ClamAV
From DWIKI
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Clam Antivirus
Virus scanner for mail and files.
- Homepage
- clamav-milter
- Phishing and Scam Signatures for ClamAV
- Unofficial sigs
- https://wiki.archlinux.org/index.php/ClamAV
A handy script for adding more goodies
#!/usr/local/bin/bash #extra signatures to catch spam and phishing #or look at http://www.sanesecurity.com/ LOCATION=/var/db/clamav GUNZIP=/usr/bin/gunzip WGET=/usr/local/bin/wget #and now the script itself cd $LOCATION || exit -1 $WGET --timestamping http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz && ${GUNZIP} -f phish.ndb.gz $WGET --timestamping http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz && ${GUNZIP} -f scam.ndb.gz $WGET --timestamping http://download.mirror.msrbl.com/MSRBL-SPAM.ndb $WGET --timestamping http://download.mirror.msrbl.com/MSRBL-Images.hdb $WGET -O - http://www.malware.com.br/cgi/submit?action=list_clamav > mbl.db /usr/sbin/chown clamav:clamav * killall -HUP clamd
FAQ
ERROR: Can't send to clamd: Broken pipe
grep -r LocalSocket /etc/clam*
Amavis not finding socket clamd.ctl
Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done.
INetMsg.SpamDomain-xxx
That's from sanesecurity.net
Milter (clmilter): local socket name /var/run/clamav/clmilter.sock unsafe
Usually means something like clamd not running.
LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
Try --bytecode-timeout=120000
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
--bytecode-timeout=N
Ignoring mirror x.x.x.x (due to previous errors)
try removing mirrors.dat and daily.cvd
LibClamAV Error: CRITICAL: fmap() failed
haha yeah, good luck
Can't allocate memory ERROR
Some file too big?
Exclude dir
clamscan --exclude-dir='/foo/b.*r'
wildcards?
scan.conf: ExcludePath /foo/*/bar ?
WARNING: Directory recursion limit reached
Change MaxDirectoryRecursion in clamd configuratin
Whitelisting file
sigtool --sha1 somefile >> /var/lib/clamav/whitelist.sfp
and restart clamd if that's used
Freshclam
Freshclam: ERROR: getpatch: Can't download daily-26337.cdiff from db.nl.clamav.net
Probably an outdated freshclam
ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
If you are receiving a 403, 503, or 1020 error codes when downloading from Cloudflare, then you are either explicitly blocked, using an EOL'ed version of ClamAV or you are downloading incorrectly.
