G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Sat, 10 Apr 2021, Per Jessen wrote:
>> G.W. Haywood wrote:
>>> On Sat, 10 Apr 2021, Per Jessen wrote:
>>>
>>>> When I built $SUBJ just now, I see
>>>>
>>>> libclammspack
Per Jessen wrote:
>
>> If this is after install, exactly how did you build it?
>
> I don't normally do a "make install", I copy the libraries to the
> destination servers directly. I only need the libraries.
Having just built and installed on another machine,
G.W. Haywood wrote:
> Hi there,
>
> On Sat, 10 Apr 2021, Per Jessen wrote:
>
>> When I built $SUBJ just now, I see
>>
>> libclammspack.so.0
>> =>
>> /home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0
>>
>> ie. with
*possibly* be able to run clamd on a system with
> only 2G of RAM
It _can_ be done, using cgroups to restrict the amount of memory used,
but it'll be doing a bit of swapping.
For email processing, we run clamd on virtual machines with slightly
less than 3Gb memory, of
Michael Orlitzky via clamav-users wrote:
> On 2/24/20 5:28 AM, Per Jessen wrote:
>> I've just stumbled on this new config
>> option - "--enable-libclamav-only ". However, I still get complaints
>> about libcurl (for freshclam and clamdsubmit) ?
>>
c --mandir=/usr/share/man
I must be missing something?
--
Per Jessen, Zürich (15.5°C)
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
htt
curious that such a relatively old
virus is not identified by ClamAV. (nor by Sanesec signatures for that
matter).
--
Per Jessen, Zürich (0.1°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.
___
clamav-users mailing
system), but it is recognised by many
others.
https://files.jessen.ch/materials-20161511_121132836553-doc.exe
--
Per Jessen, Zürich (-0.2°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
___
clamav-users mailing list
clamav-users
unning Clam in a very low memory configuration? Is it
> do-able?
Sure, my test-system nodes only have about 400M RAM. I use my own clam
daemon, but the functionality is the same.
--
Per Jessen, Zürich (5.6°C)
http://www.dns24.ch/ - free dynamic
Simon Hobson wrote:
> Per Jessen wrote:
>
>> >> It's not about not being able to scan, it's about not wanting to
>>>> scan. Regardless, clamav doesn't reject or approve mails, that's
>>>> for your MTA to do.
>>>
>>&
Rob Sterenborg (lists) wrote:
> On Wed, 2011-11-09 at 10:31 +0100, Per Jessen wrote:
>> Peter Bradeen wrote:
>>
>> > I see that there are ways to limit the level of archive that will
>> > be
>> > scanned as well as the size of the entities to be scanne
t's not about not being able to scan, it's about not wanting to scan.
Regardless, clamav doesn't reject or approve mails, that's for your MTA
to do.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://
Toby Bryans wrote:
> On 7 May 2010 12:28, Per Jessen wrote:
>
>> Toby Bryans wrote:
>>
>> > Thanks Luca, I obviously should have checked there in retrospect!
>> >
>>
>> It was posted 8 minutes after your posting, so checking there
>> wou
Toby Bryans wrote:
> Thanks Luca, I obviously should have checked there in retrospect!
>
It was posted 8 minutes after your posting, so checking there wouldn't
have done you any good :-)
/Per Jessen, Zürich
___
Help us build a comprehen
Per Jessen wrote:
> I'm running my own custom clamav daemon, and just now I ran into an
> issue when reloading the latest daily.cvd. cl_load() seems to be
> looking for a file named 'daily.ldb' - it isn't found, which causes a
> segfault. I don't yet kno
t
also affect clamd users, but I'm posting this "just in case".
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
atabase files under /var/lib/clamav use
> about 70MB. So, even assuming this is kept in memory at all times,
> where does the other 120MB come from?
Maybe when the database is reloaded? I don't know clamd that well, but
I suspect it'll probably have two copies of the database i
Email.Trojan.GZC aka Sanesecurity.Malware.8825.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
'database.clamav.net' pointing to whereever you want.
Or you just update /etc/freshclam.conf to point to only only mirror.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Any chance of making the source package available without the current
cvd databases? The current package is 24Mb, without the CVD it's only
3Mb. Just a suggestion, but it might just save some bandwidth.
/Per Jessen, Zürich
___
Help us bu
of it is in relation to clamav? It's obviously
optional, and clamav sems to do quite well without it.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Am I the first person to suggest the default max logsize should be 0
instead of 1M (or some other arbitrary value) ?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav
Per Jessen wrote:
> Wait - I didn't ask how to fix the problem. I'm more interested to
> know why freshclam complains about this _unused_ config-file when it
> has never done so before.
Please ignore - problem found and solved.
has
never done so before.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
ing clamd - any reason why freshclam should complain
about /etc/clamd.conf ?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
- no changes until mid-Jan. clamav is one of
very few exceptions.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
fixing this gcc problem in the clamav
source?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
have 4 mails on one of the servers that vary in size from
> 20MB to 60 MB.
Virus-scanning anything bigger than 1-2Mb makes little sense. ANything
as big as 20Mb, I would just skip without further consideration.
/Per Jessen, Zürich
___
Help us build
x27;d left the daily.inc directory. When I removed it,
freshclam retrieved the daily cvd on the next attempt.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
at the same time, and the databases had been updated, I
see significant potential for something to break.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Although I would monitor the temperature instead. Once the
equipment is down, it's too late.
We monitor datacenter/machine temperature as they are critical operating
factors that must be maintained within certain boundaries.
Anyway, this is way, way off-topic here - my apologies for keepin
email.
We use SMS, but the idea is the same.
> So what do you do when your freshclam dies or explodes from a memory
> leak or do you depend 100% on it never failing?
For one thing, freshclam has never died nor exploded from a memory leak,
nor is it a critical process. If freshclam fails
t for ALL your daemon processes? As an old school
mainframe sysprog, I don't monitor any of my daemon processes. (apart
from *some* status-monitoring via SNMP).
/Per Jessen, Zürich
PS: even if you're an old school Unix admin, quoting only the relevant
b
e have not seen any stability problems, and I do not
expect any either.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson wrote:
> Per Jessen wrote:
>> Jay Lee wrote:
>>
>>> The point of the exercise it to run freshclam *only* when the update
>>> is published, not to run every x hours (or minutes) without knowing
>>> if there is an update.
>>>
>
Jay Lee wrote:
> The point of the exercise it to run freshclam *only* when the update
> is published, not to run every x hours (or minutes) without knowing if
> there is an update.
>
> Looking at my options there...
Why not just run freshclam as a daemon?
/Per
is the db-update process? Is it possible the email is being sent
> out before the file is accessible?
I don't know the process, but I think so, yes.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
al point was that if Clam is going to scan for
> phishing at all, the response time might be too slow to be useful,
> given the frequency with which the content changes.
That was exactly my point, yes.
To be fair, I submitted another phishing sample yesterday, and had the
update in abou
Nigel Horne wrote:
> Use the "experimental code", then. It does a good job at catching
> phishes that aren't even in the database.
OK, that sounds interesting, I'll take a look.
/Per Jessen, Zürich
___
Help us build a
natures
collected is mostly irrelevant, whereas the speed with which a new
signature can be published is not.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Gerard Seibert wrote:
> however, I believe 'stupid' is too harsh.
Perhaps - but a great deal more concise :-)
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.ne
O. If not,
>> everything else is pointless.
>
> I guess you could always ask for a refund if you're unhappy with the
> product. I think they're doing a hell of a good job.
So do I. I've even contributed code myself.
I am in no way unhappy with the product, and I s
Per Jessen wrote:
>> The best defense against phishing is and has always been education,
>> fwiw.
>
Quick additional comment - I used to use the very same argument, but
experience and age have taught me that people are stupid.
/Per
on, discovering and responding to truly
> destructive outbreaks, etc.
As a matter of principle, maintaining the database of what ClamAV is
supposed to detect must have the highest priority, IMHO. If not,
everything else is pointless.
/Per Jessen, Zürich
__
nd 32 hours later. I understand it was on a
weekend etc., but for ClamAVs phishing detection/protection to have any
meaning/reason at all, the time from submit to publish needs to be a
LOT shorter.
/Per Jessen, Zürich
___
Help us build a comprehensive C
got nothing to do with taxes - it's a matter of practicality;
getting budget approval for a business expense is much easier than for
charity.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Per Jessen wrote:
> According to freshclam, my installation (0.88.5) is outdated:
>
Please ignore. I've just now caught up with the other thread on this.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
d, but it looks like
that only happens when the DNS reports a newer software version.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
e if you are able to. Don't just be a freeloader.
I think it is entirely reasonable, but for a business to make donations,
I think the ClamAV project needs to be able 1) issue invoices and 2)
accept payment via non-paypal channels. Maybe even in EUR.
/Per Jessen, Zürich
/www/htdocs, can it be a smb form (like
> smb://username:[EMAIL PROTECTED] to cvd's)? Any help is appreciated.
Filesystem paths only, no URLs.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Luca Gibelli wrote:
>> Why isn't freshclam complaining?
>
> because there are no security issues associated with the new release.
> Instead of filling the logs with warnings, we give our users 2 days to
> perform the upgrade.
Hi Luca,
I still haven't seen any warn
bit in the TXT record.
I have to admit to being one of those lazy, err ... busy, sysadmins. I
find freshclams outdated warning very useful.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Stephen Gran wrote:
> On Mon, Jul 03, 2006 at 03:37:42PM +0200, Per Jessen said:
>> Is there any particular reason why freshclam is not making me aware
>> of the new version? I use the OnOutdatedExecute option, but it
>> hasn't been triggered.
>
> I understand i
ed the download link in the RSS feed.
> For everyone's benefit, here is a direct link to 0.88.3:
>
Is there any particular reason why freshclam is not making me aware of
the new version? I use the OnOutdatedExecute option, but it hasn't
been triggered.
/Per Jessen, Zürich
_
ing the modification date of files.
Sounds like you could do with a simple combination of clamav and the
find command.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Sven Strickroth wrote:
> Hi,
>
> "Per Jessen" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> news:[EMAIL PROTECTED]
> Dennis Peterson wrote:
>
>> Per Jessen wrote:
>> It has always been possible to unpack the pattern files and remove
>> the
would say that is more of a job for your mail-server, not clamav.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson wrote:
> Here's a script that should work. Read the assumptions carefully and
> mind the emailer linewrapping in logger strings:
Thanks Dennis, just the sort of thing I was hoping for.
/Per Jessen, Zürich
___
http://lurker
Dennis Peterson wrote:
> Per Jessen wrote:
>> What's the current schedule for 0.90? And what are my options (for
>> not having clamav consider phishing==virus) until then?
>> I'm using libclamav programmatically - I don't suppose cl_scanfile()
>> cou
What's the current schedule for 0.90? And what are my options (for not
having clamav consider phishing==virus) until then?
I'm using libclamav programmatically - I don't suppose cl_scanfile()
could be convinced to return CL_PHISHING when appropriate :-)
/Per
Per Jessen wrote:
> OK, just tried that - it still reports clean. I'm just now upgrading
> the Mail::ClamAV module to 0.17 (from 0.11) - maybe that'll fix it.
Yeah, 0.17 fixed it - thanks for the fast response. Sorry about wasting
your time and bandwidth.
/Pe
eports clean. I'm just now upgrading
the Mail::ClamAV module to 0.17 (from 0.11) - maybe that'll fix it.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
.thorium",
CL_ARCHIVE|CL_MAIL);
# $status is an overloaded object
die "Failed to scan: $status" unless $status;
if ($status->virus) {
print "identified virus \"$status\".\n";
}
else
{
print "no virus identified: $status\n";
}
# ./perlclam
hen (or in which db-version) the signature was added? (using an API of
course).
thanks.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
use ClamAV does not seem to imply
that ClamAV
is not competing with commercial vendors.
In fact, what is the _primary_ advantage of ClamAV over [your favourite
commercial AV product]?
Price. ClamAV may not be competing for commercial gain, but it is certainly
competing for the
market.
Steven Stern wrote:
> It appears that Gareth Andron and the php-clamav project have been wiped
> from the face of the earth.
Yeah, his fission.org.uk domain has expired. (Gareth Ardron btw).
/Per Jessen, Zürich
___
http://lurker.clamav.ne
for OnErrorExecute and OnUpdateExecute
when it's
running as a daemon - as commandline it'll still use system().
/Per Jessen, Zürich
--
http://www.spamchek.co,uk/freetrial - sign up for your free 30-day trial now!
___
http://lurker.clamav.net/list/clamav-users.html
but I hadn't expected it to also stop
freshclam checking
for new updates. I guess freshclam is waiting for it to finish before
continuing - surely not
the intentional behaviour?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
ading the load.
Anyway, thanks for the clarification.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Brian Morrison wrote:
> On Thu, 24 Feb 2005 09:09:23 +0100 in [EMAIL PROTECTED] Per
> Jessen <[EMAIL PROTECTED]> wrote:
>
>> I've setup a freshclam that is triggered off the incoming notify for
>> clamav-virusdb. For 722 at 0046CET today, I got the email, but
ted or the mirror or what?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Luca Gibelli wrote:
> Hello Per Jessen,
>
>> I haven't seen any mails from the XML-list since Feb4 - what's the story?
>> Was
>> I accidentally unsubscribed or is the list down?
>
> We sent a message announcing that we were taking down the service. We&
l/bin/freshclam
>
This is mine:
From /etc/cron.d/clamav:
2 * * * * root /usr/bin/freshclam
/Per Jessen
--
http://www.spamchek.ch/freetrial - lassen Sie sich überzeugen - 30 Tage
Kostenlos!
___
http://lurker.clamav.net/list/clamav-users.html
I haven't seen any mails from the XML-list since Feb4 - what's the story? Was
I accidentally unsubscribed or is the list down?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
74 matches
Mail list logo
