Hi,
This is really a question for db maintainer, but I think it wouldn't
hurt for normal user to know about this too.
I'm parsing viruses.db2 (from daily.cvd with sigtool -u) for an
application that I'm working on,
and I found multiple signature for several virus names. For example :
Trojan.Clic
On Friday 13 Aug 2004 02:51, David Champion wrote:
> . To my first glance, libwrap is not reentrant, and
> could be trouncing the clamav-milter stack(s) across threads.
From the hosts_access man page:
"hosts_access() uses the strtok() library function. This may interfere with other code
that reli
On 08/13/04 09:37, Fajar A. Nugraha wrote:
Hi,
This is really a question for db maintainer, but I think it wouldn't
hurt for normal user to know about this too.
I'm parsing viruses.db2 (from daily.cvd with sigtool -u) for an
application that I'm working on,
and I found multiple signature for seve
On Friday 13 Aug 2004 02:51, David Champion wrote:
> After working with Nigel to resolve/eliminate other factors, I'm still
> getting quite similar problems to this on Solaris. I think I've narrowed
> down the problem. Please try rebuilding without libwrap enabled, and let
> us know what you see.
Hi,
Following the long thread of "Idea for more timely virusdb updates", I
have put together
a basic system of putting daily.cvd in DNS TXT records.
It stores current version of daily.cvd, new signatures, and what time a
particular signature was added.
Which means the next time clamav come up wit
On Fri, 13 Aug 2004 at 18:17:19 +0700, Fajar A. Nugraha wrote:
>
> Following the long thread of "Idea for more timely virusdb updates", I
> have put together
> a basic system of putting daily.cvd in DNS TXT records.
[...]
Though lacking secure digital signing, quite interesting real solution
of
Hello all,
We are having the same problem, we are using Clamav at our perimeter,
then it forwards it to another server running Symantec. In the last
week, Clamav has caught ~1200 viruses, but two got through. Symantec
called it [EMAIL PROTECTED] According to Symantec's website, "When a
file is
On Wed, Aug 11, 2004 at 08:34:48PM +0200, Martin Konold wrote:
> The problem with bittorent is that bittorent addresses a different problem
> domain.
>
> clamav pattern update:
> - frequently changing small number of small files distributed from a single
> point to many
>
> bittorrent:
> - slow
We run a Cobalt Cube (RedHat 6.5?) for our email server. A 3rd party vendor
installed Clam-AV and SpamAssassin for me last year because I am not adept
at command line linux. They updated the Clam last week but I am not sure
which version they used. I have not been able to connect with the vendor
On Friday 13 Aug 2004 13:59, I wrote:
> Do you have the original e-mail that demonstrates the problem? If so please forward
> it to me and I'll look at it for you.
Don't forget to zip with the password 'virus'.
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. I
On Friday 13 Aug 2004 13:18, David Williams wrote:
> Hello all,
>
> We are having the same problem, we are using Clamav at our perimeter,
> then it forwards it to another server running Symantec. In the last
> week, Clamav has caught ~1200 viruses, but two got through. Symantec
> called it [EMAI
On Fri, 13 Aug 2004 14:01:49 +0200
Tomasz Papszun <[EMAIL PROTECTED]> wrote:
On Fri, 13 Aug 2004 at 18:17:19 +0700, Fajar A. Nugraha
wrote:
I have put together
a basic system of putting daily.cvd in DNS TXT records.
[...]
Though lacking secure digital signing, quite interesting
real solution
of
At 13:17 13.08.2004, you wrote:
Hi,
Following the long thread of "Idea for more timely virusdb updates", I
have put together
a basic system of putting daily.cvd in DNS TXT records.
It stores current version of daily.cvd, new signatures, and what time a
particular signature was added.
Which means
On Fri, 13 Aug 2004 07:55:13 -0500 in
[EMAIL PROTECTED] "Dana Millaway"
<[EMAIL PROTECTED]> wrote:
> We run a Cobalt Cube (RedHat 6.5?) for our email server. A 3rd party
> vendor installed Clam-AV and SpamAssassin for me last year because I
> am not adept at command line linux. They updated the
On Wednesday, August 11, 2004 6:29 PM [EDT], Matthew Thomas wrote:
> I was wondering how many clamav users came across this article:
> http://www.eweek.com/article2/0,1759,1633536,00.asp
>
> The author says, among other things: "Clearly the biggest need
> these days in an anti-virus system is for
On Fri, 13 Aug 2004 at 19:48:34 +0200, Erich Titl wrote:
[...]
> 7) rebuild a .CVD file
>
> I have not been able to rebuild the cvd file using sigtool, so this is for
> someone with more sigtool experience, but the diff of the two files show
> that a patch is easily feasible
You can't rebuild a
David Williams wanted us to know:
>Hello all,
>
>We are having the same problem, we are using Clamav at our perimeter,
>then it forwards it to another server running Symantec. In the last
>week, Clamav has caught ~1200 viruses, but two got through. Symantec
>called it [EMAIL PROTECTED] Accordin
?? ?? wanted us to know:
>I remove old version of clamav
>& install clamav .75.1 from tar.gz
If you emerge sync, you can emerge clamav 0.75.1. It's masked though,
so you have to force it:
ACCEPT_KEYWORDS="~x86" emerge --buildpkg clamav
I always use --buildpkg personally because I have
FreeBSD 4.10
~200 users
ClamAV version devel-20040806
clamav-milter version 0.74a
Sendmail 8.12.11
clamav-milter --noreject --postmaster-only --local --max-children=10
/var/run/clamav/clmilter.sock
I've already checked the FAQ, searched the archive, and Googled.
Normal system load is low, less th
Erich Titl wanted us to know:
>Nice, we could actually build a wrapper around freshclam to only fetch when
>there is a new version ready.
It already does this.
12:39:51.553344 IP 10.1.1.240.41996 > 65.77.42.207.80: P 1:145(144) ack 1 win 5840
0x: 4500 00c4 1b41 4000 4006 a6e6 0a
Anyone any ideas as to why when freshclam updates daily.cvd, clamd does
not reload the database until the next integrity check time arrives?
I have told freshclam to notify clamd in freshclam.conf and passed the
correct config file to clamd to ensure it gets the correct configuration
but still thi
At 21:13 13.08.2004, you wrote:
On Fri, 13 Aug 2004 at 19:48:34 +0200, Erich Titl wrote:
[...]
> 7) rebuild a .CVD file
>
> I have not been able to rebuild the cvd file using sigtool, so this is for
> someone with more sigtool experience, but the diff of the two files show
> that a patch is easily
On Wed, Aug 11, 2004 at 03:07:35PM +0200, Lionel Bouton wrote:
> The ideal setup would be to push updates instead of clients polling
> them. It would requires a separate architecture though (HTTP mirrors
> can't push things).
>
> Since some time I am thinking of a bittorrent approach too. Bittor
On Fri, 13 Aug 2004, Todd Lyons wrote:
> Erich Titl wanted us to know:
>
> >Nice, we could actually build a wrapper around freshclam to only fetch when
> >there is a new version ready.
>
> It already does this.
>
> It only retrives the first 512 bytes of data from each CVD file. Here
> is what a s
Dana Millaway wanted us to know:
>at command line linux. They updated the Clam last week but I am not sure
>which version they used. I have not been able to connect with the vendor and
>I need to tweak how Clam is handling HTML emails because it is blocking
>legitimate emails containing conferenc
Damian Menscher wanted us to know:
>Good to know, and maybe that means we're wasting our time on all these
>other ideas. But still, checking DNS for an update means a single UDP
>packet each way (which might even get cached).
Yeah, I can see the simplicity and advantage of such a method.
--
Re
On Fri, 13 Aug 2004 22:04:31 +0200
Erich Titl <[EMAIL PROTECTED]> wrote:
> become an issue). I believe if such a process can verify the md5sum of
> the input file against a publicly known md5sum of the original input,
> then to some extent a cdv file could be created locally. The signature
You do
On Sat, 14 Aug 2004 08:02:51 +1200
Jason Haar <[EMAIL PROTECTED]> wrote:
> DNS for serial numbers plus HTTP for actual data transfer still sounds
New version of freshclam will work in this way. Big thanks to all for
the interesting thread !
--
oo. Tomasz Kojm <[EMAIL PROTECTE
Am Friday 13 August 2004 22:05 schrieb Damian Menscher:
Hi,
> other ideas. But still, checking DNS for an update means a single UDP
> packet each way (which might even get cached).
In the propose use case the DNS info is most probably cached by the next ISP
already.
> Downloading the first
> > DNS for serial numbers plus HTTP for actual data transfer still sounds
>
> New version of freshclam will work in this way. Big thanks to all for
> the interesting thread !
>
Sounds cool Tomasz! Be interested to hear if this helps reduce the load on
the mirrors at all. Once this is tested, an u
> Similarly, BitTorrent *requires* "raw" Internet access in order
> to operate -
> again - not a normal situation for an AV server.
>
Don't know what exactly you meant by "raw" as opposed to sauteed, broiled,
baked or toasted, but BitTorrent does NOT require unfirewalled access. It
does require a
On Friday 13 Aug 2004 8:08 pm, Todd Lyons wrote:
> I wonder. If you hit the max threads and are using the clamav-milter,
> then it will drop through. Try picking up the max threads in
> clamav.conf and see if that makes a difference.
Not true.
-Nigel
On Fri, 13 Aug 2004, Tomasz Kojm wrote:
> New version of freshclam will work in this way. Big thanks to all for
> the interesting thread !
That's C-a-n-d-r-e-v-a .
For the CHANGES file.
:-)
-Chris
==
Chris Candreva -- [EMAIL PROTECTED] -
On Fri, Aug 13, 2004 at 12:14:10PM -0700, Jim Gaynor said:
> FreeBSD 4.10
> ~200 users
> ClamAV version devel-20040806
> clamav-milter version 0.74a
> Sendmail 8.12.11
>
> clamav-milter --noreject --postmaster-only --local --max-children=10
> /var/run/clamav/clmilter.sock
>
> I've already checke
Hi
At 21:41 13.08.2004, you wrote:
Erich Titl wanted us to know:
>Nice, we could actually build a wrapper around freshclam to only fetch when
>there is a new version ready.
It already does this.
Yes, but it uses TCP, not hierarchically distributed servers, all this has
been discussed lately. DNS i
Nigel Horne wanted us to know:
>On Friday 13 Aug 2004 8:08 pm, Todd Lyons wrote:
>
>> I wonder. If you hit the max threads and are using the clamav-milter,
>> then it will drop through. Try picking up the max threads in
>> clamav.conf and see if that makes a difference.
>Not true.
I thought the
Tomasz Kojm wrote:
On Fri, 13 Aug 2004 22:04:31 +0200
Erich Titl <[EMAIL PROTECTED]> wrote:
become an issue). I believe if such a process can verify the md5sum of
the input file against a publicly known md5sum of the original input,
then to some extent a cdv file could be created locally. The si
Stephen Gran wrote:
On Fri, Aug 13, 2004 at 12:14:10PM -0700, Jim Gaynor said:
clamav-milter --noreject --postmaster-only --local --max-children=10
/var/run/clamav/clmilter.sock
In the last two days, I've twice had my system load jump to > 10.0 (to
the point where sendmail was rejecting incom
On Fri, Aug 13, 2004 at 02:22:55PM -0700, Mitch (WebCob) wrote:
> Don't know what exactly you meant by "raw" as opposed to sauteed, broiled,
> baked or toasted, but BitTorrent does NOT require unfirewalled access. It
> does require a small port range to be forwarded to it, BUT that port range
> is
El jue, 12-08-2004 a las 18:46, Philip Ershler escribió:
> What do folks think is an appropriate interval for a cron job to run
> freshclam? Is once an hour reasonable?
>
> Thanks,
> Phil
>
This is my line in /etc/crontab:
0 */4 * * * root /usr/local/bin/freshclam 2>/tmp/freshclam.txt; cat \
/t
> This is my line in /etc/crontab:
>
> 0 */4 * * * root /usr/local/bin/freshclam 2>/tmp/freshclam.txt; cat \
> /tmp/freshclam.txt | mail -s "Actualizacion Antivirus" jgalicia
>
> What it means: every four hours execute freshclam and send me an email
> with results.
Two comments:
First, do NOT do
On Fri, Aug 13, 2004 at 04:07:47PM -0700, Jim Gaynor said:
> It isn't sendmail that's borking this system, tho; it's the multiple
> high-load high-memory clamav-milter processes. I've checked the sendmail
> queue when those processes start to hog resources, and only had 32 items
> in queue one t
Am Friday 13 August 2004 23:23 schrieb Mitch (WebCob):
Hi,
> > > DNS for serial numbers plus HTTP for actual data transfer still sounds
> > New version of freshclam will work in this way.
> the mirrors at all. Once this is tested, an update to recommended polling
> times would be appreciated (
Am Saturday 14 August 2004 02:56 schrieb Julio Galicia:
Hi,
> 0 */4 * * * root /usr/local/bin/freshclam 2>/tmp/freshclam.txt; cat \
> /tmp/freshclam.txt | mail -s "Actualizacion Antivirus" jgalicia
Please always try to _avoid_ to have cron based internet services run by the
hour. Please conside
On Fri, 13 Aug 2004 22:34:43 +0200
Tomasz Kojm <[EMAIL PROTECTED]> wrote:
On Sat, 14 Aug 2004 08:02:51 +1200
Jason Haar <[EMAIL PROTECTED]> wrote:
DNS for serial numbers plus HTTP for actual data
transfer still sounds
New version of freshclam will work in this way. Big
thanks to all for
the int
45 matches
Mail list logo
