unning Clam in a very low memory configuration? Is it
> do-able?
Sure, my test-system nodes only have about 400M RAM. I use my own clam
daemon, but the functionality is the same.
--
Per Jessen, Zürich (5.6°C)
http://www.dns24.ch/ - free dynamic
G.W. Haywood wrote:
> Hi there,
>
> On Sat, 10 Apr 2021, Per Jessen wrote:
>
>> When I built $SUBJ just now, I see
>>
>> libclammspack.so.0
>> =>
>> /home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0
>>
>> ie. with
Per Jessen wrote:
>
>> If this is after install, exactly how did you build it?
>
> I don't normally do a "make install", I copy the libraries to the
> destination servers directly. I only need the libraries.
Having just built and installed on another machine,
G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Sat, 10 Apr 2021, Per Jessen wrote:
>> G.W. Haywood wrote:
>>> On Sat, 10 Apr 2021, Per Jessen wrote:
>>>
>>>> When I built $SUBJ just now, I see
>>>>
>>>> libclammspack
Any chance of making the source package available without the current
cvd databases? The current package is 24Mb, without the CVD it's only
3Mb. Just a suggestion, but it might just save some bandwidth.
/Per Jessen, Zürich
___
Help us bu
'database.clamav.net' pointing to whereever you want.
Or you just update /etc/freshclam.conf to point to only only mirror.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Email.Trojan.GZC aka Sanesecurity.Malware.8825.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
atabase files under /var/lib/clamav use
> about 70MB. So, even assuming this is kept in memory at all times,
> where does the other 120MB come from?
Maybe when the database is reloaded? I don't know clamd that well, but
I suspect it'll probably have two copies of the database i
t
also affect clamd users, but I'm posting this "just in case".
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Per Jessen wrote:
> I'm running my own custom clamav daemon, and just now I ran into an
> issue when reloading the latest daily.cvd. cl_load() seems to be
> looking for a file named 'daily.ldb' - it isn't found, which causes a
> segfault. I don't yet kno
Toby Bryans wrote:
> Thanks Luca, I obviously should have checked there in retrospect!
>
It was posted 8 minutes after your posting, so checking there wouldn't
have done you any good :-)
/Per Jessen, Zürich
___
Help us build a comprehen
Toby Bryans wrote:
> On 7 May 2010 12:28, Per Jessen wrote:
>
>> Toby Bryans wrote:
>>
>> > Thanks Luca, I obviously should have checked there in retrospect!
>> >
>>
>> It was posted 8 minutes after your posting, so checking there
>> wou
t's not about not being able to scan, it's about not wanting to scan.
Regardless, clamav doesn't reject or approve mails, that's for your MTA
to do.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://
Rob Sterenborg (lists) wrote:
> On Wed, 2011-11-09 at 10:31 +0100, Per Jessen wrote:
>> Peter Bradeen wrote:
>>
>> > I see that there are ways to limit the level of archive that will
>> > be
>> > scanned as well as the size of the entities to be scanne
Simon Hobson wrote:
> Per Jessen wrote:
>
>> >> It's not about not being able to scan, it's about not wanting to
>>>> scan. Regardless, clamav doesn't reject or approve mails, that's
>>>> for your MTA to do.
>>>
>>&
x27;d left the daily.inc directory. When I removed it,
freshclam retrieved the daily cvd on the next attempt.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
have 4 mails on one of the servers that vary in size from
> 20MB to 60 MB.
Virus-scanning anything bigger than 1-2Mb makes little sense. ANything
as big as 20Mb, I would just skip without further consideration.
/Per Jessen, Zürich
___
Help us build
fixing this gcc problem in the clamav
source?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
- no changes until mid-Jan. clamav is one of
very few exceptions.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
ing clamd - any reason why freshclam should complain
about /etc/clamd.conf ?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
has
never done so before.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Per Jessen wrote:
> Wait - I didn't ask how to fix the problem. I'm more interested to
> know why freshclam complains about this _unused_ config-file when it
> has never done so before.
Please ignore - problem found and solved.
Am I the first person to suggest the default max logsize should be 0
instead of 1M (or some other arbitrary value) ?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav
of it is in relation to clamav? It's obviously
optional, and clamav sems to do quite well without it.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
system), but it is recognised by many
others.
https://files.jessen.ch/materials-20161511_121132836553-doc.exe
--
Per Jessen, Zürich (-0.2°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
___
clamav-users mailing list
clamav-users
curious that such a relatively old
virus is not identified by ClamAV. (nor by Sanesec signatures for that
matter).
--
Per Jessen, Zürich (0.1°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.
___
clamav-users mailing
c --mandir=/usr/share/man
I must be missing something?
--
Per Jessen, Zürich (15.5°C)
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
htt
Michael Orlitzky via clamav-users wrote:
> On 2/24/20 5:28 AM, Per Jessen wrote:
>> I've just stumbled on this new config
>> option - "--enable-libclamav-only ". However, I still get complaints
>> about libcurl (for freshclam and clamdsubmit) ?
>>
*possibly* be able to run clamd on a system with
> only 2G of RAM
It _can_ be done, using cgroups to restrict the amount of memory used,
but it'll be doing a bit of swapping.
For email processing, we run clamd on virtual machines with slightly
less than 3Gb memory, of
I haven't seen any mails from the XML-list since Feb4 - what's the story? Was
I accidentally unsubscribed or is the list down?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
l/bin/freshclam
>
This is mine:
From /etc/cron.d/clamav:
2 * * * * root /usr/bin/freshclam
/Per Jessen
--
http://www.spamchek.ch/freetrial - lassen Sie sich überzeugen - 30 Tage
Kostenlos!
___
http://lurker.clamav.net/list/clamav-users.html
Luca Gibelli wrote:
> Hello Per Jessen,
>
>> I haven't seen any mails from the XML-list since Feb4 - what's the story?
>> Was
>> I accidentally unsubscribed or is the list down?
>
> We sent a message announcing that we were taking down the service. We&
ted or the mirror or what?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Brian Morrison wrote:
> On Thu, 24 Feb 2005 09:09:23 +0100 in [EMAIL PROTECTED] Per
> Jessen <[EMAIL PROTECTED]> wrote:
>
>> I've setup a freshclam that is triggered off the incoming notify for
>> clamav-virusdb. For 722 at 0046CET today, I got the email, but
ading the load.
Anyway, thanks for the clarification.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
but I hadn't expected it to also stop
freshclam checking
for new updates. I guess freshclam is waiting for it to finish before
continuing - surely not
the intentional behaviour?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
for OnErrorExecute and OnUpdateExecute
when it's
running as a daemon - as commandline it'll still use system().
/Per Jessen, Zürich
--
http://www.spamchek.co,uk/freetrial - sign up for your free 30-day trial now!
___
http://lurker.clamav.net/list/clamav-users.html
Steven Stern wrote:
> It appears that Gareth Andron and the php-clamav project have been wiped
> from the face of the earth.
Yeah, his fission.org.uk domain has expired. (Gareth Ardron btw).
/Per Jessen, Zürich
___
http://lurker.clamav.ne
use ClamAV does not seem to imply
that ClamAV
is not competing with commercial vendors.
In fact, what is the _primary_ advantage of ClamAV over [your favourite
commercial AV product]?
Price. ClamAV may not be competing for commercial gain, but it is certainly
competing for the
market.
hen (or in which db-version) the signature was added? (using an API of
course).
thanks.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
.thorium",
CL_ARCHIVE|CL_MAIL);
# $status is an overloaded object
die "Failed to scan: $status" unless $status;
if ($status->virus) {
print "identified virus \"$status\".\n";
}
else
{
print "no virus identified: $status\n";
}
# ./perlclam
eports clean. I'm just now upgrading
the Mail::ClamAV module to 0.17 (from 0.11) - maybe that'll fix it.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Per Jessen wrote:
> OK, just tried that - it still reports clean. I'm just now upgrading
> the Mail::ClamAV module to 0.17 (from 0.11) - maybe that'll fix it.
Yeah, 0.17 fixed it - thanks for the fast response. Sorry about wasting
your time and bandwidth.
/Pe
What's the current schedule for 0.90? And what are my options (for not
having clamav consider phishing==virus) until then?
I'm using libclamav programmatically - I don't suppose cl_scanfile()
could be convinced to return CL_PHISHING when appropriate :-)
/Per
Dennis Peterson wrote:
> Per Jessen wrote:
>> What's the current schedule for 0.90? And what are my options (for
>> not having clamav consider phishing==virus) until then?
>> I'm using libclamav programmatically - I don't suppose cl_scanfile()
>> cou
Dennis Peterson wrote:
> Here's a script that should work. Read the assumptions carefully and
> mind the emailer linewrapping in logger strings:
Thanks Dennis, just the sort of thing I was hoping for.
/Per Jessen, Zürich
___
http://lurker
would say that is more of a job for your mail-server, not clamav.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Sven Strickroth wrote:
> Hi,
>
> "Per Jessen" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> news:[EMAIL PROTECTED]
> Dennis Peterson wrote:
>
>> Per Jessen wrote:
>> It has always been possible to unpack the pattern files and remove
>> the
ing the modification date of files.
Sounds like you could do with a simple combination of clamav and the
find command.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
ed the download link in the RSS feed.
> For everyone's benefit, here is a direct link to 0.88.3:
>
Is there any particular reason why freshclam is not making me aware of
the new version? I use the OnOutdatedExecute option, but it hasn't
been triggered.
/Per Jessen, Zürich
_
Stephen Gran wrote:
> On Mon, Jul 03, 2006 at 03:37:42PM +0200, Per Jessen said:
>> Is there any particular reason why freshclam is not making me aware
>> of the new version? I use the OnOutdatedExecute option, but it
>> hasn't been triggered.
>
> I understand i
bit in the TXT record.
I have to admit to being one of those lazy, err ... busy, sysadmins. I
find freshclams outdated warning very useful.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Luca Gibelli wrote:
>> Why isn't freshclam complaining?
>
> because there are no security issues associated with the new release.
> Instead of filling the logs with warnings, we give our users 2 days to
> perform the upgrade.
Hi Luca,
I still haven't seen any warn
/www/htdocs, can it be a smb form (like
> smb://username:[EMAIL PROTECTED] to cvd's)? Any help is appreciated.
Filesystem paths only, no URLs.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
e if you are able to. Don't just be a freeloader.
I think it is entirely reasonable, but for a business to make donations,
I think the ClamAV project needs to be able 1) issue invoices and 2)
accept payment via non-paypal channels. Maybe even in EUR.
/Per Jessen, Zürich
d, but it looks like
that only happens when the DNS reports a newer software version.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Per Jessen wrote:
> According to freshclam, my installation (0.88.5) is outdated:
>
Please ignore. I've just now caught up with the other thread on this.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
got nothing to do with taxes - it's a matter of practicality;
getting budget approval for a business expense is much easier than for
charity.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
nd 32 hours later. I understand it was on a
weekend etc., but for ClamAVs phishing detection/protection to have any
meaning/reason at all, the time from submit to publish needs to be a
LOT shorter.
/Per Jessen, Zürich
___
Help us build a comprehensive C
on, discovering and responding to truly
> destructive outbreaks, etc.
As a matter of principle, maintaining the database of what ClamAV is
supposed to detect must have the highest priority, IMHO. If not,
everything else is pointless.
/Per Jessen, Zürich
__
Per Jessen wrote:
>> The best defense against phishing is and has always been education,
>> fwiw.
>
Quick additional comment - I used to use the very same argument, but
experience and age have taught me that people are stupid.
/Per
O. If not,
>> everything else is pointless.
>
> I guess you could always ask for a refund if you're unhappy with the
> product. I think they're doing a hell of a good job.
So do I. I've even contributed code myself.
I am in no way unhappy with the product, and I s
Gerard Seibert wrote:
> however, I believe 'stupid' is too harsh.
Perhaps - but a great deal more concise :-)
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.ne
natures
collected is mostly irrelevant, whereas the speed with which a new
signature can be published is not.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Nigel Horne wrote:
> Use the "experimental code", then. It does a good job at catching
> phishes that aren't even in the database.
OK, that sounds interesting, I'll take a look.
/Per Jessen, Zürich
___
Help us build a
al point was that if Clam is going to scan for
> phishing at all, the response time might be too slow to be useful,
> given the frequency with which the content changes.
That was exactly my point, yes.
To be fair, I submitted another phishing sample yesterday, and had the
update in abou
is the db-update process? Is it possible the email is being sent
> out before the file is accessible?
I don't know the process, but I think so, yes.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Jay Lee wrote:
> The point of the exercise it to run freshclam *only* when the update
> is published, not to run every x hours (or minutes) without knowing if
> there is an update.
>
> Looking at my options there...
Why not just run freshclam as a daemon?
/Per
Dennis Peterson wrote:
> Per Jessen wrote:
>> Jay Lee wrote:
>>
>>> The point of the exercise it to run freshclam *only* when the update
>>> is published, not to run every x hours (or minutes) without knowing
>>> if there is an update.
>>>
>
e have not seen any stability problems, and I do not
expect any either.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
t for ALL your daemon processes? As an old school
mainframe sysprog, I don't monitor any of my daemon processes. (apart
from *some* status-monitoring via SNMP).
/Per Jessen, Zürich
PS: even if you're an old school Unix admin, quoting only the relevant
b
email.
We use SMS, but the idea is the same.
> So what do you do when your freshclam dies or explodes from a memory
> leak or do you depend 100% on it never failing?
For one thing, freshclam has never died nor exploded from a memory leak,
nor is it a critical process. If freshclam fails
Although I would monitor the temperature instead. Once the
equipment is down, it's too late.
We monitor datacenter/machine temperature as they are critical operating
factors that must be maintained within certain boundaries.
Anyway, this is way, way off-topic here - my apologies for keepin
at the same time, and the databases had been updated, I
see significant potential for something to break.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
74 matches
Mail list logo
