Hi,
I am currently trying to determine which database files clamscan is
actually using when no -d option is given. The only way to find out I
have uncovered so far was to run clamscan against a dummy file
(I choose /dev/null) with debug output.
So, I ran
$ clamscan --stdout --debug /dev/null > c
On Tue, 6 Apr 2004, 14:34 GMT+02 Tomasz Kojm wrote:
> That's libclamav's output and libraries shouldn't write to stdout.
[Robert Allerstorfer]
>> In addition, is there a less tricky way to determine the DB files
>> hardcoded into clamscan?
> Something like:
Hi,
recently, an infected mail has been sent to me, containing the virus
inside a Rar version 2.9 archive.
clamscan 0.70 does work with the shipped test virus signature inside a
Rar 2.9 archive, with the --unrar option set, using UNRAR 3.30
freeware:
[EMAIL PROTECTED] root]# unrar l /usr/share/d
On Sun, 18 Apr 2004, 20:13 GMT+02 Dirk Mueller wrote:
> There is no possible fix, since the only publically available source code for
> unpacking RAR archives can only handle v2 archives. You found a v3 archive.
> Use the --unrar option instead.
as I explained and also titled this posting, I *d
:
### start of file ##
#!/bin/sh
# ClamAV clamscan cronjob shell script
# version 0.1 (2004 04 18)
# Written by Robert Allerstorfer. Licensed under the GNU GPL.
# Intended location on RedHat Linux: '/etc/cron.daily/clamscan'
SCANPATH="/"
#SCANPATH="."
i
On Tue, 27 Apr 2004, 13:44 GMT+02 Tomasz Kojm wrote:
> Fixed in CVS.
Thanks!
rob.
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and w
Hi,
I am running a daily cronjob executing
'clamscan --stdout -i -l /var/log/clamav/clamscan.log --unrar -d /var/clamav -r
--exclude=/usr/share/doc/clamav-0.71/test/ /'
which did not produce any errors with ClamAV 0.70, but now, with
version 0.71 it gives:
LibClamAV Error: ERROR: unknown OLE2
On Fri, 21 May 2004, 14:21 GMT+01 Trog wrote:
> On Fri, 2004-05-21 at 14:00, Robert Allerstorfer wrote:
>> which did not produce any errors with ClamAV 0.70, but now, with
>> version 0.71 it gives:
>>
>> LibClamAV Error: ERROR: unknown OLE2 entry type: 32
>>
&g
Hi,
sorry if this list is not the right place for this announcement. Just
wanted to let you know that I have released version 0.8 of
"SoftlabsAV" - a generic AntiVirus Filter for incoming Mail servers on
Unix, running as plugin for procmail. In addition, it plugs to
clamscan if it is available.
H
Hi,
what do you think about an optional verbose output of ClamAV's
version, similar than Perl's 'perl -v' (normal version information -
corresponding to 'clamscan -V') vs. 'perl -V' (verbose version
information - could correspond to 'clamscan -Vv')?
What I would like 'clamscan -Vv' to include is
Hi James,
On Wed, 21 Jul 2004, 00:47 GMT+08 James Lick wrote:
> I thought I'd let you know that I found a way to speed up getting
> the virus signature versions. By including a bogus --tempdir to your
> second clamscan, it will error out after disclosing the database dir but
> before doing m
On Thu, 1 Jul 2004, 15:36 GMT+02 Tomasz Kojm wrote:
> I think quite a good idea is to print database versions (at least of
> daily.cvd) in --version, -V (or VERSION command in clamd) in the format
> suggested by Jason Haar:
> clamscan / ClamAV version 0.73/365/19-06-2004-22:58
I agree, that woul
On Mon, 19 Apr 2004, 12:31 GMT+02 Robert Allerstorfer wrote:
[...]
> # ClamAV clamscan cronjob shell script
> # version 0.1 (2004 04 18)
[...]
I just wanted to let you know that I have updated my cronjob script to
automatically scan an entire Unix system for viruses every day and
m
Hi,
while executing
clamscan -l clamav.log
worked well, the same option did not work with the freshclam program:
freshclam -l clamav.log
ERROR: Can't open clamav.log in append mode.
ERROR: Problem with internal logger.
This happened with freshclam 0.75.1 on Linux. Am I missing something
or is
On Sat, 31 Jul 2004, 18:41 GMT-04 Stephen Gran wrote:
> freshclam by default runs as user clamv. Does user clamav have write
> permissions to the directory in which you're running that command?
thank you Stephen, that was the reason. While I gave the specified log
file write permissions to the u
Hi,
when clamscan 0.80 is run without its '--no-mail' option, I get
LibClamAV Warnings on several files:
# clamscan /usr/lib/python2.2/email/test/data/msg_33.txt
LibClamAV Warning: messageFindArgument: no '=' sign found in MIME header
LibClamAV Warning: Multipart MIME message contains no boundari
Hi Paul,
> Robert, do you have this email/mailpack available for download somewhere?
these files are part of the 'python' and 'python-devel' RPM packages
for RedHat EL3 and are also, of course in the Python source
downloadable from
http://python.org/ftp/python/2.2.3/Python-2.2.3.tgz
The msg_*.t
On Sun, 7 Nov 2004, 16:41 GMT+00 Nigel Horne wrote:
> On Sunday 07 Nov 2004 1:51 pm, Robert Allerstorfer wrote:
>> # clamscan /usr/lib/python2.2/email/test/data/msg_33.txt
>> LibClamAV Warning: messageFindArgument: no '=' sign found in MIME header
>> LibClamAV
Hi,
recent dev versions of clamscan have crashed on this file:
http://cvs.openssl.org/getfile/openssl/doc/ssleay.txt?v=1.5.2.1
(this text file is included in the current OpenSSL tarball).
3 [main] clamscan 3068 handle_exceptions: Exception:
STATUS_ACCESS_VIOLATION
12741 [main] clamscan
On Mon, 22 Nov 2004, 08:28 GMT+00 Nigel Horne wrote:
> On Monday 22 Nov 2004 01:00, Robert Allerstorfer wrote:
>> http://cvs.openssl.org/getfile/openssl/doc/ssleay.txt?v=1.5.2.1
>>
>> (this text file is included in the current OpenSSL tarball).
>>
>
On Mon, 22 Nov 2004, 11:01 GMT+01 Tomasz Kojm wrote:
> On Mon, 22 Nov 2004 02:00:50 +0100
> Robert Allerstorfer <[EMAIL PROTECTED]> wrote:
>> recent dev versions of clamscan have crashed on this file:
>>
>> http://cvs.openssl.org/getfile/openssl/doc/ssleay.txt?v=
Hi,
in my current procmail driven anti-virus mail filter, available at
http://prdownloads.sourceforge.net/softlabsav/SoftlabsAV-0.8.2.tar.bz2?download
I have included two mbox test files (within the "testcases"
directory), both having the ClamAV-Test-File (544 bytes long
"clam.exe") attached, in d
On Mon, 29 Nov 2004, 13:22 GMT+00 Nigel Horne wrote:
> Fixed in CVS:
> [EMAIL PROTECTED] testcases]$ clamscan
> /home/njh/tmp/SoftlabsAV-0.8.2/testcases/EXE.exe_qpr.mbox: ClamAV-Test-
> File FOUND
Thanks Nigel, great! BTW, didn't think that the trailing semicolon
could be the problem, since 0.80
On Mon, 29 Nov 2004, 14:11 GMT+00 Nigel Horne wrote:
> On Mon, 2004-11-29 at 14:40 +0100, Robert Allerstorfer wrote:
>> Thanks Nigel, great! BTW, didn't think that the trailing semicolon
>> could be the problem, since 0.80 complained about it but
>> devel-20041129 didn&
On Wed, 1 Dec 2004, 20:54 GMT+10 Paul L Daniels wrote:
> Is the file still a valid virus though?
> Paul.
yes, the file still contains the same clam.exe ClamAV-Test-File.
According to RFC 2045's section 6.7, rule #3, each QP encoded line may
end with space or tab characters:
"In particu
On Wed, 01 Dec 2004, 11:24 GMT+00 Nigel Horne wrote:
> But your sed script puts the tape in the middle of the line, not before
> the '=' at the end of the *encoded* line:
> =00=00=00=00
> =00=00=00=04=00=00=00=00=00=00=02=00=00=00=00=00=10=00=00
> =00=
worked for (using GNU sed version 4.0.7):
On Wed, 01 Dec 2004, 12:13 GMT+00 Nigel Horne wrote:
> The sentence about white space before the soft line break
> in rule #3 of para 5.1 of RFC1521 should now be correctly
> handled by the version in CVS.
Hm, it seems that you are speaking of whitespace *before* the last "="
character on a line,
Hi Paul,
On Fri, 3 Dec 2004, 18:54 GMT+10 Paul L Daniels wrote:
> Nigel,
>> "In particular, an "=" at the end of an encoded line, indicating a soft
>> line break (see rule #5) may follow one or more TAB (HT) or SPACE
>> characters."
> That's funny, would you believe I misread that orig
On Fri, 3 Dec 2004, 21:20 GMT+10 Paul L Daniels wrote:
> So, basically, it's saying, if you have any space or TAB chars,
> they can only be used /before/ the end of the encoding
> termination. The 'confusing' statement that we're all having fun
> with basically reinforces this rule.
> What I fou
Hi,
I noticed that Deflate64 compressed Zip archives are directly
supported by libclamav in recent ClamAV devel snapshots. Thanks for this
improvement. Since the BZip2 compression mode does not seem to be
supported, I tried the '--unzip' option for this, with the following
result, using the latest
On Sun, 2 Jan 2005, 00:18 GMT+01 Tomasz Kojm wrote:
> On Sun, 2 Jan 2005 00:15:39 +0100
> Robert Allerstorfer <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> I noticed that Deflate64 compressed Zip archives are directly
>> supported by libclamav in recent ClamAV
> unzip: cannot find /root/clam/clam_BZip2.zip,
> /root/clam/clam_BZip2.zip.zip or /root/clam/clam_BZip2.zip.ZIP.
> (raw) /root/clam/clam_BZip2.zip: OK
OK, I now found that the error message from unzip only occurs when unzip
runs as a user that has unproper permissions to the .zip file in
questio
On Mon, 3 Jan 2005, 11:55 GMT+01 Tomasz Papszun wrote:
> On Sun, 02 Jan 2005 at 12:29:42 +0100, Robert Allerstorfer wrote:
>> $ ls -l /root/clam/clam_Deflate64.zip
>> ls: /root/clam/clam_Deflate64.zip: Permission denied
> Permissions of clam_Deflate64.zip aren't enough
Hi,
if I run
clamscan [options] /
the log contains lines like this:
home/roal/clamav-devel-20050101/test/clam.zip: ClamAV-Test-File FOUND
In ClamAV 0.80 the reported path was printed as
//home/roal/clamav-devel-20050101/test/clam.zip
Doesn't seem that this is intended, does it?
rob.
___
On Wed, 5 Jan 2005, 13:25 GMT+01 Tomasz Papszun wrote:
> On Wed, 05 Jan 2005 at 11:44:35 +0100, Robert Allerstorfer wrote:
[...]
>> yes, but when the .zip file resides in a directory that is only
>> read- & executable by root, clamscan's call of unzip fails. And the
>&
On Wed, 5 Jan 2005, 11:50 GMT+01 Robert Allerstorfer wrote:
> clamscan [options] /
> the log contains lines like this:
> home/roal/clamav-devel-20050101/test/clam.zip: ClamAV-Test-File FOUND
Just tested this with 0.81rc1 and 'clamscan [options] /' does no more
scan a
On Fri, 28 Jan 2005, 17:23 GMT+01 Alexander Hagenah wrote:
Scanning File... $
25253 Signaturen wurden geladen.
>>
>> Fix that first.
> What do you mean? Isn't it counted correctly?
the current DB (29+690) contains 29888 signatures, while yours only
loaded
On Tue, 25 Jan 2005, 05:16 GMT+01 Tomasz Kojm wrote:
> On Sat, 22 Jan 2005 17:44:26 +0100
> Robert Allerstorfer wrote:
>> # clamscan --stdout --unrar -i -r /
>>
>> from the directory '/home/roal', the output now contains lines like
>>
>> /home/ro
.81490.60 MB 0.825 sec
The more than 237 thousand lines of the --debug output contain a lot
of 'rfc822comments' entries.
rob.
mfg,
Ing. Robert Allerstorfer
ANET - New Media Solutions
Allerstorfer & Beutel OEG
www.anet.at
--
___
On Mon, 22 Nov 2004, 13:35 GMT+01 Robert Allerstorfer wrote:
> On Mon, 22 Nov 2004, 11:01 GMT+01 Tomasz Kojm wrote:
>> On Mon, 22 Nov 2004 02:00:50 +0100
>> Robert Allerstorfer <[EMAIL PROTECTED]> wrote:
>>> recent dev versions of clamscan have crash
On Sun, 27 Feb 2005, 16:29 GMT+00 Nigel Horne wrote:
> On Sunday 27 Feb 2005 16:24, Robert Allerstorfer wrote:
>> clamscan /usr/share/doc/openssl-0.9.7a/ssleay.txt
> Seems OK to me, using the latest version from CVS:
yes, thanks, clamav-devel-20050227 seems to work fine. It also
Hi,
I would find it comfortable to not only have the number of Known
viruses in the SCAN SUMMARY, but also some ClamAV version info.
Currently, the output looks like this:
$ clamscan /home/roal/clam/clam_BZip2.zip
/home/roal/clam/clam_BZip2.zip: Zip module failure
/home/roal/clam/clam_BZip2.zip:
On Tue, 1 Mar 2005, 01:48 GMT+01 Tomasz Kojm wrote:
> I've added "Engine version" in CVS:
> --- SCAN SUMMARY ---
> Known viruses: 31313
> Engine version: devel-20050301
> Scanned directories: 1
> Scanned files: 26
> Infected files: 0
> Data scanned: 0.40 MB
> Time: 1.861 sec (0 m
On Mon, 28 Feb 2005, 08:15 GMT+01 Robert Allerstorfer wrote:
> $ clamscan /home/roal/clam/clam_BZip2.zip
(...)
> --- SCAN SUMMARY ---
(...)
> Data scanned: 0.00 MB
> I/O buffer size: 131072 bytes
> Time: 0.508 sec (0 m 0 s)
^^^
not really
Hi,
I am observing this problem for more than a year now [1] but recently
noted that some improvements have been made in clamscan when it tries
to scan a virus within an unsupported archive format, for instance a
BZip2 compressed zip file (compression mode 12):
# clamscan /home/roal/clam/clam_BZi
Hi,
I am just wondering why ClamAV does not support the detection of
certain trojans which are binary executables for Linux, as described
here:
http://blogs.securiteam.com/index.php/archives/303
I have submitted a sample yesterday morning (while daily.cvd 1368 was
recent), now we are at daily.cvd
Hi,
sorry I am posting this concern here, but I don't see a special place
where VirusDB related things can be discussed.
I am wondering if submitted virus samples submitted using the web
interface at http://cgi.clamav.net/sendvirus.cgi will be taken into
account by the DB maintainers at all. In t
On Wed, 27 Sep 2006, 00:05 GMT+02 GiM wrote:
> Danett song in message 'Re: [Clamav-devel] New phishing method...doubts'
> wrote:
>> I would like to test it, but I only use Windows, is
>> there someone created a installer that have this
>> module included (and with files pre configured) to use
>>
On Wed, 27 Sep 2006, 18:59 GMT+03 Török Edvin wrote:
> On 9/27/06, Robert Allerstorfer wrote:
>> The output of 'clamscan -h' included
>> --no-phishingDisable phishing detection
>> --no-phishing-scan-urls Disable url-b
Hi,
On Wed, 27 Sep 2006, 22:05 GMT+02 Robert Allerstorfer wrote:
> I have now tested another phishing mail using your new code (with the
> '--phish-scan-alldomains' option) which did not get detected.
It did get detected now with the latest CSV source (devel-20060928)
:-)
clam
Hi,
with the new url-based phishing detection enabled, but without the
'--phish-scan-alldomains' option, some (or most)
"Phishing.Email.HexURL" phishes get through. The corresponding --debug
option says
LibClamAV debug: PH:Checking url
http://0x42ce0397/%60/?Pay.Now.W0QQfromZR4QQscatZ37974QQsoc
Hi,
On Mon, 2 Oct 2006, 17:20 GMT-03 e-recursos e-recursos wrote:
> Hello. I am interested in investigating like implementing detection of virus
> by means of heuristic with ClamAV. Also it would wish to already know if
> habia some method that this developing one. Reason why I was looking for I
Hi Edvin,
On Tue, 3 Oct 2006, 19:35 GMT+03 Török Edvin wrote:
> On 10/2/06, Robert Allerstorfer wrote:
>> with the new url-based phishing detection enabled, but without the
>> '--phish-scan-alldomains' option, some (or most)
>> "Phishing.Email.HexURL&quo
On Fri, 06 Oct 2006, 11:48 GMT+01 Nigel Horne wrote:
> Tomasz Kojm wrote:
>> This doesn't answer my question. Does "LogFileUnlock yes" added to
>> freshclam.conf solve the issue?
> If freshclam.conf also supports
> LogFileUnlock then that should be documented in the freshclam.conf that
> is incl
Hi,
clamscan -h | grep -E " --no-phishing(-scan-urls)?"
on 0.9rc2 with experimental code enabled
gives
--no-phishingDisable phishing detection
--no-phishing-scan-urls Disable url-based phishing detection
This would let me think the '--no-phishing' o
Hi,
when scanning a PDF with clamscan 0.90rc2 with experimental code
enabled, no phishing check is needed, thus I ran
clamscan --no-phishing-scan-urls --debug Encrypted.pdf; echo Exit code: $?
However, this does not disable the phishcheck routines, which leads to
long scanning time for only this
Hi,
now clamscan's option to enable phishing detection for all domains is
called "--no-phishing-restrictedscan", previously known as
"--phishing-strict-url-check", previously known as
"--phish-scan-alldomains". I think before releasing 0.9 final it needs
yet another renaming, since it does not see
Hi,
I have compared clamscan's url-based phishing options of 0.90rc3 with
those of 0.90rc2, and as a result, some things are no longer clear to
me:
(1) Has the "Phishing.Email.HexURL" type been dropped in rc3?
What has been detected as "Phishing.Email.HexURL" in rc2, will now be
detected as just
On Mon, 19 Feb 2007, 08:36 GMT+09 Hwang YunSong wrote:
> svn co http://svn.clamav.net/svn/clamav-devel/trunk/ clamav
> svn: REPORT request failed on '/svn/clamav-devel/!svn/vcc/default'
> svn: Working copy path 'TODO' does not exist in repository
Try deleting the 'clamav' directory first and rec
Hi,
I have a question: Why is ClamAV's version currently defined in 2
places ('configure.in' and 'configure')? In most C programs I have
seen it is defined in a single file ('version.h').
Thanks!
rob.
___
http://lurker.clamav.net/list/clamav-devel.htm
Hi,
clamscan 0.94 is the first version after 0.9 where the
"--no-phishing-restrictedscan" option is no more mentioned in the
output of 'clamscan -h'. However, that option has in fact been removed
earlier - at least in the 0.93.x versions that option just did nothing
when specified.
So now, there
On Thu, 02 Oct 2008, 22:16 GMT+03 Török Edwin wrote:
> Indeed, --phishing-ssl and --phishing-cloak should work even if the host
> is not in the .pdb and
> display the proper name.
> I fixed this is in SVN r4220, and will be part of 0.94.1 (bug #1211).
> You can have a look at these files, and sc
62 matches
Mail list logo
