ClamAV: Difference between revisions
From DWIKI
mNo edit summary |
|||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=Clam Antivirus= | |||
= Clam Antivirus = | |||
Virus scanner for mail and files. | Virus scanner for mail and files. | ||
*[http://www.clamav.net/ Homepage] | *[http://www.clamav.net/ Homepage] | ||
*[[clamav-milter]] | *[[Clamav-milter|clamav-milter]] | ||
*[http://www.sanesecurity.com/ Phishing and Scam Signatures for ClamAV ] | *[http://www.sanesecurity.com/ Phishing and Scam Signatures for ClamAV] | ||
*[https://github.com/extremeshok/clamav-unofficial-sigs Unofficial sigs] | |||
*https://wiki.archlinux.org/index.php/ClamAV | |||
== A handy script for adding more goodies == | |||
#!/usr/local/bin/bash | #!/usr/local/bin/bash | ||
#extra signatures to catch spam and phishing | #extra signatures to catch spam and phishing | ||
#or look at http://www.sanesecurity.com/ | #or look at [http://www.sanesecurity.com/ http://www.sanesecurity.com/] | ||
LOCATION=/var/db/clamav | LOCATION=/var/db/clamav | ||
GUNZIP=/usr/bin/gunzip | GUNZIP=/usr/bin/gunzip | ||
Line 18: | Line 20: | ||
#and now the script itself | #and now the script itself | ||
cd $LOCATION || exit -1 | cd $LOCATION || exit -1 | ||
$WGET --timestamping http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz && ${GUNZIP} -f phish.ndb.gz | $WGET --timestamping [http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz] && ${GUNZIP} -f phish.ndb.gz | ||
$WGET --timestamping http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz && ${GUNZIP} -f scam.ndb.gz | $WGET --timestamping [http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz] && ${GUNZIP} -f scam.ndb.gz | ||
$WGET --timestamping http://download.mirror.msrbl.com/MSRBL-SPAM.ndb | $WGET --timestamping [http://download.mirror.msrbl.com/MSRBL-SPAM.ndb http://download.mirror.msrbl.com/MSRBL-SPAM.ndb] | ||
$WGET --timestamping http://download.mirror.msrbl.com/MSRBL-Images.hdb | $WGET --timestamping [http://download.mirror.msrbl.com/MSRBL-Images.hdb http://download.mirror.msrbl.com/MSRBL-Images.hdb] | ||
$WGET -O - http://www.malware.com.br/cgi/submit?action=list_clamav > mbl.db | $WGET -O - [http://www.malware.com.br/cgi/submit?action=list_clamav http://www.malware.com.br/cgi/submit?action=list_clamav] > mbl.db | ||
/usr/sbin/chown clamav:clamav * | /usr/sbin/chown clamav:clamav * | ||
killall -HUP clamd | killall -HUP clamd | ||
== | |||
= FAQ = | |||
== ERROR: Can't send to clamd: Broken pipe == | |||
grep -r LocalSocket /etc/clam* | |||
| |||
== Amavis not finding socket clamd.ctl == | |||
Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done. | Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done. | ||
| |||
== INetMsg.SpamDomain-xxx == | |||
That's from sanesecurity.net | That's from sanesecurity.net | ||
===Milter (clmilter): local socket name /var/run/clamav/clmilter.sock unsafe=== | === Milter (clmilter): local socket name /var/run/clamav/clmilter.sock unsafe === | ||
Usually means something like clamd not running. | Usually means something like clamd not running. | ||
| |||
== LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set == | |||
Try --bytecode-timeout=120000 | |||
== LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes == | |||
--bytecode-timeout=N | |||
| |||
== Ignoring mirror x.x.x.x (due to previous errors) == | |||
try removing mirrors.dat and daily.cvd | |||
| |||
== LibClamAV Error: CRITICAL: fmap() failed == | |||
haha yeah, good luck | |||
| |||
== Can't allocate memory ERROR == | |||
Some file too big? | |||
| |||
== Exclude dir == | |||
clamscan --exclude-dir='/foo/b.*r' | |||
| |||
wildcards? | |||
scan.conf: ExcludePath /foo/*/bar ? | |||
==Freshclam: ERROR: getpatch: Can't download daily-26337.cdiff from db.nl.clamav.net== | |||
Probably an outdated freshclam |
Revision as of 11:07, 14 January 2022
Clam Antivirus
Virus scanner for mail and files.
- Homepage
- clamav-milter
- Phishing and Scam Signatures for ClamAV
- Unofficial sigs
- https://wiki.archlinux.org/index.php/ClamAV
A handy script for adding more goodies
#!/usr/local/bin/bash #extra signatures to catch spam and phishing #or look at http://www.sanesecurity.com/ LOCATION=/var/db/clamav GUNZIP=/usr/bin/gunzip WGET=/usr/local/bin/wget #and now the script itself cd $LOCATION || exit -1 $WGET --timestamping http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz && ${GUNZIP} -f phish.ndb.gz $WGET --timestamping http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz && ${GUNZIP} -f scam.ndb.gz $WGET --timestamping http://download.mirror.msrbl.com/MSRBL-SPAM.ndb $WGET --timestamping http://download.mirror.msrbl.com/MSRBL-Images.hdb $WGET -O - http://www.malware.com.br/cgi/submit?action=list_clamav > mbl.db /usr/sbin/chown clamav:clamav * killall -HUP clamd
FAQ
ERROR: Can't send to clamd: Broken pipe
grep -r LocalSocket /etc/clam*
Amavis not finding socket clamd.ctl
Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done.
INetMsg.SpamDomain-xxx
That's from sanesecurity.net
Milter (clmilter): local socket name /var/run/clamav/clmilter.sock unsafe
Usually means something like clamd not running.
LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
Try --bytecode-timeout=120000
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
--bytecode-timeout=N
Ignoring mirror x.x.x.x (due to previous errors)
try removing mirrors.dat and daily.cvd
LibClamAV Error: CRITICAL: fmap() failed
haha yeah, good luck
Can't allocate memory ERROR
Some file too big?
Exclude dir
clamscan --exclude-dir='/foo/b.*r'
wildcards?
scan.conf: ExcludePath /foo/*/bar ?
Freshclam: ERROR: getpatch: Can't download daily-26337.cdiff from db.nl.clamav.net
Probably an outdated freshclam