Re: [Clamav-users] Havp + Clamav + Email.Trojan-8
Your virus database was updated at 9 august 2008, and a lot of sites are recognised as virus threat. For example: ixbt.com, thg.ru, overclockers.ru. Virus is: Submission-ID: 4157162 Sender: Ricardo Added: Email.Trojan-8 I think that this is mistake. Yes!!! rambler.ru and utro.ru are blocked too. That's a huge problem, we use havp+clamav and my phone is ringing all the time, angry users complain about blocked sites, most of russian internet is blocked. How to remove this virus before everything is fixed? -- Roman V. Isaev http://www.soprano-recorder.ru Moscow, Russia ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Havp + Clamav + Email.Trojan-8
Your virus database was updated at 9 august 2008, and a lot of sites are recognised as virus threat. For example: ixbt.com, thg.ru, overclockers.ru. Virus is: Submission-ID: 4157162 Sender: Ricardo Added: Email.Trojan-8 I think that this is mistake. Yes!!! rambler.ru and utro.ru are blocked too. That's a huge problem, we use havp+clamav and my phone is ringing all the time, angry users complain about blocked sites, most of russian internet is blocked. How to remove this virus before everything is fixed? Have you checked HAVP configuration? Yes I did. I had to stop freshclam, unpack daily.cld with sigtool, remove daily.cld and remove this string: Email.Trojan-8:3:*:696d67207372633d22687474703a2f2f61642e616472697665722e72752f6367692d62696e After that everything works ok. I've downloaded one of the pages from blocked sites and will try to submit it as false positive. To many sites are affected to be a virus and I did not see anything criminal in that page (I'm not that good with javascript tho). -- Roman V. Isaev http://www.soprano-recorder.ru Moscow, Russia ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Havp + Clamav + Email.Trojan-8
On Mon, Aug 11, 2008 at 12:45:51PM +0400, Roman V. Isaev wrote: Your virus database was updated at 9 august 2008, and a lot of sites are recognised as virus threat. For example: ixbt.com, thg.ru, overclockers.ru. Virus is: Submission-ID: 4157162 Sender: Ricardo Added: Email.Trojan-8 I think that this is mistake. Yes!!! rambler.ru and utro.ru are blocked too. That's a huge problem, we use havp+clamav and my phone is ringing all the time, angry users complain about blocked sites, most of russian internet is blocked. How to remove this virus before everything is fixed? Have you checked HAVP configuration? Yes I did. I had to stop freshclam, unpack daily.cld with sigtool, remove daily.cld and remove this string: Email.Trojan-8:3:*:696d67207372633d22687474703a2f2f61642e616472697665722e72752f6367692d62696e After that everything works ok. I gave you example HAVP config to stop it more easily: IGNOREVIRUS Email. There is not much point in searching Email viruses from web. Only marginal benefit is possibly catching something from peoples webmail. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Havp + Clamav + Email.Trojan-8
Henrik K пишет: On Mon, Aug 11, 2008 at 12:45:51PM +0400, Roman V. Isaev wrote: Your virus database was updated at 9 august 2008, and a lot of sites are recognised as virus threat. For example: ixbt.com, thg.ru, overclockers.ru. Virus is: Submission-ID: 4157162 Sender: Ricardo Added: Email.Trojan-8 I think that this is mistake. Yes!!! rambler.ru and utro.ru are blocked too. That's a huge problem, we use havp+clamav and my phone is ringing all the time, angry users complain about blocked sites, most of russian internet is blocked. How to remove this virus before everything is fixed? Have you checked HAVP configuration? Yes I did. I had to stop freshclam, unpack daily.cld with sigtool, remove daily.cld and remove this string: Email.Trojan-8:3:*:696d67207372633d22687474703a2f2f61642e616472697665722e72752f6367692d62696e After that everything works ok. I gave you example HAVP config to stop it more easily: IGNOREVIRUS Email. There is not much point in searching Email viruses from web. Only marginal benefit is possibly catching something from peoples webmail. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml OK. Thanks it really works for me. Will wait... -- С уважением, Волков Андрей, системный администратор SRL Rusnac-MoldAqua ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Havp + Clamav + Email.Trojan-8
I gave you example HAVP config to stop it more easily: IGNOREVIRUS Email. Yes, thanks, but I saw your letter after I alredy implemented my own solution :) I just don't want to fiddle with clamd any more until 18:00 (end of the workday). IGNOREVIRUS is a good solution. There is not much point in searching Email viruses from web. Only marginal benefit is possibly catching something from peoples webmail. According to my squid logs about 40% of my office users visit various webmail systems (and that's a lot) on regular basis. I'll block exactly the culprit. -- Roman V. Isaev http://www.soprano-recorder.ru Moscow, Russia ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Havp + Clamav + Email.Trojan-8
On Mon, Aug 11, 2008 at 04:04:00PM +0400, Roman V. Isaev wrote: I gave you example HAVP config to stop it more easily: IGNOREVIRUS Email. Yes, thanks, but I saw your letter after I alredy implemented my own solution :) I just don't want to fiddle with clamd any more until 18:00 (end of the workday). IGNOREVIRUS is a good solution. There is not much point in searching Email viruses from web. Only marginal benefit is possibly catching something from peoples webmail. According to my squid logs about 40% of my office users visit various webmail systems (and that's a lot) on regular basis. I'll block exactly the culprit. Unfortunately less than 5% of Email.* signatures match anything else than a real mail (mbox) file. So there is a pretty slim chance of even catching anything from webmails. But if it makes you happy, who am I to tell otherwise. :) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Havp + Clamav + Email.Trojan-8
Hi there! Your virus database was updated at 9 august 2008, and a lot of sites are recognised as virus threat. For example: ixbt.com, thg.ru, overclockers.ru. Virus is: Submission-ID: 4157162 Sender: Ricardo Added: Email.Trojan-8 I think that this is mistake. -- С уважением, Волков Андрей, системный администратор SRL Rusnac-MoldAqua ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml