Disregard my previous email (re: submitting viruses for newbies), I
figured it out :P
I just sent it on thru the form... I accidentally sent it twice though.
The first submission I sent the file along, but norton had already
cleaned it. I believe the second one has the uncleaned message with the
After weeks of running clamd+clamav-milter without any problems
(Solaris9 sparc, sendmail 8.12.10), today morning something wrong
happened. Below are some lines from clamd.log :
Tue Mar 16 03:57:46 2004 -> ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:47 2004 -> ERROR: ScanStream: accept()
On Tue, 16 Mar 2004 10:13:48 +0300, Odhiambo Washington
<[EMAIL PROTECTED]> wrote:
[...]
>Do you have a file clamav.conf??
>
>
I'm talking about "socket" file ?
Is there a way to coonect to CLAM using socket ??
Very much! Go slowly and read the installation docs. The answers are
there. That is
I am suffering the same problem, I'm running SuSE 9 Pro.
Typing 'clamd' gives no response whatsoever, clamscan has installed and is
functional.
My symptoms are the same.
What do I need to do I have read as much info as I can get hold of.
Would clamav-milter installation improve the situation.
I'
Fajar A. Nugraha wrote:
> Helmut Schneider wrote:
>
>>> seems that the clamav Port (0.67-1) has problems with RAR Files
>>> (e.g.
>>> Bagle.N):
>>
>> To avoid missunderstandings, I know the file is pwd, but clamav does
>> not recognize the virus within the archive (maybe a DB problem)...
>>
>
Helmut Schneider wrote:
Thats the point, if clamav would have detected the virus in the original mail I wouldn't have posted here... :)
Aaah :)
In that case,
test the original mail (not just the attachments) on
http://www.gietl.com/test-clamav/.
If it's not detected, submit it to
http://www
Paul Constable wrote:
I am suffering the same problem, I'm running SuSE 9 Pro.
Typing 'clamd' gives no response whatsoever,
Again, how do you get your package (rpm, source, binary .tar.gz, etc)?
Next, find out where your clamav.conf is. There sould be a line similar to
LocalSocket /tmp/clamd ==> T
On Mon, 15 Mar 2004 22:41:39 -0500
James <[EMAIL PROTECTED]> wrote:
> I'm currently using clamav 0.67, and I'm seeing clamav taking a long
> time scanning files with mostly 0xFFs.
>
> Normally the time it takes to scan a file is not a problem but once a
> while we receive a large mostly white p
On Tue, 16 Mar 2004 11:55:33 +1100
Jonathan Trott <[EMAIL PROTECTED]> wrote:
> Tomasz Kojm <[EMAIL PROTECTED]> wrote on 12/03/2004 00:07:01:
>
> > On Thu, 11 Mar 2004 12:49:36 +1100
> > Jonathan Trott <[EMAIL PROTECTED]> wrote:
> >
> > > At the moment, if you put any virus inside an encrypted zi
On Mon, 15 Mar 2004 17:12:20 -0700 (MST)
"Lucas Albers" <[EMAIL PROTECTED]> wrote:
> Fajar A. Nugraha said:
> > An interesting fact on ChangeLog:
> >
> > Thu Mar 11 21:50:32 CET 2004 (tk)
> > -
> > * libclamav: rar: added support for encrypted archive
> > (Encry
Lucas Albers schrieb:
Fajar A. Nugraha said:
An interesting fact on ChangeLog:
Thu Mar 11 21:50:32 CET 2004 (tk)
-
* libclamav: rar: added support for encrypted archive (Encrypted.RAR)
detection
To make an obvious statement.
Clamav should add encr
Fajar A. Nugraha wrote:
> Helmut Schneider wrote:
>
>> Thats the point, if clamav would have detected the virus in the
>> original mail I wouldn't have posted here... :)
>>
> Aaah :)
>
> In that case,
> test the original mail (not just the attachments) on
> http://www.gietl.com/test-clamav/.
>
My apologies, for not furnishing more detail.
I obtained a tarball and built from source.
I have all pieces in place that you mention, but when trying to stimulate the
the daemon by a script i.e clamctl I get a compliant that it cannot parse the
conf.file.
When typing just 'clamd' on the comma
When I
enter
freshclam
--on-update-execute='echo DONE'
the database updates
but the command doesn't execute. I've tried lots of variations but no
joy.
I ultimately want
freshclam to run from CRON and execute a script that emails me if the update
fails. The script works fine, but fres
Sorry, I forgot to add:
clamav version 0.67-1
Krzysztof Snopek
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everyt
On Tuesday 16 March 2004 11:07, Andrei Bucur wrote:
> i add next lines in sendmail.mc:
> INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamd/clamd-milter.sock,F=,
> T=S:4m;R:4m')dnl
> define(`confINPUT_MAIL_FILTERS', `clmilter')
Please see
ps awwx|grep clam
clamav-milter must be run with "local:/v
On Tue, 16 Mar 2004 09:29:57 +0100 (CET)
Krzysztof Snopek <[EMAIL PROTECTED]> wrote:
> After weeks of running clamd+clamav-milter without any problems
> (Solaris9 sparc, sendmail 8.12.10), today morning something wrong
> happened. Below are some lines from clamd.log :
>
> Tue Mar 16 03:57:46 2004
Paul Constable wrote:
My apologies, for not furnishing more detail.
I obtained a tarball and built from source.
Good :)
I have all pieces in place that you mention, but when trying to stimulate the
the daemon by a script i.e clamctl I get a compliant that it cannot parse the
conf.file.
ion: 187, sigs: 389, f-level: 1, builder: diego)
Database updated (20483 signatures) from clamav.antispam.or.id
(202.134.0.71).
Clamd successfully notified about the update.
DONE
[EMAIL PROTECTED] /]# freshclam -V
freshclam / ClamAV version devel-20040316
=
On Mar 16, 2004, at 12:55 AM, Odhiambo Washington wrote:
I have seen some people on the list say that clamd will stop working
if the maximum logfile size is hit?
Well, that was discussed, but they also gave solutions with the use of
logrotate.
I was hoping not to add another rotation system to Fre
Krzysztof Snopek wrote:
Tue Mar 16 04:01:00 2004 -> ERROR: ScanStream: accept() failed.
Tue Mar 16 04:02:27 2004 -> ERROR: ScanStream: Can't create temporary
file.
[snip]
Could someone guess what happened?
was your /tmp full ?
By default, Solaris stores /tmp on system memory (and swap) as
On 3/15/04 9:21 PM, "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote:
> Local mirror? Just have one primary freshclam download *.cvd to the root
> directory of
> your local webserver. Then setup other freshclams to point to that
> webserver
> (with DatabaseMirror directive). To reduce lag, you could s
Mike Fish wrote:
When I enter
freshclam --on-update-execute='echo DONE'
the database updates but the command doesn't execute. I've tried lots
of variations but no joy.
I ultimately want freshclam to run from CRON and execute a script that
emails me if the update fails. The script works fin
[I've e-mailed this few days ago from a non-subscribed address and the
only thing I've got was "pending moderator approval. Sorry if you
receive this in duplicate]
Hello all,
I remember seeing this problem before in a past thread (I cannot
re-locate it atm) but there was no solution, so here
Hello,
I'm using clamav version 0.67 and clamav-milter version 0.66n on FreeBSD
5.2.1. I have noticed a lot of open (and maybe unused) clamav's network
connections. For example:
clamav clamav-mil 47720 1 stream /var/run/clamav/milter.sock
clamav clamav-mil 47720 2 stream (not connected)
cla
On Tue, 16 Mar 2004, Alex S Moore wrote:
> After going back further in clamd.log, I am seeing exactly the same thing
> on Solaris 9 sparc, sendmail 8.12.11 + milter. It started yesterday
> morning and I had to shut down clamav.
>
> I ran a find for anything changed in the past 2 days, but found n
Using clamd snapshot 20040316 on FreeBSD 4.9
Still having problems when clamd reloads the virus definitions. I've moved
the DB to local disk from NFS, and still see the same problem. We have
several servers that all randomly run into this problem. It seems to hold
up all the threads and t
I am running 0.67-1 from RPM on redhat 9.
I used to run freshclam from cron but since the daemonized 0.67 freshclam
was released i have been using it that way to reduce load on freshclam
servers. Anyway, this morning i noticed that freshclam wasnt running.
Checking my freshclam.log shows
---
> Submission: 2005
> Sender: Fisher
> Submitted virus name: Unknown Virus
> Virus name: Worm.Bagle.Gen-rarpwd
> Notes: Signature added through daily.cvd version 187 to
> Notes: detect password protected RAR files.
> Added: No
Is this signature in effect for all scans, or only those with the
"Ar
I saw the same thing after I downloaded the new binaries for
our Tru64 server.
I did some testing and found that when I used the previous
clamdscan binary, everything worked again. It even picks up
viruses that were missed before, and caught by our "banned
extensions" recipe.
So I am using all th
Title: Glibc and different versions of clam
A while back I was in the process of upgrading my system to
the new glibc and had to revert back. This left some libraries
etc around and the end result in I have trouble compiling clamav.
I can compile clamscan (0.70 rc) just fine, but I'm s
On Tue, 16 Mar 2004 16:51:44 +0100 (CET)
Krzysztof Snopek <[EMAIL PROTECTED]> wrote:
> The log above is complete, nothing has been cut. There were no mail
> except for those timeouts, and when after 3 h from database reloading
> new mail arrived, it went wrong way.
Are you using GNU compiler and
Has the number of virus signatures increased significantly lately? I
thought there were around 21,000 but now I have this msg in clamd.log.
Tue Mar 16 11:45:22 2004 -> Protecting against 40969 viruses.
Thanks, Alex
---
This SF.Net email is sp
ClamAV will no longer start. The following is from my /var/log/messages:
Mar 16 10:08:17 ns2 clamd: clamd shutdown failed
Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom.
Mar 16 10:08:17 ns2 last message repeated 189 times
Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can'
Ma
On Tuesday 16 March 2004 5:53 pm, Alex S Moore wrote:
> Has the number of virus signatures increased significantly lately? I
> thought there were around 21,000 but now I have this msg in clamd.log.
>
> Tue Mar 16 11:45:22 2004 -> Protecting against 40969 viruses.
You have two copies of the datab
I am running clamav under SunOS 5.8. Ever since version 0.67 (or so, I
am not checking them regularly) , I have been unable to leave ClamAV
running. It does run, but after some minutes, it stops processing
emails. It is still running, in fact, it uses up to 85% of the CPU(!),
but no email goes
On Tue, 2004-03-16 at 12:53, Alex S Moore wrote:
> Tue Mar 16 11:45:22 2004 -> Protecting against 40969 viruses.
It sounds like you have viruses.db* in /var/lib/clamav (or wherever you
have your db files) along with the CVDs. Try deleting the *db* files
and see what that does.
You should only ha
On Tue, 2004-03-16 at 17:53, Alex S Moore wrote:
> Has the number of virus signatures increased significantly lately? I
> thought there were around 21,000 but now I have this msg in clamd.log.
>
> Tue Mar 16 11:45:22 2004 -> Protecting against 40969 viruses.
>
Maybe you have both old and new sty
On Tue, 2004-03-16 at 12:33, Antony Stone wrote:
> You have two copies of the database on your system - probably both old (*.db?)
> and new (*.cvd) files in the same directory.
I thought that looked wrong. Don't know how I managed to do that, but
it is fixed now and I have a count of 20,486.
T
On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote:
> I am running clamav under SunOS 5.8. Ever since version 0.67 (or so, I
> am not checking them regularly) , I have been unable to leave ClamAV
> running. It does run, but after some minutes, it stops processing
> emails. It is s
On Tue, 16 Mar 2004 11:28:53 -0500
"Jim Maul" <[EMAIL PROTECTED]> wrote:
> I am running 0.67-1 from RPM on redhat 9.
>
> I used to run freshclam from cron but since the daemonized 0.67
> freshclam was released i have been using it that way to reduce load on
> freshclam servers. Anyway, this morn
On Tue, 16 Mar 2004 15:48:00 +0100
Mikolaj Rydzewski <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I'm using clamav version 0.67 and clamav-milter version 0.66n on
0.67 is obsolete, better install 0.70-rc or 0.68-1
> FreeBSD 5.2.1. I have noticed a lot of open (and maybe unused)
> clamav's network co
Not that I currently have a use for this, but the idea of false
positives scares me. I know if I find a virus that's not included in
the .cvd I can create my own .db with a signature. But what if I find a
signature that blocks non-virus mail? Is there anything that can be
done locally?
About al
>
> Fajar A. Nugraha wrote:
>
> > Helmut Schneider wrote:
> >
> >>> seems that the clamav Port (0.67-1) has problems with RAR Files
> >>> (e.g.
> >>> Bagle.N):
> >>
> >> To avoid missunderstandings, I know the file is pwd, but
> clamav does
> >> not recognize the virus within the archive (ma
Cheers my man that is now working with some modifications.
I at first got the following message:-
'which: no clamd in (/usr/local/bin:/bin://usr/bin:/usr/X11R6/bin)
This I remedied by moving into the first location. My question is where does
this path come from as it is not in any of the conf fi
I'm seeing tons of network activity all UDP traffic to port 1828. Is this
an indication of a virus?
--
Michael St. Laurent
Hartwell Corporation
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Tomasz
> Kojm
> Sent: Tuesday, March 16, 2004 3:03 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Freshclam died
>
>
> On Tue, 16 Mar 2004 11:28:53 -0500
> "Jim Maul" <[EMAIL PROTECTED]> wrote
On 3/16/04 10:53 AM, "Robert Blayzor" <[EMAIL PROTECTED]> wrote:
More on this...
> Using clamd snapshot 20040316 on FreeBSD 4.9
>
> Still having problems when clamd reloads the virus definitions. I've moved
> the DB to local disk from NFS, and still see the
This is a hack, but I run monit on my servers to restart failed services.
Works well, it's a hack but it sure jacks my perceived uptime.
Tomasz Kojm said:
>> And that was it. There hasnt been another entry since and freshclam
>> quit after it. I supposed it is acceptable that due to network
>> i
Lucas Albers wrote:
This is a hack, but I run monit on my servers to restart failed services.
Works well, it's a hack but it sure jacks my perceived uptime.
Tomasz Kojm said:
And that was it. There hasnt been another entry since and freshclam
quit after it. I supposed it is acceptable that du
On Mar 16, 2004, at 11:48, Everton da Silva Marques wrote:
On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote:
I am running clamav under SunOS 5.8. Ever since version 0.67 (or so,
I
am not checking them regularly) , I have been unable to leave ClamAV
running. It does run, but afte
Steven P. Donegan wrote:
Hmmm, I just do a freshclam from chron rather than let it run as a
daemon - as a new user (I just downloaded, installed, integrated with my
anti-spam/anti-virus proxy - home built, today). Is doing this in any
way a negative thing?
I don't think it hurts, and from the r
Edward W. Ray wrote:
ClamAV will no longer start. The following is from my /var/log/messages:
How about compiling yourself from latest CVS snapshot?
http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz
---
This SF.Net email is sponsor
Steven P. Donegan wrote:
Hmmm, I just do a freshclam from chron rather than let it run as a
daemon - as a new user (I just downloaded, installed, integrated with
my anti-spam/anti-virus proxy - home built, today). Is doing this in
any way a negative thing?
Not if you set it to run on random mi
Doug Hardie wrote:
The problem I encountered has now been identified and I have a
working clamd that does not hang. I compiled it two different ways
and both worked. The problem was /dev/urandom returning either a -1
or a 0. Either of those will cause others.c to hang as it does not
test
Scott Harris wrote:
A while back I was in the process of upgrading my system to
the new glibc and had to revert back. This left some libraries
etc around and the end result in I have trouble compiling clamav.
I can compile clamscan (0.70 rc) just fine, but I'm stuck on old
version of freshclam (0
Fajar A. Nugraha wrote:
Steven P. Donegan wrote:
Hmmm, I just do a freshclam from chron rather than let it run as a
daemon - as a new user (I just downloaded, installed, integrated with
my anti-spam/anti-virus proxy - home built, today). Is doing this in
any way a negative thing?
Not if you s
Chris Meadors wrote:
Steven P. Donegan wrote:
Hmmm, I just do a freshclam from chron rather than let it run as a
daemon - as a new user (I just downloaded, installed, integrated with
my anti-spam/anti-virus proxy - home built, today). Is doing this in
any way a negative thing?
I don't think
Fajar A. Nugraha wrote:
ClamAV will no longer start. The following is from my
/var/log/messages:
How about compiling yourself from latest CVS snapshot?
http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz
You might also want to try
"./configure --disable-urandom" during compiling
Just not my day I guess. On "make" in devel build:
cd .. && \
/bin/sh /scsi2/tmp/clamav-devel-20040316/missing --run automake-1.6 --gnu
clamd/Makefile
aclocal.m4:4200: version mismatch. This is Automake 1.6.3, but aclocal.m4
aclocal.m4:4200: was generated for Automake
Edward W. Ray wrote:
Just not my day I guess. On "make" in devel build:
cd .. && \
/bin/sh /scsi2/tmp/clamav-devel-20040316/missing --run automake-1.6 --gnu
clamd/Makefile
aclocal.m4:4200: version mismatch. This is Automake 1.6.3, but aclocal.m4
aclocal.m4:4200: was gene
Thank you Everton!
I have amavisd-new with spamassassin, and clamd is the only virus scanner
I have on that system. Therefore, when amavisd starts, it automatically
starts using clamd. However, with all the new versions, I noticed that
clamd would start out fine, clean out some viruses for some 1
I believe this is a different problem than mine - my SunOS does not have
/dev/urandom either.. -turgut
On Wed, 17 Mar 2004, Fajar A. Nugraha wrote:
> Doug Hardie wrote:
>
> >
> > The problem I encountered has now been identified and I have a
> > working clamd that does not hang. I compiled
Hi, I have trouble to update virus database with freshclam via http proxy.
freshclam message is below.
Connecting via 127.0.0.1
Reading CVD header (main.cvd): ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from clamav.acnova.com (127.0.0.1)
According to proxy log, some e
64 matches
Mail list logo
