Roger wrote:
After updating the virus defs do you need to reload/restart clamav?
There are three possiblities to make clamd load updated databases,
choose your poison ;-) :
1. run freshclam with the --daemon-notify option. This will inform clamd
to reload right after updates.
2. Clamd regulary
Hello!
Yesterday I found a lot of this lines in my qmail-queue.log :
error_condition: X-Antivirus-nomadoblak.com-1.20st: Requeuing: Maximum
time exceeded. Something cannot handle this message. at
/var/qmail/bin/qmail-scanner-queue.pl line 454.
And when doing ps ax I see like 100 processes
I am running clamav-milter from clamav-devel-20040209 and trying to get
it to not send mail to postmaster when it finds a virus. With version
0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked
properly. However, things have changed. As best as I can tell the
equivallent
On Monday 09 Feb 2004 11:07 pm, Stevens, John wrote:
make[1]: Entering directory `/home/local/src/clamav-0.65/clamav-milter'
make[1]: *** No rule to make target `../docs/clamav-milter.8', needed by
`all-am'. Stop. make[1]: Leaving directory
`/home/local/src/clamav-0.65/clamav-milter' make:
In article [EMAIL PROTECTED],
Doug Hardie [EMAIL PROTECTED] wrote:
I am running clamav-milter from clamav-devel-20040209 and trying to get
it to not send mail to postmaster when it finds a virus. With version
0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked
properly.
I am running clamav-milter from clamav-devel-20040209 and trying to get
it to not send mail to postmaster when it finds a virus. With version
0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked
properly.
What version are you running now (clamav-milter --version)?
On Tuesday 10 Feb 2004 8:30 am, Doug Hardie wrote:
However, things have changed. As best as I can tell the
equivallent should be clamav-milter -f -q local:/var/run/virus.sock but
that still sends mail to postmaster for each virus found.
-q does stop messages being generated by the milter to
Edmund wrote:
Alex S Moore wrote:
Picked up the CVS source today and ran my build procedures. I have the
following error. Where did the '@' sign come from in front of
/opt/csw/bin/ginstall? I checked the last successful build output and
there was nothing like that in the file.
Hi
I'm a new user.
I've install by a debian package from this source deb http://clamav.catt.com/debian stable main.
I'm using exim-4.30 with exiscan-acl patch on a debian stable.
2004-02-10 11:48:05 1AqVQu-0001B0-5g malware acl condition: clamd: ClamAV returned
Hi,
I have received a notification that a new variation of Worm.SCO.A called
Doomjuice.A is about to appear.
Any news about it ?
Is the Doomjuice.A virus signature in the ClamAV last Virus DataBase update ?
Greetings.
---
Carles Xavier Munyoz Baldó
[EMAIL PROTECTED]
Submission: 59-mail
Sender: B.K. DeLong
Virus: bounces
Added: No. Worm.SCO.A found.
I'm still getting infected bounces through to my mail even though I'm
up-to-date:
ClamAV update process started at Tue Feb 10 07:58:30 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19,
On Tue, 10 Feb 2004 12:05:04 +0100
Balzi Andrea [EMAIL PROTECTED] wrote:
Hi
I'm a new user.
I've install by a debian package from this source deb
http://clamav.catt.com/debian stable main.
I'm using exim-4.30 with exiscan-acl patch on a debian stable.
2004-02-10 11:48:05
I'm still getting infected bounces through to my mail even though I'm
up-to-date:
ClamAV update process started at Tue Feb 10 07:58:30 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder:
ddm)
Reading CVD header (daily.cvd): OK
I am running clamav-milter from clamav-devel-20040209 and trying to get
it to not send mail to postmaster when it finds a virus. With version
0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked
properly.
What version are you running now (clamav-milter --version)?
On Tuesday 10 February 2004 1:39 pm, Cedric Foll wrote:
I found that on the last db ml update:
-
Submission: 1006-web
Sender: Eugene Turovsky
Virus: dumaru
Added: No. Worm.Dumaru.Y found by newer version of ClamAV.
(...)
Submission: 1020-web
Sender: Xavier Beaudouin
Virus: MyDoom /
Hello,
This just came to the qmail-scanner list. Is this an issue for all users
of the stable 0.65?
Did I miss the thread on this issue?
Fwd: clamav 0.65 remote DOS exploit
Original Message
Subject: clamav 0.65 remote DOS exploit
Date: Mon, 09 Feb 2004 15:24:17 +0100
From:
Antony Stone wrote:
On Tuesday 10 February 2004 11:23 am, Carles Xavier Munyoz Baldó wrote:
Hi,
I have received a notification that a new variation of Worm.SCO.A called
Doomjuice.A is about to appear.
Any news about it ?
Is the Doomjuice.A virus signature in the ClamAV last Virus DataBase
Added: No. Worm.SCO.A found even with 0.65-BugFixesFromCVS-20031123.
No, it is not deprecated. The comment Folks, stop wasting our time,
please! means we've been detecting Worm.SCO.A for ages now; please stop
sending us more samples.
Perhaps it's because my english sucks but for me
On Tuesday 10 February 2004 2:47 pm, Cedric Foll wrote:
Added: No. Worm.SCO.A found even with 0.65-BugFixesFromCVS-20031123.
No, it is not deprecated. The comment Folks, stop wasting our time,
please! means we've been detecting Worm.SCO.A for ages now; please stop
sending us more
On Tue, 10 Feb 2004 at 14:39:51 +0100, Cedric Foll wrote:
I found that on the last db ml update:
-
Submission: 1006-web
Sender: Eugene Turovsky
Virus: dumaru
Added: No. Worm.Dumaru.Y found by newer version of ClamAV.
(...)
Submission: 1020-web
Sender: Xavier Beaudouin
Virus: MyDoom /
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Antony Stone
I'm not sure where you would like to find this information,
if you don't want
to read it in the changelog? Maybe you just want a link on
the website to
the current changelog so
I have the auto-updating set up for freshclam, and for the past two
days, I have gotten the following errors from Cron:
ERROR: CVD file not found on remote server
ERROR: Can't read main.cvd header from database.clamav.net (200.68.106.40)
I looked in the clam-update.log, and this is what the
i have a qmail server with qmail-scanner configured for qmailscan and
spamassassin.
i checked the installation with the script by qmail-scanner and worked fine.
when a mail arrives qmail-scanner calls spamassassin and clamascan, but clamscan
semmes unable to stop virus.
Some logs.
From mail
Even 0.60 can detect it, and that's *old*.
OK.
Is 0.65 miss several viruses (like some Dumaru.Y) and CVS catch them
like I understand the changelog ?
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Hi All,
I have problems with installing of clamav-milter.
I did following commands with root privileges:
./configure enable-milter sysconfdir=/etc
make
make install
The following messages were appeared in the end of
output:
..
make[1]: Entering directory
On Tue, 10 Feb 2004 at 8:15:26 -0700, Craig Daters wrote:
I have the auto-updating set up for freshclam, and for the past two
days, I have gotten the following errors from Cron:
ERROR: CVD file not found on remote server
ERROR: Can't read main.cvd header from database.clamav.net
Some of nondetections are due to non-standard format of bounces, so new
features are continuously added; some are because of various
non-standard, proprietary formats used by various MTAs. There are also
misconfigurations in submitters' systems.
I cannot stress it too much:
IT'S NOT A
Hi,
I saw a couple of messages posted on the list about a DOS
where clamav would die with a badly formatted uuencoded
message.
I'm sorry if I missed the rest of the thread, but I didn't
seem to find any responses to it.
I'm currently running 0.65 very successfully, I'm wondering
if there's a
Magazinov,
First make sure you apply the patch that was
issued yesterday for 0.65. If you dont have it I'll post it to the list
again. (this has nothing to do with the issue on your compiling but it does fix
a serious bug)
To fix the compilation error simply go into
clamav-0.65/docs/man
Hi All,
I have problems with installing of clamav-milter.
I did following commands with root privileges:
./configure -enable-milter -sysconfdir=/etc
make
make install
The following messages were appeared in the end of output:
...
make[1]: Entering directory
No, it doesn't.
I wrote it because 0.65-BugFixesFromCVS-20031123 is the oldest version I
use. In fact, it's exactly the version which I use on my production
server. Amavisd-new takes care of proper deMIME'ing messages,
extracting attachments etc. ClamAV just scans extracted parts and I'm
On Tuesday 10 Feb 2004 3:35 pm, Magazinov Igor wrote:
My system is RH 7.1, gcc-2.96-112.7.1, sendmail-8.11.6-27.71
Do you have the sendmail-devel RPM installed?
Waiting for help,
Igor.
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED]
On Tue, 2004-02-10 at 09:57, [EMAIL PROTECTED] wrote:
Here's freshclam log:
ClamAV update process started at Sun Dec 14 04:02:00 2003
main.cvd is up to date (version: 8, sigs: 11615, f-level: 1, builder: ddm)
daily.cvd is up to date (version: 57, sigs: 117, f-level: 1, builder: tomek)
If the
On Tue, 2004-02-10 at 11:11, Ricardo Kleemann wrote:
I'm currently running 0.65 very successfully, I'm wondering
if there's a fix out there for the DOS, if there's a need
for me to upgrade. I don't want to upgrade unless I really
need to.
There is a patch for it:
On Tue, 10 Feb 2004 at 17:03:27 +0100, Cedric Foll wrote:
Some of nondetections are due to non-standard format of bounces, so new
features are continuously added; some are because of various
non-standard, proprietary formats used by various MTAs. There are also
misconfigurations in
i'm noticing a lot of displeasure with 0.65 not doing this, that or the other ...
in my experience and opinion, this list -- and the great team and product behind it -- is one of the most
active/responsive opensource products that i've seen
changes/updates/fixes are **regularly** integrated
On Tuesday 10 February 2004 4:53 pm, OpenMacNews wrote:
in my experience and opinion, this list -- and the great team and product
behind it -- is one of the most active/responsive opensource products that
i've seen
I agree.
bottom line, clamav is STILL a 1.0 release. if you're going to
Cedric Foll wrote:
So we have to use a CVS version or use an external program to extract
attachements ?
I would say use a CVS version AND use an external program to extract
attachment :)
However, with exim+exiscan patch it's the mail server (or MTA) that does
all the mime-ripping.
So in a
On Tue, 10 Feb 2004 at 17:20:46 +0100, Cedric Foll wrote:
No, it doesn't.
I wrote it because 0.65-BugFixesFromCVS-20031123 is the oldest version I
use. In fact, it's exactly the version which I use on my production
server. Amavisd-new takes care of proper deMIME'ing messages,
extracting
I concur.. We run Norton on the desktops and clamav on our mail
servers. It is usually a toss up which one updates the signature list
for a new virus first..
The activity on this list is so good, I usually inform others what new
virus is out before Norton, etc.. lets them know...
Great list,
First make sure you apply the patch that was issued yesterday for 0.65. =
If you dont have it I'll post it to the list again. (this has nothing =
to do with the issue on your compiling but it does fix a serious bug)
I don't have patch. Please, post it again.
To fix the compilation error simply
On Tue, 10 Feb 2004, Tomasz Papszun wrote:
OK. But I use clamd without amavis and I'd really enjoy if clamd would
be able to 'deMIMEing' attachement without help of any external program.
And 0.65 seems to not be able to do it.
So we have to use a CVS version or use an external program to
Fajar A. Nugraha wrote:
I would say use a CVS version AND use an external program to extract
attachment :)
However, with exim+exiscan patch it's the mail server (or MTA) that
does all the mime-ripping.
So in a way no external program required : only mail server and
virus scanner.
I would also
Hello,
you can grab it from:
http://www.clamav.net/snapshot/clamav-0.66-rc.tar.gz
The final version (with updated clamdoc.pdf) will be available
in a few hours.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED] www.ClamAV.net
(\/)\.
On Tue, 10 Feb 2004 19:37:09 +0100
Tomasz Kojm [EMAIL PROTECTED] wrote:
Hello,
you can grab it from:
http://www.clamav.net/snapshot/clamav-0.66-rc.tar.gz
The final version (with updated clamdoc.pdf) will be available
in a few hours.
There's is an installation problem on systems
On Tuesday 10 February 2004 11:15 am, Michael St. Laurent wrote:
[snip]
Let me add my agreement as well. The Clamav team is doing a fantastic job!
An earlier message that I posted may have communicated my frustration with
clamav-milter, which we've had a great deal of trouble with. Just
On Tue, Feb 10, 2004 at 08:53:48AM -0800, OpenMacNews wrote:
[...]
just one man's opinion.
you are not alone - heartily seconded!
--
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and
On Tue, 10 Feb 2004, russ wrote:
rThis just came to the qmail-scanner list. Is this an issue for all users
rof the stable 0.65?
This is unfortunately true. It was fixed in CVS five days after 0.65 came
out:
mbox.c:
* Revision 1.11 2003/11/17 07:57:12 nigelhorne
* Prevent buffer overflow in
Hi,
you can grab it from:
http://www.clamav.net/snapshot/clamav-0.66-rc.tar.gz
The final version (with updated clamdoc.pdf) will be available
in a few hours.
I had a problem with `make install`. I needed to remove the @ from
install_data.
Index: Makefile.am
I just tried sending you some e-mail but got this message.
Please fix your system and when you've done so let me know and I'll try chatting again.
-Nigel
The original message was received at Tue, 10 Feb 2004 22:44:50 GMT
from njh.bandsman.co.uk [192.168.1.2]
- The following addresses had
I just tried sending you some e-mail but got this message.
Please fix your system and when you've done so let me know
and I'll try chatting again.
-Nigel
(reason: 550 Your message is classified as SPAM! If this
an error, please click here:
http://eserv.ru/MailClassify/[EMAIL
RPMs (works fine on Fedora 1 and RedHat 9 at least) are available at
https://www.olen.net/downloads/clamav-20040204-1.i386.rpm
https://www.olen.net/downloads/clamav-milter-20040204-1.i386.rpm
SRPM:
https://www.olen.net/downloads/clamav-20040204-1.src.rpm
I was just wondering if you had
Please check that you have the latest source code, in
particular my message.c is
1.29, and my mbox.c is 1.39
From CVS\Entries in the sources I compiled:
/message.c/1.29/Tue Feb 10 17:01:30 2004//
/mbox.c/1.39/Fri Feb 6 13:46:08 2004//
Very like some Cygwin issues... I've copied the
I have a new virus (new to me) which clamav on my server does not detect as a
virus,
but when I go to the submit page and test it, it is found in the Clamav DB !
I am updating every hour, and just re-updated now (freshclam) and still
clamscan
does not find the virus !!! What could be wrong ?
On Wednesday 11 of February 2004 00:50, David A. Lee wrote:
I have a new virus (new to me) which clamav on my server does not detect as
a virus,
but when I go to the submit page and test it, it is found in the Clamav DB
! I am updating every hour, and just re-updated now (freshclam) and still
ok, i got a casual stamp. i saw it was in sync with .cvd but no virus.db in my
directory.
why???
now i got that manually. but what's the correct behaviour? with .db or not?
cron is regularly checking for updates twice a day
pacho
Scrive russ [EMAIL PROTECTED]:
On Tue, 2004-02-10 at 09:57,
On Wednesday 11 February 2004 12:01 am, [EMAIL PROTECTED] wrote:
ok, i got a casual stamp. i saw it was in sync with .cvd but no virus.db in
my directory.
why???
cvd is the new database format. db is the old format. Which one you use
depends on your version of ClamAV.
So long as the
Dear Nigel,
Here is 2 debug logs from clamd from 2 different PC.
1st - Windows 2003 Server w/o Cygwin installed:
...
LibClamAV debug: messageFindArgument: compare 8 bytes of filename with
filename=text.zip
LibClamAV debug: blobSetFilename: text.zip
LibClamAV debug: Mixed message part 2 is of
Not running clamd.
I'm running freshclam from cron once an hour
- Original Message -
From: Przemyslaw Holowczyc [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 10, 2004 7:15 PM
Subject: Re: [Clamav-users] Clamav on my server not finding new viruses
On Wednesday 11 of
On Tue, 10 Feb 2004, OpenMacNews wrote:
in my experience and opinion, this list -- and the great team and
product behind it -- is one of the most active/responsive opensource
products that i've seen
While I heartily agree, and recommend ClamAV to anyone within earshot when
the subject comes
Nigel,
I found difference in these 2 cases.
On the second PC (WinXP with installed Cygwin) this code
bread = read(desc, magic, MAGIC_BUFFER_SIZE);
returns bread=13 instead of 14 (#define MAGIC_BUFFER_SIZE 14)
and later failed to pass this check:
if (bread != MAGIC_BUFFER_SIZE)
On Feb 10, 2004, at 05:47, Nigel Horne wrote:
I am running clamav-milter from clamav-devel-20040209 and trying to
get
it to not send mail to postmaster when it finds a virus. With version
0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked
properly.
What version are you
Running clamav-devel-20040209. At first I found it left a lot of files
reamining with no entries in the file structures. However, previous
messages here identified the issue and I switched to using
quarantine-dir to give them a home. However, at this time the number
of viruses being blocked
Compare files original\main.cvd and
downloaded_by_freshclam_under_cygwin\MAIN.CVD
071D: 0A 0D
071E: 2F 0A
071F: DD 2F
0720: 6D DD
0721: FB 6D
0722: DB FB
0723: 4E DB
0724: 87 4E
0x0D 0x0A - line terminator in DOS/Windows/Cygwin...
Seems, the problem is same as
Hi
I've just upgraded 0.65 to 0.66 and hit a problem (I think with the
proxy server settings). I moved the settings to the freshclam.conf, but
I get stuck at
ClamAV update process started at Wed Feb 11 14:52:22 2004
/usr/local/etc/freshclam.conf has
# Proxy settings
HTTPProxyServer squid
On Feb 10, 2004, at 02:20, Nigel Horne wrote:
On Tuesday 10 Feb 2004 8:30 am, Doug Hardie wrote:
However, things have changed. As best as I can tell the
equivallent should be clamav-milter -f -q local:/var/run/virus.sock
but
that still sends mail to postmaster for each virus found.
-q does
Do not know, why this happens (13 :). Just commented out
this if (bread fragment, recompiled, and now this works
for all tested Worm.SCO.A infected files on this PC.
When I added |O_BINARY to this code in mbox.c this 13/14
magic_buffer problem also fix.
#else
(void)mktemp(filename);
I installed sendmail-devel.
And I did:
#./configure --sysconfdir=/etc --enable-milter
#make
And I received:
...
Making all in clamav-milter
make[2]: Entering directory `/home/igorek/clamav/clamav-0.66/clamav-milter'
source='clamav-milter.c' object='clamav-milter.o'
68 matches
Mail list logo