Nigel,
Thanks for your reply, and please accept my apologies for the woeful lack of
detail in my first post.
Here's how we kick off clamav:
#!/bin/sh
/usr/local/bin/freshclam -d -p /var/clamav/freshclam.pid
/usr/local/sbin/clamd
/usr/local/sbin/clamav-milter --debug -c /etc/clamav.conf -AdNq
loc
Hello,
Mitch (WebCob) wrote:
This is not an isolated case. The virus submission page must be changed
to run the latest RELEASED version of clamav.
Haven't looked in a while, but I think it should:
Display result using latest RELEASE
Display result using latest CVS
Display IDENTITY of the virus
Di
Hello,
Bill Maidment wrote:
I'm getting these errors on multiple machines when trying to scan an
email with an attachment on 0.80rc2 and upgrading to rc3 didn't help.
Any ideas?
Sep 29 14:27:44 video mimedefang.pl[28480]: i8T4Rc2d028538: Clamd
returned error:
/var/spool/MIMEDefang/mdefang-i8T4R
Hi,
I see that a similar reported problem was fixed (RFC2298 fixes) but I
have a slightly different problem.
After some debugging, I can see that clamav doesn't seem to be able to
scan POSIX tar archives (returns "Bad format or broken data ERROR")
while GNU tar archives are fine.
I used 'file'
> Note that I couldn't get clamav-milter to accept --dubug-level=n despite
> this being documented in the man page and building with
>
> % ./configure --enable-debug
That should read --debug-level not --dubug-level.
-Nigel
---
This SF.net e
On Tue, 2004-09-28 at 21:35, Steffen Heil wrote:
> Hi
>
> > I have a serious issue with the current way virus samples are submitted.
> Right now, many viruses, such as the currently-spreading jpeg virus (see
> http://www.easynews.com/virus.txt) are detected by 0.80rc# or by some CVS
> version. Bu
Hi everyone,
BogusÅaw Brandys wrote:
This is not an isolated case. The virus submission page must be
changed to run the latest RELEASED version of clamav.
Seconded. I run an up-to-date release version of ClamAV (0.75), there
are virusses getting trough, but I can't submit them because 0.80rc3
w
Askari wrote:
> Yes, my raq4i run linux system. Any links tutorial and file for setup
> clamav on my raq4i ?, where i can found it?.
Seeing as it would not appear that you have even attempted installation
yet, reading the basic documentation may, (by some weird stroke of
fortune), point you in
On Wed, 2004-09-29 at 11:21, Paul Boven wrote:
> Hi everyone,
>
> Bogusław Brandys wrote:
>
> This is not an isolated case. The virus submission page must be
> changed to run the latest RELEASED version of clamav.
>
> Seconded. I run an up-to-date release version of ClamAV (0.75), th
Trog wrote:
The current stable version is 0.75.1
The stable webpage points me to 0.80rc3 as the latest!!!
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/ _/ _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named "Alf
On Wednesday 29 Sep 2004 09:28, Steve Brown wrote:
> After some debugging, I can see that clamav doesn't seem to be able to
> scan POSIX tar archives (returns "Bad format or broken data ERROR")
> while GNU tar archives are fine.
Send me an example, please, and I'll have a look into it.
> I use
Nigel,
Sorry about that. The problem is that clamav-milter isn't scanning incoming
mail. I want to configure it to scan mail that is passed to sendmail from
fetchmail (running on the same host) to deliver to local mailboxes, but not
scan outgoing mail.
I agree, the documentation implies that le
Hello list,
I am using clamav version 0.72
qmail 1.3
Qmail-scanner-queue 1.21st
I have a problem and I think it is related to
clamav.
The is a virus with name W32.Netsky.p.dam ( according to
Norton antivirus) not caught by clamav.
Is there is something wrong in my setup or it is not yet in
Bill Maidment wrote:
I'm getting these errors on multiple machines when trying to scan an
email with an attachment on 0.80rc2 and upgrading to rc3 didn't help.
Any ideas?
Sep 29 14:27:44 video mimedefang.pl[28480]: i8T4Rc2d028538: Clamd
returned error:
/var/spool/MIMEDefang/mdefang-i8T4Rc2d0285
Hi,
Steve Brown wrote:
Hi,
I see that a similar reported problem was fixed (RFC2298 fixes) but I
have a slightly different problem.
After some debugging, I can see that clamav doesn't seem to be able to
scan POSIX tar archives (returns "Bad format or broken data ERROR")
while GNU tar archives a
Paul Boven wrote:
> This is not an isolated case. The virus submission page must be
> changed to run the latest RELEASED version of clamav.
>
> Seconded. I run an up-to-date release version of ClamAV (0.75), there
> are virusses getting trough, but I can't submit them because 0.80rc3
Kareem Mahgoub wrote:
Hello list,
I am using clamav version 0.72
qmail 1.3
Qmail-scanner-queue1.21st
I have a problem and I think it is related to clamav.
The is a virus with name W32.Netsky.p.dam ( according to Norton
antivirus) not caught by clamav.
Is there is something wrong in my setup or
On Wed, 2004-09-29 at 12:42, Bill Maidment wrote:
> Trog wrote:
>
> >
> > The current stable version is 0.75.1
> >
> >
>
> The stable webpage points me to 0.80rc3 as the latest!!!
>
No it doesn't. It takes you to a page containing a number of links and
information, one such link is to clamav
Hi, in my /var/log/clamav/freashcleam.log:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 14:45:30 2004
ERROR: Can't open new file ./clamav-8afb9be871b84532 to write
ERROR: Can't download main.cvd from 147.229.3.16
.. the owner of /var
- Original Message -
>From: Kareem Mahgoub <[EMAIL PROTECTED]>
>
>Hello list,
>I am using clamav version 0.72
Upgrade to at least 0.75.1, update your signatures and try again.
--
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a m
Nigel Horne wrote:
Send me an example, please, and I'll have a look into it.
Sure, I already asked the user to create an example suitable for the
public domain in advance of my query ;-)
Naturally he's on holiday today, and I'm away from tomorrow for a
week... When I get back I'll forward it.
T
Hi
> There are a significant amount of other methods that will generally detect
an infected email. Approximately 3.8% of infected emails ever reach the
stage where the virus scanners I use get called into action, and Clam hasn't
missed one of those yet. Check for other email exploits before checki
Lol @ preacher
-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]
Sent: 29 September 2004 14:45
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] virus submission problem
Paul Boven wrote:
> This is not an isolated case. The virus submission page must be
> changed to ru
On Wed, 2004-09-29 at 05:34, Brandon Knitter wrote:
> I have a few images that seem to be flagged as virii, when they are not. I'm
> taking an image that is considered fine (no virus), then when I process it
> through convert (ImageMagick) it thinks it's has the virus. I have over 4000
> images
On Wed, 29 Sep 2004 15:20:50 +0200 in
[EMAIL PROTECTED] "Salvatore Basso"
<[EMAIL PROTECTED]> wrote:
> .. the owner of /var/log/clamav/ permission is clamav/clamav
> (user/group), and the /var/lib/clamav is empty !
>
> When I mistake ??
Ownership of /var/lib/clamav? Should be clamav/clamav
T
Hi,
Bill Maidment wrote:
rc3 still doesn't autoconfigure when libcurl is nopt installed.
I still have to use --without-libcurl to get the make to work.
I could be completly wrong, but
check CFLAGS, CPPFLAGS if they include /usr/local/include (or whereever
you have libcurl headers)
If not maybe try
Hello,
Salvatore Basso wrote:
Hi, in my /var/log/clamav/freashcleam.log:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 14:45:30 2004
ERROR: Can't open new file ./clamav-8afb9be871b84532 to write
ERROR: Can't download main.cvd from 147.229
Salvatore Basso wrote:
Hi, I have the following problem with clamav 0.75.1 on fc 2:
[EMAIL PROTECTED] Archive-Zip-1.13]# /usr/local/bin/freshclam -d
ERROR: Can't open /var/log/freshclam.log in append mode.
ERROR: Problem with internal logger
.. when I mistake ??
Your mistake was not searching googl
On Wed, 29 Sep 2004 17:34:06 +0200
Bogusław Brandys <[EMAIL PROTECTED]> wrote:
> What is the value of TMPDIR variable ? Empty ? I suspect that
Freshclam doesn't use TMPDIR, it only create files in DatabaseDirectory.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\.
Is clamd running? It's difficult to read your mail because you've sent
from Hotmail which annoyingly puts HTML in e-mails, but it looks as
though clamd is running OK. Try to clamdscan (note the d) a file.
Are you running 0.75 or 0.80?
What makes you believe that incoming messages aren't being sca
Matt scribbled on Wednesday, September 29, 2004 4:02 AM:
> Askari wrote:
>
>> Yes, my raq4i run linux system. Any links tutorial and file for setup
>> clamav on my raq4i ?, where i can found it?.
>
>
> Seeing as it would not appear that you have even attempted
> installation yet, reading the b
Put /var/lib/clamav to owner clamav group clamav.
Salvatore Basso wrote:
Hi, in my /var/log/clamav/freashcleam.log:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 14:45:30 2004
ERROR: Can't open new file ./clamav-8afb9be871b84532 to write
Steffen Heil wrote:
> For example, I DO have dnsblacklists, helo string checking, mime checks,
> clsid extension checks, empty and to large boundary checks, verify
> sender domain and soon some callout-checks in front of clamav.
> However, some mail should get delivered and those should be checked
On Wednesday 29 Sep 2004 13:28, Damon McMahon wrote:
> > Sep 29 10:57:31 localhost clamd[9693]: clamd daemon 0.75.1 (OS:
> darwin7.5.0,
If I'd looked closer I'd seen that. Duh. You're sunning 0.75.1 I see. The other
questions are still valid though.
-Nigel
--
Nigel Horne. Arranger, Composer,
Hi,
Tomasz Kojm wrote:
On Wed, 29 Sep 2004 17:34:06 +0200
BogusÃâaw Brandys <[EMAIL PROTECTED]> wrote:
What is the value of TMPDIR variable ? Empty ? I suspect that
Freshclam doesn't use TMPDIR, it only create files in DatabaseDirectory.
Right.Anyway permission to this directory is what I'll chec
On Wed, Sep 29, 2004 at 03:17:08PM +0200, Steffen Heil said:
> Hi
>
> > There are a significant amount of other methods that will generally detect
> an infected email. Approximately 3.8% of infected emails ever reach the
> stage where the virus scanners I use get called into action, and Clam hasn'
On Tue, 28 Sep 2004, Brandon Knitter wrote:
I have a few images that seem to be flagged as virii, when they are not. I'm
taking an image that is considered fine (no virus), then when I process it
through convert (ImageMagick) it thinks it's has the virus. I have over 4000
images I've processed t
BogusÅaw Brandys wrote:
First check how is set TMPDIR and permissions to that directory , i
think (but I maybe wrong ;-)
TMPDIR is not set to anything. What controls that? I've never had any
problems like this until today.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/
I'm unsure what type of camera originally took the pictures. But the original
pictures DO NOT show as having a virus. After I put it through ImageMagick's
"convert" (I make thumbnails) it then thinks it has the virus.
Now, I'm pretty sure that ImageMagick isn't injecting a virus as many of the
o
On Wed, 29 Sep 2004, Trog wrote:
On Wed, 2004-09-29 at 11:21, Paul Boven wrote:
BogusBaw Brandys wrote:
Damian Menscher wrote [inserted attribution for myself]:
This is not an isolated case. The virus submission page must be
changed to run the latest RELEASED version of clamav.
Seconded. I run an
>
> I agree totally with Matt. Definitely read everything in the
> docs before
> attempting an install. I would also suggest using MailScanner
> as a wrapper
> for ClamAV (and Spamassassin if desired) as it makes things
> much easier.
> There is a tutorial for the raq4 at
> http://www.qitc.net
On Wednesday 29 Sep 2004 01:46, Ken Jones wrote:
> All,
>
> I just upgraded from 75.1 to 80rc3. Prior to the upgrade, all virus were
> quarentined and sent to the user clamav. A notification was sent to the
> original receipent and the postmaster.
>
> The message sent to postmaster and the origin
Matt wrote:
Steffen Heil wrote:
For example, I DO have dnsblacklists, helo string checking, mime checks,
clsid extension checks, empty and to large boundary checks, verify
sender domain and soon some callout-checks in front of clamav.
However, some mail should get delivered and those should be
I guess a better way of putting it is this. Here is a copy of what my
inbox looks like:
With 80RC3:
[EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k
[EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k
With 75.1
[EMAIL PROTECTED] 8:50 Virus intercepted 1.6 k
[EMAIL PROTECTED] 8:50 Virus intercept
Since building and installing .80rc2 and then rc3, all the memory leaks
are gone. Where I was normally rebooting clamd several times a day when
the size got out of control it now is running for days on end with no
change in size.
Thanks for that.
dp
-
Hi .. now the owner of /var/lib/clamav is clamav/clamav and the problem result .. but
I have still problem:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 18:45:30 2004
main.cvd updated (version: 27, sigs: 23982, f-level: 2, builder: tom
Joe Maimon wrote:
> I may be in the minority here but I strenuously object to the "banned
> extensions" methodology. Especialy when implementing outside of the SMTP
> layer.
> For a service provider its a hassle for their customers. An internal
> corp. may be able to inflict such abuse on its us
I can't remember the original problem, you've removed the history from this
post that would have reminded me!
-Nigel
On Wednesday 29 Sep 2004 02:58, Damon McMahon wrote:
> Nigel,
>
> Thanks for your reply, and please accept my apologies for the woeful lack of
> detail in my first post.
>
> Her
On Wed, 29 Sep 2004 21:05:54 +0200 in
[EMAIL PROTECTED] "Salvatore Basso"
<[EMAIL PROTECTED]> wrote:
> ERROR: Clamd was NOT notified: Can't connect to clamd through
> /tmp/clamd
>
> .. why I have this error ?? perhaps after that I configured
> user/group clamav on /var/lib/clamav is necessar
Hi
> The main types of checks that should be done are regarding the composition
of the emails. For example, the ones you mention above, clsid and boundary
checks, will stop a proportional amount of virus mails from getting any
further.
Okay... already doing so.
> Then there are others, like ifra
Salvatore Basso wrote:
> .. is normal that I haven't file /etc/clamd.conf ??
You're running 0-75.1. The config file is clamav.conf.
Matt
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your bus
.. however start and stop clamd and try again /usr/local/bin/freshclam -d and in
freshclam.log there is writed:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 22:29:30 2004
main.cvd updated (version: 27, sigs: 23982, f-level: 2, builder:
Steffen Heil wrote:
> I cannot prevent such things. I have no way to tell my customers: "you
> may not send each other executables or html-files with frames." They
> would go somewhere else immediately.
Just shifted the reply to this thread, Steffen. The iframe exploit, you
are already discrimin
On Wed, 29 Sep 2004 22:30:55 +0200 in
[EMAIL PROTECTED] "Salvatore Basso"
<[EMAIL PROTECTED]> wrote:
> .. therefore now is all ok ??!!, it's just ??
> thanks.
Possibly, I've just noticed that your config file for clamd is probably
still called clamav.conf as you are using 0.75.1, so you need:
Sorry if this has been reported already; I'm behind on email.
Running 0.80rc3.
[EMAIL PROTECTED] etc]# /etc/init.d/clamav-milter start
Starting clamav-milter: clamav-milter: ScanMail not enabled in
/usr/local/encap/clamav-0.80rc3/etc/clamd.conf
The .conf file says:
# Enable internal e-mail scanner
On Wed, 29 Sep 2004, Brandon Knitter wrote:
I'm unsure what type of camera originally took the pictures. But the original
pictures DO NOT show as having a virus. After I put it through ImageMagick's
"convert" (I make thumbnails) it then thinks it has the virus.
Now, I'm pretty sure that ImageMagi
Dennis Peterson wrote:
Since building and installing .80rc2 and then rc3, all the memory leaks
are gone.
You know, I just noticed that you're right :)
I wouldn't call it "memory leaks" though, since it may be just high
memory usage
(remember the long "kernel: Out of Memory" thread?)
But the poin
On Wed, 29 Sep 2004 10:21:10 -0700
Brandon Knitter <[EMAIL PROTECTED]> wrote:
> I'm unsure what type of camera originally took the pictures. But the
> original pictures DO NOT show as having a virus. After I put it
> through ImageMagick's"convert" (I make thumbnails) it then thinks it
> has the
On or about Wed, 29 Sep 2004 09:09:25 +1000
"Gib Gilbertson Jr." <[EMAIL PROTECTED]> allegedly wrote:
> I just downloaded and tried to make and get the same error message.
> According to the date of the post below from the archives, I would think
> this was fixed by now?
>
> I'm running FreeBSD
>From this point forward, please begin sending replies to the respective
list name (clamav-users/clamav-devel) @ lists.clamav.net. The
subscriber list has been imported into the database on the new ML
server(s) so you will _NOT_ need to resubscribe to the lists.
We sincerely appreciate the help a
Please ignore this message.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
\..._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Thu Sep 30 02:31:51 CEST 2004
pgpjroeTZFQkd.pgp
Des
Tomasz Kojm wrote:
Please ignore this message.
Ummm, make me ?
Rick
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Wed, 29 Sep 2004, Damian Menscher wrote:
I just upgraded to 0.80rc3 on a RH9 machine. As a test of clamav, I went
into my public_html directory and did a clamscan -r. It found one of my
images to contain the virus:
[EMAIL PROTECTED] public_html]# clamscan -r .
./Asia_Pics/New Folder/dsc_000
Vis-a-vis Mike Cathy's note of 09/29/2004 04:57 PM:
From this point forward, please begin sending replies to the respective
list name (clamav-users/clamav-devel) @ lists.clamav.net. The
subscriber list has been imported into the database on the new ML
server(s) so you will _NOT_ need to resubscr
Damian Menscher said:
> On Wed, 29 Sep 2004, Damian Menscher wrote:
>>
>> If I had to guess, I'd say clamscan has some uninitialized memory that's
>> causing occasional false positives. If anyone can suggest an
>> alternative
>> explanation, or a way I could debug this further, I'd love to help.
On Wed, 29 Sep 2004, Dennis Peterson wrote:
>
> Anyone got a plan for when encrypted zip'd jpeg files start showing up?
>
> dp
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
Either start a "password greper/parser" which should
Joe,
On Wed, 2004-09-29 at 23:04, Joe Christy wrote:
> Will clamav-announce and clamav-virusdb be moving as well?
All of the clamav(-*) mailing lists are on lists.clamav.net now.
Cheers,
Mike
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clama
On Wednesday 29 September 2004 06:57 pm, Mike Cathey wrote:
> >From this point forward, please begin sending replies to the respective
>
> list name (clamav-users/clamav-devel) @ lists.clamav.net. The
> subscriber list has been imported into the database on the new ML
> server(s) so you will _NOT_
68 matches
Mail list logo
