D 0, by clamd[991], UID 93, EUID 93, parent init[1],
UID 0, EUID 0
Everything works fine when UseProcesses is off.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514
ature virus but nothing.
>/var/log/mail.log looks like this after I send a mail:
Are there any milter-related messages in your logfile?
s.
[try wrap your lines around 72 characters]
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu
on file.
>PS: This is personal opinion and may cause a flame war.
And it probably will.
s.
ps. please make your signature follow the netiquette guidelines
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotka
atched linux 2.2.25.
I also noticed some zombie clamd processes (but never more than one)
lying around, showing up as 'defunct' in `ps' output. But PIDs of those
zombies are changing, so I assume they really die at some point.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Na
0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [HUP INT USR1 ALRM TERM CHLD], 8) = 0
getpid()= 8409
setuid(0) = 0
exit_group(0) = ?
Process 8409 detached
[EMAIL PROTECTED]:~#
Generally, clamd behaves *strangely* here. Still investigating.
s
c/clamav.conf
You end up with a broken clamav setup if some your user placed a hostile
clamav.conf file somewhere in a filesystem, and for some reason your
find visits that place as the last one.
I wouldn't recommend your solution, especially over reading docs.
s.
--
(0> Jakub Jankowski
clamav-milter --help | grep -i send
--bounce-b Send a failure message to the sender.
--postmaster-only -P Send warnings only to the postmaster.
--quiet -q Don't send e-mail notifications of interceptions.
[EMAIL PROTECTED]:~$
Hope this helps.
s.
--
(0>
n for clamav-milter to create socket into, but clamav
user doesn't have write permissions to /var/run.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jag
clamav-milter.c, lines 667-683.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje"
Fingerprint: FCBF F03D 9ADB B768 8B92 BB52
g listening socket. Take a look into
>>clamav-milter.c, lines 667-683.
>>
>
> I believe clamav user does have permissions to write into /var/run:
Please show output of these:
ls -al /var | grep run
egrep -i ^user: /path/to/your/clamav.conf
s.
--
(0> Jakub Jankowski [url]:
On 2004-01-27, Walgamotte, David wrote:
> Does anyone know how to use clamscan to scan http web uploads on and
>Apache/PHP server ?
Maybe this will help: http://software.othello.ch/mod_clamav/
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PRO
On 2004-03-21, Bit Fuzzy wrote:
>This is true
Please don't top-post. Quoting whole mail to add your three words wastes
so much bandwidth.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spot
ivity. Any simple how-to's on doing this around?
#!/bin/sh
VIRCOUNT=`grep -c FOUND /wherever/is/your/clamd.log`
echo $VIRCOUNT
echo 0
echo `uptime`
echo `hostname`
Tune it. ;-)
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 1745
#x27;{print $8}' | sort | uniq -c | sort -k1nr,1
Who's next? ;-)
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje"
Finger
k '{print $1}' | sort | uniq -c | sort -k1nr,1
^^
Where '^^^' part is responsible for getting virusname out of clamd.log.
Or better use perl =)
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
, just a bit more tuned.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje"
Fingerprint:
750
/*
* Whitelist of source e-mail addresses that we do NOT scan
* TODO: read in from a file
*/
static const char*ignoredEmailAddresses[] = {
/*"[EMAIL PROTECTED]",
"[EMAIL PROTECTED]",*/
NULL
};
s.
--
(0> Jakub Jankowski [url]: s.
/*
* This recipient is not on the whitelist,
* no need to check any further
*/
return SMFIS_CONTINUE;
}
/*
* Didn't find a recipient who is not on the white list, so all
* must be on the white list, so just accept the
:
static const char *ignoredEmailAddresses[] = {
"[EMAIL PROTECTED]",
"[EMAIL PROTECTED]",
"[EMAIL PROTECTED]",
NULL
};
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 lat
On 2004-04-13, Mike van Vugt wrote:
>Installed clamav, clamav-db and libclamav1. Tried to install and run
>clamd but got the next message
[...]
Have you configured your clamav properly? Have you read the
documentation?
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w
On 2004-04-21, Wiltshire, Michael wrote:
># clamdscan -v
>ERROR: Clamd is not configured properly.
>
>This only happens when I uncomment the line below.
>
># TCP port address.
>TCPSocket 3310
Use either LocalSocket or TCPSocket, not both at the same time.
s.
--
(0>
o blib/arch/auto/Mail/ClamAV/ClamAV.so -lz -lbz2 -lgmp
>-lpthread -lclamav
>
>/usr/bin/ld: cannot find -lbz2
[...]
>please help.
Install bzip2.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
OUTDATED - please update immediately !
>WARNING: Current functionality level = 1, required = 2
Please read ML archives.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [e
On 2004-05-09, Phil Schilling wrote:
>On Sun, 9 May 2004 10:25:10 +0200 (CEST)
>Jakub Jankowski <[EMAIL PROTECTED]> wrote:
[...]
>> Please read ML archives.
>>
>The archives from April where this discussion took place where missing
>from Sourceforge when I was look
On 2004-04-29, Rick Macdougall wrote:
>http://mail.limelyte.net/admin/virus/
[...]
>Suggestions, ideas, flames, etc, more than welcome.
Really nice one! Is the source code available somewhere? :-)
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [E
On 2004-05-05, Alex V. Kovirshin wrote:
>First - hack milter ...
>Second - cron job rm -f /path/to/quarantine
Zero - read docs.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PRO
in wrote:
[...]
Please don't top-post. It makes you unreadable.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje"
Fingerprint
On 2004-05-08, Ken Morley wrote:
>OK, so clamd, clamscan and clamdscan should ignore files in //proc. Is
>there *really* a trojan in //proc/kcore or is this some anomaly that I can
>just ignore?
The latter one.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Cz
-( I feel like the guy in the UPS commercial who can't
handle the fact that there isn't a problem. ;-D
AFAIR, Sasser doesn't propagate through emails (unlike all other worms
you mentioned). If you use clamav only to scan mails, you won't catch
Sasser, probably.
s.
--
(0>
atches made between these names and clamav.
[...]
Are these in ClamAv under another name, or are the vendors wrong about the
SMTP part, or is ClamAv behind? I will try to get a sample from the PC folks.
$ sigtool -l | grep -ic gaobot
70
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Na
.gmane.org/gmane.comp.security.virus.clamav.announce/35
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje"
Fingerprint: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
e RTM.
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje"
Fingerprint: FCBF F03D 9ADB B768 8
On 2004-06-02, Crucificator wrote:
So what is the complete solution?
Have you tried googling around, and reading docs?
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]
On 2004-08-18, Robert Blayzor wrote:
I'm really interested in just getting Version #'s from within a PERL script.
open(FH, "
HTH
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [
some investigations, I found out that it happens for clamd to
have fd for /usr/share/clamav opened more than once.
Of course, restarting clamd helps, but I think it's a bug worth fixing.
If you need more information on this issue, I can provide you logs,
enviroment info, and whatever you ne
35 matches
Mail list logo
