Re: [Clamav-users] Newbie question.
Hello Erik, the previous replier with the HAVP suggestion is in all-likelihood your best if not easier choice. FWIF: there is also a so-called ICAP solution which has built in support in squid 3.x. So far I and only one other ML member has got it to compile and work. In fact I have it deployed as a daemon and the squid daemon and the icap daemon communicate but never find any viruses even if I download the eicar test file. The other ML member claims to get a response when he downloads the eicar virus test file. The only advantage to ICAP is the squid.conf is the only real configuration needed. Og, Hvordan står det till i Danmark? My wife and my other Norske friends say: Hei, Hei! Erik P. Olsen wrote .. I am running fedora 10, thunderbird 2.0.0.9 and firefox 3.0.7 and I would like to install clamav to catch vira which might enter the system through TB or FF. The calmav user manual has not been very helpful in this respect, so I would like to hear if someone could point me to a howto with specific information on installation and configuration. Thanks in advance Erik. -- Erik P. Olsen, M.Sc. EE. Solsortvej 30, DK-2000 Frederiksberg, Denmark Phone: +45 32106480, Mobil: +45 40765300 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Newbie question.
Hello, On 10.03.09 21:35, Erik P. Olsen wrote: please set up your mailer to wrap lines below 80 characters per line. 721 to 76 is usually OK. I am running fedora 10, thunderbird 2.0.0.9 and firefox 3.0.7 and I would like to install clamav to catch vira which might enter the system through TB or FF. The calmav user manual has not been very helpful in this respect, so I would like to hear if someone could point me to a howto with specific information on installation and configuration. How do you think will those virii get to your computer? Although it was reported, I have never seen virus under linux system. If you are afraid of linux viruses, I think you (the user) are much more dangerous to your system. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] ClamAV Webinar on Signature Writing
Folks, The slides for Alain Zidouemba's talk on writing signatures for ClamAV are now available at http://www.clamav.net/doc/webinars/Webinar-Alain-2009-03-04.pdf . I'm sorry for the delay in making the recording available, I expect to be able to make an announcement on that soon. -Nigel -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +44 1226 241048, +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Newbie question.
Matus UHLAR - fantomas wrote: Hello, On 10.03.09 21:35, Erik P. Olsen wrote: please set up your mailer to wrap lines below 80 characters per line. 721 to 76 is usually OK. I am running fedora 10, thunderbird 2.0.0.9 and firefox 3.0.7 and I would like to install clamav to catch vira which might enter the system through TB or FF. The calmav user manual has not been very helpful in this respect, so I would like to hear if someone could point me to a howto with specific information on installation and configuration. How do you think will those virii get to your computer? Although it was reported, I have never seen virus under linux system. If you are afraid of linux viruses, I think you (the user) are much more dangerous to your system. I would be looking at tools like chkrootkit, rkhunter and aide for your purposes. These are tools specifically intended for the *nix OS system. ClamAV is aimed more for email scanning. Besides the scales are still tipped towards Microsoft OS's and Internet Explorer. Even stuff aimed at Firefox is still aimed at Firefox under Windows, not under *nix. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Newbie question.
Matus UHLAR - fantomas wrote: Hello, On 10.03.09 21:35, Erik P. Olsen wrote: please set up your mailer to wrap lines below 80 characters per line. 721 to 76 is usually OK. I am running fedora 10, thunderbird 2.0.0.9 and firefox 3.0.7 and I would like to install clamav to catch vira which might enter the system through TB or FF. The calmav user manual has not been very helpful in this respect, so I would like to hear if someone could point me to a howto with specific information on installation and configuration. How do you think will those virii get to your computer? Although it was reported, I have never seen virus under linux system. If you are afraid of linux viruses, I think you (the user) are much more dangerous to your system. They come in like any other virus. They become a problem when Samba is involved, and with Windows virtual machines running in Linux. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Functionality level message with virus definition update version 9081.
Thank you Nigel. I hope your arm is much better now. I think any urgent news should be posted via Twitter or similar ways and emailed as an backup method of communicating to the clamav users. Frank Dennis Peterson wrote: Luca Gibelli wrote: ÊÊ You can safely ignore this temporary warning. It should go away in a matter of minutes. Best regards Sounds like a good thing to twitter. ÊÊ Good idea. I've done that. dp -Nigel -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +44 1226 241048, +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] News about 0.95
Folks, I am pleased to let you know of a major new feature to be added to ClamAV. 0.95RC2 will be released next Monday, 16/3/09, which will include support for Google Safe Browsing. We wish to avoid a major new functionality such as this going into the marketplace untested by adding it as a feature between the release candidate and the full version. Furthermore, we don't want to wait for 0.96 to publish the code, given that the code is ready now and it's a major feature, not something for a minor release such as 0.95.1. Therefore we've decided to publish the extra release candidate for 0.95. 0.95RC2 will have this feature built-in. 0.95 is now due for publication on 23rd March, a slippage of 1 week which I hope you will all accept so that we can ensure that this new feature is fully tested before it goes live on your servers. We expect the functionality will be off by default. The entry in freshclam.conf will be SafeBrowsing Yes. There is no option in clamd.conf. If the engine finds Google Safe Browsing files in the database directory, ClamAV will enable safe browsing. To turn it off you need to update freshclam.conf and remove the safebrowsing files from the database directory before restarting clamd. The above two points are as of now, and may change between now and Monday. Best Regards, -Nigel -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +44 1226 241048, +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] News about 0.95
--On 11 March 2009 17:07:19 + Nigel Horne n...@bandsman.co.uk wrote: Folks, I am pleased to let you know of a major new feature to be added to ClamAV. 0.95RC2 will be released next Monday, 16/3/09, which will include support for Google Safe Browsing. That sounds good. What does it do, though? My guess is that it enables freshclam to download copies of files containing URLs that Google considers unsafe, and then clamd will block emails that contain those URLs. Is that right? We wish to avoid a major new functionality such as this going into the marketplace untested by adding it as a feature between the release candidate and the full version. Furthermore, we don't want to wait for 0.96 to publish the code, given that the code is ready now and it's a major feature, not something for a minor release such as 0.95.1. Therefore we've decided to publish the extra release candidate for 0.95. 0.95RC2 will have this feature built-in. 0.95 is now due for publication on 23rd March, a slippage of 1 week which I hope you will all accept so that we can ensure that this new feature is fully tested before it goes live on your servers. We expect the functionality will be off by default. The entry in freshclam.conf will be SafeBrowsing Yes. There is no option in clamd.conf. If the engine finds Google Safe Browsing files in the database directory, ClamAV will enable safe browsing. To turn it off you need to update freshclam.conf and remove the safebrowsing files from the database directory before restarting clamd. The above two points are as of now, and may change between now and Monday. Best Regards, -Nigel -- Ian Eiloart IT Services, University of Sussex x3148 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] News about 0.95
On Wed, 11 Mar 2009 17:56:22 + Ian Eiloart i...@sussex.ac.uk wrote: That sounds good. What does it do, though? My guess is that it enables freshclam to download copies of files containing URLs that Google considers unsafe, and then clamd will block emails that contain those URLs. Is that right? http://code.google.com/apis/safebrowsing/ Sounds like it.. might be possible to check realtime too.. but the quick blurb on the site just mentions downloading a lookup table to the local machine. Looks good to me tho. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] News about 0.95
Nigel Horne wrote: Folks, Hi Folk, I am pleased to let you know of a major new feature to be added to ClamAV. 0.95RC2 will be released next Monday, 16/3/09, which will include support for Google Safe Browsing. Some questions : * if I understood, freshclam will get the complete list of URLs from Google. The computer running clamav/clamd/... will get this list from clamav (as a signature) not from Google. Right ? * What about Google license issues for final user ? Regards, José-Marcio ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] News about 0.95
On Wed, 11 Mar 2009 22:06:19 +0100 Jose-Marcio Martins da Cruz jose-marcio.mart...@ensmp.fr wrote: * if I understood, freshclam will get the complete list of URLs from Google. The computer running clamav/clamd/... will get this list from clamav (as a signature) not from Google. Right ? That's right, freshclam will be updating safebrowsing.cvd from our own mirrors (in the same way as daily.cvd and main.cvd) and not directly from Google. * What about Google license issues for final user ? The safebrowsing.cvd will be distributed under Google's terms and license. Therefore, before enabling SafeBrowsing in freshclam.conf one should check that he's OK with that license. We'll provide all necessary information and links to make it easy to find out. Regards, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 11 23:05:04 CET 2009 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] News about 0.95
Tomasz Kojm wrote: On Wed, 11 Mar 2009 22:06:19 +0100 Jose-Marcio Martins da Cruz jose-marcio.mart...@ensmp.fr wrote: * if I understood, freshclam will get the complete list of URLs from Google. The computer running clamav/clamd/... will get this list from clamav (as a signature) not from Google. Right ? That's right, freshclam will be updating safebrowsing.cvd from our own mirrors (in the same way as daily.cvd and main.cvd) and not directly from Google. * What about Google license issues for final user ? The safebrowsing.cvd will be distributed under Google's terms and license. Therefore, before enabling SafeBrowsing in freshclam.conf one should check that he's OK with that license. We'll provide all necessary information and links to make it easy to find out. Regards, Is such a list now available to explore for gotcha's that need to be whitelisted? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Newbie question.
On 11/03/09 16:26, Matus UHLAR - fantomas wrote: How do you think will those virii get to your computer? Although it was reported, I have never seen virus under linux system. If you are afraid of linux viruses, I think you (the user) are much more dangerous to your system. I have my reasons. Erik. -- Erik P. Olsen, M.Sc. EE. Solsortvej 30, DK-2000 Frederiksberg, Denmark Phone: +45 32106480, Mobil: +45 40765300 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Newbie question.
On 11/03/09 17:41, Lyle Giese wrote: I would be looking at tools like chkrootkit, rkhunter and aide for your purposes. These are tools specifically intended for the *nix OS system. ClamAV is aimed more for email scanning. Besides the scales are still tipped towards Microsoft OS's and Internet Explorer. Even stuff aimed at Firefox is still aimed at Firefox under Windows, not under *nix. This is exactly what I intend to use clamav for. But perhaps email scanning is not what I think it is. I receive files through e-mail, internet downloads and usb sticks which I redistribute to various users and I want to be sure that what I send out is free from vira. Won't clamav do the job? Erik. -- Erik P. Olsen, M.Sc. EE. Solsortvej 30, DK-2000 Frederiksberg, Denmark Phone: +45 32106480, Mobil: +45 40765300 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Newbie question.
Erik P. Olsen wrote: On 11/03/09 17:41, Lyle Giese wrote: I would be looking at tools like chkrootkit, rkhunter and aide for your purposes. These are tools specifically intended for the *nix OS system. ClamAV is aimed more for email scanning. Besides the scales are still tipped towards Microsoft OS's and Internet Explorer. Even stuff aimed at Firefox is still aimed at Firefox under Windows, not under *nix. This is exactly what I intend to use clamav for. But perhaps email scanning is not what I think it is. I receive files through e-mail, internet downloads and usb sticks which I redistribute to various users and I want to be sure that what I send out is free from vira. Won't clamav do the job? Erik. It will. It will actually find any virus for any OS for which there is a signature, and if you can't find a signature, submit the sample to ClamAV and then make your own signature while waiting for the sample to be included. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml