[clamav-users] basic malware missed???
Hi folks, I'm in the process of cleaning up an infected wordpress website and am finding a number of files that contain Inserted at the top of the file. Surely this is something pretty simple to catch? I'/m scanning the docroot nightly, and freshclam is up to date... output from just run freshclam: # freshclam ClamAV update process started at Wed Mar 25 08:38:55 2015 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Downloading daily-20233.cdiff [100%] Downloading daily-20234.cdiff [100%] daily.cld updated (version: 20234, sigs: 1357485, f-level: 63, builder: jesler) bytecode.cld is up to date (version: 247, sigs: 41, f-level: 63, builder: dgoddard) Database updated (3781751 signatures) from db.au.clamav.net (IP: 117.104.160.194) I'm finding them by searching for the string "PCT4BA6ODSE" Shouldn't this be in there already? If there is a process to add this can someone please point me to the docs? Thanks, Steve -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [Clamav-users] DKIM support in Clamd
On Wed, 2009-09-09 at 11:02 +0530, Thiyaga wrote: > Hi, > > We are using Clamd in our organization to scan virus mails and recently we > had a requirement to implement DKIM support. > > We are aware that Clamd currently doesn't verify DKIM. Since Clamd scans > each and every byte of a mail, we think, verifying DKIM in Clamd would be > the best optimal approach. > > Do anybody know any tool or plugin which can be integrated with Clamd for > DKIM verification? > > Thanks! > > -Thiyaga- I use sendmail, and use dk-milter and dkim-milter to do this. I don't really think it's the place of an anti-virus program ( which may or may not be checking mail ) to add/validate extra mail headers. I do recommend you use both domain keys and dkim... I use gmail as my model. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Install upgrade from 94 to 95.2 freschclam clamscan failure
On Sun, 2009-09-13 at 13:06 -0500, da...@davidwbrown.name wrote: > Hello, I have been running ClamAV (clamd) for some time. I decided to upgrade > to 95.2. The configure, make, make install executed without incident. As a > test I tried to execute freshclam and clamscan from the root command-line > with the following error condition: > > freshclam: error while loading shared libraries: libclamav.so.6: cannot open > shared object file: No such file or directory > > OS: CentOS 5 > ClamAV: 95.2 > C compiler: gcc (GCC) 4.1.2 20071124 (Red Hat 4.1.2-42) Did you save the config/sigs, make uninstall 0.95.1, make install 0.95.2, ldconfig, restore config/sigs as the docs suggest?? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Bulk] Re: Getting "***UNCHECKED***" on some emails I send out.
On Thu, 2010-02-25 at 22:15 -0500, Jerry wrote: > On Thu, 25 Feb 2010 16:40:13 -0500 > Bowie Bailey articulated: > > > Abide by what edict? Email marked as containing a virus is simply > > rejected. If a spammer or bot wishes to send out viruses from my > > network, they'll have to bypass my MTA to do it, which is more > > difficult since very few machines on my network have permission to > > send out via port 25. > > You should be using SMTP Authentication, irregardless of what port is > being accessed which would stop virtually all unauthorized > transmissions. If you don't know how to do that, ask or Google it. I am > really interested in how a Spammer is getting access to your network to > begin with. It sounds like your network is anything but secure. > You what? In the last case I had a problem, it was a networked pc infected with a trojan spewing spam out. Just *how* does SMTP Auth stop this? Your lack of knowledge is matched only by your inability to spell ( no irregardless is *not* a word ), or to put your clock right. Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] freshclam daemon errors
IIRC supervise is a part of djb's software package to restart processes if they fail. As such this will only come into play if freshclam falls over. So don't worry about it (: Steve On Fri, 2010-02-26 at 15:35 -0500, Ian Evans wrote: > Hi there. > > Just wondering if this is something I need to worry about. > > I'm running freshclam as a daemon. Logs show it's updating virus > defintions just fine. However, I noticed this in ps aux yesterday: > > readproctitle service errors: ...supervise: fatal: unable to start > freshclam/run: file does not exist > supervise: warning: unable to open freshclam/supervise/status.new: file > does not exist > root 26223 0.0 0.0 1380 288 ?SJan02 0:00 supervise > freshclam > qscand 26224 0.0 0.0 2692 1284 ?SJan02 0:31 > /usr/local/bin/freshclam -d --stdout > > As I said, freschclam's running fine, so what do I do about these errors? > > Thanks. > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] teething troubles...
I'm trying to set up a system where I have a remote clamd that my mail server uses, as it's a low spec machine and not really up to it. I'm running clmd 0.95.3 - out of lenny volatile on the server end, and clamav-milter 0.95 built from source. I see that clamd is listening on port 3310, and have limited acces using iptables... I can telnet from clent machine to server:3310 and get response. However, I'm just getting timeouts... Sun Mar 7 16:38:16 2010 -> ERROR: Failed to communicate with clamd for streaming Sun Mar 7 16:38:16 2010 -> ERROR: Failed to initiate streaming/fdpassing from the milter, and Sun Mar 7 16:37:51 2010 -> ERROR: ScanStream 1264: accept timeout. on the server clamd side. So far, I'm just sending test emails from this server. Can anyone point me to anything else that I need to open up?? Cheers, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Still fighting with clamav-milter on remote machine to clamd....
Everything's running on debian lenny. Clamd is running on port 3301, and the mail machine can talk to it. Issuing a STREAM command to the clamd server returns a PORT number, which I have verified that it is listening upon. I've got both ends running in verbose logging mode... I run a simple echo hello | mailx -s hello st...@[remote.ip.address] On the clamd side I just get: Sat Mar 13 17:48:41 2010 -> ERROR: ScanStream 1138: accept timeout. on the milter machine, I get: Sat Mar 13 17:48:41 2010 -> Failed to establish a connection to clamd Sat Mar 13 17:48:41 2010 -> ERROR: Failed to communicate with clamd for streaming Sat Mar 13 17:48:41 2010 -> ERROR: Failed to initiate streaming/fdpassing Can anyone point me to where I should be looking ( conf file entries, etc )??? All I've changed is CommandReadTimeout 30 Cheers, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Still fighting with clamav-milter on remote machine to clamd....
On Sat, 2010-03-13 at 08:25 -0500, Nathan Gibbs wrote: > * Steve Holdoway wrote: > > > > On the clamd side I just get: > > > > Sat Mar 13 17:48:41 2010 -> ERROR: ScanStream 1138: accept timeout. > > > > on the milter machine, I get: > > > > Sat Mar 13 17:48:41 2010 -> Failed to establish a connection to clamd > > Sat Mar 13 17:48:41 2010 -> ERROR: Failed to communicate with clamd for > > streaming > > Sat Mar 13 17:48:41 2010 -> ERROR: Failed to initiate > > streaming/fdpassing > > > > Can anyone point me to where I should be looking ( conf file entries, > > etc )??? All I've changed is > > > > CommandReadTimeout 30 > > > > I get those errors with these clamd settings > > CommandReadTimeout 120 > ReadTimeout 900 > > This is with the milter load balancing across 5 nodes. > > Cheap, Fast, & Right, pick two. > > Obviously, fast didn't get on the list. Even with these scary options, I am still in the same boat ): Anyone got any ideas on this one Cheers, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Still fighting with clamav-milter on remote machine to clamd....
On Tue, 2010-03-16 at 17:24 -0700, Dennis Peterson wrote: [snip] > > It is all quite reliable and creates very little work for me. It is > definitely > worth staying at it and working out the bugs. > > dp I'm an ardent admirer of clamav, and will stay with it if humanly possible. However, I am in a situation where I have a minimal server with plenty of resource to run mail and web services, but not clamd as well... memory restrictions mainly. So I'm stuck in this situation, with a clamd server at the same dc, but connecting over tcp port 3310 just times out. I've sent the requestor a tcpdump ( brave man and thanks! ), but am not too thrilled at posting it publicly, as in anonymizing it I will probably screw something up. My real worry is others mentioning that they have the same problem, and a deafening silence from the management... Cheers, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Still fighting with clamav-milter on remote machine to clamd....
On Tue, 2010-03-16 at 18:20 -0700, Dennis Peterson wrote: > On 3/16/10 6:01 PM, Steve Holdoway wrote: > > > So I'm stuck in this situation, with a clamd server at the same dc, but > > connecting over tcp port 3310 just times out. I've sent the requestor a > > tcpdump ( brave man and thanks! ), but am not too thrilled at posting it > > publicly, as in anonymizing it I will probably screw something up. > > > > My real worry is others mentioning that they have the same problem, and > > a deafening silence from the management... > > > > Cheers, > > > > Steve > > Does the ClamAV milter allow being remotely located? It may work out better > to > have both the milter and clamd on the second tier system. > Now that's a thought... I like it. I shall report back. Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Still fighting with clamav-milter on remote machine to clamd....
On Wed, 2010-03-17 at 14:36 +1300, Steve Holdoway wrote: > On Tue, 2010-03-16 at 18:20 -0700, Dennis Peterson wrote: > > Does the ClamAV milter allow being remotely located? It may work out better > > to > > have both the milter and clamd on the second tier system. > > > Now that's a thought... I like it. I shall report back. > > Steve Works a treat. Many, many thanks. Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] EOL signature for <= 0.94.2 is live
On Thu, 2010-04-15 at 22:27 +0300, Török Edwin wrote: > Hi, > > The EOL signature for ClamAV <= 0.94.2 is now live (daily 10749). > > Best regards, I'd be grateful for a simple method of getting havp working under lenny now... Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] EOL signature for <= 0.94.2 is live
On Fri, 2010-04-16 at 03:29 +0200, Gianluigi Tiesi wrote: > On 16/04/2010 2.03, Steve Holdoway wrote: > > On Thu, 2010-04-15 at 22:27 +0300, Török Edwin wrote: > >> Hi, > >> > >> The EOL signature for ClamAV <= 0.94.2 is now live (daily 10749). > >> > >> Best regards, > > I'd be grateful for a simple method of getting havp working under lenny > > now... > > > > Steve > > > > add debian volatile repository > > Regards > > Nope. Doesn't upgrade 0.89 which uses libclamav5. Well it does on mine. Steve. -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (no subject)
On Fri, 2010-04-16 at 10:37 +0300, Török Edwin wrote: > On 04/16/2010 10:21 AM, Dima wrote: > > Hello > > > > Today, after the next regular virus database update antivirus stopped > > working. The following quote log database update and response program. > > > > Fri Apr 16 10:12:14 2010 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH: > > i386, CPU: i386) > > http://www.clamav.net/eol-clamav-094/ > > > > > What can you advise? > > Upgrade it. > If you use Debian add the volatile repository. > > Best regards, > --Edwin Shame you haven't talked to to others - like havp for example - before doing this. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (no subject)
On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote: > But the distro are the ones who gave you outdated unsupported software. > Had they provided you with a newer package, you wouldn't have had this > problem. Spiro, you're missing the point of a distro completely. That is to provide a functionally static platform for people to use and release to. From that point on, only security patches are released. The fact that 0.94.x was current when debian lenny was released means that it should stay that way until EOL of the distro. Anything else is breaking at least the spirit of the distro release philosophy. Sure you can use a different model, like including the volatile and / or backports packages, but that's not the point. I've heard of these, but then I'm a career sysadmin. How many servers out there are managed by those, rather than just relying on the testing performed by debian/redhat/novell, etc? Steve. -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (no subject)
On Wed, 2010-04-21 at 17:00 -0700, Jim Preston wrote: > On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote: > > > On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote: > > > >> But the distro are the ones who gave you outdated unsupported > >> software. > >> Had they provided you with a newer package, you wouldn't have had > >> this > >> problem. > > Spiro, you're missing the point of a distro completely. That is to > > provide a functionally static platform for people to use and release > > to. > > Funny, every distro I have used has had numerous updates till it > reached EOL. Did I believe updates stopped because no new > vulnerabilities exist in the distro? Of course not. Read what I said. *functional* not security. Like, for example, php is at 5.2.6 on lenny, unless you configure is differently. That's the whole point of releases. Get with it Jim (: Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Way, way, way OT: Re: (no subject)
On Wed, 2010-04-21 at 22:08 -0700, Dennis Peterson wrote: > On 4/21/10 10:06 PM, Eric Rostetter wrote: > > Quoting Jim Preston : > > > >>> Read what I said. *functional* not security. Like, for example, php is > >>> at 5.2.6 on lenny, unless you configure is differently. That's the whole > >>> point of releases. > > > > There are distros that release functional (feature) upgrades as well > > as security/bug upgrades... Just as there are ones that don't. > > > > Most distros will provide: > > Show me the contract. > > dp This is just going round in circles. The vast majority ( I'm sure! ) of non-hobbyist linux users will install debian lenny or ubuntu LTS or CentOS 5 on their VPS using a single click ( for example ) for whatever reason. It'll be a default install, probably with apt / yum running automagically to install security upgrades... minimal maintenance effort. Who's the sysadmin? The one who drew the short straw, usually by asking 'who does the backups?' or something similar, and also usually have about -10 hours a week available to perform this function. These are the people who need looking after, not a career sysadmin like me ( and you IIRC Dennis? ) who do keep up to date. We've heard of debian volatile, and building from scratch isn't scary at all, but that sort of thing is way beyond this majority. This is what I'm saying. It's a practical appraisal - how it's been working for the last 5-10 years - not a legal or academic one. I reckon that - another example - a patch to freshclam to convert new to old database format would have kept everyone happy ( no functional change there: it's just acquiring new sigs ), keeps the effort on the client servers, and lenny, etc would have kept on running until end of life. There will always be edge conditions if you want the exception to prove the rule. Personally I'd like to see the masses catered for. And sure, maybe I'm being clever after the fact, and should have joined in. However, after 4 years fighting spam I am just so over it. Sorry ): Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Way, way, way OT: Re: (no subject)
On Wed, 2010-04-21 at 22:49 -0700, Dennis Peterson wrote: > On 4/21/10 10:31 PM, Steve Holdoway wrote: > Personally I'd like to see the masses catered for. > > There's your problem. The masses are stump stupid. Ever was it so. It is no > accident that 'exceptional' means not typical. Exceptional does not include > the > masses. If the best we shoot for is to appease and placate the masses we're > doomed. There was nothing ordinary about Robert Frost, for example. I'll take > Robert Frost's worst day over YouTube's best. There was nothing ordinary about Henri Toivonen either, you'll find plenty of him on youtube. Anyway, my taste in poetry is more along the lines of Kipling and Benny Hill (: > > We need to allow that mediocrity is just that, and set our expectations > higher. > Why is an absentee admin acceptable today? The concept is absurd. You are > good > at what you do or you are a failure. Nowhere in the literature of Unix > administration is it written "This is hard - let's do it wrong". Unacceptable. I've never said that the easy way is the best way. In fact I regularly berate people for trying to convince me of this. I used to teach that it was find to use shortcuts once you'd done it the hard way and understood what that button actually does. Look at the webmin project for example, or puppet, rrd... none of these are hard to use, and automate tedious admin stuff by telling me that there's something wrong. That can make me - to some extent - an absentee admin. > > These asshat whiners need to show some pride. They're barely fit to admin > Windows let alone Unix. > > dp Alienating those 'asshat whiners' will revert them to being windows admins, and our career prospects dwindle ever further. They have an alternative, don't forget that. All you have to do is cover Texas and Greenland with server farms and it's a done deal. Oh, except for bing. That's still on linux isn't it. Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Tiered freshclam updates on port443
On Thu, 2010-05-20 at 16:09 -0400, Shawn Bakhtiar wrote: > Back to the original issue. > > I still say having firewalls from higher security zones to lower ones, does > not make sense. Security is only valid when it is INBOUND. Outbound security > is no security at all, just a pain for your users. > Although this is way off topic for this group here's a couple of basic scenarios for you... 1. How can you stop an infected PC on your network talking to it's controller 2. How can you stop an infected PC on your network spewing spam to the world+dog? ...in a simple and controllable manner ( and yes, you will always get infected PCs on your internal network ). Point 2. above is a no-brainer - just stop outgoing traffic on port 25 from all but your mail servers; point 1. takes a bit more work. Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Error compling 0.96.1 on OS X Tiger 10.4.11
On Fri, 2010-05-21 at 14:10 +1000, James Brown wrote: > checking for gcc bug PR28045... configure: error: your compiler has gcc > PR28045 bug, use a different compiler, see > http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045 > gcc 4.0.1 is a very old compiler ( 4+ years? ). I'd follow their suggestions an install a newer compiler if possible. Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] troubleshooting...
I've got a system where one server uses clamav-milter to talk to a clam daemon on a remote server via port 3310. I've opened ports 3310 and 3 to 30500 in the firewall, and the relevant parts of clamd.conf read... # TCP port address. # Default: no TCPSocket 3310 # Limit port range. # Default: 1024 StreamMinPort 3 # Default: 2048 StreamMaxPort 30500 and restarted it. lsof shows the server listening to port 3310, and I can telnet into it from the remote host. However, in my mail logs, I have un 5 16:47:28 portal sendmail[19953]: o554lSLW019953: Milter (clamav): error connecting to filter: Connection refused by aa.bb.cc.dd Jun 5 16:47:28 portal sendmail[19953]: o554lSLW019953: Milter (clamav): to error state Can anyone suggest any nest steps? remote clamd server is at 0.96, and local clamav milter is at version 0.96.1, built from source. Cheers, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] freshclam is failing from yesterday night
On Fri, 2010-07-09 at 10:50 +0530, ANANT S ATHAVALE wrote: > LibClamAV Error: cli_calloc(): Can't allocate memory (0 bytes). > calloc_problem: Error 0 > LibClamAV Error: Out of memory allocating operands > LibClamAV Error: Error at bytecode line 6 > LibClamAV Error: Unable to load 767944.cbc bytecode: Can't allocate > memory > LibClamAV Error: Can't load 767944.cbc: Can't allocate memory Personally, I'd say you've run out of memory (: Try a) restarting clamd b) stopping everything else c) adding memory hth, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] What happened to 12663 ?
On Fri, 2011-02-11 at 21:26 -0700, Jim Preston wrote: > > On 02/11/2011 12:59 PM, Bowie Bailey wrote: > > On 2/11/2011 2:17 PM, Jan-Frode Myklebust wrote: > >> We have a strong preference to running only RHEL5+EPEL packages, > >> so we're kind of stuck on 0.95.1 until EPEL updates or we move to > >> RHEL6+EPEL which gives us clamav-0.96.1. I expect you will have quite > >> a few users with the same/similar policy... > > FWIW, rpmforge has clamav-0.96.5 at the moment. Personally, I would > > swap repos if epel is going to take over 1.5 years (!) to update an > > antivirus package. > > > And if you are paying for support or RHEL5, I would start bitching > loudly to RH. It should not take long for a junior engineer to run the > system through it's paces to validate clamav. Your license and support > should be worth something, just MHO. > Aren't you completely missing the point of a Release, where functionality is frozen, only security fixes are implemented? Just my $0.02, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] daily database broken again
On Sat, 2011-03-05 at 09:36 -0700, Jim Preston wrote: > On 03/04/2011 04:31 PM, Jerry wrote: > > On Fri, 04 Mar 2011 12:05:57 -0700 > > Jim Preston articulated: > > > > A system should serve your needs, not its. It sounds to me like you > > have become a slave to yours. Any properly maintained system needs some > > degree of personalizing; ie, configuration. However, if yours is so > > extremely personalized that keeping it maintained in a timely matter > > has become all but impossible I would question your approach. Then > > again, what ever turns you on. > > > Hi Jerry, > [snip] > You also missed the point on the fact that my posting was to emphasis > the fact that most critical maintenance can be accomplished with > perseverance and determination. I like puzzles and find that a failed > update is a puzzle to be worked out but that is just me.. > > Thanks, Jim > I think that you're so outside anything that could remotely be called Fedora to become irrelevant. FC7 is way out of support, and all Fedoras are only designed to be short term desktop os's anyway. So all of your support is manual, and you've lost the security of the community testing/bugfixing the release. My $0.02, Steve -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Improving Scan Speeds on OS X.4.11
On Tue, 2011-03-15 at 13:51 -0700, Chuck Swiger wrote: > On Mar 15, 2011, at 12:21 PM, Russ Tyndall wrote: > > Because of the huge volume of data being scanned (70 Gb), the scan takes > > about 6 hours to complete. > > > > Is there a practical way to reduce the scan time? > > As Al noted, 10.4 is about six years old-- released April 2005, last patch > was 10.4.11 in Nov 2007. > > One thing you might consider doing is using "find /location -mtime 1" to > generate a list of which files have been modified over the past day, and only > scanning these via clamdscan -f. > > Doing this safely depends on whether files can spoof their last-modified > timestamp, which depends on how the fileserver is being accessed by clients. > If additional safety is required, you can use tools like tripwire, which > create checksums of the content and can thus identify files which have > changed regardless of the mtime, and use that to generate the list of changed > filed to be re-scanned. > > Regards, find /location -mtime -1 = modified less than a day ago... Steve -- Steve Holdoway BSc(Hons) MNZCS http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.90.1 ERROR: Not supported data format
On Sat, 24 Mar 2007 12:52:05 - "Obantec Support" <[EMAIL PROTECTED]> wrote: > Hi > > just built 0.90.1 and did ldconfig -v > on start of clamd > fails,log shows > > +++ Started at Sat Mar 24 12:39:36 2007 > clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) > Log file size limited to 2097152 bytes. > Reading databases from /var/lib/clamav > ERROR: Not supported data format > > in /var/lib/clamav > > /var/lib/clamav/daily.inc (daily.inc is a directory 12:39) > /var/lib/clamav/main.cvd (main.cvd is 8MB file Dec/06) > > Mark > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ldconfig is a tool that makes a list of dynamic libraries available for use by applications. There is no way that the clamav databases should even be considered for this list. Remove /var/lib/clamav from /etc/ld.so.conf or the relevant file in /etc/ld.so.config.d ( depending on your version of linux ), and re-run ldconfig. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 ERROR: Not supported data format
On Sun, 25 Mar 2007 15:11:13 +1200 Steve Holdoway <[EMAIL PROTECTED]> wrote: > On Sat, 24 Mar 2007 12:52:05 - > "Obantec Support" <[EMAIL PROTECTED]> wrote: > > > Hi > > > > just built 0.90.1 and did ldconfig -v > > on start of clamd > > fails,log shows > > > > +++ Started at Sat Mar 24 12:39:36 2007 > > clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) > > Log file size limited to 2097152 bytes. > > Reading databases from /var/lib/clamav > > ERROR: Not supported data format > > > > in /var/lib/clamav > > > > /var/lib/clamav/daily.inc (daily.inc is a directory 12:39) > > /var/lib/clamav/main.cvd (main.cvd is 8MB file Dec/06) > > > > Mark > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://lurker.clamav.net/list/clamav-users.html > ldconfig is a tool that makes a list of dynamic libraries available for use > by applications. There is no way that the clamav databases should even be > considered for this list. > > Remove /var/lib/clamav from /etc/ld.so.conf or the relevant file in > /etc/ld.so.config.d ( depending on your version of linux ), and re-run > ldconfig. > > > Steve > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html Sorry, re-reading the email, and I think I misread the punctuation. Please ignore the previous mail. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter 0.90.1 and duplicated messages
On Tue, 27 Mar 2007 16:39:55 -0400 Ryan Moore <[EMAIL PROTECTED]> wrote: > Original Message > From: "Pete 'Wolfy' Hanson" <[EMAIL PROTECTED]> > To: "ClamAV users ML" > Subject: Re:[Clamav-users] clamav-milter 0.90.1 and duplicated messages > Date: Tue 27 Mar 2007 03:37:44 PM EDT > > > Are the duped mails by chance from Hotmail/MSN servers? I've been battling > > duped mails from Hotmail servers over the past few weeks. I'm in contact > > with Microsoft support on the issue, and they've confirmed that there are > > indeed duplicate mails going out on their end. (I'm still using ClamAV > > 0.88.7, FWIW. At one point I suspected some sort of weird interaction with > > ClamAV and Hotmail, but I've not actually been able to find any conclusive > > evidence one way or the other.) > > > > No, from a variety of different sources unfortunately. > > > Ryan Moore > -- > Perigee.net Corporation > 704-849-8355 (sales) > 704-849-8017 (tech) > www.perigee.net > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html I upgraded to sendmail 8.14.0 first ( needed to apply this patch... http://www.sendmail.org/patches/milter.rcpt.rej.p0 to stop it falling over regularly, but don't know whether that was caused by this milter or others that I run ). I then upgraded to 0.90.1, and have no problems at all. This site only handles about 100,000 emails a day though, so not that heavy a load. All this is on a debian etch platform, ht pentium/2GB memory. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Terrible performance with 0.90.2 (solved)
On Wed, 25 Apr 2007 08:49:26 +0200 Michael Heiming <[EMAIL PROTECTED]> wrote: [snip] > Rene, > > thx a bunch for sending the patch as attachment off the list. Works like > a charm, performance is well back. ;-) Seem it was indeed the patch just > got garbled on the list, as thought. > > Best regards > > Michael > -- > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html This is usually the case if not sent as an attachment. All white space tends to get converted to spaces ): Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [0.90.2 clamav-milter] Temporary quarantine file ... creation failed
On Thu, 26 Apr 2007 17:49:02 +0500 Sergey <[EMAIL PROTECTED]> wrote: > Hello. > > Apr 26 16:51:28 mx1 clamav-milter[30761]: Temporary quarantine file > /tmp/clamav-db5fe7f81e62a48f8c91bcf1d09e2d57/msg.1kSiUY creation failed [snip] Can you check the application/system logs for any problems with running out of file descriptors, too many open files, or the like?? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help me
On Wed, 06 Jun 2007 11:40:29 +0100 Jonathan Armitage <[EMAIL PROTECTED]> wrote: > The Solaris command you are looking for is crle: > > "crle - configure runtime linking environment." > > You need to add the paths to the libraries you need to build clamav. But I > don't think that's your problem, because if the paths were wrong the make > would > fail. > > Check that there is not a symlink lurking somewhere along the lines of > > lrwxrwxrwx 1 root root 18 Apr 16 16:41 libclamav.so -> > libclamav.so.2.0.2 > > but pointing to libclamav.so.1 ... or just set LD_LIBRARY_PATH? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help me
On Thu, 07 Jun 2007 09:18:48 +0100 Nigel Horne <[EMAIL PROTECTED]> wrote: > > Jonathan Armitage <[EMAIL PROTECTED]> wrote: > > Really off topic: the band I was bought in to conduct on Whit > Friday followed you at Uppermill... > > -- > Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Tutor, Typesetter. > NJH Music, Barnsley, UK. ICQ#20252325 > [EMAIL PROTECTED] http://www.bandsman.co.uk > wtf??? I'm on the other side of the world to you! OK, I worked in Sheffield for a while, but... Christchurch, NZ is where I'm now at. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clange log...
Indeed, thanks. I was looking for it on sourceforge and the wiki, but couldn't find it. Just wondered what the reason was for the quick update to 0.9.1 - except for getting off the .0, of course (: Cheers, Steve On Wed, 18 Jul 2007 16:11:33 +0700 "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote: > Steve Holdoway wrote: > > I'm trying to find the changelog for 0.91.1. Can anyone point me towards it? > > > > > The obvious one would be within the clamav source code, but I'm guessing > you don't want to download a 12MB file just to see the changelog :) > I have a copy on http://clamav.or.id/stable/ChangeLog-0.91.1 > but I believe what you're just looking for is this : > > Mon Jul 16 21:52:08 CEST 2007 > - > V 0.91.1 > * Bugfixes: > - libclamav/others.c: bump f-level > - libclamav/unrar/unrarvm.c: fix another occurrence of bb#555, thanks to > Ludwig Nussel > - sigtool/sigtool.c: increase MAX_DEL_LOOKAHEAD, requested by Sven > - libclamav/scanner.c: don't search for embedded PEs in zip files larger > than 1 MB (bb#573) > - clamav-milter: Fix memory leak when load balancing > - clamav-milter: Chroot handling no longer marked as experimental > - libclamav/nsis: fix macro collision on AIX - bb#570 > - libclamav/phishcheck.c: fix (null) FOUND > - libclamav: rename x86 macroes due to collisions on HPUX > - libclamav: Fix warnings on HP-UX > > Regards, > > Fajar > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clange log...
I'm trying to find the changelog for 0.91.1. Can anyone point me towards it? Ta, Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] out of memory: Cannot allocate memory
I run my mail server on 64 bit debian, running under vmware, with 512MB memory allocated. I run clamav 0.91.1, compiled using ./configure --enable-milter --disable-clamuko, as a milter from sendmail 8.14.1. I also use the mailwasher server milter. I have started to get the following in my logs, accomanied by a failure to receive mail... Jul 23 00:00:48 mail sm-mta[19966]: l6MC0lLq019966: from=<[EMAIL PROTECTED]>, size=6932, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=mta1.wlg.trademe.co.nz [202.21.128.41] Jul 23 00:00:48 mail sm-mta[19966]: l6MC0lLq019966: Milter add: header: X-MailWasher-Server-Scanned: Checked by MailWasher server v2.2.3 (www.Firetrust.com) Jul 23 00:00:48 mail sm-mta[19966]: l6MC0lLq019966: Milter add: header: X-MailWasher-Server-Status: Clean Jul 23 00:00:48 mail sm-mta[19966]: l6MC0lLq019966: SYSERR(root): out of memory: Cannot allocate memory It seems that a default max size of 1MB is enabled for 0.90.1 (or was it earlier?). My log file was larger than this. When I cleared the log file down, and increased the logfile size limit, clamav started working again. Is there someone out there ( who's getting more than 3 hours sleep at the moment ) who can investigate further?? Cheers, Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Missing Freshclam after upgrade to clamav-0.90.3-1.fc7
On Sun, 16 Sep 2007 11:31:55 +1000 "Graeme Nichols" <[EMAIL PROTECTED]> wrote: > Hello Dennis, > > Thank you. > > On 16/09/2007, Dennis Peterson <[EMAIL PROTECTED]> wrote: > > > > Graeme Nichols wrote: > > > Hi Dennis, > > > > > > On 15/09/2007, Dennis Peterson <[EMAIL PROTECTED]> wrote: > > >> John Rudd wrote: > > >>> Graeme Nichols wrote: > > >>> > > Anyone any ideas please? > > >>> Build and install from source? > > >> Works every time it's tried as the rpm creators have discovered. > > > > > > > > > One option. But one that is guaranteed to cause future problems on an > > rpm > > > based system. > > > > > > > Only if you continue to not know what you're doing. None of this is a > > problem when you are the one who knows what you're doing, in fact. > > > Well, I have a pretty good idea what I am doing but by no means would I call > myself an expert. I *do* know from my own experience and from others that if > one installs an application from the source code (./configure; make; make > install) you have a better than even chance of having two versions of the > application installed if for some reason a later version of the application > is installed from a rpm package and this can cause some interesting > problems. > > It would be *very* handy if all application tarballs had a 'make uninstall' > option. Only very few bother to include such an option at the moment so it > is a find as find can exercise to remove all the old bits and pieces of an > application before installing a new version. > > Another *feature* that very few developers include in their source tarballs > in a spec file. If they did then one could build an rpm binary package > extremely simply using the command rpmbuild -tb [tarball name]. However, it > does mean extra work and testing for the developers who are doing it in > their own time. The biggest problem in this scenario is the huge number of > distros all doing their own thing, putting files in their own places and not > based on a core standard. It would be easy if all distros were based around > a core standard and their own bells and whistles added around that core > standard. *Perhaps* then a standard spec file would work on all distros but > I guess this is a simplistic view by someone who uses my system as a working > tool rather than a thing to experiment with. > > Thanks for your help as every problem is a chance to learn something. > > Moral of the story? If your system is based on a package manager, such as > Fedora, then stick to it if at all possible. > > -- > Kind Regards, > > Graeme. > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html I sort of disagree with this. You're implying that systems are kept up-to-date to some extent - like it's apart of a sys admins job to blindly do a yum update / apt-get update / windows update / whatever on a regular basis, and expect things to work. This isn't particularly dangerous in a development environment, BUT really can be in a production environment. For example, my mail servers were last rebooted ( to move to a new power supply system ) just over a year ago, and they'd been up since building about 9 months before that. I haven't changed much at all on their configuration in general. However, fully tested installations of sendmail and it's associated milters are installed, built from scratch as and when it is necessary. I test them first, and when I'm happy, I change the minimum required to protect my systems. My internet facing stuff is right up-to-date, though. I think that you're falling into the all too common trap that sysadmin work is really tedious, so the top priority is to use the solution that takes the minimum time to implement, regardless of it's inherent quality. I reckon that package management is *NOT* the solution for a production server. Obviously this is just my opinion, and I know it's not that popular - but it's the distillation of what I have learnt the hard way over more than 23 years ( just checked my CV! ) of relevant experience. Steve. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Missing Freshclam after upgrade to clamav-0.90.3-1.fc7
On Sun, 16 Sep 2007 10:43:17 +0300 Henrik Krohns <[EMAIL PROTECTED]> wrote: > On Sun, Sep 16, 2007 at 11:31:55AM +1000, Graeme Nichols wrote: > > > > It would be *very* handy if all application tarballs had a 'make uninstall' > > option. Only very few bother to include such an option at the moment so it > > is a find as find can exercise to remove all the old bits and pieces of an > > application before installing a new version. > > Forget that and ./configure --prefix=/usr/local/. Simple and very > effective, rm -r will remove it if needed. > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html clamav *does* include a make uninstall. I use it every time I upgrade. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam problem
Upgrading to 0.91.2 will help... (: Steve On Mon, 17 Sep 2007 13:13:06 +0300 Özgür Öçalan <[EMAIL PROTECTED]> wrote: > Hi, > > > > I am using Debian. I have some problems with clamav. > > > > This is my freshclam log: > > > > Ignoring mirror 193.92.150.194 (too often connections with outdated version) > > ERROR: getpatch: Can't download daily-4284.cdiff from database.clamav.net > > WARNING: Incremental update failed, trying to download daily.cvd > > Ignoring mirror 193.92.150.194 (too often connections with outdated version) > > Ignoring mirror 80.65.85.132 (too often connections with outdated version) > > Ignoring mirror 147.52.3.167 (too often connections with outdated version) > > ERROR: Can't download daily.cvd from database.clamav.net > > Giving up on database.clamav.net... > > Update failed. Your network may be down or none of the mirrors listed in > freshclam.conf is working. Check > http://www.clamav.net/support/mirror-problem for possible reasons. > > > > My clamav version: ClamAV 0.90.1 > > > > Somebody help me, pls. How can i solve this problem? > > > > Thank you... > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] PhishingScanURLs is dreadfully slow/CPU-intensive
On Mon, 29 Oct 2007 19:25:14 -0700 Dennis Peterson <[EMAIL PROTECTED]> wrote: > Joe Clements wrote: > > >> For what it is worth, Linux will only forge ahead in the market by > >> improvements > >> in 2 areas. One of them is security. I would like to see 1 security suite > >> which > >> has the capability to deal with ALL threats. Windows security has to have > >> an > >> anti virus, anti trojan, adware and malware protection, an anti browser > >> hijacker, a rootkit checker, a secure firewall, and these are all separate > >> programs. Pardon me if I missed one out. When Linux guarantees protection > >> from > >> all these threats in 1 package, then one major hurdle holding back a > >> greater > >> uptake of Linux will have been removed. > > Joe Clements (joeclem111) > > I don't see where Linux is unique in this regard. I also don't see why the > success of > Linux is particularly important vs BSD, Solaris, Windows, etc. But I suppose > that > discussion is for another forum. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html I think the OP may beconsidering linux as a desktop. Personally, I've no problems with security in a server environment. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] out of date but up to date???
On Sat, 22 Dec 2007 13:26:37 - (UTC) "john" <[EMAIL PROTECTED]> wrote: > > > > > I suspect that clamav-milter and freshclam are not the same program. > > You might try to look at what clamav-milter reports for a version (-V). > > -- > > - > > ha > clamav-milter -V > ClamAV version 0.88.7, clamav-milter version 0.88.7 > > however when I try to configure with --enable-milter on the new version 0.92 > I get: > configure: error: Cannot find libmilter > > any idea where I can find it? > > john > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html I build mine from sendmail sources, if that's any help... -- Steve Holdoway <[EMAIL PROTECTED]> ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] TK53 Advisory #2: Multiple vulnerabilities in ClamAV
On Wed, 02 Jan 2008 00:42:52 +0100
Sarocet <[EMAIL PROTECTED]> wrote:
> Ed Kasky wrote:
> > At 06:07 AM Monday, 12/31/2007, you wrote -=>
> >
> >> Chris wrote:
> >>
> >>> Saw this link at SANS today, anything to it?
> >>>
> >>> http://seclists.org/fulldisclosure/2007/Dec/0625.html
> >>>
> >>> Or is this a rehash of something already known about
> >>>
> >> I'm attaching a patch for it, so you can patch and rebuild your version.
> >>
> >>
> >> --- libclamav/others.c(revision 3475)
> >> +++ libclamav/others.c(working copy)
> >> @@ -492,7 +492,7 @@
> >> if(!*name)
> >> return CL_EMEM;
> >>
> >> - *fd = open(*name, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU);
> >> + *fd = open(*name, O_RDWR|O_CREAT|O_TRUNC|O_BINARY|O_EXCL, S_IRWXU);
> >> if(*fd == -1) {
> >> cli_errmsg("cli_gentempfd: Can't create temporary file %s:
> >> %s\n", *name, strerror(errno));
> >> free(*name);
> >>
> >
> > FYI -
> >
> > When applying this patch, I get the following:
> >
> > "patch: malformed patch at line 4: if(!*name)"
> >
> > Ed
> >
IME patches always get mangled if included in an email, tabs to spaces, etc.
Putting it in an attachment keeps the internal formatting and usually works.
Just my $0.02,
Steve
pgpFb8Y6sgIse.pgp
Description: PGP signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] What's this? I can't believe it!
On Sun, 20 Jan 2008 15:03:14 -0700 [EMAIL PROTECTED] wrote: > The exe files are Windows' executables (applications). Would they do harm to > Linux? When I tried to open an exe file I was told no application was > available. [snip] Well, my mail server runs on linux, but most of my clients use outlook to read their mail. So, what relevance is there to the OS that clamav runs on??? Steve pgpioCy9VN206.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] MRTG
Well, given that I've used MRTG to monitor (amongst other things) the exchange rate from Norwegian Kroner to Japanese Yen, maybe there's just a bit more to the product than you think. All you need to do is to write a script to generate the necessary info in the correct format. That's the bit that's missing. You need to process the log file, not just add it in as a parameter. Steve On Sat, 15 Mar 2008 22:57:44 +1100 "Andrew McGlashan" <[EMAIL PROTECTED]> wrote: > Hi Tarak, > > Tarak Ranjan wrote: > >> That is probably because MRTG is a "Multi-Router Traffic Grapher" > >> and all your clamav traffic is local, ie not routing anywhere. > >> > > i know the full form of MRTG, that was not my query to the list > > I don't dispute that you knew the full form already but it might explain > why you don't see results, given that, unless I am mistaken (and I could > well be!), the mail traffic in question is being processed locally -- again, > not routing to one or from one or more of the standard [external to the box] > network interfaces and therefore not subject to 'normal' MRTG counting > > Kind Regards > AndrewM > > Andrew McGlashan > Broadband Solutions now including VoIP > > Current Land Line No: 03 9912 0504 > Mobile: 04 2574 1827 Fax: 03 9012 2178 > > National No: 1300 85 3804 > > Affinity Vision Australia Pty Ltd > http://www.affinityvision.com.au > http://adsl2choice.net.au > > In Case of Emergency -- http://www.affinityvision.com.au/ice.html > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html pgp12rkFQobB4.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
On Mon, 31 Mar 2008 02:06:01 +0200 Ben <[EMAIL PROTECTED]> wrote: > On Sun, Mar 30, 2008 at 8:47 PM, Joe Sloan <[EMAIL PROTECTED]> wrote: > > Wow - as a long term IT professional I thought I'd heard it all but this > > takes the cake. In all the past waves of viruses we've seen, they have > > been analyzed in depth and found to be 100% windows. If you have some > > evidence to the contrary feel free to share. > > Even then, like I wrote before: > Stupid people (and stupid admins, like the ones in this list) > are responsible for contamination, in general, not the OS > or the software they use. We have a nice saying over here: > "Het is de kok, niet de keuken!" > May exist in your language as well: It's the cook, not the kitchen. > Those who read mail from my mailserver are not stupid. > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html 1. What is true now, may not be tomorrow. Are you going to plan for it, or just rush around like a headless chicken when it happens. 2. Even if is was true, what happens when one of your perfect users gets infected (not through email of course), and starts spewing out spam, then you might catch it if you're looking. 3. Who are you calling stupid, stupid. 4. Ongelooflijk ( kl... ). Yeah, some poms speak dutch, too. Get your head out of the sand, Ben. Steve. pgpFAv0iwV2Vm.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
On Mon, 31 Mar 2008 08:07:32 -0700 Dennis Peterson <[EMAIL PROTECTED]> wrote: > John Rudd wrote: > > Dennis Peterson wrote: > >> And to follow up on the earlier > >> point about Windows systems not being the sole source of spam/virus > >> distribution, > > > > > > The idea that any platform (windows, unix/linux, etc.) attached to the > > net cannot be subverted into being a spam/virus zombie is, at best, > > naive. And a naive sysadmin is a danger to us all. > > That is probably a kinder way of phrasing my earlier rather blunt view > of it. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html tbh it depresses me to see someone purporting to have been a sysadmin for 25 years to *not* have a pessimistic, cynical outlook. I know I have (: Steve pgpQMX7HdVDCl.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
On Mon, 31 Mar 2008 19:38:10 -0700 Joe Sloan <[EMAIL PROTECTED]> wrote: > Dennis Peterson wrote: > > Joe Sloan wrote: > > >> Perhaps our sample size is too small, but it certainly seems that this > >> whole overhyped idea of viruses apart from ms windows is a non-issue in > >> practice. > > > How are able to determine that? There's nothing in the connection > > information or in the message that identifies the source OS, hardware, > > or MTA. Everything in a message can be spoofed as can the sending > > system. The only thing you can be sure of is the IP you log during the > > connection. Nothing else can be considered real. > > It's rather simple. Every single one of the viruses we looked at has > been a windows executable, therefore could not have possibly infected a > non windows platform. > > Joe > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html This is where you need the cynical, pessimistic sysadmins approach. Just because it is now, doesn't mean that it's always going to be. Would you rather be proactive or reactive? Personally, I try to be the former whenever possible. Less stress. Because, it *IS* going to change, just as soon as the market share makes it profitable. No question about it. Steve pgpDR4CahmM6u.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Non-Windoze Viruses (was Re: Memory usage for clamd is huge)
On Mon, 31 Mar 2008 23:01:10 -0400 "David F. Skoll" <[EMAIL PROTECTED]> wrote: > I do not believe there has been a real Linux virus in the wild, and > I can't believe someone wouldn't have created one by now if it were > as easy as on Windoze. Heck, even MSFT has probably tried as part > of it's FUD campaign. :-) Well, ignoring the ensuing flame war as to whether a worm is a virus ( it certainly is in this context! ), the first ever virus was unix based. And Microsoft Windows hadn't been invented yet. Or linux. I am absolutely certain that, once there's a market for it, non-windows viruses will appear. I think it's too risky (and after all, risk is perceived differently by all people!) to assume that just because it's in the too hard/no money basket at the moment, it's going to stay there. And when it happens, I don't want to be in the group of people that everyone's pointing the finger at, chanting 'I told you so'! Steve. pgp3xh9wn24AV.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam Update Failures
On Mon, 14 Apr 2008 16:15:29 -0400 Carlos Williams <[EMAIL PROTECTED]> wrote: > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.90.3 Recommended version: 0.93 > Ignoring mirror 209.8.40.140 (too often connections with outdated version) > > What am I doing wrong? > When snipped, you post suggests the problem. Current release is 0.93, your release 0.90.3. Precedence on updates is given to those running later versions... Steve pgpXMW6Op6aJX.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error
On Tue, 15 Apr 2008 15:52:01 -0400 James Kosin <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > |> | James > |> Well, that did the trick. > |> I un-installed the old version before building and that fixed the > |> dependency issue. > | > | Yes, I have now had to do the same thing, and it fixed my problem as > | well. I don't understand exactly why this happens, I need to understand > | the cause and fix the underlying problem. > | > | Thanks for the assistance. Probably not a clamav bug after all! > | Having just been spending quite some time writing .spec files, it could be because rpm -U actually runs the uninstall script of the superseeded package ( with $1 set to a different value to if you're running -e ) as a part of the upgrade. It's most confusing and the logic of it offers only lip service to sanity! Steve pgpkRPTc1jZZO.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter problem reject=553 5.3.0Rejected - see http://ordb.org/
On Sun, 8 Jun 2008 19:48:15 +0200 "Andreas Schwantner, MAS, MSC, MPOS, Med" <[EMAIL PROTECTED]> wrote: > > > Hi > It was maybe a bad example > I have the problem with all my mails i want to receive > So all mails get a reject=553 5.3.0 Rejected - see http://ordb.org/ > In the log, no mail comes through. > ORDB has been closed for over 18 months now. They are using this policy of rejecting everything to try and stop you using their non-existant services. Update your mail server configuration to stop using it. Steve -- Steve Holdoway <[EMAIL PROTECTED]> ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Date in the past when updating via freshclam.
On Tue, 29 Jul 2008 01:53:22 -0700 (PDT) Gerald Naveen <[EMAIL PROTECTED]> wrote: > Hi Tomasz, > > However, there is definitely a different issue. > > Freshclam uses the modification timestamp of the file from the filesystem. > This creates a problem when the server and the client (freshclam) are in > different timezones (specially when the client is ahead in the timezone). > > Isn't that true? > > Thanks > No, not at all. I know this because we're ahead of almost everyone. I don't really think that there's any software that timezones cause problems with in this day and age. Well, on *nix platforms anyway. I even run my servers on my local time to cause me less confusion. Steve -- Steve Holdoway <[EMAIL PROTECTED]> ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] simplest replacement for ancient amavis-perl
On Thu, 7 Aug 2008 11:36:32 -0400 (EDT) jef moskot <[EMAIL PROTECTED]> wrote: > > You did not mention your MTA. > > Oops, sorry. We're married to sendmail at this point. > In that case, why not just use clamav as a milter. It's been working fine for us for the last couple of years. Steve pgpKwAcXq2o3e.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Error while installing clam- Please help
Your copy of the compression libraries needs to be compiled with the flag below ( position independent code ). I had the same problem. Get zlib version 1.2.3 source from sourceforge, extract, and modify the Makefile CFLAGS=-O3 -DUSE_MMAP to CFLAGS=-O3 -DUSE_MMAP -fPIC make, and copy the resultant libz.a to /usr/local/lib. I saved the old copy, then restored it after building. Just in case. Steve On Thu, 7 Aug 2008 16:09:57 -0400 "Parveen Malik" <[EMAIL PROTECTED]> wrote: > Hi all, > > > > I am getting this error while installing the clam antivirus : > > Claimddb# make > > > > /usr/bin/ld: /usr/local/lib/libz.a(gzio.o): relocation R_X86_64_32 > against `a local symbol' can not be used when making a shared object; > recompile with -fPIC > > /usr/local/lib/libz.a: could not read symbols: Bad value > > collect2: ld returned 1 exit status > > make[3]: *** [libclamav.la] Error 1 > > make[3]: Leaving directory `/admin/clamav-0.93.3/libclamav' > > make[2]: *** [all-recursive] Error 1 > > make[2]: Leaving directory `/admin/clamav-0.93.3/libclamav' > > make[1]: *** [all-recursive] Error 1 > > make[1]: Leaving directory `/admin/clamav-0.93.3' > > make: *** [all] Error 2 > > > > Best Regards, > Parveen Malik > > > > > ** > > This email may contain proprietary and confidential information and is sent > for the intended recipient(s) only. If by an addressing or transmission error > this email has been delivered to you, you are requested to delete it > immediately. You are also hereby notified that any use, any form of > reproduction, dissemination, copying, disclosure, modification, distribution > and/or publication of this e-mail message, contents or its attachment(s) > other than by its intended recipient(s) is strictly prohibited. All rights > reserved ikaSystems CorporationR. > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml pgppw7q8XNklv.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] attempting to use clamav from svn...
Hi Listers, I'm having reliability problems with 0.94.2, and, as I run on a fairly memory-limited server, suspect that this is the core of the problem. Following on from anothe suggestion, I downloaded and built up the current svn snapshot to see if there was any improvement. I use clamav with sendmail via clamav-milter, configured ./configure --enable-milter --disable-clamuko sendmail.mc contains ( I may disable the F=T bit... ) INPUT_MAIL_FILTER(`clamav',`S=unix:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m')dnl and this is the error I get when clamav-milter falls over: Dec 30 14:24:42 server sendmail[29856]: mBU1ObVo029856: Milter (clamav): write(D) returned -1, expected 6: Broken pipe Dec 30 14:24:42 server sendmail[29856]: mBU1ObVo029856: Milter (clamav): to error state Dec 30 14:24:42 server sendmail[29856]: mBU1ObVo029856: Milter: helo=200-100-48-20.dial-up.telesp.net.br, reject=451 4.3.2 Please try again later followed by Dec 30 14:24:42 server sendmail[29865]: mBU1Ogwp029865: Milter (clamav): error connecting to filter: Connection refused by /var/run/clamav/clmilter.sock Dec 30 14:24:42 server sendmail[29865]: mBU1Ogwp029865: Milter (clamav): to error state Dec 30 14:24:42 server sendmail[29865]: mBU1Ogwp029865: Milter: initialization failed, temp failing commands for each following connection attempt. I run debian linux, and start clamav-milter as follows: /usr/local/sbin/clamav-milter --local --sendmail-cf=/etc/mail/sendmail.cf --outgoing --sign --timeout 0 --postmaster=st...@greengecko.co.nz --quarantine=st...@greengecko.co.nz --max-children 15 unix:/var/run/clamav/clmilter.sock when I try to start in this manner, it errors out: firstly on the --local flag, then if I remove that, the --sendmail-cf=/etc/mail/sendmail.cf flag. I can't find any docs describing the changes needed to get the svn version to start. Can anyone point them out to me... or suggest any other options to improve reliability. 0.94.1 was fine! Cheers, Steve -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] attempting to use clamav from svn...
Thanks for the suggestions. I've written a /usr/local/etc/clamav-milter.conf, which seems to be parsed ok, and am now starting clamav-milter with no parameters. I get the error ERROR: Failed to initiate streaming/fdpassing and the sender is being sent a tempfail. Where should I be looking to fix this? Do I need to be running clamd as well, and should this be using a separate socket to that used for sendmail?? Cheers, Steve On Tue, 30 Dec 2008 14:33:06 +1300 Steve Holdoway wrote: > Hi Listers, > > I'm having reliability problems with 0.94.2, and, as I run on a fairly > memory-limited server, suspect that this is the core of the problem. > Following on from anothe suggestion, I downloaded and built up the current > svn snapshot to see if there was any improvement. > > I use clamav with sendmail via clamav-milter, configured > > ./configure --enable-milter --disable-clamuko > > sendmail.mc contains ( I may disable the F=T bit... ) > INPUT_MAIL_FILTER(`clamav',`S=unix:/var/run/clamav/clmilter.sock, F=T, > T=S:4m;R:4m')dnl > > and this is the error I get when clamav-milter falls over: > Dec 30 14:24:42 server sendmail[29856]: mBU1ObVo029856: Milter (clamav): > write(D) returned -1, expected 6: Broken pipe > Dec 30 14:24:42 server sendmail[29856]: mBU1ObVo029856: Milter (clamav): to > error state > Dec 30 14:24:42 server sendmail[29856]: mBU1ObVo029856: Milter: > helo=200-100-48-20.dial-up.telesp.net.br, reject=451 4.3.2 Please try again > later > > followed by > > Dec 30 14:24:42 server sendmail[29865]: mBU1Ogwp029865: Milter (clamav): > error connecting to filter: Connection refused by > /var/run/clamav/clmilter.sock > Dec 30 14:24:42 server sendmail[29865]: mBU1Ogwp029865: Milter (clamav): to > error state > Dec 30 14:24:42 server sendmail[29865]: mBU1Ogwp029865: Milter: > initialization failed, temp failing commands > > for each following connection attempt. > > I run debian linux, and start clamav-milter as follows: > /usr/local/sbin/clamav-milter --local --sendmail-cf=/etc/mail/sendmail.cf > --outgoing --sign --timeout 0 --postmaster=st...@greengecko.co.nz > --quarantine=st...@greengecko.co.nz --max-children 15 > unix:/var/run/clamav/clmilter.sock > > when I try to start in this manner, it errors out: firstly on the --local > flag, then if I remove that, the --sendmail-cf=/etc/mail/sendmail.cf flag. > > I can't find any docs describing the changes needed to get the svn version to > start. Can anyone point them out to me... or suggest any other options to > improve reliability. > > 0.94.1 was fine! > > Cheers, > > Steve > -- > Steve Holdoway > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] squid + clamd performance pointers anyone
As per title, it works, but it's just so slow... I've got a quad core xeon, 2GB and loads of disk space available. Can anyone point me to any resources to help me get the best out of the server - google's not helping ): Cheers, Steve -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] squid + clamd performance pointers anyone
Hi Jason, good to know other locals're on the list. On Tue, 10 Feb 2009 16:10:34 +1300 Jason Haar wrote: > Steve Holdoway wrote: > > As per title, it works, but it's just so slow... I've got a quad core xeon, > > 2GB and loads of disk space available. Can anyone point me to any resources > > to help me get the best out of the server - google's not helping ): > > > > Err - you don't actually say anything. What does "squid + clamd" mean? running squid and clamd to provide a cleaned feed for html traffic. > How many users? The hardware you mention would be brilliant for a > 10-user network with a 1Mbs link, but would be atrocious for a > million-user network. I'd guess you are somewhere in between - but you > don't say. html traffic isn't large. It's a company smaller than yours. > > > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml I posted on this list as it seems that the clamd side is the bottleneck, and as I have only used clamav from a milter until now, I'm unfamiliar with performance tuning clamd (: Do you have any info, or pointers? Cheers, Steve. -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] squid + clamd performance pointers anyone
On Wed, 11 Feb 2009 09:17:14 +1300 Jason Haar wrote: > Steve Holdoway wrote: > > > > running squid and clamd to provide a cleaned feed for html traffic. > > > > You still don't say what that means. You cannot actually run clamav > inside squid - there's no such thing. You must be using some third-party > addon (of which there are several) that does that integration for you. > > As others have just pointed out, alot of the "redirector"-style squid > addons for doing this don't work well. They are slow and inefficient > IMHO. I think the only "proper" way to do AV integration is directly - > ie a proxy that natively supports AV. > > We use the open source HAVP proxy. It supports clamav, sophie, trophie, > and several other commercial AV products and works very well. We still > use it in conjunction with Squid, as it is a pure "AV proxy" and doesn't > have all the other "bells-and-whistles" that Squid has. We use Squid as > our frontends, and they are configured to use HAVP (running on the same > box) as parent proxies. End result: all the creamy goodness of Squid > plus the sanitized delightedness of clean webpages (well, mostly ;-) > > See http://www.server-side.de/ > > Jason > > > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml Thanks, I'll look into that. I chose squidclamav as it seemed to be the most regularly updated project. I'll look into HAVP, now it's been pointed out quite how stupid the squidclamav implementation is! Cheers, Steve -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Trying out the subversion milter
I'm running clamav to clean up my mail sstream, integrating with sendmail using clamav milter. For some reason ( probably the memory limitations of a VPS ), the current 0.94.2 keeps crashing. So I'm trying t get the latest subversion stuff up and running. clamd starts up no problem: here's an example startup log. Thu Feb 12 10:28:21 2009 -> +++ Started at Thu Feb 12 10:28:21 2009 Thu Feb 12 10:28:21 2009 -> clamd daemon devel-r4741M (OS: linux-gnu, ARCH: i386, CPU: i686) Thu Feb 12 10:28:21 2009 -> Running as user clamav (UID 1000, GID 108) Thu Feb 12 10:28:21 2009 -> Log file size limited to 1048576 bytes. Thu Feb 12 10:28:21 2009 -> Reading databases from /var/lib/clamav Thu Feb 12 10:28:21 2009 -> Not loading PUA signatures. Thu Feb 12 10:28:22 2009 -> Loaded 513186 signatures. Thu Feb 12 10:28:22 2009 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock Thu Feb 12 10:28:22 2009 -> LOCAL: Setting connection queue length to 15 Thu Feb 12 10:28:22 2009 -> Limits: Global size limit set to 104857600 bytes. Thu Feb 12 10:28:22 2009 -> Limits: File size limit set to 26214400 bytes. Thu Feb 12 10:28:22 2009 -> Limits: Recursion level limit set to 16. Thu Feb 12 10:28:22 2009 -> Limits: Files limit set to 1. Thu Feb 12 10:28:22 2009 -> Archive support enabled. Thu Feb 12 10:28:22 2009 -> Algorithmic detection enabled. Thu Feb 12 10:28:22 2009 -> Portable Executable support enabled. Thu Feb 12 10:28:22 2009 -> ELF support enabled. Thu Feb 12 10:28:22 2009 -> Mail files support enabled. Thu Feb 12 10:28:22 2009 -> OLE2 support enabled. Thu Feb 12 10:28:22 2009 -> PDF support enabled. Thu Feb 12 10:28:22 2009 -> HTML support enabled. Thu Feb 12 10:28:22 2009 -> Self checking every 600 seconds. Thu Feb 12 10:28:22 2009 -> Listening daemon: PID: 17565 So does clamav-milter:Thu Feb 12 10:28:24 2009 -> Local socket unix:/var/run/clamav/clamd.sock added to the pool (slot 1) looks great. However, when I send mysqlf a test mail, this is what I see in the clamav-milter log Thu Feb 12 10:28:51 2009 -> ERROR: Failed to initiate streaming/fdpassing and mail.info Feb 12 10:33:14 vps163 clamd[17608]: Failed to initiate streaming/fdpassing Feb 12 10:33:14 vps163 sendmail[28447]: n1BLX6YU028447: Milter: data, reject=451 4.3.2 Please try again later Feb 12 10:33:14 vps163 sendmail[28447]: n1BLX6YU028447: to=, delay=00:00:00, pri=31113, stat=Please try again later ( I think it's actually clamav-milter identifying itself as clamd, judging by the PID ). It's a 32 bit debian machine. If you've got any suggestions/requests for further info, please don't hesitate to ask! Cheers, Steve -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Trying out the subversion milter
Nobody??? It seems that the cpool_get_rand function is returning NULL ( cp->alive == 0 ) to nc_connect_rand, which is returning 1 to clamfi_header, which is returning a tempfail. Can anyone tell me why? I've tried moving the socket range for clamd from 1024->2048 to 3->3200 with no effect. I've also moved the clamd tempdir to one that's not mounted noexec just to be sure. Any ideas would be gratefully received! Steve On Thu, 12 Feb 2009 10:36:24 +1300 Steve Holdoway wrote: > I'm running clamav to clean up my mail sstream, integrating with sendmail > using clamav milter. For some reason ( probably the memory limitations of a > VPS ), the current 0.94.2 keeps crashing. > > So I'm trying t get the latest subversion stuff up and running. > > clamd starts up no problem: here's an example startup log. > > Thu Feb 12 10:28:21 2009 -> +++ Started at Thu Feb 12 10:28:21 2009 > Thu Feb 12 10:28:21 2009 -> clamd daemon devel-r4741M (OS: linux-gnu, ARCH: > i386, CPU: i686) > Thu Feb 12 10:28:21 2009 -> Running as user clamav (UID 1000, GID 108) > Thu Feb 12 10:28:21 2009 -> Log file size limited to 1048576 bytes. > Thu Feb 12 10:28:21 2009 -> Reading databases from /var/lib/clamav > Thu Feb 12 10:28:21 2009 -> Not loading PUA signatures. > Thu Feb 12 10:28:22 2009 -> Loaded 513186 signatures. > Thu Feb 12 10:28:22 2009 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock > Thu Feb 12 10:28:22 2009 -> LOCAL: Setting connection queue length to 15 > Thu Feb 12 10:28:22 2009 -> Limits: Global size limit set to 104857600 bytes. > Thu Feb 12 10:28:22 2009 -> Limits: File size limit set to 26214400 bytes. > Thu Feb 12 10:28:22 2009 -> Limits: Recursion level limit set to 16. > Thu Feb 12 10:28:22 2009 -> Limits: Files limit set to 1. > Thu Feb 12 10:28:22 2009 -> Archive support enabled. > Thu Feb 12 10:28:22 2009 -> Algorithmic detection enabled. > Thu Feb 12 10:28:22 2009 -> Portable Executable support enabled. > Thu Feb 12 10:28:22 2009 -> ELF support enabled. > Thu Feb 12 10:28:22 2009 -> Mail files support enabled. > Thu Feb 12 10:28:22 2009 -> OLE2 support enabled. > Thu Feb 12 10:28:22 2009 -> PDF support enabled. > Thu Feb 12 10:28:22 2009 -> HTML support enabled. > Thu Feb 12 10:28:22 2009 -> Self checking every 600 seconds. > Thu Feb 12 10:28:22 2009 -> Listening daemon: PID: 17565 > > So does clamav-milter:Thu Feb 12 10:28:24 2009 -> Local socket > unix:/var/run/clamav/clamd.sock added to the pool (slot 1) > > looks great. However, when I send mysqlf a test mail, this is what I see in > the clamav-milter log > Thu Feb 12 10:28:51 2009 -> ERROR: Failed to initiate streaming/fdpassing > > and mail.info > Feb 12 10:33:14 vps163 clamd[17608]: Failed to initiate streaming/fdpassing > Feb 12 10:33:14 vps163 sendmail[28447]: n1BLX6YU028447: Milter: data, > reject=451 4.3.2 Please try again later > Feb 12 10:33:14 vps163 sendmail[28447]: n1BLX6YU028447: > to=, delay=00:00:00, pri=31113, stat=Please try again > later > > ( I think it's actually clamav-milter identifying itself as clamd, judging by > the PID ). > > > It's a 32 bit debian machine. If you've got any suggestions/requests for > further info, please don't hesitate to ask! > > Cheers, > > > Steve > > > -- > Steve Holdoway > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] please remove - 27 emails and counting
On Sat, 21 Feb 2009 14:04:51 +1100 Laurens wrote: > I have been trying to get off this fucking list for over 12 months... no > luck... Then look at the headers, click on the link next to List-Unsubscribe:, and probably just hit return, depending on your mail client. Pretty f*n simple if you ask me... -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
On Sat, 28 Feb 2009 14:38:04 -0800 Bill Landry wrote: > I am not running any GUI, I ssh into the server and launch clamdtop, and > F1 is just ignored. Do I need to be on the server in GUI mode to see > any F1 results? ssh -X server may help ( no I haven't a clue whether it will, but that way a remote X client can use your local X server... ) Steve -- Steve Holdoway http://www.greengecko.co.nz ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95 rc1 in Solaris 9
On Sat, 28 Feb 2009 15:50:39 -0800 Bill Landry wrote: > > I think no GUI means no X. > > That is correct, no X. > > Bill Sorry, I sort of expected that you'd have an X server running on your local workstation... you don't need one running on the remote machine. Steve -- Steve Holdoway http://www.greengecko.co.nz ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Failed milter upgrade to .95rc2
On Tue, 17 Mar 2009 19:50:20 -0700 Ed Kasky wrote: > Does the required entry in sendmail.mc change at all? > > INPUT_MAIL_FILTER(`clamav', > `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl > define(`confINPUT_MAIL_FILTERS', `spf-milter,clamav')dnl > > Ed I'm running with a couple extra timeous defined... INPUT_MAIL_FILTER(`clamav',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m;C:30s;E:10m')dnl but the real work is getting the milter running from the config file, and separate from the clamd stuff. I've been running from svn for a while ( the last stable release proving unstable on my VPS-based implementation - which by design has no swap ), and it's been solid as a rock. Steve -- Steve Holdoway http://www.greengecko.co.nz ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] sanesecurity sigs not working???
ecv: timeout after 600 seconds Fri Mar 20 09:35:29 2009 -> THRMGR: queue crossed low threshold -> signaling Fri Mar 20 09:35:29 2009 -> Closed fd 11 Fri Mar 20 09:35:29 2009 -> Finished scanthread Fri Mar 20 09:35:29 2009 -> Scanthread: connection shut down (FD 10) Fri Mar 20 09:35:29 2009 -> THRMGR: queue crossed low threshold -> signaling clamav-milter.log has nothing but a startup message. -- Steve Holdoway http://www.greengecko.co.nz ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Failed milter upgrade to .95rc2
On Fri, 20 Mar 2009 21:38:47 -0700 Ed Kasky wrote: > At 09:00 PM Wednesday, 3/18/2009, Steve Holdoway wrote -=> > >On Tue, 17 Mar 2009 19:50:20 -0700 > >Ed Kasky wrote: > > > > > Does the required entry in sendmail.mc change at all? > > > > > > INPUT_MAIL_FILTER(`clamav', > > > `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl > > > define(`confINPUT_MAIL_FILTERS', `spf-milter,clamav')dnl > > > > > > Ed > >I'm running with a couple extra timeous defined... > > > >INPUT_MAIL_FILTER(`clamav',`S=local:/var/run/clamav/clmilter.sock, > >F=, T=S:4m;R:4m;C:30s;E:10m')dnl > > > >but the real work is getting the milter running from the config > >file, and separate from the clamd stuff. > > > >I've been running from svn for a while ( the last stable release > >proving unstable on my VPS-based implementation - which by design > >has no swap ), and it's been solid as a rock. > > > >Steve > > Still having a problem getting the milter started. I am using the > init script from the source package for Redhat and get the following: > > Starting clamav-milter: clamav-milter: unrecognized option > `--pidfile=/var/run/clamav/clamav-milter.pid' > ERROR: Unknown option passed > ERROR: Can't parse command line options > [FAILED] > > I did find the setting in the milter.conf file for the pid and tried > setting it there and removing the option from the script but could > not get it to work. I can't seem to find an init script that works on FC6... > > Ed > > ... > > Randomly Generated Quote (932 of 1520): > Moderation is a fatal thing. Nothing succeeds like excess. > -- Oscar Wilde > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml There are *NO* command line options for clamav-milter. All is configured through the config file. When built from source, the milter is started with the command line /usr/local/sbin/clamav-milter The config file is /usr/local/etc/clamav-milter.conf. In there, for example the line... PidFile /var/run/clamav/clamav-milter.pid will set up what you're trying to achieve. hth, Steve -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav +squid+squidguard
the best way to integrate clamav with squid is to use havp... Steve On Thu, 26 Mar 2009 09:02:17 +0100 Sztupovszki Géza wrote: > Hi, > > I have a problem . > > I installed a proxy server (squid v2.6) with squidGuard and sarg . > Its worked properly. > I want to install virus protection (calmav 0.94 at clamav-daemon) with > freshclam , how can configure the squid squidGuard etc than working the > proxy good > > Thanx > > Sztupi > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-milter 0.95 could not connect to clamd
On Mon, 30 Mar 2009 10:39:17 +0200 Jarosław Kustosik wrote: > Hi everybody! > > Today, I've made an upgrade to version 0.95. After that I've made a > neccessary configuration changes to clamd and clamav-milter conf files. > > Both services starting corectly: > > > r...@sunrise:/usr/local/src/clamav-0.94.2# ps aux | grep clam > clamav 18242 0.0 6.6 71320 68488 ?Ss 09:28 0:00 > /usr/local/sbin/clamd > clamav 18248 0.4 6.2 108524 64916 ?Ssl 09:28 0:09 > /usr/local/sbin/clamav-milter -c /etc/clamav-milter.conf > clamav 18264 0.0 0.0 3204 856 ?Ss 09:28 0:00 > /usr/local/bin/freshclam -d -c 2 > root 23752 0.0 0.0 2004 652 pts/1S+ 10:07 0:00 grep clam > > ClamdTOP shows properly working clamd daemon on socket - > /var/spool/postfix/clamav/clamd.socket > > but when postfix sends mail to clamav-milter clamav-milter issues errors: > > ERROR: Timed out while reading clamd reply > WARNING: No clamd servers appears to be available > ERROR: Failed to initiate streaming/fdpassing > > and users get an error message: > > 4.7.1. Service temporally unavailable > > Below there are connection parts of my clamd.conf and clamav-milter.conf > files: > > r...@sunrise:/usr/local/src/clamav-0.94.2# more /etc/clamd.conf > LocalSocket /var/spool/postfix/clamav/clamd.socket > FixStaleSocket yes > #TCPSocket 3310 > TCPAddr 127.0.0.1 > #MaxConnectionQueueLength 30 > StreamMaxLength 20M > #StreamMinPort 3 > #StreamMaxPort 32000 > #MaxThreads 20 > #ReadTimeout 300 > #IdleTimeout 60 > #MaxDirectoryRecursion 20 > #FollowDirectorySymlinks yes > #FollowFileSymlinks yes > #SelfCheck 600 > User clamav > > r...@sunrise:/usr/local/src/clamav-0.94.2# more /etc/clamav-milter.conf > MilterSocket /var/spool/postfix/clamav/clamav-milter > #FixStaleSocket yes > User clamav > #AllowSupplementaryGroups no > ReadTimeout 0 > #Foreground yes > #Chroot /newroot > PidFile /var/run/clamav/clamavmilter.pid > #TemporaryDirectory /var/tmp > ClamdSocket unix:/var/spool/postfix/clamav/clamd.socket > #ClamdSocket tcp:127.0.0.1:3310 > > > Best regards > - Jarek Kustosik > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml If built from source, and not otherwise configured, I think the config files should be in /usr/local/etc, not /etc. hth, Steve -- Steve Holdoway ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] MakeFile error: `SMFIF_QUARANTINE' undeclared (first use in this function)
On Tue, 2009-04-28 at 01:21 -0700, martinnitram wrote: > A old machine that running RH 7.3, with sendmail 8.11, work fine till > clamav-0.94.2 as before. > Today tried to compile source clamav 0.95.1, with milter support but > cannot sucess. It shown warning > 'WARNING: ** not building clamdtop: ncurses not found' > at ./configure period and make file and shown > > clamav-milter.c: In function `main': > clamav-milter.c:59: `SMFIF_QUARANTINE' undeclared (first use in this > function) > clamav-milter.c:59: (Each undeclared identifier is reported only once > clamav-milter.c:59: for each function it appears in.) > make[2]: *** [clamav-milter.o] Error 1 > > After googled, it seem new clamav need sendmail 8.13 or above. Is that had > any options that allow new clamav, with milter, run under some old config > machine? > >Thank a lot. > Installing ncurses shouldn't be a problem, but the milter interface had a load of work between 8.11 and 8.13, extending the functionality. As the milter interface has been completely rewritten ( no longer standalone, but now using clamd ), you're going to have to upgrade I'm afraid! It would be worth trying to build sendmail 8.13 from source if ther's no alternative. hth, Steve -- http://www.greengecko.co.nz ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Milter Woes...
Last night, clamav fell over. This is just about the first time it's happened. The problem is, it took out the mail server completely. I'm integrating into sendmail using the following line in sendmail.mc INPUT_MAIL_FILTER(`clamav',`S=unix:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m')dnl and I get pairs of lines like Aug 11 02:47:30 server sm-mta[29787]: k7AElU70029787: Milter (clamav): local socket name /var/run/clamav/clmilter.sock unsafe Aug 11 02:47:30 server sm-mta[29787]: k7AElU70029787: Milter (clamav): to error state Aug 11 02:47:30 server sm-mta[29787]: k7AElU70029787: Milter: initialization failed, temp failing commands in the sendmail logs, and no mail is delivered. Is there any way I can set my mail server up ( debian, sendmail 8.13.7 ) such that it keeps on delivering unchecked mail in these circumstances??? Cheers, Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Milter Woes...
On Thu, 10 Aug 2006 17:57:18 -0500 René Berber <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Steve Holdoway wrote: > > > Last night, clamav fell over. This is just about the first time it's > > happened. The problem is, it took out the mail server completely. > > > > I'm integrating into sendmail using the following line in sendmail.mc > > > > INPUT_MAIL_FILTER(`clamav',`S=unix:/var/run/clamav/clmilter.sock, F=T, > > T=S:4m;R:4m')dnl > > > > and I get pairs of lines like > > > > Aug 11 02:47:30 server sm-mta[29787]: k7AElU70029787: Milter (clamav): > > local socket name /var/run/clamav/clmilter.sock unsafe > > Aug 11 02:47:30 server sm-mta[29787]: k7AElU70029787: Milter (clamav): to > > error state > > Aug 11 02:47:30 server sm-mta[29787]: k7AElU70029787: Milter: > > initialization failed, temp failing commands > > > > in the sendmail logs, and no mail is delivered. > > > > Is there any way I can set my mail server up ( debian, sendmail 8.13.7 ) > > such that it keeps on delivering unchecked mail in these circumstances??? > > - From the clamav-milter/INSTALL doc: > > "If you see an unsafe socket error from sendmail, it means that the > permissions > of the /var/run/clamav directory are too open. Check you have correctly run > chown and chmod, it may also mean that clamav-milter hasn't started, run > ps and check your logs." Thet'll need to be reworded then, as this message is also shown when the socket is not there. > > and also: > > "You may also think about the F= entry in sendmail.mc, since it tells sendmail > what to do with emails if clamav-milter is not running. Setting F=T will tell > the remote end to resend later (temporary failure), setting F=R will reject > the email (permanent failure) and setting F= will pass the email through as > though clamav-milter were not installed, in this case you should warn your > users that emails are not being scanned. We recommend setting F=T." Thanks for that, I had a good read of the pros and cons thanks to Mr. O'Reilly, and will be taking that path. > > I no instances should sendmail have stopped, so you may have other problems. Sendmail has not stopped, it's just not allowing any mail to be delivered as I said. Well actually, what I meant, rather than what I said (: > - -- > René Berber > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.4 (Cygwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFE27nOL3NNweKTRgwRAiMWAKD6XchRre0lG9/4LKQYMWkeNMiSzgCfSre9 > 3vS1TzT5/Q9QB1deE2BbxUY= > =u9fG > -END PGP SIGNATURE- > > ___ > http://lurker.clamav.net/list/clamav-users.html > Cheers, Steve. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Freshclam won't update
What's the chances it's a permissions issue on the local server - seeing as it's a local problem - or have we covered this?? Steve $ cd /usr/local/share/clamav $ ls -ld . drwxrwxr-x 2 clamav clamav 4096 Aug 22 12:00 . $ ls -l total 5948 -rw-r--r-- 1 clamav clamav 202133 Aug 22 12:00 daily.cvd -rw-r--r-- 1 clamav clamav 5858804 Aug 17 07:59 main.cvd $ sigtool --info=daily.cvd Build time: 21 Aug 2006 23-56 + Version: 1704 # of signatures: 2020 Functionality level: 8 Builder: ccordes MD5: e91a46e2255fd5be8f9a88064f98a7ba Digital signature: bZPwcTcdfBQuq3wuq24ZA3HPqHh6vRywKIHPTIBO4rOaigUhU8bpN0qry2Cn/1xjpsfjwPOSZEvI/yuAySuxM/zFEpRss61zcetwKe7Si34RK9kPAHASd14qMiPMsiuQfapUkDVicl0d+8MrseIeGvmGLye3SkaPbFUQsGGLh2h Verification OK. On Tue, 22 Aug 2006 10:42:56 +1000 "Robert S" <[EMAIL PROTECTED]> wrote: > > > > sigtool --info=daily.cvd > > > > # sigtool --info=daily.cvd > Build time: 21 Aug 2006 15-23 + > Version: 1702 > # of signatures: 2006 > Functionality level: 8 > Builder: ccordes > MD5: bbb1f654dc3e11a3c3d925e93d7781bd > Digital signature: > VZMPjrsSTdegG3omHNVKd7Cy24wXgcFdeO/cIGorNfxNGB/VSKL0EXXqIUZXV > Ed13VVHK+ZFJ2xjwAbPudI9+VxeiGJsUkqSp8YxSIR4YJyN+NZUmk6YmED4bR+6T8N6soCUZAnhcCOtT > lTU2R0/HjTE080hYffaUwRWEvlF+gf > Verification OK. > > Looks like the version is the old one?? > ___ > http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav scan crashes server
On Wed, 6 Sep 2006 13:53:57 +0100 "Casper Gasper" <[EMAIL PROTECTED]> wrote: > I wouldn't take it as axiomatic that if an option isn't in the help, > it doesn't exist, so I really don't think it's a stupid question to > ask. I was about to ask it too, and a simple yes or no would have > sufficed. But as the previous poster suggested, no-one's under any > obligation to reply. If you think it's a stupid question, why don't > you just ignore it? > > Casper. > ___ > http://lurker.clamav.net/list/clamav-users.html Hey Casper, As an administrator of an oss project myself, I couldn't agree more! My help stuff is the last to get updated... must do it now! Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Anyone else having problems with the AU mirror for updates?
Yup, since 9am. But not on my servers in the US. Steve On Thu, 12 Oct 2006 11:33:23 +1000 Peter Kiem <[EMAIL PROTECTED]> wrote: > Hi, > > For a number of hours I have been getting this on multiple sites I run > clamAV at > > ERROR: daily.cvd not found on remote server > ERROR: Can't download daily.cvd from db.AU.clamav.net (IP: 203.28.142.36) > ERROR: Mirrors are not fully synchronized. Please try again later. > > > Anyone else getting this? > > -- > Regards, > Peter Kiem > > Zordah IT - IT Consultancy and Internet Services > Ph: (0414) 724-766 Fax: (07) 3344-5827 > Web: www.zordah.net Email: [EMAIL PROTECTED] > ___ > http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.90RC1 ( and cvs ) crashing on linux.
Running clamav as a sendmail milter - sendmail 8.13.8 on fedora linux - and
it's crashing on me.
LibClamAV Warning: URL http://sgetgen.com/gen/et/ failed to download: a timeout
was reached
LibClamAV Warning: URL http://www.vokoliondefunhasdeinter.com failed to
download: a timeout was reached
LibClamAV Warning: URL http://www.vokoliondefunhasdeinter.com failed to
download: couldnt resolve host name
LibClamAV Warning: Libcurl has segfaulted on
'http://www.vokoliondefunhasdeinter.com'
ERROR: Segmentation fault :-( Bye..
LibClamAV Warning: URL http://www.vokoliondefunhasdeinter.com failed to
download: a timeout was reached
*** glibc detected *** free(): invalid pointer: 0xb7f78cd8 ***
LibClamAV Warning: Libcurl has segfaulted on
'http://www.pojinmdetunherinkdase.com'
Does anyone have any ideas?
also, it still won't compile using the --enable-milter configure option unless
I doctor the source code...
clamav-milter.c about line 1802. I have to delete the #if and #endif lines ( as
I *am* using 8.13.x )
#if ((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) &&
(SENDMAIL_VERSION_B >= 13)))
if(smfi_opensocket(1) == MI_FAILURE) {
cli_errmsg("Can't open/create %s\n", port);
return EX_CONFIG;
}
#endif
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90RC1 ( and cvs ) crashing on linux.
Just a quick update - I ran it in debug mode, and it looks like libcurl is the
culprit... any ideas why? I've got
curl-7.12.3-6.fc3
curl-devel-7.12.3-6.fc3
installed.
LibClamAV debug: Downloading URL http://hg465rnamd5q8hzbkkhumzzh.bowerletji.st
to be scanned
LibClamAV debug: URL http://hg465rnamd5q8hzbkkhumzzh.bowerletji.st already
downloaded
LibClamAV debug: blobDestroy
LibClamAV debug: checkURLs: waiting for 1 thread(s) to finish
LibClamAV debug: Saving http://hg465rnamd5q8hzbkkhumzzh.bowerletji.st to
/tmp/clamav-526e190b347aed9fcf795acfdc6a1fc6/http:__hg465rnamd5q8hzb
kkhumzzh.bowerletji.st
LibClamAV Warning: Libcurl has segfaulted on
'http://hg465rnamd5q8hzbkkhumzzh.bowerletji.st'
LibClamAV debug: messageAddArgument, arg='filename=mixedtextportion'
LibClamAV debug: messageToFileblob
LibClamAV debug: messageExport: numberOfEncTypes == 1
LibClamAV debug: messageExport: enctype 0 is 1
LibClamAV debug: blobSetFilename: mixedtextportion
LibClamAV debug: fileblobSetFilename:
mkstemp(/tmp/clamav-526e190b347aed9fcf795acfdc6a1fc6/mixedtextportionXX)
LibClamAV debug: Saving attachment as
/tmp/clamav-526e190b347aed9fcf795acfdc6a1fc6/mixedtextportion1u73dV
LibClamAV debug: Exported 5246 bytes using enctype 1
LibClamAV debug: fileblobDestroy: mixedtextportion
LibClamAV debug: Now read in part 0
LibClamAV debug: Empty part
LibClamAV debug: The message has 1 parts
LibClamAV debug: Find out the multipart type (alternative)
LibClamAV debug: Multipart alternative handler
LibClamAV debug: Mixed message with 1 parts
LibClamAV debug: Mixed message part 0 is of type 0
LibClamAV debug: No mime headers found in multipart part 0
LibClamAV debug: No plain text alternative
LibClamAV debug: Adding to non mime-part
LibClamAV debug: Save non mime and/or text/plain part
LibClamAV debug: blobSetFilename: textpart
LibClamAV debug: fileblobSetFilename:
mkstemp(/tmp/clamav-526e190b347aed9fcf795acfdc6a1fc6/textpartXX)
LibClamAV debug: Saving attachment as
/tmp/clamav-526e190b347aed9fcf795acfdc6a1fc6/textpartojj598
LibClamAV debug: textToFileBlob to textpart, destroy = 1
LibClamAV debug: fileblobDestroy: textpart
LibClamAV debug: cli_mbox returning 0
LibClamAV debug: Matched signature for file type HTML data at 98
LibClamAV debug: in cli_scanhtml()
LibClamAV debug: mmap'ed file
LibClamAV debug: Matched signature for file type HTML data at 146
LibClamAV debug: in cli_scanhtml()
LibClamAV debug: mmap'ed file
LibClamAV debug: clamfi_cleanup
LibClamAV debug: clamfi_free
LibClamAV debug: clamfi_free: n_children = 4
LibClamAV debug: wrote:
> Running clamav as a sendmail milter - sendmail 8.13.8 on fedora linux - and
> it's crashing on me.
>
> LibClamAV Warning: URL http://sgetgen.com/gen/et/ failed to download: a
> timeout was reached
> LibClamAV Warning: URL http://www.vokoliondefunhasdeinter.com failed to
> download: a timeout was reached
> LibClamAV Warning: URL http://www.vokoliondefunhasdeinter.com failed to
> download: couldnt resolve host name
> LibClamAV Warning: Libcurl has segfaulted on
> 'http://www.vokoliondefunhasdeinter.com'
> ERROR: Segmentation fault :-( Bye..
> LibClamAV Warning: URL http://www.vokoliondefunhasdeinter.com failed to
> download: a timeout was reached
> *** glibc detected *** free(): invalid pointer: 0xb7f78cd8 ***
> LibClamAV Warning: Libcurl has segfaulted on
> 'http://www.pojinmdetunherinkdase.com'
>
> Does anyone have any ideas?
>
>
> also, it still won't compile using the --enable-milter configure option
> unless I doctor the source code...
>
> clamav-milter.c about line 1802. I have to delete the #if and #endif lines (
> as I *am* using 8.13.x )
>
> #if ((SENDMAIL_VERSION_A > 8) || ((SENDMAIL_VERSION_A == 8) &&
> (SENDMAIL_VERSION_B >= 13)))
> if(smfi_opensocket(1) == MI_FAILURE) {
> cli_errmsg("Can't open/create %s\n", port);
> return EX_CONFIG;
> }
> #endif
>
>
>
>
> ___
> http://lurker.clamav.net/list/clamav-users.html
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90RC1 ( and cvs ) crashing on linux.
On Tue, 17 Oct 2006 13:17:52 +0300 "Török Edvin" <[EMAIL PROTECTED]> wrote: > On 10/17/06, Stephen Gran <[EMAIL PROTECTED]> wrote: > > On Tue, Oct 17, 2006 at 08:39:40AM +1300, Steve Holdoway said: > > With > > curl 7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 > > libidn/0.6.5 > > > > I can download the url you supplied just fine. Either there is a bug in > > curl or in how it's being called. That being said, I thought I > > remembered people saying that the MailFollowURLs bit of code wasn't the > > heaviest tested, so you may want to just disable that option for now. > > -- > > It is a bug in how libcurl handles timeouts. The issue is documented > in the source code. > There has been a discussion on the libcurl mailing list about this, > unfortunately nobody implemented a solution. > Please see: http://curl.haxx.se/mail/lib-2006-09/0225.html, and > http://curl.haxx.se/mail/lib-2006-09/0235.html > > If you are not running clamav on a production server, you can try > building it with --enable-experimental, because then curl won't be > used. > > Best regards, > Edwin > ___ > http://lurker.clamav.net/list/clamav-users.html OK, tried that and it still fell over. Here's the end of the clamav log... LibClamAV debug: Part 0 has 53 lines LibClamAV debug: Mixed message part 0 is of type 6 LibClamAV debug: Mixed message text part disposition "" LibClamAV debug: Mime subtype "html" LibClamAV debug: messageToBlob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 1 LibClamAV debug: Attachment sent with no filename LibClamAV debug: messageAddArgument, arg='name=attachment' LibClamAV debug: blobSetFilename: attachment LibClamAV debug: Exported 2011 bytes using enctype 1 LibClamAV debug: getHrefs: calling html_normalise_mem LibClamAV debug: getHrefs: html_normalise_mem returned LibClamAV debug: PH:href with no contents? LibClamAV debug: checkURLs: waiting for 0 thread(s) to finish LibClamAV debug: blobDestroy LibClamAV debug: messageAddArgument, arg='filename=mixedtextportion' LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 1 LibClamAV debug: blobSetFilename: mixedtextportion LibClamAV debug: fileblobSetFilename: mkstemp(/tmp/clamav-48e038d59198ac9eafb5dc397251d172/mixedtextportionXX) LibClamAV debug: Saving attachment as /tmp/clamav-48e038d59198ac9eafb5dc397251d172/mixedtextportionnK2cck LibClamAV debug: Exported 2011 bytes using enctype 1 LibClamAV debug: fileblobDestroy: mixedtextportion LibClamAV debug: Now read in part 0 LibClamAV debug: Empty part LibClamAV debug: The message has 1 parts LibClamAV debug: Find out the multipart type (alternative) LibClamAV debug: Multipart alternative handler LibClamAV debug: Mixed message with 1 parts LibClamAV debug: Mixed message part 0 is of type 0 LibClamAV debug: No mime headers found in multipart part 0 LibClamAV debug: No plain text alternative LibClamAV debug: Adding to non mime-part LibClamAV debug: Multipart alternative handler LibClamAV debug: Mixed message with 2 parts LibClamAV debug: Mixed message part 1 is of type 3 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: keen.gif LibClamAV debug: fileblobSetFilename: mkstemp(/tmp/clamav-48e038d59198ac9eafb5dc397251d172/keen.gifXX) LibClamAV debug: Saving attachment as /tmp/clamav-48e038d59198ac9eafb5dc397251d172/keen.gifILOzhC LibClamAV debug: Exported 28977 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (@ 0 @) LibClamAV debug: fileblobDestroy: keen.gif LibClamAV debug: fileblobSetFilename: mkstemp(/tmp/clamav-48e038d59198ac9eafb5dc397251d172/keen.gifXX) LibClamAV debug: Saving attachment as /tmp/clamav-48e038d59198ac9eafb5dc397251d172/keen.gifILOzhC LibClamAV debug: Exported 28977 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (@ 0 @) LibClamAV debug: fileblobDestroy: keen.gif LibClamAV debug: cli_mbox returning 0 LibClamAV debug: Matched signature for file type HTML data at 63 LibClamAV debug: in cli_scanhtml() LibClamAV debug: mmap'ed file LibClamAV debug: Recognized GIF file LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: HTTP status 302 LibClamAV debug: Redirecting to http://c.azjmp.com/az/ch.php?f=1159&i=15906&sub=1017AP&pop=&aux=&bypass=^M LibClamAV debug: Saving http://c.azjmp.com/az/ch.php?f=1159&i=15906&sub=1017AP&pop=&aux=&bypass=^M to /tmp/clamav-87a0cc900c3e3406f9f0b812b5fcb856/http:__apr105.com_t_c_1787_li
Re: [Clamav-users] Complexity limit on (custom) signatures?
On Mon, 30 Oct 2006 19:35:13 +0100 aCaB <[EMAIL PROTECTED]> wrote: > So, this: > 474946383761??(01|00)??0044 > Should really read: > 47494638376144 Or even 474946383761??0(0|1)??0044 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Complexity limit on (custom) signatures?
On Tue, 31 Oct 2006 07:48:46 +1300 Steve Holdoway <[EMAIL PROTECTED]> wrote: > On Mon, 30 Oct 2006 19:35:13 +0100 > aCaB <[EMAIL PROTECTED]> wrote: > > > So, this: > > 474946383761??(01|00)??0044 > > Should really read: > > 47494638376144 > > Or even > > 474946383761??0(0|1)??0044 Sorry, scrap that. No coffee yet this morning (: ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter quiting
Look at permissions on the parent directory, and it's parent Steve On Thu, 2 Nov 2006 20:41:08 +0100 "Michael Grant" <[EMAIL PROTECTED]> wrote: > Even after I create this directory by hand and make it owned by > clamav, group clamav clamav-milter still quits with this same error. > Stranger still, clamav-milter or something, removes this directory and > then complains it's not there. > > I'd be really happy if someone had some ideas here, this is driving me > nuts restarting clamav-milter every day or so. > > Michael Grant > > On 11/1/06, Michael Grant <[EMAIL PROTECTED]> wrote: > > Yes, that dir does exist and is owned by clamav, group clamav. > > > > I tried mkdir /var/db/clamav/daily.inc to see if it was expecting a > > dir and not a file. Can anyone confirm what clamav-milter is > > expecting here? So far, one hour later and it hasn't quit again but > > sometimes it goes for several days. > > > > Michael Grant > > > > On 11/1/06, Dennis Peterson <[EMAIL PROTECTED]> wrote: > > > Michael Grant wrote: > > > > Clamav-milter is quiting on me. It seems to be that daily.inc doesn't > > > > exist. Can someone please tell me how to create this file? > > > > > > > > > Does this directory exist and if so is it writable by the user your > > > process runs as? > > > > > > /var/db/clamav/ > > > > > > dp > > > ___ > > > http://lurker.clamav.net/list/clamav-users.html > > > > > > > > > ___ > http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to packagers
On Tue, 07 Nov 2006 11:12:03 -0700 Jim Redman <[EMAIL PROTECTED]> wrote: [snip] My take on your post is that installing software blindly on a multi-user system is at best irresponsible. On a workstation on your desk, the effects of your actions are limited to you alone. This is not the case on a server. It supports your business model, which is unique to you, so the products you use to perform this function need to be well understood and uniquely configured to support your model. I've just had a rant^H^H^H^H email from someone who wants to deploy our product on 45 remote sites but wants us to confirm that it'll work, as he can't find the time to test ( or even install ) it first! Of course we think it'll work, but I ask myself at that point whether he's in the right job! I treat all third party products with the same respect, no matter their complexity. The nike approach cannot be taken in this environment. Steve. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Tue, 07 Nov 2006 14:43:11 -0700 Jim Redman <[EMAIL PROTECTED]> wrote: > Bowie, > > Bowie Bailey wrote: > > Hassle? > > > > My not-so-automated update process looks like this: > > > > wget (link to current clamav-XXX.tar.gz) > > tar xzf clamav-XXX.tar.gz > > cd clamav-XXX > > configure --disable-zlib-vcheck > > make > > su > > make install > > service clamav restart > > service freshclam restart > > The obvious observation that while this might work for you it's not a > general solution, so now everyone needs to create a script. > > If you use only one computer for a firewall and mail machine (as I do) > it is a generally considered a bad idea to have gcc on that system - a > missing compiler provides one more challenge once the system is hacked. As opposed to downloading an executable, running a script? If you've got access to the machine at a level that a compiler can be of use to you then the server's lost anyway. Do you offer webmail services? Then you've probably got php installed on your mail server... You really do need to get out of the mindset that you don't actually need to know what you're doing to administer a server. It is *NOT* a trivial task, requires skills to support it, and years of experience to do it well. Unfortunately, nobody thinks that way until they've seen the mess. Sorry to take this off topic, but I've made my living as a freelance sysadmin since 1987 and I've seen the results time and time again. Steve ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Download 0.90.xx
Is there a reason I'm pointed to a page only offering 0.88.6 when I try and download 0.90.rc1 or .rc2? If I 'upgrade' from my current cvs version to 0.88.6, will I have to revert my config files to the old format? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to run clamscan for a list of files from a file?
On Tue, 28 Nov 2006 13:58:22 -0800 Dennis Peterson <[EMAIL PROTECTED]> wrote: > René Bellora wrote: > > > > >>> This sounded like a good idea, so I gave it a try. After spending a > >>> few hours to script the softlinks I got it to work for small file > >>> lists, but it still doesn't work for lots of files (~5000). When I > >>> run 'clamscan /tmp/clamscan/*' I get the following error: > >>> > >>> /usr/bin/clamscan: Argument list too long > >> > > this could be circumvented with xargs: > > cd /tmp/clamscan > > find . -type f -print0 | xargs -0 clamscan > > Assumes Linux, or at least gnu find and xargs, but also the files are > soft links so the -type f automatically fails. There *are* ways round that -o -type ... > > Also, I believe the OP was interested in finding a way to scan all the > files from a single invocation of clamscan and xargs won't necessarily > do that. No, it's designed to work around the limitations of your OS, and provide the most efficient solution. > > As the requirements have evolved it seems more likely a Perl solution is > most attractive both for creating the list and for logging the results. > And it will eliminate the earlier suggestion of using soft links. This > looks interesting: > http://www.fpsn.net/index.cgi?pg=products&product=File::Scan::ClamAV > > It allows sending files as streams to clamd so there is only a single > invocation of perl and clamd is presumed already running. > > Finally, it is still possible to hack clamscan to read in a file that > contains a list of names of files to scan. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Mailware passes undetected.... is this a failure within my MTA?
On Tue, 16 Jan 2007 08:15:41 +0300 Odhiambo Washington <[EMAIL PROTECTED]> wrote: > * On 15/01/07 21:12 -0800, Dennis Peterson wrote: > | Odhiambo Washington wrote: > | >Hi, > | > > | >For some strange reasons, I've seen some malware go past my filters > | >on several occasions. > | >One such case is today, where a mail containing two attachments, one > | >a gif and the other a zip archive, skipped clamd completely and was > | >delivered to my inbox. > | > > | >However, when I extract the attachment from the file and scan it with > | >clamd, the worm is detected. > | > > | >Either this is a failure of the configuration on my MTA, or in the > | >way clamd analyzes such e-mail. I am running 0.88.7. > | > | Do you have any kind of minimum size limit a message must have before it > | is a candidate for scanning? Many sites don't scan very large messages > | because they are outside the typical size for spam/viruses. It's a > | choice that brings some risk but it does make things more efficient. > > Yes, I don't subject to scanning any mails whose size exceed 1MB, but > the mail in question does not meet this criteria. > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > DISCLAIMER: See http://www.wananchi.com/bms/terms.php > > -- > +==+ > |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> > Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com >|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +==+ > > New members urgently required for SUICIDE CLUB, Watford area. > -- Monty Python's Big Red Book > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html Don't forget that mails are delivered in base 64 (usually??) if they're binary, and this could exceed the 1MB threshold if they're of any size, as they're a lot bigger than the final target.. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] milter problems...
Just tried 0.90rc3 as a milter with sendmail 8.14.0. No go ): Steve Redirected virus to [EMAIL PROTECTED] Warning: URL http://sdtger.yahujo.hk/?61039975 failed to download: server returned nothing (no headers, no data) LibClamAV Warning: URL http://www.wwateqrsblues.com failed to download: couldn't resolve host name LibClamAV Warning: URL http://www.acure.hk failed to download: server returned nothing (no headers, no data) LibClamAV Warning: URL http://tkqwir.drosserin.net/?09261892 failed to download: server returned nothing (no headers, no data) LibClamAV Warning: URL http://newsletters.clickz.com/c.html?rtr=ons=auxa,24in,52v,i0r0,5ylx,6mk2,iury will not be scanned LibClamAV Warning: URL http://daojfb.ezylive.info/?35687912 failed to download: couldn't connect to server LibClamAV Warning: URL http://269_chracter_url.com/LibClamAV Warning: URL http://accesd.desjardins.com.en.accesd.login.name.680058-0swfg2hq1pu5ma0eu.vhaueo.hk/accessd/desjardins.com/en/?id=4215483652amp;account=hgietis3iyyst8uwihvoeq-7782oteewajugyuuwyxeyul82a82365di5iafouvrh-4804amp;verifyid=2byoi3uadaowLibClamAV Warning: URL http://170.uwfgwjkrgdatiger.com/ failed to download: couldn't resolve host name ERROR: Segmentation fault :-( Bye.. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Strange messages from 0.90
I've just upgraded my version of clamav, built using the following: ./configure --enable-milter --disable-clamuko make make install I then ran freshclam -v, and got the following output... server:/usr/local/src/clamav-0.90# freshclam -v Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Thu Feb 15 08:20:47 2007 Querying current.cvd.clamav.net TTL: 575 Software version from DNS: 0.90 main.cvd version from DNS: 42 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) daily.cvd version from DNS: 2568 daily.inc is up to date (version: 2568, sigs: 7032, f-level: 13, builder: acab) Starting up clamav-milter strangely produced this output... LibClamAV Warning: ** LibClamAV Warning: *** The virus database is older than 7 days. *** LibClamAV Warning: ***Please update it IMMEDIATELY! *** LibClamAV Warning: ** Also, when I look through the sendmail logs, I note a version number for the milter which is not what I expect... Milter add: header: X-Virus-Scanned: ClamAV version 0.90, clamav-milter version devel-120207 Can anyone throw any light on any of these - ie what am I doing wrong??? Cheers, Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On Thu, 15 Feb 2007 19:26:34 -0800 Dennis Peterson <[EMAIL PROTECTED]> wrote: > > I realize that and I apologize, but I've got a lot going on just now. > There's not a lot to say yet. Solaris 9 in a Sun E250 w/2g ram, 80,000 > messages/day per instance, running with a milter (J-chkmail - beautiful > milter, Jose!) in Sendmail 8.14.0. It all works perfectly with 0.88.7 > and every previous version. The configs were carefully updated with the > new conf file samples, all permissions/ownerships verified, a fresh > install of bzip2 was built just for this and it works great, too. Have you patched 8.14.0. I had everything falling over until I did that... http://www.sendmail.org/patches/milter.rcpt.rej.p0 (clamav 0.90/clamav-milter/debian test 32 bit/dual xeon/4gb) Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
OK, I'm in Christchurch. What's my timezone come up as??? On Sat, 17 Feb 2007 09:58:04 + carren stuart <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > > Ugg, as much as I hate to continue this OT subject. Something with your > > time > > is jacked. Whether it be your time or timezone I don't really care or care > > enough to tell you where you have it wrong. You mail is showing up in > > peoples mailboxes as if were sent tomorrow. It looks like +13 hours > > just at > > glancing. You are triggering the DATE_IN_FUTURE_12_24 of Spamassassin. > > Something is hosed man. > > We are currently in daylight savings time which IS UTC +13 > > See this link for an explanation: > > http://www.timeanddate.com/worldclock/city.html?n=22 > > > I'm sorry ... but I don't know how to explain this any better than it's > already been explained. > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
On Sat, 17 Feb 2007 05:00:14 -0500 Gerard Seibert <[EMAIL PROTECTED]> wrote: > On Saturday February 17, 2007 at 04:20:22 (AM) Steve Holdoway wrote: > > > OK, I'm in Christchurch. What's my timezone come up as??? > > Please don't top post. If you don't know what that means, Google for it. > > I am assuming you are referring to: Christchurch, New Zealand . > > Check out these two URLS, which were the first two I found while doing a > Google search for Christchurch. > > http://www.timeanddate.com/worldclock/timezone.html?n=951 > http://academickids.com/encyclopedia/n/ne/new_zealand.html > > -- > Gerard > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html Thankyou for your informative suggestion. I posted as an example of what a correctly set up mail client from someone in New Zealand should look like for an argumentative poster, also from godzone, to see what theirs should look like. I would have expected people with a pathological hatred of top posting, even a single line suggesting that the sender examine the headers of the post, to be able to follow a mail thread. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
On Mon, 19 Feb 2007 15:25:26 -0800 Dennis Peterson <[EMAIL PROTECTED]> wrote: > carren stuart wrote: > > Dennis Peterson wrote: > > > >> Not quite right yet, Carren. > > > > Sigh > > > > If it's not right this time I'm throwing this thing out the window and > > going back to a slate and chalk! > > I think the Maori tradition for successes like this is to go out and > have a beer. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html Pakeha, too (: ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with clamd.conf
On Thu, 22 Feb 2007 12:04:37 +1100 Graeme Nichols <[EMAIL PROTECTED]> wrote: > I then uncommented the AllowSupplementaryGroups line and added '=1' to > the end and got the following error: try true (: Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
