ClamAV: Difference between revisions

From DWIKI
mNo edit summary
mNo edit summary
Line 29: Line 29:




== FAQ ==


=== Amavis not finding socket clamd.ctl ===
= FAQ =
 
== Amavis not finding socket clamd.ctl ==


Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done.
Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done.
Line 37: Line 38:
 
 


=== INetMsg.SpamDomain-xxx ===
== INetMsg.SpamDomain-xxx ==


That's from sanesecurity.net
That's from sanesecurity.net
Line 47: Line 48:
 
 


=== LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set ===
== LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set ==


Try --bytecode-timeout=120000
Try --bytecode-timeout=120000


=== LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes ===
== LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes ==


  --bytecode-timeout=N
  --bytecode-timeout=N
Line 57: Line 58:
 
 


=== Ignoring mirror x.x.x.x (due to previous errors) ===
== Ignoring mirror x.x.x.x (due to previous errors) ==


try removing mirrors.dat and daily.cvd
try removing mirrors.dat and daily.cvd
Line 63: Line 64:
 
 


=== LibClamAV Error: CRITICAL: fmap() failed ===
== LibClamAV Error: CRITICAL: fmap() failed ==


haha yeah, good luck
haha yeah, good luck


 
== Can't allocate memory ERROR ==


=== Can't allocate memory ERROR ===
Some file too big?
Some file too big?
== Exclude dir ==
clamscan --exclude-dir=/foo
wildcards?
scan.conf:
ExcludePath /foo/*/bar ?

Revision as of 11:07, 17 March 2021

Clam Antivirus

Virus scanner for mail and files.

A handy script for adding more goodies

#!/usr/local/bin/bash
#extra signatures to catch spam and phishing
#or look at http://www.sanesecurity.com/
LOCATION=/var/db/clamav
GUNZIP=/usr/bin/gunzip
WGET=/usr/local/bin/wget
#and now the script itself
cd $LOCATION || exit -1
$WGET --timestamping http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz && ${GUNZIP} -f phish.ndb.gz
$WGET --timestamping http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz && ${GUNZIP} -f scam.ndb.gz
$WGET --timestamping http://download.mirror.msrbl.com/MSRBL-SPAM.ndb
$WGET --timestamping  http://download.mirror.msrbl.com/MSRBL-Images.hdb
$WGET -O - http://www.malware.com.br/cgi/submit?action=list_clamav > mbl.db
/usr/sbin/chown clamav:clamav *
killall -HUP clamd



FAQ

Amavis not finding socket clamd.ctl

Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done.

 

INetMsg.SpamDomain-xxx

That's from sanesecurity.net

Milter (clmilter): local socket name /var/run/clamav/clmilter.sock unsafe

Usually means something like clamd not running.

 

LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set

Try --bytecode-timeout=120000

LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes

--bytecode-timeout=N

 

Ignoring mirror x.x.x.x (due to previous errors)

try removing mirrors.dat and daily.cvd

 

LibClamAV Error: CRITICAL: fmap() failed

haha yeah, good luck

 

Can't allocate memory ERROR

Some file too big?


Exclude dir

clamscan --exclude-dir=/foo

wildcards?

scan.conf: ExcludePath /foo/*/bar ?