clamavmodule

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Tue Nov 29 16:20:14 GMT 2005


You are probably running with an ancient libclamav.so somewhere, so I'd
advise uninstalling clamav, cleaning up any orphaned clamav files, then
reinstalling clamav.

Make sure there is really only one version of ClamAV installed on your
system:
$ whereis freshclam
$ whereis clamscan

Also make sure that you haven't got old libraries (libclamav.so*) lying
around your filesystem. You can verify it using:
    $ ldd `which freshclam`

Also, find / -name *clam* will also help remove all of this stuff (move
or delete your choice) then re-install.

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
> Sent: 29 November 2005 15:51
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: clamavmodule
> 
> Gang,
> 
> I boosted the Clamavmodule Recursion level to 8, applied the 
> patch below, switched from clamav to clamavmodule and back 
> again -- nothing.
> Clam refuses to catch the Sober.U/Sober-Z virus for me.  
> Sophos is on the job though.  My setup: Solaris 9, ClamAV 
> 0.87.1, MS 4.47.4, sophos 3.99.  <head scratch>
> 
> Jeff Earickson
> Colby College
> 
> On Wed, 23 Nov 2005, Rick Cooper wrote:
> 
> > Date: Wed, 23 Nov 2005 10:22:41 -0500
> > From: Rick Cooper <rcooper at DWFORD.COM>
> > Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: clamavmodule
> > 
> >
> >  -----Original Message-----
> >  From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On 
> > Behalf Of Rodney Green
> >  Sent: Wednesday, November 23, 2005 7:15 AM
> >  To: MAILSCANNER at JISCMAIL.AC.UK
> >  Subject: clamavmodule
> >
> >
> >  Hello,
> >
> >  With the recent Sober outbreak I have just noticed that 
> ClamAV does not appear to be scanning. I'm using both 
> bitdefender and ClamAV and bitdefender is listed as having 
> detected the virus/worm but ClamAV is not. I'm using 
> clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. Any 
> ideas why clam isn't scanning?
> [snip]
> >
> >  [Rick Cooper]
> >
> >  Ok I noted a couple of things that could cause a problem. 
> > MailScanner.conf
> >
> >  ClamAVmodule Maximum Recursion Level should be at least 8, 
> don't know 
> > what the default is  ClamAVmodule Maximum Compression Ratio 
> should be 
> > at least 250, don't know what the default is
> >
> >  Apply the following patch, if Julian ok's it of course, to 
> SweepViruses.pm. It adds CL_SCAN_BLOCKBROKEN() because, 
> apparently, if this is not set it may not handle several 
> viruses correctly. The clam author (tomitz?) was mostly 
> concerned about the user's maxrecursion being below 8 and 
> flatly state at his current setting (I think it was one) Clam 
> would miss a large number of malware.
> >
> >  Julian, do you think CL_SCAN_BLOCKBROKEN() should be a 
> default or a config option. Broken PE files are pretty much 
> always malware anyway.
> >
> >  ================================= Cut below ==========
> >  --- SweepViruses.pm     Wed Nov 23 10:08:36 2005
> >  +++ SweepVirusesClamFix.pm      Wed Nov 23 10:09:10 2005
> >  @@ -1023,15 +1023,17 @@
> >           $results = $Clam->scan("$dirname/$childname/$filename",
> >                                  Mail::ClamAV::CL_SCAN_STDOPT() |
> >                                  Mail::ClamAV::CL_SCAN_ARCHIVE() |
> >                                  Mail::ClamAV::CL_SCAN_PE() |
> >  +                               
> Mail::ClamAV::CL_SCAN_BLOCKBROKEN() |
> >                                  Mail::ClamAV::CL_SCAN_OLE2());
> >         } else {
> >           $results = $Clam->scan("$dirname/$childname/$filename",
> >                                  Mail::ClamAV::CL_SCAN_STDOPT() |
> >                                  Mail::ClamAV::CL_SCAN_ARCHIVE() |
> >                                  Mail::ClamAV::CL_SCAN_PE() |
> >                                  
> Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() |
> >  +                               
> Mail::ClamAV::CL_SCAN_BLOCKBROKEN() |
> >                                  Mail::ClamAV::CL_SCAN_OLE2());
> >         }
> >
> >         unless ($results) {
> >
> >  ======================== End Cut ======================
> >
> >  Rick
> >
> >
> > --
> > This message has been scanned for viruses and dangerous content by 
> > MailScanner, and is believed to be clean.
> >
> >
> >
> > ------------------------ MailScanner list 
> ------------------------ To 
> > unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki 
> (http://wiki.mailscanner.info/) and the 
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list