another box behind runs clamav 0.90.1 via amavis
without a problem, so the mail is still being scanned), or downgrade it.
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
___
Help us build a comprehe
t I suspected some sort of weird interaction with
ClamAV and Hotmail, but I've not actually been able to find any conclusive
evidence one way or the other.)
No, from a variety of different sources unfortunately.
Ryan Moore
--
Perigee.net Corpora
I don't think it needs write access to the socket file itself, but it
does need read+exec privs to the directory containing the socket at
least afaik.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
John Jolet wrote:
James Barber
ther
viruses in my inbox, but it's missing all of the SCO ones, as
far as I can tell. I have over 200 of them saved in a separate
directory and clamscan misses all of those.
Thanks,
Dominic
Try running 'clamscan --mbox email'
Ryan Moore
--
Perigee.net Corpora
amd.log.2:Sat Mar 6 04:40:38 2004 -> Session 5 stopped due to
timeout.
I had this problem until I updated to the CVS version, haven't had it
happen since.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
wondering if there was a way to do this with clamdscan?
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial
;ScanMail' option in clamav.conf, which I think is the same
as --mbox for clamscan.
3. Is a wrapper script to un-encode email 1st, then scan the resulting
files a good / the best approach?
Thanks,
- Bob
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-80
appen when clamd dies, or quits responding (even though
pidof/ps show clamd running still). I would verify clamdscan is working
or try restarting the milter/clamd.
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perige
gards,
Stephan
http://mikecathey.com/code/clamdwatch/
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by D
oblems with the milter itself crashing, but clamd
dies every other day or so it seems, but that problem was worked around
by running clamdwatch.pl in a cronjob every minute. I'm not sure how you
could check to make sure the milter itself hasn't gone to sleep, but it
might b
lamav/clamav-milter.sock
--
Steve
You probably want the -b option to reject the DATA phase of the SMTP
session if the milter detects a virus.
-
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perige
;t thinking mail being delivered
locally (or how it would handle that). Our sendmail box is just a relay
gateway for a few rbls and milters before being passed onto
spamassassin/amavisd and a pop3 server.
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
you don't want to mess with permissions and want to be able to scan
various things easily as root, you can use clamscan instead of clamdscan.
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
t virus?
I see that you did use --mbox, but what about other options you have
enabled in clamav.conf (for clamdscan) that weren't passed as parameters
to clamscan?
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
sigs: 428, f-level: 1, builder: diego)
Database updated (20657 signatures) from database.clamav.net
(152.66.249.132).
Clamd successfully notified about the update.
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perige
. Yet I still get
that stupid OUTDATED message in freshclam.log.
What am I missing?
did you check for older libclamav.so files laying around and making sure
all links pointed to the latest version and rerun ldconfig?
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017
esses when I resolve db.us.clamav.net, though
I didn't check the whois records for all of them to see where they were
located, but I'd assume they're in the US. I did check a few and they
were indeed in the US.
$ host db.us.clamav.net
db.us.clamav.net is an alias for d
f you so desire, which do indeed work.
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at Jav
of
freshclam/clamav itself rather than the DB's.
Is there an easy way of determing the current version other than
tail'ing the freshclam log file?
Regards
Lee
sigtool --info=/usr/local/share/clamav/daily.cvd
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-
4MB email seems rather excessive, perhaps enforcing a lower limit on
how big emails can be, or if you plan on processing huge messages adding
a lot more ram?
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
vledged user doesn't have
access to (ie: /root/). You can use clamscan there however, as it would
run as the user executing the command.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
that matched
the base64_illegal SA rule even). So the payload is benign since it
can't be executed as far as I can tell, since the attachment is mangled.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
-
t upgraded my workstation to 0.75 (from 0.72)
to make sure I had the latest version, ran freshclam to make sure I had
the latest definitions (already had daily v423), still doesn't detect
this new mydoom variant (not mydoom.m, have a sig for that).
Ryan Moore
--
Perigee.net Corpor
/ ClamAV version 0.70
Is this normal (difference in version)?
You probably have an old (vendor package?) in /usr/bin, which also shows
up before /usr/local/bin in the $PATH, so it is executed.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
nk it will work.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BE
0.75 distro (when I did `sigtool -l | grep -ci bagle`).
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE deve
stalled engine isn't
newer, give a nasty warning in the log.
Not sure if this has been discussed before, if so I appologize as I must
have missed the thread.
--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
Jeremy Kitchen wrote:
On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote:
Such that if freshclam downloads a signature and if the
signature has a 'engine version requirement' or some attribute that can
be compared against the installed engine, if the installed engine isn't
newe
dmail, and is included as part of the clamav package.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to re
are
machine, so perhaps you have an outdated or mangled glibc install? Might
try reinstalling the package that supplies that for your distro.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
___
htt
Edilmar wrote:
One doubt: the files viruses.db/db2 aren't supported by mirrors?
Correct:
http://sourceforge.net/forum/forum.php?forum_id=404052
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perige
another file in their database
directory or something.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
only see the one
process?
Regards,
Nick Beacroft
How are you checking for multiple threads? If using 'ps' make sure you
use the 'm' paramter (ie: "ps auxm"), or you can use `pidof clamd` too.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-8
33 matches
Mail list logo
