Mitch (WebCob) wrote:
For one thing, the web interface for uploading could be A LOT MORE USEFUL by
stating it's current clamscan version, what it detects the upload as,
selected options/config, and signature database - just allowing easier
confirmation of relavent settings.
I've downloaded the
Tomasz Papszun wrote:
On Mon, 26 Jul 2004 at 17:28:21 +0100, Mike Brodbelt wrote:
The update was on its way. Then:
$ clamscan -m 11582.
11582.: Worm.Mydoom.M FOUND
(11582. is the file submitted by you).
We got very many samples of this and - working in the hurry - we
had no time to give
On Tue, 2004-07-27 at 10:05, Mike Brodbelt wrote:
I'm glad to hear it's sorted - I thought that was likely, but the tone
of the message was worrying. Can I be a pedant and suggest you change
the auto-response systems to give a reject reason like duplicate
submission or something.
The
I found an already older virusmail (February this year) which was
recognised by inocucmd
and tried to feed it to clamav (0.75. main.cvd 24, daily.cvd 423). It
didn't recognise it (I used the --mbox option).
However when I tried to submit it, the page came back saying that it
already is
Hi,
I have successfully got ClamAV working after configuring/tweaking everything
necessary and it works fine (so far).
However, I've changed my mind regarding some settings for virus interception
in e-mails and would like some help on the settings in
/usr/local/etc/procmailrc. At the moment, all
On Mon, 2004-07-26 at 21:59, John Madden wrote:
Could we perhaps stop adding features for a few days and get a stable
release out? It would really help.
I'd like to second that. Those of us depending on clamav to catch stuff
can't afford to upgrade in the middle of the day for new
# clamscan --mbox virus-20030403-121256-27560
Forward a copy of the email to me and I'll look into it.
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday, 27.07.2004 at 11:32 +0100, Suril Patel wrote:
[...] I presume the detection is in the logs but I'd like the message
not to be delivered to me, while the sender gets a message saying
your message was failed due to virus etc. etc.
Suril Patel wrote:
I have successfully got ClamAV working after configuring/tweaking everything
necessary and it works fine (so far).
However, I've changed my mind regarding some settings for virus interception
in e-mails and would like some help on the settings in
/usr/local/etc/procmailrc. At
Dave Ewart wrote the following on 07/27/2004 02:47 PM :
Don't notify the sender.
You'll just be generating unnecessary mail. In the case of most
virus-generated emails, which are the ones you are going to be
detecting, the sender address will be faked. Therefore, any
notification would go to the
I have not submitted any virii (correct word?) before, so please bear with me.
I always run latest stable, currently 0.75 and have not had any virus issues
up until now. I am seeing a high number of mails in the below format hitting
our mail servers.
Dear user [EMAIL PROTECTED],
Your e-mail
Rob W wrote:
Hi
I have a couple of question that I hope you can help me with.
Are there going to be released official patches or a new release to
correct the issues that have been mentioned on this list? I wanted to
update but this issue have kept me back. I don't want to use the
Albert,
On Tue, 2004-07-27 at 06:15, Albert Pauw wrote:
However when I tried to submit it, the page came back
saying that it already is recognised.
We had to move the submission interface to another server (one of mine)
and in the process, the interface was broken. This was resolved
yesterday
On Mon, 26 Jul 2004 15:28:07 -0700 (PDT), hris mckeever
[EMAIL PROTECTED] wrote:
--- hris mckeever [EMAIL PROTECTED] wrote:
I get this when running qmail-scanner 1.22 and
clamscan .75 -
command line clamscan works fine, same cl
arguements...
I have upgraded to .75, I have removed the
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
with a zip file attached containing a pif file.
I submitted the zip file only to have the message returned to me advising that
it is not a virus, but Binary fragment. Harmless.
If you unpack it and look at the actual content of the
Hi.
Before you do, I've been told by Tomasz Papszun that there are signatures
that won't work for anything other than CVS... so you'd have to try building
a CVS version to make it work.
I suggested changes to allow us users to know this info when we do an upload
to the webform, but haven't had
--- Steve Lenti [EMAIL PROTECTED] wrote:
On Mon, 26 Jul 2004 15:28:07 -0700 (PDT), ©hris
mckeever
[EMAIL PROTECTED] wrote:
--- �hris mckeever [EMAIL PROTECTED] wrote:
I get this when running qmail-scanner 1.22 and
clamscan .75 -
command line clamscan works fine, same cl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Trog wanted us to know:
Could we perhaps stop adding features for a few days and get a stable
release out? It would really help.
I'd like to second that. Those of us depending on clamav to catch stuff
can't afford to upgrade in the middle of
Scott Ryan wrote:
I have not submitted any virii (correct word?) before, so please bear with me.
I always run latest stable, currently 0.75 and have not had any virus issues
up until now. I am seeing a high number of mails in the below format hitting
our mail servers.
Dear user [EMAIL
On Monday 26 July 2004 05:28 pm, ©hris mckeever wrote:
08a702a225a402a3/viruses.db).
LibClamAV Error: cli_calloc(): Can't allocate memory
(8 bytes).
1 - anyone have an idea why clamscan itself would
die??
It can't allocate memory. Please refer to the qmail-scanner FAQ as this is a
VERY
Mitch (WebCob) wrote:
Hi.
Before you do, I've been told by Tomasz Papszun that there are signatures
that won't work for anything other than CVS... so you'd have to try building
a CVS version to make it work.
I've updated my install to the latest CVS snapshot after finding that it
wasn't
I'd be willing to hack the code to add the information mentioned the other
day - care to share the base script (off list is fine by me).
I'd like to make it a little more informative what was found and how it was
found etc.
thanks
m/
-Original Message-
From: [EMAIL PROTECTED]
I'd like to second that. Those of us depending on clamav to catch
stuff can't afford to upgrade in the middle of the day for new
signatures to work.
Why not? If you say because it's a production system and it needs to be
tested, then that is a business decision to accept the risk of
On Tue, 27 Jul 2004 15:26:30 +, Scott Ryan [EMAIL PROTECTED]
wrote:
I have not submitted any virii (correct word?) before, so please bear with me.
I always run latest stable, currently 0.75 and have not had any virus issues
up until now. I am seeing a high number of mails in the below format
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
I have not submitted any virii (correct word?)
viruses
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin root# clamscan --version
clamscan / ClamAV
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Todd Lyons wrote:
| Perhaps a daily CVS snapshot (or whatever
| frequency you deem useful but not overloading) made by you would be a
| good solution. Then we could establish functionality based on date and
| it would be quite easy to move forward or
On July 27, 2004 10:54 am, Jona Tallieu wrote:
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin root#
Quoting Mike Brodbelt [EMAIL PROTECTED]:
Mitch (WebCob) wrote:
Hi.
Before you do, I've been told by Tomasz Papszun that there are signatures
that won't work for anything other than CVS... so you'd have to try building
a CVS version to make it work.
I've updated my install to the latest CVS
On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
I have not submitted any virii (correct word?)
viruses
Yup.
http://www.topology.org/lang/virus.html
Cheers,
Mike
---
This SF.Net
On Tue, 27 Jul 2004, Jona Tallieu wrote:
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin
Hi.
Before you do, I've been told by Tomasz Papszun that there are signatures
that won't work for anything other than CVS... so you'd have to
try building
a CVS version to make it work.
I suggested changes to allow us users to know this info when we
do an upload
to the webform, but
Quoting Jona Tallieu [EMAIL PROTECTED]:
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin root#
On Tue, 2004-07-27 at 14:06 -0400, Jim Maul wrote:
Am I the only one here whos existing installation is catching MyDoom.M?
[EMAIL PROTECTED] clamav]# grep -i mydoom /var/log/clamav/clamd.log
Tue Jul 27 13:32:23 2004 -
I have an email attachment that uvscan is detecting as:
(When zipped)
Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text)
Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as:
(When unzipped using password in email text)
Quoting Jona Tallieu [EMAIL PROTECTED]:
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin
zbuckholz wrote:
I have an email attachment that uvscan is detecting as:
(When zipped)
Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text)
Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as:
(When unzipped using password in email text)
gyadu.exe:
On Tuesday 27 July 2004 6:54 pm, Jona Tallieu wrote:
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
Quoting [EMAIL PROTECTED]:
On Tue, 27 Jul 2004 14:06:14 -0400
Jim Maul [EMAIL PROTECTED] wrote:
Am I the only one here whos existing installation is catching MyDoom.M?
[EMAIL PROTECTED] clamav]# grep -i mydoom /var/log/clamav/clamd.log
Tue Jul 27 13:32:23 2004 -
On Tue, 27 Jul 2004 14:06:14 -0400
Jim Maul [EMAIL PROTECTED] wrote:
Am I the only one here whos existing installation is
catching MyDoom.M?
[EMAIL PROTECTED] clamav]# grep -i mydoom
/var/log/clamav/clamd.log
Tue Jul 27 13:32:23 2004 -
On Tue, 27 Jul 2004 12:48:55 -0700
zbuckholz [EMAIL PROTECTED] wrote:
My basic question is why will clamscan not detect this Bagle , and if
I'm sure your version is older than 0.70.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\.
On Tue, 2004-07-27 at 21:17 +0100, Antony Stone wrote:
On Tuesday 27 July 2004 6:54 pm, Jona Tallieu wrote:
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan /
On Tue, 2004-07-27 at 12:54, Jona Tallieu wrote:
Just upgraded to 0.75 on OSX 10.3.
But when I forgot the ./, I get this:
mail:/usr/local/bin root# clamscan --version
clamscan / ClamAV version 0.70
You probably have 0.70 installed in /usr/local/bin and 0.75 in /usr/bin
Yo need to remove all
I just took your suggestion and tried it and it still does not detect the
virus. I have the original text email that I scan like follows:
./clamscan sample.txt
This is a copy of the atomic-time-stamp type file in the Maildir
I do not know the format of the cvd files, I assume I would need to
The new [EMAIL PROTECTED] zipped versions are getting through my
clamav/amavisd-new/spamassassin box.
It is stopping and dropping zipped versions of Bagle, but no luck with
zipped versions of mydoom.M
Any one else expereincing this?
Also does anyone know when the .75 release will be avialable
zbuckholz wrote:
I just took your suggestion and tried it and it still does not detect the
virus. I have the original text email that I scan like follows:
./clamscan sample.txt
This is a copy of the atomic-time-stamp type file in the Maildir
I do not know the format of the cvd files, I assume I
On Tue, 27 Jul 2004 16:18:54 -0400
Ryan Moore [EMAIL PROTECTED] wrote:
Clamav needs the original rfc822 message text to detect it as a
password protected virus I think. If you're trying to scan the
No, it doesn't. The Worm.Bagle.Gen-zippwd signature should catch the raw
zip file.
--
oo
Hi,
On Tue, Jul 27, 2004 at 02:35:56PM -0700, zbuckholz wrote:
I just took your suggestion and tried it and it still does not detect the
virus. I have the original text email that I scan like follows:
./clamscan sample.txt
This is a copy of the atomic-time-stamp type file in the Maildir
man
Hi,
Good question, ok at the moment my firewall is also acting as router
where we share internet access.
At the moment I had set up my mail server with clamav and it's working
fine.
Now the big problem that I have is that some of my users are downloading
some stuff from internet which
On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
I have not submitted any virii (correct word?)
viruses
Yup.
http://www.topology.org/lang/virus.html
Cheers,
Mike
I know this is going wildly off topic, but this one could
On Tue, Jul 27, 2004 at 02:48:21PM -0700, Jim said:
The new [EMAIL PROTECTED] zipped versions are getting through my
clamav/amavisd-new/spamassassin box.
It is stopping and dropping zipped versions of Bagle, but no luck with
zipped versions of mydoom.M
Any one else expereincing this?
- Original Message -
From: Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:52 PM
Subject: Re: [Clamav-users] My.Doom.o
On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
I have not submitted any virii
Before I download clamAV, could someone tell me if it is possible to
call clamd from an email client using a pipe to shell command filter?
I want to us it in conjunction with the Ximian Evolution email client in
conjunction with spamassassin.
Lee
--
L. Parker
chief cook, bottle washer and
Hello List,
Is it normal for clamd mem usage to grow? I'm using 0.75 on this box.
29238 qscand15 0 50452 45M 436 S 0.4 2.2 83:55 1 clamd
There are occasions where it grows more than 100mb - so I had to install
monit to make sure it'll trigger a restart once it exceeds 100mb.
I
Running clamav-0.75 on FreeBSD 5.2.1, compiled from source. Everything runs
fine, except when I try clamd stop/start or clamd restart. I get the
error:
Wed Jul 28 00:56:48 2004 - +++ Started at Wed Jul 28 00:56:48 2004
Wed Jul 28 00:56:48 2004 - clamd daemon 0.75 (OS: freebsd5.2.1, ARCH: i386,
when you specify the ./ it means here
when you leave it off, you're selecting the one in the default path ... and it looks
like you've got an older version lying around.
try:
% which clamscan
odds are the result is NOT in /usr/local/bin
richard
-- On Tuesday, July 27, 2004 7:54 PM +0200 Jona
is clamd running as a user that has permission for the /var/run?
if not, rather than messing /var/run up, try pointing at a 'dedicated' /tmp/clamd
instead, with permissions for that user/group ...
richard
-- On Wednesday, July 28, 2004 1:31 AM -0400 Darton Williams [EMAIL PROTECTED]
wrote:
57 matches
Mail list logo