John Twyman wanted us to know:
>I haven't changed my clamav.conf file at all between versions. Its contents
>are:
>LocalSocket /tmp/clamd
>FixStaleSocket
>TCPAddr x.x.x.x
You can't have both a TCP and a unix file socket. Gotta comment one or
the other out.
--
Regards... Todd
They
On Monday, August 09, 2004 11:18 PM [EST], Fajar A. Nugraha wrote:
>>
> You know, this isn't so crazy after all. I put arbitrary data on my
> DNS server so that exim
> can get config data using dnsdb lookup. Its cheaper than mysql
> lookup (Plus, you eliminate single point of failure),
> and you c
linux RH9 2.4.20-31.9
Qmail-Scanner 1.23
clamav 0.75.1
odd problem since upgrading to 1.23, with coincidental update to clamav
0.75
Over the past 3-4 days I've seen clamscan processes hanging around,
sucking up resources, never dying, causing high load. I can kill the
processes, but after some
Damian Menscher wrote:
On Mon, 9 Aug 2004, Christopher X. Candreva wrote:
Suppose there was a DNS entry, say virusdb.clamav.net (or
version.virusdb.clamav.net, etc), that returned simply a text record with
the current DB version in it.
After seeing a Defcon talk on putting arbitrary data in D
Hi folks,
I've run into some problems upgrading ClamAV from 0.70rc to the latest
version (0.75.1) and was hoping someone on the list might be able to shed
some light on the matter. Specifically my problem is with clamav-milter and
its inability to talk to the clamd daemon after I upgrade (clamds
Stephen Gran wrote:
As for your actual question, I don;t think the milter has access to that
- it gets the email as a data stream from sendmail, and is relatively
isolated from the actual connection, AFAIK.
If you feel like patching the milter
http://www.milter.org/milter_api/xxfi_connect.
On Mon, Aug 09, 2004 at 04:10:22PM -0400, Brett Simpson said:
> Is there a way I can configure the following log entry for Clamav-milter to also
> output the origin address? The reason I'm asking is because I'm using a script to go
> through the log file and count all of the big virus senders but
On Mon, Aug 09, 2004 at 04:44:23PM -0500, Steven Stern wrote:
> As usual, ClamAV's name came out too soon The standard naming seems to
Yes - well done. ClamAV had updates for this virus hours before they started
hitting our site. I also want to point out that the two commercial AV
systems we a
On Mon, 9 Aug 2004 23:34:04 +0100, Matt <[EMAIL PROTECTED]> wrote:
>> As usual, ClamAV's name came out too soon
ironic
adj 1: humorously sarcastic or mocking; "dry humor"; "an ironic remark often
conveys an intended meaning obliquely"; "an ironic novel"; "an ironical
smile"; "with a wry Sco
> I have 445 (have had it for 5 hours or so) and it still calls it
> Trojan.JS.RunMe. Am I missing something? I can see in my
> clamd.log where
> it picked up the changes and reloaded the database, and sigtool -l lists
> both Trojan.JS.RunMe and Worm.Bagle.AI-2 in it.
>
I'm going to take a guess
Ditto. I didn't get one from the "Big Guys" until after 5:00Eastern, a bit
late for my windows users.
-Original Message-
From: Scott Call [mailto:[EMAIL PROTECTED]
Sent: Monday, August 09, 2004 7:20 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Trojan.JS.RunMe?
On Mon, 9 Aug 200
Scott Call wrote:
On Mon, 9 Aug 2004, Steven Stern wrote:
As usual, ClamAV's name came out too soon The standard naming
seems to be
Not to beat a dead horse, but I'd rather have an ill-named signature 3-5
hours before the "big guys" name it, than wait for the name to put in
the signature :)
On Mon, 9 Aug 2004, Todd Lyons wrote:
ClamAV database updated (2004.08.09 18:34 GMT): daily.cvd, viruses.db2
Version: 445
Namechange: Trojan.Runme -> Worm.Bagle.AI-2
I have 445 (have had it for 5 hours or so) and it still calls it
Trojan.JS.RunMe. Am I missing something? I can see in my clamd.
What about a deeper mirroring system? Perhaps one that supports
notification?
One of the things I like about BIND (not enough to use it, but still an
admired concept ;-) is the way zones can be distributed... notification
speeds things up if it works, polling creates a failsafe in which a missing
On Mon, 9 Aug 2004, Steven Stern wrote:
As usual, ClamAV's name came out too soon The standard naming seems to be
Not to beat a dead horse, but I'd rather have an ill-named signature 3-5
hours before the "big guys" name it, than wait for the name to put in the
signature :)
-
> As usual, ClamAV's name came out too soon The standard naming seems
> to be
Call me finicky if you will, but seeing as none of the various vendors
use the same name, how can Clam's definition be classed as misnaming?
The following, by the way, is Vexira's name for the same thing:
TR/Run
On Mon, 09 Aug 2004 16:44:23 -0500
Steven Stern <[EMAIL PROTECTED]> wrote:
> On Mon, 9 Aug 2004 11:03:27 -0700 (PDT), Scott Call
> <[EMAIL PROTECTED]> wrote:
>
> >I'm seeing a huge quantity of "Trojan.JS.RunMe" both with 0.75.1 and
> >the latest snapshot. I can't seem to find any information on
- Original Message -
From: "Steven Stern" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 09, 2004 4:44 PM
Subject: Re: [Clamav-users] Trojan.JS.RunMe?
>
> As usual, ClamAV's name came out too soon The standard naming seems to
be
>
Came out too soon? Maybe next ti
Damian Menscher wrote:
On Mon, 9 Aug 2004, Christopher X. Candreva wrote:
On Mon, 9 Aug 2004, Christopher X. Candreva wrote:
0.75.1 Running since Aug 3 is currently using 272 M of RAM, and 20040805
running since Aug 5 is using 104M.
I'm killing and restarting now to free up some memory.
After 3 h
On Mon, 09 Aug 2004 16:44:23 -0500 in
[EMAIL PROTECTED] Steven Stern
<[EMAIL PROTECTED]> wrote:
> As usual, ClamAV's name came out too soon
You mean that the other AV vendors are too slow, surely?
--
Brian Morrison
bdm at fenrir dot org dot uk
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pg
On Aug 9, 2004, at 14:44, Steven Stern wrote:
On Mon, 9 Aug 2004 11:03:27 -0700 (PDT), Scott Call
<[EMAIL PROTECTED]>
wrote:
I'm seeing a huge quantity of "Trojan.JS.RunMe" both with 0.75.1 and
the
latest snapshot. I can't seem to find any information on this
signature
(nothing in the virusdb
Christoph Cordes wanted us to know:
>ClamAV database updated (2004.08.09 18:34 GMT): daily.cvd, viruses.db2
>Version: 445
>
>Submission: 5037-web, 5038-web, 5039-web, 5040-web, 5042-web,
>5049-web, 5050-web, 5051-web, 5052-web, 5053-web, 5054-web, 5055-web,
>5056-web, 5057-web, 5058-web, 5059-web,
On Mon, Aug 09, 2004 at 05:33:05PM -0400, Chris Meadors wrote:
> > Suppose there was a DNS entry, say virusdb.clamav.net (or
> > version.virusdb.clamav.net, etc), that returned simply a text record with
> > the current DB version in it. Then, it would be possible to check the
> > version with a
Brett Simpson wanted us to know:
>Is there a way I can configure the following log entry for Clamav-milter to also
>output the origin address? The reason I'm asking is because I'm using a script to go
>through the log file and count all of the big virus senders but it takes forever to
>run sinc
On Mon, 9 Aug 2004 11:03:27 -0700 (PDT), Scott Call <[EMAIL PROTECTED]>
wrote:
>I'm seeing a huge quantity of "Trojan.JS.RunMe" both with 0.75.1 and the
>latest snapshot. I can't seem to find any information on this signature
>(nothing in the virusdb list and nothing on google).
>
As usual, Cl
On Mon, 2004-08-09 at 16:55 -0400, Christopher X. Candreva wrote:
> This thread on Trojan.JS.RunMe had me thinking: Hourly virus updates is
> better than any of the commercial virus scanners, but obviously still has
> issues, especially since a bunch of us obviously submitted updates that had
>
On Mon, 9 Aug 2004, Christopher X. Candreva wrote:
> This thread on Trojan.JS.RunMe had me thinking: Hourly virus updates is
> better than any of the commercial virus scanners, but obviously still has
> issues, especially since a bunch of us obviously submitted updates that had
> already been ent
This thread on Trojan.JS.RunMe had me thinking: Hourly virus updates is
better than any of the commercial virus scanners, but obviously still has
issues, especially since a bunch of us obviously submitted updates that had
already been entered. I gather from these posts that the virusdb's actu
Is there a way I can configure the following log entry for Clamav-milter to also
output the origin address? The reason I'm asking is because I'm using a script to go
through the log file and count all of the big virus senders but it takes forever to
run since I'm having to loop through my maillo
Aug 9 08:51:12 mail amavis[22421]: (22421-05) Clam Antivirus-clamd:
Can"t connect to UNIX socket /var/run/amavis/clamd.ctl: No such file or
directory, retrying (3)
This may help you:
Configuring ClamAV (clamd) for use with amavisd-new HOWTO
http://www.xmission.com/~jmcrc/clamav-amavisd-new.html
__
- Original Message -
From: "Michael Brennen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 09, 2004 1:58 PM
Subject: [Clamav-users] New virus/worm ???
>
> Just in the last few minutes I've started getting hit with several
> copies of a a zip packaged exe file from wi
On Mon, 9 Aug 2004, Tomasz Kojm wrote:
> On Mon, 9 Aug 2004 12:58:52 -0500 (CDT)
> Michael Brennen <[EMAIL PROTECTED]> wrote:
>
> >
> > Just in the last few minutes I've started getting hit with several
> > copies of a a zip packaged exe file from widely varying sources. The
>
> The database h
On Mon, 9 Aug 2004, Scott Call wrote:
> I'm seeing a huge quantity of "Trojan.JS.RunMe" both with 0.75.1 and the
> latest snapshot. I can't seem to find any information on this signature
> (nothing in the virusdb list and nothing on google).
>
> Any ideas what this is? I'm concerned because I s
Michael Brennen said the following on 8/9/2004 7:58 PM GMT+2:
Just in the last few minutes I've started getting hit with several
copies of a a zip packaged exe file from widely varying sources. The
names are of the form 'price.*\.zip'. I've submitted a copy online
and it was accepted. Anyone els
On Mon, Aug 09, 2004 at 12:58:52PM -0500, Michael Brennen said:
>
> Just in the last few minutes I've started getting hit with several
> copies of a a zip packaged exe file from widely varying sources. The
> names are of the form 'price.*\.zip'. I've submitted a copy online
> and it was accepted
At 10:58 AM 8/9/2004, Michael Brennen wrote:
Just in the last few minutes I've started getting hit with several
copies of a a zip packaged exe file from widely varying sources. The
names are of the form 'price.*\.zip'. I've submitted a copy online
and it was accepted. Anyone else seeing this?
To
> Just in the last few minutes I've started getting hit with several
> copies of a a zip packaged exe file from widely varying sources. The
> names are of the form 'price.*\.zip'. I've submitted a copy online and
> it was accepted. Anyone else seeing this?
We were seeing a bunch, however, new s
On Monday, August 9, 2004, 7:58:52 PM, Michael Brennen wrote:
MB> Just in the last few minutes I've started getting hit with several
MB> copies of a a zip packaged exe file from widely varying sources. The
MB> names are of the form 'price.*\.zip'. I've submitted a copy online
MB> and it was acc
On Mon, 9 Aug 2004 12:58:52 -0500 (CDT)
Michael Brennen <[EMAIL PROTECTED]> wrote:
>
> Just in the last few minutes I've started getting hit with several
> copies of a a zip packaged exe file from widely varying sources. The
The database has been updated on 17.00 GMT.
> names are of the form '
Yep!
- Original Message -
From: "Michael Brennen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 09, 2004 12:58 PM
Subject: [Clamav-users] New virus/worm ???
>
> Just in the last few minutes I've started getting hit with several
> copies of a a zip packaged exe file fr
Just in the last few minutes I've started getting hit with several
copies of a a zip packaged exe file from widely varying sources. The
names are of the form 'price.*\.zip'. I've submitted a copy online
and it was accepted. Anyone else seeing this?
-- Michael
I'm seeing a huge quantity of "Trojan.JS.RunMe" both with 0.75.1 and the
latest snapshot. I can't seem to find any information on this signature
(nothing in the virusdb list and nothing on google).
Any ideas what this is? I'm concerned because I see repeated attempts
from the same address to
On Mon, 2004-08-09 at 10:50, Jim wrote:
> I am using clamav deamon with amavis and I am getting a lot of these
> error messages in maill.log
>
>
>
> Aug 9 08:51:12 mail amavis[22421]: (22421-05) Clam Antivirus-clamd:
> Can't connect to UNIX socket /var/run/amavis/clamd.ctl: No such file or
> d
On Mon, 9 Aug 2004, Christopher X. Candreva wrote:
> On Mon, 9 Aug 2004, Christopher X. Candreva wrote:
>
> > 0.75.1 Running since Aug 3 is currently using 272 M of RAM, and 20040805
> > running since Aug 5 is using 104M.
>
> > I'm killing and restarting now to free up some memory.
>
> After 3 hour
I upgraded clamav to 0.75 but that didn't help and although I thought I
did this, I upped the softlimit (-m) and now it works. I think the file
just grew big enough.
FYI--I got 0.70rc from the FreeBSD ports and it complained that the
feature set wasn't high enough?? So I went to 0.75 (not using
> Aug 9 08:51:12 mail amavis[22421]: (22421-05) Clam Antivirus-clamd:
> Can't connect to UNIX socket /var/run/amavis/clamd.ctl: No such file or
> directory, retrying (3)
>
>
> What is strange is that that even though these messages are still being
> printed clam is still working and stopping virus
On Mon, 9 Aug 2004, Christopher X. Candreva wrote:
> 0.75.1 Running since Aug 3 is currently using 272 M of RAM, and 20040805
> running since Aug 5 is using 104M.
> I'm killing and restarting now to free up some memory.
After 3 hours, 0.75.1 is useing 45M.
20040805 appears to have just restart
>
> Aug 9 08:51:12 mail amavis[22421]: (22421-05) Clam Antivirus-clamd:
> Can't connect to UNIX socket /var/run/amavis/clamd.ctl: No such file or
> directory, retrying (3)
>
Permissions on socket?
Matt
---
This SF.Net email is sponsored
Christopher X. Candreva wrote:
I'm seeing memory leaks in both clamd 0.75.1 and the 20040805 snap posted
about last week. This is on Solaris 8 Sparc, compiled under gcc 3.4.0
0.75.1 Running since Aug 3 is currently using 272 M of RAM, and 20040805
running since Aug 5 is using 104M.
Previous ver
I am using clamav deamon with amavis and I am getting a lot of these
error messages in maill.log
Aug 9 08:51:12 mail amavis[22421]: (22421-05) Clam Antivirus-clamd:
Can't connect to UNIX socket /var/run/amavis/clamd.ctl: No such file or
directory, retrying (3)
What is strange is that that ev
Weldon S Godfrey 3 wrote:
Hello, I am running qmail-scanner-1.20 with clamscan: 0.65. on a FreeBSD
5.2.1-RELEASE system. Everything worked fine until shortly before 2:40EDT
on 8/5/2004 in which every attachment that is scanned dumps core. I have
checked every permission, memory size setting I can
Chris
I'm running 0.75.1 on Solaris8 also. My clamd processes are around 15
Meg. I compiled them under gcc 3.3.2.
HTH
Ken McKittrick
ISP Engineer
USADatanet
On Aug 9, 2004, at 9:48 AM, Christopher X. Candreva wrote:
I'm seeing memory leaks in both clamd 0.75.1 and the 20040805 snap
posted
about
Hello, I am running qmail-scanner-1.20 with clamscan: 0.65. on a FreeBSD
5.2.1-RELEASE system. Everything worked fine until shortly before 2:40EDT
on 8/5/2004 in which every attachment that is scanned dumps core. I have
checked every permission, memory size setting I can think of. The only
thin
I'm sorry, I meant to put 2:40pmEDT (14:40)
If memory serves me right, sometime around 10:06am, Weldon S Godfrey 3 told me:
>
> Hello, I am running qmail-scanner-1.20 with clamscan: 0.65. on a FreeBSD
> 5.2.1-RELEASE system. Everything worked fine until shortly before 2:40EDT
> on 8/5/2004 in w
I'm seeing memory leaks in both clamd 0.75.1 and the 20040805 snap posted
about last week. This is on Solaris 8 Sparc, compiled under gcc 3.4.0
0.75.1 Running since Aug 3 is currently using 272 M of RAM, and 20040805
running since Aug 5 is using 104M.
Previous versions were using on the order
55 matches
Mail list logo
