<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <!--Converted with LaTeX2HTML 2K.1beta (1.48) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>Frequently Asked Questions</TITLE> <META NAME="description" CONTENT="Frequently Asked Questions"> <META NAME="keywords" CONTENT="clamdoc"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="LaTeX2HTML v2K.1beta"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="clamdoc.css"> <LINK REL="next" HREF="node47.html"> <LINK REL="previous" HREF="node30.html"> <LINK REL="up" HREF="clamdoc.html"> <LINK REL="next" HREF="node47.html"> </HEAD> <BODY > <!--Navigation Panel--> <A NAME="tex2html1014" HREF="node47.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="/usr/share/latex2html/icons/next.png"></A> <A NAME="tex2html1010" HREF="clamdoc.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="/usr/share/latex2html/icons/up.png"></A> <A NAME="tex2html1004" HREF="node45.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="/usr/share/latex2html/icons/prev.png"></A> <A NAME="tex2html1012" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="/usr/share/latex2html/icons/contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html1015" HREF="node47.html">Third party software</A> <B> Up:</B> <A NAME="tex2html1011" HREF="clamdoc.html">clamdoc</A> <B> Previous:</B> <A NAME="tex2html1005" HREF="node45.html">CVD format</A>   <B> <A NAME="tex2html1013" HREF="node1.html">Contents</A></B> <BR> <BR> <!--End of Navigation Panel--> <H1><A NAME="SECTION00080000000000000000"> Frequently Asked Questions</A> </H1> The FAQ section is maintained by Luca Gibelli. <P> <UL> <LI><B>What does <I>WARNING: Current functionality level = 1, required = 2</I> mean?</B> <BR> The functionality level of the database determines which scanner engine version is required to use all of its signatures. If you don't upgrade immediately you will be in big trouble. <P> </LI> <LI><B>What does <I>SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES</I> mean?</B> <BR> The ClamAV package requires the GMP library to verify the digital signature of the virus database. When building ClamAV you need the GMP library and its headers: if you are using Debian just run <code>apt-get install libgmp3-dev</code>, if you are using an RPM based distribution install the gmp-devel package. <P> </LI> <LI><B>How often is the virus database updated?</B> <BR> The virus database is usually updated many times per week. Check out <TT><A NAME="tex2html37" HREF="http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb/">http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb/</A></TT> to see our response times to new threats. The virusdb team tries to keep up with the latest worm in the wild. When a new worm spreads out, often it is less than one hour before we release a database update. You can contribute to make the virusdb updating process more efficient by submitting samples of viruses via our web interface. <P> </LI> <LI><B>I tried to submit a sample through the web interface, but it said the sample is already recognized by ClamAV. My clamscan tells me it's not. I already updated my database, what's wrong with my setup?</B> <BR> Please run clamscan with the -mbox option. Also check that freshclam and clamscan are using the same path for storing/reading the database. <P> </LI> <LI><B>ClamAV crashes/hangs/doesn't compile/doesn't start. Did I find a bug?</B> <BR> Before reporting a bug, please download the latest CVS code and try to reproduce the bug with it. Chances are the bug you encountered has already been fixed. If you really feel like you found a bug, please send a message bugs*clamav.net. <P> </LI> <LI><B>How do I automatically restart clamd when it dies?</B> <BR> Set up a cronjob which checks that clamd is up and running, every XX minutes. You can find an example script in the <code>contrib/clamdwatch/</code> directory. You can also read how to run clamd supervised in the <code>docs/clamd_supervised/</code> directory. <P> </LI> <LI><B>How do I keep my virus database up to date?</B> <BR> ClamAV comes with freshclam, a tool which periodically checks for new database releases and keeps your database up to date. <P> </LI> <LI><B>I'm running ClamAV on a lot of clients on my local network. Can I mirror the database locally so that each client doesn't have to download it from your servers?</B> <BR> Sure, install a proxy server and then configure your freshclam clients to use it (watch for the <code>HTTPProxyServer</code> parameter in <code>man freshclam.conf</code>). Alternatively, you can configure a local webserver on one of your machines (say machine1.mylan) and let freshclam download the *.cvd files from <TT><A NAME="tex2html38" HREF="http://database.clamav.net/">http://database.clamav.net/</A></TT> to the webserver's <code>DocumentRoot</code>. Finally, change <code>freshclam.conf</code> on your clients so that it reads: <code>DatabaseMirror machine1.mylan</code> First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it. <P> </LI> <LI><B>How can I list the virus signature names contained in the database?</B> <BR> If you are using a recent version of ClamAV just run: <code>$sigtool --list-sigs</code> <P> </LI> <LI><B>I found an infected file in my HD/floppy/mailbox, but ClamAV doesn't recognize it yet. Can you help me?</B> <BR> Our virus database is kept up to date with the help of the community. Whenever you find a new virus which is not detected by ClamAV you should submit it on our website (go to <TT><A NAME="tex2html39" HREF="www.clamav.net">www.clamav.net</A></TT> and click on <I>submit sample</I>). The virusdb team will review your submission and update the database if necessary. Before submitting a new sample: <UL> <LI>check that the value of <code>DatabaseDirectory</code>, in both <code>clamd.conf</code> and <BR><code>freshclam.conf</code>, is the same </LI> <LI>update your database by running freshclam </LI> </UL> <P> </LI> <LI><B>Why is ClamAV calling the XXX virus with another name?</B> <BR> This usually happens when we add a signature before other AV vendors. No well-known name is available at that moment so we have to invent one. Renaming the virus after a few days would just confuse people more, so we usually keep on using our name for that virus. The only exception is when a new name is established soon after the signature addition. You can find more info about this in the virus naming page at <TT><A NAME="tex2html40" HREF="http://www.clamav.net/cvdinfo.html">http://www.clamav.net/cvdinfo.html</A></TT> <P> </LI> <LI><B>How do I know when database updates are released?</B> <BR> Subscribe to the <I>clamav-virusdb</I> mailing-list. <P> </LI> <LI><B>How can I scan a file on my hard disk for viruses without installing ClamAV?</B> <BR> Use the online scanning tool available at <TT><A NAME="tex2html41" HREF="http://test-clamav.power-netz.de/">http://test-clamav.power-netz.de/</A></TT> <P> </LI> <LI><B>I found a false positive in ClamAV virus database. What shall I do?</B> <BR> Fill the form at <TT><A NAME="tex2html42" HREF="http://www.clamav.net/sendvirus.html">http://www.clamav.net/sendvirus.html</A></TT> Be sure to select <I>The file attached is... a false positive</I> <P> </LI> <LI><B>How do I verify the integrity of ClamAV sources?</B> <BR> Using GnuPG (<TT><A NAME="tex2html43" HREF="http://www.gnupg.org/">http://www.gnupg.org/</A></TT>) you can easily verify the authenticity of your stable release downloads by using the following method: <UL> <LI>Download Tomasz Kojm's key from the clamav.net site: <BR> <code>$ wget http://www.clamav.net/gpg/tkojm.gpg</code> </LI> <LI>Import the key into your local public keyring: <BR> <code>\$ gpg --import tkojm.gpg</code> </LI> <LI>Download the stable release AND the corresponding .sig file to the same directory. <BR> <PRE> $ wget http://prdownloads.sourceforge.net/clamav/clamav-X.XX.tar.gz $ wget http://prdownloads.sourceforge.net/clamav/clamav-X.XX.tar.gz.sig </PRE> </LI> <LI>Verify that the stable release download is signed with the proper key: <BR> <code>$ gpg --verify clamav-X.XX.tar.gz.sig</code> </LI> <LI>Make sure the resulting output contain the following information: <BR> <code>Good signature from Tomasz Kojm (tk*lodz.tpnet.pl)</code> </LI> </UL> <P> </LI> <LI><B>Can ClamAV disinfect files?</B> <BR> No, it can't. We will add support for disinfecting OLE2 files in one of the next stable releases. There are no plans for disinfecting other types of files. There are many reasons for it: cleaning viruses from files is virtually pointless these days. It is very seldom that there is anything useful left after cleaning, and even if there is, would you trust it? <P> </LI> <LI><B>When using clamscan, is there a way to know which message within an mbox is infected?</B> <BR> No, clamscan stops at the first infected message. You can convert the mbox to Maildir format, run clamscan on it and then convert it back to mbox format. There are many tools available which can convert to and from Maildir format, e.g: formail, mbox2maildir, and maildir2mbox. <P> </LI> <LI><B>I'm running qmail+Qmail-Scanner+ClamAV and get the following error in my mail logs: <I>clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem</I>. What's wrong with it?</B> <BR> Most likely clamd is not running at all, or you are running Qmail-Scanner and clamd under a different uid. If you are running Qmail-Scanner as qscand (default setting) you could put <code>User qscand</code> inside your clamd.conf file and restart clamd. Remember to check that qscand can create clamd.ctl (usually located at <code>/var/run/clamav/clamd.ctl</code>). The same applies to the log file. <P> </LI> <LI><B>How do I use ClamAV with p3scan?</B> <BR> Add the following lines to your pop3vscan configuration file: <PRE> virusregexp = .*: (.*) FOUND scanner = /usr/bin/clamdscan --no-summary -i scannertype = basic </PRE> <P> </LI> <LI><B>Where can I ask questions about using ClamAV?</B> <BR> Subscribe to our <I>clamav-users</I> mailing-list at <TT><A NAME="tex2html44" HREF="http://www.clamav.net/ml.html">http://www.clamav.net/ml.html</A></TT> <P> </LI> <LI><B>Where can I get the latest CVS snapshot of ClamAV?</B> <BR> Basically, there are two ways: <UL> <LI>Run <BR> <code>cvs -d:pserver:anonymous @ cvs.sourceforge.net:/cvsroot/clamav co clamav-devel</code> </LI> <LI>Visit <TT><A NAME="tex2html45" HREF="http://www.clamav.net/snapshot/">http://www.clamav.net/snapshot/</A></TT> </LI> </UL> <P> </LI> <LI><B>I'm a MS Windows user. Can I take advantage of ClamAV virus protection?</B> <BR> Yes, you can use ClamWin, a port of ClamAV for win32 systems with a very nice graphic interface. Download it at <TT><A NAME="tex2html46" HREF="http://www.clamwin.net">http://www.clamwin.net</A></TT> <P> </LI> <LI><B>Where can I find more information about ClamAV?</B> <BR> Please read this documentation. You can also try searching the mailing list archives. If you can't find the answer, you can ask for support on the clamav-users mailing-list, but please before doing it, search the archives! Also, make sure that you don't send HTML-ized email messages and that you don't top-post (these violate the netiquette and lessen your chances of being answered). <P> </LI> <LI><B>How can I contribute to the ClamAV project?</B> <BR> There are many ways to contribute to the ClamAV project. See the donations page (<TT><A NAME="tex2html47" HREF="http://www.clamav.net/donate.html">http://www.clamav.net/donate.html</A></TT> for more info. </LI> </UL> <P> <HR> <!--Navigation Panel--> <A NAME="tex2html1014" HREF="node47.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="/usr/share/latex2html/icons/next.png"></A> <A NAME="tex2html1010" HREF="clamdoc.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="/usr/share/latex2html/icons/up.png"></A> <A NAME="tex2html1004" HREF="node45.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="/usr/share/latex2html/icons/prev.png"></A> <A NAME="tex2html1012" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="/usr/share/latex2html/icons/contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html1015" HREF="node47.html">Third party software</A> <B> Up:</B> <A NAME="tex2html1011" HREF="clamdoc.html">clamdoc</A> <B> Previous:</B> <A NAME="tex2html1005" HREF="node45.html">CVD format</A>   <B> <A NAME="tex2html1013" HREF="node1.html">Contents</A></B> <!--End of Navigation Panel--> <ADDRESS> Tomasz Kojm 2004-10-17 </ADDRESS> </BODY> </HTML>