandline it'll still use system(). /Per Jessen, Zürich -- http://www.spamchek.co,uk/freetrial - sign up for your free 30-day trial now! ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: php-clamav
Steven Stern wrote: > It appears that Gareth Andron and the php-clamav project have been wiped > from the face of the earth. Yeah, his fission.org.uk domain has expired. (Gareth Ardron btw). /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] RE: Report Phishing attacks?
Samuel Benzaquen wrote: > I can also say that they don't want to compete against commercial AV vendors > as I have read here 2^32 times that we should use not _only_ clamav, but a > list of AVs to improve the chances to catch malware. That you're being recommended not to only use ClamAV does not seem to imply that ClamAV is not competing with commercial vendors. In fact, what is the _primary_ advantage of ClamAV over [your favourite commercial AV product]? Price. ClamAV may not be competing for commercial gain, but it is certainly competing for the market. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] is there a way of telling when a particular signature was added to the db?
When an email is let through and it is later determined that it did contain a virus, I would like to be able to say "the signature for the virus was added in db version so-and-so", which was active as of so-and-so. Now, the latter I can do, but where can I retrieve the info about when (or in which db-version) the signature was added? (using an API of course). thanks. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] virus detected using clamscan but not with Mail::ClamAV perl module
I guess this is really for the author of the Mail::ClamAV module, but
just in case anyone has seen this before:
(1) I scan the file using clamscan:
# clamscan /tmp/1135265287.V902I5e924.thorium
/tmp/1135265287.V902I5e924.thorium: Worm.Sober.U FOUND
--- SCAN SUMMARY ---
Known viruses: 41469
Engine version: 0.87.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.18 MB
Time: 3.422 sec (0 m 3 s)
(2) I scan the same file using the Mail::ClamAV interface
snippet of perl code:
my $status = $clam->scan("/tmp/1135265287.V902I5e924.thorium",
CL_ARCHIVE|CL_MAIL);
# $status is an overloaded object
die "Failed to scan: $status" unless $status;
if ($status->virus) {
print "identified virus \"$status\".\n";
}
else
{
print "no virus identified: $status\n";
}
# ./perlclamscan
no virus identified: Clean
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: virus detected using clamscan but not with Mail::ClamAV perl module
Tomasz Kojm wrote:
> On Thu, 22 Dec 2005 18:37:57 +0100
>> my $status = $clam->scan("/tmp/1135265287.V902I5e924.thorium",
>> CL_ARCHIVE|CL_MAIL);
>
> Include the CL_SCAN_STDOPT option flag in the above call.
>
OK, just tried that - it still reports clean. I'm just now upgrading
the Mail::ClamAV module to 0.17 (from 0.11) - maybe that'll fix it.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: virus detected using clamscan but not with Mail::ClamAV perl module
Per Jessen wrote: > OK, just tried that - it still reports clean. I'm just now upgrading > the Mail::ClamAV module to 0.17 (from 0.11) - maybe that'll fix it. Yeah, 0.17 fixed it - thanks for the fast response. Sorry about wasting your time and bandwidth. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] FAQ #13 - Can phishing be considered one kind of spam?
What's the current schedule for 0.90? And what are my options (for not having clamav consider phishing==virus) until then? I'm using libclamav programmatically - I don't suppose cl_scanfile() could be convinced to return CL_PHISHING when appropriate :-) /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FAQ #13 - Can phishing be considered one kind of spam?
Dennis Peterson wrote: > Per Jessen wrote: >> What's the current schedule for 0.90? And what are my options (for >> not having clamav consider phishing==virus) until then? >> I'm using libclamav programmatically - I don't suppose cl_scanfile() >> could be convinced to return CL_PHISHING when appropriate :-) > > It has always been possible to unpack the pattern files and remove the > parts you don't like. The various parts are clearly marked. OK, thanks - I'll have to look into that. Any reference info you could point me to? Or just RTFM? /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FAQ #13 - Can phishing be considered one kind of spam?
Dennis Peterson wrote: > Here's a script that should work. Read the assumptions carefully and > mind the emailer linewrapping in logger strings: Thanks Dennis, just the sort of thing I was hoping for. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Quarantine for clamav ?
Roman ZARAGOCI wrote: > I searched without any success archives talking about quarantine > directory for clamav (not clamav-milter). > I'm looking for this to store infected files in a directory so the > administrator can see files which are infected and decide what to do. I would say that is more of a job for your mail-server, not clamav. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: FAQ #13 - Can phishing be considered one kindof spam?
Sven Strickroth wrote: > Hi, > > "Per Jessen" <[EMAIL PROTECTED]> schrieb im Newsbeitrag > news:[EMAIL PROTECTED] > Dennis Peterson wrote: > >> Per Jessen wrote: >> It has always been possible to unpack the pattern files and remove >> the parts you don't like. The various parts are clearly marked. > > If you use the devel-version (or if the devel-version becomes the > stable one), you can use the parameter --no-phishing... Thanks Sven - I'll definitely be trying that out. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Progressive scan ?
Roman ZARAGOCI wrote: > Maybe, it's not a clamav related question. > Is it possible to do a progressive scan with clamdscan using a script > or something else ? An incremental scan? > For example, I would want to scan only new files added to homes > directories or by checking the modification date of files. Sounds like you could do with a simple combination of clamav and the find command. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88.3 oops
Luca Gibelli wrote: http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197&release_id=413754 >> seems like a glitch in SF's rss feed. I temporarily removed the >> download link. please follow the release notes link instead. > > I manually edited the download link in the RSS feed. > For everyone's benefit, here is a direct link to 0.88.3: > Is there any particular reason why freshclam is not making me aware of the new version? I use the OnOutdatedExecute option, but it hasn't been triggered. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88.3 oops
Stephen Gran wrote: > On Mon, Jul 03, 2006 at 03:37:42PM +0200, Per Jessen said: >> Is there any particular reason why freshclam is not making me aware >> of the new version? I use the OnOutdatedExecute option, but it >> hasn't been triggered. > > I understand it will complain on Tuesday. Huh? I've checked the DNS record : "0.88.3:39:1579:1151933486:0" - which looks ok, right? Why isn't freshclam complaining? /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88.3 oops
Luca Gibelli wrote: >> Huh? I've checked the DNS record : >> "0.88.3:39:1579:1151933486:0" - which looks ok, right? >> Why isn't freshclam complaining? > > because there are no security issues associated with the new release. > > Instead of filling the logs with warnings, we give our users 2 days to > perform the upgrade. > > The warning in freshclam in not meant as a replacement for > clamav-announce@ . It's there just to annoy lazy sysadmins. Thanks for the info Luca. I wasn't aware of the importance of that bit in the TXT record. I have to admit to being one of those lazy, err ... busy, sysadmins. I find freshclams outdated warning very useful. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88.3 oops
Luca Gibelli wrote: >> Why isn't freshclam complaining? > > because there are no security issues associated with the new release. > Instead of filling the logs with warnings, we give our users 2 days to > perform the upgrade. Hi Luca, I still haven't seen any warning? /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Has anyone set up a local virus definitions server?
[EMAIL PROTECTED] wrote: > OK, i am trying to do this with clamav 88.2. The problem i am having > is clamav server does not have apache (or any web server running on > it). The clamav server is OES-Linux server (novell distro based on > SLES 9). I also have another OES-Linux server that is running a web > server. So, when i change the freshclam.conf on the clamav server > "DatabaseDirectory" to http://dnsaddress.here/folder (address of the > other oes-linux server that is running apache2) and then try to run > "freshclam" on the clamav server, i get this error: "can't change dir > to http://dnsaddress.here/folder";. Is this way even possible It's not possible - clamav does not deal with URLs, only with filesystem paths. > it be a directory entry (like /srv/www/htdocs)? If it has to be in the > form of /srv/www/htdocs, can it be a smb form (like > smb://username:[EMAIL PROTECTED] to cvd's)? Any help is appreciated. Filesystem paths only, no URLs. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] let's all make a regular domation to ClamAV
Sergei Lavrov wrote: > Dear ClamAV users, > > If you are using ClamAV in your business and you are happy about it, > I would like to call upon you to make a regular donation to the > ClamAV project. Those folks have spent great deal of time to provide > us with timely virus updates and I hate to see they have to pay out > of their own pockets for this great project. If all the users make a > regular donation of as little as USD$60 a month (That's only $2 a > day) to ClamAV, it will make a great difference. Of course, you can > give more if you are able to. Don't just be a freeloader. I think it is entirely reasonable, but for a business to make donations, I think the ClamAV project needs to be able 1) issue invoices and 2) accept payment via non-paypal channels. Maybe even in EUR. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] OUTDATED?
According to freshclam, my installation (0.88.5) is outdated: Received signal: wake up ClamAV update process started at Sat Nov 4 11:42:24 2006 main.cvd is up to date (version: 41, sigs: 73809, f-level: 10, builder: tkojm) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 9, recommended = 10 DON'T PANIC! Read http://www.clamav.net/faq.html daily.cvd is up to date (version: 2161, sigs: 1600, f-level: 9, builder: arnaud) However, the latest version is still 0.88.5 ? I'm also a little puzzled that the OnOutdatedExecute script isn't triggered, but it looks like that only happens when the DNS reports a newer software version. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] OUTDATED?
Per Jessen wrote: > According to freshclam, my installation (0.88.5) is outdated: > Please ignore. I've just now caught up with the other thread on this. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: To ClamAV Developers: donation question
Gerard Seibert wrote: > On Wednesday November 08, 2006 at 11:16:21 (AM) Sergei Lavrov wrote: > >> Some of the businesses I know do want to make >> donations. But is ClamAV able to issue invoice ? > > In other words, you are looking for a tax write off. No, it's got nothing to do with taxes - it's a matter of practicality; getting budget approval for a business expense is much easier than for charity. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] submit-to-publish time much too long for phishing
This is not really complaint, perhaps just an observation. On 25/11 around 1000CET I submitted a sample and again on 26/11 also around 1000 I submitted a second sample - both phishing. I've only just today around 1800CET received confirmation for both. This is respectively about 56 and 32 hours later. I understand it was on a weekend etc., but for ClamAVs phishing detection/protection to have any meaning/reason at all, the time from submit to publish needs to be a LOT shorter. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] submit-to-publish time much too long for phishing
Dennis Peterson wrote: > I'm not aware of any systems that have been disabled or rendered > useless be even the most aggressive phishing scheme. Nor am I. > The best defense against phishing is and has always been education, > fwiw. Doesn't that apply to virus too? > Given the ease with which these can be defeated with other simple > tools available to any good messaging server I could do with a couple of pointers (for server-based use). > I don't mind they are given lower priority than correcting code > errors, improving documentation, discovering and responding to truly > destructive outbreaks, etc. As a matter of principle, maintaining the database of what ClamAV is supposed to detect must have the highest priority, IMHO. If not, everything else is pointless. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] submit-to-publish time much too long for phishing
Per Jessen wrote: >> The best defense against phishing is and has always been education, >> fwiw. > Quick additional comment - I used to use the very same argument, but experience and age have taught me that people are stupid. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] submit-to-publish time much too long for phishing
Dennis Peterson wrote: > And the point is you don't have to come to harm if a > phishing pattern is not available. That depends on your expectations. If you're purely using it for your own personal protection, you're absolutely right. If you're using it as a service to others, whether employees or clients, it's a different story. My point is - when I've told someone I can protect them from phishing to some degree, ClamAV is letting me down by not delivering in time. I'd really like to repeat - I am most definitely NOT complaining. I just think the phishing detection of ClamAV is pointless when it's one to two days late. >>> Given the ease with which these can be defeated with other simple >>> tools available to any good messaging server >> >> I could do with a couple of pointers (for server-based use). > > The tools to create your own pattern files are included with ClamAV. Certainly, and that may be what we'll do anyway. But the whole strength of ClamAV is the collaboration of a large worlwide community, is it not? >>> I don't mind they are given lower priority than correcting code >>> errors, improving documentation, discovering and responding to truly >>> destructive outbreaks, etc. >> >> As a matter of principle, maintaining the database of what ClamAV is >> supposed to detect must have the highest priority, IMHO. If not, >> everything else is pointless. > > I guess you could always ask for a refund if you're unhappy with the > product. I think they're doing a hell of a good job. So do I. I've even contributed code myself. I am in no way unhappy with the product, and I shall continue to use it, but I AM a tad unhappy with the promises wrt phishing. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] submit-to-publish time much too long for phishing
Gerard Seibert wrote: > however, I believe 'stupid' is too harsh. Perhaps - but a great deal more concise :-) /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] submit-to-publish time much too long for phishing
Dennis Peterson wrote: > To blame ClamAV for letting you down is unkind and inaccurate. Perhaps you would care to state the purposes of ClamAVs phishing detection? Admittedly, I have not read up on it myself, but merely assumed it was to provide reasonable means of protection against phishing. And no, I don't class a signature that is 56 hours under way as "reasonable". > And in my opinion, submitting a sample should not be done to correct > your problem - you should already have done that - the submission is a > contribution to the community so others will benefit from the event > you experienced. If this is the way it is supposed to work, perhaps it would appropriate to ask for a showing of hands - how many of the current sample contributors create their own signatures first, then submit a sample later? Personally, I think the community is more important. > And there's really no reason to continue this. Do feel free not to. My point (again, not a complaint) is - the quality of the phishing signature collection is not currently sufficient to warrant using ClamAV as any means against phishing. The number phishing signatures collected is mostly irrelevant, whereas the speed with which a new signature can be published is not. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] submit-to-publish time much too long for phishing
Nigel Horne wrote: > Use the "experimental code", then. It does a good job at catching > phishes that aren't even in the database. OK, that sounds interesting, I'll take a look. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] submit-to-publish time much too long for phishing
jef moskot wrote: > On Wed, 29 Nov 2006, JamesDR wrote: >> ...if your users are being let down by the 'time it takes to get a >> phish sig' then isn't about time their network/mail admin looked into >> added levels of detection? > > I think the original point was that if Clam is going to scan for > phishing at all, the response time might be too slow to be useful, > given the frequency with which the content changes. That was exactly my point, yes. To be fair, I submitted another phishing sample yesterday, and had the update in about 5 hours, which is much more acceptable. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] DB Update email before actual update available?
Jay Lee wrote: > I am attempting to write a script that will take action whenever an > email from the [EMAIL PROTECTED] list is received. The > script would run freshclam and grab the most recent update, thus > giving me the most up to date version at all times without putting a > heavy load on the ClamAV servers. > > The problem I am facing though is that freshclam can't see the new > update. Using the latest 0.88.7 release, I was originally just > running > freshclam --quiet. I've since added --no-dns so that freshclam will > go directly to the server instead of checking DNS (this shouldn't be a > load problem since this is only getting executed when there actually > is an update). However, my freshclam still seems to not find the > most recent update. Has the most recent update made it your local mirror? > What is the db-update process? Is it possible the email is being sent > out before the file is accessible? I don't know the process, but I think so, yes. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] DB Update email before actual update available?
Jay Lee wrote: > The point of the exercise it to run freshclam *only* when the update > is published, not to run every x hours (or minutes) without knowing if > there is an update. > > Looking at my options there... Why not just run freshclam as a daemon? /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] DB Update email before actual update available?
Dennis Peterson wrote: > Per Jessen wrote: >> Jay Lee wrote: >> >>> The point of the exercise it to run freshclam *only* when the update >>> is published, not to run every x hours (or minutes) without knowing >>> if there is an update. >>> >>> Looking at my options there... >> >> Why not just run freshclam as a daemon? > > Then you really need to have a daemon watcher to keep it going. At some point you've got to trust someone/something. Who watches your daemon watcher? Who watches your OS? Who watches your power-supply? Quis custodiet ipsos custodes? ... > And it is actually used just a few seconds a day but as a daemon the > resources it uses are fully committed 100% of the day. Given the very limited amount of resources it uses, I see no problem in that. > At some point you just have to step back and take a simple approach, > especially when it's a simple problem. Running freshclam IS a simple option, IMHO. Anything else is needs additional scripting, checks of this and that etc. - not a simple approach at all. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam stability as a daemon
G.W. Haywood wrote: > I'm calling for those who run freshclam as a daemon and who don't see > any problems with it to chip into this thread. How many of us are > there? We're running freshclam as a daemon - probably for about 2 years, I'm not sure. AFAIK, we have not seen any stability problems, and I do not expect any either. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam stability as a daemon [was: DB Update email before actual update available?]
Dennis Peterson wrote: [60 lines snipped] > > I can only tell you from my experience with several years and many > versions of ClamAV that I have found no advantage in any category to > running freshclam as a daemon, and running it in cron gives me many > options not otherwise available - not the least of which is I can run > it at random intervals to help break up lockstep assaults on the > servers it polls. As you know, I'm running freshclam as a daemon, and I'm curious as to what additional options (or even advantages) you get by running it under cron? > And as an old school Unix admin who still believes in the mentoring > responsibility of my position, I will make recommendations from time > to time regarding best practices and I recommend if you run freshclam > as a daemon that you monitor it and restart it if needed. Do you do that for ALL your daemon processes? As an old school mainframe sysprog, I don't monitor any of my daemon processes. (apart from *some* status-monitoring via SNMP). /Per Jessen, Zürich PS: even if you're an old school Unix admin, quoting only the relevant bits in your reply is still considered good netiquette. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] DB Update email before actual update available?
Dennis Peterson wrote: >> At some point you've got to trust someone/something. Who watches >> your daemon watcher? Who watches your OS? Who watches your >> power-supply? > > I run SPARC equipment - I have monitoring for all that and cpu > temperature, too. There's a difference between proper monitoring and > absurdity. Your strawman fails that. We run Intel equipment (mostly) and monitor all that too. Still, it sounds like you've decided to trust your daemon-watcher daemon? We do not use daemon-watchers simply because it's impossible to tell when to stop. If you trust your watcher, you might as well trust the daemons it watches. > but I can guarantee freshclam can fail regularly (and has) when run as > a daemon. Now that is WORRYING. Are the clamav developers listening in here? I can't verify Dennis' statement myself, but if freshclam can regularly fail, it must be looked into! Dennis, have you filed a bug-report or at least an enhancement request? > It also examines the files freshclam has downloaded to a sandbox > before they're deployed so that bad files don't replace good ones. That is a separate, unrelated issue - I do the same, but triggered by freshclams "OnUpdateExecute" procedure. > Our requirements are for 5 9's reliability and system availability and > that requires self-healing systems. If something can't heal itself I > get paged and email. We use SMS, but the idea is the same. > So what do you do when your freshclam dies or explodes from a memory > leak or do you depend 100% on it never failing? For one thing, freshclam has never died nor exploded from a memory leak, nor is it a critical process. If freshclam fails to do an update within 15mins after we've received the clamav email-notification, a warning is raised. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: DB Update email before actual update available?
Dave Warren wrote: >>We run Intel equipment (mostly) and monitor all that too. Still, it >>sounds like you've decided to trust your daemon-watcher daemon? We do >>not use daemon-watchers simply because it's impossible to tell when to >>stop. If you trust your watcher, you might as well trust the daemons >>it watches. > > There is no reason that monitors can't monitor other monitors too, in > the software world. I was assuming (perhaps wrongly) that we're not talking an N+1 high-availability environment where many processes "monitor" their peers by heartbeat etc. I don't count that kind of setup as "daemon-watching". > In the hardware world, an unnoticed overheat will result in the > equipment going down, which would trigger whatever monitors that box > to report failures. Certainly. Although I would monitor the temperature instead. Once the equipment is down, it's too late. We monitor datacenter/machine temperature as they are critical operating factors that must be maintained within certain boundaries. Anyway, this is way, way off-topic here - my apologies for keeping it going. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam stability as a daemon [was: DB Update
Daniel T. Staal wrote: > Has anyone tried both? What happens if you try to run freshclam as a > daemon and from cron? (Assuming you schedule them to run at different > times, of course. If they both checked at the same time I would > expect something to bork.) If they both ran at the same time, and the databases had been updated, I see significant potential for something to break. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
