Am 03.01.2008 um 00:22 schrieb Roflek of TK53:
On Jan 2, 2008 11:31 PM, Tomasz Kojm [EMAIL PROTECTED] wrote:
I don't negate your points about O_EXCL etc. I don't negate the
thesis in
the subject either :-) What I really negate is the FUD you're
making with your
disclosures, some
Am 03.01.2008 um 01:20 schrieb Roflek of TK53:
On Jan 3, 2008 12:48 AM, Christoph Cordes [EMAIL PROTECTED] wrote:
Let's leave the technical part out, since this is not a technical
issue as it seems. Tomasz did not deny anything, he just said that
this are minor issues. I fully understand
Am 20.11.2007 um 11:06 schrieb Sean Doherty:
Anyone know if there is any substance to this vulnerability claim?
http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-
code-execution.html
No.
--
Best regards,
Christoph
___
Help us
Hello,
so in the end it boils down to this:
- after a new release ClamAV should mimic the behavior of the
preceding version by default unless it's a major release (.x0) or the
user enabled possible new features explicitly. furthermore the
default behavior should be as conservative as
Am 22.11.2007 um 00:45 schrieb Steve Wray:
Christoph Cordes wrote:
Am 20.11.2007 um 11:06 schrieb Sean Doherty:
Anyone know if there is any substance to this vulnerability claim?
http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-
code-execution.html
No.
Ok, slight
Am 22.11.2007 um 01:54 schrieb David F. Skoll:
Just to make you feel better - ClamAV includes two special mechanisms
that in almost all cases allow us to remotely address such
vulnerabilities in
5 minutes eliminating the need for urgent update of the entire
package. These
special
Hello,
we thought a bit about this, and here's the solution that could
satisfy everyone (TM):
for clamd we could provide different configfiles, depending on the
needs the user can choose between 3 - or more templates, like:
failsafe - most reliable
standard - higher chance for a fp but also
Am 02.10.2007 um 19:24 schrieb Dennis Peterson:
Can anyone offer a reason why the OP found a virus in the mbox file
but not in the
split out maildir messages? That kind of inconsistency is unsettling.
Just read my reply to one of your mails.
--
Best regards,
Christoph
Am 02.10.2007 um 00:17 schrieb Dennis Peterson:
To be honest this is a pretty weak pattern to create a yea or nea
decision with.
You're probably right, however, this mails didn't offer too much to
pick them up. And please be sure that i checked the signature against
90.000 mailfiles
Am 02.10.2007 um 05:05 schrieb Chinh Nguyen Tam:
Dennis Peterson wrote:
Chinh Nguyen Tam wrote:
Greetings,
We've notice some strange behavior of clamav in our email server
for.
When we try to send some email (HTML format, Outlook 2003) with URL
inside, clamav detects these email as
Am 29.08.2007 um 00:59 schrieb Dan Metcalf:
I have a client that is having some trouble when forwarding some
spamcop
complaints to the appropriate parties. They keep getting
Email.Webaccount-11 rejections.
Looked all over, but haven't found the right place for a definition
of what
Am 26.08.2007 um 17:48 schrieb BG Mahesh:
But the emails don't have any faketube/youtube URLs
They are plain text files but yes, few emails have URLs in their
signatures.
Are these false phising alarms?
Could you submit such a mail in a password protected zipfile? I'll
try to figure
Am 26.08.2007 um 17:53 schrieb BG Mahesh:
Should I send it to you directly?
Yes, please.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Am 17.08.2007 um 17:28 schrieb John Rudd:
It's now just
another AV product, instead of a community project. That's kind of
sad.
Why do you think so?
As far as I'm concerned, i will still spend up to 18 hours a day on
ClamAV. I'll also continue to call Luca at 4 a.m. if i notice a
Am 17.08.2007 um 17:59 schrieb David F. Skoll:
(Public companies don't make acquisitions for the good of the
community; they make them for the good of their shareholders.)
Do you believe that the first goal excepts the other? ClamAV and the
Community around it has some experience with doing
Am 13.08.2007 um 18:24 schrieb Roberto Ullfig:
What determines a clean/small/fast database? Are these removals logged
anywhere? I now notice that all Phishing viruses are gone and we're
now getting Email.Ecard viruses. Was there a renaming?
The RB signatures are not generic and will usually
Am 10.08.2007 um 23:16 schrieb Marshall Dudley:
I was running clamscan, and the var partition of the drive filled up.
This partition had 300 Meg free on it, and clamscan created a huge
number of files like mixedtextportion05GJ4k in the
/tmp/clamav-ec6d3e4e4e253eaf directory and filled it up.
Am 03.07.2007 um 07:30 schrieb BG Mahesh:
On 6/28/07, Steve Basford [EMAIL PROTECTED] wrote:
554 Failure Messagecontains an infected attachment (
Email.Phishing.RB-827)
The laptop that is sending the message is not infected with any
virus.
RB-827 is a phishing signature for regions
BG Mahesh schrieb:
On 7/3/07, Christoph Cordes [EMAIL PROTECTED] wrote:
Could you please provide a copy of the mail that clam blocks? The
fact that i received your mail is a proof that ClamAV does not detect
anything in mails from you. So, the mail that Clam detects on your
server contains
Am 02.07.2007 um 10:48 schrieb ClamAV List:
Hi List,
I had been monitor the mail server and notice that there are many
error like
the one below.
@40004688b95a3983c334 CHKUSER accepted rcpt: from
[EMAIL PROTECTED]:[EMAIL PROTECTED]: remote RND1:unknown:
202.142.86.69
rcpt [EMAIL
Am 22.05.2007 um 16:15 schrieb Morgan Smith:
Wilson Kwok wrote:
Hello,
My Linux mail server still using 0.88 version, the 0.88
version can update
0.9x version virus ? or must need upgrade clamav to 0.9x version ?
The virus signatures will work in both versions, but I would
James Bourne schrieb:
On Wed, 25 Apr 2007, Christoph Cordes wrote:
Gary V schrieb:
I received an email with a password protected .rar file that claims to
contain an .exe file that I should run in ordrer to protect me from an
undetected worm. I submitted it and it was recognized
Sai Bathina schrieb:
Folks,
I have about 16 viruses that are not being caught by the 0.90.1 version as
opposed to 0.88.5. I think the problem looks to be in the cli_ac_scanbuff
function.
Could you send the samples to [EMAIL PROTECTED] ? Please use a password
protected zip archive. Thank
Sai Bathina schrieb:
So the output for 0.88.5 looks like this:
Scanning through Win32.Alcaul.i
Found virus: W32.Kruls.Gen
Scanning through Win32.Alcaul.j
Found virus: W32.Kruls.Gen
Scanning through Win32.Bolzano.3100
Found virus: W32.Bolzano.Gen
Scanning through Win32.Bolzano.3148
Joe Evans schrieb:
After upgrading to the latest version of ClamAV, I've noticed some files
not being detected with v0.90.2, which were detected with v0.88.7. Could
there be a bug with the pattern scanning portion of libclamav, or am I
missing something obvious?
Both test cases are using
Joe Evans schrieb:
Can anyone shed some light on the log entries below?
(1) Can't calculate offset for signature Trojan.Mybot-5073
(2) Broken PE file
The file is broken. This happens very often with such samples
(SdBot/Mybot). With ClamAV .9x the recognition of broken executables was
Sebastian Deiszner wrote:
Hello,
i got 2 or 3 powerpoint-files every week.
I have the problem, that the files are 'corrupted' - powerpoint is not
able to open the documents.
I use postfix, clamassassin and the newest clamav.
The sender from the powerpoint files send the same file to
Larry Yuma wrote:
Does clamav have any certificate of any labs like www.icsalabs.com?
No, nothing like that.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit
Mogens Kjaer wrote:
I've tried to report this on http://cgi.clamav.net/sendvirus.cgi,
however, only files 2M are accepted.
Just submit the URL. I downloaded it and we will take care of it. Thank you.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
Dennis Peterson wrote:
I already know the question is difficult, but it isn't impossible to
answer as there are other AV vendors who have a solution for this
particular problem if the article is to be believed.
So you want to know if the ClamAV Team monitors an infected system to
get hands
Carl Thompson wrote:
I have followed the documentation i've found and created custom database
files that identify files that stand alone without a problem using sigtool
--md5 file /path/to/custom.db
Try:
sigtool --md5 file /path/to/custom.hdb
--
Best regards,
Christoph
[EMAIL PROTECTED] wrote:
Hola Amigos:
necesito actualizar la version de clamav de 0.83 a 0.88. Ya
baje los archivos .gz y la pregunta es, que teng que hacer para
actualizar??
debo hacer backup de los archivos de configuracion y que mas?
que otra medida tengo que tener en cuenta?
Dennis Peterson wrote:
How is this different/better than or preferable to systems already using
SURBL technology?
SURBL is a blacklist and can only block abusive IP's/domains/URL's that
have been reported and added. ClamAV´s Phishphighter is able to
recognize phish even if the abusive
Hello Didi,
Friday, May 12, 2006, 3:44:19 PM, you wrote:
Maybe it is of interest:
http://nepenthes.mwcollect.org/stats:scannertest
Not really. You have to take the results with a grain of salt for several
reasons:
The test is 6 months old (even if heise.de still sells it as News)
Many
Hello Nepenthes,
Friday, May 12, 2006, 4:34:58 PM, you wrote:
We still *have* that good intention, and these stats were written as
some advertising for nepenthes, not as a 100% reliable source for
comparisions between different scanners.
You and I are aware of this - but as you can see @
Hello Ollie,
Tuesday, April 18, 2006, 4:01:40 PM, you wrote:
Hi I am getting the below error when trying to run Clamd. The .conf files
are where they are supposed to be. Does anyone know what could be causing
this?
$ clamd
ERROR: Please edit the example config file /usr/local/etc/clamd.
BitFuzzy wrote:
Odhiambo Washington wrote:
* On 10/09/05 13:47 -0500, Pablo Chamorro C. wrote:
I managed to deploy squid + havp + clamav for antivirus control of
web pages/files, and for my surprise this morning I found:
10/09/2005 13:08:36
Joanna Roman wrote:
Can anybody tell me how downloader viruses are
encountered ? Is it via http browsing and adware ??
Not only - sometimes they are spammed through mail or distributed
through P2P networks - you can find them almost everywhere in many
different flavours.
--
Best regards,
Battaglia Andrea wrote:
Hi,
I am trying to replace WebShield Antivirus with ClamAV, but there are some virus that clam is not able to capture.
These virus in WebShield are called : NEWUNIX and Bagle!elm.gen.
Could you give me some information about these virus ?
NEWUNIX sounds like a generic /
Niek wrote:
On 4/19/2005 8:25 PM +0200, Tomasz Kojm wrote:
Does it send itself via e-mail?
No they didn't send themselves per e-mail.
So what you're saying is, only selfspreading e-mail viruses
qualify to make it through the submit process ?
No, but Email borne malware has the highest priority.I
Gary Weinfurther wrote:
Sounds like the answer is no?
Christoph Cordes wrote:
Gary Weinfurther wrote:
Does ClamAv protect against W32.Spybot.IVQ, a worm with Denial of
Service and Back Door capabilities?
This is not easy to answer - this Spybots/Mybots/Gaobots/Wootbots/SdBots
come in many
Gary Weinfurther wrote:
Does ClamAv protect against W32.Spybot.IVQ, a worm with Denial of
Service and Back Door capabilities?
This is not easy to answer - this Spybots/Mybots/Gaobots/Wootbots/SdBots
come in many different flavours, packed and crypted with one or more
runtimepackers. ClamAV is
[EMAIL PROTECTED] wrote:
Hi.
Does anyone know a good description of the behavior of Worm.Somefool.Gen-3 ?
How do others AV call this worm?
thanks
--eduardoh
This message was sent using IMP, the Internet Messaging Program.
On Tuesday, October 12, 2004, 5:02:41 PM, marvin wrote:
m Nigel Horne writes:
On Tuesday 12 Oct 2004 15:51, marvin wrote:
Although it logs the virus to the /var/log/clamd.log, I would like it added
to the header e.g.
X-Virus-Flag: Yes - Worm.SomeFool.P
Any ideas how I can
On Monday, October 11, 2004, 7:32:53 PM, Jason Warren wrote:
JW Had something that looks like a virus get through ClamAV today. I
JW understand this is bound to happen. Not bitching about that. Question
JW is where do i send this guy.
http://clamav.catt.com/cgi-bin/sendvirus.cgi
--
Best
On Monday, August 9, 2004, 7:58:52 PM, Michael Brennen wrote:
MB Just in the last few minutes I've started getting hit with several
MB copies of a a zip packaged exe file from widely varying sources. The
MB names are of the form 'price.*\.zip'. I've submitted a copy online
MB and it was
On Monday, June 14, 2004, 3:09:13 PM, Randal, Phil wrote:
RP Last update details on clamav-virusdb is 349 (June 10th), current version is
RP 354.
RP Are the individual update summaries available elsewhere?
RP Phil
RP
RP Phil Randal
RP Network Engineer
RP Herefordshire Council
RP Hereford,
On Tuesday, May 18, 2004, 9:48:01 PM, Harrell, Roger wrote:
HR I've been trying to get clamdscan working for quite some time now. I have
HR installed clamav. clamscan works. Clamdscan fails with:
HR connect(): Connection refused
HR ERROR: Can't connect to clamd.
HR --- SCAN SUMMARY
On Saturday, May 15, 2004, 12:49:03 AM, Michael St. Laurent wrote:
MSL I know that Clamav has signatures in the database for the various species of
MSL the Sasser worm and when I check the sigtool database they are listed.
MSL What's the problem then you ask? There is not a single instance in
On Wednesday, April 28, 2004, 4:09:57 PM, Ralf Guenthner wrote:
I guess that you use very old database - Win32.Mix isn't present in
the database since the end of February 2004.
RG Tomasz,
RG thanks a lot for replying. I'm afraid that's not the problem, though.
RG Here's the result of a
On Sunday, February 22, 2004, 8:19:13 PM, Rajkumar S wrote:
RS Starbane wrote:
Considering the speed at which this was added to the database (and the
last three major mail worms that got treated similarly) I'm just
terribly impressed with the ClamAV devs.
RS I run ClamAV for our local ISP,
Hello Carl,
Sunday, February 8, 2004, 3:05:56 PM, you wrote:
C I have clamav .65 with milter .60 installed in a sendmail
C system. clamav-milter seems to catch all the files except those in
C .zip files.
C I recieved mydoom in .zip files and it was scanned and tagged
C as clean by
Hello Micha,
Thursday, January 29, 2004, 10:13:41 AM, you wrote:
MS Last night I made a small change to qmail-scanner.pl- I added 'worm.sco.a'
MS to the array $silent_viruses_array. (To prevent sending Virus Found messages
MS to innocent sender addresses)
did you edit it with something like
Hello Dilip,
Tuesday, January 6, 2004, 3:44:43 PM, you wrote:
DM Hi,
DM I just got Clam-AV and Freshclam working :) Was little tough :(
DM I'm running Qmail on Redhat7.3
DM # more /var/log/clam-update.log
DM
DM
Hello Brian,
Friday, November 28, 2003, 6:34:40 AM, you wrote:
BWA We do run ClamAV at the ISP level and we've had one user ask that we
BWA not filter their email. My response was to laugh, my boss offered to
BWA mail the user one of the AOL CD's we've got laying around and to cancel
BWA
Hello Serge,
Wednesday, November 12, 2003, 9:53:28 AM, you wrote:
SS Hello, clamav users.
SS Can clamav detect Win32.HLLM.Foo virus? Currently, i must detect this virus by
DrWeb.
SS WBR, ssp
Since Win32.HLLM.Foo seems to be another name for Mimail - yes it
Hello Clamav-users,
I don´t know if anyone already came up with this or if it´s already on some ToDo i
didn´t read - if so: please have mercy :-)
while i was playing arround with KAV i noticed that they offer 3 different signature
sets (normal, advanced, paranoid). I think that´s a pretty
Hello Robin,
Monday, November 10, 2003, 8:52:50 PM, you wrote:
RC Does clamav detect the W32.Swen worms?
RC W32.Swen.A
yes, but it will be detected as Worm.Gibe.F
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
58 matches
Mail list logo