When i try submit sample of virus via http://cgi.clamav.net/sendvirus.cgi, i
get report:
---
Result:
This virus is already recognized by ClamAV 0.83/792/Tue Mar 29 00:10:20 2005 as
Broken.Executable . Be careful when submitting samples and remember to run
freshclam!
---
But
On Tue, 29 Mar 2005 14:08:39 +0300
Ruslan Petrenko [EMAIL PROTECTED] wrote:
What i can do to add this virus to Clamav base?
Submit the sample as false positive and I will look into it.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\.
Hello Tomasz,
What i can do to add this virus to Clamav base?
Submit the sample as false positive and I will look into it.
done
--
Best regards,
Ruslanmailto:[EMAIL PROTECTED]
___
Clamscan runs as cron job. The results are:
25.03.2005
//.journal: Nuker.DCCFukk.12 FOUND
26.03.2005
//.journal: Trojan.LdPinch-27 FOUND
27.03.2005 nothing found
28.03.2005 nothing found
29.03.2005
//.journal: Trojan.Downloader.Small-353 FOUND
The .journal file is 32 MB big. May be, the virus that
I had a couple of viruses slip through clam this morning. When I tried to
sumbit them, I get a note that it's already recognized.
Here's what freshclam says:
[EMAIL PROTECTED] root]# freshclam
ClamAV update process started at Tue Mar 29 08:54:43 2005
main.cvd is up to date (version: 30, sigs:
On Tue, 29 Mar 2005 09:01:44 -0600 (CST)
Sam [EMAIL PROTECTED] wrote:
I don't want to sound like I'm complaining...I'm just reporting this
in case it's something that should be looked at, and am trying to
help.
Obviously your installation is somehow broken.
--
oo. Tomasz
On Tue, 2005-03-29 at 10:08 -0500, Cormack, Ken wrote:
What filesystem type are you using, that the .journal file is visible, in
the first place?
I'm assuming you're using the EXT3 filesystem type? If so, those
filesystems, IF properly mounted with proper /etc/fstab entries, should
render
If an ext2 fs is converted to an ext3 while it is mounted the .journal
inode cannot be properly hidden. This actually goes for any mounted
ext2 fs, but the ext3 driver will hide the inode on next mount. The
problem comes up with the / mount point because it is mounted read only
at boot, and
On Tue, 29 Mar 2005, Tomasz Kojm wrote:
On Tue, 29 Mar 2005 09:01:44 -0600 (CST)
Sam [EMAIL PROTECTED] wrote:
I don't want to sound like I'm complaining...I'm just reporting this
in case it's something that should be looked at, and am trying to
help.
Obviously your installation is
On Tue, 29 Mar 2005 09:01:44 -0600 (CST), Sam [EMAIL PROTECTED] wrote:
I had a couple of viruses slip through clam this morning. When I tried to
sumbit them, I get a note that it's already recognized.
What happens if you try scanning it using your local copy of clamav?
It could simply be that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 29 Mar 2005, Tomasz Kojm wrote:
On Tue, 29 Mar 2005 09:01:44 -0600 (CST)
Sam [EMAIL PROTECTED] wrote:
I don't want to sound like I'm complaining...I'm just reporting this
in case it's something that should be looked at, and am
Cormack, Ken wrote:
If an ext2 fs is converted to an ext3 while it is mounted the .journal
inode cannot be properly hidden. This actually goes for any mounted
ext2 fs, but the ext3 driver will hide the inode on next mount. The
problem comes up with the / mount point because it is mounted read
I moved to 20050322 CVS version and it's working for 24 hours now, so i hope
it's solved and looking forward for stable release.
Hi,
still working after 5 days, it seems it's solved...
this is really blocking bug in stable release, are you planning to release a
new one?
thanks,
Jakub
--
--
Chris,
You are correct about a converted, but not yet remounted filesystem. I
was
basing my response on an assumption that the system had been originally
created with EXT3 (not upgraded from EXT2), and/or that the system had
been
rebooted at least once since the journalling was
14 matches
Mail list logo