[Declude.Virus] ClamAV error
I recently installed ClamAv as my third scanner after AVG and F-Prot. For some reason it indicates an error related to the attachment when it detects a virus (Attachment=[Unknown: Err]). Here is an example from the Declude virus log file: 07/13/2006 19:32:18.843 366626185 Vulnerability flags = 861 07/13/2006 19:32:18.843 366626185 MIME file: your_letter.pif [base64; Length=17424 Checksum=1974090] 07/13/2006 19:32:18.843 366626185 Banning file with pif extension [application/octet-stream]. 07/13/2006 19:32:19.328 366626185 AVG Reports VIRUS: I-Worm/Netsky.D 07/13/2006 19:32:19.328 366626185 File(s) are INFECTED [I-Worm/Netsky.D: 7] 07/13/2006 19:32:19.625 366626185 Virus scanner 1 reports exit code of 3 07/13/2006 19:32:19.625 366626185 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=your_letter.pif [1] I 07/13/2006 19:32:19.718 366626185 Virus scanner 2 reports exit code of 1 07/13/2006 19:32:19.718 366626185 Warning: file#=366626185 (366626185.eml,366626) 07/13/2006 19:32:19.718 366626185 Scanner 2: Virus= Worm.SomeFool.D Attachment=[Unknown: Err] [1] I 07/13/2006 19:32:19.718 366626185 Invalid PIF Vulnerability 07/13/2006 19:32:19.718 366626185 Found a bogus .pif file 07/13/2006 19:32:19.718 366626185 Scanned: CONTAINS A VIRUS [MIME: 2 17604] 07/13/2006 19:32:19.718 366626185 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 72.82.177.22] 07/13/2006 19:32:19.718 366626185 Subject: Re: Your letter It doesn't seem to matter what kind of virus is involved. Even when it detects a phishing attempt you still see the same error. Here is what I have in the virus.cfg: SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Is anyone else experiencing this, or have any ideas? Thanks, Gary --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV error
Gary, You said CLAM was your third AV yet your config shows it is your second one SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Change the SCANFILE2, VIRUSCODE2, REPORT2 to 3. That might help Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, July 14, 2006 1:16 PM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV error I recently installed ClamAv as my third scanner after AVG and F-Prot. For some reason it indicates an error related to the attachment when it detects a virus (Attachment=[Unknown: Err]). Here is an example from the Declude virus log file: 07/13/2006 19:32:18.843 366626185 Vulnerability flags = 861 07/13/2006 19:32:18.843 366626185 MIME file: your_letter.pif [base64; Length=17424 Checksum=1974090] 07/13/2006 19:32:18.843 366626185 Banning file with pif extension [application/octet-stream]. 07/13/2006 19:32:19.328 366626185 AVG Reports VIRUS: I-Worm/Netsky.D 07/13/2006 19:32:19.328 366626185 File(s) are INFECTED [I-Worm/Netsky.D: 7] 07/13/2006 19:32:19.625 366626185 Virus scanner 1 reports exit code of 3 07/13/2006 19:32:19.625 366626185 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=your_letter.pif [1] I 07/13/2006 19:32:19.718 366626185 Virus scanner 2 reports exit code of 1 07/13/2006 19:32:19.718 366626185 Warning: file#=366626185 (366626185.eml,366626) 07/13/2006 19:32:19.718 366626185 Scanner 2: Virus= Worm.SomeFool.D Attachment=[Unknown: Err] [1] I 07/13/2006 19:32:19.718 366626185 Invalid PIF Vulnerability 07/13/2006 19:32:19.718 366626185 Found a bogus .pif file 07/13/2006 19:32:19.718 366626185 Scanned: CONTAINS A VIRUS [MIME: 2 17604] 07/13/2006 19:32:19.718 366626185 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 72.82.177.22] 07/13/2006 19:32:19.718 366626185 Subject: Re: Your letter It doesn't seem to matter what kind of virus is involved. Even when it detects a phishing attempt you still see the same error. Here is what I have in the virus.cfg: SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Is anyone else experiencing this, or have any ideas? Thanks, Gary --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV error
AVG is my first one (it's everybody's first one, it's built in). Original Message From: Goran Jovanovic [EMAIL PROTECTED] Sent: Friday, July 14, 2006 3:26 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV error Gary, You said CLAM was your third AV yet your config shows it is your second one SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Change the SCANFILE2, VIRUSCODE2, REPORT2 to 3. That might help Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, July 14, 2006 1:16 PM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV error I recently installed ClamAv as my third scanner after AVG and F-Prot. For some reason it indicates an error related to the attachment when it detects a virus (Attachment=[Unknown: Err]). Here is an example from the Declude virus log file: 07/13/2006 19:32:18.843 366626185 Vulnerability flags = 861 07/13/2006 19:32:18.843 366626185 MIME file: your_letter.pif [base64; Length=17424 Checksum=1974090] 07/13/2006 19:32:18.843 366626185 Banning file with pif extension [application/octet-stream]. 07/13/2006 19:32:19.328 366626185 AVG Reports VIRUS: I-Worm/Netsky.D 07/13/2006 19:32:19.328 366626185 File(s) are INFECTED [I-Worm/Netsky.D: 7] 07/13/2006 19:32:19.625 366626185 Virus scanner 1 reports exit code of 3 07/13/2006 19:32:19.625 366626185 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=your_letter.pif [1] I 07/13/2006 19:32:19.718 366626185 Virus scanner 2 reports exit code of 1 07/13/2006 19:32:19.718 366626185 Warning: file#=366626185 (366626185.eml,366626) 07/13/2006 19:32:19.718 366626185 Scanner 2: Virus= Worm.SomeFool.D Attachment=[Unknown: Err] [1] I 07/13/2006 19:32:19.718 366626185 Invalid PIF Vulnerability 07/13/2006 19:32:19.718 366626185 Found a bogus .pif file 07/13/2006 19:32:19.718 366626185 Scanned: CONTAINS A VIRUS [MIME: 2 17604] 07/13/2006 19:32:19.718 366626185 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 72.82.177.22] 07/13/2006 19:32:19.718 366626185 Subject: Re: Your letter It doesn't seem to matter what kind of virus is involved. Even when it detects a phishing attempt you still see the same error. Here is what I have in the virus.cfg: SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Is anyone else experiencing this, or have any ideas? Thanks, Gary --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude error, not ClamAV error
Upon further research, the statement Attachment=[Unknown: Err] is generated by Declude, not ClamAV. So does Declude have a problem with ClamAV? Original Message From: Gary Steiner [EMAIL PROTECTED] Sent: Friday, July 14, 2006 1:32 PM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV error I recently installed ClamAv as my third scanner after AVG and F-Prot. For some reason it indicates an error related to the attachment when it detects a virus (Attachment=[Unknown: Err]). Here is an example from the Declude virus log file: 07/13/2006 19:32:18.843 366626185 Vulnerability flags = 861 07/13/2006 19:32:18.843 366626185 MIME file: your_letter.pif [base64; Length=17424 Checksum=1974090] 07/13/2006 19:32:18.843 366626185 Banning file with pif extension [application/octet-stream]. 07/13/2006 19:32:19.328 366626185 AVG Reports VIRUS: I-Worm/Netsky.D 07/13/2006 19:32:19.328 366626185 File(s) are INFECTED [I-Worm/Netsky.D: 7] 07/13/2006 19:32:19.625 366626185 Virus scanner 1 reports exit code of 3 07/13/2006 19:32:19.625 366626185 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=your_letter.pif [1] I 07/13/2006 19:32:19.718 366626185 Virus scanner 2 reports exit code of 1 07/13/2006 19:32:19.718 366626185 Warning: file#=366626185 (366626185.eml,366626) 07/13/2006 19:32:19.718 366626185 Scanner 2: Virus= Worm.SomeFool.D Attachment=[Unknown: Err] [1] I 07/13/2006 19:32:19.718 366626185 Invalid PIF Vulnerability 07/13/2006 19:32:19.718 366626185 Found a bogus .pif file 07/13/2006 19:32:19.718 366626185 Scanned: CONTAINS A VIRUS [MIME: 2 17604] 07/13/2006 19:32:19.718 366626185 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 72.82.177.22] 07/13/2006 19:32:19.718 366626185 Subject: Re: Your letter It doesn't seem to matter what kind of virus is involved. Even when it detects a phishing attempt you still see the same error. Here is what I have in the virus.cfg: SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Is anyone else experiencing this, or have any ideas? Thanks, Gary --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude error, not ClamAV error
In other log lines Declude states it is an invalid/bogus pif file. That might explain it. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, July 14, 2006 2:43 PM To: declude.virus@declude.com Subject: [Declude.Virus] Declude error, not ClamAV error Upon further research, the statement Attachment=[Unknown: Err] is generated by Declude, not ClamAV. So does Declude have a problem with ClamAV? Original Message From: Gary Steiner [EMAIL PROTECTED] Sent: Friday, July 14, 2006 1:32 PM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV error I recently installed ClamAv as my third scanner after AVG and F-Prot. For some reason it indicates an error related to the attachment when it detects a virus (Attachment=[Unknown: Err]). Here is an example from the Declude virus log file: 07/13/2006 19:32:18.843 366626185 Vulnerability flags = 861 07/13/2006 19:32:18.843 366626185 MIME file: your_letter.pif [base64; Length=17424 Checksum=1974090] 07/13/2006 19:32:18.843 366626185 Banning file with pif extension [application/octet-stream]. 07/13/2006 19:32:19.328 366626185 AVG Reports VIRUS: I-Worm/Netsky.D 07/13/2006 19:32:19.328 366626185 File(s) are INFECTED [I-Worm/Netsky.D: 7] 07/13/2006 19:32:19.625 366626185 Virus scanner 1 reports exit code of 3 07/13/2006 19:32:19.625 366626185 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=your_letter.pif [1] I 07/13/2006 19:32:19.718 366626185 Virus scanner 2 reports exit code of 1 07/13/2006 19:32:19.718 366626185 Warning: file#=366626185 (366626185.eml,366626) 07/13/2006 19:32:19.718 366626185 Scanner 2: Virus= Worm.SomeFool.D Attachment=[Unknown: Err] [1] I 07/13/2006 19:32:19.718 366626185 Invalid PIF Vulnerability 07/13/2006 19:32:19.718 366626185 Found a bogus .pif file 07/13/2006 19:32:19.718 366626185 Scanned: CONTAINS A VIRUS [MIME: 2 17604] 07/13/2006 19:32:19.718 366626185 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 72.82.177.22] 07/13/2006 19:32:19.718 366626185 Subject: Re: Your letter It doesn't seem to matter what kind of virus is involved. Even when it detects a phishing attempt you still see the same error. Here is what I have in the virus.cfg: SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav- devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Is anyone else experiencing this, or have any ideas? Thanks, Gary --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Declude error, not ClamAV error
I get the error no matter what the virus, Netsky, Bagle, Feebs, even when ClamAV detects a fishing attempt the error is there. Original Message From: John T \(Lists\) [EMAIL PROTECTED] Sent: Friday, July 14, 2006 9:46 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Declude error, not ClamAV error In other log lines Declude states it is an invalid/bogus pif file. That might explain it. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, July 14, 2006 2:43 PM To: declude.virus@declude.com Subject: [Declude.Virus] Declude error, not ClamAV error Upon further research, the statement Attachment=[Unknown: Err] is generated by Declude, not ClamAV. So does Declude have a problem with ClamAV? Original Message From: Gary Steiner [EMAIL PROTECTED] Sent: Friday, July 14, 2006 1:32 PM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV error I recently installed ClamAv as my third scanner after AVG and F-Prot. For some reason it indicates an error related to the attachment when it detects a virus (Attachment=[Unknown: Err]). Here is an example from the Declude virus log file: 07/13/2006 19:32:18.843 366626185 Vulnerability flags = 861 07/13/2006 19:32:18.843 366626185 MIME file: your_letter.pif [base64; Length=17424 Checksum=1974090] 07/13/2006 19:32:18.843 366626185 Banning file with pif extension [application/octet-stream]. 07/13/2006 19:32:19.328 366626185 AVG Reports VIRUS: I-Worm/Netsky.D 07/13/2006 19:32:19.328 366626185 File(s) are INFECTED [I-Worm/Netsky.D: 7] 07/13/2006 19:32:19.625 366626185 Virus scanner 1 reports exit code of 3 07/13/2006 19:32:19.625 366626185 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=your_letter.pif [1] I 07/13/2006 19:32:19.718 366626185 Virus scanner 2 reports exit code of 1 07/13/2006 19:32:19.718 366626185 Warning: file#=366626185 (366626185.eml,366626) 07/13/2006 19:32:19.718 366626185 Scanner 2: Virus= Worm.SomeFool.D Attachment=[Unknown: Err] [1] I 07/13/2006 19:32:19.718 366626185 Invalid PIF Vulnerability 07/13/2006 19:32:19.718 366626185 Found a bogus .pif file 07/13/2006 19:32:19.718 366626185 Scanned: CONTAINS A VIRUS [MIME: 2 17604] 07/13/2006 19:32:19.718 366626185 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 72.82.177.22] 07/13/2006 19:32:19.718 366626185 Subject: Re: Your letter It doesn't seem to matter what kind of virus is involved. Even when it detects a phishing attempt you still see the same error. Here is what I have in the virus.cfg: SCANFILE2 C:\SmarterMail\Declude\Scanners\runclamscan.exe log=1 C:\clamav- devel\bin\clamdscan.exe --quiet --mbox --max-ratio 0 --max-space 1M -l report.txt VIRUSCODE2 1 REPORT2 FOUND Is anyone else experiencing this, or have any ideas? Thanks, Gary --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
