Chris Lopeman wrote:
Hi All,
I have seen the opposite question posed but not this one. I get the
error about not being able to connect to clamd. But I am not running
clamd. I don't want to. I am also not using the --daemon-notify
option. Yet it appears to always try to notify. Is
On Thursday 11 March 2004 2:21 am, Ed Kasky wrote:
Mar 10 17:57:11 clam-milter[5623]: recv failed from clamd getting PORT
Mar 10 17:57:11 Milter: from=[EMAIL PROTECTED], reject=451 4.7.1
Please try again later
I assume it's rejecting because clamd can't get port?
Is clamd running?
Ed
Ed Kasky wrote:
#ls -al /var/run/clamav
drwxr-xr-x2 clamav clamav 4096 Mar 10 17:52 .
drwxr-xr-x6 root root 4096 Mar 10 17:57 ..
srwxr-xr-x1 clamav clamav 0 Mar 10 17:52 clamav.sock
-rw-rw1 clamav clamav 4 Mar 10 17:52 clamd.pid
Looks
On Thu, 11 Mar 2004 12:49:36 +1100
Jonathan Trott [EMAIL PROTECTED] wrote:
At the moment, if you put any virus inside an encrypted zip file,
clamav reports that there isn't a virus in there, which is a false
negative. Better to report that it couldn't be scanned than there
wasn't a virus
On Wed, 10 Mar 2004 20:33:52 -0600
Chris Lopeman [EMAIL PROTECTED] wrote:
Hi All,
I have seen the opposite question posed but not this one. I get the
error about not being able to connect to clamd. But I am not running
clamd. I don't want to. I am also not using the --daemon-notify
On Wed, 10 Mar 2004 17:35:57 -0700
Brad Morgan [EMAIL PROTECTED] wrote:
I believe the code that should be changed is in the checkfile( )
function in the manager.c file, where there are two references to
%s: %s FOUND\n, which could be changed to %s: infected with %s\n
or %s: FOUND%s\n.
Hello,
(I am new to the list, but have scanned the archives and have been
unable to find a complete answer to this, although it has been brought
up once or twice ...)
I'd like to be able to see the alias names for detected viruses. The
clamav-virusdb announcements include aliases, but searching
No idea how easy this would be to implement but here goes:
As well as the virus signature databases, how about having an alias
database which would contain a record for each virus, indicating its
ClamAV name along with those used by the more mainstream AV software
like Sophos, McAfee etc. Then
Tomasz Kojm wrote:
BTW: What is Declude Virus ?
Something like Amavis which only works on Imail
http://www.declude.com/Virus/index.html
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel
Clam Users/Developers:
First of all, I'd like to thank for all your great work with clam AV.
I currently have a mail server with the following specs:
Mandrake 9.2
clamav version 0.66 (installed from mandrake RPM)
spamassassin
amavis
It runs okay, but I found something strange.
Got an email with
Karis Matik wrote:
less viruses.db
And I looked for Worm.Bagle.Gen-zippwd, I can't get one.
You're looking in the wrong place
bash-2.03# grep Worm.Bagle.Gen-zippwd viruses*
viruses.db2:Worm.Bagle.Gen-zippwd
(Clam)=504b03040a000100*504b010214000a000100*504b050601000100
Any one
Thanks for your reply.
Several questions:
1. which virus database amavis 0.66 uses? viruses.db or viruses.db2 or both?
2. When I do a restart on clamd service, I can't find: Database correctly reloaded
message.
Thu Mar 11 23:11:01 2004 - Signal 15 caught - exiting.
Thu Mar 11 23:11:01 2004 -
On Thu, 11 Mar 2004 17:38:43 +0700
Fajar A. Nugraha [EMAIL PROTECTED] wrote:
Tomasz Kojm wrote:
BTW: What is Declude Virus ?
Something like Amavis which only works on Imail
http://www.declude.com/Virus/index.html
It's very expensive...
--
oo. Tomasz Kojm [EMAIL
On Thu, 11 Mar 2004 10:15:50 +
Dave Ewart [EMAIL PROTECTED] wrote:
2. Can the alias details be extracted from the .cvd files? If not
currently, is there any way to add this detail?
Virus aliases will be supported in signatures in the near future.
--
oo. Tomasz Kojm
On Thursday 11 March 2004 12:47 pm, Karis Matik wrote:
Thanks for your reply.
Several questions:
1. which virus database amavis 0.66 uses? viruses.db or viruses.db2 or
both?
Both. In fact ClamAV will use any/all files which end in .db or .db?
(wildcard) in the appropriate directory. You
Since this option was mentioned, I have done checked out the cvs version
but ./configure refuses to accept that option.
Even from a cvs checkout I did today ;)
cheers
- wash
+--+-+
Odhiambo Washington
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday, 11.03.2004 at 13:52 +0100, Tomasz Kojm wrote:
On Thu, 11 Mar 2004 10:15:50 + Dave Ewart
[EMAIL PROTECTED] wrote:
2. Can the alias details be extracted from the .cvd files? If not
currently, is there any way to add this
On Wed, 2004-03-10 at 22:15, Fajar A. Nugraha wrote:
Jon Fraley wrote:
I am installing clamav-0.67 on HPUX-11.0. After ironing out issues with
./configure, I now have a problem with make. After running a while I
get the following: Any ideas on solving this?
/zzip-zip.c' || echo
Karis Matik wrote:
Thanks for your reply.
Several questions:
1. which virus database amavis 0.66 uses? viruses.db or viruses.db2 or both?
Not amavis 0.66. Clamav 0.66.
Antoni's reply is correct : ClamAV will use any/all files which end in
.db or .db?
But since you use 0.66, you don't need to
Odhiambo Washington wrote:
Since this option was mentioned, I have done checked out the cvs version
but ./configure refuses to accept that option.
Even from a cvs checkout I did today ;)
It's not ./configure option. It's clamscan option.
With clamd, it's
ArchiveDetectEncrypted
in clamav.conf.
On Thu, 11 Mar 2004, [windows-1252] Kritof Petr wrote:
When I start clamd, it loads just fine and I can use clamdscan just
fine. However, running clamav-milter through sendmail results in the
following from the maillog:
Did you started clamav-milter daemon? If yes, does it open
On Thu, 11 Mar 2004, Nigel Horne wrote:
Mar 10 17:57:11 clam-milter[5623]: recv failed from clamd getting PORT
Mar 10 17:57:11 Milter: from=[EMAIL PROTECTED], reject=451 4.7.1
Please try again later
I assume it's rejecting because clamd can't get port?
Is clamd running?
$ ps -U
* Fajar A. Nugraha [EMAIL PROTECTED] [20040311 17:49]: wrote:
Odhiambo Washington wrote:
Since this option was mentioned, I have done checked out the cvs version
but ./configure refuses to accept that option.
Even from a cvs checkout I did today ;)
It's not ./configure option. It's
Just a quick thank you to all of you who help with clamav! I use clamav on
my mailserver via MailScanner. (I'm using MailScanner with F-Secure and
ClamAV) Several times ClamAV is the only antivirus that will see viruses via
email. KEEP UP THE GOOD WORK!
No idea how easy this would be to implement but here goes:
As well as the virus signature databases, how about having an alias
database which would contain a record for each virus, indicating its
ClamAV name along with those used by the more mainstream AV software
like Sophos, McAfee etc.
Odhiambo Washington wrote:
hehee, I noticed that and added 2 days ago, but just today Tomas
(Kojm) wrote to the list with that option again ;)
You mean the one with
But anyway you should check the
--detect-encrypted option (CVS).
I assume he meant it as an option for clamscan (as stated in
-Original Message-
From: Tomasz Kojm
On Thu, 11 Mar 2004 10:15:50 +
Dave Ewart [EMAIL PROTECTED] wrote:
2. Can the alias details be extracted from the .cvd files? If not
currently, is there any way to add this detail?
Virus aliases will be supported in signatures in the
Odhiambo Washington wrote:
* Rick Weinbender [EMAIL PROTECTED] [20040311 05:11]: wrote:
After installing clamav I get the following errors on boot.
Configuring network interfaces: run-parts: failed to exec
/etc/network/if-up.d/clamav-freshclam-ifupdown: Permission Denied
run-parts
You can look for the last colon...
the begining of the -l output. Can the change Scott suggested be made
to the ClamAV source?
Does it have to have an option added because the old format is being
parsed by
other programs?
The output format won't change. Please check the 3-rd party
On Thursday 11 March 2004 4:18 pm, Brad Morgan wrote:
The output format won't change. Please check the 3-rd party software (on
www.clamav.net) for parsing details.
Sorry to hear that the output format is frozen in time.
There are too many existing packages which call ClamAV and expect to
What virus is Worm.SomeFool.Gen-1 is it a Netsky virus?
Jim
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from
On Thursday 11 March 2004 4:40 pm, [EMAIL PROTECTED] wrote:
What virus is Worm.SomeFool.Gen-1 is it a Netsky virus?
Yes, but there isn't a one-to-one correspondence between what the different
A-V vendors are picking up from different binaries:
ClamAV: all_document.pif contains
Hi,
I am very happy with clamav, and would like everyone's opinion to the
following feature request:
clamd logs to a file and you can control the size, but when this limit is
reached, logging stops. When this happens, an entry in the file says it has
reached the file size limit. Since the
On Thursday 11 March 2004 4:18 pm, Brad Morgan wrote:
The output format won't change. Please check the 3-rd party software
(on
www.clamav.net) for parsing details.
Sorry to hear that the output format is frozen in time.
There are too many existing packages which call ClamAV and
At 06:20 AM Thursday, 3/11/2004, Kritof Petr wrote -=
Is this the correct switch to use when loading the daemon?
local:/var/run/clamav/clamav.sock
(This is also set in clamav.conf)
Beware! In /etc/clamav.conf you are setting socket for communication
between clamd - clamav-milter what if
Jorge Valdes wrote:
Hi,
I am very happy with clamav, and would like everyone's opinion to the
following feature request:
clamd logs to a file and you can control the size, but when this limit
is reached, logging stops. When this happens, an entry in the file
says it has reached the file size
Ed Kasky wrote:
In what instance would one enable the following?
# TCP port address.
#TCPSocket 3310
When you have windows clients for example.
Petr
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by
On Thu, 11 Mar 2004 10:57:43 -0600
Jorge Valdes [EMAIL PROTECTED] wrote:
Hi,
I am very happy with clamav, and would like everyone's opinion to the
following feature request:
clamd logs to a file and you can control the size, but when this limit
is reached, logging stops. When this
On Thu, 11 Mar 2004 09:18:00 -0700
Brad Morgan [EMAIL PROTECTED] wrote:
So as you can see, I'd like Declude to parse the output and capture
the virus name. Declude support tells me there's a standard format
for the report output and ClamAV doesn't adhere to the standard.
AVG, F-Prot,
On Thu, 11 Mar 2004 07:52:44 -0800
Mitch (WebCob) [EMAIL PROTECTED] wrote:
Maybe I spoke to soon... if you guys are already working on this great
- how will aliases be identified and submissions be processed?
I've heard that the bigger manufacturers often copy the first known
name - is
Betsy Schwartz wrote:
At 12:41 PM 3/11/2004, John Jolet wrote:
why not just run logrotate and have done with it?
It would help if clamd took a kill -HUP and started a new logfile.
Betsy Schwartz
email: [EMAIL PROTECTED]
Unix Systems
I have a HPUX 11.00 machine with GCC, I tried to compile the latest
sendmail with milter, and use the clamav-milter with it. I was never able
to get the milter library compiled for sendmail, and thus clamav-milter to
work. Did you have any success with that? My issue is I only have the
base
I didn't get any responses on this, so I'm trying a repost of this:
Using clamd devel-20040304 on FreeBSD 4.9
On several occasions now we've noticed that when clamd checks and reloads
the virus database current clamdscan's hang and then time out.
This causes some real problems on a process that
I tried using gcc, but it still failed during make. I will try
something else.
Jon
On Thu, 2004-03-11 at 14:14, Richard Nairn wrote:
I have a HPUX 11.00 machine with GCC, I tried to compile the latest
sendmail with milter, and use the clamav-milter with it. I was never able
to get the
At 12:41 PM 3/11/2004, John Jolet wrote:
why not just run logrotate and have done with it?
It would help if clamd took a kill -HUP and started a new logfile.
Betsy Schwartz
Depending on traffic, and logging options selected, this can grow fairly
quickly. If log entries are lost, debugging may
On Thu, 2004-03-11 at 20:18, Robert Blayzor wrote:
I didn't get any responses on this, so I'm trying a repost of this:
Using clamd devel-20040304 on FreeBSD 4.9
On several occasions now we've noticed that when clamd checks and reloads
the virus database current clamdscan's hang and then
Thanks to Fajar and Antoni.
One thing I still don't understand is about the viruses.db or viruses.db2.
What are the *.db* files? What are the *.cvd files? Is the *.db* file just a list
which will be compiled into binary file (namely the .cvd files)?
Fajar mentioned the virus database used is
This is my installed amavis and clamd:
amavisd-new-0.20030616-10mdk
clamav-db-0.66-0.20031204.1mdk
libclamav1-0.66-0.20031204.1mdk
clamav-0.66-0.20031204.1mdk
clamdmail-0.15-1mdk
clamd-0.66-0.20031204.1mdk
I applied the patch from Mark Martinec (reference:
On Thu, Mar 11, 2004 at 10:59:40PM +, Karis Matik wrote:
This is my installed amavis and clamd:
amavisd-new-0.20030616-10mdk
clamav-db-0.66-0.20031204.1mdk
libclamav1-0.66-0.20031204.1mdk
clamav-0.66-0.20031204.1mdk
clamdmail-0.15-1mdk
clamd-0.66-0.20031204.1mdk
I applied the patch
Got an attachment contain Bagle-F zippwd with the name: Info.zip. When I test the
attachment, clam still allows the mail to get through. Anyone has similar problem
and solution?
This patch worked fine for me.
(I've since upgraded to the -p8 release, which also works fine)
Did you remember
Karis Matik wrote:
What are the *.db* files? What are the *.cvd files? Is the *.db* file just a list which will be compiled into binary file (namely the .cvd files)?
Simply put, the *.cvd is the new format vor viruses.db and viruses.db2.
As the name implied, main.cvd is the main virus
On Thu, 11 Mar 2004, Dave Ewart wrote:
ClamAV is a fabulous project - wish I could find some way to contribute.
Well, there's always: http://clamav.net/donate.php#pagestart
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
---
This
When you say clamAV works with logrotate, what command are you issuing to
get clamav to start using the new file? What I'm seeing is that it doesn't
respond to SIGHUP but has to be killed and restarted to get it to let go of
the old filehandle
Betsy Schwartz
At 10:04 PM 3/11/2004, kent e. wrote:
In the step 9 of the above link what does it mean signature? Does it
means the file with an extension name of .sig ???
seems like a success but how to update the virus definition or the db of
The signature is the signature of the virus, or the virus
On Fri, Mar 12, 2004 at 12:59:17AM +, Karis Matik wrote:
Hi Noel,
Yes, I've put the MAIL$ line in the amavisd.conf. Still, it missed the Info.zip
attachment.
Have you tested with a zipped password protected?
My initial thinking is (probably) the database isn't read properly. But again,
* Fajar A. Nugraha [EMAIL PROTECTED] [20040311 19:30]: wrote:
Odhiambo Washington wrote:
hehee, I noticed that and added 2 days ago, but just today Tomas
(Kojm) wrote to the list with that option again ;)
You mean the one with
But anyway you should check the
--detect-encrypted
* Betsy Schwartz [EMAIL PROTECTED] [20040311 22:44]: wrote:
At 12:41 PM 3/11/2004, John Jolet wrote:
why not just run logrotate and have done with it?
It would help if clamd took a kill -HUP and started a new logfile.
I support the original poster. It would be a nice feature if it were
done
Fajar:
PS : Has your problem solved yet?
Unfortunately nope. The problem might be relevant to amavisd-new where it incorrectly
passes the mail attachment to clamd.
Is there any way to view the content of the vcd file to see if the virus is within the
definition.
I posted another thread in
58 matches
Mail list logo
