[clamav-users] scanning mp3-files with clamscan

[Christian]

Hi,

I want to scan an mp3-file (about 60 MB in size).
My command is:

clamscan
/home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3

Yet I get the message: "Data scanned: 0.00 MB"
First I thought that the file was too large, so I used a new command:

clamscan --max-filesize=300M --max-scansize=300M
/home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3

But this didn´t work either.
In the meantime I think that´s due to the nature of the respective file.
The file being mp3.
Could this be the case?

I also tried:

dd
if=/home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3
| clamscan -

Output:

126592+1 Datensätze ein
126592+1 Datensätze aus
64815503 bytes (65 MB, 62 MiB) copied, 10,9642 s, 5,9 MB/s
stdin: OK

--- SCAN SUMMARY ---
Known viruses: 6299938
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 61.81 MB (ratio 0.00:1)
Time: 11.596 sec (0 m 11 s)

Is there any way of scanning mp3-files with clamscan?

Greetings.
Rosika


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fwd: Re: scanning mp3-files with clamscan

[Christian]

 Weitergeleitete Nachricht 
Betreff:Re: [clamav-users] scanning mp3-files with clamscan
Datum:  Tue, 11 Jul 2017 14:09:47 +0200
Von:Christian 
An: G.W. Haywood 



Hi,

thanks for the suggestion-

*cat file | gzip | clamscan -**
*
worked. But probably because of the filesize I had to type

*cat
wdr3hoerspiel_2016-12-21_sherlockholmesunddasgeheimnisdesweissenbandesteil1_wdr3.mp3
| gzip | clamscan --max-filesize=1000M --max-scansize=1000M -*

It seems to be a practical workaround.

Greetings.
Rosika



Am 09.07.2017 um 19:21 schrieb G.W. Haywood:
> Hi there,
>
> On Sun, 9 Jul 2017, Rosika wrote:
>
>> I want to scan an mp3-file (about 60 MB in size).
>> Yet I get the message: "Data scanned: 0.00 MB"
>> ...
>> Is there any way of scanning mp3-files with clamscan?
>
> Try compressing the file with gzip first:
>
> cat file | gzip | clamscan -
>

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] How to scan a single partition

[Christian]

Hi altogether,

My system is Linux/Lubuntu 20.04.2 LTS, 64 bit.

I have *three* partitions: root-, home- and a third (data-)partition 
with 23 GB, 36 GB and 193 GB respectively plus 3 usb-sticks:


df -h
Dateisystem    Größe Benutzt Verf. Verw% Eingehängt auf
udev    1,9G   0  1,9G    0% /dev
tmpfs   386M    1,8M  384M    1% /run
/dev/sdc1    23G 13G  9,4G   58% /                            # 
root partition

tmpfs   1,9G   0  1,9G    0% /dev/shm
tmpfs   5,0M    8,0K  5,0M    1% /run/lock
tmpfs   1,9G   0  1,9G    0% /sys/fs/cgroup
/dev/sdc2    36G 22G   12G   64% /home                       # 
home partition

tmpfs   386M 12K  386M    1% /run/user/1000
/dev/sdf1   7,5G    2,1G  5,4G   29% /media/rosika/A492-CD29         
# usb-stick 1
/dev/sdd1    30G 26G  4,1G   87% /media/rosika/28BC-DAFC        
# usb-stick 2
/dev/sdc3   193G 99G   84G   55% 
/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1      # 3rd partition 
(data-partition)
/dev/sdb 30G 26G  3,9G   87% /media/rosika/74C1-30C7         
  # usb-stick 3



What I want to do is: scan the _root-partition exclusively_, not the 
other ones and not the sticks.


What command would I need for this?

Looking around on the web I found this command 
(https://pikedom.com/clam-anti-virus-on-arch-linux/ ):


/clamscan --recursive --infected 
--exclude-dir='^/sys|^/dev|^/proc|^/var/lib/clamav' --max-filesize=4000M 
--max-scansize=4000M / -l ~/clamav-scan-results/201803261436/


As the starting point is / this would scan everything, right? Which is 
not what I want to achieve.


Thanks for your help in advance.

Many greetings.
Rosika

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to scan a single partition

[Christian]

Hi all and thanks so much for your replies,

@Sorin Petrut Niculae:

So basically I´d have to exclude my home-partition, the 3rd 
(data-)partition and the 3 sticks in the command.


Thanks for the advice.
Greetings.
Rosika


@G.W. Haywood:

Thanks for the suggestion.

Alas I couldn't gel hold of a ClamAV manual.
I also looked around to find some info regarding the "cross filesystem" 
feature but curiously couldn´t find anything.


So I took a look at the man pages and found the following entry:

/−−cross−fs=[yes(*)/no]//
//Scan files and directories on other filesystems.

/As  "df -h" says (shortened):

Filesystem  Size  Used Avail Use% Mounted on
/dev/sdc1    23G   13G  9,4G  58% /
/dev/sdc2    36G   22G   12G  65% /home
/dev/sdf1   7,5G  2,1G  5,4G  29% /media/rosika/A492-CD29
/dev/sdd1    30G   26G  4,1G  87% /media/rosika/28BC-DAFC
/dev/sdc3   193G   99G   84G  55% 
/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1

/dev/sdb 30G   26G  3,9G  87% /media/rosika/74C1-30C7/

/"filesystem/" /is denoted as//_/dev/sdc1_ .

I'm not sure about the *syntax* though. Should I use /  or /dev/sdc1 as  
a starting point:


clamscan --cross-fs=no --recursive --infected 
--exclude-dir='^/sys|^/dev|^/proc|^/var/lib/clamav' --max-filesize=4000M 
--max-scansize=4000M / -l ~/clamav-scan-results/log


OR:

clamscan 
--cross-fs=no --recursive --infected 
--exclude-dir='^/sys|^/dev|^/proc|^/var/lib/clamav' --max-filesize=4000M 
--max-scansize=4000M /dev/sdc1 -l ~/clamav-scan-results/log


Thanks in advance.
Greetings
Rosika
// 


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] problems with freshclam: Incremental update failed

[Christian]

Hi altogether,

I´m on Linux/Lubuntu 20.04.2 LTS (kernel 5.4.0-77-generic)

Clamav and clamav-freshclam are installed and everything was working 
perfectly - until today.


All of a sudden a huge download began. It turned out *freshclam* was 
downloading something.
It almost seemed never-ending. I terminated the download process as a 
UMTS-stick is my sole means of internet connection and I only have 5 GB 
per 28 days available.


After "killall freshclam" I invoked "sudo freshclam" manually to see 
what was going on:

Here´s the output:

sudo freshclam
WARNING: Ignoring deprecated option SafeBrowsing at 
/etc/clamav/freshclam.conf:22
Thu Jul 15 14:42:25 2021 -> ClamAV update process started at Thu Jul 15 
14:42:25 2021

Thu Jul 15 14:42:25 2021 -> ^Your ClamAV installation is OUTDATED!
Thu Jul 15 14:42:25 2021 -> ^Local version: 0.103.2 Recommended version: 
0.103.3
Thu Jul 15 14:42:25 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Thu Jul 15 14:42:25 2021 -> daily database available for update (local 
version: 26231, remote version: 26233)

Current database is 2 versions behind.
Downloading database patch # 26232...
Thu Jul 15 14:42:47 2021 -> !cdiff_apply: lseek(desc, -350, SEEK_END) failed
Thu Jul 15 14:42:47 2021 -> !downloadPatch: Can't apply patch
Thu Jul 15 14:42:47 2021 -> ^Incremental update failed, trying to 
download daily.cvd

Time:  3m 44s, ETA:    0.0s [>] 54.73MiB/54.73MiB
Thu Jul 15 14:46:33 2021 -> Testing database: 
'/var/lib/clamav/tmp.1e4892cb22/clamav-a8cd157a79b0b4419069cca1a5279096.tmp-daily.cvd' 
...

Thu Jul 15 14:46:40 2021 -> Database test passed.
Thu Jul 15 14:46:40 2021 -> daily.cvd updated (version: 26233, sigs: 
1961297, f-level: 90, builder: raynman)
Thu Jul 15 14:46:40 2021 -> main database available for update (local 
version: 59, remote version: 61)

Current database is 2 versions behind.
Downloading database patch # 60...
Thu Jul 15 14:46:50 2021 -> !cdiff_apply: lseek(desc, -350, SEEK_END) failed
Thu Jul 15 14:46:50 2021 -> !downloadPatch: Can't apply patch
Thu Jul 15 14:46:50 2021 -> ^Incremental update failed, trying to 
download main.cvd

Time: 11m 42s, ETA:    0.0s [>] 160.41MiB/160.41MiB
Thu Jul 15 14:58:36 2021 -> Testing database: 
'/var/lib/clamav/tmp.1e4892cb22/clamav-6ec7f609a7ab14c45568796eeb326bda.tmp-main.cvd' 
...

Thu Jul 15 14:58:45 2021 -> Database test passed.
Thu Jul 15 14:58:45 2021 -> main.cvd updated (version: 61, sigs: 
6607162, f-level: 90, builder: sigmgr)
Thu Jul 15 14:58:45 2021 -> bytecode.cld database is up-to-date 
(version: 333, sigs: 92, f-level: 63, builder: awillia2)
Thu Jul 15 14:58:45 2021 -> !NotifyClamd: Can't find or parse 
configuration file /etc/clamav/clamd.conf


So basically I received new files: "daily.cvd" and "main.cvd", which 
cost me around 55 MB and 160 MB respectively.


But what I don´t understand is why I get the messages

 "!cdiff_apply: lseek(desc, -350, SEEK_END) failed"

and the resulting

"!downloadPatch: Can't apply patch"

in the first place.

I never had difficulties with freshclam in the past.
I surely cannot afford to have the whole of "daily.cvd" and "main.cvd" 
downloaded every time.


Can anybody tell me why all that is and what can be done about it?

Many thanks in advance.

Greetings from Rosika


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problems with freshclam: Incremental update failed

[Christian]

Hi Joel,


thanks so much for the info. So things seem to be alright in the future. 
That´s great news.


Many thanks again and many greetings.

Rosika and Christian

jesler at cisco.com 
<mailto:clamav-users%40lists.clamav.net?Subject=Re%3A%20%5Bclamav-users%5D%20problems%20with%20freshclam%3A%20Incremental%20update%0A%20failed&In-Reply-To=%3CC86F526D-E930-4124-B7ED-523074007DAE%40cisco.com%3E> 


Christian,

The below is correct.  We published a new main.cvd and daily.cvd yesterday, and 
in order to make your FreshClam instance force download the new files, we have 
to publish a “blank” file, so that FreshClam sees it as an error, and then 
fails over to pick up the full file.  From that point on, it downloads the 
diffs again regularly.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com  <https://www.talosintelligence.com>  |https://www.snort.org  <https://www.snort.org>  |https://www.clamav.net  <https://www.clamav.net>  

>/On Jul 15, 2021, at 10:28 AM, Christian <https://lists.clamav.net/mailman/listinfo/clamav-users>> wrote: />//>/Hi altogether, />//>/I´m on Linux/Lubuntu 20.04.2 LTS (kernel 5.4.0-77-generic) />//>/Clamav and clamav-freshclam are installed and everything was working 
perfectly - until today. />//>/All of a sudden a huge download began. It turned out freshclam was 
downloading something. />/It almost seemed never-ending. I terminated the download process as a 
UMTS-stick is my sole means of internet connection and I only have 5 
GB per 28 days available. />//>/After "killall freshclam" I invoked "sudo freshclam" manually to see 
what was going on: />/Here´s the output: />//>/sudo freshclam />/WARNING: Ignoring deprecated option SafeBrowsing at 
/etc/clamav/freshclam.conf:22 />/Thu Jul 15 14:42:25 2021 -> ClamAV update process started at Thu Jul 
15 14:42:25 2021 />/Thu Jul 15 14:42:25 2021 -> ^Your ClamAV installation is OUTDATED! />/Thu Jul 15 14:42:25 2021 -> ^Local version: 0.103.2 Recommended 
version: 0.103.3 />/Thu Jul 15 14:42:25 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav 
<https://www.clamav.net/documents/upgrading-clamav> 
<https://www.clamav.net/documents/upgrading-clamav 
<https://www.clamav.net/documents/upgrading-clamav>> />/Thu Jul 15 14:42:25 2021 -> daily database available for update 
(local version: 26231, remote version: 26233) />/Current database is 2 versions behind. />/Downloading database patch # 26232... />/Thu Jul 15 14:42:47 2021 -> !cdiff_apply: lseek(desc, -350, SEEK_END) 
failed />/Thu Jul 15 14:42:47 2021 -> !downloadPatch: Can't apply patch />/Thu Jul 15 14:42:47 2021 -> ^Incremental update failed, trying to 
download daily.cvd />/Time: 3m 44s, ETA: 0.0s [>] 54.73MiB/54.73MiB />/Thu Jul 15 14:46:33 2021 -> Testing database: 
'/var/lib/clamav/tmp.1e4892cb22/clamav-a8cd157a79b0b4419069cca1a5279096.tmp-daily.cvd' 
... />/Thu Jul 15 14:46:40 2021 -> Database test passed. />/Thu Jul 15 14:46:40 2021 -> daily.cvd updated (version: 26233, sigs: 
1961297, f-level: 90, builder: raynman) />/Thu Jul 15 14:46:40 2021 -> main database available for update (local 
version: 59, remote version: 61) />/Current database is 2 versions behind. />/Downloading database patch # 60... />/Thu Jul 15 14:46:50 2021 -> !cdiff_apply: lseek(desc, -350, SEEK_END) 
failed />/Thu Jul 15 14:46:50 2021 -> !downloadPatch: Can't apply patch />/Thu Jul 15 14:46:50 2021 -> ^Incremental update failed, trying to 
download main.cvd />/Time: 11m 42s, ETA: 0.0s [>] 160.41MiB/160.41MiB />/Thu Jul 15 14:58:36 2021 -> Testing database: 
'/var/lib/clamav/tmp.1e4892cb22/clamav-6ec7f609a7ab14c45568796eeb326bda.tmp-main.cvd' 
... />/Thu Jul 15 14:58:45 2021 -> Database test passed. />/Thu Jul 15 14:58:45 2021 -> main.cvd updated (version: 61, sigs: 
6607162, f-level: 90, builder: sigmgr) />/Thu Jul 15 14:58:45 2021 -> bytecode.cld database is up-to-date 
(version: 333, sigs: 92, f-level: 63, builder: awillia2) />/Thu Jul 15 14:58:45 2021 -> !NotifyClamd: Can't find or parse 
configuration file /etc/clamav/clamd.conf />//>/So basically I received new files: "daily.cvd" and "main.cvd", which 
cost me around 55 MB and 160 MB respectively. />//>/But what I don´t understand is why I get the messages />//>/"!cdiff_apply: lseek(desc, -350, SEEK_END) failed" />//>/and the resulting />//>/"!downloadPatch: Can't apply patch" />//>/in the first place. />//>/I never had difficulties with freshclam in the past. />/I surely cannot afford to have the whole of "daily.cvd" and 

[clamav-users] false positives for firefox add-ons?

[Christian]

Hello altogether, :-)


perhaps there´s someone here who can help me with a curious phenomenon.

Every now and then I scan the directory where all the firefox-related 
files reside.

This is my command:


clamscan -i -r 
/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2 



Until now I always received a message that no viruses or malicious files 
were found.
Yesterday however (for the first time) I got this (haven´t changed 
anything since the last scan):




/ clamscan -i -r 
/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/


//media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/.mozilla/firefox/b6j58n9u.default/extensions/ad...@darkreader.org.xpi: 
Archive.Test.Agent2-9953724-0 FOUND/
//media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/.mozilla/firefox/b6j58n9u.default/extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi: 
Archive.Test.Agent2-9953724-0 FOUND/
//media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/.mozilla/firefox/b6j58n9u.default/extensions/https-everywh...@eff.org.xpi: 
Archive.Test.Agent2-9953724-0 FOUND/
//media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/.mozilla/firefox/b6j58n9u.default/extensions/umat...@raymondhill.net.xpi: 
Archive.Test.Agent2-9953724-0 FOUND/
//media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/.mozilla/firefox/54d09uby.default-release/extensions/ad...@darkreader.org.xpi: 
Archive.Test.Agent2-9953724-0 FOUND/
//media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/.mozilla/firefox/54d09uby.default-release/extensions/https-everywh...@eff.org.xpi: 
Archive.Test.Agent2-9953724-0 FOUND/
//media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2/.mozilla/firefox/54d09uby.default-release/extensions/umat...@raymondhill.net.xpi: 
Archive.Test.Agent2-9953724-0 FOUND/


/--- SCAN SUMMARY ---/
/Known viruses: 8619741/
/Engine version: 0.103.6/
/Scanned directories: 3315/
/Scanned files: 10867/
/Infected files: 7/
/Data scanned: 632.66 MB/
/Data read: 489.69 MB (ratio 1.29:1)/
/Time: 320.348 sec (5 m 20 s)/
/Start Date: 2022:06:24 16:36:42/
/End Date:   2022:06:24 16:42:02/


Taking a closer look at the results it seems that some extensions for 
firefox were suddenly regarded as a virus of some sort.

They all feature the .xpi extension:

/
//.rw-r--r-- 609k rosika rosika 27 Mai 13:31 ad...@darkreader.org.xpi//
//.rw--- 1,8M rosika rosika 14 Jul  2021 https-everywh...@eff.org.xpi//
//.rw--- 1,5M rosika rosika 20 Jul  2021 umat...@raymondhill.net.xpi//
//.rw-r--r-- 916k rosika rosika 30 Mai 14:44 
{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi/


Out of curiosity I submitted them to virustotal and got this:

1.) ad...@darkreader.org.xpi:

1 security vendor and no sandboxes flagged this file as malicious (but 
only 1 out of 58; perhaps a false positive there as well)



2.) https-everywh...@eff.org.xpi:

No security vendors and no sandboxes flagged this file as malicious (0 / 58)


3.) umat...@raymondhill.net.xpi:

No security vendors and no sandboxes flagged this file as malicious (0 / 58)


4.) {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

No security vendors and no sandboxes flagged this file as malicious (0 / 57)


Any ideas why  clamscan suddenly marked these files as a virus? It seems 
they´re not (according to virustotal).


Thanks a lot in advance for your help.

Many greetings from Rosika  :-)




P.S.:

my system: Linux Lubuntu 20.04.4 LTS, 64 bit___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] false positives for firefox add-ons?

[Christian]

Hi altogether,


thanks so much for your answers.  :-)

It´s quite a relief to get a confirmation by you that the files I was 
referring to were false positives indeed.

Thanks a lot.

@Al:

> This was a false positive as discussed much earlier today on this 
very same list


Oh, I missed that. Sorry for the inconvenience.

In the meantime (after "freshclam") those files aren´t recognized as 
positives any longer. Great!


@Ged:

> It should go away on the next database reload.

Right. Everything´s o.k. now.


Thanks again to all of you.

Many greetings
Rosika  :-)___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] clamav-milter exclude files from scanning

[Christian]

Hi all,

we have a mailserver with clamav-milter and clamd Version 
0.103.8+dfsg-0ubuntu0.16.04.1+esm1.

There we have a cdb ruleset to block some filetypes:

/var/lib/clamav/archive_blocker.cdb withe following content:
attach.blockgz2:*:*:\.[Gg][Zz]$:*:*:*:*:*:*

Now I want to exclude some file extension and added the following 
configuration parameter to my clamd.conf:

ExcludePath .*\.dev$

Then I created two files, one with the extension .123 and one with the 
extension .dev and scanned those files with clamdscan and it works like 
expected:


root@mail:/tmp/test# clamdscan *
/tmp/test/test1.123: attach.blockgz2.UNOFFICIAL FOUND
/tmp/test/test1.dev: OK

--- SCAN SUMMARY ---
Infected files: 1
Time: 0.021 sec (0 m 0 s)
Start Date: 2023:05:24 14:22:18
End Date:   2023:05:24 14:22:18

The file test1.123 gets detected by the cdb rule and the file test1.dev 
is excluded and marked as clean.


But when those files get scanned via clamav-milter both files get 
detected by the cdb rule.
Is there a way to exclude a file extension from being scanned via 
clamav-milter?


Cheers,

Christian
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [Clamav-users] Long time to start Clamd

[christian]

On Wed, Sep 05, 2007 at 12:26:37PM +0200, Thierry Jaboeuf wrote:
> [...] i have as well a lot of signature
> Wed Sep  5 11:52:48 2007 -> Database correctly reloaded (234680 viruses)
> 
> Thats 234680 . much more than the official 150729 i saw on the web 
> site and i don't use yet any script to add more 
[...]
> srv-messagerie:/var/lib/clamav# sigtool -i main.cvd
> Build time: 31 Dec 2006 13:09 +0100
> Version: 42
> Signatures: 83951
> Functionality level: 10
[...]
> Is everything ok ? ;)

150729+83951=234680

you seem to be loading the current db plus an (old/historical?) one...

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error

[christian]

On Mon, Apr 14, 2008 at 05:51:22PM +0100, Brian Morrison wrote:
[...]
> /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined 
> symbol: rarvm_free
[...]

ldconfig?

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] [Clamav-announce] announcing ClamAV 0.93.1rc1

[christian]

On Tue, May 27, 2008 at 12:26:55AM +0200, Luca Gibelli wrote:
> This version improves handling of PDF, CAB, RTF, OLE2 and HTML files
> and includes various bugfixes for 0.93 issues.

working here since a few days in a small family-type environment (just 
a few hundred mails a day), slack 12.0 and slack 12.1 (clamav-milter 
on sendmail, no clamd).

everything looks good, so far.
milter shows finally the db version (again)! :-)

but still a memory hog:
clamav   15030  0.2  7.2 162076 102268 ?   Ssl  May30   3:43 
/usr/local/sbin/clamav-milter --whitelist-file=/OWN/clamav-milter/WHITELIST 
--pidfile=/var/run/clamav/clamav-milter.pid --local --outgoing 
--quarantine-dir=/EXT/home/clamav/quarantine --max-children=5 
--dont-scan-on-error --noreject --headers --postmaster-only --quiet 
local:/var/run/clamav/clamav-milter.sock
158mb/99mb (virt/res) after 30 hours.

btw: after six weeks, 93.0 showed:
clamav   30065  0.2 13.6 254340 193908 ?   Ssl  Apr14 145:20 
/usr/local/sbin/clamav-milter --whitelist-file=/OWN/clamav-milter/WHITELIST 
--pidfile=/var/run/clamav/clamav-milter.pid --local --outgoing 
--quarantine-dir=/EXT/home/clamav/quarantine --max-children=5 
--dont-scan-on-error --noreject --headers --postmaster-only --quiet 
local:/var/run/clamav/clamav-milter.sock
quitealot...

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] [Clamav-announce] announcing ClamAV 0.93.1rc1

[christian]

On Sat, May 31, 2008 at 09:43:23AM +0200, christian wrote:
[...]
> but still a memory hog:
> clamav   15030  0.2  7.2 162076 102268 ?   Ssl  May30   3:43 
> /usr/local/sbin/clamav-milter --whitelist-file=/OWN/clamav-milter/WHITELIST 
> --pidfile=/var/run/clamav/clamav-milter.pid --local --outgoing 
> --quarantine-dir=/EXT/home/clamav/quarantine --max-children=5 
> --dont-scan-on-error --noreject --headers --postmaster-only --quiet 
> local:/var/run/clamav/clamav-milter.sock
> 158mb/99mb (virt/res) after 30 hours.
> 
> btw: after six weeks, 93.0 showed:
> clamav   30065  0.2 13.6 254340 193908 ?   Ssl  Apr14 145:20 
> /usr/local/sbin/clamav-milter --whitelist-file=/OWN/clamav-milter/WHITELIST 
> --pidfile=/var/run/clamav/clamav-milter.pid --local --outgoing 
> --quarantine-dir=/EXT/home/clamav/quarantine --max-children=5 
> --dont-scan-on-error --noreject --headers --postmaster-only --quiet 
> local:/var/run/clamav/clamav-milter.sock
> quitealot...

and after 3 days:
clamav   15030  0.2 13.8 256100 196476 ?   Ssl  May30  10:56 
/usr/local/sbin/clamav-milter --whitelist-file=/OWN/clamav-milter/WHITELIST 
--pidfile=/var/run/clamav/clamav-milter.pid --local --outgoing 
--quarantine-dir=/EXT/home/clamav/quarantine --max-children=5 
--dont-scan-on-error --noreject --headers --postmaster-only --quiet 
local:/var/run/clamav/clamav-milter.sock

amounting to 250mb/191mb (virt/res).

not an rc1 problem - but anyway: why/how?

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] 0.94-exp

[christian]

WARNING: Local version: 0.94-exp Recommended version: 0.94

yes, with --enable-experimental.

1) yes, i tested rc1, and it worked here.

2) the `-exp` suffix seems to be a last-minute improvement for release?

would the conclusion be not/never to use '--enable-experimental'?

__cut__
Wed Sep  3 06:05:32 2008 -> --
Wed Sep  3 06:05:32 2008 -> freshclam daemon 0.94-exp (OS: linux-gnu, ARCH: 
i386, CPU: i686)
Wed Sep  3 06:05:32 2008 -> ClamAV update process started at Wed Sep  3 
06:05:32 2008
Wed Sep  3 06:05:32 2008 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep  3 06:05:32 2008 -> WARNING: Local version: 0.94-exp Recommended 
version: 0.94
Wed Sep  3 06:05:32 2008 -> DON'T PANIC! Read http://www.clamav.net/support/faq
Wed Sep  3 06:05:32 2008 -> main.cld is up to date (version: 47, sigs: 312304, 
f-level: 31, builder: sven)
Wed Sep  3 06:05:32 2008 -> daily.cvd is up to date (version: 8142, sigs: 
95436, f-level: 35, builder: neo)
Wed Sep  3 06:05:32 2008 -> --
__cut__

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1

[christian]

On Thu, Oct 16, 2008 at 09:11:16PM -0500, René Berber wrote:

> Has anyone seen a problem testing with the contents of test/.split?
> 
> In particular 'clamscan test/.split/split.clam.exe.htmlaa' just holds
> the CPU at 100% for a long time... I've killed it on two runs.

no problem here:

test/.split/split.clam.exe.htmlaa: OK

--- SCAN SUMMARY ---
Known viruses: 526908
Engine version: 0.94.1rc1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 2.121 sec (0 m 2 s)

real0m2.220s
user0m1.924s
sys 0m0.144s


on:

vendor_id   : GenuineIntel
cpu family  : 6
model   : 15
model name  : Intel(R) Xeon(R) CPU   E5320  @ 1.86GHz
stepping: 11
cpu MHz : 1861.992
cache size  : 4096 KB

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] clamav-milter 95.2

[christian]

oh well.

immediately after the announcement, freshclam is spewing warnings, 
although most mirrors are not able to deliver yet.

the 'make check', successful with rc1 and rc2, fails:
'FAIL: check_clamd.sh'.

the clamav-milter ('standalone') thingy i am using for years now has totally 
changed.
eg: no more quarantine directory...

__quote__ 
And last but not least, if you don't like it, you can always use the old 
version which is kept under /contrib/old-clamav-milter.
__unquote__

but: how?


i think i'll have to stay for quite some time on 94.2.


or shall be giving up, eventually. :-(


maybe somebody knows an easy way out... ;-)


but anyway: thank you for an excellent product and your enduring efforts!

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] still fighting .95

[christian]

ok, i am still trying to get along with 0.95.

in `make check` i see:

__cut__
FAIL: check_clamd.sh
PASS: check_freshclam.sh
PASS: check_sigtool.sh
clamscan did not detect all testfiles correctly!
FAIL: check_clamscan.sh
__cut__

of course, i tried with .95rc2, before:
__cut__
PASS: check_clamd.sh
PASS: check_freshclam.sh
PASS: check_sigtool.sh
PASS: check_clamscan.sh
__cut__

(and, i think, it even worked with rc1, afair)

where can i find more information on what i am probably doing wrong?

or what, exactly, went a-miss?

thank you for bearing with me...

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] still fighting .95

[christian]

av.nm .libs/check_clamav.nmS 
.libs/check_clamav.nmT
libtool: link: (cd .libs && gcc -Wall -O2 -march=nocona -mfpmath=sse -c 
-fno-builtin "check_clamavS.c")
libtool: link: rm -f ".libs/check_clamavS.c" ".libs/check_clamav.nm" 
".libs/check_clamav.nmS" ".libs/check_clamav.nmT"
libtool: link: gcc -Wall -O2 -march=nocona -mfpmath=sse -s -o 
.libs/check_clamav check_clamav-check_clamav.o check_clamav-check_jsnorm.o 
check_clamav-check_str.o check_clamav-check_regex.o check_clamav-check_disasm.o 
check_clamav-check_uniq.o check_clamav-check_matchers.o 
check_clamav-check_htmlnorm.o  ../libclamav/.libs/libclamav.so -lbz2 -lpthread 
/usr/lib/libcheck.so -lz -ldl
gcc -DHAVE_CONFIG_H -I. -I..  -I..  
-DSRCDIR=\"/EXT/Packages/clamav-0.95/unit_tests\" 
-DBUILDDIR=\"/EXT/Packages/clamav-0.95/unit_tests\"   -Wall -O2 -march=nocona 
-mfpmath=sse -MT check_clamd-check_clamd.o -MD -MP -MF 
.deps/check_clamd-check_clamd.Tpo -c -o check_clamd-check_clamd.o `test -f 
'check_clamd.c' || echo './'`check_clamd.c
check_clamd.c: In function 'commands_setup':
check_clamd.c:127: warning: unused variable 'rc'
check_clamd.c: In function 'tst_fildes':
check_clamd.c:429: warning: unused variable 'pos'
check_clamd.c: In function 'test_fildes':
check_clamd.c:483: warning: unused variable 'i'
check_clamd.c: In function 'test_fildes_many':
check_clamd.c:528: warning: unused variable 'dummycleanfd'
check_clamd.c: In function 'test_fildes':
check_clamd.c:482: warning: 'singlemsg' may be used uninitialized in this 
function
check_clamd.c:481: warning: 'closefd' may be used uninitialized in this function
mv -f .deps/check_clamd-check_clamd.Tpo .deps/check_clamd-check_clamd.Po
/bin/sh ../libtool --tag=CC   --mode=link gcc  -Wall -O2 -march=nocona 
-mfpmath=sse  -s -o check_clamd check_clamd-check_clamd.o -lcheck  -lz -ldl 
libtool: link: gcc -Wall -O2 -march=nocona -mfpmath=sse -s -o check_clamd 
check_clamd-check_clamd.o  /usr/lib/libcheck.so -lz -ldl
cat ../unit_tests/.split/split.clam-phish-exeaa 
../unit_tests/.split/split.clam-phish-exeab > clam-phish-exe
make[2]: Nothing to be done for `check_freshclam.sh'.
make[2]: Nothing to be done for `check_sigtool.sh'.
make[2]: Nothing to be done for `check_clamscan.sh'.
make[2]: Nothing to be done for `valgrind_tests.sh'.
make[2]: Nothing to be done for `efence_tests.sh'.
make[2]: Nothing to be done for `duma_tests.sh'.
make[2]: Leaving directory `/EXT/Packages/clamav-0.95/unit_tests'
make  check-TESTS
make[2]: Entering directory `/EXT/Packages/clamav-0.95/unit_tests'
Running suite(s): cl_api
 cli
 jsnorm
 str
 regex
 disasm
 unique
 matchers
 htmlnorm
100%: Checks: 261, Failures: 0, Errors: 0
PASS: check_clamav
/EXT/Packages/clamav-0.95/unit_tests/clamdtest1/../../test/clam-v2.rar: OK
/EXT/Packages/clamav-0.95/unit_tests/clamdtest1/../../test/clam-v3.rar: OK

***
*** clamd
***
FAIL: check_clamd.sh
PASS: check_freshclam.sh
PASS: check_sigtool.sh
clamscan did not detect all testfiles correctly!
FAIL: check_clamscan.sh
*** valgrind tests skipped by default, use 'make check VG=1' to activate
SKIP: valgrind_tests.sh
*** electric-fence not found, skipping test
SKIP: efence_tests.sh
*** duma tests skipped by default, use 'make check RUNDUMA=1' to activate (but 
don't report bugs about timeouts!)
SKIP: duma_tests.sh

2 of 5 tests failed
(3 tests were not run)
Please report to http://bugs.clamav.net/

make[2]: *** [check-TESTS] Error 1
make[2]: Leaving directory `/EXT/Packages/clamav-0.95/unit_tests'
make[1]: *** [check-am] Error 2
make[1]: Leaving directory `/EXT/Packages/clamav-0.95/unit_tests'
make: *** [check-recursive] Error 1
__cut__

tia,
christian

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] still fighting .95

[christian]

hi edwin,

On Sun, Mar 29, 2009 at 03:13:39PM +0300, Török Edwin wrote:

> This is exactly bug #1491.

ok, thank you.
anyway: i would have hoped that after trying `make check` in rc1 and rc2 
successfully, it wouldn't fail.
if i can successfully `make check` in the last rc, but not in the release 
proper (other things being equal): what's the sense in trying to 
configure/make/make check for any rc, at all?

> Since these are the only 2 failures, you can run make install, and then
> run make check again.

oh well - as soon as i succeed figuring out how to integrate the totally 
changed clamav-milter logic (and praying, at the same time, it won't 
change too radically come .96 or so)...

> It should then pass all tests.

thank you! :-)

> Well you could have used something like pastebin, but nevermind.

omg - something out of the irc world, i guess?
i wouldn't know where to find such animal - certainly not on my machine 
(slack 12.1)!

thanks again.

regards,
christian

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] [Bulk] Re: still fighting .95

[christian]

On Sun, Mar 29, 2009 at 10:37:06AM -0400, Jerry wrote:
> http://pastebin.ca

thank you! :-)

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Problem compiling Clamav-milter in version 0.95

[christian]

On Mon, Mar 30, 2009 at 12:14:23PM +0100, Dave Wells wrote:
> I am running: sendmail-8.12.11-4.RHEL3.6
...
> > clamav-milter.c:59: `SMFIF_QUARANTINE' undeclared (first use in this
> > function)

are you sure your sendmail knows how to quarantine?
i think this came with 8.13...

and: in the rpm world you might need some 'development' package, as well 
(i'm a slacker, myself, so i don't know, really, sorry).

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Problem compiling Clamav-milter in version 0.95

[christian]

On Mon, Mar 30, 2009 at 10:59:43AM +0100, Dave Wells wrote:
[...]
> clamav-milter.c:59: `SMFIF_QUARANTINE' undeclared (first use in this
> function)

what is your sendmail version?

-- 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] LibClamAV Warning-messages

[Christian]

Hi altogether,

I wonder if you could help me with a particular warning-message I get
when scanning a certain pdf-file.

I downloaded a German-Russian study book as a pdf-file.
When scanning it I got the following output:

clamscan Russisch_bitte_von_BookFi.pdf
LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
LibClamAV Warning: [Bytecode JIT]: recovered from error
LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
LibClamAV Warning: Bytcode 20 failed to run: Time limit reached
Russisch_bitte_von_BookFi.pdf: OK

--- SCAN SUMMARY ---
Known viruses: 6512795
Engine version: 0.99.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 26.41 MB
Data read: 16.04 MB (ratio 1.65:1)
Time: 24.279 sec (0 m 24 s)


As can be seen the file was scanned and apparently successful so.
Nothing harmful could be found.
Yet I don´t know what to make of those LibClamAV Warning-messages. What
do they mean and are they something to be worried about?

Greetings
Rosika

P.S.:

I also sent the pdf-file to VirusTotal and all of the 57 virus-scanners
said O.K.
So it should definitely be alright.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] nautilus-actions: is my command for clamscan correct?

[Christian]

Hi altogether,

What I want to achieve is create a /context-menu/ (rightclick)-entry for
scanning files with the *clamscan*-command.

For ubuntu there is a tool called _"nautilus-actions_". With it one can
create right-click-entries.

The most important settings are under the tab "command".
So I configured it this way:

path: xterm
parameter: -fa 'Monospace' -fs 12 -hold -e clamscan %f
working directory: %d

The parameter options are thus: -fa 'Monospace' -fs 12 (setting font and
font-size)
  : -hold (preventing xterm from shutting
down immediately)
  : -e (executing the following command
within xterm)
  : clamscan %f ((first) filename)


Actually this works very well.

When right-clicking on the file to be scanned and clicking on the
respective label (I called it "Dateiscannen") a separate xterm-window
opens and after the scan is
finished the result is displayed until I manually close the xterm-window.

Yet I´ve noticed that I can also scan folders with that command (but not
recursively of course, due to the very nature of the specified command).

It´s always said that everything can be considered to be a file in
Linux. So theoeretically a folder is a file as well and therefore the
/"%f"-parameter/ should be fine
for scanning folders, too.

My question is: Am I right in thinking so or should I use another option
than "%f" or folder-scan?

Thanks a lot in advance.

Greetings
Rosika

P.S.:
system: Lubuntu 16.04.5 LTS, 64 bit
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] nautilus-actions: is my command for clamscan, correct?

[Christian]

Hi Scott.

thanks for your suggestion.

The thing is: I really don´t want to use clamtk for the purpose.
And the nautilus-actions context-menu entry  for "parameter" 

 -fa 'Monospace' -fs 12 -hold -e clamscan %f

works really well for files.
What I wanted to know is whether to  alter that entry slightly for
folder-scan, like "[...] %d" or "[...]%u".

For reference:

As far as the parameters for the command are concerned, there are the
following (from "parameter legend" for nautilus-actions configuration tool):

Parameter    Description   

%b    (first) basename           
%B    space-separated list of basenames           
%c    count of selected items           
%d    (first) base directory           
%D    space-separated list of base directory of each selected items   
       
%f    (first) file name           
%F    space-separated list of selected file names           
%h    hostname of the (first) URI           
%m    mimetype of the (first) selected item           
%M    space-separated list of the mimetypes of the selected items       
   
%n    username of the (first) URI           
%o    no-op operator which forces a singular form of execution when
specified as first parameter           
%O    no-op operator which forces a plural form of execution when
specified as first parameter           
%p    port number of the (first) URI           
%s    scheme of the (first) URI           
%u    (first) URI           
%U    space-separated list of selected URIs           
%w    (first) basename without the extension           
%W    space-separated list of basenames without their extension           
%x    (first) extension           
%X    space-separated list of extensions           
%%    the « % » character

Perhaps that helps in helping me.

Cheers
Rosika





___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav: problems with updating definitions database

[Christian]

Hi altogether,

I installed clamav on friend´s laptop (via teamviewer because she lives
far away).
Her system: Linux/Lubuntu 18.04.4 LTS, 64 bit.

Alas virus-signature-update doesn´t work.

After killing the freshclam-process - in order to update manually - I
tried "sudo freshclam". At first it worked but after 27 MB of download
it stopped:

Terminal-output:

Apr 15 13:47:47 margret-ThinkPad-T430s freshclam[1505]: Wed Apr 15
13:47:47 2020 -> ^Download failed (28) Wed Apr 15 13:47:47 2020 -> ^
Message: Timeout was reached   
Apr 15 13:47:47 margret-ThinkPad-T430s freshclam[1505]: Wed Apr 15
13:47:47 2020 -> ^getcvd: Can't download daily.cvd from
https://database.clamav.net/daily.cvd   
Apr 15 13:47:47 margret-ThinkPad-T430s freshclam[1505]: Wed Apr 15
13:47:47 2020 -> Trying again in 5
secs...  
Apr 15 13:47:52 margret-ThinkPad-T430s freshclam[1505]: Wed Apr 15
13:47:52 2020 -> daily database available for download (remote version:
25782)  
Apr 15 13:47:56 margret-ThinkPad-T430s freshclam[1505]: Wed Apr 15
13:47:56 2020 -> Update process terminated

After 5 secs it started again but with the same result.
And every time it starts at 0 MB. So the update-process never ends.

I´ve got no idea what can be done besides this:

"For offline update, you can also directly download virus definition
from database: main, daily and then put them into /var/lib/clamav
(remove old files)."
(see:
https://askubuntu.com/questions/114000/how-to-update-clamav-definitions-database
).

What´s your opinion about that?

Thanks for your help in advance.
Greetings.
Rosika

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav: problems with updating definitions database

[Christian]

Hi and thanks for your reply.

> why? linux users rarely need antivirus.

Well, she wants to be able to scan docs and PDFs downloaded from the
internet before she sends them to others who use WIN instead of Linux.

> go to /var/lib/clamav, chown all files to clamav:clamav and let
freshclam daemon do its work.

Thanks for the suggestion. I´ll try that as soon as possible.

Greetings.
Rosika


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav: problems with updating definitions database

[Christian]

Hi Micah and thanks a lot for your reply,

it´s ClamAV 0.102.2 which is installed . Timeout is as follows:

less /etc/clamav/freshclam.conf | grep -i timeout
ConnectTimeout 30
ReceiveTimeout 30

So I´ll try setting the ReceiveTimeout to "0".

Thanks again for your help.

Greetings.
Rosika


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamscan vs clamdscan

[Christian]

Hi altogether,

I´ve got a question regarding *clamscan* vs *clamdscan*.

My system is Linux/BodhiLinux 5.1.0 in a VM.
As antivirus-software I installed *clamav*:

/sudo apt-get install clamav clamav-freshclam/

Scanning procedure is good although a bit slow. So in addition to that I
installed the service *clamd*:

/sudo apt-get install clamav-daemon/

Scanning is much faster now.

My question is: Is it alright to have  *clamav* and *clamav-daemon*
installed alongside each other?
So that I can run  either "clamscan somefile"  or  "clamdscan somefile"?

Thanks a lot in advance.

Greetings.
Rosika

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamscan vs clamdscan

[Christian]

Dear Iulian ,


thanks a lot for your answer.

That sounds good. So I take it that I can have clamav and clamav-daemon
installed at the same time and use
either of them.
That´s really cool.

Thank you again for your confirmation and explanation.

There´s just one question remaining which concerns the EICAR-test-file.
For that I post a separate e-mail.

Greetings.
Rosika and Christian

Am 09.05.20 um 20:15 schrieb iulian stan:
> Dear Christian,
> It's normal that scanning with clamdscan takes a shorter time than
> clamscan because the virus databases is already loaded (since it's a
> daemon) and ready for action. For testing purposes(debugging, etc) you
> can use clamscan for all other purposes use clamdscan where you don't
> need to wait to load the virus database on each run.
>
> ---
> Best regards,
> Iulian



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] issues with EICAR-test-file

[Christian]

Hi altogether,

in order to test clamscan/clamdscan I used the *EICAR-Testfile* provided
on https://de.wikipedia.org/wiki/EICAR-Testdatei .

I named it /EICAR-Testdatei.txt/.
Yet scanning it with either *clamscan* or *clamdscan* gave me different
results:

- _with clamdscan:_

clamdscan EICAR-Testdatei.txt
/home/rosika2/Dokumente/kgw/EICAR-Testdatei.txt: Eicar-Signature FOUND

--- SCAN SUMMARY ---
Infected files: 1
Time: 0.183 sec (0 m 0 s)


- _with clamscan:_

clamscan ./EICAR-Testdatei.txt
LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).
LibClamAV Error: hm_addhash_bin: failed to grow hash array to 1 entries
LibClamAV Error: cli_loadhash: Malformed hash string at line 48894
LibClamAV Error: cli_loadhash: Problem parsing database at line 48894
LibClamAV Error: Can't load main.hsb: Can't allocate memory
LibClamAV Error: cli_tgzload: Can't load main.hsb
LibClamAV Error: Can't load /var/lib/clamav/main.cvd: Malformed database
LibClamAV Error: cli_loaddbdir(): error loading database
/var/lib/clamav/main.cvd
ERROR: Malformed database

--- SCAN SUMMARY ---
Known viruses: 2424459
Engine version: 0.102.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 7.633 sec (0 m 7 s)


What am I doing wrong here?

Thanks in advance for your help.

Greetings.
Rosika

P.S.:

My system: Linux/BodhiLinux 5.1.0 in VM

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] issues with EICAR-test-file

[Christian]

Hello Arjen,


thank you so much for your reply,

> Your system is running out of memory.

O.K., that´s the explanation then.
Running BodhiLinux in a VM (qemu/kvm) I originally assigned 1 GB of
virtual RAM to it.
I changend that to 2 GB and now indeed clamdscan and clamscan work:


clamdscan EICAR-Testdatei.txt
/home/rosika2/Dokumente/kgw/EICAR-Testdatei.txt: Eicar-Signature FOUND

--- SCAN SUMMARY ---
Infected files: 1
Time: 0.044 sec (0 m 0 s)

AND:

clamscan ./EICAR-Testdatei.txt
./EICAR-Testdatei.txt: Eicar-Signature FOUND

--- SCAN SUMMARY ---
Known viruses: 6930494
Engine version: 0.102.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 28.218 sec (0 m 28 s)

Thanks a lot again for your help.

Greetings.
Rosika


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-users] OT: Download script

[christian]

On Tue, Apr 25, 2006 at 07:07:03AM -0400, Christopher X. Candreva wrote:

> If you know a gunzip option that will NOT delete the compresed file,
> that would be the prefered method.

- you could user 'tar czf' / 'tar xzf' instead of 'gzip' / 'gunzip'.
- or maybe 'touch -r' could help?

-- 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Recomended nightly snap, or beta version ?

[christian]

On Wed, Aug 30, 2006 at 02:11:42PM -0700, Todd Lyons wrote:
[...]
> Do this:
> make   # it will fail at the point you see
> pushd clamav-milter; /bin/sh ../libtool --mode=link gcc  -g -O2  -lnsl -o 
> clamav-milter  cfgparser.o output.o getopt.o memory.o misc.o network.o 
> clamav-milter.o  ../libclamav/libclamav.la -lmilter  -lnsl -lpthread -lwrap 
> -lresolv; popd
> make   # it will get past the failure point and finish

thank you for your analysis, and thank you for the above incantation - it 
works! :-)

> I stared at it for a bit, but couldn't figure out the part that would
> make it magically compile properly.

your recipe looks magic enough, for my taste... ;-)

-- 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Recomended nightly snap, or beta version ?

[christian]

On Wed, Aug 30, 2006 at 11:43:32PM +0200, Andrzej Migdalski wrote:

> I'd been getting the same error since about two weeks ago and had to 
> manually add -lresolv to clamav-milter LIBS.

thank you.
with LDFLAGS='-lresolv' ./configure it's working...

> Just recently i found that it was triggered by using "--without-libcurl" 
> option.

i didn't specify anything curly, but from the log it assumes 'auto' here.

-- 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Recomended nightly snap, or beta version ?

[christian]

On Thu, Aug 31, 2006 at 01:13:21AM +0100, Stephen Gran wrote:
> ---
> diff -Nru clamav-devel-latest/configure.in 
> clamav-devel-latest.new/configure.in
> --- clamav-devel-latest/configure.in2006-08-26 02:30:04.0 +0100
> +++ clamav-devel-latest.new/configure.in2006-08-31 00:55:53.0 
> +0100
> @@ -160,7 +160,7 @@
>  if test -z "$resolv_lib"; then
> AC_CHECK_LIB(resolv, dn_expand, resolv_lib="-lresolv",)
>  fi
> -AC_CHECK_HEADER(resolv.h,[FRESHCLAM_LIBS="$FRESHCLAM_LIBS $resolv_lib"; 
> AC_DEFINE(HAVE_RESOLV_H,1,have resolv.h)], AC_MSG_WARN([** DNS support 
> disabled]))
> +AC_CHECK_HEADER(resolv.h,[FRESHCLAM_LIBS="$FRESHCLAM_LIBS $resolv_lib"; 
> CLAMAV_MILTER_LIBS="$CLAMAV_MILTER_LIBS $resolv_lib"; 
> AC_DEFINE(HAVE_RESOLV_H,1,have resolv.h)], AC_MSG_WARN([** DNS support 
> disabled]))
>  fi
> 
>  AC_ARG_ENABLE(clamuko,
> ---

thank you - it's working! :-)

where can one learn such witchcraft?
any fine manuals i could read?

-- 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

[Christian Balzer]

Hello,

On Mon, 26 Dec 2016 19:21:25 - Steve Basford wrote:

> 
> On Mon, December 26, 2016 6:55 pm, Mark Edwards wrote:
> > In keeping with the other false positive reports I have more than 400
> > CentOS servers report below after yesterday's freshclam update:
> 
> Yes, nashorn.jar seems to get hit too...
> 
> eg:
> 
> fp2\11476331d01: Win.Trojan.Toa-5372078-0
> fp2\200ENGI.EXE: Win.Trojan.Toa-5380327-0
> fp2\3A627716d01: Win.Trojan.Toa-5372078-0
> fp2\firefox-hot...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0
> fp2\Microsoft Virtual PC 2004 MSDN.msi: Win.Trojan.Toa-5370996-0
> fp2\nashorn.jar: Win.Trojan.Toa-5370166-0
> fp2\startupCache.4.little: Win.Trojan.Toa-5370166-0
> 
> and the earlier reported FP's are still there:
> 
> fp\Aston Villa 1.4.3.ipa: Win.Trojan.Toa-5370166-0
> fp\greasemonkey-3.8-fx.xpi: Win.Trojan.Toa-5370166-0
> fp\imagus-0.9.8.45-fx+sm.xpi: Win.Trojan.Toa-5370166-0
> fp\l...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0
> fp\omni.ja: Win.Trojan.Toa-5370166-0
> fp\org-netbeans-modules-javascript-nodejs.jar: Win.Trojan.Toa-5370166-0
> fp\privacy_badger-1.7.0-fx.xpi: Win.Trojan.Toa-5370166-0
> 
> etc.
> 
> IMHO, Win.Trojan.Toa* CDB sigs should ALL be pulled ASAP and QA testing done
> in full after holidays.
> 
I can only second that.
And add Win.Trojan.Toa-5368540-0 to the list of FPs.

At this rate the previous bit about "Clamscan becoming its own worst
enemy." can not be underestimated.
This is the 2nd, VERY visible FP avalanche in so many months and since it
affects a lot of people here including internal business mails.
Reflecting badly on all OSS projects and SW.

Christian

> As the issues go on...
> 
> https://forum.kaspersky.com/index.php?s=252c49e91f4e5a6572be42fda3a1ff56&showtopic=363061
> 
> https://www.joomlashine.com/forum/other-products/169144-uniform-package-has-win-trojan-toa-5370166-0
> 


-- 
Christian BalzerNetwork/Systems Engineer
ch...@gol.com   Global OnLine Japan/Rakuten Communications
http://www.gol.com/
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

[Christian Balzer]

Hello Al,

On Mon, 26 Dec 2016 17:52:53 -0800 Al Varnell wrote:

> Although most, if not all the Win.Trojan.Toa old signatures were either 
> dropped by Daily - 22782, I see it also added Win.Trojan.Toa-5368540-0, so 
> that would appear to be a new issue.
>
Be that as it may, I'd say this isn't a new issue as such but a
continuation of what is clearly insufficient QA with these signatures.

I'd love to be more helpful, but since this are large mails I don't have a
complete bounce (Exim suppresses those over 100KB) and I don't have easy
access to any of the senders.
But it's with near certainty some attachment in a MS file format that
triggers these.

Regards,

Christian

> -Al-
> 
> On Mon, Dec 26, 2016 at 05:24 PM, Christian Balzer wrote:
> > 
> > Hello,
> > 
> > On Mon, 26 Dec 2016 19:21:25 - Steve Basford wrote:
> > 
> >> 
> >> On Mon, December 26, 2016 6:55 pm, Mark Edwards wrote:
> >>> In keeping with the other false positive reports I have more than 400
> >>> CentOS servers report below after yesterday's freshclam update:
> >> 
> >> Yes, nashorn.jar seems to get hit too...
> >> 
> >> eg:
> >> 
> >> fp2\11476331d01: Win.Trojan.Toa-5372078-0
> >> fp2\200ENGI.EXE: Win.Trojan.Toa-5380327-0
> >> fp2\3A627716d01: Win.Trojan.Toa-5372078-0
> >> fp2\firefox-hot...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0
> >> fp2\Microsoft Virtual PC 2004 MSDN.msi: Win.Trojan.Toa-5370996-0
> >> fp2\nashorn.jar: Win.Trojan.Toa-5370166-0
> >> fp2\startupCache.4.little: Win.Trojan.Toa-5370166-0
> >> 
> >> and the earlier reported FP's are still there:
> >> 
> >> fp\Aston Villa 1.4.3.ipa: Win.Trojan.Toa-5370166-0
> >> fp\greasemonkey-3.8-fx.xpi: Win.Trojan.Toa-5370166-0
> >> fp\imagus-0.9.8.45-fx+sm.xpi: Win.Trojan.Toa-5370166-0
> >> fp\l...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0
> >> fp\omni.ja: Win.Trojan.Toa-5370166-0
> >> fp\org-netbeans-modules-javascript-nodejs.jar: Win.Trojan.Toa-5370166-0
> >> fp\privacy_badger-1.7.0-fx.xpi: Win.Trojan.Toa-5370166-0
> >> 
> >> etc.
> >> 
> >> IMHO, Win.Trojan.Toa* CDB sigs should ALL be pulled ASAP and QA testing 
> >> done
> >> in full after holidays.
> >> 
> > I can only second that.
> > And add Win.Trojan.Toa-5368540-0 to the list of FPs.
> > 
> > At this rate the previous bit about "Clamscan becoming its own worst
> > enemy." can not be underestimated.
> > This is the 2nd, VERY visible FP avalanche in so many months and since it
> > affects a lot of people here including internal business mails.
> > Reflecting badly on all OSS projects and SW.
> > 
> > Christian
> > 
> >> As the issues go on...
> >> 
> >> https://forum.kaspersky.com/index.php?s=252c49e91f4e5a6572be42fda3a1ff56&showtopic=363061
> >> 
> >> https://www.joomlashine.com/forum/other-products/169144-uniform-package-has-win-trojan-toa-5370166-0


-- 
Christian BalzerNetwork/Systems Engineer
ch...@gol.com   Global OnLine Japan/Rakuten Communications
http://www.gol.com/
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

[Christian Balzer]

Hello,

On Tue, 27 Dec 2016 03:06:31 + Joel Esler (jesler) wrote:

> We QA against thousands of clean files for each signature.  But we don't have 
> s copy of every foe in the world to QA against.  
> 
> When people send in false positives, if we determine them to be actually 
> clean, we add them to the FP farm as well.  That's why FPs are important to 
> send in, not just to clean current FPs, but to prevent future ones.   
>

Don't have a sample (confidential file), but I have confirmation that this
was indeed an Excel .xlsm file.
Given the senders/recipients of the other Win.Trojan.Toa-5368540-0 FPs,
I'm willing to bet real money that it was the same type.

Christian

> --
> Sent from my iPhone
> 
> > On Dec 26, 2016, at 9:27 PM, Christian Balzer  wrote:
> > 
> > 
> > Hello Al,
> > 
> >> On Mon, 26 Dec 2016 17:52:53 -0800 Al Varnell wrote:
> >> 
> >> Although most, if not all the Win.Trojan.Toa old signatures were either 
> >> dropped by Daily - 22782, I see it also added Win.Trojan.Toa-5368540-0, so 
> >> that would appear to be a new issue.
> >> 
> > Be that as it may, I'd say this isn't a new issue as such but a
> > continuation of what is clearly insufficient QA with these signatures.
> > 
> > I'd love to be more helpful, but since this are large mails I don't have a
> > complete bounce (Exim suppresses those over 100KB) and I don't have easy
> > access to any of the senders.
> > But it's with near certainty some attachment in a MS file format that
> > triggers these.
> > 
> > Regards,
> > 
> > Christian
> > 
> >> -Al-
> >> 
> >>> On Mon, Dec 26, 2016 at 05:24 PM, Christian Balzer wrote:
> >>> 
> >>> Hello,
> >>> 
> >>>> On Mon, 26 Dec 2016 19:21:25 - Steve Basford wrote:
> >>>> 
> >>>> 
> >>>>> On Mon, December 26, 2016 6:55 pm, Mark Edwards wrote:
> >>>>> In keeping with the other false positive reports I have more than 400
> >>>>> CentOS servers report below after yesterday's freshclam update:
> >>>> 
> >>>> Yes, nashorn.jar seems to get hit too...
> >>>> 
> >>>> eg:
> >>>> 
> >>>> fp2\11476331d01: Win.Trojan.Toa-5372078-0
> >>>> fp2\200ENGI.EXE: Win.Trojan.Toa-5380327-0
> >>>> fp2\3A627716d01: Win.Trojan.Toa-5372078-0
> >>>> fp2\firefox-hot...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0
> >>>> fp2\Microsoft Virtual PC 2004 MSDN.msi: Win.Trojan.Toa-5370996-0
> >>>> fp2\nashorn.jar: Win.Trojan.Toa-5370166-0
> >>>> fp2\startupCache.4.little: Win.Trojan.Toa-5370166-0
> >>>> 
> >>>> and the earlier reported FP's are still there:
> >>>> 
> >>>> fp\Aston Villa 1.4.3.ipa: Win.Trojan.Toa-5370166-0
> >>>> fp\greasemonkey-3.8-fx.xpi: Win.Trojan.Toa-5370166-0
> >>>> fp\imagus-0.9.8.45-fx+sm.xpi: Win.Trojan.Toa-5370166-0
> >>>> fp\l...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0
> >>>> fp\omni.ja: Win.Trojan.Toa-5370166-0
> >>>> fp\org-netbeans-modules-javascript-nodejs.jar: Win.Trojan.Toa-5370166-0
> >>>> fp\privacy_badger-1.7.0-fx.xpi: Win.Trojan.Toa-5370166-0
> >>>> 
> >>>> etc.
> >>>> 
> >>>> IMHO, Win.Trojan.Toa* CDB sigs should ALL be pulled ASAP and QA testing 
> >>>> done
> >>>> in full after holidays.
> >>>> 
> >>> I can only second that.
> >>> And add Win.Trojan.Toa-5368540-0 to the list of FPs.
> >>> 
> >>> At this rate the previous bit about "Clamscan becoming its own worst
> >>> enemy." can not be underestimated.
> >>> This is the 2nd, VERY visible FP avalanche in so many months and since it
> >>> affects a lot of people here including internal business mails.
> >>> Reflecting badly on all OSS projects and SW.
> >>> 
> >>> Christian
> >>> 
> >>>> As the issues go on...
> >>>> 
> >>>> https://forum.kaspersky.com/index.php?s=252c49e91f4e5a6572be42fda3a1ff56&showtopic=363061
> >>>> 
> >>>> https://www.joomlashine.com/forum/other-products/169144-uniform-package-has-win-trojan-toa-5370166-0
> > 
> > 
> > -- 
> > Christian BalzerNetwork/Systems Engineer
> > ch...@gol.com   Global OnLi

[Clamav-users] LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Malformed database

[Christian Gonzalez]

Hi list,

As many, I've been affected by 0.94 EOL process. I successfully upgraded
Clamav to 0.96 version but I'm still suffering from not being able to use
it. I got this error:


# /usr/sbin/clamd
LibClamAV debug: Initialized 0.96 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
LibClamAV debug: Phishcheck module initialized
host triple is: i386-pc-linux-gnu
host cpu is: k8-sse3
LibClamAV debug: Loading databases from /usr/share/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 2f1ce7ba7428a368a5686f05fac71b7c
LibClamAV debug: cli_versig: Decoded signature:
2f1ce7ba7428a368a5686f05fac71b7c
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.info loaded
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.cfg loaded
LibClamAV debug: Initializing engine->root[0]
LibClamAV debug: Initialising AC pattern matcher of root[0]
LibClamAV debug: cli_initroots: Initializing BM tables of root[0]
LibClamAV debug: Initializing engine->root[1]
LibClamAV debug: Initialising AC pattern matcher of root[1]
LibClamAV debug: cli_initroots: Initializing BM tables of root[1]
LibClamAV debug: Initializing engine->root[2]
LibClamAV debug: Initialising AC pattern matcher of root[2]
LibClamAV debug: Initializing engine->root[3]
LibClamAV debug: Initialising AC pattern matcher of root[3]
LibClamAV debug: Initializing engine->root[4]
LibClamAV debug: Initialising AC pattern matcher of root[4]
LibClamAV debug: Initializing engine->root[5]
LibClamAV debug: Initialising AC pattern matcher of root[5]
LibClamAV debug: Initializing engine->root[6]
LibClamAV debug: Initialising AC pattern matcher of root[6]
LibClamAV debug: Initializing engine->root[7]
LibClamAV debug: Initialising AC pattern matcher of root[7]
LibClamAV debug: Initializing engine->root[8]
LibClamAV debug: Initialising AC pattern matcher of root[8]
LibClamAV debug: Initializing engine->root[9]
LibClamAV debug: Initialising AC pattern matcher of root[9]
LibClamAV debug: Loaded 117 filetype definitions
LibClamAV debug: daily.ftm loaded
LibClamAV debug: daily.db loaded
LibClamAV Error: cli_caloff: Offset string too long
LibClamAV Error: cli_bm_addpatt: Can't calculate offset for signature
Exploit.PDF-11591
LibClamAV Error: cli_loadmd5: Error adding BM pattern
LibClamAV Error: cli_loadmd5: Problem parsing database at line 1
LibClamAV Error: Can't load daily.hdb: Malformed database
LibClamAV Error: cli_tgzload: Can't load daily.hdb
LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Malformed database
ERROR: Malformed database
Closing the main socket

I searched a lot and followed some recommendations but none of them were
usefull. I tried deleting everything under /usr/share/clamav/ and ran
freshclam after that, it downloaded all virus db's but still receiving
this error.

I had to disable amavis-new and clamav in order to keep receiving my mails
but I would like to fix this.

My mailserver is running Slackware 12.1, using Postfix and Dovecot,
amavis-new, clamav and Spamassasin as filtering applications. It was
running smoothly for more than a year until now. I'm not a postmaster guru
so I'm pulling my hair trying to solve this.


Any help will be much appreciated.


Thanks and regards.

Christian Gonzalez

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Malformed database

[Christian Gonzalez]

> Christian Gonzalez wrote:
>> Hi list,
>>
>> As many, I've been affected by 0.94 EOL process. I successfully upgraded
>> Clamav to 0.96 version but I'm still suffering from not being able to
>> use
>> it. I got this error:
>
> Hi Christian,
>
> please open a ticket at http://bugs.clamav.net
> Just copy/paste the info in your email and also state your zlib version
> and attach the problematic daily.cvd.
>
> Cheers,
> acab
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>


Hi acab,


Thanks for your quick response. I'll open a ticket.

Very appreciated!

Regards.
Christian Gonzalez

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Malformed database

[Christian Gonzalez]

> Hi!
>
> Solved ... Here the details:
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1950
>
> Thanks to Török Edwin, aCaB and the ClamAV Team!
>
> Upgrading zlib to 1.2.4 I've solved the problem,
>
> Regards
>
> ---
> Sim
>
> 2010/4/18 Christian Gonzalez :
>>> Christian Gonzalez wrote:
>>>> Hi list,
>>>>
>>>> As many, I've been affected by 0.94 EOL process. I successfully
>>>> upgraded
>>>> Clamav to 0.96 version but I'm still suffering from not being able to
>>>> use
>>>> it. I got this error:
>>>
>>> Hi Christian,
>>>
>>> please open a ticket at http://bugs.clamav.net
>>> Just copy/paste the info in your email and also state your zlib version
>>> and attach the problematic daily.cvd.
>>>
>>> Cheers,
>>> acab
>>> ___
>>> Help us build a comprehensive ClamAV guide: visit
>>> http://wiki.clamav.net
>>> http://www.clamav.net/support/ml
>>>
>>
>>
>> Hi acab,
>>
>>
>> Thanks for your quick response. I'll open a ticket.
>>
>> Very appreciated!
>>
>> Regards.
>> Christian Gonzalez
>>
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>>
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>

Hi,

I saw your resolution but upgrading to zlib 1.2.4 didn't work for me...

Thanks anyway!

Chris

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] duplicate clamd processes

[Christian Salway]

At the moment when I start clamd, it spawns two processes with different
PID's, the problem is I don't have enough memory to run two so I have been
trying to figure out how to spawn only one.

 

I've searched the internet, I've also asked around on forums and looked in
the manuals, but no one seems to know how to limit it.  Can anyone help?

 

You can see an image of the problem here
http://unix.stackexchange.com/questions/68155/limit-clamav-to-one-thread

 

Hope someone can help

 

Kind regards,

Christian

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] duplicate clamd processes

[Christian Salway]

Thanks for getting back to me, Jim.

Its just one core. The server is an Amazon EC2 micro instance server.

Christian

-Original Message-
From: Jim Preston 
Sender: clamav-users-boun...@lists.clamav.net
Date: Sat, 16 Mar 2013 20:36:40 
To: ClamAV users ML
Reply-To: ClamAV users ML 
Subject: Re: [clamav-users] duplicate clamd processes

On 03/16/2013 10:44 AM, Christian Salway wrote:
> At the moment when I start clamd, it spawns two processes with different
> PID's, the problem is I don't have enough memory to run two so I have been
> trying to figure out how to spawn only one.
>
>   
>
> I've searched the internet, I've also asked around on forums and looked in
> the manuals, but no one seems to know how to limit it.  Can anyone help?
>
>   
>
> You can see an image of the problem here
> http://unix.stackexchange.com/questions/68155/limit-clamav-to-one-thread
>
>   
>
> Hope someone can help
>
>   
>
> Kind regards,
>
> Christian
>
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
How many cores / processors are in the system? Could this be a case of 1 
daemon/processor(core)?

Jim

-- 
Jim Preston


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] duplicate clamd processes

[Christian Salway]

Hi Dave,

Thanks for getting back to me.  I think from your email, the answer is quite
simply that the minimum processes clamd needs is two, a controller and at
least one worker but can create more workers up to MaxThreads.  The amount
of memory shown is a reserved amount by clamd when it starts which it shares
over it's worker threads.

I would like to see how much RAM it shows when another worker is created but
I doubt that will ever happen as it has very low email traffic and there
isnt enough RAM for another one :)

Kind regards,
Christian Salway

-Original Message-
From: clamav-users-boun...@lists.clamav.net
[mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of David Raynor
Sent: 18 March 2013 15:43
To: ClamAV users ML
Subject: Re: [clamav-users] duplicate clamd processes

On Sun, Mar 17, 2013 at 3:21 AM, Christian Salway
wrote:

> Thanks for getting back to me, Jim.
>
> Its just one core. The server is an Amazon EC2 micro instance server.
>
> Christian
>
> -Original Message-
> From: Jim Preston 
> Sender: clamav-users-boun...@lists.clamav.net
> Date: Sat, 16 Mar 2013 20:36:40
> To: ClamAV users ML
> Reply-To: ClamAV users ML 
> Subject: Re: [clamav-users] duplicate clamd processes
>
> On 03/16/2013 10:44 AM, Christian Salway wrote:
> > At the moment when I start clamd, it spawns two processes with 
> > different PID's, the problem is I don't have enough memory to run 
> > two so I have
> been
> > trying to figure out how to spawn only one.
> >
> >
> >
> > I've searched the internet, I've also asked around on forums and 
> > looked
> in
> > the manuals, but no one seems to know how to limit it.  Can anyone help?
> >
> >
> >
> > You can see an image of the problem here 
> > http://unix.stackexchange.com/questions/68155/limit-clamav-to-one-th
> > read
> >
> >
> >
> > Hope someone can help
> >
> >
> >
> > Kind regards,
> >
> > Christian
> >
> > ___
> > Help us build a comprehensive ClamAV guide: visit 
> > http://wiki.clamav.net http://www.clamav.net/support/ml
> >
> How many cores / processors are in the system? Could this be a case of 
> 1 daemon/processor(core)?
>
> Jim
>
> --
> Jim Preston
>
>
> ___
> Help us build a comprehensive ClamAV guide: visit 
> http://wiki.clamav.net http://www.clamav.net/support/ml 
> ___
> Help us build a comprehensive ClamAV guide: visit 
> http://wiki.clamav.net http://www.clamav.net/support/ml
>


The design of clamd is to run a manager/controller thread and one or more
worker threads to do the scanning. The MaxThreads setting in clamd.conf
controls the number of worker threads. Clamd will not do scanning inside the
manager thread. Did you try a MaxThreads setting of 2 and have a problem?
The biggest chunk of the memory footprint is shared. I think the dashboard
picture you posted is showing individual threads with their unique PIDs and
then showing how much memory is accessible to each thread, which then makes
those memory totals start double-counting when there are multiple threads
that can all access the same ranges of memory [note that those memory totals
are also exactly the same].

Hope this helps,

Dave R.

--
---
Dave Raynor
Sourcefire Vulnerability Research Team
dray...@sourcefire.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Memory level

[Christian Salway]

In your new version, can you please consider how to run it on low memory
systems (<512MB) for spamassassin other than direct from the command line
which takes time to load each time it's called.

Our basic internet servers we roll out to dedicated clients run on the
Amazon EC2 micro servers and consist of mysql, postfix, dovecot, apache,
spamassassin and clamd (disabled).  Disabled because it consumes too much
RAM and deemed the least required because antivirus is readily available on
desktops, tablets and phones and most clients would prefer to deal with one
or two virus' messages than 100's of spam messages.

At the moment, on the Amazon EC2 micro servers, there is 512Mb RAM
available, of which, clamd consumes 30% if enabled, taking the RAM load from
165/512MB to 337/512MB, and that's before the server has started processing
anything.

Kind regards,
Christian

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] GTUBE message detection

[Christian Salway]

I concur. GTUBE shouldn't be included.

However, the question should be asked as to why the request was orginally 
requested?

Coincidentally, spamassassin can be setup to pick up gtube before it reaches 
clamav.

Xian

-Original Message-
From: Andrew Beverley 
Sender: clamav-users-boun...@lists.clamav.net
Date: Mon, 08 Apr 2013 21:40:14 
To: 
Reply-To: ClamAV users ML 
Subject: [clamav-users] GTUBE message detection

Some time ago there was a discussion that resulted in the GTUBE test
spam message being added to the Clamav signatures[1].

The problem with this is that it is hard to test an anti-spam solution
(such as Spamassassin) on the same server, as ClamAV may reject a
message before Spamassassin gets a chance to look at it. This could
result in the false assumption that Spamassassin is working correctly
when in actual fact it is not.

Given that there is the Eicar message for testing AV software, and the
Gtube for testing Spam software, could Gtube be removed from ClamAV
please?

Thanks,

Andy

[1] http://lurker.clamav.net/message/20090924.234610.57310ea1.en.html

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Log: -> Client disconnected / Very high load

[Christian Kuehn]

Hi,

ClamAV 0.90.1 on Solaris 10/i86 (Generic_118855-19)

We found several entries like this:

Thu Mar 15 04:59:45 2007 -> Client disconnected
Thu Mar 15 04:59:50 2007 -> Client disconnected
Thu Mar 15 05:00:00 2007 -> Client disconnected
Thu Mar 15 05:00:02 2007 -> Client disconnected
Thu Mar 15 05:00:03 2007 -> Client disconnected
Thu Mar 15 05:00:13 2007 -> Client disconnected
Thu Mar 15 05:00:14 2007 -> Client disconnected


and

Thu Mar 15 04:53:26 2007 -> ERROR: accept() failed: Too many open files
Thu Mar 15 04:53:26 2007 -> ERROR: accept() failed: Too many open files
Thu Mar 15 04:53:26 2007 -> ERROR: accept() failed: Too many open files
Thu Mar 15 04:53:26 2007 -> ERROR: accept() failed: Too many open files


the clamd need 90% cpu and the load comes over 30 (and higher).

Any ideas?

Kind Regards
Christian

-- 
Christian Kühn
(Technical Consultant / Hostmaster)

==
MCS MOORBEK COMPUTER SYSTEME GmbH
Essener Bogen 17 - 22419 Hamburg - Germany
Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200
E-Mail: [EMAIL PROTECTED]
Web: http://www.mcs.de
Eingetragen im Handelsregister Hamburg B62933
Geschäftsführer: Kai Brandes & Eckard Kabel
GPG 8B52 41A1 4B8F 4DE7 9064  2073 6168 137A 3DDA 0F36
==
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Massive problems clamav-0.90.x under Solaris 10

[Christian Kuehn]

Hi,

we detect some massive problems with the 0.90-series of clamav under Solaris 10,
the clamd use 90-99% of all CPU after 15min and the maschine got a load of
minimum 50.

The logfile shows like that:

Thu Mar 15 07:22:31 2007 ->
/var/spool/exim/scan/1HRqqc-0002q2-MA/1HRqqc-0002q2-MA.eml: Unable to open file
or directory ERROR
Thu Mar 15 07:22:31 2007 -> Client disconnected


or

Thu Mar 15 04:15:36 2007 -> ERROR: accept() failed: Too many open files


or

Thu Mar 15 16:39:25 2007 -> /tmp/dgvirus/tfwYaq9i: Unable to open file or
directory ERROR



We downgrade from 0.90.1 to 0.90 in the first step, but the same, and know the
use 0.88.7 without ANY PROBLEMS.


Anyone with the same experiences or and ideas how to solve?

Cheers
Christian
-- 
Christian Kühn
(Technical Consultant / Hostmaster)

==
MCS MOORBEK COMPUTER SYSTEME GmbH
Essener Bogen 17 - 22419 Hamburg - Germany
Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200
E-Mail: [EMAIL PROTECTED]
Web: http://www.mcs.de
Eingetragen im Handelsregister Hamburg B62933
Geschäftsführer: Kai Brandes & Eckard Kabel
GPG 8B52 41A1 4B8F 4DE7 9064  2073 6168 137A 3DDA 0F36
==
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Massive problems clamav-0.90.x under Solaris 10

[Christian Kuehn]

Tomasz Kojm wrote:
> On Thu, 15 Mar 2007 17:29:32 -0500
> Alex Moore <[EMAIL PROTECTED]> wrote:
> 
>> On Thu, 15 Mar 2007 09:54:38 -0700
>> Dennis Peterson <[EMAIL PROTECTED]> wrote:
>>
>>> My personal opinion is that clamd is self-refreshing the databases at 
>>> the instant a new database is being installed. If so then it may be a 
>>> worthwhile thing to have a semaphore available as a socket query or
>>> as an external file to all the processes that will help prevent these 
>>> timing errors.
>> From previous posts to this list, the problem could be the same that I
>> have.  With ScanArchive enabled, clamd dies immediately when scanning
>> a .zip file.  With ScanArchive disabled, clamd has no problem.
> 
> Did you compile with gcc? If not, then please recompile and report if gcc
> solves the problem.
> 


Compiled with gcc 3.4.3, its the gcc from SFW, standard-installation in 
Solaris10:

Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure
--prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as
--with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ 
--enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)



-- 
Christian Kühn
(Technical Consultant / Hostmaster)

==
MCS MOORBEK COMPUTER SYSTEME GmbH
Essener Bogen 17 - 22419 Hamburg - Germany
Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200
E-Mail: [EMAIL PROTECTED]
Web: http://www.mcs.de
Eingetragen im Handelsregister Hamburg B62933
Geschäftsführer: Kai Brandes & Eckard Kabel
GPG 8B52 41A1 4B8F 4DE7 9064  2073 6168 137A 3DDA 0F36
==
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] HELP: LibClamAV debug: Signature offset: 10620, expected: 0 (Trojan.Downloader.Bat.Ftp.gen-6)

[Christian Kuehn]

Hi,

during debuging the performance/HIGH-CPU-problem in Solaris10, I found severeal
times this:

LibClamAV debug: Signature offset: 10620, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-6)
LibClamAV debug: Signature offset: 10620, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-5)
LibClamAV debug: Signature offset: 10620, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-4)
LibClamAV debug: Signature offset: 10620, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-3)
LibClamAV debug: Signature offset: 10620, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-2)
LibClamAV debug: Signature offset: 10620, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-1)
LibClamAV debug: Signature offset: 10620, expected: 0
(Trojan.Downloader.BAT.Ftp.gen)
LibClamAV debug: Signature offset: 8256, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-6)
LibClamAV debug: Signature offset: 8256, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-5)
LibClamAV debug: Signature offset: 8256, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-4)
LibClamAV debug: Signature offset: 8256, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-3)
LibClamAV debug: Signature offset: 8256, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-2)
LibClamAV debug: Signature offset: 8256, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-1)
LibClamAV debug: Signature offset: 8256, expected: 0 
(Trojan.Downloader.BAT.Ftp.gen)
LibClamAV debug: Signature offset: 11682, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-6)
LibClamAV debug: Signature offset: 11682, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-5)
LibClamAV debug: Signature offset: 11682, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-4)
LibClamAV debug: Signature offset: 11682, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-3)
LibClamAV debug: Signature offset: 11682, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-2)
LibClamAV debug: Signature offset: 11682, expected: 0
(Trojan.Downloader.Bat.Ftp.gen-1)
LibClamAV debug: Signature offset: 11682, expected: 0
(Trojan.Downloader.BAT.Ftp.gen)




or

LibClamAV debug: Signature offset: 176, expected: 0 (JS.Feebs.C)
LibClamAV debug: Signature offset: 10841, expected: 0 (JS.Feebs.C)
LibClamAV debug: Signature offset: 176, expected: 0 (JS.Feebs.C)
LibClamAV debug: Signature offset: 10391, expected: 0 (JS.Feebs.C)
LibClamAV debug: Signature offset: 174, expected: 0 (JS.Feebs.C)
LibClamAV debug: Signature offset: 1085, expected: 0 (JS.Feebs.C)
LibClamAV debug: Signature offset: 11150, expected: 0 (JS.Feebs.C)



Basics:
Running as user exim (UID 101, GID 6)
clamd daemon 0.90.1 (OS: solaris2.10, ARCH: i386, CPU: i386)
Log file size limit disabled.
Reading databases from /opt/clamav/share/clamav
LibClamAV debug: Initializing the engine (0.90.1)


Any ideas if this is correct?

Cheers
Christian
-- 
Christian Kühn
(Technical Consultant / Hostmaster)

==
MCS MOORBEK COMPUTER SYSTEME GmbH
Essener Bogen 17 - 22419 Hamburg - Germany
Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200
E-Mail: [EMAIL PROTECTED]
Web: http://www.mcs.de
Eingetragen im Handelsregister Hamburg B62933
Geschäftsführer: Kai Brandes & Eckard Kabel
GPG 8B52 41A1 4B8F 4DE7 9064  2073 6168 137A 3DDA 0F36
==
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] error stops clamd

[Christian Kuehn]

Same here. :-((

This behavior is terrible!



jacusy wrote:
> Hello,
> 
> this night my clamd-process terminated with an error. The reason was
> that freshclam took too long to do its update, so that clamd could not
> lock the database. So clamd exited. But this behaviour is very fatal
> because the mail system (postfix with amavis) relys on clamd, so if it
> is down, the whole mail traffic is blocked!! Caused of an error while
> updating..
> 
> What to do against?
> 
> 
> The logs:
> clamd.log
>> Wed Apr 11 01:53:40 2007 -> SelfCheck: Database status OK.
>> Wed Apr 11 02:27:53 2007 -> SelfCheck: Database modification detected.
>> Forcing reload.
>> Wed Apr 11 02:28:07 2007 -> Reading databases from
>> /usr/local/clamav/share/clamav
>> Wed Apr 11 02:30:17 2007 -> ERROR: reload db failed: Unable to lock
>> database directory (try 1)
>> Wed Apr 11 02:32:27 2007 -> ERROR: reload db failed: Unable to lock
>> database directory (try 2)
>> Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock
>> database directory (try 3)
>> Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock
>> database directory
>> Wed Apr 11 02:34:37 2007 -> Terminating because of a fatal error.Wed
>> Apr 11 02:34:37 2007 -> Socket file removed.
>> Wed Apr 11 02:34:37 2007 -> Pid file removed.
>> Wed Apr 11 02:34:37 2007 -> --- Stopped at Wed Apr 11 02:34:37 2007
> 
> 
> freshclam.log
>> ClamAV update process started at Wed Apr 11 02:23:01 2007
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3)
>> Trying host db.de.clamav.net (85.25.252.58)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58)
>> Trying host db.de.clamav.net (85.199.169.78)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 85.199.169.78)
>> Trying host db.de.clamav.net (85.214.44.186)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 85.214.44.186)
>> Trying host db.de.clamav.net (88.198.17.100)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.17.100)
>> Trying host db.de.clamav.net (88.198.104.251)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.104.251)
>> Trying host db.de.clamav.net (89.149.194.18)...
>> connect_error: getsockopt(SO_ERROR): fd=5 error=110: Connection timed out
>> Can't connect to port 80 of host db.de.clamav.net (IP: 89.149.194.18)
>> Trying host db.de.clamav.net (194.77.146.139)...
>> nonblock_connect: connect(): fd=5 errno=103: Software caused
>> connection abort
>> Can't connect to port 80 of host db.de.clamav.net (IP: 194.77.146.139)
>> Trying host db.de.clamav.net (195.246.234.199)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 195.246.234.199)
>> Trying host db.de.clamav.net (213.174.32.130)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 213.174.32.130)
>> Trying host db.de.clamav.net (217.115.136.166)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 217.115.136.166)
>> Trying host db.de.clamav.net (217.160.141.39)...
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 217.160.141.39)
>> ERROR: getpatch: Can't download main-43.cdiff from db.de.clamav.net
>> nonblock_connect: connect timing out (30 secs)
>> Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3)
>>
> (this goes on for some pages)
>> Trying host database.clamav.net (194.77.146.139)...
>> nonblock_connect: connect(): fd=9 errno=103: Software caused
>> connection abort
>> Can't connect to port 80 of host database.clamav.net (IP: 194.77.146.139)
>> Ignoring mirror 195.246.234.199 (due to previous errors)
>> Trying host database.clamav.net (213.174.32.130)...
>> Downloading daily-3065.cdiff [0%]
>> daily.inc updated (version: 3065, sigs: 3293, f-level: 14, builder: sven)
>> Database updated (107793 signatures) from database.clamav.net (IP:
>> 213.174.32.130)
>> WARNING: Clamd was NOT notified: Can't connect to clamd through 

[Clamav-users] clamd 0.90.2 crash on scanning PDF

[Christian Kuehn]

12209 open("/tmp/clamav-7edf6b2d4fb468bde61183099d0e1db7/pdfzkgPk4", O_RDONLY) 
= 8
12209 fstat64(8, {st_mode=S_IFREG|0600, st_size=20351, ...}) = 0
12209 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0xb79ff000
12209 read(8, "\0\1\0\0\0\t\0\200\0\4\0pcvt [EMAIL PROTECTED]"..., 8192)
= 8192
12209 read(8, "\2\317\2\317\2\320\2\354\2\371\3\27\3\"\3+\0035\3<\3Y\3"...,
8192) = 8192
12209 read(8, "\4\201\0006\0045\0006\4=\377\272\4=\377\272\4\201\0006"..., 8192)
= 3967
12209 read(8, "", 4096) = 0
12209 read(8, "", 8192) = 0
12209 close(8)  = 0
12209 munmap(0xb79ff000, 4096)  = 0
12209 open("/tmp/clamav-7edf6b2d4fb468bde61183099d0e1db7/pdf2xdDFu",
O_RDWR|O_CREAT|O_EXCL, 0600) = 8
12209 write(8, "/CIDInit /ProcSet findresource b"..., 353) = 353
12209 close(8)  = 0
12209 open("/tmp/clamav-7edf6b2d4fb468bde61183099d0e1db7/pdf2xdDFu", O_RDONLY) 
= 8
12209 fstat64(8, {st_mode=S_IFREG|0600, st_size=353, ...}) = 0
12209 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0xb79ff000
12209 read(8, "/CIDInit /ProcSet findresource b"..., 8192) = 353
12209 read(8, "", 4096) = 0
12209 read(8, "", 8192) = 0
12209 close(8)  = 0
12209 munmap(0xb79ff000, 4096)  = 0
12209 open("/tmp/clamav-7edf6b2d4fb468bde61183099d0e1db7/pdfLjcB0U",
O_RDWR|O_CREAT|O_EXCL, 0600) = 8
12209 --- SIGFPE (Floating point exception) @ 0 (0) ---



clamav 0.90.2
linux
gcc 4.1.0



This happened several times a day, I disable PDF-scanning now.


Kind Regards
Christian


-- 
Christian Kühn
(Technical Consultant / Hostmaster)

==
MCS MOORBEK COMPUTER SYSTEME GmbH
Essener Bogen 17 - 22419 Hamburg - Germany
Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200
E-Mail: [EMAIL PROTECTED]
Web: http://www.mcs.de
Eingetragen im Handelsregister Hamburg B62933
Geschäftsführer: Kai Brandes & Eckard Kabel
GPG 8B52 41A1 4B8F 4DE7 9064  2073 6168 137A 3DDA 0F36
==
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamd 0.90.2 crash on scanning PDF

[Christian Kuehn]

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459


--- Comment #7 from [EMAIL PROTECTED]  2007-04-16 12:59 ---
Fixed in SVN.




Christian Kuehn wrote:

> 12209 close(8)  = 0
> 12209 munmap(0xb79ff000, 4096)  = 0
> 12209 open("/tmp/clamav-7edf6b2d4fb468bde61183099d0e1db7/pdfLjcB0U",
> O_RDWR|O_CREAT|O_EXCL, 0600) = 8
> 12209 --- SIGFPE (Floating point exception) @ 0 (0) ---
> 
> 
> 
> clamav 0.90.2
> linux
> gcc 4.1.0
> 
> 
> 
> This happened several times a day, I disable PDF-scanning now.
> 





-- 
Christian Kühn
(Technical Consultant / Hostmaster)

==
MCS MOORBEK COMPUTER SYSTEME GmbH
Essener Bogen 17 - 22419 Hamburg - Germany
Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200
E-Mail: [EMAIL PROTECTED]
Web: http://www.mcs.de
Eingetragen im Handelsregister Hamburg B62933
Geschäftsführer: Kai Brandes & Eckard Kabel
GPG 8B52 41A1 4B8F 4DE7 9064  2073 6168 137A 3DDA 0F36
==
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamd 0.90.2 crash on scanning PDF

[Christian Kratzer]

Hi,

On Mon, 16 Apr 2007, Christian Kuehn wrote:


https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459


any reason above bug is not publicly visible ???

You are not authorized to access bug #459.


--- Comment #7 from [EMAIL PROTECTED]  2007-04-16 12:59 ---
Fixed in SVN.


The diff in svn looks like this should be rolled into a release asap.

Greetings
Christian


Christian Kuehn wrote:


12209 close(8)  = 0
12209 munmap(0xb79ff000, 4096)  = 0
12209 open("/tmp/clamav-7edf6b2d4fb468bde61183099d0e1db7/pdfLjcB0U",
O_RDWR|O_CREAT|O_EXCL, 0600) = 8
12209 --- SIGFPE (Floating point exception) @ 0 (0) ---



clamav 0.90.2
linux
gcc 4.1.0



This happened several times a day, I disable PDF-scanning now.







--
Christian Kühn
(Technical Consultant / Hostmaster)

==
MCS MOORBEK COMPUTER SYSTEME GmbH
Essener Bogen 17 - 22419 Hamburg - Germany
Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200
E-Mail: [EMAIL PROTECTED]
Web: http://www.mcs.de
Eingetragen im Handelsregister Hamburg B62933
Geschäftsführer: Kai Brandes & Eckard Kabel
GPG 8B52 41A1 4B8F 4DE7 9064  2073 6168 137A 3DDA 0F36
==
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html




--
Christian Kratzer  CK Software GmbH
Email:   [EMAIL PROTECTED]  Schwarzwaldstr. 31
Phone:   +49 7452 889 135  D-71131 Jettingen
Fax: +49 7452 889 136  HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Error after upgrade

[Christian Campbell]

I Upgraded from 0.88.6 to 0.90.3.  I did a make uninstall of 0.88.6 and then
built 0.90.3 from source.
 
No errors during compile.  When I run clamscan or freshclam, I'm receiving:
 
clamscan: error while loading shared libraries: libclamav.so.2: cannot open
shared object file: No such file or directory
 
Not sure where to proceed from here.
 
I'm on Fedora Core 6 (2.6.18-1.2849.fc6).
 
Any help appreciated.
 
Christian
 
 
 
Christian Campbell
Systems Engineer
 
Bruegger's Enterprises Inc.
Desk: 802-652-9270
Cell: 802-734-5023
Fax: 802-660-4034
 
Email: ccampbell at brueggers dot com
 
PGP Public Key available via PGP keyservers or
http://www2.brueggers.com/pgp/ccampbell.html
 
"We all know Linux is great...
it does infinite loops in 5 seconds."
--Linus Torvalds
 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] announcing ClamAV 0.92

[Christian Kratzer]

Hi,

On Tue, 18 Dec 2007, Mark wrote:

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gerard
> Sent: dinsdag 18 december 2007 13:21
> To: clamav-users@lists.clamav.net
> Subject: Re: [Clamav-users] announcing ClamAV 0.92
>
>> Precisely whydo you feel you have to install it from the
>> source code?
>
> Precisely because 0.92 isn't in de ports yet. :)

a patch is available as of just now:

http://www.freebsd.org/cgi/query-pr.cgi?pr=118814

Greetings
Christian

-- 
Christian Kratzer  CK Software GmbH
Email:   [EMAIL PROTECTED]  Schwarzwaldstr. 31
Phone:   +49 7452 889 135  D-71131 Jettingen
Fax: +49 7452 889 136  HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] What account is expired ???

[Christian Eichert]

Hello

I have installed clamav on top of my debian machine
I get some warnings like this :

Starting ClamAV daemon: clamd Your account has expired; please contact 
your system administrator

su: User account has expired

I am running clamd as root and my root account cannot expire.
Can someone help me please?

FYI I been searching the http://lurker.clamav.net/list/clamav-users.html 
but couldnt find any reff to my expierd root account.


mfg
Christian eichert
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] STRANGE BUT SOLVED => Re: What account is expired ???

[Christian Eichert]

Török Edwin schrieb:

On 2008-09-24 19:23, Christian Eichert wrote:
  

Hello

I have installed clamav on top of my debian machine
I get some warnings like this :

Starting ClamAV daemon: clamd Your account has expired; please contact
your system administrator
su: User account has expired

I am running clamd as root and my root account cannot expire.
Can someone help me please?

FYI I been searching the
http://lurker.clamav.net/list/clamav-users.html but couldnt find any
reff to my expierd root account.




Perhaps you have a clamav user, and that account has expired?

Best regards,

Its strabge but its solved.

It seems like the fialure comes from a dpkg-reconfigure command I gave 
to switch to root from clamav
and it seems like the /etc/clamav/clamav.conf and 
/etc/clamav/clamav-freshclam.conf are not updated corectly


in clamav.conf was still User:clamav

solved :)





___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] SCO virus - Clam 0.65

[christian laubscher]

> As the reply to is spoofed, this makes no sense at all (and i am getting 
> lots of bounces).  How do we stop this happening?

if it's clamav-milter:

- do away with the smfi_setreply statement (at or near line 1524)

- set 'rc = SMFIS_DISCARD;' (instead of SMFID_REJECT) (at or near line 
1522)

seems to run here ok.

-- 


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] all this "complaining" about 0.65 vs CVS ...

[christian laubscher]

On Tue, Feb 10, 2004 at 08:53:48AM -0800, OpenMacNews wrote:
[...]
> just one man's opinion.

you are not alone - heartily seconded!

-- 


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ClamAV SuSE RPM

[Christian Barmala]

Hi

Does anyone know, where I can get ClamAV as an .rpm or preferable an .srpm
file for SuSE Linux 9.0? If it shouldn't be available, is there a .spec file
and an /etc/init.d script that can be easily adapted to SuSE? I found
versions for Mandrake and PLD, but I have the impression it's easier to
write something for SuSE from scratch than to convert these files, which
contain already some customization for different distributions.

Christian





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: ClamAV SuSE RPM

[Christian Barmala]

Hi Itzchak,

"Itzchak Rehberg" <[EMAIL PROTECTED]> wrote:

> I have build an RPM for SuSE 8.2 and I can make it available for
> download on my web/ftp server.

The srpm would be especially interesting, because I could make adaptions to
SuSE 9.0 or upcoming 9.1 and if necessary and rebuild it with the latest
ClamAV version. In any case this would be easier than starting from scratch
or from a differen Linux distribution. Of course I would also provide the
results to the community.

Which environment does your rpm expect? Postfix+AMaViS, Sendmail+Milter,
generic?

Christian





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: ClamAV SuSE RPM

[Christian Barmala]

Hi Itzchak,

"Itzchak Rehberg" <[EMAIL PROTECTED]> wrote:

> I have build an RPM for SuSE 8.2 and I can make it available for
> download on my web/ftp server.

The srpm would be especially interesting, because I could make adaptions to
SuSE 9.0 or upcoming 9.1 and if necessary and rebuild it with the latest
ClamAV version. In any case this would be easier than starting from scratch
or from a differen Linux distribution. Of course I would also provide the
results to the community.

Which environment does your rpm expect? Postfix+AMaViS, Sendmail+Milter,
generic?

Christian





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam not updating.

[christian laubscher]

> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES

from the *fine* manual (docs/node10.html):

__cut__
The following packages are optional but highly recommended:

[...]

GNU MP 3

It's very important to install the GMP package because it allows
freshclam to verify the digital signature of the virus database.
If freshclam was compiled without GMP support it will display
"SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES" on every
update. You can download GNU MP
http://www.swox.com/gmp>

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam not updating.

[christian laubscher]

> ClamAV update process started at Mon Apr 19 10:16:50 2004
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
> 
> That's all it does.

btw: nothing in the log(s)?

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam not updating.

[christian laubscher]

> Strange that it used to update perfectly. I haven't changed a thing. Is
> this package really neccesary for freshclam?

for the warning to go away: yes.

as far as i can see in the code (freshclam/manager.c-downloadmanager()) 
the warning is not meant to hinder downloads though.

if you have download problems, then you may have other problems than 
the warning - maybe a newly established proxy/firewall?

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam not updating.

[christian laubscher]

> --
> ClamAV update process started at Tue Apr 20 06:30:00 2004
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
> main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
> tkojm)
> daily.cvd is up to date (version: 269, sigs: 927, f-level: 1, builder:
> tomek)
> --

it's as updated as mine is - everything seems to be allright. :-)

> The first one is a manual "freshclam" from the commandline, the second
> one is automated in a cron and the third one is again manually.
> So it does work somehow. How long can an update take? Or can anything
> else be wrong?

how did you come to the conclusion something is 'wrong'?

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam not updating.

[christian laubscher]

> Because when I entered "freshclam" before, it used to update in 10
> seconds. Now I can wait for hours when I enter "freshclam"  manually and
> still nothing.

oh. :-(
here it takes 2 to 5 seconds, just tried; i would expect your problem 
to be related to a dns/proxy/firewall issue, not to freshclam.

sorry to be of no help.

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Re: ClamAV SuSE RPM

[Christian Barmala]

Hi Nigel,

"Nigel Horne" <[EMAIL PROTECTED]> wrote:
> There is no need for a SuSe RPM, the SuSe startup script is
> included in the CVS source - look at .../clamav/contrib/init/SuSE

Found it! Great! Thank you! But I still consider an srpm useful.
It provides more than the init script.

Christian





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav error

[christian laubscher]

> In which way 0.68 (our running version) is "OUTDATED" ? 

CL_FLEVEL is still1 (2 in 0.70) in libclamav/others.c

that's why the developers told us to upgrade on or before 04-24, 
iirc...

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: ClamAV SuSE RPM

[Christian Barmala]

Hi Nigel,

On 20.04.2004 "Nigel Horne" <[EMAIL PROTECTED]> wrote:
> There is no need for a SuSe RPM

I discovered
ftp://ftp.suse.com/pub/suse/i386/9.1/suse/src/clamav-0.67-30.src.rpm from
April 6 and the spec file lists you as an author. Why did you create this if
you think there is no need for it?


To rebuild the package under SuSE 9.0 with clamav-0.70 I had to
remove the "BuildRequires" line
change the patch file to fit the conf file
change the line %doc [A-Z]*  to the actual file names.

Do you see any issues that I might have overlooked?

Christian Barmala







---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Trying to install on old machine

[Christian Hack]

I'm running an old RH6.2 based box, which does most things OK for now (it's
still kernel 2.2 though). I'm looking to upgrade soon, but would like to get
ClamAV going on it for now.

When I run configure, I get these errors:
checking pthread.h usability... no
checking pthread.h presence... yes
configure: WARNING: pthread.h: present but cannot be compiled
configure: WARNING: pthread.h: check for missing prerequisite headers?
configure: WARNING: pthread.h: proceeding with the preprocessor's result
checking for pthread.h... yes

but it continues on. When I run make I get:

/bin/sh ../libtool --mode=compile
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib-g -O2 -c -o others.lo
`test -f 'others.c' || echo './'`others.c
rm -f .libs/others.lo
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -g -O2 -c
others.c -Wp,-MD,.deps/others.TPlo  -fPIC -DPIC -o .libs/others.lo
In file included from others.c:43:
/usr/include/pthread.h:141: parse error before `*'
/usr/include/pthread.h:143: `pthread_create' declared as function returning
a function

followed by a big bunch of errors.

The same errors appear in my config.log. Rather than attach it, I have
placed it here:
http://edmi.com.au/config.log

Am I asking too much from my old machine?

CH



---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamav-milter, kill pid not working

[christian laubscher]

> in linux: killall -qw /path/to/clamav-milter

here (slack 9.1,, 2.4.24, sendmail 8.12.10) clamav-milter never honours 
a TERM signal (which is sent by killall by default).

it always has to be SIGKILL'ed.
i get bad feelings when testing... ;-)

-- 


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamd crash triggered by THIS list

[christian laubscher]

On Tue, Jun 01, 2004 at 01:41:08AM -0500, Damian Menscher wrote:

> May 31 11:36:23 astro clamd[1002]: Segmentation fault :-( Bye..

> So... the message that broke it was sent to this list, specifically the
> message from Samuel Benzaquen with timestamp:
> Date: Mon, 31 May 2004 11:16:12 -0400

same happened here.
.070/.70j, no patch, slack 9.1

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter + sendmail won't talk to each other

[Simon Christian]

At 06:53 PM 6/10/2004, you wrote:
Hi
At 17:03 06.10.2004 +1000, you wrote:
>...
>
>I start clamd by just typing "/usr/local/sbin/clamd". Is there a problem 
with that?

If the config file is where clamd expects it, no. I just provide it for 
clarity.
Does the LocalSocket exist and what are the permissions?

sorry that my replies a so intermittent, however, yes the config file is 
where clamd expects it to be, the local socket is in /var/run/clamav/ which 
is a directory owned by the clamav user/group. Sendmail is running as root 
so it should have no trouble getting access to the socket.

The error message hasn't come up again but in the maillog i get this:
 sendmail[4282]: i9B3BBdP004282: Milter: data, reject=451 4.3.2 Please try 
again later

any ideas.
Cheers
Simon
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-milter + sendmail won't talk to each other

[Simon Christian]

At 10:10 PM 11/10/2004, you wrote:
At 12:30 11.10.2004 +1000, you wrote:
At 06:53 PM 6/10/2004, you wrote:
Hi
At 17:03 06.10.2004 +1000, you wrote:
>...
>
>I start clamd by just typing "/usr/local/sbin/clamd". Is there a 
problem with that?

If the config file is where clamd expects it, no. I just provide it for 
clarity.
Does the LocalSocket exist and what are the permissions?
sorry that my replies a so intermittent, however, yes the config file is 
where clamd expects it to be, the local socket is in /var/run/clamav/ 
which is a directory owned by the clamav user/group. Sendmail is running 
as root so it should have no trouble getting access to the socket.

The error message hasn't come up again but in the maillog i get this:
 sendmail[4282]: i9B3BBdP004282: Milter: data, reject=451 4.3.2 Please 
try again later

any ideas.
Cheers
Simon
Restart clamd and clamav-milter in that order.
Sasa Stupar
___

Ok, Simply restarting didn't work. I am still getting the same error 
message, see above, sendmail is working just fine when clamav-milter isn't 
active. This problem has become very frustrating .. Anyway, could 
someone please give me some reasons why this error might occur.

Cheers
Simon
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] clamav-milter + sendmail won't talk to each other

[Simon Christian]

There's some confusion here.
There need to be TWO sockets.  One is for clamd.  The other is for 
clamav-milter.
sendmail.mc needs to point to the clamav-milter socket.  clamav-milter 
needs to produce this socket for sendmail, and also know where the clamd 
socket is.

It works like this:
sendmail -> clamav-milter.sock
clamav-milter -> clamd.sock
clamd scans and passes the result back to clamav-milter
clamav-milter tells sendmail what to do
sendmail.mc should have
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/milter.sock, F=T, 
T=S:4m;R:4m')dnl

/etc/clamav.conf (or clamd.conf for 8.x) should have
LocalSocket /var/run/clamav/clamd.sock
start clamd as
/usr/local/sbin/clamd
start clamav-milter as
/usr/local/sbin/clamav-milter -Cfq /var/run/clamav/milter.sock
FIRST start clamd, SECOND start clamav-milter, FINALLY start sendmail
[EMAIL PROTECTED]  805.964.4554 x902

Thankyou very much, that was the problem, I'd specified the same socket for 
both the communication between clamd/clamav-milter and 
clamav-milter/sendmail. Thanks to everyone else for thier suggestions also.

A now much relieved and somewhat embarrased
Simon :P

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] double quarantine?

[christian laubscher]

since rc3, maybe caused by my adapting all new config files, mails 
containing virus' are kept twice in quarantine; once as 'msg.xx' 
and once as 'msg.xx.virusname'.

most likely i did something stupid and/or misread some new 
documentation.

(slackware 9.1, sendmail 8.12.10, 0.80rc3 with clamav-milter 0.80c)

rtfms welcome!

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamav-milter + sendmail won't talk to each other

[Simon Christian]

Hi all,
I've been trying to get clamav-milter working with sendmail 8.13.1 on a 
linux box for a couple of days, but i continue to get the following error 
message in the system logs when sending email through it:


Oct  4 16:13:04 localhost clamav-milter[16955]: recv failed from clamd 
getting PORT

There are no error message when starting sendmail or clamav-milter.
I start clamav-milter with the following command line:
clamav-milter --max-children=2 --quiet -olb local:/temp/clmilter.sock
/temp is a directory that the "clamav" user owns
Here is a listing of my sendmail.mc file:
**
divert(-1)
divert(0)dnl
VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
define(`DATABASE_MAP_TYPE', `hash')
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
INPUT_MAIL_FILTER(clmilter,S=local:/temp/clmilter.sock,F=T, T=S:4m;R:4m)dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')dnl
MAILER(local)dnl
MAILER(smtp)dnl

The LocalSocket entry for clamd is as follows:
LocalSocket /temp/clmilter.sock
It would be much appreciated if someone could tell me what I'm doing wrong.
Cheers,
Simon
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-milter + sendmail won't talk to each other

[Simon Christian]

Hello again,
I am still getting the below message after starting clamd clamav-milter and 
sendmail in that order. clamd and clamav-milter start without any errors 
being reported in either clamd.log or /var/log/messages. When I start 
sendmail, which starts without error itself I get the error message below 
from clamav-milter.

"localhost clamav-milter[]: recv failed from clamd getting PORT"
Can someone please tell me what could be the reason for this error or how 
to fix it.

I start clamav-milter with the following command line:
clamav-milter -ol local:/var/run/clamav/clmilter.sock
Here is a listing of my sendmail.mc file:
**
divert(-1)
divert(0)dnl
VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
define(`DATABASE_MAP_TYPE', `hash')
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, 
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')dnl
MAILER(local)dnl
MAILER(smtp)dnl


The LocalSocket entry for clamd is as follows:
LocalSocket /var/run/clamav/clmilter.sock

Cheers,
Simon
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-milter + sendmail won't talk to each other

[Simon Christian]

At 05:00 PM 6/10/2004, you wrote:
At 15:30 06.10.2004 +1000, you wrote:
>Hello again,
>
>I am still getting the below message after starting clamd clamav-milter 
and sendmail in that order. clamd and clamav-milter start without any 
errors being reported in either clamd.log or /var/log/messages. When I 
start sendmail, which starts without error itself I get the error message 
below from clamav-milter.
>
>
>"localhost clamav-milter[]: recv failed from clamd getting PORT"
>
>
>Can someone please tell me what could be the reason for this error or 
how to fix it.

Again, sendmail and clamav_milter do talk to each other, _but_ did you 
start clamd?
It looks like clamav_milter cannot talk to clamd. How do you start clamd?

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

I start clamd by just typing "/usr/local/sbin/clamd". Is there a problem 
with that?

Simon

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] milter version

[christian laubscher]

when i enter 'clamd -V' i get a version line reflecting the i get a 
version line indicating the current database version, eg .../535/..., 
currently.

the clamav-milter X-Virus-Scanned lines, however, seem to reflect the 
version feedback of clamd when the milter was started, not the current 
one.

since the pingServer function seems to be only called at initialization 
time, i presume this is a feature, not a bug - although it would be 
much more informative to have the X-Virus-Scanned line reflect the 
clamd version info valid at scanning time, not the historic one, imho?

btw: thank you for an *excellent* piece of software!

christian

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamav-milter kill

[christian laubscher]

not a bug, but maybe a samll wish for a small feature:

being a devout user of clamav-milter, and changing my clamav package 
ever so often upon the current recommendations of the development team, 
i always try to shutdown sendmail, calamav-milter, freshclam, and clamd 
prior to replacing the clamav package.
for killing the clamav components, i use the .pids in /var/run/clamav/.

while frechclam and clamd gracefully stop, clamav-milter doesn't - i am 
doing something wrong or am i simply expecting to much? i always have 
to issue SIGKILL to shutdown clamav-milter...

when looking at the code, i can easily find the event signal handling 
code for both clamd and freshclam, though not so for clamav-milter.

i guess it would be simpler for a lot of users if 
'kill `cat /var/run/clamav/clamav-milter.pid`
would get honoured.

a big 'thank you' to the developers!

-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamd performance on Solaris vs Linux

[christian laubscher]

On Fri, Oct 29, 2004 at 09:11:26AM +0100, Nigel Horne wrote:

> clamAV does a LOT of malloc/frees especially when decoding emails.

maybe dlmalloc could help?



-- 
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] freshclam problems

[Christian Campbell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Running ClamAV 0.80.  When doing a freshclam via cron or
command-line, I get the following output:

ClamAV update process started at Thu Dec 23 10:19:19 2004
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3,
builder: tomek)
Downloading daily.cvd [*]
ERROR: Verification: Broken or not a CVD file
Trying again...
ClamAV update process started at Thu Dec 23 10:19:22 2004
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3,
builder: tomek)
Downloading daily.cvd [*]
ERROR: Verification: Broken or not a CVD file
Trying again...
ClamAV update process started at Thu Dec 23 10:19:25 2004
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3,
builder: tomek)
Downloading daily.cvd [*]
ERROR: Verification: Broken or not a CVD file
Giving up...
ClamAV update process started at Thu Dec 23 10:19:27 2004
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3,
builder: tomek)
Downloading daily.cvd [*]
ERROR: Verification: Broken or not a CVD file
Trying again...
ClamAV update process started at Thu Dec 23 10:19:31 2004
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3,
builder: tomek)
Downloading daily.cvd [*]
ERROR: Verification: Broken or not a CVD file
Trying again...
ClamAV update process started at Thu Dec 23 10:19:34 2004
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3,
builder: tomek)
Downloading daily.cvd [*]
ERROR: Verification: Broken or not a CVD file
Giving up...

I have added to freshclam.conf:

DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.us.clamav.net
DatabaseMirror database.clamav.net

I have recompiled and installed resulting in same errors.  This
started a few days ago, with no changes to the system.  ClamAV
is currently scanning and catching viruses with no problems.

Any suggestions?  Thanks.

Christian

Christian Campbell 
Systems Engineer, Sair LCP, A+, N+, i-Net+ 
Bruegger's Enterprises 
Desk: 802-652-9270 
Cell: 802-734-5023 
Fax: 802-660-4034 
Email: ccampbell at brueggers dot com 
 
PGP Public Key available via PGP keyservers 
or http://www2.brueggers.com/pgp/ccampbell.html

"We all know Linux is great... 
It does infinite loops in 5 seconds." 
  -Linus Torvalds 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3-nr1 (Windows XP) - GPGshell v3.10

iD8DBQFByuQVbedHH5VEUwcRAuZNAJ9lzhbRiNx32u68arNkZ2bOXJR4wgCg2ICD
ka6twEAnodhcKtVIbmkSXFc=
=lvjn
-END PGP SIGNATURE-
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] freshclam .81rc1

[christian laubscher]

i am running freshclam as a daemon with 25 updates a day.

was always running smooth and reliably. :-)

since .81rc1, however, freshclam kind of 'freezes' after an update; though 
it seemingly updates the database, it doesn't notify clamd, as per  
freshclam.log and clamd.log, and it no longer gets its signal 14 from then 
on.

funny thing: if i'm killing it, it says 'terminating', and *afterwards* 
it logs the lines "clamd successfully notified' and '-' that should 
have written an hour ago.

it takes a second kill to really go away and make place for a new copy. ;-)

as i have changed nothing in my confs: what have i possibly done wrong?


but: thank you for clamav!
i am running small sendmail/clamav-milter operation *very* reliably for 
quite some time now.

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] freshclam .81rc1

[christian laubscher]

On Sun, Jan 23, 2005 at 02:35:03PM +0100, Tomasz Kojm wrote:

[...]
> /* #define SESSION */ /*
[...]
> recompile, install, restart, and let us know if it fixes the problem.

thank you - done.
i'll wait for the next few updates and let you know.

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] freshclam .81rc1

[christian laubscher]

On Sun, Jan 23, 2005 at 01:47:41PM +, Nigel Horne wrote:

> Are you running BSD?

sorry for having left out information i thought not relevant:

slack 9.1, sendmail 8.12.10, gcc 3.2.3, libc 2.3.2.
board is 440bx-ish, pentium-ii (deschutes) stepping 2.

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] freshclam .81rc1

[christian laubscher]

On Sun, Jan 23, 2005 at 02:12:49PM +, Nigel Horne wrote:
> > slack 9.1,
> Is that Linux? Interesting, I've never heard of this problem
> on Linux, only BSD.

it's a vanilla 2.4.26 linux kernel.

and: i *never* had freshclam hangs before .81rc1, and on two out of three 
db updates since.

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] freshclam .81rc1

[christian laubscher]

On Sun, Jan 23, 2005 at 02:35:03PM +0100, Tomasz Kojm wrote:

[...]
> /* #define SESSION */ /*
>  * Keep one command connection open to clamd, otherwise
> a new * command connection is created for each new email
>  */
> 
> recompile, install, restart, and let us know if it fixes the problem.

it just handled the third update since above change without hanging - seems 
the session thing really did the trick - thankxalot! :-)

btw: would this imply that my system is somehow 'wrong', os- or otherwise?

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] SESSION BUG?

[Christian Hilgers]

Hi,

I think there is a bug in clamd.

I'm using SuSE 9.1 and the nightly clamav built. I tied different versions
also.

Clamed hangs if you send

SESSION
STREAM

as fast as possible. You get no response. You have to send STREAM again.
If you insert a delay between SESSION and STREAM everything works fine.

Furthermore clamd blocks complete. You can connect to a new session but you
get no answer on any command.

Bye

Christian

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] SESSION BUG - PERFORMANCE?

[Christian Hilgers]

> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] Im Auftrag von Trog
> Gesendet: Monday, January 31, 2005 3:14 PM
> An: ClamAV users ML
> Betreff: Re: [Clamav-users] SESSION BUG?
> 
> 
> On Mon, 2005-01-31 at 15:12 +0100, Christian Hilgers wrote:
> > Hi,
> > 
> > I think there is a bug in clamd.
> > 
> > I'm using SuSE 9.1 and the nightly clamav built. I tied 
> different versions
> > also.
> > 
> > Clamed hangs if you send
> > 
> > SESSION
> > STREAM
> > 
> > as fast as possible. You get no response. You have to send 
> STREAM again.
> > If you insert a delay between SESSION and STREAM everything 
> works fine.
> > 
> 
> It's a known limitation.

Will this be fixed?

I did some performance testing when using SESSION.
The first scan is ok but then the performance gets bad.

This is the time (s) for scanning (excluded time for transfer to socket)

first file:
28K:0.000151

second file:
28K:0.039568


This is a test with 0 Byte Files

0.000142 (first)
0.032147 (second)
0.032142 (third)

Ist this also a known problem?


Thank you.

Christian

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

AW: [Clamav-users] SESSION BUG - PERFORMANCE?

[Christian Hilgers]

> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] Im Auftrag von Trog
> Gesendet: Monday, January 31, 2005 5:22 PM
> An: ClamAV users ML
> Betreff: RE: [Clamav-users] SESSION BUG - PERFORMANCE?
> 
> 
> On Mon, 2005-01-31 at 16:06 +0100, Christian Hilgers wrote:
> 
> > > 
> > > It's a known limitation.
> > 
> > Will this be fixed?
> 
> I expect so, when the protocol is replaced with something else.
> 
> > 
> > I did some performance testing when using SESSION.
> > The first scan is ok but then the performance gets bad.
> > 
> > This is the time (s) for scanning (excluded time for 
> transfer to socket)
> > 
> > first file:
> > 28K:0.000151
> > 
> > second file:
> > 28K:0.039568
> > 
> > 
> > This is a test with 0 Byte Files
> > 
> > 0.000142 (first)
> > 0.032147 (second)
> > 0.032142 (third)
> > 
> > Ist this also a known problem?
> 
> That seems to be a result of kernel scheduling or socket handling.
> 
> I can reproduce it, but I can also cancel it out by adding a sleep(1)
> before closing the stream socket, i.e. by forcing a schedule 
> before the
> scanning starts.

I guess it is scheduling problem too, but I think it's up to clamd. Maybe it
is caused by pthread?

I did some further testing:

You can put the sleep wherever you want to fix it.
A for loop can also cancel it out.
A sched_yield() only works with a high CPU load on the system!

I tried it with two computers and a "real" socket connection. I got the same
results. The second run is slower. 

Christian

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamav-milter .83

[christian laubscher]

using clamav-milter .83 i get:
X-Virus-Scanned: ClamAV version 0.83, clamav-milter version 0.83 on ...
while using .82 i got:
X-Virus-Scanned: ClamAV version 0.82/databaselevel/databasedate on ...

i thought the .82 contents quite interesting - maybe the two info types 
could be merged, somehow, in a later version?

and my sincere thanks to the clamav tean for a *very* useful package, and 
signature service - working here reliably day in, day out!
(slack 9.1/linux 2.4.26, sendmail 8.12.10, clamav-milter w/o clamd)

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-milter .83

[christian laubscher]

[...]
> > X-Virus-Scanned: ClamAV version 0.83, clamav-milter version 0.83 on ...
[...]
> 
> That is because SESSION is no longer used by default.

oh - i misread the man page then:
"The default build is for SESSION to be enabled."
;-)

anyway - thanks!

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-milter .83

[christian laubscher]

> > using clamav-milter .83 i get:
> > X-Virus-Scanned: ClamAV version 0.83, clamav-milter version 0.83 on ...
> > while using .82 i got:
> > X-Virus-Scanned: ClamAV version 0.82/databaselevel/databasedate on ...
> > 
> > i thought the .82 contents quite interesting - maybe the two info types 
> > could be merged, somehow, in a later version?
> 
> That is because SESSION is no longer used by default.
> 

i now uncommented the `#define SESSION`, and i've got back what i have been 
missing. :-)

not meaning to annoy you -just for my understanding - please ignore this 
question if it's too stupid or too academic:

in .81rc1, i had to comment out the `#define SESSION` (freshclam freeze); 
in .82, not using clamd anymore, the enabled `#define SESSION` didn't hurt 
anymore (as it doesn't, seemingly, in .83).

but i'm not using clamd, so what's the difference between keeping a session 
open with something i haven't got, and having no session, at all?

#define SESSION /*
 * Keep one command connection open to clamd, otherwise a new
 * command connection is created for each new email
 *
 * FIXME: When SESSIONS are open, freshclam can hang when
 *  notfying clamd of an update. This is most likely to be a
 *  problem with the implementation of SESSIONS on clamd.
 *  The problem seems worst on BSD.
 */

thank you for your patience!

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] No announcement of 0.83 on clamav-announce ML

[christian laubscher]

On Tue, Feb 15, 2005 at 06:40:42PM -0700, Hal Goldfarb wrote:
> [...]   I also think RPM binaries 
> should be made available before an official release.  [...]

please not!

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] freshclam and milter --internal notification

[christian laubscher]

On Sun, Feb 20, 2005 at 10:47:53AM -0600, Damian Menscher wrote:

[...]
> freshclam[26975]: ERROR: Clamd was NOT notified: No socket specified in
> /usr/local/encap/clamav-0.83/etc/clamd.conf

may freshclam.conf still contains a 'NotifyClamd directive?
or rather, the invocation of freshclam specifies a '--daemon-notify' 
option?

> Now, clamav-milter will still see the updates, right?  [...]
i guess it does; id did so, here.

-- 
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav milter: loading new database

[christian laubscher]

i am running .83, clamav-milter w/o clamd, freshclam on slack 9.1.
low load, but persistent flow of incoming messages ( a few hundred mails 
a day, no bad peaks).

normally, shortly after a successful freshclam update, clamav milter logs 
a 'loading new database' message and the x-virus-scanned line is updated, 
accordingly.

the 761 update (by freshclam) happened here at 2005-03-10-22.25.59 cet; 
the update was successful (checked by sigtool -i).

but in the hours passed by since, clamav-milter doesn't seem to have seen 
the new version; no 'loading new database' was logged, and the 
x-virus-scanned line still reflects the 760 version.

as this is happening for the first time: am i doing something wrong?
and: how can i 'force' clamav-milter to reload the new database?

tia!

-- 
___
http://lurker.clamav.net/list/clamav-users.html