Hi,
From clamd man it is not clear how to disable options which are
enabled by default. Can somebody tell me how to do it?
I want to disable ScanOLE2. What I need to put into config _exactly_?
Thank you!
Sincerely yours, Roman A.Suzi
--
- Petrozavodsk - Karelia - Russia - mailto:[EMAIL
* Roman Suzi [EMAIL PROTECTED] [20041102 12:37]: wrote:
Hi,
From clamd man it is not clear how to disable options which are
enabled by default. Can somebody tell me how to do it?
I want to disable ScanOLE2. What I need to put into config _exactly_?
Uncomment DisableDefaultScanOptions
Le Ven 29 oct 15:46:44 2004, René Berber écrit:
I found this by accident, trying to run TrippLite's PowerAlert the program
reported that the port was in use, I checked and clamd was using that TCP
port. So I checked some more, with Sysinternals' tcpvcon to see what ports
was the clamd process
On Fri, 29 Oct 2004 at 11:51:50 +0200, Bogusaw Brandys wrote:
David Nicol wrote:
I decided to test cygwin clamscan and it hung after a few hundred files
Going to see if winclam has the same difficulties
[...]
What is it winclam ? I didn't hear about it.
Most probably David meant
Hello Steven Stern,
1) if you run freshclam from crontab, check that you have an entry like
the following:
N * * * * /usr/local/bin/freshclam --quiet
[snip]
Are you OK with this?
12 */2 * * * sleep `expr $RANDOM \% 1800` /usr/bin/freshclam --quiet
Every other hour, it runs at
Hello,
I got this instead. Meaning i do not have DNSDatabaseInfo?
if you are running ClamAV 0.80 please edit freshclam.conf (usually
installed under /etc/clamav/ or /usr/local/etc/clamav/) and add the
following line:
DNSDatabaseInfo current.cvd.clamav.net
Then run
# freshclam -v
from the
Hello [EMAIL PROTECTED],
Here is the output from mine run a few minutes ago.
Current working dir is /var/www/html/clamav
Max retries == 3
ClamAV update process started at Mon Nov 1 14:21:33 2004
TTL: 880
main.cvd version from DNS: 27
Software version from DNS: 0.80
Connecting via
Hi all,
analyzing the same e-mail with two different antivirus software I have different
results:
-- ClamAv detects Worm.SomeFool.p virus
-- McAfee WebShield detects both W32/[EMAIL PROTECTED] and Exploit-MIME.gen.c
I know that Worm.SomeFool.p and W32/[EMAIL PROTECTED] are the same but what
On Tue, 2004-11-02 at 19:39, Henri van Riel wrote:
Hello all,
I'm new to ClamAV and this list and I have the following `problem`.
I use clamav together with p3scan but that is irrelevant to my
question. I first start the clamd deamon and then the p3scan deamon.
Everything starts just
Hello Trog,
Tuesday, November 2, 2004, 8:47:26 PM, you wrote:
On Tue, 2004-11-02 at 19:39, Henri van Riel wrote:
I'm just wondering why there are two processes...
They aren't processes, they are threads. Clamd spawns new threads to do
the actual work, and when a worker thread has been idle
Cali Federico wrote:
Hi all,
analyzing the same e-mail with two different antivirus software I have different
results:
-- ClamAv detects Worm.SomeFool.p virus
-- McAfee WebShield detects both W32/[EMAIL PROTECTED] and Exploit-MIME.gen.c
I know that Worm.SomeFool.p and W32/[EMAIL PROTECTED] are
This just came across the wire and if anyone can find a working exploit to
make a signature for this latest iframe we can jump ahead of new exploits
which are fast coming. I will continue to look for a working exploit and
post a sig when available. We are on the edge of a big outbreak and
Looks like there is proof of concept code here:
http://felinemenace.org/~nd/crash_ie/ file 2446.html
http://www.securityfocus.com/bid/11515/exploit/
Nelson Minica
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
-otik.com/exploits/20041102.InternetExploiter.htm.php),
the following signature should work if I understand correctly. This isn't
perfect and there are many javascripty ways arround it so please add your
thoughts.
Matches a case-sensitive regex of: IFRAME={256,}
Exploit.IFRAME.foo
On Tue, 2 Nov 2004 16:11:30 -0800 (PST)
[EMAIL PROTECTED] wrote:
Matches a case-sensitive regex of: IFRAME={256,}
Exploit.IFRAME.foo:*:494652414d453d??{256-}
Bad format.
You can probably all see the problem already. IfRaMe is not cought by
our sig. Does this mean 6! (factorial)
On Wed, 3 Nov 2004 01:35:39 +0100
Tomasz Kojm [EMAIL PROTECTED] wrote:
On Tue, 2 Nov 2004 16:11:30 -0800 (PST)
[EMAIL PROTECTED] wrote:
Matches a case-sensitive regex of: IFRAME={256,}
Exploit.IFRAME.foo:*:494652414d453d??{256-}
Bad format.
You can probably all see the problem
On Wed, 3 Nov 2004, Tomasz Kojm wrote:
Matches a case-sensitive regex of: IFRAME={256,}
Exploit.IFRAME.foo:*:494652414d453d??{256-}
Bad format.
Thank you for pointing that out, I greatly appreciate your help. Perhaps
I misunderstood what the format meant when I posted the message the
On Wed, 3 Nov 2004, Tomasz Kojm wrote:
You can probably all see the problem already. IfRaMe is not cought
by our sig. Does this mean 6! (factorial) additional signatures are
Just for the record: the above calculation is also incorrect. There are
2^6 (= 64) possibilities (and not 6! =
Tom, you've probably tried using Stuffit to extract the archive.
Try tar -xzf sendmail.8.13.1.tar.gz
This should extract it properly.
-- Dale
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Tom D`Asto wrote:
I'm following the instructions in clamav-0.80/clamav-milter/INSTALL.
My first problem is that the following file does not exist so I can't
add the variable CLAMAV_FLAGS:
Add to /etc/sysconfig/clamav-milter
CLAMAV_FLAGS=local:/var/run/clamav/clmilter.sock
vim
20 matches
Mail list logo