On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
[EMAIL PROTECTED] wrote:
ClamAV is rejecting messages where the recipient address contains a | (pipe
character)..
Why is this? Is | a virus now?
Can this behaviour be disabled?
Are you planning on blocking other random characters from
ClamAV is rejecting messages where the recipient address contains a | (pipe
character)..
Why is this? Is | a virus now?
Can this behaviour be disabled?
Are you planning on blocking other random characters from appearing in the
recipient adres?
thanks,
bvr.
Rob MacGregor wrote:
On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
[EMAIL PROTECTED] wrote:
ClamAV is rejecting messages where the recipient address contains a | (pipe
character)..
Why is this? Is | a virus now?
Can this behaviour be disabled?
Are you planning on blocking other
* Bas van Rooijen [EMAIL PROTECTED]:
Yes. I'm certain ClamAV is behind it; we're using postfix with ClamAV-milter,
- the message immediately rejected with the same error message,
- the message is also written to the clamav.log,
- if you google for the error a short discussion will come up
On Mon, Apr 14, 2008 at 11:55:08AM +0100, Rob MacGregor wrote:
On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
[EMAIL PROTECTED] wrote:
ClamAV is rejecting messages where the recipient address contains a |
(pipe character)..
Why is this? Is | a virus now?
Can this behaviour
Mon Apr 14 13:07:57 2008 - WARNING: Suspicious recipient address blocked:
'test|[EMAIL PROTECTED]'
Ralf Hildebrandt wrote:
* Bas van Rooijen [EMAIL PROTECTED]:
Yes. I'm certain ClamAV is behind it; we're using postfix with ClamAV-milter,
- the message immediately rejected with the same
German Trejo wrote:
[EMAIL PROTECTED] ~]$ clamscan
I got
--- SCAN SUMMARY ---
Known viruses: 80498
Engine version: 0.88.7
This is so old!
Scanned directories: 1
Scanned files: 195
Infected files: 1
Data scanned: 419.63 MB
Time: 351.800 sec (5 m 51 s)
But no report
I am using FC6 seems like I have a virus in my thunderbird email client, what
it's doing it replaces attachments with another file to any file I receive or
some case replaces for another the text, always the same. I installed CalmAV
0.88 with rpm file
[EMAIL PROTECTED] ~]$ clamscan
But nothing on VirusName FOUND message. Any other way to run clamAV and find
the virus name and clean it?
German
Quoting Török Edwin [EMAIL PROTECTED]:
German Trejo wrote:
[EMAIL PROTECTED] ~]$ clamscan
I got
--- SCAN SUMMARY ---
Known viruses: 80498
Engine version:
German Trejo wrote:
But nothing on VirusName FOUND message. Any other way to run clamAV and find
the virus name and clean it?
First upgrade to 0.92.1, 0.88.7 is too old to find some viruses.
Then use clamscan -ri .
--Edwin
___
Help us build a
On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
[EMAIL PROTECTED] wrote:
ClamAV is rejecting messages where the recipient address contains a | (pipe
character)..
Why is this? Is | a virus now?
Can this behaviour be disabled?
Are you planning on blocking other random characters
Bas van Rooijen wrote:
Thanks for the replies so far;
however please note I already know the problem is ClamAV (hence i'm writing
to this list..)
Is there anyone who can answer my actual questions?
Comment out the check in the source and recompile?
[EMAIL PROTECTED] wrote:
Bas van Rooijen wrote:
Thanks for the replies so far;
however please note I already know the problem is ClamAV (hence i'm writing
to this list..)
Is there anyone who can answer my actual questions?
Comment out the check in the source and recompile?
Török Edwin wrote:
[EMAIL PROTECTED] wrote:
Bas van Rooijen wrote:
Thanks for the replies so far;
however please note I already know the problem is ClamAV (hence i'm writing
to this list..)
Is there anyone who can answer my actual questions?
Comment out the check in the source
John Rudd wrote:
Török Edwin wrote:
[EMAIL PROTECTED] wrote:
Bas van Rooijen wrote:
Thanks for the replies so far;
however please note I already know the problem is ClamAV (hence i'm
writing to this list..)
Is there anyone who can answer my actual questions?
John Rudd wrote:
Török Edwin wrote:
[EMAIL PROTECTED] wrote:
Bas van Rooijen wrote:
Thanks for the replies so far;
however please note I already know the problem is ClamAV (hence i'm
writing to this list..)
Is there anyone who can answer my actual questions?
Comment out the
Hi,
Current Known Viruses Count is.
Known viruses: 254858
Engine version: 0.92.1
Which Dropped on 2008-04-07 from Known viruses:413852 is this normal?
--
Regards,
Noor Ahmed Afridi
___
Help us build a comprehensive ClamAV guide: visit
Noor Ahmed Afridi wrote:
Hi,
Current Known Viruses Count is.
Known viruses: 254858
Engine version: 0.92.1
Which Dropped on 2008-04-07 from Known viruses:413852 is this normal?
Looks like you might have been loading one of the tables twice.
dp
It took 2 seconds to grep ClamAV sources..
clamav-milter.c
if(strchr(|;, *ptr) != NULL) {
smfi_setreply(ctx, 554, 5.7.1, _(Suspicious recipient address blocked));
Yes it seems | and ; are blocked.
The | character might be used to expolit SMTP servers. It has no valid place
in an email
The | character is not allowed in any e-mail address because it's a Unix
shell reserved character.
Here's a list right off the top of my head that are usually
blocked/disabled by just about every MTA out there.
1. Control Characters
2. Space
3. !
4.
5. #
6. $
7. %
8.
On Mon, 14 Apr 2008, Michael Brown wrote:
The | character is not allowed in any e-mail address because it's a Unix
shell reserved character.
Here's a list right off the top of my head that are usually
blocked/disabled by just about every MTA out there.
1. Control Characters
2.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 14, 2008, at 10:30 AM, Michael Brown wrote:
The | character is not allowed in any e-mail address because it's a
Unix
shell reserved character.
Here's a list right off the top of my head that are usually
blocked/disabled by just about
Alan Stern wrote:
There's certainly something wrong here. The open and close bracket
characters ('[' and ']', items 19 and 21) can indeed be part of a valid
email address. For example: [EMAIL PROTECTED]
There's a difference between [EMAIL PROTECTED] which would
be invalid and [EMAIL
Bit Fuzzy wrote:
Alan Stern wrote:
There's certainly something wrong here. The open and close bracket
characters ('[' and ']', items 19 and 21) can indeed be part of a valid
email address. For example: [EMAIL PROTECTED]
There's a difference between [EMAIL PROTECTED] which would
On Mon, Apr 14, 2008 at 05:22:56PM +0200, Bas van Rooijen said:
postfix would accept all three forms even
and why not ??
I assume you haven't looked at sendmail's security record. This has
been a pretty standard thing to do for a long time, and with even more
characters than the milter
Stephen Gran wrote:
I assume you haven't looked at sendmail's security record. This has
been a pretty standard thing to do for a long time, and with even more
characters than the milter currently uses.
That may be true, but filtering suspicious recipient addresses is beyond
the scope of a
On Mon, Apr 14, 2008 at 12:05:05PM -0400, David F. Skoll said:
Stephen Gran wrote:
I assume you haven't looked at sendmail's security record. This has
been a pretty standard thing to do for a long time, and with even more
characters than the milter currently uses.
That may be true,
Brian Morrison wrote:
I've just built and installed 0.93, when the new versions try and start
I get this error:
/usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
symbol: rarvm_free
A grep through the source doesn't appear to show anything obvious to me
anyway, the system
Török Edwin wrote:
Brian Morrison wrote:
I've just built and installed 0.93, when the new versions try and start
I get this error:
/usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
symbol: rarvm_free
A grep through the source doesn't appear to show anything obvious to me
Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that page.
--
Brian
___
Help us build a comprehensive
Brian Morrison wrote:
Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that page.
That changed a minute after I posted, 0.93 is now there.
--
Brian Morrison wrote:
Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that page.
Brian Morrison wrote:
Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that page.
The front page said 0.93 was the current version - looks like
Dennis Peterson wrote:
Brian Morrison wrote:
Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that page.
The front page said 0.93 was the
Brian Morrison wrote:
Dennis Peterson wrote:
Brian Morrison wrote:
Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that page.
The front page
Brian Morrison wrote:
Török Edwin wrote:
Brian Morrison wrote:
I've just built and installed 0.93, when the new versions try and start
I get this error:
/usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
symbol: rarvm_free
A grep through the source doesn't
Any links to the real full report, all I found was don't scan PE files ?
Gerard wrote:
I just received an alert from US-CERT regarding ClamAV. The full report
is available here:
http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability
Török Edwin wrote:
Brian Morrison wrote:
Török Edwin wrote:
Brian Morrison wrote:
I've just built and installed 0.93, when the new versions try and start
I get this error:
/usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
symbol: rarvm_free
A grep through the
Gerard wrote:
http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability
Does ClamAV 0.93 fix this vulnerability? (When I saw the 0.93 release
announcement, I wondered what security problems were fixed this time...)
CERT, though, has to win the shoot-yourself-in-the-foot
Hi,
I just download clamav 0.93 and attempted to compiled this on my
Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo.
Here is my error message I got:
Extracting
/Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a
(cd .libs/libclamav.lax/liblzma.a ar x
fchan wrote:
Hi,
I just download clamav 0.93 and attempted to compiled this on my
Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo.
Here is my error message I got:
Extracting
/Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a
(cd
Dennis Peterson wrote:
Brian Morrison wrote:
Dennis Peterson wrote:
Brian Morrison wrote:
Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that
Hallo
i just tried to run clamav-0.93 on my FreeBSD 4.8 Server and Procmail
-clamassassin hangs
with clamav-0.92.1 = no Problem
**
cd clamav-0.92.1
make uninstall
cd ..
cd clamav-0.93
./configure
make
make install
freshclam
= all OK
reboot
i use Procmail and clamassassin 1.2.3 with clamd on
On Mon, 14 Apr 2008 14:01:10 -0400
David F. Skoll [EMAIL PROTECTED] wrote:
Gerard wrote:
http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability
Does ClamAV 0.93 fix this vulnerability? (When I saw the 0.93 release
announcement, I wondered what security problems were
On Mon, 14 Apr 2008, Matthias Häker wrote:
is there any change in the conf ? ort anything else i should look for ?
Uhm, yes:
* clamd:
- NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion,
MaxFiles
- ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
I'm getting this error message:
cdiff.o(.text+0x190a): In function `cdiff_apply':
../shared/cdiff.c:984: undefined reference to `gzdopen'
cdiff.o(.text+0x1950):../shared/cdiff.c:994: undefined reference to `gzgets'
cdiff.o(.text+0x19a5):../shared/cdiff.c:1016: undefined reference to `gzclose'
Joey McKnight wrote:
I'm getting this error message:
You removed the most important output from the build: the last command
executed (the arguments to the linker), please post that one too.
cdiff.o(.text+0x190a): In function `cdiff_apply':
../shared/cdiff.c:984: undefined reference to
Joey McKnight said the following, On 04/14/2008 01:44 PM:
I'm getting this error message:
manager.o(.text+0x189d):/root/clamav-0.93/freshclam/manager.c:913: undefined
reference to `gzclose'
manager.o(.text+0x19cd):/root/clamav-0.93/freshclam/manager.c:932: undefined
reference to `gzclose'
I have been assigned to manage a Postfix email server running Clamav on
a RHEL 4 ES server. I am running 0.90.3-1.el4.rf on the machine in
question for some reason my definitions are failing to update and
flooding my logs:
[EMAIL PROTECTED] ~]# cat /var/log/messages | grep freshclam
Apr 14
Torok Edwin wrote:
You got version 6700, which is too old to update from directly to 6755.
That is why freshclam downloaded the entire daily.cvd again.
It updated successfully, but didn't use incremental updates.
So what exactly can I do to clean this up a little? Are you saying
Carlos Williams wrote:
Torok Edwin wrote:
You got version 6700, which is too old to update from directly to 6755.
That is why freshclam downloaded the entire daily.cvd again.
It updated successfully, but didn't use incremental updates.
So what exactly can I do to clean this
Joey McKnight wrote:
here is what nm -D /usr/lib/libz.so|grep gz displayed:
00d674c0 T gzclearerr
00d67320 T gzclose
00d66380 T gzdopen
00d67240 T gzeof
00d67390 T gzerror
00d66ec0 T gzflush
00d66aa0 T gzgetc
00d66b40 T gzgets
00d66350 T gzopen
00d66ca0 T gzprintf
00d66d20 T gzputc
Torok Edwin wrote:
Carlos Williams wrote:
Torok Edwin wrote:
You got version 6700, which is too old to update from directly to 6755.
That is why freshclam downloaded the entire daily.cvd again.
It updated successfully, but didn't use incremental updates.
So what exactly can
On Apr 14, 2008, at 1:06 PM, Carlos Williams wrote:
It is not fine, in the sense that you didn't update since a long time
(55 DB versions got released in the mean time!)
So does this freshclam run every night to update or how does this
exactly work? I want to kind have this automated and
Carlos Williams wrote:
So does this freshclam run every night to update or how does this
exactly work? I want to kind have this automated and keep from flooding
my logs? I am guessing that there is a cron.daily script that runs but I
don't know why its not running correctly if I was
On Mon, 14 Apr 2008 16:15:29 -0400
Carlos Williams [EMAIL PROTECTED] wrote:
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.90.3 Recommended version: 0.93
Ignoring mirror 209.8.40.140 (too often connections with outdated version)
What am I doing wrong?
When
here is what nm -D /usr/lib/libz.so|grep gz displayed:
00d674c0 T gzclearerr
00d67320 T gzclose
00d66380 T gzdopen
00d67240 T gzeof
00d67390 T gzerror
00d66ec0 T gzflush
00d66aa0 T gzgetc
00d66b40 T gzgets
00d66350 T gzopen
00d66ca0 T gzprintf
00d66d20 T gzputc
00d66d70 T gzputs
00d667d0 T gzread
Chuck Swiger wrote:
On Apr 14, 2008, at 1:06 PM, Carlos Williams wrote:
It is not fine, in the sense that you didn't update since a long time
(55 DB versions got released in the mean time!)
So does this freshclam run every night to update or how does this
exactly work? I want to kind have
Carlos Williams wrote:
I am just guessing the automated process would not be essential until I
can manually run freshclam and see it connecting to valid hosts and then
update itself w/o any errors.
What am I doing wrong?
It gives you a link in the log message that you should probably
On Mon, Apr 14, 2008 at 05:51:22PM +0100, Brian Morrison wrote:
[...]
/usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
symbol: rarvm_free
[...]
ldconfig?
--
___
Help us build a comprehensive ClamAV guide: visit
On Mon, 14 Apr 2008 16:15:29 -0400
Carlos Williams [EMAIL PROTECTED] wrote:
[snip]
[EMAIL PROTECTED] bin]# freshclam
ClamAV update process started at Mon Apr 14 16:07:03 2008
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.90.3 Recommended version: 0.93
DON'T PANIC!
On Mon, 14 Apr 2008 20:38:21 +0300
Török Edwin [EMAIL PROTECTED] wrote:
Brian Morrison wrote:
Török Edwin wrote:
Brian Morrison wrote:
I've just built and installed 0.93, when the new versions try and start
I get this error:
/usr/sbin/clamd: relocation error:
A vulnerability was identified by Secunia in 0.92.1 relating to the PE module.
We immediately disabled this module about a month ago. Since then we have been
working on, and produced, a fix which is included in 0.93. 0.93 is due for
release
very soon, and all users are advised to update to this
Michael Brown wrote:
The | character is not allowed in any e-mail address because it's a Unix
shell reserved character.
Here's a list right off the top of my head that are usually
blocked/disabled by just about every MTA out there.
1. Control Characters
2. Space
3. !
4.
Thank you Edwin! That worked.
Frank
fchan wrote:
Hi,
I just download clamav 0.93 and attempted to compiled this on my
Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo.
Here is my error message I got:
Extracting
Nigel Horne wrote:
A vulnerability was identified by Secunia in 0.92.1 relating to the PE
module.
We immediately disabled this module about a month ago. Since then we
have been
working on, and produced, a fix which is included in 0.93. 0.93 is due
for release
very soon, and all users are
This is the output after the upgrade:
[EMAIL PROTECTED] ~]$ ~/clamav/bin/clamscan -ri
LibClamAV Warning: **
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible.***
David F. Skoll wrote:
Stephen Gran wrote:
I assume you haven't looked at sendmail's security record. This has
been a pretty standard thing to do for a long time, and with even more
characters than the milter currently uses.
That may be true, but filtering suspicious recipient addresses
Hello,
ClamAV 0.92.1 (debian volatile) can't scan pdf (around 3MB) files.
I get the following error: Files number limit exceeded.
My clam.conf contains the following strings:
ArchiveMaxRecursion 0
ArchiveMaxFiles 0
ArchiveMaxFileSize 30M
ArchiveMaxCompressionRatio 500
ArchiveLimitMemoryUsage
69 matches
Mail list logo