Re: [clamav-users] [ext] More info about detected virus

2022-06-12 Thread Zvi Kave via clamav-users 

  
  
Thank you Ralf.


On 6/8/2022 6:25 PM, Ralf Hildebrandt
  via clamav-users wrote:


  * Zvi Kave via clamav-users :

  
   Hi,

   Where can I find more information about ClamAV detected virus like
   Win.Trojan.N-68

   or another name ?

  
  
You can decode the signature using this command:

# sigtool -fWin.Trojan.N-68 | sigtool --decode-sigs 

Basically it finds an email containing a BASE64 encoded "readme.exe"
using the content type "audio/x-wav"... Maybe this helps:

VIRUS NAME: Win.Trojan.N-68
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
REMOVED A MIME BOUNDARY HERE
Content-Type: audio/x-wav;
name="readme.exe"
Content-Transfer-Encoding: base64

--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


  

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] More info about detected virus

2022-06-08 Thread Zvi Kave via clamav-users 

  
  
Hi,


Where can I find more information about ClamAV detected virus
  like Win.Trojan.N-68
or another name ?
Googling give me no additional information about the virus.


Thanks,


Zvi

  

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] rust on IBM i PASE environment - a must ?

2022-05-19 Thread Zvi Kave via clamav-users 

  
  
Hi ,


We have ClamAV 0.104.1 compiled from sources and working  fine
in IBM i PASE environment - which is quite same architecture like
  IBM AIX binaries.
We have a problem to compile ClamAV 0.105.0 because at present 

we have not rust on IBM i PASE  - nor on AIX.
Is there a way to compile ClamAV 0.105.0 without rust ?



Regards,


Zvi




  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Yara regular expression finds only first match in ClamAV ?

2021-08-23 Thread Zvi Kave via clamav-users 

  
  
Hi Richard,


Yes. I tried with options: --normalize=no and /or --allmatch
But no change.


Thanks,


Zvi



On 8/23/2021 9:13 AM, Paul Kosinski via
  clamav-users wrote:


  On Sun, 22 Aug 2021 20:10:00 +0100 (BST)
"G.W. Haywood via clamav-users"  wrote:


  
Hi there,

On Sun, 22 Aug 2021, Richard Graham via clamav-users wrote:


  On Sun, Aug 22, 2021 at 10:41 AM Zvi Kave wrote:  

  
On 8/19/2021 9:33 PM, G.W. Haywood via clamav-users wrote:  


  On Thu, 19 Aug 2021, Zvi Kave via clamav-users wrote:  

  

I found that yara strings like this: $re = /[0-9]{9}/
find only first 9-digit match in file.
This spoils my logic ...  

  
  
... my advice is not to try anything fancy ...  



I understand that I have to be patient.  

  
  
I'm wondering if the --allmatch option/switch is useful here.  



Unfortunately I'm afraid it's a diffferent issue.  Yara rules don't
necessarily produce a match (one which ClamAV would report as FOUND)
even if there are strings in the Yara rules which _do_ in fact match.
The point is that you can (or should be able to) tell Yara things like
"count the number of times the string is found in the text, and report
if there are more than 23 of them".  This sort of thing will sometimes
work with the Yara engine in ClamAV, but my experience is that it's at
the fancy end of the scale and I've spent hours trying to get things
to work which would seem to be trivial exercises in regexes and logic.

  
  


Maybe ClamAV should support plugins, rather than being constrained to what's compiled in. (There are, of course, various plugins that invoke ClamAV, but that's not what I mean.)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Yara regular expression finds only first match in ClamAV ?

2021-08-22 Thread Zvi Kave via clamav-users 

  
  
Hi Ged,


Sorry. I hope you have some hair yet.

I understand that I have to be patient.


Thank you,


Zvi



On 8/19/2021 9:33 PM, G.W. Haywood via
  clamav-users wrote:

Hi
  there,
  
  
  On Thu, 19 Aug 2021, Zvi Kave via clamav-users wrote:
  
  
  I found that yara strings like this: $re =
/[0-9]{9}/


find only first 9-digit match in file.


This spoils my logic ...

  
  
  After tearing out most of what remains of my hair over Yara rules
  in
  
  ClamAV, my advice is not to try anything fancy until the Yara
  engine
  
  is completely replaced.  My list of the faults in it keeps on
  growing,
  
  and AFAICT there's no prospect of any attention being paid to them
  in
  
  the foreseeable future.  As you have seen there are reports going
  back
  
  years.  If I had time I'd do it myself, but I don't.  I've reached
  the
  
  point where I code Yara rules in as simple a way as I possibly can
  and
  
  every time I add a new rule or modify an existing one I hope not
  to
  
  find another fault in the engine.  Sometimes I've spent hours
  trying
  
  to get it to do a single match correctly and finally given up. 
  It's a
  
  terrible shame, because (here at least) Yara rules by a very long
  way
  
  find more spam and malicious mail content than anything else:
  
  
  $ grep FOUND /var/log/mail.debug | wc -l
  
  60072
  
  $ grep FOUND /var/log/mail.debug | grep -v YARA | wc -l
  
  11530
  
  $ grep FOUND /var/log/mail.debug | grep -v '\(YARA\|MANUAL\)' | wc
  -l
  
  2876
  
  $ grep FOUND /var/log/mail.debug | grep -v
  '\(YARA\|MANUAL\|UNOFFICIAL\)' | wc -l
  
  20
  
  $
  
  
  This is a single mail server, approximately 19 days of August
  2021.
  
  I'd consider it a low-volume site.  For whatever reasons we see
  very
  
  little malicious mail, rarely more than two or three items of
  malware
  
  in a typical day, but quite a lot of spam.  I don't know how this
  
  compares with the experience of other people here on the list.
  
  

  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Yara regular expression finds only first match in ClamAV ?

2021-08-19 Thread Zvi Kave via clamav-users 

  
  
Hi,


I found that yara strings like this: $re = /[0-9]{9}/
find only first 9-digit match in file.
This spoils my logic in condition: for 3 i in (1..#re) ...
Only this works: for 1 i in (1..#re) ...
I found that this issue was already reported in 2015.
Is there any way to convince ClamAV to match more as usual ?


Regards,


Zvi

  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Broken media detection

2021-06-24 Thread Zvi Kave via clamav-users 

  
  
Arnaud,


I understand now. Thank you.


Zvi



On 6/24/2021 11:55 AM, Arnaud Jacques
  wrote:

Zvi,
  
  
  
  When I try to open it, I get error
message:


agam.jpg:


It looks like we don't support this file format.

  
  
  If you look at the content of the file with an hexadecimal editor,
  you see garbage. It has no known file format.
  
  
  The file format is defined with the content of a file, not with
  the filename/extension.
  
  
  For me, and for ClamAV, it is not an image. Verify with "file"
  command line tool :
  
  
  #file agam.jpg
  
  agam.jpg: data
  
  
  

  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Broken media detection

2021-06-24 Thread Zvi Kave via clamav-users 

  
  
Hi,


I tried to use "clamscan --alert-broken-media=yes ag.jpg" to
  detect
spoiled JPEG files by RYUK ransomware.
Seems that it was not detected - ag.jpg OK.

Perhaps I use it not correctly?
Please advise .
I use clamav 0.103.3 .



Thanks,



Zvi

  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Zvi Kave via clamav-users 

  
  

  Hi,
  
  
  The SysAdmin
that responsible for Firewall maintenance,  allows to open only
one IP in the firewall for freshclam use.
  
  
  I shall check
squid definitions again.
  
  
  Thank you,
  
  
  Zvi
  
  
  

On 4/29/2021 12:41 PM, Eero Volotinen
  wrote:


  
  




  

> We wish to open only one IP in the firewall.

Can you explain why it matters to you how many different IPs
are used
to provide the service?  Do you use IPv4 and IPv6
addresses?  Have you
also asked Google if they will only send mail to you from a
single IP?

https://www.razlee.com/

  
  
  
  In squid it's possible to whitelist addresses by dns
names. 
  
  
  Eero 

  
  
  
  
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Zvi Kave via clamav-users 

  
  

  Hello Joel,
We
would like to get a manual that describes how to configure
freshclam
and proxy to refresh the signature files through the proxy
(squid)
and not directly.
Explanation:
Our
servers are behind a firewall.
The
freshclam is referred to different ClamAV mirror with different
IP
for each refresh.
We
wish to open only one IP in the firewall.


We
tried to set a proxy server outside the firewall and define
freshclam on all the other servers apply to the proxy server.
 We did
not succeed to configure clamAV and Squid to work together.

  
Is there a better solution
for this problem except  proxy server?
  
  
Can you please send us
manual or guidelines how to use this proxy ?
  
  

Thanks,
Zvi
Kave
  
  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Terminate clamscan after specific time

2021-01-06 Thread Zvi Kave via clamav-users 
Hi Ged,

Can you send link to your posts about root directory scan?

Thanks,

Zvi

On Wed, Jan 6, 2021 at 2:20 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Wed, 6 Jan 2021, Andrew C Aitchison via clamav-users wrote:
> > On Wed, 6 Jan 2021, Zvi Kave via clamav-users wrote:
> >
> >> My goal is to terminate scan of big number of files like '/' on CPU
> >
> > Would it be better to *pause* the scan if/when the computer gets busy ?
>
> There are many ways to tweak the scheduling of processes, but it makes
> no sense to optimize doing something that is fundamentally daft.  Even
> after it's been optimized, it's still daft.
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Terminate clamscan after specific time

2021-01-06 Thread Zvi Kave via clamav-users 
Hi ,

My goal is to terminate scan of big number of files like '/' on CPU busy
hours.
Then to continue approximately from the interrupted directory on nonbusy
hours.
Seems that I have to put some code in clamscan/manager.c

Thanks,

Zvi


On Tue, Jan 5, 2021 at 6:01 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Tue, 5 Jan 2021, Zvi Kave via clamav-users wrote:
>
> >Seems that the parameter --max-scantime=#n aborts scan on every file
> after #n ms.
> >But it continues to the next file, instead of clamscan termination +
> summary as I need.
>
> You can easily start another process, which sleeps for your desired
> number of seconds and then kills the clamscan process.  You won't get
> the exact summary which clamscan gives when it terminates normally, but
> you will get the output about what's been found so you can approximate
> the report e.g. by piping the output of the clamscan process to a file
> (perhaps asking for verbose reporting from libclamav and/or clamscan as
> well as reporting clean files) and doing a little bit of scripting.
>
> This does seem to me to be a strange thing to want to do.  If you can
> explain exactly what the problem is and why you think this is the
> solution we might be able to offer alternatives or other suggestions.
>
> If all else fails you have the source code.  It would be possible to
> get clamscan to respond to a signal in the way you describe.
>
> An Englishman asked an Irishman for directions to somewhere.
>
> The Irishman replied, "If I was going there, I wouldn't start from here".
>
> :)
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Terminate clamscan after specific time

2021-01-05 Thread Zvi Kave via clamav-users 
Hi Micah,

Seems that the parameter --max-scantime=#n aborts scan on every file
after #n ms.
But it continues to the next file, instead of clamscan termination +
summary as I need.

Thanks,

 Zvi

On Mon, Dec 28, 2020 at 6:04 PM Zvi Kave via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
>
> Is there a way to Terminate clamscan after specific time with summary ?
>
> Regards,
>
> Zvi
>
>
> <http://www.sigbee.com/he?utm_campaign=signature=6b0b88a7c53f8a989de5ea6375d0750332a86416=66562fe50458cde1.gif>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Terminate clamscan after specific time

2021-01-05 Thread Zvi Kave via clamav-users 

  
  
Micah,


I did not pay attention to this parameter.


Thank you for discovering it,


Zvi



On 1/5/2021 3:53 AM, Micah Snyder
  (micasnyd) via clamav-users wrote:


  
  
  
  
Zvi,
 
Yes, clamscan has a --max-scantime=#n
  option, which is measured in milliseconds.  Clamscan will
  check the time limit periodically and abort the scan if the
  time limit has been exceeded.  There is a similar config
  option for clamd in clamd.conf.
 
Disclaimer: the limit is not precise as
  clamscan may be busy decompressing or parsing a file in
  between checks.  It’s useful mostly when scanning large
  archives and such to abort partway through a long scan. 
   Ideally it would monitor the scan in a watchdog process or
  something so it could abort the scan more precisely but
  unfortunately it doesn’t work that way.
  
 
Regards,
Micah
 

  

  From: clamav-users

On Behalf Of Zvi Kave via clamav-users
Sent: Monday, December 28, 2020 8:04 AM
To: clamav-users@lists.clamav.net
Cc: Zvi Kave 
Subject: [clamav-users] Terminate clamscan after
specific time

  
   
  
Hi,
Is there a way to Terminate clamscan after specific time
  with summary ?
Regards,
Zvi
  

  
  
  
  
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Terminate clamscan after specific time

2020-12-28 Thread Zvi Kave via clamav-users 
Hi,

Is there a way to Terminate clamscan after specific time with summary ?

Regards,

Zvi



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Terminate clamscan after specific time

2020-12-28 Thread Zvi Kave via clamav-users 

  
  
Hi,


Is there a way to Terminate clamscan after specific timeout with
  summary ?


Regards,


Zvi

  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.102.4 crash in test directory

2020-08-10 Thread Zvi Kave via clamav-users 

  
  
Hi,


You are right.

The crash is specific to my build.
On Ubuntu it works well.
I shall open a ticket to supply more information.


Thank you,


Zvi



On 8/9/2020 4:37 PM, G.W. Haywood via
  clamav-users wrote:

Hi
  there,
  
  
  On Sun, 9 Aug 2020, Zvi Kave via clamav-users wrote:
  
  
  I get a crash - Memory fault(coredump) -
when scanning clamav 0.102.4 test directory. Other files pass
OK.


I found that the crash is caused by each one of the 6 files:


clam.ea05.exe, clam.ea06.exe, clam_IScab_ext.exe,
clam_IScab_int.exe, clam_ISmsi_ext.exe, clam_ISmsi_int.exe.

  
  
  I suggest that you open a ticket at
  
  
  https://bugzilla.clamav.net/enter_bug.cgi
  
  
  Using the form there you can attach copies of the files.
  
  
  ... I am running on IBM i PASE, an AIX
Unix-like.

  
  
  This problem may be specific to your build.  After you have
  uploaded
  
  the sample files I will gladly scan them for you using a system
  here,
  
  to see if the same thing happens.
  
  

  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV 0.102.4 crash in test directory

2020-08-09 Thread Zvi Kave via clamav-users 

  
  
Hi,
 
I get a crash
- Memory fault(coredump) - when scanning clamav 0.102.4 test
directory. Other files pass OK.
I found that
  the crash is caused by each one of
the 6 files:
clam.ea05.exe, clam.ea06.exe,
clam_IScab_ext.exe, clam_IScab_int.exe, clam_ISmsi_ext.exe,
clam_ISmsi_int.exe.
 
I use the
  GCC to compile. I am running on IBM i PASE, an AIX Unix-like.

 
Please
  assist me,
 
Run example:
clamscan
/home/AV/clamav-0.102.4/test
/home/AV/clamav-0.102.4/test/Makefile:
OK
/home/AV/clamav-0.102.4/test/Makefile.am: OK
/home/AV/clamav-0.102.4/test/Makefile.in: OK
/home/AV/clamav-0.102.4/test/README: OK
/home/AV/clamav-0.102.4/test/clam.exe.html: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam.exe.mbox.base64:
Clamav.Test.File-6 FOUND
/home/AV/clamav-0.102.4/test/clam.tar.gz: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam.odc.cpio: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam.mail: Clamav.Test.File-6 FOUND
/home/AV/clamav-0.102.4/test/clam.pdf: Clamav.Test.File-6 FOUND
/home/AV/clamav-0.102.4/test/clam.sis: Clamav.Test.File-6 FOUND
/home/AV/clamav-0.102.4/test/clam.impl.zip: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam-aspack.exe: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam.bz2.zip: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clamjol.iso: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam.7z: Clamav.Test.File-6 FOUND
/home/AV/clamav-0.102.4/test/clam.exe.bz2: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam-v3.rar: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam-v2.rar: Clamav.Test.File-6
FOUND
/home/AV/clamav-0.102.4/test/clam.iso: Clamav.Test.File-6 FOUND
/home/AV/clamav-0.102.4/test/clam_cache_emax.tgz:
Clamav.Test.File-6 FOUND
Memory fault(coredump)
$
 
Zvi
  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] DLP extension

2017-11-06 Thread Zvi Kave 
Hi,

I see that only SSN and CC is checked.
Is there a reason for that ?
I am interesting in more DLP types.
Is there a way to add more types ?
Or is there an open DLP types code that can be added ?

Regards,

Zvi
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] partition-intersection ?

2017-06-20 Thread Zvi Kave 
Where can I find deeper explanation of
--partition-intersection - Not clear enough.

Also:
--block-encrypted - Mark encrypted archives as viruses (Encrypted.Zip,
Encrypted.RAR).
Zip/rar files are secured by password. Why it says encrypted ?

Regards,

Zvi
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV virus database not downloaded: No permission ?!

2016-05-17 Thread Zvi Kave 

Al,

But the problem is that in 90% of the cases,

instead of getting the real main.cvd or daily.cvd,

I get a file with the following text:

<|DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

403 Forbidden

Forbidden
You don't have permission to access /daily.cvd
on this server.


Apache/2.4.20 (Unix) OpenSSL/1.0.2g Server at mailto:webmas...@omroep.nl;>database.clamav.net Port 80


Regards,

Zvi

On 17/05/2016 12:13, Al Varnell wrote:

Your main.cvd file should start with:

ClamAV-VDB:16 Mar 2016 23-17 +:57:4218790:60:06386

If it doesn’t then your original download is corrupt and will need to be 
re-downloaded.

-Al-

On Mon, May 16, 2016 at 02:33 AM, Zvi Kave wrote:

Yes. Usually I got a lot of messages like this:
ClamAV update process started at Sat Apr 30 03:00:50 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:00:57 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:01:02 2016
ClamAV update process started at Sat Apr 30 03:01:19 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:01:25 2016

Zvi

On 16/05/2016 11:30, Al Varnell wrote:

Is there some reason you are not using freshclam to do this initially and 
thereafter to download incremental updates?

Sent from Janet's iPad

-Al-

On May 16, 2016, at 1:29 AM, Zvi Kave<zvi.k...@razlee.com>  wrote:

Hi,

I am trying to download daily.cvd and main.cvd by curl command as follows:

curl  --data-binary -k"http://database.clamav.net/daily.cvd;  -G -o daily.cvd

Most of the time, I get this text instead of the real *.cvd file:

<|DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

403 Forbidden

Forbidden
You don't have permission to access /daily.cvd
on this server.


Apache/2.4.20 (Unix) OpenSSL/1.0.2g Server at mailto:webmas...@omroep.nl;>database.clamav.net Port 80


But randomly I get the real cvd file!?

Can someone help me in this weird issue?

Regards,

Zvi

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV virus database not downloaded: No permission ?!

2016-05-16 Thread Zvi Kave 


Yes. Usually I got a lot of messages like this:
ClamAV update process started at Sat Apr 30 03:00:50 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:00:57 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:01:02 2016
ClamAV update process started at Sat Apr 30 03:01:19 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:01:25 2016

Zvi

On 16/05/2016 11:30, Al Varnell wrote:

Is there some reason you are not using freshclam to do this initially and 
thereafter to download incremental updates?

Sent from Janet's iPad

-Al-

On May 16, 2016, at 1:29 AM, Zvi Kave<zvi.k...@razlee.com>  wrote:

Hi,

I am trying to download daily.cvd and main.cvd by curl command as follows:

curl  --data-binary -k"http://database.clamav.net/daily.cvd;  -G -o daily.cvd

Most of the time, I get this text instead of the real *.cvd file:

<|DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

403 Forbidden

Forbidden
You don't have permission to access /daily.cvd
on this server.


Apache/2.4.20 (Unix) OpenSSL/1.0.2g Server at mailto:webmas...@omroep.nl;>database.clamav.net Port 80


But randomly I get the real cvd file!?

Can someone help me in this weird issue?

Regards,

Zvi

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV virus database not downloaded: No permission ?!

2016-05-16 Thread Zvi Kave 

Hi,

I am trying to download daily.cvd and main.cvd by curl command as follows:

curl  --data-binary -k "http://database.clamav.net/daily.cvd; -G -o 
daily.cvd


Most of the time, I get this text instead of the real *.cvd file:

<|DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

403 Forbidden

Forbidden
You don't have permission to access /daily.cvd
on this server.


Apache/2.4.20 (Unix) OpenSSL/1.0.2g Server at href="mailto:webmas...@omroep.nl;>database.clamav.net Port 80



But randomly I get the real cvd file!?

Can someone help me in this weird issue?

Regards,

Zvi


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fwd: Re: clamav-0.98 in AIX: make, libclamav/asn1.c failed to compile

2013-10-02 Thread Zvi Kave 
Dave,

I think that I have bad include path.
At least I solved it by replacing the line

#include time.h


in libclamav/asn1.c and shared/output.c with the absolute include:

#include /usr/include/time.h


Note: I opened it as case 9054 in ClamAV bugzilla, but now I do not know
how to delete or close it there as solved.

Best regards,

Zvi

On 01/10/13 21:37, David Raynor wrote:

On Tue, Oct 1, 2013 at 2:31 PM, David Raynor dray...@sourcefire.com
dray...@sourcefire.com wrote:


 On Tue, Oct 1, 2013 at 11:47 AM, Zvi Kave tz...@razlee.com
tz...@razlee.com wrote:


 I hope that someone can help.
I got the following error on make of clamav-0.98 in AIX:

  CC libclamav_la-version.lo
 CC libclamav_la-asn1.lo
   asn1.c: In function `asn1_get_time':
   asn1.c:293: error: storage size of `t' isn't known
   make: The error code from the last command is 1.


   Stop.

 make: The error code from the last command is 1.


 Stop.
 make: The error code from the last command is 2.


 Stop.
 make: The error code from the last command is 1.


 Stop.
 make: The error code from the last command is 2.


 Stop.
___
Help us build a comprehensive ClamAV
guide:https://github.com/vrtadmin/clamav-faqhttp://www.clamav.net/support/ml

 The t variable in that function is of type struct tm. The asn1.c file
includes time.h earlier in the file on line 25. From the Technical
Reference part of the AIX documentation:
The tm structure is defined in the time.h file ...

Is your time.h file intact? Are you adding any defines that may conflict
with it? Could there be another copy of time.h that is getting included
somehow?

Dave R.

--
---
Dave Raynor
Sourcefire Vulnerability Research teamdray...@sourcefire.com

 Try adding these lines to the asn1.c file on line 24, just before the
include of time.h line 25:

#ifndef _WIN32
#include sys/time.h
#endif

See if that makes a difference.

Dave R.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] clamav-0.98 in AIX: make, libclamav/asn1.c failed to compile

2013-10-01 Thread Zvi Kave 
I hope that someone can help.
I got the following error on make of clamav-0.98 in AIX:

  CC libclamav_la-version.lo
 CC libclamav_la-asn1.lo
   asn1.c: In function `asn1_get_time':
   asn1.c:293: error: storage size of `t' isn't known
   make: The error code from the last command is 1.


   Stop.

 make: The error code from the last command is 1.


 Stop.
 make: The error code from the last command is 2.


 Stop.
 make: The error code from the last command is 1.


 Stop.
 make: The error code from the last command is 2.


 Stop.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] W32/Autorun.worm.aaeh not found in ClamAV ?

2013-04-08 Thread Zvi Kave 


Hi,

I can not understand why  the dangerous virus called 
W32/Autorun.worm.aaeh by McAfee

can not be detected by ClamAV.
http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1607456

I tried to scan it also from free Immunet 3.0 but without detection.
I submitted this virus to ClamAV a month ago!
Am I doing something wrong?

Regards,

Zvi

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] W32/Autorun.worm.aaeh not found in ClamAV ?

2013-04-08 Thread Zvi Kave 

Sorry.

I see now from McAfee link  that it is low risk - 
http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1607456


The file is autorun.inf and it creates few other programs like: 
Secret.exe , Sexy.exe , Porn.exe


I sent the file Sexy.exe  just now under Submit malware in clamav.net 
menu. (autorun.inf disappeared - perhaps by my ESET)

I hope it can help you.

Regards,

Zvi

On 08/04/13 11:51, A K Varnell wrote:

I'm sure it would help the team if you could provide the file name and MD5 hash 
of what you submitted.


-Al-


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] W32/Autorun.worm.aaeh not found in ClamAV ?

2013-04-08 Thread Zvi Kave 

Al,

Just now I restored and submitted autorun.inf as well to submit 
malware in clamav.net

From sigtool I got this MD5 signature;
3b19da4562e3729854ae6b3fe127:1123:Autorun.inf

Regards,

Zvi

On 08/04/13 11:51, A K Varnell wrote:

I'm sure it would help the team if you could provide the file name and MD5 hash 
of what you submitted.


-Al-


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] ZEUS virus

2013-02-21 Thread Zvi Kave 

Hi,

Is there a signature for ZEUS virus in ClamAV ?

Zvi
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] ZEUS virus

2013-02-21 Thread Zvi Kave 

Thank you Chuck (and Alain as well) for the list.

Zvi

- Original Message - 
From: Chuck Swiger cswi...@mac.com

To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Thursday, February 21, 2013 8:33 PM
Subject: Re: [clamav-users] ZEUS virus



Hi--

On Feb 21, 2013, at 10:28 AM, Zvi Kave wrote:

Is there a signature for ZEUS virus in ClamAV ?


Yes, there are several ZEUS signatures:

% sigtool -fZeus
[daily.mdb] 2560:34a6f6e6bb8d80fa52b9521dcfc1577d:Win.Trojan.Zeus-1
[daily.mdb] 51388:a3571f6881a9a8b84593c79796131e5a:Win.Trojan.Zeus-2
[daily.ndb] 
Win.Trojan.Zeus:1:*:7700696e66322e6461744655434b
[main.db] Zeus 
(Clam)=c08ed0bc007c8ed8b96900be547cb81990e87a00f21f4179686d1f816d2280ec598769288ae057d22b9153813793
[main.db] Zeus-1 
(Clam)=8ed0bc007c8ed8b96900be547cb85090e87a00bb540836212656f61459f99320fc105fc3ab1e9d62da1ad66ec8

[main.mdb] 2048:88e9fa738b206e687f16ab76bfcbf149:Trojan.Spy.Zeus
[main.mdb] 35840:e9767c30a483450fb1c2c777d4826be7:Trojan.Spy.Zeus-1
[main.mdb] 34816:04666acca8a323708585456c01cc15f8:Trojan.Spy.Zeus-2
[main.mdb] 37376:de73df1274f195e9ce2a4192e37d17ba:Trojan.Spy.Zeus-3
[main.mdb] 5120:9271dcaa30e5f951b3519fcc4a4fe775:Trojan.Spy.Zeus-4
[main.mdb] 34816:64a83405aed1a687db904b0da6dc182b:Trojan.Spy.Zeus-5

Regards,
--
-Chuck

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml 


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Remarkable features/changes from 0.95.3 ?

2011-06-09 Thread Zvi Kave 
Hi,

I am working with  clamav 0.95.3.
Where can I find the features added to the newer 0.97 version ?

Thanks,

Zvi


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 6191 (20110608) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Remarkable features/changes from 0.95.3 ?

2011-06-09 Thread Zvi Kave 

Edwin,

Thank you,

Zvi

- Original Message - 
From: Török Edwin edwinto...@gmail.com

To: clamav-users@lists.clamav.net
Sent: 09 June, 2011 12:34 PM
Subject: Re: [clamav-users] Remarkable features/changes from 0.95.3 ?



On 06/09/2011 11:59 AM, Zvi Kave wrote:

Hi,

I am working with  clamav 0.95.3.
Where can I find the features added to the newer 0.97 version ?



Reading clamav-announce for 0.96.x and 0.97:
http://lurker.clamav.net/message/20100331.203901.0d247020.en.html
http://lurker.clamav.net/message/20100812.184742.9ceb4173.en.html
http://lurker.clamav.net/message/20101130.141720.df0fdbf3.en.html
http://lurker.clamav.net/message/20110207.184626.7dbb7fec.en.html

Or read the git logs for full changes:
git log clamav-0.95.3..clamav-0.97
Or see the ChangeLog file:
http://www.clamav.net/release-info/changelog/0.97

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

__ Information from ESET NOD32 Antivirus, version of virus 
signature database 6191 (20110608) __


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com






__ Information from ESET NOD32 Antivirus, version of virus signature 
database 6192 (20110609) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] clamav-0.96.2 pthread error

2010-09-12 Thread Zvi Kave 


I am trying to configure and make clamav-0.96.2 by AIX gcc 3.3.2,
but I got the following error - someone can help ?

Thanks, 

Zvi

./configure
...
checking pthread.h usability... no  
 
checking pthread.h presence... yes  
 
configure: WARNING: pthread.h: present but cannot be compiled   
 
configure: WARNING: pthread.h: check for missing prerequisite headers?  
 
configure: WARNING: pthread.h: see the Autoconf documentation   
 
configure: WARNING: pthread.h: section Present But Cannot Be Compiled 
 
configure: WARNING: pthread.h: proceeding with the compiler's result
 
configure: WARNING: ## -- ##
 
configure: WARNING: ## Report this to http://bugs.clamav.net/ ##
 
configure: WARNING: ## -- ##
 
checking for pthread.h... no
 
...

make
...
  CC libclamav_la-cache.lo
In file included from cache.c:27: 
/usr/include/pthread.h:554: error: parse error before '*' token   
/usr/include/pthread.h:557: error: parse error before '*' token   
/usr/include/pthread.h:561: error: parse error before '*' token   
/usr/include/pthread.h:564: error: parse error before '*' token   
/usr/include/pthread.h:567: error: parse error before '*' token   
/usr/include/pthread.h:570: error: parse error before '*' token   
/usr/include/pthread.h:573: error: parse error before '*' token   
/usr/include/pthread.h:576: error: parse error before '*' token   
/usr/include/pthread.h:579: error: parse error before '*' token   
/usr/include/pthread.h:583: error: parse error before '*' token   
/usr/include/pthread.h:586: error: parse error before '*' token   
make: The error code from the last command is 1.  

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-0.96.2 pthread error

2010-09-12 Thread Zvi Kave 

Hi Edwin,

You are right. I have the same error with the suggested test.
Now I have to find new AIX gcc binaries.

Thanks,

Zvi

- Original Message - 
From: Török Edwin edwinto...@gmail.com

To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Sunday, September 12, 2010 2:37 PM
Subject: Re: [Clamav-users] clamav-0.96.2 pthread error



On Sun, 12 Sep 2010 12:35:14 +0200
Zvi Kave zvi.k...@razlee.com wrote:




I am trying to configure and make clamav-0.96.2 by AIX gcc 3.3.2,
but I got the following error - someone can help ?

Thanks,

Zvi

./configure
...
checking pthread.h usability...
no checking pthread.h presence...
yes configure: WARNING: pthread.h: present but cannot be
compiled configure: WARNING: pthread.h: check for missing
prerequisite headers? configure: WARNING: pthread.h: see the Autoconf
documentation configure: WARNING: pthread.h: section Present But
Cannot Be Compiled configure: WARNING: pthread.h: proceeding with
the compiler's result configure: WARNING: ##
-- ## configure: WARNING: ##
Report this to http://bugs.clamav.net/ ## configure: WARNING: ##
-- ## checking for pthread.h...


Looks like your pthread.h or your compiler is broken.
Do other apps that use pthread work?

Does this trivial app compile:
#include pthread.h
int main() { return 0;}

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

__ Information from ESET NOD32 Antivirus, version of virus 
signature database 5444 (20100912) __


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] problems with virus submission

2009-02-24 Thread Zvi Kave 
Karl,

I also submitted Win32/Mabezat.A virus long time ago but it is not detected 
yet.
So I added it by sigtool.
They have sigtool to create a signature by yourself.
By default you have to put it in /usr/local/share/clamav/
(or in your signature directory if you changed the default)
To create it, better to change file name to virus name,
because sigtool uses it to name the virus.
I hope that it will work for your virus as well.
Here are the steps:

cp 090209674.MSG Win32.Trojan.Zbot-3045
sigtool --md5 Win32.Trojan.Zbot-3045  
/usr/local/share/clamav/Win32.Trojan.Zbot-3045.hdb

Now try to scan:
clamscan 090209674.MSG

Regards,

Zvi

- Original Message - 
From: Karlheinz Schmidthaus ksng1...@ksit.de
To: clamav-users@lists.clamav.net
Sent: Monday, February 23, 2009 11:38 PM
Subject: [Clamav-users] problems with virus submission


I received the following answer after submission, but the trojan is not 
detected:

 The notice is:
 Result:

 Submission completed!
 090209674.MSG has been successfully sent to the virusdb maintainer team...


 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

 __ Information from ESET NOD32 Antivirus, version of virus 
 signature database 3881 (20090223) __

 The message was checked by ESET NOD32 Antivirus.

 http://www.eset.com


 

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] WIN32.Mabezat.A not detected

2008-12-09 Thread Zvi Kave 
Hi,

I have a virus file detected by NOD32 and AVG as WIN32.Mabezat.A.
When running clamscan on this file , it says OK.

when running sigtool -l | grep -i mabezat
I got the list:
W32.Mabezat-1
W32.Mabezat-2
W32.Mabezat
W32.Mabezat-3

I sent the virus file twice to ClamAV team in last week, but still it is OK.
Someone knows why.
It seems from sigtool that the virus is in the database.

Regards,

Zvi
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Mabezat virus

2008-12-04 Thread Zvi Kave 
Hi all,

I saw that Mabezat viruses are in virus DB, but for some reason it is not 
detected.
Someone knows why??

Zvi 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Mabezat virus not detected

2008-12-04 Thread Zvi Kave 
I forgot to specify that it is ClamAV 0.94.2 in Fedora 8.
sigtool -l shows this:
# sigtool -v -l | grep -i mabezat
W32.Mabezat-1
W32.Mabezat-2
W32.Mabezat
W32.Mabezat-3

NODE32 detects it from Windows as W32/Mabezat.A

Zvi

- Original Message - 
From: Zvi Kave [EMAIL PROTECTED]
To: clamav-users@lists.clamav.net
Sent: Thursday, December 04, 2008 6:03 PM
Subject: [Clamav-users] Mabezat virus


 Hi all,

 I saw that Mabezat viruses are in virus DB, but for some reason it is not 
 detected.
 Someone knows why??

 Zvi
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

 __ Information from ESET NOD32 Antivirus, version of virus 
 signature database 3664 (20081204) __

 The message was checked by ESET NOD32 Antivirus.

 http://www.eset.com


 

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] EBCDIC ClamAV version?

2006-09-05 Thread Zvi Kave 
Is there a version or configuration option for EBCDIC computer?

Regards,

Zvi
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Independent analysis of anti-virus solution providers

2006-08-29 Thread Zvi Kave 
We are looking for independent 3rd party analysis of ClamAV against other 
leading anti-virus solution providers,
which will hopefully show ClamAV's results as equaling or being superior to 
some of the commercial products on the market.

Thank you.
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Small number of ClamAV known viruses ?

2006-07-18 Thread Zvi Kave 
Why ClamAV has significally small number of known viruses
in comparison to other AV software ?

Thanks,

Zvi
___
http://lurker.clamav.net/list/clamav-users.html