[Declude.Virus] Fw: A secret e-card has been sent fot you!!
Pretty nice peice of social engineering below - how many of your users will click on this tomorrow :) Who can resist the temptation of a "secret" greeting card. The link actually takes you to http://www.lkkm.cz/help/postcard.gif.exe Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: e-greetings.com To: [EMAIL PROTECTED] Sent: Thursday, September 28, 2006 10:20 PM Subject: A secret e-card has been sent fot you!! Hello friend !A friend has sent you an ecard from e-greetings.comSend free ecards from e-greetings.com with your choice of colors, words and music.Your ecard will be available with us for the next 10 days. If you wish to keep the greeting longer, you may save it on your computer or take a print.To view your ecard, click on the following Internet address.http://www.e-greetings.com/view.php?sid=1246 Hope you will visit us,e-greetings.com ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
[Declude.Virus] ClamAV Exit codes
Does anyone know what exit codes ClamAV has and what they mean? From 2006-09-27 06:50PM on I can see a huge number of Virus scanner 2 reports exit code of 2 ...in the virus-logfile. Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Fw: A secret e-card has been sent fot you!!
Darrell ([EMAIL PROTECTED]) wrote: Pretty nice peice of social engineering below - how many of your users will click on this tomorrow :) Who can resist the temptation of a "secret" greeting card. I get quite a few of these - here is my postcard-phish.txt SKIPIFWEIGHT 26 REVDNS END ENDSWITH 1001.com BODY END NOTCONTAINS postcards.org HEADERS 5 CONTAINS @postcards1001.com BODY 5 CONTAINS .exe -Nick The link actually takes you to http://www.lkkm.cz/help/postcard.gif.exe Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: e-greetings.com To: [EMAIL PROTECTED] Sent: Thursday, September 28, 2006 10:20 PM Subject: A secret e-card has been sent fot you!! Hello friend ! A friend has sent you an ecard from e-greetings.com Send free ecards from e-greetings.com with your choice of colors, words and music. Your ecard will be available with us for the next 10 days. If you wish to keep the greeting longer, you may save it on your computer or take a print. To view your ecard, click on the following Internet address. http://www.e-greetings.com/view.php?sid=1246 Hope you will visit us, e-greetings.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
Re: [Declude.Virus] ClamAV Exit codes
Failure I do believe, probably ClamD is not running? -Nick Markus Gufler wrote: Does anyone know what exit codes ClamAV has and what they mean? From 2006-09-27 06:50PM on I can see a huge number of Virus scanner 2 reports exit code of 2 ...in the virus-logfile. Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV Exit codes
Failure I do believe, probably ClamD is not running? Correct. Thank you. Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV Exit codes
Thank you The strange thing is that the error doesn't appeared constantly at a certain point. At 06:50PM there was the first dozen result codes 2. Then the next one appeared at 11:00PM but still not contantly. There was always 0 and 1 codes. But then it become more and more, and then at a certain point the only result code was 2. Does this mean that clamd can also decease slowly? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of george kulman Sent: Friday, September 29, 2006 4:22 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Markus, Here are the Return Codes from the ClamAV Documentation. George From http://www.clamav.net/doc/0.88.4/man/clamdscan.1 .SH RETURN CODES .LP 0 : No virus found. .TP 1 : Virus(es) found. .TP 2 : An error occured. From http://www.clamav.net/doc/0.88.4/man/clamscan.1 .SH RETURN CODES .LP Note: some return codes may only appear in a one file mode (clamscan is started with file argument). Those are marked with \fB(ofm)\fR. 0 : No virus found. .TP 1 : Virus(es) found. .TP 40: Unknown option passed. .TP 50: Database initialization error. .TP 52: Not supported file type. .TP 53: Can't open directory. .TP 54: Can't open file. (ofm) .TP 55: Error reading file. (ofm) .TP 56: Can't stat input file / directory. .TP 57: Can't get absolute path name of current working directory. .TP 58: I/O error, please check your file system. .TP 59: Can't get information about current user from /etc/passwd. .TP 60: Can't get information about user 'clamav' (default name) from /etc/passwd. .TP 61: Can't fork. .TP 62: Can't initialize logger. .TP 63: Can't create temporary files/directories (check permissions). .TP 64: Can't write to temporary directory (please specify another one). .TP 70: Can't allocate and clear memory (calloc). .TP 71: Can't allocate memory (malloc). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, September 29, 2006 5:59 AM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV Exit codes Does anyone know what exit codes ClamAV has and what they mean? From 2006-09-27 06:50PM on I can see a huge number of Virus scanner 2 reports exit code of 2 ...in the virus-logfile. Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV Exit codes
Strange. It sounds like a resource depletion problem such as a memory leak that may not even be directly related to clamd. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, September 29, 2006 10:58 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Thank you The strange thing is that the error doesn't appeared constantly at a certain point. At 06:50PM there was the first dozen result codes 2. Then the next one appeared at 11:00PM but still not contantly. There was always 0 and 1 codes. But then it become more and more, and then at a certain point the only result code was 2. Does this mean that clamd can also decease slowly? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of george kulman Sent: Friday, September 29, 2006 4:22 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Markus, Here are the Return Codes from the ClamAV Documentation. George From http://www.clamav.net/doc/0.88.4/man/clamdscan.1 .SH RETURN CODES .LP 0 : No virus found. .TP 1 : Virus(es) found. .TP 2 : An error occured. From http://www.clamav.net/doc/0.88.4/man/clamscan.1 .SH RETURN CODES .LP Note: some return codes may only appear in a one file mode (clamscan is started with file argument). Those are marked with \fB(ofm)\fR. 0 : No virus found. .TP 1 : Virus(es) found. .TP 40: Unknown option passed. .TP 50: Database initialization error. .TP 52: Not supported file type. .TP 53: Can't open directory. .TP 54: Can't open file. (ofm) .TP 55: Error reading file. (ofm) .TP 56: Can't stat input file / directory. .TP 57: Can't get absolute path name of current working directory. .TP 58: I/O error, please check your file system. .TP 59: Can't get information about current user from /etc/passwd. .TP 60: Can't get information about user 'clamav' (default name) from /etc/passwd. .TP 61: Can't fork. .TP 62: Can't initialize logger. .TP 63: Can't create temporary files/directories (check permissions). .TP 64: Can't write to temporary directory (please specify another one). .TP 70: Can't allocate and clear memory (calloc). .TP 71: Can't allocate memory (malloc). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, September 29, 2006 5:59 AM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV Exit codes Does anyone know what exit codes ClamAV has and what they mean? From 2006-09-27 06:50PM on I can see a huge number of Virus scanner 2 reports exit code of 2 ...in the virus-logfile. Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAV Exit codes
Looking at the physical/virtual memory utilization for this server displays a peak for this date/time (see attached mrtg graph - growleft) But the graph shows a similar peak for today around 16:00PM and clamd is still running without any result code 2. I will watch this. Thank you. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of george kulman Sent: Friday, September 29, 2006 6:06 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Strange. It sounds like a resource depletion problem such as a memory leak that may not even be directly related to clamd. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, September 29, 2006 10:58 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Thank you The strange thing is that the error doesn't appeared constantly at a certain point. At 06:50PM there was the first dozen result codes 2. Then the next one appeared at 11:00PM but still not contantly. There was always 0 and 1 codes. But then it become more and more, and then at a certain point the only result code was 2. Does this mean that clamd can also decease slowly? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of george kulman Sent: Friday, September 29, 2006 4:22 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV Exit codes Markus, Here are the Return Codes from the ClamAV Documentation. George From http://www.clamav.net/doc/0.88.4/man/clamdscan.1 .SH RETURN CODES .LP 0 : No virus found. .TP 1 : Virus(es) found. .TP 2 : An error occured. From http://www.clamav.net/doc/0.88.4/man/clamscan.1 .SH RETURN CODES .LP Note: some return codes may only appear in a one file mode (clamscan is started with file argument). Those are marked with \fB(ofm)\fR. 0 : No virus found. .TP 1 : Virus(es) found. .TP 40: Unknown option passed. .TP 50: Database initialization error. .TP 52: Not supported file type. .TP 53: Can't open directory. .TP 54: Can't open file. (ofm) .TP 55: Error reading file. (ofm) .TP 56: Can't stat input file / directory. .TP 57: Can't get absolute path name of current working directory. .TP 58: I/O error, please check your file system. .TP 59: Can't get information about current user from /etc/passwd. .TP 60: Can't get information about user 'clamav' (default name) from /etc/passwd. .TP 61: Can't fork. .TP 62: Can't initialize logger. .TP 63: Can't create temporary files/directories (check permissions). .TP 64: Can't write to temporary directory (please specify another one). .TP 70: Can't allocate and clear memory (calloc). .TP 71: Can't allocate memory (malloc). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, September 29, 2006 5:59 AM To: declude.virus@declude.com Subject: [Declude.Virus] ClamAV Exit codes Does anyone know what exit codes ClamAV has and what they mean? From 2006-09-27 06:50PM on I can see a huge number of Virus scanner 2 reports exit code of 2 ...in the virus-logfile. Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. win_mem_s3-week.png Description: PNG image
