>
> On Friday 13 April 2007 09:25 am, Dennis Peterson wrote:
> > Freddie Cash wrote:
> Heh, lucky you. =A0:)
>
> Out of the 4199 messages blocked as "infected" so far this month, 289 of =
>
> them were marked as MSRBL-Images/* by amavisd-new and clamav. =A0
$ tail -5000 /var/j*/*virus |grep -c
On Friday 13 April 2007 09:25 am, Dennis Peterson wrote:
> Freddie Cash wrote:
> > On Thursday 12 April 2007 06:53 pm, Dennis Peterson wrote:
> >> And just an fyi, be cautious of the MSRBL-Images file. Rechecking it
> >> while I was typing this shows that with it in place it will cause
> >> the cla
On Friday 13 April 2007 01:35 pm, Bill Landry wrote:
> Freddie Cash wrote the following on 4/13/2007 12:43 PM -0800:
> >> I'm running dual proc Sun Sparc systems, and the cpu usage from
> >> clamd appears to be an unhealthy kind of cpu usage. It sits at 95%,
> >> and running truss does not return a
Freddie Cash wrote the following on 4/13/2007 12:43 PM -0800:
>> I'm running dual proc Sun Sparc systems, and the cpu usage from clamd
>> appears to be an unhealthy kind of cpu usage. It sits at 95%, and
>> running truss does not return anything - just an empty screen. I can't
>> tell what it's doi
On Friday 13 April 2007 09:25 am, Dennis Peterson wrote:
> Freddie Cash wrote:
> > On Thursday 12 April 2007 06:53 pm, Dennis Peterson wrote:
> >> And just an fyi, be cautious of the MSRBL-Images file. Rechecking it
> >> while I was typing this shows that with it in place it will cause
> >> the cla
Freddie Cash wrote:
> On Thursday 12 April 2007 06:53 pm, Dennis Peterson wrote:
>> And just an fyi, be cautious of the MSRBL-Images file. Rechecking it
>> while I was typing this shows that with it in place it will cause the
>> clamd cpu to rise to 90% and stay there. At 11M it may be too big to b
On Thursday 12 April 2007 06:53 pm, Dennis Peterson wrote:
> And just an fyi, be cautious of the MSRBL-Images file. Rechecking it
> while I was typing this shows that with it in place it will cause the
> clamd cpu to rise to 90% and stay there. At 11M it may be too big to be
> practical.
I think t
Chuck Swiger wrote:
> On Apr 12, 2007, at 5:02 PM, Dennis Peterson wrote:
>> Tomasz Kojm <[EMAIL PROTECTED]> wrote:
>>> for 3rd party databases this can be managed with a simple script,
>>> no need for
>>> adding a keyring manager to ClamAV
>> I swear it was just 8 weeks ago or so when we last ha
On Apr 12, 2007, at 5:02 PM, Dennis Peterson wrote:
> Tomasz Kojm <[EMAIL PROTECTED]> wrote:
>> for 3rd party databases this can be managed with a simple script,
>> no need for
>> adding a keyring manager to ClamAV
>
> I swear it was just 8 weeks ago or so when we last had this discussion
> and a
Tomasz Kojm wrote:
>
> for 3rd party databases this can be managed with a simple script, no need for
> adding a keyring manager to ClamAV
>
I swear it was just 8 weeks ago or so when we last had this discussion
and all manner of fine ideas and scripts came out of it. Me thinks some
folks need
On Thu, 12 Apr 2007 16:25:01 -0700
Chuck Swiger <[EMAIL PROTECTED]> wrote:
> It seems to me that there are two issues here, not one, and that we
> don't have to achieve a perfect solution to both in order to still
> improve the situation.
>
> By this I mean that it would be nice if clamd/fres
On Apr 12, 2007, at 3:55 PM, Tomasz Kojm wrote:
> On Thu, 12 Apr 2007 16:42:07 -0600 (MDT)
> James Bourne <[EMAIL PROTECTED]> wrote:
>> Yes it may be possible, but that's still no excuse for clamd to
>> bail when
>> presented with two sets of data files, one invalid and one valid.
>
> There's no
On Thu, 12 Apr 2007 19:03:09 -0400
James Kosin <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Tomasz Kojm wrote:
> > On Thu, 12 Apr 2007 16:42:07 -0600 (MDT) James Bourne
> > <[EMAIL PROTECTED]> wrote:
> >
> >> Yes it may be possible, but that's still no excuse
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tomasz Kojm wrote:
> On Thu, 12 Apr 2007 16:42:07 -0600 (MDT) James Bourne
> <[EMAIL PROTECTED]> wrote:
>
>> Yes it may be possible, but that's still no excuse for clamd to
>> bail when presented with two sets of data files, one invalid and
>> one val
On Thu, 12 Apr 2007 18:54:30 -0400
James Kosin <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Tomasz Kojm wrote:
>
> <--snip-->
> > This can be solved using file permissions as well, eg. by running
> > clamd with only read privileges to the database directory.
On Thu, 12 Apr 2007 16:42:07 -0600 (MDT)
James Bourne <[EMAIL PROTECTED]> wrote:
> Yes it may be possible, but that's still no excuse for clamd to bail when
> presented with two sets of data files, one invalid and one valid.
There's no perfect solution to this problem. The only good one I could t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tomasz Kojm wrote:
<--snip-->
> This can be solved using file permissions as well, eg. by running
> clamd with only read privileges to the database directory.
>
I was thinking about the possible VIRUS or TROJAN being able to gain
root access by some
On Fri, 13 Apr 2007, Tomasz Kojm wrote:
> On Thu, 12 Apr 2007 16:22:51 -0600 (MDT)
> James Bourne <[EMAIL PROTECTED]> wrote:
>
>> On Fri, 13 Apr 2007, Tomasz Kojm wrote:
>>
>>> On Thu, 12 Apr 2007 18:08:06 -0400
>>> James Kosin <[EMAIL PROTECTED]> wrote:
>>>
I just tested and clamd will try t
On Thu, 12 Apr 2007 16:22:51 -0600 (MDT)
James Bourne <[EMAIL PROTECTED]> wrote:
> On Fri, 13 Apr 2007, Tomasz Kojm wrote:
>
> > On Thu, 12 Apr 2007 18:08:06 -0400
> > James Kosin <[EMAIL PROTECTED]> wrote:
> >
> >> I just tested and clamd will try to read any file with the extension
> >> of .cvd
On Fri, 13 Apr 2007, Tomasz Kojm wrote:
> On Thu, 12 Apr 2007 18:08:06 -0400
> James Kosin <[EMAIL PROTECTED]> wrote:
>
>> I just tested and clamd will try to read any file with the extension
>> of .cvd in the /var/lib/clamav directory.
>> My simple question is:
>> "Could this pose a security or
On Thu, 12 Apr 2007 18:08:06 -0400
James Kosin <[EMAIL PROTECTED]> wrote:
> I just tested and clamd will try to read any file with the extension
> of .cvd in the /var/lib/clamav directory.
> My simple question is:
> "Could this pose a security or virus scanning problem if someone
> managed to pl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luigi Iotti wrote:
> To who is experiencing the *.cvd problem due to the "3rd party
> scripts" in the RPM packages maintained by Petr Kristof , available
> on http://crash.fce.vutbr.cz/crash-hat/5/ :
>
> Petr just released an upddated version of his p
To who is experiencing the *.cvd problem due to the "3rd party scripts" in
the RPM packages maintained by Petr Kristof , available on
http://crash.fce.vutbr.cz/crash-hat/5/ :
Petr just released an upddated version of his packages, including the
patches to the script I suggested on the list. Now th
Same problem here... I had to update clamd server and the database then the
problem was resolved.
Steve
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
On Thu, 12 Apr 2007 13:17:12 -0400
JamesDR <[EMAIL PROTECTED]> wrote:
> Tomasz Kojm wrote:
> > On Thu, 12 Apr 2007 18:06:51 +0400
> > Anton Yuzhaninov <[EMAIL PROTECTED]> wrote:
> >
> >> Hello, Tomasz.
> >>
> >> You wrote on Thursday, April 12, 2007, 5:49:04 PM:
> >>
> (2) ClamAV needs to
Tomasz Kojm wrote:
> On Thu, 12 Apr 2007 18:06:51 +0400
> Anton Yuzhaninov <[EMAIL PROTECTED]> wrote:
>
>> Hello, Tomasz.
>>
>> You wrote on Thursday, April 12, 2007, 5:49:04 PM:
>>
(2) ClamAV needs to change to fix the issue of a 0-byte CVD file
causing it to CRASH.
>>> I _doesn't_ cr
On Thursday April 12, 2007 at 12:21:32 (PM) James Bourne wrote:
> This brings a question to my mind.
>
> Is there any need for the old .cvd files now that clamd uses the incremental
> files?
I took this approach to the problem (freebsd)
I shutdown clamav and freshclam.
Deleted all of the files
On Thu, 12 Apr 2007, Tomasz Kojm wrote:
> On Thu, 12 Apr 2007 18:06:51 +0400
>> Why it can't work with old bases in this situation?
>> If it possible it will be more better than stop working.
>
> freshclam already takes care to not install broken data and in this case
> the "broken" db (i.e. the e
On Thu, 12 Apr 2007 18:06:51 +0400
Anton Yuzhaninov <[EMAIL PROTECTED]> wrote:
> Hello, Tomasz.
>
> You wrote on Thursday, April 12, 2007, 5:49:04 PM:
>
> >> (2) ClamAV needs to change to fix the issue of a 0-byte CVD file
> >> causing it to CRASH.
>
> > I _doesn't_ crash. It reports a critic
Hello, Tomasz.
You wrote on Thursday, April 12, 2007, 5:49:04 PM:
>> (2) ClamAV needs to change to fix the issue of a 0-byte CVD file
>> causing it to CRASH.
> I _doesn't_ crash. It reports a critical error and terminates.
Why it can't work with old bases in this situation?
If it possible it
On Thu, 12 Apr 2007 09:46:39 -0400
James Kosin <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Obantec Support wrote:
> > Hi
> >
> > clamd died again
> >
> > from clamd.log
> >
> > SelfCheck: Database modification detected. Forcing reload.
> > Reading databases f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Obantec Support wrote:
> Hi
>
> clamd died again
>
> from clamd.log
>
> SelfCheck: Database modification detected. Forcing reload.
> Reading databases from /var/lib/clamav
> ERROR: reload db failed: Broken or not a CVD file
> Terminating because of a
el: jueves, 12 de abril de 2007 13:40
> Para: ClamAV users ML
> Asunto: Re: [Clamav-users] *.cvd again! attachment fixed
>
> On Thu, 12 Apr 2007 12:20:17 +0200, Tomasz Kojm wrote
> > On Thu, 12 Apr 2007 11:57:12 +0200
> > Guillermo Gómez Valcárcel <[EMAIL PROTECTED]> wrote
On Thu, 12 Apr 2007 12:20:17 +0200, Tomasz Kojm wrote
> On Thu, 12 Apr 2007 11:57:12 +0200
> Guillermo Gómez Valcárcel <[EMAIL PROTECTED]> wrote:
>
> > I have the same symptoms.
> > I wrote my symptoms in another post with subject:
> > "ERROR: reload db failed: Broken or not a CVD file"
>
> http:
On Thu, 12 Apr 2007 12:20:17 +0200, Tomasz Kojm wrote
> On Thu, 12 Apr 2007 11:57:12 +0200
> Guillermo Gómez Valcárcel <[EMAIL PROTECTED]> wrote:
>
> > I have the same symptoms.
> > I wrote my symptoms in another post with subject:
> > "ERROR: reload db failed: Broken or not a CVD file"
>
> http:
On Thu, 12 Apr 2007 11:57:12 +0200
Guillermo Gómez Valcárcel <[EMAIL PROTECTED]> wrote:
> I have the same symptoms.
> I wrote my symptoms in another post with subject:
> "ERROR: reload db failed: Broken or not a CVD file"
http://lurker.clamav.net/message/20070411.175950.b7329d9f.en.html
--
o
Enviado el: jueves, 12 de abril de 2007 9:09
Para: ClamAV users ML
Asunto: [Clamav-users] *.cvd again!
Hi
clamd died again
from clamd.log
SelfCheck: Database modification detected. Forcing reload.
Reading databases from /var/lib/clamav
ERROR: reload db failed: Broken or not a CVD file
Terminati
Hi
clamd died again
from clamd.log
SelfCheck: Database modification detected. Forcing reload.
Reading databases from /var/lib/clamav
ERROR: reload db failed: Broken or not a CVD file
Terminating because of a fatal error.Socket file removed.
Pid file removed.
--- Stopped at Thu Apr 12 04:25:08 20
38 matches
Mail list logo
