Hi Christian,
Am Die, den 20.04.2004 schrieb Christian Barmala um 07:48:
> > I have build an RPM for SuSE 8.2 and I can make it available for
> > download on my web/ftp server.
> The srpm would be especially interesting, because I could make adaptions to
Unfortunately, I have no SRPM. I just bui
I'm having trouble getting clamav to work with sendmail. I've reviewed the
list archive, and there seem to be a number of similar problems, but no
solutions.
Environment:
RH 9, kernel 2.4.20
sendmail 8.12.8
clamav 0.70 from Dag Apt Repository (also tried 0.70
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
from the *fine* manual (docs/node10.html):
__cut__
The following packages are optional but highly recommended:
[...]
GNU MP 3
It's very important to install the GMP package because it allows
freshclam to verify the digital
Does anybody know if I need a special version of this for the Cobalt RAQ
or can I just download the one from below?
Strange that it used to update perfectly. I haven't changed a thing. Is
this package really neccesary for freshclam?
Thanks for any help,
Tom
-Oorspronkelijk bericht-
Van
There is no need for a SuSe RPM, the SuSe startup script is
included in the CVS source - look at .../clamav/contrib/init/SuSE
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
-
> ClamAV update process started at Mon Apr 19 10:16:50 2004
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
>
> That's all it does.
btw: nothing in the log(s)?
--
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
--
> Strange that it used to update perfectly. I haven't changed a thing. Is
> this package really neccesary for freshclam?
for the warning to go away: yes.
as far as i can see in the code (freshclam/manager.c-downloadmanager())
the warning is not meant to hinder downloads though.
if you have dow
Yeah,
I switched on logging yesterday.
This is what it sais:
--
ClamAV update process started at Mon Apr 19 15:50:45 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
--
ClamAV update process started at Tue Apr 20 06
> clamav-milter[30731]: clamfi_connect: hostaddr is null Apr 19 22:06:49
What are your Milter options in sendmail.cf?
Here are mine:
# Milter options
O Milter.LogLevel=9
O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits},
On 19 Apr 2004 at 10:50, Todd Lyons wrote:
> On Mon, 2004-04-19 at 01:42, Andrea Trasatti wrote:
> > Hello all,
> > today I found about 8-10 email messages that were not filtered out by Clam,
> > but saving the attachment and checking it with the online checker it gets detected.
> >
> > Is t
In the message dated: Tue, 20 Apr 2004 09:13:22 BST,
The pithy ruminations from Nigel Horne on
were:
=> > clamav-milter[30731]: clamfi_connect: hostaddr is null Apr 19 22:06:49
=>
=> What are your Milter options in sendmail.cf?
O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
> --
> ClamAV update process started at Tue Apr 20 06:30:00 2004
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
> main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
> tkojm)
> daily.cvd is up to date (version: 269, sigs: 927, f-level: 1
> There's something odd here... I just checked the change log in
> clamav-milter.c
> from the 04/19/2004 development snapshot, and it claims that
> 0.70k is dated on
> 4/19, but doesn't show 0.70[l-n].
I've checked it in this morning (20/4), it takes a bit of time
to filter through to the "pub
Because when I entered "freshclam" before, it used to update in 10
seconds. Now I can wait for hours when I enter "freshclam" manually and
still nothing.
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens christian
laubscher
Verzonden: dinsdag 20 april 2004
In the message dated: Tue, 20 Apr 2004 09:13:22 BST,
The pithy ruminations from Nigel Horne on
were:
=>
=> Please update to clamav-milter 0.70n which may help to trace what's wrong since
=> it prints a better message.
OK. I found clamav-milter 0.70m (not "n") in CVS, and here's what I get i
On Mon, 19 Apr 2004 18:16:51 -0400
Robin, Rob wrote:
> Hello all,
>
> Platform: BSDi 4.2, gcc 2.95.2.
> I tried patches for *BSDs.
>
> Any pointers ?
>
> ./configure --prefix=/usr/local/clamav/0.70
Update your gcc to the latest version (3.3*) I believe. Same problem on
Hi,
I just upgraded to clam 0.70.
However, i am still receiving these messages:
kernel: pid 573 (clamd), uid 1006: exited on signal 6
I have no clue how or what.
At least i can use clamscan as backup, but i'd like just to run clamd.
Bye,
Mipam.
-
> Because when I entered "freshclam" before, it used to update in 10
> seconds. Now I can wait for hours when I enter "freshclam" manually and
> still nothing.
oh. :-(
here it takes 2 to 5 seconds, just tried; i would expect your problem
to be related to a dns/proxy/firewall issue, not to fresh
On Tue, 2004-04-20 at 10:08, [EMAIL PROTECTED] wrote:
> =>
> => Please update to clamav-milter 0.70n which may help to trace what's wrong since
> => it prints a better message.
>
> OK. I found clamav-milter 0.70m (not "n") in CVS, and here's what I get in the
> logs:
The enhanced message is in
T. Suter wrote:
> Because when I entered "freshclam" before, it used to update
> in 10 seconds. Now I can wait for hours when I enter
> "freshclam" manually and still nothing.
Check that your firewall is allowing TCP port 53 access to DNS servers.
Database.clamav.net returns records which are
On Mon, 19 Apr 2004 05:17:12 + (UTC)
[EMAIL PROTECTED] wrote:
> While going through the 0.70 changelog, I came across this item:
>
> Tue Apr 13 14:16:42 CEST 2004 (tk)
> --
> * libclamav: scan EVS mails
>
> Can anyone please tell me what "EVS mai
Hello, htllp me please
Does ClamAV supports mail server which relays mail ?
I mean mail not to localhost but to other MTA's ?
I've installed Exim+eciscan and ClamAV
all log information is ok
for example:
Tue Apr 20 16:16:05 2004 -> +++ Started at Tue Apr 20
16:16:05 2004
Tue Apr 20 16:16:05 2004
Hello,
I have several installations of clamav. Versions are 0.67 or 0.70. A
customer sent an infected file with the virus named in the subject.
Version 0.67 detects the virus correctly, 0.70 doesn't. Comparing the
amount of known virus, there is a difference of about 75 viruses. Needless
to say t
On Tue, 20 Apr 2004 16:36:16 +0400 "=?windows-1251?Q?=CC=E8=F5=E0=E8=EB?=" wrote:
> Hello, htllp me please
>
> Does ClamAV supports mail server which relays mail ?
> I mean mail not to localhost but to other MTA's ?
>
> I've installed Exim+eciscan and ClamAV
> all log information is ok
> for exam
Михаил wrote:
Hello, htllp me please
Does ClamAV supports mail server which relays mail ?
I mean mail not to localhost but to other MTA's ?
YES! That's exactly how I use my exim+exiscan+clamav.
Mainly because my main server can't reject virus at SMTP time; exim CAN.
I've installed Exim+eciscan an
Intresting it was detected.
Here's my output of that Sober.f file:
[EMAIL PROTECTED]:/viri]# clamscan --mbox Sober.f.uue
Sober.f.uue: OK
--- SCAN SUMMARY ---
Known viruses: 21157
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.11 MB
I/O buffer size: 1310
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mitch
> (WebCob)
> Sent: Monday, April 19, 2004 4:01 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] [EMAIL PROTECTED] not removed
>
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTE
On Tue, 2004-04-20 at 14:24, Peter van der Does wrote:
> Here's my output of that Sober.f file:
> [EMAIL PROTECTED]:/viri]# clamscan --mbox Sober.f.uue
> Sober.f.uue: OK
> When I uudecode Sober.f.uue and uudecode part2 from Sober.f.uue it does
> detect it indeed.
What operating system?
What har
> > Is keeping a message counter feasible, given the design of the code?
> It's perfectly feasable and I've just done it when you enable debug to help
> you (look in the CVS code I've just committed - mbox.c version 1.66). However
> please don't enable debug all the time, and remember that enabling
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Andreas
> Haase
> Sent: Tuesday, April 20, 2004 8:42 AM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Problems detecting Worm.SomeFool.Y
>
>
> Hello,
>
> I have several installations of clamav. Versio
Yes, it can. For instance, if you use Postfix you can add your
domains and exchange servers in the transport file.
Edit the Postfix "transport" file. Add something similar to:
.domainAsmtp:[serverA]
.domainBsmtp:[serverB]
See the examples in the sample transport fi
Oops. Didn't mean to spam the world with this, but since I've already
done it...
> ...remember that enabling debug now also leaves the temporary files
> around to aid (of course!) debugging.
Where does it leave these files?
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
--
On Tue, Apr 20, 2004 at 12:03:05AM -0700, [EMAIL PROTECTED] said:
> Behavior:
> -
> clamscan works fine
> clamdscan works fine
>
> When sending mail to clamd via a milter (either clamav-milter or
> smtp-vilter), there seems to be a problem contacting the mail
Andreas Haase wrote:
Hello,
I have several installations of clamav. Versions are 0.67 or 0.70. A
customer sent an infected file with the virus named in the subject.
Version 0.67 detects the virus correctly, 0.70 doesn't. Comparing the
amount of known virus, there is a difference of about 75 virus
Bora wrote:
Hi, can the gateway be used to filter multiple domains for different
Exchange server? If so, where can I find the documentation? TIA.
Yes,
Both qmail and postfix (probably exim and sendmail as well, im pretty sure) can do
that.
I use qmail, it has smtproutes, and you just tell that a
"Cecilia Mtz" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> RedHat 7.3
> ClamAV 0.70
> clamav-milter
> sendmail
>
> --
>
> I finally got to make clamd and clamav-milter to work! It has been working
> since this morning and has catched more than 800 infected emails throug
On Tue, 20 Apr 2004, Tomasz Kojm wrote:
> > Tue Apr 13 14:16:42 CEST 2004 (tk)
> > --
> > * libclamav: scan EVS mails
>
> EVS is a commercial SMTP software. It uses the following header format:
>
> X-EVS: CHALLENGE
Thanks for the response (and the work yo
On Tuesday 20 Apr 2004 3:35 pm, Stephen Gran wrote:
> > clamav-milter[30731]: clamfi_connect: hostaddr is null
I believe this is now fixed in CVS (clamav-milter version 0.70o):
Tue Apr 20 15:18:58 BST 2004 (njh)
--
* clamav-milter: Handle hostaddr == NULL
On Tuesday 20 Apr 2004 3:04 pm, jef moskot wrote:
> > ...remember that enabling debug now also leaves the temporary files
> > around to aid (of course!) debugging.
> Where does it leave these files?
In clamscan's temporary directory.
> Jeffrey Moskot
> System Administrator
> [EMAIL PROTECTED]
I will retry when current flood of Worm.SomeFool.Y slows...
Thanks
Mimmus
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything
W32.Netsky.P.dam is not detectable by clamav
i use freshclam with -c 40 and it cant detect that virus ?
is there a problem?
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President an
On Tuesday 20 April 2004 5:11 pm, Adrian Gurbina (main) wrote:
> W32.Netsky.P.dam is not detectable by clamav
> i use freshclam with -c 40 and it cant detect that virus ?
> is there a problem?
The .dam suffix means "damaged". The sample you have may be sufficiently
damaged that ClamAV can't re
On Sun, 2004-04-18 at 14:14, Jason Haar wrote:
> I run clamd under daemontools with a memory limit of 50M. What looks to have
> happened is some bug in clamd allowed it to attempt to grow to 50M - the
> limit stopped it, and then all future clamd processes couldn't allocate
> memory either.
...ls
I'm running debian clamav-daemon 0.69-0.70-rc-1
Does not detect netsky.x variant.
I submitted the virus to the clamav webpage and they detected it, but my
current install does not detect it with these scan switches:
clamscan -r --mbox --stdout --disable-summary --infected
Download the message fro
I would like to state for the record:
I'm dumb sometimes.
I was not running freshclam in daemon form, so I did not have new dat files.
problem solved.
Lucas Albers said:
> I'm running debian clamav-daemon 0.69-0.70-rc-1
>
> Does not detect netsky.x variant.
> I submitted the virus to the clamav we
I am detecting a new netsky variant that is detected by mcafee as a netsky
variant but is not yet detected by name yet.
It is NOT detected by:
clamav, or f-prot.
I am receiving upwards of 10-20 an hour so far.
I have submitted it to the f-prot/mcafee/clamav online virus submittal
page for inclus
Bora wrote:
Hi, can the gateway be used to filter multiple domains for different
Exchange server? If so, where can I find the documentation? TIA.
If you have Sendmail you do that with the mailertable, like this:
domain1.com smtp:[1.2.3.4]
domain2.com smtp:[1.2.3.5]
Then in MailScanner you
On Tue, 20 Apr 2004, Niek wrote:
> > Version 0.67 detects the virus correctly, 0.70 doesn't. Comparing the
> > amount of known virus, there is a difference of about 75 viruses. Needless
> > to say that I updated the signatures several times using freshclam, which
> > was successfull (no error mess
> From: Mimmus [mailto:[EMAIL PROTECTED]
> I will retry when current flood of Worm.SomeFool.Y slows...
How can I see a description of this virus?
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel
Hello,
> > Version 0.67 detects the virus correctly, 0.70 doesn't. Comparing the
> > amount of known virus, there is a difference of about 75 viruses. Needless
> > to say that I updated the signatures several times using freshclam, which
> > was successfull (no error messages) but the diff between
On Tue, Apr 20, 2004 at 11:10:44AM -0600, Lucas Albers said:
> I would like to state for the record:
> I'm dumb sometimes.
> I was not running freshclam in daemon form, so I did not have new dat files.
> problem solved.
Ah, my second guess was right then - ignore completely my previous post.
--
I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
Since i am running qmail with qmail-scanner, i run clamav as user qscand and
have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to be
owned by qscand. While upgrading to 0.70 i
On Tue, Apr 20, 2004 at 11:07:05AM -0600, Lucas Albers said:
> I'm running debian clamav-daemon 0.69-0.70-rc-1
>
> Does not detect netsky.x variant.
> I submitted the virus to the clamav webpage and they detected it, but my
> current install does not detect it with these scan switches:
>
> clamsc
Hi Nigel,
"Nigel Horne" <[EMAIL PROTECTED]> wrote:
> There is no need for a SuSe RPM, the SuSe startup script is
> included in the CVS source - look at .../clamav/contrib/init/SuSE
Found it! Great! Thank you! But I still consider an srpm useful.
It provides more than the init script.
Christian
Hello again,
> This smells of freshclam downloading the virus definitions to one location
> and clamav using a copy in a different location. Make sure
> "DatabaseDirectory" has the same location in both /etc/freshclam.conf and
> /etc/clamav.conf. Mine is DatabaseDirectory /var/lib/clamav
that r
Hey,
I've got clamav installed on my mail server and am currently using it to
scan E-Mail for viruses.
Today, my users are getting hammered with W32.Netsky.X and I don't see
that clamav's virus definitions have this one even after I do a freshclam.
http://securityresponse.symantec.com/avcenter
[EMAIL PROTECTED] wrote:
How can I see a description of this virus?
http://www.sophos.com/virusinfo/analyses/w32netskyy.html
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, V
On Tue, Apr 20, 2004 at 11:36:56AM -0600, Lucas Albers said:
> I am detecting a new netsky variant that is detected by mcafee as a netsky
> variant but is not yet detected by name yet.
>
> It is NOT detected by:
> clamav, or f-prot.
>
> I am receiving upwards of 10-20 an hour so far.
>
> I have
In the message dated: Tue, 20 Apr 2004 18:45:40 BST,
The pithy ruminations from Nigel Horne on
were:
=>
=>
=> On Tuesday 20 Apr 2004 6:40 pm, you wrote:
=>
=> > Can you send me a copy? I just grabbed the "latest" cvs version, and it's
=> > got 0.70n, not "o".
=>
=> Attached 70.o with some f
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Andreas
> Haase
> Sent: Tuesday, April 20, 2004 2:46 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] Problems detecting Worm.SomeFool.Y
>
>
> Hello,
>
> > > Version 0.67 detects the virus correct
Title: Clandscan error
Hi all,
Thanks for all your help.
I recently installed CLAMAV on my OpenBSD 3.4 box. Running CLAMSCAN works fine, but when I try to run CLAMDSCAN I get this error.
# clamdscan
connect(): Socket operation on non-socket
ERROR: Can't connect to clamd.
For referenc
Daniel Corbe wrote:
Today, my users are getting hammered with W32.Netsky.X and I don't see
that clamav's virus definitions have this one even after I do a freshclam.
Netsky is called Somefool in Clam.
http://article.gmane.org/gmane.comp.security.virus.clamav.virusdb/302
It's easy to find from he
Wiltshire, Michael wrote:
I recently installed CLAMAV on my OpenBSD 3.4 box. Running CLAMSCAN
works fine, but when I try to run CLAMDSCAN I get this error.
# clamdscan
connect(): Socket operation on non-socket
ERROR: Can't connect to clamd.
So, are you running clamd? Clamdscan is just the client
Whereis your clamav.conf ? (MUST be /etc/clamav.conf)
Did you run /usr/local/sbin/clamd before trying clamdscan ?
What is the rights on the local socket ("/tmp/clamd" with the conf file in
attachement)? ($ls -l /tmp/clamd)
.. I don't know .. :-)
++ Jerome
>
> I recently installed CLAMAV on my Op
On Tue, 20 Apr 2004 15:30:28 -0400, Daniel Corbe <[EMAIL PROTECTED]>
wrote:
>Hey,
>
>I've got clamav installed on my mail server and am currently using it to
>scan E-Mail for viruses.
>
>Today, my users are getting hammered with W32.Netsky.X and I don't see
>that clamav's virus definitions have
Hello,
> Have you tried to locate or find *.cvd? Are there other copies somewhere?
yes, there are also files located in /usr/local/share/clamav/. These could
be from a former installation. But the new directory is /var/lib/clamav/.
> What about:
>
> sigtool -l|grep SomeFool
>
> [SomeFool list]
On Tue, 2004-04-20 at 21:30, Daniel Corbe wrote:
> Hey,
>
> I've got clamav installed on my mail server and am currently using it to
> scan E-Mail for viruses.
>
> Today, my users are getting hammered with W32.Netsky.X and I don't see
> that clamav's virus definitions have this one even after I
Just trying to file as many bugs against clamav as possible.
Make you earn your pay!...
Stephen Gran said:
>
> Ah, my second guess was right then - ignore completely my previous post.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State Univers
Hi
i´m running ClamAV in a RedHat 8 box with Sendmail
and MailScanner.
- i'd like to know how to not scan certain
file types for certain users
eg: don't scan .zip files for user x
- is it possible for ClamAV to know wich .exe
are bad and wich are good
eg: flash presentations are good
Peter, I know that mailscanner has documentation for everything except with
qmail, do know where I can find it?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter
Bonivart
Sent: Tuesday, April 20, 2004 10:51 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav
I have used clamav for about 20 days, I used clamav-0.67.Now I find sometimes clamav dosen't filter virus , but when I receive the virus ,then I re-send the virus email to myself ,it can be filtered . why?Here is my clamd.logTue Apr 20 18:33:18 2004 -> SelfCheck: Database status OK.Tue Apr 20 18:50
On Tue, Apr 20, 2004 at 01:11:40PM -0400, Mike Cathey wrote:
> ...lsof the pid and see what files it has open...then copy the files to
> somewhere else and fire them off to the develpers. :)
Nope - that won't help. I just did that - twice within 10 minutes on my
(currently) hung mail server. The f
When I run clamd using a TCP socket, I can telnet
to clamd's port and issue commands (like "PING" and "SHUTDOWN").
But how do I issue commands when running
clamd with a UNIX (local) socket?
--Mike
It appears ClamAV doesn't detect WORM_SWEN.A
I'll try to track down a signature for it, but since my PC Scanner removed
it, it may be a while
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Ro
74 matches
Mail list logo
