Re: [Clamav-users] clamav-milter 0.90.1 and duplicated messages

On 3/27/07, Ryan Moore <[EMAIL PROTECTED]> wrote: I recently upgraded a linux server running sendmail 8.13.8 with clamav 0.90.1, from 0.88.6. After the upgrade I had dozens of users complaining about getting duped emails, and when I look in the logs I definitely see several transactions between

Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9

Looks to me like we have similar results on our Solaris 8 system with clamav-milter and sendmail 8.13.8. Within minutes of bringing clamav-milter from 0.90.1 online, CPU usage and load average go through the roof, and eventually clamav-milter dies. I just turned off ScanArchive and brought 0.90.

Re: [Clamav-users] load under 0.90

On 2/14/07, Rick Pim <[EMAIL PROTECTED]> wrote: a followup to my last note. using clamav-milter with --external seems to cause significant load issues: the system load average seemed top climb without bound -- i shut things down when it hit around 40. i shutdown clamd and clamav-milter and re

[Clamav-users] No viruses detected ERROR/Temporary quarantine file [...] creation failed

Using clamav 0.87.1 with clamav-milter 0.87 under sendmail 8.13.5 on Solaris 8, I've started seeing this type of stuff in the clam logs Dec 12 09:18:00 smtp clamav-milter[18725]: [ID 984059 local7.error] Temporary quarantine file /tmp/clamav-2993fbe6371a9f93/msg.MzvOKK creation failed Dec 12 09:18

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > I would suggest using the following config in your case (it's based on > the one you have sent here): > > LogFileMaxSize 0 > LogTime > LogClean > LogSyslog > LogFacility LOG_LOCAL7 > PidFile /var/clamav/clamd.pid > TemporaryDirectory /tmp > Fi

Re: [Clamav-users] Worm.Sober.U not being recognized

> > I'm seeing the same thing here. My uvscan sees sober but > since I restarted the server this morning at 10am there have > been zero detections of anything from clamd at all. Only > seven detections from uvscan over the same time period. > FWIW, we're detecting other viruses and worms - but Wor

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > MaxDirectoryRecursion 1 > > You should be more careful when changing the config options. With the > current MaxDirectoryRecursion setting in your setup clamd/clamav-milter > will fail to detect a lot of malware. Maybe, but it doesn't seem

Re: [Clamav-users] Re: Worm.Sober.U not being recognized

> > DisableDefaultScanOptions > DetectBrokenExecutables > No change in behavior with those opts -- Pete Hanson http://www.well.com/user/wolfy http://www.fotolog.net/wolfy ___ http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > Please post your clamd.conf file. > LogFileMaxSize 0 LogTime LogClean LogSyslog LogFacility LOG_LOCAL7 PidFile /var/clamav/clamd.pid TemporaryDirectory /tmp FixStaleSocket TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQue

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > What are your clamd and clamav-milter options? > /usr/local/sbin/clamav-milter --headers --pidfile=/var/clamav/clamav- milter.pid --quiet /var/clamav/clamav-milter.sock No clamd since we aren't running with --external. which has worke

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: > > We've been detecting Worm.Sober.U here for a little over 2 hours (with > daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe > for some reason clamd didn't load the updated database? Try restarting > clamd and/or clamav-mitler (

[Clamav-users] Worm.Sober.U not being recognized

I'm running clamav-milter 0.87 from ClamAV 0.87.1 with sendmail 8.13.5, with a database that is fully up-to-date (main.cvd version 34, daily.cvd version 1182), but for some reason this setup is not catching Worm.Sober.U, and we're getting slammed pretty hard with it. I've tried submitting the offen

Re: [Clamav-users] problems after .84 upgrade

On 5/4/05, Nigel Horne <[EMAIL PROTECTED]> wrote: > There is a current limitation: if you don't give the --external option, you > must > use --max-children, otherwide clamav-milter will fail to start. Thank, you Nigel. Interestingly, clamav-milter *was* starting and running for extended periods,

Re: [Clamav-users] problems after .84 upgrade

Ah, and here's my startup command: /usr/local/sbin/clamav-milter --dont-log-clean --headers --local --pidfile=/var/clamav/clamav-milter.pid --quiet /var/clamav/clamav-milter.sock -- Pete Hanson http://www.well.com/user/wolfy http://www.fotolog.net/wolfy _

Re: [Clamav-users] problems after .84 upgrade

I'm seeing similar symptoms on Solaris 8 and 6, as I reported in the "clamd segfaulting as of about thursday" thread.The rest of this is reposted from that thread: - Post 1 I am not explicity using the -B flag, nor do I believe that I need it. The error is occurring in clamav-milter (

Re: [Clamav-users] clamd segfaulting as of about thursday

> Somehow or other, that -B flag is being set when clamav-milter > restarts following the reload. FWIW, the problem is happening on both Solaris 2.8 and 2.6 systems (on the 2.8 system, there are no logged error messages - the milter simply stops responding, and everything needs to be restarted).

Re: [Clamav-users] clamd segfaulting as of about thursday

On 5/2/05, Nigel Horne <[EMAIL PROTECTED]> wrote: > On Monday 02 May 2005 23:08, Pete 'Wolfy' Hanson wrote: > > slammed at postmaster each time it crashes. This was in the logs from > > the latest crash: > > > > May 2 14:22:24 smtp clamav-milter[153

Re: [Clamav-users] clamd segfaulting as of about thursday

Upgrading didn't seem to help me, though maybe it slowed down the crash rate - I just had another crash about an hour ago. I'm getting slammed at postmaster each time it crashes. This was in the logs from the latest crash: May 2 14:22:24 smtp clamav-milter[153]: ClamAv: setsockopt() failed (Inv

Re: [Clamav-users] Sendmail perms error

I ended up putting the clam stuff in /var/clamav defined as: drwx-- 2 clamav clamav 512 Aug 23 01:17 /var/clamav// Sendmail is - justifiably - paranoid about directory permissions, and will complain loudly if a directory is group writable. On Mon, 23 Aug 2004 10:50:55 -0400, Randa

Re: [Clamav-users] What to use with clamav?

Milters are a standard component of recent versions of sendmail. On Mon, 02 Aug 2004 10:02:32 -0400, Randall Perry <[EMAIL PROTECTED]> wrote: > I've read through the clamav docs but am thoroughly confused as to which of > the many smtp interface options to use. I was going to try milter, but can'

Re: [Clamav-users] Does Your Clamd Mem Usage Grows?

I had to install a similar monitor with 0.74 this past weekend. I had several episodes of clamd eating all memory, and dying on its own once. I then upgraded to 0.75, and the process has held steady between 30 and 40 MB (Solaris) since. I still have the memory monitor running. On Wed, 28 Jul

[Clamav-users] Clamd dying

I've had clamd (0.73) die silently on me twice this morning on two separate systems each (total 4 deaths), one Soalris 2.8 the other Solaris 2.6. Has someone managed to figure out how to shut it down remotely? -- Pete Hanson System Administrator The WELL ---