When I run my cron.daily clamAV shell script from command line logged in as
root, it works perfectly using # /etc/cron.daily/00clamscan_daily.
However when it runs automatically at 3am as a cron.daily script, bad files are
detected but not moved to quarantine (--move=/tmp/quarantine), they are si
abilities
regarding this?
Thanks,
Nick Geron -- Core NAP System Administrator
[EMAIL PROTECTED]
www.corenap.com
___
http://lurker.clamav.net/list/clamav-users.html
ow do I upgrade to 0.88.7?
Nick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
g notified of the file
access attempt, let alone actually scanning it.
What am I missing??
Thanks!
-Nick
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive C
the
scanning but not take any action (doesn't reject, doesn't tag, just
generates logs).
The "-A" option to clamav-milter seems to be close to what I'm looking for,
minus the rewrite of the original message subject line.
Is this possible?
Thanks in advance
ble, what other strategies are available to package
ClamAV without signatures but automatically start clamd on installation?
Thanks,
Nick
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
On 12/08/2019 13:25, J.R. via clamav-users wrote:
main.cvd rarely changes (last update was Jan 2018), it is only when
the daily gets so large they push a bunch of signatures over. Bytecode
also does not get updated very often. Really the only things are daily
& safebrowsing (if enabled) that chan
Then you can't start clamd on installation?
On 12/08/2019 15:06, Joel Esler (jesler) via clamav-users wrote:
I would suggest not packaging them at all, and they should be downloaded from
the update servers the first time the update is ran.
On Aug 12, 2019, at 9:47 AM, Nick Howitt wrote
On 12/08/2019 19:16, J.R. via clamav-users wrote:
I would suggest not packaging them at all, and they
should be downloaded from the update servers the
first time the update is ran.
Ideally yes, I would agree.
However then you run into the edge-case of what if the machine has no
(or very limi
/3yHxYt4YjhVXz/7a2rog8f5L65RRazKDiduGa/
g6v2vqvhQ2r1gnkOfbW4
=teQA
-END PGP SIGNATURE-
clamav-0.101.5.tar.gz.sig contains funny characters that I can't even
paste into the e-mail. Has it been accidentally compressed?
Thanks,
Nick
___
c
I have been using cvd signature files but over the last couple of days,
I've seen the daily.cvd disappear and be replaced with the much larger
daily.cld file. If I delete the daily.cld then run freshclam I receive
the daily.cvd again, but it has switched to the cld file a couple of
times recent
2019 16:33, Nick Howitt wrote:
I have been using cvd signature files but over the last couple of
days, I've seen the daily.cvd disappear and be replaced with the much
larger daily.cld file. If I delete the daily.cld then run freshclam I
receive the daily.cvd again, but it has switched to
But If you are behind another virus scanner, it can't so easily be
intercepted and trip up the scanner.
On 12/12/2019 19:56, Al Varnell via clamav-users wrote:
Each DB's integrity is protected by an embedded signature, so https
adds little or nothing to security here.
-Al-
On Dec 12, 2019, a
process?
Regards,
Nick Beacroft
Vodafone Business E-mail Disclaimer -
Confidentiality:
This e-mail and its attachments are intended for the above
named only and may be confidential. If they have come to
you in error you must take no action based on them, nor
must
Ryan,
Thanks. Missed that one. Amavis was showing up the threads even without the m arg to
ps but clam wasn't.
Now I just need to find out why amavis stalls on large files and blocks up the mail
queue from being processed but that's not a question for this list.
Cheers,
Nick
---
I had a problem with this due, I think, to my poor internet connection - don't
even consider using Satellite broadband. I amended the code in manager.c to
accept the md5 checksum in two parts instead of one. Could this be the cause
of the problem?
Nick Sne
@@
} else
ret = cl_scandesc(acceptd, &virname, scanned, root, limits, 0);
+close(acceptd);
close(sockfd);
if(ret == CL_VIRUS) {
-- cut here --
--
Best regards,
Nick
(GPG Key ID: 4396B2D0, fingerprint: 648E C3FE ACF6 A730 FF52 D717 776D 1CB0 4396
ename = NULL, *authorization = NULL;
if(proxy) {
-- cut here --
--
Best regards,
Nick
(GPG Key ID: 4396B2D0, fingerprint: 648E C3FE ACF6 A730 FF52 D717 776D 1CB0 4396 B2D0)
-
To unsubscribe, e-mail: [EMAIL PROTECTED
This is not-very-beautiful, but logically correct fix for http-proxy and
proxy-user support in freshclam. It fixes uninitialized pointers freeing,
too.
--
Best regards,
Nick
(GPG Key ID: 4396B2D0, fingerprint: 648E C3FE ACF6 A730 FF52 D717 776D 1CB0 4396 B2D0)
diff -r -U 3 clamav-20030522
In the startup script, it has links to the redhat sysconfig script.
Where are the sysconfig files located?
Nick
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
sysconfig files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 Aug 2003 7:56 am, Nick Twaddell wrote:
> In the startup script, it has links to the redhat sysconfig script.
> Where are the sysconfig files located?
/etc/sysconfig
> Nick
- -Nigel
- --
Nigel Horne. Arranger,
reinstalling and removing the /var/lock/subsys/clamd
file.
I’m out of ideas as to why this is
happening. Is it something to do with my
config file – although I have left that exactly
as it came with clam.
Any ideas?
Thanks
Nick
---
Outgoing mail is certified Virus Free
reinstalling and removing the /var/lock/subsys/clamd
file.
Im out of ideas as to why this is happening. Is it something to do
with my config file although I have left that exactly as it came with
clam.
Any ideas?
Thanks
Nick
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system
I am consistently seeing zip files with the Worm.Bagle.Gen-* payload
getting through the clamav-milter (clamav-0.87). The milter is at least
partially working:
X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on xxx.xxx.xxx
X-Virus-Status: Clean
Manually scanning the zip archive r
On 2005-09-21 09:51 -0700, [EMAIL PROTECTED] wrote:
> Are you using --external?
Currenlty I am using LocalSocket. Using --external didn't make a
difference.
>
> How does clamav-milter know when new virus definitions are available?
> I assume freshclam doesn't notify clamav-milter threads.
Is c
On 2005-09-21 11:50 -0700, [EMAIL PROTECTED] wrote:
> clamd is used by clamav-milter iff --external is used.
>
> If --external is NOT used, clamav-milter does its own scanning via
> libclamav. In which case, the question of virus definition update
> notification becomes important. How/when does
am threads have
used all the memory.
I can provide a demonstration mail if needed but I won't send it to the
list :) I understand clamscan doesn't use clamd.conf, but if needed I can
forward that or any other information requested.
Thank you,
Nick Leverton
___
s from. I accept it was
probably an efficient way to handle small mails. But I can already see
that mbox.c does a lot of loading things into RAM, when it could probably
use the disk copy and just keep headers and pointers.
BTW - to the person who ask
hie (daemonised version of Sophos) - requires no extra memory.
Fsavd (F-secure daemon) - requires no extra memory.
Only Clam soaks up RAM byte-for-byte when scanning emails, and as far as I
can tell it doesn't give any performance benefit for doing so.
Nick
__
ou don't put a
softlimit on Clamd, then it can bring the machine down through eating all
of RAM - please do tell me if I'm wrong here of course :)
Nick
--
Critical Software Support Team
Technical Support Line: (International) +44 870 770 8198
rus
> solution.
What's so out of the way about + as a time zone ?
Or did you look at his Received headers and forget that NZDST is +1300 ?
Nick (posting from +).
pgpfQEfwv0D4I.pgp
Description: PGP signature
___
Help us build a com
even the experimental code, so I don't want
to "downgrade" to 0.90-without-experimental-or-phishing.
Nick
pgp2wm6WzEWHo.pgp
Description: PGP signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
t) I
don't see anything happen. I did read this feature was taken out due to a
memory leak. Is it still removed or am I missing something else?
Best,
Nick
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/l
Thanks for the quick response Ged. Ok good to know the answer. I'll try and
hack something with inotifywait for now.
Nick
‐‐‐ Original Message ‐‐‐
On Tuesday, 2 February 2021 12:11, G.W. Haywood via clamav-users
wrote:
> Hi there,
>
> On Tue, 2 Feb 2021, Nick vi
ExtraScanning option:
"Toggles extra scanning and notifications when a file or directory
is created or moved."
Which lead me to believe that would work, but it doesn't seem to.
Additionally man clamonacc gives 'No manual entry for clamonacc'. clamonacc
--help reports v
ath to /user-home-folders/
ExcludePath /.local/
ExcludePath /.cache/
ExcludePath/.config/
In testing this I still see clamonacc tell me it's performing scanning on files
created in .cache but will the engine itself ignore them due to the Excludes?
Is there a better way of ac
user to pull files out of. I.e. only from Downloads can they retrieve files
and download to their actual machine in the secure zone. So my thoughts were it
may be a small risk & more performant to exclude the other dirs.
Interested to know your thoughts.
Nick
‐‐‐ Original Message ‐‐
,
Nick
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html
esume that is similar logic to EPEL.
Anyway, I've managed to get the files through a VPN so changing my IP,
but this is messy. There must be a better way to do it.
Nick
On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
Running freshclam after the package is installed should pu
Phone
On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users
wrote:
Please tell that to EPEL as well. We want to be able to distribute a package
which, in emergency, can be transferred to a standalone (read compromised
device removed from the network) and have the rpm install something whic
On 17/01/2022 14:33, Andrew C Aitchison wrote:
On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
package the
latest three signature files listed above with their distributable rpm in
the same way that EPEL do so
On 17/01/2022 15:06, Arjen de Korte via clamav-users wrote:
Citeren Nick Howitt via clamav-users :
Not quite. I have taken over the packaging of this and the
justification of packaging the sigs is partly that the tool will work
and scan out of the box, partly for the offline consideration
On 17/01/2022 15:14, Maarten Broekman via clamav-users wrote:
On Mon, Jan 17, 2022 at 9:53 AM Andrew C Aitchison via clamav-users
mailto:clamav-users@lists.clamav.net>>
wrote:
On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
> - not
> have to install s
On 17/01/2022 15:26, Andrew C Aitchison wrote:
On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
On 17/01/2022 14:33, Andrew C Aitchison wrote:
Not quite. I have taken over the packaging of this and the
justification of packaging the sigs is partly that the tool will work
and
Hello, i hope everyone is well.
while scanning my database vps clamav found Win.Malware.Generic-9937882-0
on
/opt/datadog-agent/embedded/lib/python3.8/ensurepip/_bundled/pip-21.1.1-py3-none-any.whl,
the server is running Centos 7 so a win based malware not likely dangerous
but it makes me wonder,
While you have ClamAV 0.105.1_1 in your post, the screenshot says ClamAV
0.101_1.1, which is an unsupported version. What version of freshclam is trying
to download updates? What do freshclam's logs say?
On Wed, Aug 30, 2023, at 12:46 PM, Jonathan Lee via clamav-users wrote:
> Hello fellow ClamA
Hello,
I am running ClamAV on an air-gapped Ubuntu 20.04 LTS machine and I cannot seem
to figure this issue out for the life of me. Currently, I run a full system
virus scan every weekend I end up totally maxing out my logs in var/log/audit.
I have auditd configured for a max of 10 log files 1g
On Wed, Jul 30, 2025, at 10:05 AM, Paul Kosinski via clamav-users wrote:
> If I 'dig', I get:
>
> $ dig database.clamav.net
> ;database.clamav.net. IN A
> database.clamav.net.60 IN CNAME
> database.clamav.net.cdn.cloudflare.net.
> database.
48 matches
Mail list logo
