FAQ



h2.官方FAQ

這是官方FAQ。其他的FAQs請到”Wiki”:http://wiki.clamav.net/Main/FAQ。請增加更多的FAQs到Wiki。ClamAV團隊會一自that page and will add the best ones below.

升級ClamAV

  • 如何升級ClamAV?
    • 請到Wiki。任何人都可以編輯這個網頁,如果你是一個資深的系統管理員,請出一分力。
  • “Current functionality level = 1, required = 2”代表什麼?
    • 病毒庫作用級別是用來測試為了使用所有的病毒庫資料至少需要哪個版本的掃描引擎。如果你不立即升級,你仍可以更新最新的CVD升級,但殺毒引擎不能使用所有的病毒庫。
  • “Your ClamAV installation is OUTDATED”代表什麼?
    • 當有比你使用的更新的ClamAV版本,你就會得到這個消息。為了能夠檢測最新的病毒,你不僅要有最新的病毒庫,還要使用最新的掃描程式。 你可以從我們的網站上下載到最新的穩定版的源碼”sources”。 升級指南請看”Wiki”:http://wiki.clamav.net/Main/UpgradeInstructions。如果你怕從源碼升級會破壞什麼,請使用與你系統匹配的”precompiled packages”: 記住:使用最新的穩定版會提高穩定性。
  • 已經升級到最新的穩定版怎麼還有“Your ClamAV installation is OUTDATED”的提示?
    • 請確認在你的系統裏僅有一個版本: 
         $ whereis freshclam 
   $ whereis clamscan
    • 請確認你的系統裏是否有舊版本的庫檔(libclamav.so*)。 請用:$ ldd `which freshclam`
  • 如何校驗ClamAV源碼的完整性?
    • GnuPG你可以輕易用以下的方法來校驗你下載的內容的真實性: 從ClamAV網站下載Tomasz Kojm’s “key”:http://www.clamav.net/gpg/tkojm.gpg。將這個KEY導入到本地public keyring: $ gpg --import tkojm.gpg。下載穩定版本和相關.sig檔到同一個目錄。 用Tomasz Kojm’s的key校驗剛剛下載的軟體:$ gpg --verify clamav-X.XX.tar.gz.sig . 請注意輸出的內容必須包含Good signature from Tomasz Kojm!!!

升級ClamAV病毒庫

  • “WARNING: DNS record is older than 3 hours”代表什麼?
    • freshclam嘗試去探測DNS緩衝的潛在問題,如果有不正常就轉換到舊的模式。如果這個提示出現的不是很多,你可以不要管它。 如果你每次運行freshclam時都有這個錯誤,請檢查你的系統時間。 如果時間正確,請檢查你的DNS設置。如果這些都沒用,把
       host -t txt current.cvd.clamav.net; perl -e 'printf "%d\n", time;'
      放到cronjob的第一行。 The 4th field of the first line should be less than 3 ∗ 3600 behind the output of the second line. If not, you have a caching DNS server somewhere misbehaving.
  • 病毒庫升級頻率?
    • 通常病毒庫一個星期要升級很多次, 檢查”http://lurker.clamav.net/list/clamav-virusdb.html”:http://lurker.clamav.net/list/clamav-virusdb.html看我們對新威脅的反應時間,病毒庫團隊成員會盡最大的努力去更新病毒庫,當一個新的蠕蟲病毒開始傳播,我們一般在一個小時內更新病毒庫。你可以通過我們web interface提交病毒樣本來幫助我們,這樣我們會更新的更快更有效。
  • 每小時要運行freshclam多少次? * 如果你在使用ClamAV 0.7x版本,請*立即升級**!!! 如果你在使用ClamAV 0.8x或更新的版本, 在你的freshclam.conf裏有如下設置: DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.XY.clamav.net DatabaseMirror database.clamav.net 將XY替換你的國家代碼,每小時升級四次。如果你沒有用這個選項,每小時升級一次。
  • 我嘗試通過WEB介面提交病毒樣本,得到結果是ClamAV已經能夠識別, 但我的clamscan卻不能。我已經升級了病毒庫和殺毒引擎,什麼問題?
    • 運行clamscan—detect-broken,同時檢查freshclam和clamscan是否使用相同路徑讀寫病毒庫。
  • 我在HD/floppy/mailbox發現感染的檔,但是ClamAV不能識別,幫幫我?
    • 由於社團的幫助,我們的病毒庫一直保持最新。當你發現一個ClamAV不能識別的病毒,請”填寫這個表格”:submit。我們的病毒庫維護團隊檢查你的提交,更新病毒庫。在提交前請先檢查clamd.conf和freshclam.conf裏DatabaseDirectory是否相同;用freshclam升級病毒庫。
  • 我樣保持病毒庫最新?
    • ClamAV帶有一個定期更新病毒庫的程式freshclam。
  • 當我運行freshclam時出現如下錯誤:_Invalid DNS reply. Falling back to HTTP mode_ or ERROR: Can’t query current.cvd.clamav.net 什麼問題?
    • 這是你的DNS伺服器問題,請檢查etc/resolv.conf設置,確認你可以解析TXT紀錄: $ host -t txt current.cvd.clamav.net。 如果不行,表示有問題, 但你仍然可以更新,但是會浪費很多帶寬用於檢查更新。
  • 當我運行freshclam時出現如下錯誤:_ERROR: Connection with ??? failed_ 。我該怎麼辦?
    • 你的DNS沒有發揮作用或是你阻止53/tcp埠的資料。你可以用:$ host database.clamav.net來檢查你能否解析這個主機名,如果不行,請檢查/etc/resolv.conf設置。 如果可以,檢查你是否可以接收超過512位元組DNS資料包。 比如:檢查你的防火牆是否阻止來自53/tcp的資料包。 一個簡單的方法:$ dig @ns1.clamav.net db.us.big.clamav.net
  • 怎樣判斷我的IP是否被阻止?
    • 在使用freshclam的機器上用lynx或wget嘗試是否能下載daily.cvd。未來版本的freshclam提供更好的辦法來處理這個問題。
  • 什麼是mirrors.dat文件?
    • mirrors.dat是freshclam用來跟蹤有問題的鏡像的。它會防止你從在24小時內失敗多次的鏡像下載CVD升級。
  • 在我的內部網有許多運行ClamAV的用戶端,我可以運行自己的cvd檔伺服器嗎?這樣就不需要每個用戶端都從你們的伺服器下載更新了。
    • 當然可以,有兩種方法:
    • 如果你需要增量升級優勢,安裝proxy server and then configure your freshclam clients to use it (watch for the HTTPProxyServer parameter in man freshclam.conf). * 第二種方法是配置一個本地WEB伺服器(比如:machine1.mylan),運行freshclam從http://database.clamav.net下載.cvd檔到WEB伺服器的根目錄,更改所有用戶端的freshclam.conf:DatabaseMirror machine1.mylan和ScriptedUpdates off,這樣用戶端就可以更新了。
    • 我來不及等你們的更新了,我現在就要用我自己的更新,怎麼辦?
    • 沒問題,你可以用適當的尾碼名將你自己的病毒庫更新保存到文字檔案(詳見 “signatures.pdf”:/doc/latest/signatures.pdf),把它放在.cvd,ClamAV會在載入完所有CVD檔後自動載入它, You need not to sign the .db file.
  • 我可以手動下載病毒庫嗎?
    • 是的,你可以從我們網站的“Latest releases”下載。
  • 我不能解析current.cvd.clamav.net!是你的或我的DNS伺服器問題嗎?
    • current.cvd.clamav.net has got only a TXT record, not a type A record! Try this command: $ host <del>t txt current.cvd.clamav.net. Please note that some not RFC compliant DNS servers (namely the one shipped with the SpeedTouch Alcatel 510 modem) can’t resolve TXT record. If that’s the case, please recompile ClamAV with the flag </del>-enable-dns-fix .

Troubleshooting crashes

  • I got an error message followed by report to http://bugs.clamav.net: can you fix this bug?
    • If you want us to fix the bug, you need to send us the error message and the file that triggered it. Without the file your report is totally useless for us. Despite what the error message says, the preferred way to submit bug reports is now to use our bugzilla interface.
  • ClamAV doesn’t work! It doesn’t add any header to the messages that transit on my mail server.
    • ClamAV itself is an antivirus and his job is to scan files not to do fancy things with your mail’s headers. In order to use ClamAV with your MTA you need a content filter program. If you are using clamav-milter you can ask for help on our mailing lists. If you are using any other content filter, find the address of the official mailing-list (if any) or contact the author.
  • ClamAV crashes/hangs/doesn’t compile/doesn’t start. Did I find a bug?
    • Before reporting a bug, please download the latest SVN code and try to reproduce the bug with it. Chances are the bug you encountered has already been fixed. If you really feel like you found a bug, please visit our bugzilla interface. Before submitting your bug please check if a similar report is already present.
  • How do I start clamd at boot time?
    • If you installed ClamAV from a binary package or ports collection, you should already have a script that starts clamd at boot time. If you compiled ClamAV by yourself, then look in the contrib/init/ directory of the source package.
  • How do I automatically restart clamd when it dies?
    • Set up a cronjob which checks that clamd is up and running every XX minutes. You can find an example in the contrib/clamdmon/ and contrib/clamdwatch/ directory. You can also check clamd from the command prompt with a simple: 
      echo PING|socat - /tmp/clamd
  • What does SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES mean?
    • The ClamAV package requires the GMP library to verify the digital signature of the virus database. When building ClamAV you need the GMP library and its headers: if you are using Debian just run apt-get install libgmp3-dev, if you are using an RPM based distribution install the gmp-devel package. You’ll need to rerun ./configure and recompile ClamAV.
  • How can I list the virus signature names contained in the database?
    • If you are using a recent version of ClamAV just run: $ sigtool --list-sigs
  • How do I know when database updates are released?
  • I found a false positive in ClamAV virus database. What shall I do?

使用ClamAV郵件列表

  • Where can I ask questions about using ClamAV?
  • I want to take part to the development of ClamAV. Where can I get more info?
  • The mailing-lists generate too many messages per day. I can’t handle them. What shall I do?
    • There are two possible solutions: – Go to the mailing-list mailman interface, click on Unsubscribe or edit options, and turn digest mode on – access the mailing-lists using a news reader
  • I sent a message to one of ClamAV’s mailing-lists, but the mail was rejected/held for approval. Why?
    • Only subscribers are allowed to post to the mailing-list. This is done to avoid spammers. Please check that your outgoing messages start with a line like the following: Return-Path: me@mydomain.com where me@mydomain.com is the mail account which you used to subscribe to the mailing-list. You can subscribe multiple times, with different mail addresses, and disable mail delivery. You will be able to post to the mailing-lists by putting any of those addresses in Return-Path.
  • I read the mailing-list from the Gmane news gateway. Can I post to the mailing-list?
    • See previous FAQ.
  • I’ve been unsubscribed from one of the mailing-lists. What happened?
    • There are two possible reasons: If your account generates too many bounces you’ll be automatically unsubscribed. Please subscribe again with a more reliable account. If we receive even one out of office notification from your vacation program, your address will be unsubscribed and banned from our mailing-lists forever. Sorry for that, there are just too many stupid people out there.
  • How do I disable mail delivery from the mailing-list I’m subscribed to?
    • Suppose you are subscribed to clamav-users. Go to http://lists.clamav.net/mailman/listinfo/clamav-users and enter your mail address at the bottom of the page. Click on Unsubscribe or edit options. At the next page enter your password and press Log in. Under Your clamav-users Subscription Options choose Disabled opposite Mail delivery and press Submit My Changes at the bottom of the page.

其他

  • Can phishing be considered one kind of spam? ClamAV should not detect it as some kind of malware.
    • Starting from release 0.90, ClamAV allows you to choose whether to detect phish as some kind of malware or not. This should put an end to the endless threads on our mailing lists. So long, and thanks for all the phish.
  • Can I convert the new database format to the old one?
    • Yes, install a recent version of sigtool and run: sigtool --unpack-current daily.cvd; sigtool --unpack-current main.cvd
  • How do I read inside the CVD files?
    • See previous FAQ.
  • I’m using ClamAV in a production environment and a brand new virus is not being recognized by ClamAV. How long do I have to wait before ClamAV can start filtering the virus?
    • No time at all! Find a signature for that virus and modify your virus database accordingly (see signatures.pdf in the doc/ dir). Remember to submit the sample to the virusdb team.
  • Why is ClamAV calling the XXX virus with another name?
    • This usually happens when we add a signature before other AV vendors. No well-known name is available at that moment so we have to invent one. Renaming the virus after a few days would just confuse people more, so we usually keep on using our name for that virus. The only exception is when a new name is established soon after the signature addition.
  • I get many false positives of Oversized.zip
    • Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it’s considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting.
  • Can ClamAV disinfect files?
    • No, it can’t. We will add support for disinfecting OLE2 files in one of the next stable releases. There are no plans for disinfecting other types of files. There are many reasons for it: cleaning viruses from files is virtually pointless these days. It is very seldom that there is anything useful left after cleaning, and even if there is, would you trust it?
  • When using clamscan, is there a way to know which message within an mbox is infected?
    • There are two solutions: Run clamscan --debug, look for Deal with email number xxx Alternatively you can convert the mbox to Maildir format, run clamscan on it and then convert it back to mbox format. There are many tools available which can convert to and from Maildir format: formail, mbox2maildir and maildir2mbox
  • I’m running ClamAV + amavisd-new and get the following error in my mail log amavis: Clam Antivirus-clamd FAILED – unknown status:/var/lib/amavis/amavis-20060917T120205-21416/parts: lstat() failed. ERROR\n amavis: WARN: all primary virus scanners failed, considering backups . What’s wrong?
    • Please refer to Wiki.
  • I’m running Qmail + Qmail-Scanner + ClamAV and get the following error in my mail logs: clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem. What’s wrong with it?
    • Please refer to Wiki.
  • How do I use ClamAV with p3scan?
    • Please refer to Wiki.
  • What platforms does it support ?
    • Clam AntiVirus works with Linux®, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, Cygwin B20 on multiple architectures such as Intel, Alpha, Sparc, Cobalt MIPS boxes, PowerPC, RISC 6000.
  • Where can I find more information about ClamAV?
    • Please read the complete documentation in pdf/ps format. You will find it inside the package or in the documentation section of this website. You can also try searching the mailing list archives. If you can’t find the answer, you can ask for support on the clamav-users mailing-list, but please before doing it, search the archives! Also, make sure that you don’t send HTML messages and that you don’t top post: these violate the netiquette and lessen your chances of being answered.

Last update: Feb 10th, 2007

此語言版本未能提供有關內容,謹此致歉。