RE: clamav-milter templates

> For Nigel Horne:
> If you decide add it to CVS, please use this links. It's more
> recent than I sent to you yesterday.

Thanks for this, as I already indicated to both the clamav-users list
and to you privately I am in the throws of rewriting this code, so I
will happily incorporate any ideas in your code that are useful.

> Regards,
> Sergey

-Nigel

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com

Re: freshclam's --log option does not seem to work

On Sat, 31 Jul 2004, 18:41 GMT-04 Stephen Gran wrote:

> freshclam by default runs as user clamv.  Does user clamav have write
> permissions to the directory in which you're running that command?

thank you Stephen, that was the reason. While I gave the specified log
file write permissions to the user clamv, I forgot that the directory
it resides in did not have them. Sorry for my oversight.

I am now using freshclam successfully in that way:

TMPLOG="/tmp/freshclam-`date +'%Y%m%d%H%M%S'`.log"; freshclam --stdout --quiet -l $TMPLOG; cat
$TMPLOG; rm -f $TMPLOG

This prints the static text

--------------------------------------
ClamAV update process started at Sun Aug  1 05:00:44 2004
main.cvd is up to date (version: 24, sigs: 21793, f-level: 2, builder: tomek)
daily.cvd is up to date (version: 430, sigs: 1260, f-level: 2, builder: ccordes)

to STDOUT - instead of the dynamic and more verbose text normally
printed to STDOUT, which is not very useful if you called that command
out from a script.

best,
rob.

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on

OSX resource forks

Apologies if this is the wrong place to ask this but it seemed more of a
development question than a user one.

I have been testing clamav on OSX and noticed that it does not scan Mac
resource forks, only data forks - which is to be expected as it is a
unix-level port, and most of the ways to get at resource forks are
presumably in different file access API's (carbon/cocoa?).

Several questions arise from that:

1. Does anyone have any plans to add this ability? I think I am right in
saying that it could be as simple as scanning "file/rsrc" as well as "file"
on OSX systems. This could be included by an #ifdef at compile time maybe?

2. I don't think any of the classic old Mac resource viruses (MDBF, MDEF
etc) are in the clamav virus db. Does anyone have access to these for
testing purposes, and to get signatures for them? If not, how could one go
about making sure this worked?

3. I saw on the user list that someone had created an AppleScript studio gui
front-end for OSX to run clamav. I was looking for one because I was
considering writing one myself in fact! I would think that without resource
fork scanning that clamav would be reasonably useless on Mac. Anyone have
any further thoughts or opinions on that? Should there be something in the
documentation explaining to OSX users that it probably isn't a good
replacement for Virex etc, at least not yet!?

regards,
Gavin

Re: OSX resource forks

Hi Gavin (and list),

I'm nearly finished a GUI for Clamav, the only thing I really have left 
to do is stress testing and documentation.

I've made a few changes to the source code which I plan to release in 
due course, in order to make it work with resource forks....however, 
like you, I don't have access to any test viruses.  The closest I got 
was about 4 years ago when I actually got a virus, but "Disinfectant" 
took care of that for me.  Bit annoying now though, I could do with 
having it back!!!

I hope to have my program available to others by the end of this week.  
I'll keep you posted if you like?

Also, it's not completely useless for Mac users just cos it didn't scan 
resource forks.  I still get emails from windoze-using friends 
containing viruses (the emails, not the friends!) so it's worthwhile 
checking my attachments folder if not for my own peace of mind, then at 
least I can tell my friends they need to update their virus checker.

Anyway, I'm wasting coding/testing time here!!

Mark

On 4 Aug 2004, at 1:00 pm, Gavin Aiken wrote:

> Apologies if this is the wrong place to ask this but it seemed more of 
> a
> development question than a user one.

Re: OSX resource forks

Excellent news! Definitely interested to see your GUI and clamav source
changes - please do keep me posted. Still wonder how we can get signatures
for all the old resource-fork Mac nasties to make it useful though!

regards,
Gavin

PS - I use clamav-milter on my mail box, so that keeps out all of the virii
from the Windoze folks, at least by email. Amazing how many it stops!

> From: Mark Allan <mark <at> gwc.org.uk>
> Reply-To: clamav-devel <at> lists.sourceforge.net
> Date: Wed, 4 Aug 2004 16:36:03 +0100
> To: clamav-devel <at> lists.sourceforge.net
> Subject: Re: [Clamav-devel] OSX resource forks
> 
> Hi Gavin (and list),
> 
> I'm nearly finished a GUI for Clamav, the only thing I really have left
> to do is stress testing and documentation.
> 
> I've made a few changes to the source code which I plan to release in
> due course, in order to make it work with resource forks....however,
> like you, I don't have access to any test viruses.  The closest I got
> was about 4 years ago when I actually got a virus, but "Disinfectant"
> took care of that for me.  Bit annoying now though, I could do with
> having it back!!!
> 
> I hope to have my program available to others by the end of this week.
> I'll keep you posted if you like?

rc.clamav script for bsd's

I noticed that there isn't a startup script for bsd init in the contrib 
dir so I thought I would post mine in case you guys want to put it in. 
I run it on slackware linux, but it should work on any linux and may 
work on the BSD's as long as they have killall.

schu

#!/bin/sh
# Start/stop/restart clamd.

CLAMD_OPTIONS=""
CLAMAVMILTER_OPTIONS="-ol"
MILTER="local:/var/run/clamav/clmilter.sock"

# Start clamd:
clamd_start() {
  if [ -x /usr/local/sbin/clamd ]; then
    echo "Starting clamd daemon:  clamd $CLAMD_OPTIONS"
    /usr/local/sbin/clamd $CLAMD_OPTIONS
  fi
  sleep 1
  if [ -x /usr/local/sbin/clamav-milter ]; then
    echo "Starting clamav-milter: clamav-milter $CLAMAVMILTER_OPTIONS $MILTER"
    /usr/local/sbin/clamav-milter $CLAMAVMILTER_OPTIONS $MILTER
  fi
}

# Stop clamd:
clamd_stop() {

Clamd support in libclamav

Re: Clamd support in libclamav

On Wed, 4 Aug 2004 14:44:38 -0300
"Aecio F. Neto" <afn <at> harvest.com.br> wrote:

> Is there any function in libclamav that allows me to call a clamd
> scan? Would such function be planned if it doesn't exist up to now?

It's not planned but you can take a look at the clamdscan sources.

--

-- 
   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
       //\   /\              Wed Aug  4 19:40:33 CEST 2004

Re: Clamd support in libclamav

Re: Clamd support in libclamav

Aecio F. Neto wrote:
> 
>  > It's not planned but you can take a look at the clamdscan sources.
> 
> Thanks for your promptly reply.
> That´s *exaclty* what I am doing to build its support.
> 
> Worst part of this is to maintain clamav.conf read/parse code, because 
> our development is under C++ and there is a lot of changes to be provided.
> 
> There is no chance that such support would come in near future?

there was some brief mentioning of upcoming ICAP (http://www.i-cap.org) 
support in clamd sometime in february(?) this year. I guess that 
something like that might be a suitable remote API for external projects 
like the Dansguarding-AV plugin.

Stefan

-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com