I have been getting these messages in my logs when a message is detected
as
a virus:
Mar 8 08:44:56 mypc clamav-milter[6112]: Message o27LiRP8029635 from
to with subject 'Important notice: Google'
message-id 'UNKNOWN' date 'UNKNOWN' infected by
Sanesecurity.Junk.22168.UNOFFICIAL
Is it possib
I have been getting these messages in my logs when a message is detected
as
a virus:
Mar 8 08:44:56 mypc clamav-milter[6112]: Message o27LiRP8029635 from
to with subject 'Important notice: Google'
message-id 'UNKNOWN' date 'UNKNOWN' infected by
Sanesecurity.Junk.22168.UNOFFICIAL
Yes - in thi
I have been getting these messages in my logs when a message is detected as
a virus:
Mar 8 08:44:56 mypc clamav-milter[6112]: Message o27LiRP8029635 from
to with subject 'Important notice: Google' message-id
'UNKNOWN' date 'UNKNOWN' infected by Sanesecurity.Junk.22168.UNOFFICIAL
Is it poss
> You are probably looking for the "AddHeader" option.
Thanks. That's fixed it. Just a minor point:
Version 0.94 gave detailed headers:
X-Virus-Scanned: ClamAV 0.94.2/9256/Sun Apr 19 09:13:04 2009 on
myserver.mydomain.com.au
Whereas 0.95 gives a brief header:
X-Virus-Scanned: clamav-milter
I've just upgraded clamav from 0.94 to 0.95.1. I use sendmail 8.14.0
on gentoo linux. My mail messages no longer contain the
"X-Virus-Scanned:" and "X-Virus-Status:" headers. The only evidence
that my messages are being scanned is that infected messages do get
quarantined appropriately. Is ther
I've just installed 0.95. The quarantine system seems to have changed -
messages are in /var/spool/mqueue and the sendmail queue now. It used to be
possible to use the --quarantine-dir command-line option to set a quarantine
directory but this is no longer available. What is the best way to handle
>
> Why not at MTA level?
>
I am using clamav-milter for my normal messages, but I use a program called
getlive (http://sourceforge.net/projects/getlive) to fetch messages from my
hotmail account and they aren't passed throught my MTA (sendmail). getlive
passes messages through procmail.
>
>
I have the following procmail rule (from the clamav website IIRC).
Its in /etc/procmailrc, so it applies to all user accounts.
Unfortunately this is an intermittent fault. I've just restarted the
clam daemon and the problem has resolved. Presumably its a permission
problem but its difficult to tr
Its taking almost 2 minutes for clamav-milter to start:
# time /etc/init.d/clamd start
* Starting clamd ...
Running as user clamav (UID 101, GID 407)
[ ok ]
* Starting freshclam ...
[ ok ]
* Starting clamav-milter ...
[ ok ]
ClamAV 0.90.3/3426/Fri Jun 15 22:02:54 2007
ClamAV: Protecting agains
With the "old" clamav, I ran a daily cron job that included saving the
scan report to a file:
clamscan -r -l /home/scan.txt --exclude=some_files
--exclude=some_more_files /home
This worked well and the "-l" simply added the summary to the report:
--
Scan
Version 39 is not the current version, look at the date June 9, the current is
version 40 built August 16 (just a day before you found the problem, so that's
it).
Please report your region mirror to Luca Gibelli (luca AT clamav DOT net), in
the meantime you could use another mirror, i.e. db.us.c
>> sigtool --info=daily.cvd
>>
Not too old, it's this morning (for me) version.
But remember that freshclam was complaining about main.cvd, try that one.
- --
# sigtool --info=main.cvd
Build time: 09 Jun 2006 22-19 +0200
Version: 39
# of signatures: 58116
Functionality level: 8
Builder: tkojm
M
sigtool --info=daily.cvd
# sigtool --info=daily.cvd
Build time: 21 Aug 2006 15-23 +
Version: 1702
# of signatures: 2006
Functionality level: 8
Builder: ccordes
MD5: bbb1f654dc3e11a3c3d925e93d7781bd
Digital signature: VZMPjrsSTdegG3omHNVKd7Cy24wXgcFdeO/cIGorNfxNGB/VSKL0EXXqIUZXV
Ed13VVHK+Z
Something happened Aug. 17, that's certain. From the test you made, which
discards network problems, and this there seems to be something else. Is
freshclam running from cron or as a daemon?
Fails with both
Correct user and permissions? Non
full filesystem? both /tmp and where the database
1. Get the current version numbers from the DNS record, i.e. "dig
current.cvd.clamav.net txt"
$ dig current.cvd.clamav.net txt
; <<>> DiG 9.3.2 <<>> current.cvd.clamav.net txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7784
;; flags: qr rd ra
I posted a question on this a few days ago and didn't get an answer.
Some more info. I've got clamav-0.88.4 on gentoo kernel 2.6.16.
Taken from my syslog:
Aug 21 21:36:18 mypc freshclam[7236]: ERROR: Mirrors are not fully
synchronized. Please try again later.
Aug 21 21:36:18 mypc freshclam[7236]
Recently freshclam has been failing on me (gentoo clamav 0.88.4)
# freshclam
ClamAV update process started at Fri Aug 18 07:32:47 2006
Downloading main.cvd [*]
ERROR: Mirrors are not fully synchronized. Please try again later.
Trying again in 5 secs...
ClamAV update process started at Fri Aug 18
I have been looking at replacing my debian box with ubuntu dapper LTS
(because of the "LTS"). I have been thwarted by the fact that there
does not seem to be a compatible repository for clamav. I don't want
to have to compile clamav manually every time a new release comes out.
Is there a reposi
I have upgraded from 0.86.1 to 0.86.2 on two separate servers (gentoo
and debian). clamav-milter has failed to start on both of these. If
I start it from the command line I get
clamav-milter: --timeout must not be given if --external is not given
I've managed to get around this by putting the f
Fixed!!
The temp directory and the quarantine directory need to be on the same
partition.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Which doc recommends the "b" option? I'll correct it.
That's the gentoo doc. Don't worry!
>> > 3) What is the output of "ls -ld /var/clam"?
basement robert # ls -ld /var/clam/milter/050204/
drwxrwx--- 2 clamav clamav 4096 Feb 4 22:50 /var/clam/milter/050204/
basement robert # ls -ld /var/c
> 1) Don't use the 'b' option unless you receive no emails from an external
> network
I don't normally use that - just copied the startup from the doc for
simplicity
> 2) It's unlikely that you need to use the 'l' option unless you're running
> in a Windows machine
Thanks - have changed that.
Hi folks.
I've just installed the latest clamd/clamav-milter with sendmail on my
gentoo machine. When receive a virus I get the following in my log - (ie
the infected file isn't moved into the quarantine directory):
Feb 4 21:03:32 basement clamav-milter[17978]: Starting ClamAV version 0.81,
> Samba-VScan has such an option. And additional it has an option to exclude
> some filetype (based on libmagic), but that doesn't work correctly on my
> server (I'm still trying to solve this issue).
I have "max file size = 1000" (no double quotes) on my
vscan-clamav.conf, but it still scans
I'm using samba + vscan-clamav. I've recently created an iso image of MS
Office 2000 Pro CD 1. When I try to copy it to my samba/clam server it gets
reported as being infected thus:
smbd_vscan-clamav[22858]: ALERT - Scan result: '/pub/CDImages/Office 2000
CD1.iso' infected with virus 'Exploit
I have just upgraded to clamav-milter_0.80-5 on my Debian Woody system.
When I run
"/etc/init.d/clamav-milter stop" it hangs. When I do a "ps ax" it says
"sleep 0.1". Looks as if the offending line something like this:
if [ -n "$PID" ]; then
start-stop-daemon -q -K -o -p $PIDFILE $DAE
Yes - I do have "Foreground" specified.
I can only assume that there is something wrong with my version of "daemon".
I compiled it from the original source from http://www.libslack.org/daemon/
. According to the debian website it is only available in "testing" and
"unstable". Because my serv
Thanks. That's exactly what I did. When I try to stop clamav-milter in
supervised mode, clamav-milter remains in memory. When I try to restart it
I get the following:
Oct 24 14:19:14 debian clamav-milter: clamav-milter: fatal: failed to become
a daemon: Resource temporarily unavailable.
I h
I have just clam and clamav-milter on my woody (stable) system. I am able
to start clamd and clamav-milter in supervised mode (by specifying
"foreground" in /etc/clamav/clamd.conf). If I send myself a test virus, I
get the following in my /var/log/mail.log:
Oct 24 09:00:13 debian sm-mta[8801]
I've created the following setup to run clamav-milter in supervised mode on
gentoo (amd64):
# cat /etc/init.d/daemon-clamav-milter
#!/sbin/runscript
depend() {
need net clamd
before sendmail
}
start() {
ebegin "Starting clamav-milter (supervised)"
/usr/local/bin/daemon -F
/var
Also make sure you have FixStaleSocket set in clamav.conf - it should be
by default. Let me know if you have problems after doing this - I don't
run it that wat myself, all the work was done for someone who did want
to run it under daemon. Since I haven't gotten a bug report from them
recently, I
>Also make sure you have FixStaleSocket set in clamav.conf - it should be
>by default. Let me know if you have problems after doing this - I don't
>run it that wat myself, all the work was done for someone who did want
>to run it under daemon. Since I haven't gotten a bug report from them
>recent
I have recently installed woody with clamav-daemon and clamav-milter. I see
that the /etc/init.d/clamav-milter has the following at the start of the
startup script:
SUPERVISOR=/usr/bin/daemon
SUPERVISORPIDFILE="/var/run/clamav/daemon-clamav-milter.pid"
SUPERVISORARGS="-F $SUPERVISORPIDFILE --name
> >I've been having problems with clamav. Every Sunday, clamav dies.
> > These are the last messages in the logs every week.
> >
> > ERROR: Can't unlink the socket file /var/run/clamav/clamd.ctl
> > ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
> > --- Stopped at Sun Aug 29 06:34:3
I have set up samba with the vscan-clamav module (instructions on
http://www.gentoo.org/doc/en/printing-howto.xml).
I am encountering some problems because clamd does not have the necessary
permissions to enter all of the shared directories, and (in particular) is
unable to move infected files int
>The init script uses 'retry' for 30 seconds to kill the processes. If
>they don't die on the first signal, they get signalled again, and so on
>until they actually do die. This had to be done because I had seen
>several heavily loaded systems where the milter processes wouldn't
>actually die. The
I have installed clamav-milter on two debian boxes from deb
http://people.debian.org/~sgran/debian woody main.
Every time I try to stop it, it hangs for about 30 seconds then spews out
the following message:
Stopping Sendmail milter plugin for ClamAV: start-stop-daemon: warning:
failed to kill XX
> Did the e-mail get saved in the quarantine? If so send me a copy.
>
Actually, I don't think that the virus was necessarily the fatal event.
Here is the last log before the milter restarted:
May 2 19:37:31 basement sm-mta[17368]: i429bUbk017368: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>, rela
I am running clamav-0.70 on a very small home/small office server with a
limited number of users. Recently my clamav-milter died, presumably when it
scanned the Worm.Lovgate.Z virus. I got the following in my
/var/log/maillog:
sm-mta[17368]: i429bUbk017368: timeout waiting for input from
[221.15
I am getting messages rejected. I've been getting a few notifications that
messages are not arriving. I get the following messages in my mail log.
Note: "sender", "recipient", "myserver" and "mydomain.com.au" are
fictitious.
Mar 26 22:59:40 myserver sm-mta[9106]: i2QBvPA0009106:
from=<[EMAIL PR
I am using logrotate to rotate my clamd logs. I have an entry called "clam"
in /etc/logrotate.d which looks like this:
/var/log/clam/clam*.log {
sharedscripts
postrotate
/bin/kill `/usr/bin/cat /var/run/clamd/clamd.pid` 2>/dev/null
/usr/local/sbin/clamd
endscript
}
If
Chris de Vidal wrote:
> I've come down with the whooping cough (I've been coughing until I choke
> for 5
> weeks now) AND a cold (didn't get much sleep last night). Yuck.
>
> Doesn't ClamAV make human antivirus software??? The influenza virus (flu)
> mutates, must be open source LOL...
>
Sorr
I mailed this to the sender several days ago but couldn't post it to the
newsgroup. I'm trying again!
I have had clamav-milter running on slack 9.0/9.1 for months without a
hitch. I did this several weeks ago so I hope I can still remember the
procedure.
1. Copy the slack sources into a local f
43 matches
Mail list logo
