RE: [Clamav-users] RFE: clamav-milter stuff
On Wed, 10 Mar 2004, Damian Menscher wrote: On Wed, 10 Mar 2004, Nigel Horne wrote: ClamAV version 0.67-1, clamav-milter version 0.67a Please be more specific by: (b) giving an example of a message that you think is missing some information, since all the messages I see already contain the virus/worm name 550 5.7.1 Virus detected by ClamAV - http://www.clamav.net (d) pointing out and example of what more you want. How about something like: 550 5.7.1 Virus detected: Mydoom.f (http://www.clamav.net/) Just a reminder, this is still something we're waiting for. It doesn't look like it's been changed in CVS, though I hear someone submitted a patch for it. (I'm being a bit pushy since it would be good to get this into the final release of 0.70.) Also, I'd like to add another, slightly more difficult, request: a little more flexibility in the drop/bounce/reject options. If the virus database could contain a flag of whether the virus is one that spoofs the from address, versus one that doesn't, versus one that attaches to legitimate files (word macro viruses, for example), then postmasters could decide whether to drop/bounce/reject these different *classes* of viruses accordingly. Would certainly end the endless debate about what is the best method, or at least make it more interesting. ;) Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] RFE: clamav-milter stuff
[Please point me to the right place to send an RFE, if this isn't it. The clamav-milter should be a bit more descriptive than just saying a virus was found. Like saying the Klez virus was found, for example. Also, there should be a way to reject a message 5xx status while still saving a copy for archival purposes. Finally, freshclam -d should be started in the clamd startup script. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RFE: clamav-milter stuff
On Wednesday 10 Mar 2004 10:28 am, Damian Menscher wrote: The clamav-milter should be a bit more descriptive than just saying a virus was found. Like saying the Klez virus was found, for example. Please be more specific by: (a) quoting the version of clamav-milter you're running (b) giving an example of a message that you think is missing some information, since all the messages I see already contain the virus/worm name (c) what do you mean by 'message': entry in syslog? e-mail? message on stderr? debug output? (d) pointing out and example of what more you want. Also, there should be a way to reject a message 5xx status while still saving a copy for archival purposes. Why not use either the --quarantine or --quarantine-dir options for this? Damian Menscher -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RFE: clamav-milter stuff
On Wed, 10 Mar 2004, Nigel Horne wrote: On Wednesday 10 Mar 2004 10:28 am, Damian Menscher wrote: The clamav-milter should be a bit more descriptive than just saying a virus was found. Like saying the Klez virus was found, for example. Please be more specific by: (a) quoting the version of clamav-milter you're running The latest released version: 0.67-1 (b) giving an example of a message that you think is missing some information, since all the messages I see already contain the virus/worm name 550 5.7.1 Virus detected by ClamAV - http://www.clamav.net (c) what do you mean by 'message': entry in syslog? e-mail? message on stderr? debug output? None of the above. I'm referring to the text message in sendmail's rejection. (d) pointing out and example of what more you want. How about something like: 550 5.7.1 Virus detected: Mydoom.f (http://www.clamav.net/) Also, there should be a way to reject a message 5xx status while still saving a copy for archival purposes. Why not use either the --quarantine or --quarantine-dir options for this? I might be doing something wrong, but my tests indicate that enabling --quarantine causes sendmail to accept the message and then redirect it. I want it to *reject* the message and filter it. This guards against false positives in two ways: the sender gets a bounce and resends it, while the recipient has the option to look in their folder of caught viruses. I realize this could also be accomplished by enabling the --bounce option, but with all the spoofed From: headers I find generating any new email as a result of a virus to be morally wrong. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RFE: clamav-milter stuff
Damian Menscher wrote: Also, there should be a way to reject a message 5xx status while still saving a copy for archival purposes. Finally, freshclam -d should be started in the clamd startup script. I think no. Some people using different technique for virusdb updates as rsync, local mirror shares, etc. Petr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] RFE: clamav-milter stuff
Please be more specific by: (a) quoting the version of clamav-milter you're running The latest released version: 0.67-1 That's a version of clamAV, not clamav-milter. Please run 'clamav-milter --version'. (b) giving an example of a message that you think is missing some information, since all the messages I see already contain the virus/worm name 550 5.7.1 Virus detected by ClamAV - http://www.clamav.net (c) what do you mean by 'message': entry in syslog? e-mail? message on stderr? debug output? None of the above. I'm referring to the text message in sendmail's rejection. Actually that's the 3rd option (e-mail), but nevertheless now I know what you're referring to I'll look at it. (d) pointing out and example of what more you want. How about something like: 550 5.7.1 Virus detected: Mydoom.f (http://www.clamav.net/) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] RFE: clamav-milter stuff
On Wed, 10 Mar 2004, Nigel Horne wrote: Please be more specific by: (a) quoting the version of clamav-milter you're running The latest released version: 0.67-1 That's a version of clamAV, not clamav-milter. Please run 'clamav-milter --version'. ClamAV version 0.67-1, clamav-milter version 0.67a (b) giving an example of a message that you think is missing some information, since all the messages I see already contain the virus/worm name 550 5.7.1 Virus detected by ClamAV - http://www.clamav.net (c) what do you mean by 'message': entry in syslog? e-mail? message on stderr? debug output? None of the above. I'm referring to the text message in sendmail's rejection. Actually that's the 3rd option (e-mail), but nevertheless now I know what you're referring to I'll look at it. Oh, ok.. I was trying to distinguish the text accompanying the return code from the text of a --bounce message. By the way, while I'm being picky, perhaps sending a bounce message (as opposed to rejecting the message) is not an appropriate default? I'm sure we're all well aware of how annoying bounces are in the age of spoofed headers Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RFE: clamav-milter stuff
On Wednesday, March 10, 2004, at 09:31 pm, Damian Menscher wrote: By the way, while I'm being picky, perhaps sending a bounce message (as opposed to rejecting the message) is not an appropriate default? That isn't the default action. You have to give the --bounce option for a bounce to be generated Damian Menscher --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RFE: clamav-milter stuff
On Wed, 10 Mar 2004, Nigel Horne wrote: On Wednesday, March 10, 2004, at 09:31 pm, Damian Menscher wrote: By the way, while I'm being picky, perhaps sending a bounce message (as opposed to rejecting the message) is not an appropriate default? That isn't the default action. You have to give the --bounce option for a bounce to be generated Sorry, I was unclear. The bounce is a message to the original recipient and to the postmaster saying that a virus has been filtered. Not quite as bad as sending it to a non-existent sender, but still a bit annoying, since all it says is that you failed to receive some message. Hard to imagine why anyone would want this. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users