ClamAV

From DWIKI
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Clam Antivirus

Virus scanner for mail and files.

A handy script for adding more goodies

#!/usr/local/bin/bash
#extra signatures to catch spam and phishing
#or look at http://www.sanesecurity.com/
LOCATION=/var/db/clamav
GUNZIP=/usr/bin/gunzip
WGET=/usr/local/bin/wget
#and now the script itself
cd $LOCATION || exit -1
$WGET --timestamping http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz && ${GUNZIP} -f phish.ndb.gz
$WGET --timestamping http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz && ${GUNZIP} -f scam.ndb.gz
$WGET --timestamping http://download.mirror.msrbl.com/MSRBL-SPAM.ndb
$WGET --timestamping  http://download.mirror.msrbl.com/MSRBL-Images.hdb
$WGET -O - http://www.malware.com.br/cgi/submit?action=list_clamav > mbl.db
/usr/sbin/chown clamav:clamav *
killall -HUP clamd



FAQ

clamdscan

Can't open file or directory ERROR

Could be apparmor, then 

apt-get install apparmor-utils
aa-complain /usr/sbin/clamd

This would make it complain instead of deny

ERROR: Can't send to clamd: Broken pipe

grep -r LocalSocket /etc/clam*

 

Amavis not finding socket clamd.ctl

Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done.

 

INetMsg.SpamDomain-xxx

That's from sanesecurity.net

Milter (clmilter): local socket name /var/run/clamav/clmilter.sock unsafe

Usually means something like clamd not running.

 

LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set

Try --bytecode-timeout=120000

LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes

--bytecode-timeout=N

 

Ignoring mirror x.x.x.x (due to previous errors)

try removing mirrors.dat and daily.cvd

 

LibClamAV Error: CRITICAL: fmap() failed

haha yeah, good luck

 

Can't allocate memory ERROR

Some file too big?

 

Exclude dir

clamscan --exclude-dir='/foo/b.*r'

 

wildcards?

scan.conf: ExcludePath /foo/*/bar ? REGEX suggests using ^/foo/.*/bar/

WARNING: Directory recursion limit reached

Change MaxDirectoryRecursion in clamd configuration, default is 15

Whitelisting file

sigtool --sha1 somefile >> /var/lib/clamav/whitelist.sfp

and restart clamd if that's used

Freshclam

Freshclam: ERROR: getpatch: Can't download daily-26337.cdiff from db.nl.clamav.net

Probably an outdated freshclam


ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd

If you are receiving a 403, 503, or 1020 error codes when downloading from Cloudflare, then you are either explicitly blocked, using an EOL'ed version of ClamAV or you are downloading incorrectly.

Retrieved from "https://wiki.dhits.nl/index.php?title=ClamAV&oldid=8635"