[Clamav-users] Re: clamav-milter compilation problems again

On Wednesday 04 Feb 2004 11:29 pm, Stevens, John wrote: >> Anyhoo, I cannot find a reference to in_port_t in any of the many in.h >> files on my system. Remember, it is a Cobalt (Sun) RAQ3 box, pretty close >> to redhat linux. So if there is a package or glibc update that I should >> have, plea

[Clamav-users] clamav-devel build error

Heya all, CVS update as of about 40 seconds ago fails when running configure. config.status: error: cannot find input file: clamav-config.h.in Missing file in the CVS tree? -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://ww

[Clamav-users] Clamav stalls randomly

Running debian with ClamAV version devel-20040114, clamav-milter version 0.66d. Im finding clamav very unstable. It have happend several time that the mailserver doesnt function anymore. I've found out so far that its clamav which's not working. I have to kill any process (clamd / milter) and

[Clamav-users] Re: Fresclam not updating on Win32 because of MD5 Verification error

On 06/02/2004 11:49, Ignasi Prat wrote: The error freshclam issues is: ERROR: Verification: MD5 verification error. Having a look at 'manager.c' we can see that the routine that checks '.cvd' file is 'cl_cvdverify': /* temporary file is created in clamav's directory thus we don't need *

RE: [Clamav-users] Can't seem to get clamav-milter to scan mail

Eduardo Kaftanski wrote: > even if you r are running on fedora you need to > make sure the package sendmail-cf is installed. > > do a rpm -qi sendmail-cf to see if its installed. if its not, you > can get it in one of the CDs... Yep, I have sendmail-cf installed and the

RE: [Clamav-users] Clamav-milter runaway process problems

Nigel Horne wrote: > On Friday 06 Feb 2004 5:28 pm, Michael St. Laurent wrote: > >> clamav-milter: (-q && !LogSysLog): warning - all interception message >> methods are off > > Best to add LogSyslog in clamav.conf while you're testing. Actually > there's no reason not t

[Clamav-users] Using clamdscan in procmail

If we are running clamav using individual user .procmailrc files, is it advisable to only invoke the scan if the email contains an attachment / multipart to save on the overhead of scanning all email? Currently, we use this simple procmail entry: :0 * multipart { VIRUS=`/usr/local/bin/clamdscan

Re: [Clamav-users] Can't seem to get clamav-milter to scan mail

On Fri, Feb 06, 2004 at 12:35:59PM +0100, Kri??tof Petr wrote: > Michael St. Laurent wrote: > > >These instructions are: > > > > > > clamav-milter rpm package for Fedora Core 1 > > === > > > > > [..] > >

Re: [Clamav-users] clamav-milter (wish, format of message to postmaster)

On Friday 06 February 2004 15:20, Nigel Horne wrote: > > What do you think about add full header of infected > > message to message for postmaster ? > > No need, Was I change your opinion ? :-) I hope yes... Header of infected message in report to postmaster is very useful. I persist. :-) --

Re: [Clamav-users] Clamav-milter runaway process problems

On Friday 06 Feb 2004 5:28 pm, Michael St. Laurent wrote: > clamav-milter: (-q && !LogSysLog): warning - all interception message > methods are off Best to add LogSyslog in clamav.conf while you're testing. Actually there's no reason not to have that in permanently. > To me that sounds like some

RE: [Clamav-users] Clamav-milter runaway process problems

Nigel Horne wrote: > I can see nothing wrong here. So try this: enable debug and foreground > in clamav.conf. Restart clamav-milter by hand from the hash prompt (by > hand I mean not through a /etc/init.d script) and see if it shows up > any issues. > > I take it you're

RE: [Clamav-users] Can't seem to get clamav-milter to scan mail

Krištof Petr wrote: > Michael St. Laurent wrote: > >> These instructions are: >> >> >>clamav-milter rpm package for Fedora Core 1 >>=== >> >> > [..] > > And are you runni

Re: [Clamav-users] Can't seem to get clamav-milter to scan mail

Hi! On Fri, 6 Feb 2004, Nigel Horne wrote: NH>On Friday 06 Feb 2004 12:08 am, Michael St. Laurent wrote: NH> NH>> > If you do a ps is clamav-milter running? NH>> NH>> Yes. ps -elf | grep clamav-milter returns: NH> NH>Nothing springs to mind, I'm sorry to say. NH> NH>So try this, enable debug and

Re: [Clamav-users] eicar test

On Friday 06 Feb 2004 2:42 pm, Krištof Petr wrote: > None of test # 1 - 15 goes through. All was stopped. > clamd 20040206 + clamav-milter version 0.66k Phew, you had me worried for a bit! > Nigel, thank you. You're welcome. > Petr -Nigel -- Nigel Horne. Arranger, Composer

Re: [Clamav-users] MD5 error

Ignasi Prat wrote: It must be noticed that main.cvd that is already updated is downloaded and compared correcly. MD5 verification ? download routines that don't work here ? Don't know about that, Machine here is a PII-333 running WinXP. This binary was compiled on P4 XP, tested on another P4

Re: [Clamav-users] MD5 error

gt; > > > > > I don't think so. He only got the problem this morning. > As for your Win32, however, try my precompiled package > > http://clamav.or.id/snapshot/clamav-devel-latest.cygwin.zip > > Instructions on http://clamav.or.id/ > > Built from devel-200402

Re: [Clamav-users] clamav-milter (notifications setup)

On Friday 06 February 2004 02:50, Nigel Horne wrote: > > # ps ax|grep clamav-mi > > 22331 ?SN 0:00 clamav-milter -obl local:/var/run/clmilter.sock > > -p [EMAIL PROTECTED] --postmaster-only > > Try setting the options *before* the socket name, thus: > clamav-milter -obl [EMAIL P

Re: [Clamav-users] eicar test

retry. As has been discussed at great length here, the binhex code was rewritten a couple of days ago. Done. None of test # 1 - 15 goes through. All was stopped. clamd 20040206 + clamav-milter version 0.66k Nigel, thank you. Petr --- The

Re: [Clamav-users] Accessing the virus-db via php or perl

Hi Luc, On Fri, Feb 06, 2004 at 02:27:39PM +0100, Luc de Louw wrote: > > > >Luc could also just unpack the database (via "sigtool -u") each time it > >is updated, and work with the plain text list ? It wastes a bit of disk > >space, but on the other hand it doesn't require a "bleeding edge" versio

Re: [Clamav-users] eicar test

Recently I read somewhere(this list?) about a website that can send eicar tests in different formats to an email address. www.testvirus.org. Tried it too.. Tests 7 and 10 pass through. (but they are catched by our extension filter) The additional tests that fail are: #17 Outlook 'Space Gap' vuln

Re: [Clamav-users] clamav-milter (wish, format of message to postmaster)

On Friday 06 February 2004 17:54, Sergey wrote: > Sorry, rejected with generate error to sender (and postmaster)... More sorry: to sender via SMTP (eq Reject message "550 5.7.1 Virus detected by Clam AV - http://clamav.elektrapro.com";) -- Regards, Sergey

Re: [Clamav-users] clamav-milter (wish, format of message to postmaster)

On Friday 06 February 2004 17:13, Sergey wrote: > It's bad way in some situations. On medium on big relay > quarantine is not good. Infected message must be dropped Sorry, rejected with generate error to sender (and postmaster)... :-) -- Regards, Sergey

Re: [Clamav-users] clamscan complains

On Fri, 6 Feb 2004 14:55:53 +0300 (EAT) "Japhet Samson" <[EMAIL PROTECTED]> wrote: > `disposition-notification' LibClamAV Warning: Multipart MIME message > contains no parts LibClamAV Warning: Illegal character < > in base64 > encoding LibClamAV Warning: Illegal character < > in base64 encoding >

Re: [Clamav-users] MD5 error

On Fri, 6 Feb 2004 08:03:57 +0200 Thomas Kinghorn <[EMAIL PROTECTED]> wrote: > Hi List. > > > My platform is RH8, using clamav0.65 > > This morning I got the log message below: > > > ERROR: Verification: MD5 verification error. > > This is the first time this has happened. > Are there any is

Re: [Clamav-users] Fresclam not updating on Win32 because of MD5 Verification error

On Fri, 6 Feb 2004 12:49:20 +0100 "Ignasi Prat" <[EMAIL PROTECTED]> wrote: > So if I have to continue... were's source code of 'cl_cvdverify' ? libclamav/cvd.c Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav

Re: [Clamav-users] Accessing the virus-db via php or perl

Quoting Bruno Treguier <[EMAIL PROTECTED]>: [..] > Let me guess: main.cvd doesn't exist or has 0 in size? :-) The guess was right :-) [..] Luc could also just unpack the database (via "sigtool -u") each time it is updated, and work with the plain text list ? It wastes a bit of disk space, but on

Re: [Clamav-users] eicar test

On Friday 06 Feb 2004 12:54 pm, Krištof Petr wrote: > Test #5: Eicar virus sent using BinHex encoding > Test #8: Eicar virus sent using BinHex encoding within a MIME segment > > Running : > clamd 20040204 + clamav-milter version 0.66k Please update to a more recent version and retry. As has been

Re: [Clamav-users] clamav-milter (wish, format of message to postmaster)

On Friday 06 February 2004 15:20, Nigel Horne wrote: > > What do you think about add full header of infected > > message to message for postmaster ? > > No need, just put infected messages into quarantine and > look at them there. Quarantine of incoming messages will > be supported in 0.66 and i

Re: [Clamav-users] MD5 error

piled package http://clamav.or.id/snapshot/clamav-devel-latest.cygwin.zip Instructions on http://clamav.or.id/ Built from devel-20040206, this works fine for me. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Pre

Re: [Clamav-users] eicar test

Edmund wrote: Hi, Recently I read somewhere(this list?) about a website that can send eicar tests in different formats to an email address. www.testvirus.org. I did all 22 tests (16-22 were Outlook vulnerabilities which I also have an interest in filtering, but it's quite OT here) and out of the

Re: [Clamav-users] clamav-milter (wish, message id in log )

Fri, 06 Feb 2004 at 12:18 GMT Sergey <[EMAIL PROTECTED]> wrote > On Friday 06 February 2004 15:40, Ola Thoresen wrote: > >>> Another thing I'd love to have in the logs (though the clamd-logs) is >>> the host of the client. > >> I run a network-config, and would love to have changed the (sys)log

Re: [Clamav-users] clamscan complains

On Friday 06 Feb 2004 11:55 am, Japhet Samson wrote: > Helo there! > I have clamav installed on redhat 8.0 > When i run clamscan -ri --mbox /var/spool/mail > I get many complains! > > LibClamAV Warning: Can't parse header " name="Enterasys X-Pedition These are only warnings. Usually you can ignore

RE: [Clamav-users] clamav-milter (wish, message id in log )

> Hm... That is date of release ? I use clamav-devel-20040205. There is no date scheduled for 0.66 that I know of, Tomasz will be able to answer that. > Or is it not include in Clam AV CVS ? Yes it is in CVS now for testing prior to release hence the -devel suffix. > С уважением, Сергей > [EMAI

Re: [Clamav-users] clamav-milter (wish, message id in log )

On Friday 06 February 2004 15:40, Ola Thoresen wrote: >> Another thing I'd love to have in the logs (though the clamd-logs) is >> the host of the client. > I run a network-config, and would love to have changed the (sys)logs from: > > Feb 6 11:37:54 server clamd[808]: stream: Worm.SCO.A FOUND

[Clamav-users] clamscan complains

Helo there! I have clamav installed on redhat 8.0 When i run clamscan -ri --mbox /var/spool/mail I get many complains! LibClamAV Warning: Can't parse header " name="Enterasys X-Pedition XP-2-SER-AA," LibClamAV Warning: Can't parse header " name="PANGANI IN HISTORY " /var/spool/mail//bhaas: Worm.SC

[Clamav-users] Fresclam not updating on Win32 because of MD5 Verification error

Hi Clamav users: The error freshclam issues is: ERROR: Verification: MD5 verification error. Having a look at 'manager.c' we can see that the routine that checks '.cvd' file is 'cl_cvdverify': /* temporary file is created in clamav's directory thus we don't need * to create it immediat

RE: [Clamav-users] Clamav-milter runaway process problems

> Done. Nothing obvious at startup, but I'll monitor it and post anything > that looks useful. With these options we should see all errors printed to stderr. > Mike. -Nigel --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Confere

Re: [Clamav-users] clamav-milter (wish, message id in log )

On Friday 06 February 2004 15:36, Sergey wrote: > > > Wath do you think about add message id to all clamav-milter log messages ? > > > > This is already included in the milter being tested for 0.66 release. You Or you about Message-ID field ? No, I say about sendmail message id in log for all cl

Re: [Clamav-users] clamav-milter (wish, message id in log )

Fri, 06 Feb 2004 at 11:06 GMT Sergey <[EMAIL PROTECTED]> wrote > Hello. > > Wath do you think about add message id to all clamav-milter log messages ? > For example, curient log: > Another thing I'd love to have in the logs (though the clamd-logs) is the host of the client. I run a network-co

Re: [Clamav-users] Can't seem to get clamav-milter to scan mail

Michael St. Laurent wrote: These instructions are: clamav-milter rpm package for Fedora Core 1 === [..] And are you running Fedora Core 1? If you do not, you need manually rebuild sendmail.cf confi

Re: [Clamav-users] clamav-milter (wish, message id in log )

On Friday 06 February 2004 15:13, Nigel Horne wrote: > > Wath do you think about add message id to all clamav-milter log messages ? > > This is already included in the milter being tested for 0.66 release. You > can either wait for it to be released or help to test it by using the CVS > release,

Re: [Clamav-users] Clamav-milter runaway process problems

Nigel Horne wrote: > On Friday 06 Feb 2004 10:14 am, Mike Brodbelt wrote: > > >>>What arguments are you giving to clamav-milter? >> >>/usr/sbin/clamav-milter --max-children=5 -olq >>local:/var/run/sendmail/milter/clamav.sock >> >> >>>Are you using UNIX or TCP sockets to talk to clamd? >> >>UNIX s

RE: [Clamav-users] clamav-milter (wish, format of message to postmaster)

> What do you think about add full header of infected > message to message for postmaster ? No need, just put infected messages into quarantine and look at them there. Quarantine of incoming messages will be supported in 0.66 and is available for testing now from CVS. > And, additionally, very n

RE: [Clamav-users] clamav-milter (wish, message id in log )

> Wath do you think about add message id to all clamav-milter log messages ? This is already included in the milter being tested for 0.66 release. You can either wait for it to be released or help to test it by using the CVS release, it has been included since 0.66c of clamav-milter. > Sergey -N

[Clamav-users] clamav-milter (wish, format of message to postmaster)

Hello. What do you think about add full header of infected message to message for postmaster ? It's very useful for detect and isolate infected users. And, additionally, very nice will be put virus name in regect message "550 5.7.1 Virus detected by Clam AV - http://clamav.elektrapro.com"; --

[Clamav-users] clamav-milter (wish, message id in log )

Hello. Wath do you think about add message id to all clamav-milter log messages ? For example, curient log: Feb 6 14:32:57 clamav-milter[4615]: clamfi_eoh Feb 6 14:32:57 clamav-milter[4615]: clamfi_envbody: 65535 bytes Feb 6 14:32:57 clamav-milter[4615]: clamfi_envbody: 33650 bytes Feb 6 1

Re: [Clamav-users] Clamav-milter runaway process problems

On Friday 06 Feb 2004 10:14 am, Mike Brodbelt wrote: > > What arguments are you giving to clamav-milter? > > /usr/sbin/clamav-milter --max-children=5 -olq > local:/var/run/sendmail/milter/clamav.sock > > > Are you using UNIX or TCP sockets to talk to clamd? > > UNIX sockets. I can see nothing wro

Re: [Clamav-users] Clamav not detecting SCO.A in a multi-part Mime message

> I can send the mailbox file if it can help Yes please, directly to me not to the users list. > Dr René BEDDOK -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --

[Clamav-users] Clamav not detecting SCO.A in a multi-part Mime message

I use Clamav 0.65 with MaiScanner. It have detected until now every SCO.A without problem. But now I have received 2 Multi-part mime Messages where clamav didn't detect SCO.A - clamscan --mbox , didn't detect the virus into the mailbox file. - but clamscan detect it in the attachment after I re

Re: [Clamav-users] Clamav-milter runaway process problems

Nigel Horne wrote: > On Thursday 05 Feb 2004 4:15 pm, Mike Brodbelt wrote: > What operating system? Linux - Debian Woody. > What arguments are you giving to clamav-milter? /usr/sbin/clamav-milter --max-children=5 -olq local:/var/run/sendmail/milter/clamav.sock > Are you using UNIX or TCP socke

Re: [Clamav-users] eicar test

On Friday 06 Feb 2004 6:13 am, Troy Monaghen wrote: > The only test that includes a test virus (Eicar) that it did not catch > was #17... and as for as I can tell after a brief look that one does not > really have the Eicar test but exploits an Outlook bug to cause it to > incorrectly interpret th

Re: [Clamav-users] Can't seem to get clamav-milter to scan mail

On Friday 06 Feb 2004 12:08 am, Michael St. Laurent wrote: > > If you do a ps is clamav-milter running? > > Yes. ps -elf | grep clamav-milter returns: Nothing springs to mind, I'm sorry to say. So try this, enable debug and foreground in clamav.conf and restart the milter *by hand* i.e. not thr

Re: [Clamav-users] MD5 error

reshclam will automatically choose the next available mirror. > Usually you can ignore this message. Try running freshclam manually. > If you still get this error NOW, you can try updating mirrors.txt or > freshclam.conf to use clamav.antispam.or.id. Checked it myself (with > freshclam / ClamAV

Re: [Clamav-users] Accessing the virus-db via php or perl

On Fri, Feb 06, 2004 at 12:35:23AM +0100, Tomasz Papszun wrote: > On Fri, 06 Feb 2004 at 0:05:50 +0100, Luc de Louw wrote: > > Tomasz Kojm wrote: > > > > > >The simplest way to get the virus list is to execute sigtool -l (CVS > > >version required). > > > > I "cvs co" the latest CVS version compi

Re: [Clamav-users] eicar test

russ wrote: Have you edited the clamav.conf file to scan zip files? You also need to install the tnef package for tnef capabilities. HTH Hi Russ, Just wondering. I d/led the tnef package (by which I assumed you meant tnef.sourceforge.net) and installed it. Would this be a mimedefang issue or a

Re: [Clamav-users] MD5 error

. Usually you can ignore this message. Try running freshclam manually. If you still get this error NOW, you can try updating mirrors.txt or freshclam.conf to use clamav.antispam.or.id. Checked it myself (with freshclam / ClamAV version devel-20040206), and it's OK. Or you could download main.cv

Re: [Clamav-users] eicar test

russ wrote: On Thu, 2004-02-05 at 21:30, Edmund wrote: Test #11: Eicar virus within a ZIP file Test #13: Eicar virus sent in a Microsoft TNEF file (winmail.dat) Have you edited the clamav.conf file to scan zip files? You also need to install the tnef package for tnef capabilities. Yes I have s

Re: [Clamav-users] Re: downgraded to 0.60 - 0.65 didnt work for me at all sind last days

mario kammerer wrote: i tried 0.65 and the latest devel (clamav-devel-20040204) - both have the same errors on my system. im running suse 8.2 - kernel 2.4.20-4GB-athlon - the standard one. never had troubles - even with 0.65 but since the new worm is out, my system gets crazy concerning th