[Clamav-users] clamd crash triggered by THIS list

I'm running clamav-0.70 with clamav-milter-0.70j+n_children_patch under RedHat9 with their default sendmail (8.12.8-9.90). ClamAV has been remarkably stable, going for weeks at a time. But today I got (US Central Time): May 31 11:36:23 astro clamd[1002]: Segmentation fault :-( Bye.. It wasn't t

Re: [Clamav-users] Running Clamd as root?

On May 31, 2004, at 10:43, Nigel Horne wrote: We have a need to run clamd as root for it to function properly, What do you mean 'for it to function properly'? I don't run clamd as root as it functions perfectly properly for me. What are you finding doesn't work? Depends on your setup and usage

Re: [Clamav-users] need help, beagle mm can't be detected

it works right after i replaced it with 0.71 version Report: ClamAV: Information.zip contains Worm.Bagle.Gen-zippwd thanks --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracl

Bad ideas WAS RE: [Clamav-users] Zero bytes vbs & cpl attachment

> (it was removed) there is nothing for ClamAV to find. About the best > you can do is to educate others that stripping viruses out of email (and > letting the rest through) is a Bad Idea. While you are mentioning bad ideas... what about this trend of sending bounce messages to the sender or post

Re: [Clamav-users] Zero bytes vbs & cpl attachment

On Mon, 31 May 2004, Bad Apple wrote: > From some time I have been seeing mails which pass through the ClamAV > , which have a zero bytes attachment of .vbs & .cpl extention . Those are most likely messages that passed through some other virus scanner that removed the viral content. Since there

Re: [Clamav-users] Help with clamdscan

>On Monday 31 May 2004 05:35, Dominik Moreitz wrote: > >> I get the following error in the qmail-scanner log file: >> >> Mon, 31 May 2004 14:27:12 EST:8144: --output of clamdscan was: >> /var/spool/qmailscan/tmp/mail1.blah.com12345776324798144: Can't access the file ERROR > >What is the output of t

[Clamav-users] clamd dead but subsys locked

Folks, I am again in the situation where the clamav-milter seems unable to connect to clamd. In my maillog I get the following: Milter: data, reject=451 4.7.1 Please try again later Previously, I had thought that this was a problem with the milter itself, but as I know (a little)

Re: [Clamav-users] Clamd message "Can't create temporary directory"

On Mon, 2004-05-31 at 11:36, Clive Dove wrote: [cut] > > BTW, the rpm packages have created files /etc/clamd.conf > and /etc/clamav.conf, both of which look alike as to contents. Is > clamdscan using one and clamscan using the other, or is one of them not > needed? Clamscan is hardcoded to use

Re: [Clamav-users] Clamd message "Can't create temporary directory"

On Monday 31 May 2004 09:33, Tomasz Kojm wrote: > On Mon, 31 May 2004 08:19:47 -0400 > > Clive Dove <[EMAIL PROTECTED]> wrote: > > I am quite familiar with linux but am very new to clamav. > > > > Mu objective run my son's incoming mail through clamav and > > spamassassin using p3scan. The reason

Re: [Clamav-users] Clamav not detecting not detecting any virus

> > > > Is puma your machine? Are you running sanitizer? If yes, then read the > > header > > message. > > > > > X-Security: The postmaster has not enabled quarantine of poisoned > > > messages. > > Yes i am running the sanitizer on puma (my mail machine). Do you mean that i > need to enab

Re: [Clamav-users] postfix - amavis - clamav problem!

On Mon, 2004-05-31 at 08:37, Guercio wrote: > Hi, > i've a small mail server that use postfix to deliver mail in my net. > i want to use clamav to stop all virus that come from internet > > the server is a redhat 7.3 and i've installed postfix, amavisd > (snapshot-20020300) and clamav 0.71. >

RE: [Clamav-users] Zero bytes vbs & cpl attachment

I've seen zip attachments with no content (like 70 bytes long the zip file). The mail looks just as a Netsky worm, but with no content in the zip. -samuel > -Mensaje original- > De: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] nombre de Bad Apple > Enviado el: Lunes, 31 de Mayo de 2004 1

Re: [Clamav-users] Clamav not detecting not detecting any virus

- This mail has been sent using Buraak Net's Mailing System (http://www.buraak.net.pk) -- Original Message --- From: Matt <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Mon, 31 May 2004 16:48:31 +0100 Subject: Re: [Clama

[Clamav-users] Zero bytes vbs & cpl attachment

Hi all , I use qmail-ldap + qmail-scanner (v 1.22 ) + clamav-0.70 . >From some time I have been seeing mails which pass through the ClamAV , which have a zero bytes attachment of .vbs & .cpl extention . I have stopped these mails by the content scanning rules in Qmail-Scanner .Still I was wonderi

Re: [Clamav-users] Clamav not detecting not detecting any virus

> > > > X-Security: message sanitized on puma > > > See http://www.impsec.org/email-tools/sanitizer-intro.html > > > for details. $Revision: 1.143 $Date: 2004-04-10 09:05:42-07 > > > X-Security: The postmaster has not enabled quarantine of poisoned > > > messages. > > > > Read your header

RE: [Clamav-users] freshclam: NotifyClamd or not NotifyClamd

> [mailto:[EMAIL PROTECTED] nombre de Trog > Enviado el: Martes, 25 de Mayo de 2004 11:19 a.m. > > On Tue, 2004-05-25 at 15:41, Samuel Benzaquen wrote: > > > Upgrade to 0.71. > > > > > > It was most likely waiting for a scanning thread to finish, > which it has > > > to do before it can reload th

[Clamav-users] postfix - amavis - clamav problem!

Hi, i've a small mail server that use postfix to deliver mail in my net. i want to use clamav to stop all virus that come from internet the server is a redhat 7.3 and i've installed postfix, amavisd (snapshot-20020300) and clamav 0.71. i add this line to amavisd.conf: # Clam Antivirus $clamscan

Re: [Clamav-users] Clamav not detecting not detecting any virus

- This mail has been sent using Buraak Net's Mailing System (http://www.buraak.net.pk) -- Original Message --- From: Matt <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Mon, 31 May 2004 15:44:49 +0100 Subject: Re: [Clama

Re: [Clamav-users] Bagle.AB not detected?

I don't understand I can now detect the virus using clamscan in linux but still not detected by Amavisd-new+clamd in the same system and also clamwin in my PC. For online scan, the result in yesterday was negative but now it can be detected. It is very straightforward, I don't think I ma

Re: [Clamav-users] Clamav not detecting not detecting any virus

> X-Security: message sanitized on puma > See http://www.impsec.org/email-tools/sanitizer-intro.html > for details. $Revision: 1.143 $Date: 2004-04-10 09:05:42-07 > X-Security: The postmaster has not enabled quarantine of poisoned messages. Read your headers. Matt

[Clamav-users] Clamav not detecting not detecting any virus

Hello List i am a new user of Clamav and its my first post to the list. I followed the howto document written by FalkoTimme to set up spamassassin and clamav. ( http://www.falkotimme.com/howtos/spamassassin_clamav_procmail/index.php ). All seems to be working fine except that virus detection is no

Re: [Clamav-users] Changing the Virus Event message?

On Monday 31 May 2004 14:20, Steven Stern wrote: > On Mon, 31 May 2004 13:40:48 +0100, Nigel Horne <[EMAIL PROTECTED]> wrote: > > >On Monday 31 May 2004 13:19, Thomas Kinghorn wrote: > > > >> How can I, as postmaster, receive a notification showing: > >> > >> Virus XYZ found in mail from: [EMAIL

Re: [Clamav-users] Clamd message "Can't create temporary directory"

On Mon, 31 May 2004 08:19:47 -0400, Clive Dove <[EMAIL PROTECTED]> wrote: >LibClamAV Error: cli_cvdload(): Can't create temporary >directory /root/tmp/clamav-39c79127f6c8ccfa > >I tried resetting the permissions for /root/tmp/ but that made no >difference. edit clamav.conf: # Optional path t

[Clamav-users] Clamav not detecting not detecting any virus

Hello List i am a new user of Clamav and its my first post to the list. I followed the howto document written by FalkoTimme to set up spamassassin and clamav. ( http://www.falkotimme.com/howtos/spamassassin_clamav_procmail/index.php ). All seems to be working fine except that virus detection i

Re: [Clamav-users] Clamd message "Can't create temporary directory"

On Mon, 31 May 2004 08:19:47 -0400 Clive Dove <[EMAIL PROTECTED]> wrote: > > I am quite familiar with linux but am very new to clamav. > > Mu objective run my son's incoming mail through clamav and > spamassassin using p3scan. The reason is that while I use linux > exclusively, my son uses wind

Re: [Clamav-users] Changing the Virus Event message??????

On Mon, 31 May 2004 13:40:48 +0100, Nigel Horne <[EMAIL PROTECTED]> wrote: >On Monday 31 May 2004 13:19, Thomas Kinghorn wrote: > >> How can I, as postmaster, receive a notification showing: >> >> Virus XYZ found in mail from: [EMAIL PROTECTED] >> to [EMAIL PROTECTED]

Re: [Clamav-users] Changing the Virus Event message??????

On Monday 31 May 2004 13:19, Thomas Kinghorn wrote: > How can I, as postmaster, receive a notification showing: > > Virus XYZ found in mail from: [EMAIL PROTECTED] > to [EMAIL PROTECTED] > man clamav-milter > Tom Kinghorn -- Nigel Horne

[Clamav-users] Changing the Virus Event message??????

Hi List. My Current event is: VirusEvent /bin/mail -s "VIRUS ALERT: %v found in email - mail discarded!" [EMAIL PROTECTED] This is a bit useless as it provides no real info other than the virus name. How can I, as postmaster, receive a notification showing: Virus XYZ

[Clamav-users] Clamd message "Can't create temporary directory"

I am quite familiar with linux but am very new to clamav. Mu objective run my son's incoming mail through clamav and spamassassin using p3scan. The reason is that while I use linux exclusively, my son uses windows2000 almost exclusively and while I have persuaded him to fetch his mal using Th

[Clamav-users] Re: Running Clamd as root?

I have to run it as root as I am using it in co-ordination with qmail and qmail-scanner. Unfortunately clamd's user qscand does not have the necessary permission's to scan mail from qmail's scan directory. I have therefore changed the user to root in order to satisy this requirement. It works pe

[Clamav-users] error message - what to do?

May 31 13:23:25 laptopjkt amavis[15175]: (15175-04) Clam Antivirus-clamd FAILED - unknown status: /var/lib/amavis/amavis-20040531T132315-15175/parts: Can't access the file ERROR\n May 31 13:23:25 laptopjkt amavis[15175]: (15175-04) WARN: all primary virus scanners failed, considering backups -

Re: [Clamav-users] WORM_BAGLE.GEN-1 was not detected

On Mon, 31 May 2004 08:20:00 -0300 (Hora padrăo leste da Am. Sul) "Mário L. Ghoneim " <[EMAIL PROTECTED]> wrote: > > > I noted the WORM_BAGLE.GEN-1 was got by pccilin in my Windows station > (Outlook Express). > > How many virus number the virus db actually detect? > > [EMAIL PROTECTED] mari

[Clamav-users] WORM_BAGLE.GEN-1 was not detected

I noted the WORM_BAGLE.GEN-1 was got by pccilin in my Windows station (Outlook Express). How many virus number the virus db actually detect? [EMAIL PROTECTED] mario]$ /usr/local/bin/clamscan /var/spool/mail/mario /var/spool/mail/mario: OK --- SCAN SUMMARY --- Known viruses: 21

Re: [Clamav-users] need help, beagle mm can't be detected

On Mon, 31 May 2004 12:16:44 +0200 Thomas Kinghorn <[EMAIL PROTECTED]> wrote: > # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). > > ArchiveBlockEncrypted This option is not needed to detect encrypted Bagles. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\

Re: [Clamav-users] need help, beagle mm can't be detected

On Mon, 31 May 2004 17:53:17 +0800 "mangyun" <[EMAIL PROTECTED]> wrote: > this is from tail -f /var/log/maillog, when i send an email containing > the virus > > May 31 17:46:13 kube3 sendmail[32359]: i4V9k2B32342: > to=<[EMAIL PROTECTED]>, delay=00:00:09, xdelay=00:00:00, > mailer=local, pri=2301

Re: [Clamav-users] Help with clamdscan

On Monday 31 May 2004 05:35, Dominik Moreitz wrote: > I get the following error in the qmail-scanner log file: > > Mon, 31 May 2004 14:27:12 EST:8144: --output of clamdscan was: > /var/spool/qmailscan/tmp/mail1.blah.com12345776324798144: Can't access the file ERROR What is the output of the comm

RE: [Clamav-users] need help, beagle mm can't be detected

Which version of ClamAV are you using?   [EMAIL PROTECTED] root]# freshclam -V freshclam / ClamAV version 0.71     in the clamav.conf   # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). ArchiveBlockEncrypted   Regards   Tom From: mangyun [mailto:[EM

[Clamav-users] need help, beagle mm can't be detected

this is from tail -f /var/log/maillog, when i send an email containing the virus May 31 17:46:13 kube3 sendmail[32359]: i4V9k2B32342: to=<[EMAIL PROTECTED]>, delay=00:00:09, xdelay=00:00:00, mailer=local, pri=230110, dsn=2.0.0, stat=SentMay 31 17:46:15 kube3 MailScanner[28028]: Filename Chec

Re: [Clamav-users] Running Clamd as root?

Sean Matheson wrote: Hi all; We have a need to run clamd as root for it to function properly, does anyone know a reason this is a bad idea? We have changed the config to make it listen on the unix socket. The recommended way to run unix daemon is running as non-root user. That way, should tha

RE: [Clamav-users] Running Clamd as root?

> We have a need to run clamd as root for it to function properly, What do you mean 'for it to function properly'? I don't run clamd as root as it functions perfectly properly for me. What are you finding doesn't work? > Sean Matheson --- Thi

[Clamav-users] Running Clamd as root?

Hi all; We have a need to run clamd as root for it to function properly, does anyone know a reason this is a bad idea? We have changed the config to make it listen on the unix socket. Thanks -- Sean Matheson Student Programmer --- This SF.