[clamav-users] Open source anti virus solution needed please help
Rithy R
rithy.ray at outlook.com
Thu Nov 6 02:56:32 UTC 2014
Dear Community - Please kindly help me find the best solution to protect Windows server machines.
Regards,Rithy
> From: clamav-users-request at lists.clamav.net
> Subject: clamav-users Digest, Vol 122, Issue 1
> To: clamav-users at lists.clamav.net
> Date: Wed, 5 Nov 2014 12:00:00 -0500
>
> Send clamav-users mailing list submissions to
> clamav-users at lists.clamav.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> or, via email, send a message with subject or body 'help' to
> clamav-users-request at lists.clamav.net
>
> You can reach the person managing the list at
> clamav-users-owner at lists.clamav.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of clamav-users digest..."
>
>
> Today's Topics:
>
> 1. Error using libclamav (cli_scanraw error) (Alessandro Vesely)
> 2. Re: Error using libclamav (cli_scanraw error) (Shawn Webb)
> 3. Re: Error using libclamav (cli_scanraw error) (Alessandro Vesely)
> 4. MailScanner Incoming and Quarantine Permissions change
> (Mark Meelhuysen)
> 5. Re: MailScanner Incoming and Quarantine Permissions change (Jerry)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 04 Nov 2014 18:27:49 +0100
> From: Alessandro Vesely <vesely at tana.it>
> To: clamav-users at lists.clamav.net
> Subject: [clamav-users] Error using libclamav (cli_scanraw error)
> Message-ID: <54590C95.20903 at tana.it>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
> I use libclamav to have a mail filter scan mail. It works fine at mine.
> However, I shared the code with someone and it doesn't work at his --he
> reads in BCC. We both use 0.98.4. We managed to run the same test with
> debug enabled. On his system he got:
>
> LibClamAV debug: Module STATS Off
> LibClamAV debug: pool memory used: 5.890 MB
> LibClamAV debug: No bytecodes loaded, not running builtin test
> LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
> LibClamAV debug: Recognized Exim mail file
> LibClamAV debug: Starting cli_scanmail(), recursion = 1
> LibClamAV debug: in mbox() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16)
> ...
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Descriptor[6]: cli_scanraw error Can't allocate memory
> LibClamAV debug: cli_magic_scandesc: returning 20 at line 2893
>
> While on my system, where it works, I have a cache_check line in the first
> snippet, and no error in the second one:
>
> LibClamAV debug: Module STATS Off
> LibClamAV debug: pool memory used: 5.890 MB
> LibClamAV debug: No bytecodes loaded, not running builtin test
> LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
> LibClamAV debug: Recognized Exim mail file
> LibClamAV debug: cache_check: 04d636c6846117fe44a898118e8cc7cb is negative
> LibClamAV debug: Starting cli_scanmail(), recursion = 1
> LibClamAV debug: in mbox()
> ...
> LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16)
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: cache_check: 7b3120d4da0fe032872cb109c65e76c5 is negative
> LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
> LibClamAV debug: in cli_scanscript()
> LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
> LibClamAV debug: cli_magic_scandesc: returning 0 at line 2973
>
> What does the absence of cash_check lines mean?
>
> The test was done on a tiny test database. My module is unable to load a
> real database on his system. cl_load returns CL_EMALFDB in that case.
> Yet, he runs clamd and clamscan without problems. He uses grsecurity.
> I only found this on the subject:
> http://lurker.clamav.net/message/20060619.021837.f9057bb8.en.html
>
> I searched clamscan sources for RLIMIT_AS or RLIMIT_DATA (clamd uses the
> latter). IME, ENOMEM is not always reported correctly, so I wonder if
> CL_EMEM is accurate in this case.
>
> Anyone saw this syndrome before?
>
> TIA
> Ale
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 4 Nov 2014 12:30:28 -0500
> From: Shawn Webb <swebb at sourcefire.com>
> To: ClamAV users ML <clamav-users at lists.clamav.net>
> Subject: Re: [clamav-users] Error using libclamav (cli_scanraw error)
> Message-ID:
> <CAO2uJafquRcvd1QhuCCwgOg1gAKaLCrMh=MVvwycRDRkeJ4ahg at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> On Tue, Nov 4, 2014 at 12:27 PM, Alessandro Vesely <vesely at tana.it> wrote:
>
> > Hi,
> > I use libclamav to have a mail filter scan mail. It works fine at mine.
> > However, I shared the code with someone and it doesn't work at his --he
> > reads in BCC. We both use 0.98.4. We managed to run the same test with
> > debug enabled. On his system he got:
> >
> > LibClamAV debug: Module STATS Off
> > LibClamAV debug: pool memory used: 5.890 MB
> > LibClamAV debug: No bytecodes loaded, not running builtin test
> > LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
> > LibClamAV debug: Recognized Exim mail file
> > LibClamAV debug: Starting cli_scanmail(), recursion = 1
> > LibClamAV debug: in mbox() LibClamAV debug: in cli_magic_scandesc
> > (reclevel: 1/16)
> > ...
> > LibClamAV debug: Recognized ASCII text
> > LibClamAV debug: Descriptor[6]: cli_scanraw error Can't allocate memory
> > LibClamAV debug: cli_magic_scandesc: returning 20 at line 2893
> >
> > While on my system, where it works, I have a cache_check line in the first
> > snippet, and no error in the second one:
> >
> > LibClamAV debug: Module STATS Off
> > LibClamAV debug: pool memory used: 5.890 MB
> > LibClamAV debug: No bytecodes loaded, not running builtin test
> > LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
> > LibClamAV debug: Recognized Exim mail file
> > LibClamAV debug: cache_check: 04d636c6846117fe44a898118e8cc7cb is
> > negative
> > LibClamAV debug: Starting cli_scanmail(), recursion = 1
> > LibClamAV debug: in mbox()
> > ...
> > LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16)
> > LibClamAV debug: Recognized ASCII text
> > LibClamAV debug: cache_check: 7b3120d4da0fe032872cb109c65e76c5 is
> > negative
> > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
> > LibClamAV debug: in cli_scanscript()
> > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
> > LibClamAV debug: cli_magic_scandesc: returning 0 at line 2973
> >
> > What does the absence of cash_check lines mean?
> >
> > The test was done on a tiny test database. My module is unable to load a
> > real database on his system. cl_load returns CL_EMALFDB in that case.
> > Yet, he runs clamd and clamscan without problems. He uses grsecurity.
> > I only found this on the subject:
> > http://lurker.clamav.net/message/20060619.021837.f9057bb8.en.html
> >
> > I searched clamscan sources for RLIMIT_AS or RLIMIT_DATA (clamd uses the
> > latter). IME, ENOMEM is not always reported correctly, so I wonder if
> > CL_EMEM is accurate in this case.
> >
> > Anyone saw this syndrome before?
>
>
> You'll need to call cl_initialize_crypto() before calling cl_init(). This
> bug will be fixed in ClamAV 0.98.5 (not yet released, but we have an -rc1
> out) and forward.
>
> Thanks,
>
> Shawn
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 04 Nov 2014 20:45:43 +0100
> From: Alessandro Vesely <vesely at tana.it>
> To: clamav-users at lists.clamav.net
> Subject: Re: [clamav-users] Error using libclamav (cli_scanraw error)
> Message-ID: <54592CE7.1080700 at tana.it>
> Content-Type: text/plain; charset=us-ascii
>
> On Tue 04/Nov/2014 18:30:28 +0100 Shawn Webb wrote:
> > On Tue, Nov 4, 2014 at 12:27 PM, Alessandro Vesely <vesely at tana.it> wrote:
> >
> >> Hi,
> >> I use libclamav to have a mail filter scan mail. It works fine at mine.
> >> However, I shared the code with someone and it doesn't work at his --he
> >> reads in BCC. We both use 0.98.4. We managed to run the same test with
> >> debug enabled. On his system he got:
> >>
> >> LibClamAV debug: Module STATS Off
> >> LibClamAV debug: pool memory used: 5.890 MB
> >> LibClamAV debug: No bytecodes loaded, not running builtin test
> >> LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
> >> LibClamAV debug: Recognized Exim mail file
> >> LibClamAV debug: Starting cli_scanmail(), recursion = 1
> >> LibClamAV debug: in mbox() LibClamAV debug: in cli_magic_scandesc
> >> (reclevel: 1/16)
> >> ...
> >> LibClamAV debug: Recognized ASCII text
> >> LibClamAV debug: Descriptor[6]: cli_scanraw error Can't allocate memory
> >> LibClamAV debug: cli_magic_scandesc: returning 20 at line 2893
> >>
> >> While on my system, where it works, I have a cache_check line in the first
> >> snippet, and no error in the second one:
> >>
> >> LibClamAV debug: Module STATS Off
> >> LibClamAV debug: pool memory used: 5.890 MB
> >> LibClamAV debug: No bytecodes loaded, not running builtin test
> >> LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
> >> LibClamAV debug: Recognized Exim mail file
> >> LibClamAV debug: cache_check: 04d636c6846117fe44a898118e8cc7cb is
> >> negative
> >> LibClamAV debug: Starting cli_scanmail(), recursion = 1
> >> LibClamAV debug: in mbox()
> >> ...
> >> LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16)
> >> LibClamAV debug: Recognized ASCII text
> >> LibClamAV debug: cache_check: 7b3120d4da0fe032872cb109c65e76c5 is
> >> negative
> >> LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
> >> LibClamAV debug: in cli_scanscript()
> >> LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
> >> LibClamAV debug: cli_magic_scandesc: returning 0 at line 2973
> >>
> >> What does the absence of cash_check lines mean?
> >>
> >> The test was done on a tiny test database. My module is unable to load a
> >> real database on his system. cl_load returns CL_EMALFDB in that case.
> >> Yet, he runs clamd and clamscan without problems. He uses grsecurity.
> >> I only found this on the subject:
> >> http://lurker.clamav.net/message/20060619.021837.f9057bb8.en.html
> >>
> >> I searched clamscan sources for RLIMIT_AS or RLIMIT_DATA (clamd uses the
> >> latter). IME, ENOMEM is not always reported correctly, so I wonder if
> >> CL_EMEM is accurate in this case.
> >>
> >> Anyone saw this syndrome before?
> >
> > You'll need to call cl_initialize_crypto() before calling cl_init(). This
> > bug will be fixed in ClamAV 0.98.5 (not yet released, but we have an -rc1
> > out) and forward.
>
> That was it! Thank you for your quick and precise reply.
> How come it works well at mine without calling cl_initialize_crypto()?
>
> For anyone using grsecurity, he reported he got this message:
> libClamAV: Bytecode: disabling JIT because PaX is preventing 'mprotect' access.
>
> Which he avoided by running:
> paxctl -cm /path/to/the/program/using/libclamav
>
> Ale
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 5 Nov 2014 07:17:56 +0000
> From: Mark Meelhuysen <mark at meelhuysen.com>
> To: ClamAV users ML <clamav-users at lists.clamav.net>
> Subject: [clamav-users] MailScanner Incoming and Quarantine
> Permissions change
> Message-ID: <3195a911492c413fb2aaf75bc7c438a7 at DC01.meelhuysen.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello All,
>
> I am quite new to mailScanner. After setting up some test-systems, I now have one running in production, in front of an Exchange 2013 box.
> Al my minor problems were solved and i finally had a box running smoothly. But suddenly (after 3 weeks) my mailqueue starts growing after midnight and no mails are delivered. Research showed me that at a certain point permissions are changed from the /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine directories, so that MailScanner is unable to make a new folder for that day.
>
> The permissions are changed as:
>
> drwxr-x--- 9 postfix root 4096 Nov 5 08:03 incoming
> drwxr-x--- 8 root apache 4096 Nov 5 07:56 quarantine
>
> They should be:
>
> drwxr-x--- 9 postfix postfix 4096 Nov 5 08:03 incoming
> drwxr-x--- 8 postfix apache 4096 Nov 5 07:56 quarantine
>
> This has happened for the last 3 nights now. I changed them back manually, but they seem to go back every day and i cant figure out when this happens and what makes it happen.
>
> Anybody any suggestions?
>
> Thank you in advance.
>
> Mark
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 5 Nov 2014 05:15:16 -0500
> From: Jerry <jerry at seibercom.net>
> To: clamav-users at lists.clamav.net
> Subject: Re: [clamav-users] MailScanner Incoming and Quarantine
> Permissions change
> Message-ID: <20141105051516.21226569 at scorpio>
> Content-Type: text/plain; charset=UTF-8
>
> On Wed, 5 Nov 2014 07:17:56 +0000, Mark Meelhuysen stated:
>
> > Hello All,
> >
> > I am quite new to mailScanner. After setting up some test-systems, I now
> > have one running in production, in front of an Exchange 2013 box. Al my
> > minor problems were solved and i finally had a box running smoothly. But
> > suddenly (after 3 weeks) my mailqueue starts growing after midnight and no
> > mails are delivered. Research showed me that at a certain point permissions
> > are changed from the /var/spool/MailScanner/incoming
> > and /var/spool/MailScanner/quarantine directories, so that MailScanner is
> > unable to make a new folder for that day.
> >
> > The permissions are changed as:
> >
> > drwxr-x--- 9 postfix root 4096 Nov 5 08:03 incoming
> > drwxr-x--- 8 root apache 4096 Nov 5 07:56 quarantine
> >
> > They should be:
> >
> > drwxr-x--- 9 postfix postfix 4096 Nov 5 08:03 incoming
> > drwxr-x--- 8 postfix apache 4096 Nov 5 07:56 quarantine
> >
> > This has happened for the last 3 nights now. I changed them back manually,
> > but they seem to go back every day and i cant figure out when this happens
> > and what makes it happen.
> >
> > Anybody any suggestions?
>
> From the Postfix Add-On Software page:
>
> mailscanner system, works with Postfix and other MTAs. WARNING: This software
> uses unsupported methods to manipulate Postfix queue files directly. This
> will result in corruption or loss of mail. The mailscanner authors have so far
> refused to discuss a proper access API or protocol.
>
> Personally, I believe that there are better methods of achieving what you
> desire. Personally, I use "amavis" <http://amavis.sourceforge.net/>.
>
> --
> Jerry
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> ------------------------------
>
> End of clamav-users Digest, Vol 122, Issue 1
> ********************************************
More information about the clamav-users
mailing list