| a907fb08 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 99.2beta8 (1.46)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Frequently Asked Questions</TITLE>
<META NAME="description" CONTENT="Frequently Asked Questions">
<META NAME="keywords" CONTENT="clamdoc">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v99.2beta8">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="clamdoc.css">
<LINK REL="next" HREF="node47.html">
<LINK REL="previous" HREF="node30.html">
<LINK REL="up" HREF="clamdoc.html">
<LINK REL="next" HREF="node47.html">
</HEAD>
<BODY >
<!--Navigation Panel--> |
| a907fb08 |
HREF="node1.html">Contents</A></B>
<BR>
<BR>
<!--End of Navigation Panel-->
<H1><A NAME="SECTION00080000000000000000">
Frequently Asked Questions</A>
</H1>
The FAQ section is maintained by Luca Gibelli.
<P>
<UL>
<LI><B>What does <I>WARNING: Current functionality level = 1,
required = 2</I> mean?</B>
<BR>
The functionality level of the database determines which scanner engine
version is required to use all of its signatures. If you don't upgrade
immediately you will be in big trouble.
<P>
</LI>
<LI><B>What does <I>Your ClamAV installation is OUTDATED</I>
mean?</B>
<BR>
You'll get this message whenever a new version of ClamAV is released.
In order to detect all the latest viruses, it's not enough to keep your
database up to date. You also need to run the latest version of the
scanner. You can find the latest release at <TT><A NAME="tex2html39"
HREF="http://www.clamav.net">http://www.clamav.net</A></TT> under the <code>stable</code> link. Running the latest stable release also
improves stability.
<P>
</LI>
<LI><B>What does <I>WARNING: DNS record is older than 3 hours</I>
mean?</B>
<BR>
freshclam attempts to detect potential problems with DNS caches and
switches to the old mode if something looks suspicious. If this message
appears seldomly, you can safely ignore it. If you get the error
everytime you run freshclam, you should check your dns settings.
<P>
</LI>
<LI><B>What does <I>SECURITY WARNING: NO SUPPORT FOR DIGITAL
SIGNATURES</I> mean?</B>
<BR>
The ClamAV package requires the GMP library to verify the digital
signature of the virus database. When building ClamAV you need the
GMP library and its headers: if you are using Debian just run
<code>apt-get install libgmp3-dev</code>, if you are using an RPM based
distribution install the gmp-devel package.
<P>
</LI>
<LI><B>How often is the virus database updated?</B>
<BR>
The virus database is usually updated many times per week. Check out
<TT><A NAME="tex2html40"
HREF="http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb/">http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb/</A></TT> to see our response times to new threats. The virusdb team tries to
keep up with the latest worm in the wild. When a new worm spreads out,
often it is less than one hour before we release a database update.
You can contribute to make the virusdb updating process more efficient
by submitting samples of viruses via our web interface.
<P>
</LI>
<LI><B>I tried to submit a sample through the web interface,
but it said the sample is already recognized by ClamAV. My clamscan
tells me it's not. I already updated my database, what's wrong with
my setup?</B>
<BR>
Please run clamscan with the -mbox option. Also check that freshclam
and clamscan are using the same path for storing/reading the database.
<P>
</LI>
<LI><B>ClamAV crashes/hangs/doesn't compile/doesn't start. Did
I find a bug?</B>
<BR>
Before reporting a bug, please download the latest CVS code and try to
reproduce the bug with it. Chances are the bug you encountered has
already been fixed. If you really feel like you found a bug, please
send a message bugs*clamav.net.
<P>
</LI>
<LI><B>How do I automatically restart clamd when it dies?</B>
<BR>
Set up a cronjob which checks that clamd is up and running, every XX
minutes. You can find an example script in the
<code>contrib/clamdwatch/</code> directory.
<P>
</LI>
<LI><B>How do I keep my virus database up to date?</B>
<BR>
ClamAV comes with freshclam, a tool which periodically checks for
new database releases and keeps your database up to date.
<P>
</LI>
<LI><B>I'm running ClamAV on a lot of clients on my local
network. Can I mirror the database locally so that each client
doesn't have to download it from your servers?</B>
<BR>
Sure, install a proxy server and then configure your freshclam clients
to use it (watch for the <code>HTTPProxyServer</code> parameter in
<code>man freshclam.conf</code>). Alternatively, you can configure a local
webserver on one of your machines (say machine1.mylan) and let
freshclam download the *.cvd files from
<TT><A NAME="tex2html41"
HREF="http://database.clamav.net/">http://database.clamav.net/</A></TT> to the webserver's
<code>DocumentRoot</code>. Finally, change <code>freshclam.conf</code> on your
clients so that it reads: <code>DatabaseMirror machine1.mylan</code>
First the database will be downloaded to the local webserver and then
the other clients on the network will update their copy of the database
from it.
<P>
</LI>
<LI><B>How can I list the virus signature names contained in
the database?</B>
<BR>
If you are using a recent version of ClamAV just run:
<code>$sigtool --list-sigs</code>
<P>
</LI>
<LI><B>I found an infected file in my HD/floppy/mailbox, but
ClamAV doesn't recognize it yet. Can you help me?</B>
<BR>
Our virus database is kept up to date with the help of the community.
Whenever you find a new virus which is not detected by ClamAV you
should submit it on our website (go to <TT><A NAME="tex2html42"
HREF="www.clamav.net">www.clamav.net</A></TT> and
click on <I>submit sample</I>). The virusdb team will review your
submission and update the database if necessary. Before submitting
a new sample:
<UL>
<LI>check that the value of <code>DatabaseDirectory</code>, in both
<code>clamd.conf</code> and
<BR><code>freshclam.conf</code>, is the same
</LI>
<LI>update your database by running freshclam
</LI>
</UL>
<P>
</LI>
<LI><B>Why is ClamAV calling the XXX virus with another name?</B>
<BR>
This usually happens when we add a signature before other AV
vendors. No well-known name is available at that moment so we have to
invent one. Renaming the virus after a few days would just confuse
people more, so we usually keep on using our name for that virus. The
only exception is when a new name is established soon after the
signature addition. You can find more info about this in the virus
naming page at <TT><A NAME="tex2html43"
HREF="http://www.clamav.net/cvdinfo.html">http://www.clamav.net/cvdinfo.html</A></TT>
<P>
</LI>
<LI><B>How do I know when database updates are released?</B>
<BR>
Subscribe to the <I>clamav-virusdb</I> mailing-list.
<P>
</LI>
<LI><B>How can I scan a file on my hard disk for viruses
without installing ClamAV?</B>
<BR>
Use the online scanning tool available at
<TT><A NAME="tex2html44"
HREF="http://test-clamav.power-netz.de/">http://test-clamav.power-netz.de/</A></TT>
<P>
</LI>
<LI><B>I found a false positive in ClamAV virus database. What
shall I do?</B>
<BR>
Fill the form at <TT><A NAME="tex2html45"
HREF="http://www.clamav.net/sendvirus.html">http://www.clamav.net/sendvirus.html</A></TT> Be sure to
select <I>The file attached is... a false positive</I>
<P>
</LI>
<LI><B>How do I verify the integrity of ClamAV sources?</B>
<BR>
Using GnuPG (<TT><A NAME="tex2html46"
HREF="http://www.gnupg.org/">http://www.gnupg.org/</A></TT>) you can easily verify the
authenticity of your stable release downloads by using the following
method:
<UL>
<LI>Download Tomasz Kojm's key from the clamav.net site:
<BR> <code>$ wget http://www.clamav.net/gpg/tkojm.gpg</code>
</LI>
<LI>Import the key into your local public keyring:
<BR> <code>\$ gpg --import tkojm.gpg</code>
</LI>
<LI>Download the stable release AND the corresponding .sig file to
the same directory.
<BR> <PRE>
$ wget http://prdownloads.sourceforge.net/clamav/clamav-X.XX.tar.gz
$ wget http://prdownloads.sourceforge.net/clamav/clamav-X.XX.tar.gz.sig
</PRE>
</LI>
<LI>Verify that the stable release download is signed with the proper
key:
<BR> <code>$ gpg --verify clamav-X.XX.tar.gz.sig</code>
</LI>
<LI>Make sure the resulting output contain the following
information:
<BR> <code>Good signature from Tomasz Kojm (tk*lodz.tpnet.pl)</code>
</LI>
</UL>
<P>
</LI>
<LI><B>Can ClamAV disinfect files?</B>
<BR>
No, it can't. We will add support for disinfecting OLE2 files in one
of the next stable releases. There are no plans for disinfecting other
types of files. There are many reasons for it: cleaning viruses from
files is virtually pointless these days. It is very seldom that there
is anything useful left after cleaning, and even if there is,
would you trust it?
<P>
</LI>
<LI><B>When using clamscan, is there a way to know which message
within an mbox is infected?</B>
<BR>
No, clamscan stops at the first infected message. You can convert the
mbox to Maildir format, run clamscan on it and then convert it back to
mbox format. There are many tools available which can convert to and
from Maildir format, e.g: formail, mbox2maildir, and maildir2mbox.
<P>
</LI>
<LI><B>I'm running qmail+Qmail-Scanner+ClamAV and get the
following error in my mail logs: <I>clamdscan: corrupt or unknown
clamd scanner error or memory/resource/perms problem</I>. What's wrong
with it?</B>
<BR>
Most likely clamd is not running at all, or you are running
Qmail-Scanner and clamd under a different uid. If you are running
Qmail-Scanner as qscand (default setting) you could put
<code>User qscand</code> inside your clamd.conf file and restart clamd.
Remember to check that qscand can create clamd.ctl (usually located at
<code>/var/run/clamav/clamd.ctl</code>). The same applies to the log file.
<P>
</LI>
<LI><B>How do I use ClamAV with p3scan?</B>
<BR>
Add the following lines to your pop3vscan configuration file:
<PRE>
virusregexp = .*: (.*) FOUND
scanner = /usr/bin/clamdscan --no-summary -i
scannertype = basic
</PRE>
<P>
</LI>
<LI><B>Where can I ask questions about using ClamAV?</B>
<BR>
Subscribe to our <I>clamav-users</I> mailing-list at
<TT><A NAME="tex2html47"
HREF="http://www.clamav.net/ml.html">http://www.clamav.net/ml.html</A></TT>
<P>
</LI>
<LI><B>Where can I get the latest CVS snapshot of ClamAV?</B>
<BR>
Basically, there are two ways:
<UL>
<LI>Run
<BR> <code>cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/clamav co clamav-devel</code>
</LI>
<LI>Visit <TT><A NAME="tex2html48"
HREF="http://www.clamav.net/snapshot/">http://www.clamav.net/snapshot/</A></TT>
</LI>
</UL>
<P>
</LI>
<LI><B>I'm a MS Windows user. Can I take advantage of ClamAV
virus protection?</B>
<BR>
Yes, you can use ClamWin, a port of ClamAV for win32 systems with a
very nice graphic interface. Download it at <TT><A NAME="tex2html49"
HREF="http://www.clamwin.net">http://www.clamwin.net</A></TT>
<P>
</LI>
<LI><B>Where can I find more information about ClamAV?</B>
<BR>
Please read this documentation. You can also try searching the mailing
list archives. If you can't find the answer, you can ask for support on
the clamav-users mailing-list, but please before doing it, search the
archives! Also, make sure that you don't send HTML-ized email messages
and that you don't top-post (these violate the netiquette and lessen
your chances of being answered).
<P>
</LI>
<LI><B>How can I contribute to the ClamAV project?</B>
<BR>
There are many ways to contribute to the ClamAV project. See the
donations page (<TT><A NAME="tex2html50"
HREF="http://www.clamav.net/donate.html">http://www.clamav.net/donate.html</A></TT> for more info.
</LI>
</UL>
<P>
<HR>
<!--Navigation Panel--> |