I've been using ClamAV happily for years, but we're finally moving to a
modern server and our heavily modified amavis-perl script no longer works
and is significantly difficult to debug that it makes sense to modernize.
In the past, we've not dealt with clamd or any daemonized version of
amavis,
On Thu, 7 Aug 2008 10:06:09 -0400 (EDT)
jef moskot [EMAIL PROTECTED] wrote:
[snip]
Currently, we accept all infected mail, and quietly quarantine it. We
don't refuse it at SMTP connect, although I might be able to be
convinced that that's a better idea. Still, I'd like to maintain the
current
On Thu, 7 Aug 2008, Gerard wrote:
Depending on the quantity of emails your receive, you might very well
significantly reduce the load on your system by using one or perhaps a
few RBL's. There is no point, at least in opinion, of accepting mail
that is obviously SPAM.
We definitely do that
jef moskot wrote:
So, basically, all I need is a replacement for a perl script that throws a
wad of text at clamscan and then either passes it on for normal delivery
or stashes it away in a quarantine directory, with a note passed on to a
local admin address in the latter case.
I recommend
On Thu, Aug 7, 2008 at 16:40, David F. Skoll [EMAIL PROTECTED] wrote:
I recommend MIMEDefang. (Of course, I'm the author, so I would
recommend it...)
I use both amavisd-new and MIMEDefang. Of those I'd recommend MD over
amavisd-new. It's easy to customise the heck out of (I don't know perl
So, basically, all I need is a replacement for a perl script that throws a
wad of text at clamscan and then either passes it on for normal delivery
or stashes it away in a quarantine directory, with a note passed on to a
local admin address in the latter case.
I'd also recommend MIMEDefang.
I have a local ndb file containing signatures of some spear phishing
attacks targeted specifically at us.
I recently added another signature and it cause clamd to shut down!
Two points:
1) Surely clamd should log the problem but skip the faulty signature and
carry on?
I am now extremely
On Thu, 7 Aug 2008 11:36:32 -0400 (EDT)
jef moskot [EMAIL PROTECTED] wrote:
You did not mention your MTA.
Oops, sorry. We're married to sendmail at this point.
Would you entertain a divorce?
IMHO, switching to Postfix might very well make your life easier. The
configuration is far simpler
On Thu, 7 Aug 2008, Brandon Perry wrote:
if the text is the same every time, you can just use an MD5 sum of the
text file in qeustion.
If you want to key off specific parts of a text file, you can use
sigtool --hex-dump to convert the text to hex and create your own
signatures in a .db file.
On Thu, 7 Aug 2008 16:34:04 +0100
Chambers, Phil [EMAIL PROTECTED] wrote:
I have a local ndb file containing signatures of some spear phishing
attacks targeted specifically at us.
I recently added another signature and it cause clamd to shut down!
Two points:
1) Surely clamd should log the
-Original Message-
The failing signature is:
Email.Phishing.Exeter.0002:0:0,6:44656172{-18}537562736372696
265722c{-4
}
5765{-4}617265{-4}63757272656e746c79{-4}6361727279696e672d6f7
574{-4}61{
-
4}6d656e7461696e616e6365{-4}70726f63657373{-4}746f{-4}796f757
2{-18}6163
6
On Thu, Aug 07, 2008 at 04:46:48PM +0100, Rob MacGregor wrote:
On Thu, Aug 7, 2008 at 16:40, David F. Skoll [EMAIL PROTECTED] wrote:
I recommend MIMEDefang. (Of course, I'm the author, so I would
recommend it...)
I use both amavisd-new and MIMEDefang. Of those I'd recommend MD over
Henrik K wrote:
I use both, but MD is IMO more of a hobbyist tool
I would not characterize it like that. MIMEDefang is a framework;
you have to implement your policy. So it's true that it doesn't ship
with many pre-canned features like Amavis does, and does require more work
on your part to
jef moskot wrote:
I didn't mean to spark a milter fight, but as the Subject line says, we're
looking for the simplest thing out there. I'm replacing a simplistic perl
script that just broke a message down, clamscanned it, and either passed
it on for delivery or quarantined and notified.
Oops!! I forgot a line; sorry!
(I'll direct followups to MIMEDefang mailing list. This is somewhat OT.)
#=
$Features{'Virus:CLAMD'} = '/full/path/to/clamd';
$ClamdSock = '/full/path/to/clamd.sock';
$Features{'Virus:CLAMAV'} = '/full/path/to/clamscan'
$AdminAddress =
On Thu, 7 Aug 2008 11:36:32 -0400 (EDT)
jef moskot [EMAIL PROTECTED] wrote:
You did not mention your MTA.
Oops, sorry. We're married to sendmail at this point.
In that case, why not just use clamav as a milter. It's been working fine for
us for the last couple of years.
Steve
jef moskot wrote:
On Thu, 7 Aug 2008, Henrik K wrote:
I use both, but MD is IMO more of a hobbyist tool...
I didn't mean to spark a milter fight, but as the Subject line says, we're
looking for the simplest thing out there. I'm replacing a simplistic perl
script that just broke a message
Hi all,
I am getting this error while installing the clam antivirus :
Claimddb# make
/usr/bin/ld: /usr/local/lib/libz.a(gzio.o): relocation R_X86_64_32
against `a local symbol' can not be used when making a shared object;
recompile with -fPIC
/usr/local/lib/libz.a: could not read
Your copy of the compression libraries needs to be compiled with the flag below
( position independent code ). I had the same problem. Get zlib version 1.2.3
source from sourceforge, extract, and modify the Makefile
CFLAGS=-O3 -DUSE_MMAP
to
CFLAGS=-O3 -DUSE_MMAP -fPIC
make, and copy the
Hello,
Just to let everyone know, I have been searching for the answer to this
question by using Google and searching on the ClamAV web site but still
have not found an answer. I have viewed the information at:
www.*clamav*.net/doc/latest/*signatures*.pdf
but it still does not show me how to
Thanks, Steve it works.
Regards,
Parveen
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
Holdoway
Sent: Thursday, August 07, 2008 4:17 PM
To: clamav-users@lists.clamav.net
Subject: Re: [Clamav-users] Error while installing clam- Please help
Your
Chambers, Phil wrote:
I have a local ndb file containing signatures of some spear phishing
attacks targeted specifically at us.
I recently added another signature and it cause clamd to shut down!
I'm afraid I can't help much with solving your problem, but I certainly
know what you're going
Darren G Pifer wrote:
Hello,
Just to let everyone know, I have been searching for the answer to this
question by using Google and searching on the ClamAV web site but still
have not found an answer. I have viewed the information at:
www.*clamav*.net/doc/latest/*signatures*.pdf
but
Gerard wrote:
On Thu, 7 Aug 2008 11:36:32 -0400 (EDT)
jef moskot [EMAIL PROTECTED] wrote:
You did not mention your MTA.
Oops, sorry. We're married to sendmail at this point.
Would you entertain a divorce?
IMHO, switching to Postfix might very well make your life easier. The
Hi:
Pardon me if this is obvious - I'm new to both Dspam and ClamAV.
I built Dspam with --enable-clamav, ensured that: dspam.conf has:
ClamAVPort 3310
ClamAVHost 127.0.0.1
and clamd.conf has:
TCPSocket 3310
TCPAddr 127.0.0.1
I see (from the headers) that mail messages coming in to
25 matches
Mail list logo
