John Fleming wrote:
- Original Message - From: Tomasz Kojm [EMAIL PROTECTED]
To: clamav-users@lists.clamav.net
Sent: Friday, March 16, 2007 7:49 PM
Subject: Re: ClamAV not LOGGING viruses was [Clamav-users] 0.90.1
notfindingviruses
On Fri, 16 Mar 2007 19:45:10 -0400
John Fleming
Christian Kuehn wrote:
Hi,
we detect some massive problems with the 0.90-series of clamav under Solaris 10,
the clamd use 90-99% of all CPU after 15min and the maschine got a load of
minimum 50.
The logfile shows like that:
Thu Mar 15 07:22:31 2007 -
John Fleming wrote:
- And the clamav log is free of errors and indicated that the
database is updated appropriately and clamd is being notified of
changes.
OK, clamav is finding viruses again, but they are not being LOGGED in
/var/log/clamav.log. The database upgrades and any restarts ARE
René Berber wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alex Moore wrote:
On Mon, 12 Mar 2007 15:01:06 +0200 (SAST)
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I am experiencing the same problems.
We have two quad CPU E450's running Solaris 9 handling the incomming
mail on our
John Fleming wrote:
If not syslog, then the the clamd run-as user have write permissions
to the log?
Yes, clamav:clamav both owner and group 0640
Just saw your next post come in - check for sure the run-as user is clamav.
Is the log 2gig in size?
Yeah, only about 5K right now.
John Fleming wrote:
clamd 22702clamav3w REG3,1 53702682197
/var/log/clamav/clamav.log
There's the log, but I need help understanding what's happening. - John
That's not where you were describing the log to be earlier. Your
original post said
Alex Moore wrote:
On Mon, 12 Mar 2007 15:01:06 +0200 (SAST)
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I am experiencing the same problems.
We have two quad CPU E450's running Solaris 9 handling the incomming
mail on our domains. These servers are generally very busy.
No experimental code
Alex Moore wrote:
On Wed, 14 Mar 2007 17:54:12 -0700
Dennis Peterson [EMAIL PROTECTED] wrote:
My systems handle about 1 million messages/week and none have
suffered a crashed clamd since I installed a self-built version
0.90.1. I did not enable experimental, and I don't use scripted
updates
John Fleming wrote:
I just realized to my horror that clamav has not found a virus in any
email handled by my server since March 5th when I upgraded to clamav
0.90.1. The messages are being tagged appropriately, e.g.:
X-Virus-Status: No
X-Virus-Checker-Version: Luke wa9als.com running
mr.dan.watson wrote:
Hello
There seems to be a problem with virustotal.com clamav scan engine.
Did you send them an email registering your bewilderment?
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Mark wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Kevin W. Gagel
Sent: maandag 12 maart 2007 18:00
To: ClamAV users ML
Subject: Re: [Clamav-users] Upgrade to .90? - Update
- Original Message -
So, its been a few days. How is
Gerard Seibert wrote:
On Sat, 10 Mar 2007 20:20:37 -0800
Dennis Peterson [EMAIL PROTECTED] wrote:
[...]
If you checked your outgoing mail I wouldn't have to check it when it
gets to my server. The only reason I have to check other people's
mail at all is because they don't.
Personally, I
Török Edvin wrote:
On 3/11/07, Gerard Seibert [EMAIL PROTECTED] wrote:
On Sat, 10 Mar 2007 20:20:37 -0800
[...]
Personally, I think you are being slightly naive if you actually
believe that everyone is going to be running an AV scanner on their
outgoing traffic.
Why are we having this
[EMAIL PROTECTED] wrote:
I found this error in the freshclam log file today on 2 of my servers.
--
Received signal: wake up
ClamAV update process started at Fri Mar 9 16:00:05 2007
main.cvd is up to date (version: 42, sigs:
fcgmail wrote:
And also if it's made to work with qmail, how can i make it not to scan
outgoing email?
Any hint will be greatly appreciated!
If you checked your outgoing mail I wouldn't have to check it when it
gets to my server. The only reason I have to check other people's mail
at
Ken Morley wrote:
I have a Linux (CentOS) server and I need to download the latest ClamAV
stable source. The server doesn't have a web browser, so I need to use
a command line to download the source. I've read the FAQ's and ClamAV
documentation, but don't find instructions for using wget or
Andy Fiddaman wrote:
On Thu, 8 Mar 2007, Didi Rieder wrote:
; Lucky you, maybe to low message volume
We have a several Solaris 10 servers running 0.90.1, each processing over
250K messages a day and have seen absolutely no problems. Experimental
code isn't enabled. I wonder what the
Kaplan, Andrew H. wrote:
Hi there --
I recently upgraded clamav to version 0.90.1. The method that I used was
downloading the Fedora Core 5 binaries into a single directory,
and running the rpm -Uvh *.rpm command. The installation completed successfully.
I checked the log files earlier today
Paul Bijnens wrote:
On 2007-03-07 02:16, Dennis Peterson wrote:
Paul Bijnens wrote:
On 2007-03-05 20:07, Dennis Peterson wrote:
Paul Bijnens wrote:
Be careful about using clamav with the MSRBL image-spams database!!
It seems to me like detecting the image spams with clamav signatures
Dennis Davis wrote:
On Tue, 6 Mar 2007, Dennis Peterson wrote:
From: Dennis Peterson [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Date: Tue, 06 Mar 2007 11:18:30 -0800
Subject: Re: [Clamav-users] msrbl sigs: rsync
Reply-To: ClamAV users ML clamav-users@lists.clamav.net
Christopher X. Candreva wrote:
On Thu, 8 Mar 2007, CPTeam Hostmaster wrote:
I get this in maillog whenever I start clamav-milter:
--
Mar 8 00:45:01 ns1 sendmail[7399]: l27Mj1nM007399: Milter (clmilter): local
socket name /var/run/clamav/clmilter.sock unsafe
Mar 8 00:45:01 ns1
Alex Moore wrote:
Has anyone seen 0.90.1's clamd die? I am running Solaris 9 SPARC. The
daemon had been running for several days. The mail server only handles
around 500 messages/day. So far, I have no clue.
I have been running clamav for a few years now and have not seen this
before. At
Jens Strohschnitter wrote:
mails scanned by clamscan are blocked correctly. The only thing I changed
in amavisd is to replace clamscan with clamd.
But I think it's a bug in amavis-0.3.13pre2. So I have to update to amavis-new.
The problem is, that the mashine runs as a productive system - and
Bill Landry wrote:
Bill Landry wrote the following on 3/6/2007 8:05 AM -0800:
Dennis Davis wrote the following on 3/6/2007 6:14 AM -0800:
On Mon, 5 Mar 2007, Bill Landry wrote:
From: Bill Landry [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net,
[EMAIL PROTECTED]
Dennis Peterson wrote:
There are two test files that list the files to download. The
file names and contents are:
file.list
http://www.sanesecurity.com/clamav/phish.ndb.gz
http://www.sanesecurity.com/clamav/scam.ndb.gz
msrbl.list
MSRBL-Images.hdb
MSRBL-SPAM.ndb
Just remembered one other
Bill Landry wrote:
Dennis Peterson wrote the following on 3/6/2007 11:18 AM -0800:
Here is my latest script iteration, which now includes testing for
newer files before copying the file to the temp working directory
for testing, and when copying is done due to a newer file being
found
Paul Bijnens wrote:
On 2007-03-05 20:07, Dennis Peterson wrote:
Paul Bijnens wrote:
Be careful about using clamav with the MSRBL image-spams database!!
It seems to me like detecting the image spams with clamav signatures
are not really an improvement. In fact, it is probably dangerous
Chris wrote:
On Monday 05 March 2007 12:08 am, Dennis Peterson wrote:
I ran it twice and both times it downloaded a new .hdb and .ndb file at
least the 'modified' times were within a couple of minutes of the current
time. I've commented out the
I just now realized you're moving the downloaded
Dennis Peterson wrote:
If you use wget rather than curl you can grab both of Steve's files in
one connection rather than two. I'll submit my script to Steve when I
get caught up on things here. It pulls down Sanesecurity and MSRBL files.
I just recalled that curl allows this too
Weber, Dominik wrote:
On Mon, 5 Mar 2007 13:09:45 +0100
Weber, Dominik [EMAIL PROTECTED] wrote:
Sorry but i don't top-posted.
You did and you're still doing this.
Ahh now i think i know what you mean.
But I don't know, how to configure my Outlook to do that.
Please don't post below the
Noel Jones wrote:
At 09:35 AM 3/5/2007, Dennis Peterson wrote:
The mv -f ... statement should be a cp ... statement. That will leave
the msrbl files in the directory that rsync uses for downloading and
for comparing versions.
It makes a great deal of sense to move the files into the clam DB
Morgan Walker wrote:
O.K. Will apt ever upgrade to a new version for me, or will I have to do
it manually?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Miroslav
Strugarevic
Sent: Monday, March 05, 2007 12:08 PM
To: ClamAV users ML
Subject: Re:
Christopher X. Candreva wrote:
On Mon, 5 Mar 2007, Dennis Peterson wrote:
It makes a great deal of sense to move the files into the clam DB directory
to insure an atomic operation. If clamd/clamav-milter should happen to
reload with a half-copied file in the DB dir, it will likely stop
Odhiambo Washington wrote:
* On 20/02/07 16:25 -0500, Kevin Way wrote:
| Dennis Peterson wrote:
| So, its been a few days. How is everyone feeling about the new version?
| I've hesitated to upgrade just yet. I've seen alot of feedback indicating
| problems and very little about smooth
Paul Bijnens wrote:
Be careful about using clamav with the MSRBL image-spams database!!
It seems to me like detecting the image spams with clamav signatures
are not really an improvement. In fact, it is probably dangerous!
The programs generating these spams make unique images with
Dennis Peterson wrote:
How did you determine they were false positives? Their website does not
provide a context so you can't know if what you are seeing is a web
beacon image or a spacer.
I determine false positives very simply - If neither the sender nor the
intended recipient do
Rob MacGregor wrote:
On 3/5/07, Leonardo Rodrigues Magalhães [EMAIL PROTECTED] wrote:
Or maybe clamav is configured to PASS infected emails !!! It´s not
an intelligent thing to do, but amavisd allows it.
The point is, clamav doesn't block or pass the emails. Clamav simply
gives a status
Chris wrote:
On Sunday 04 March 2007 7:23 am, Steve Basford wrote:
Hi,
Just a heads up for those using the msrbl sigs.
As of last week:
Downloading of the signature files is currently only available via rsync:
rsync rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb
/path/MSRBL-SPAM.ndb
Chris wrote:
On Sunday 04 March 2007 4:15 pm, Dennis Peterson wrote:
Steve, since I'm using a script that was posted here quite some time ago
what changes need to be made:
Create a text file, msrbl.list, with these two lines:
MSRBL-SPAM.ndb
MSRBL-Images.hdb
Run rsync and call that file
Chris wrote:
On Sunday 04 March 2007 4:15 pm, Dennis Peterson wrote:
Steve, since I'm using a script that was posted here quite some time ago
what changes need to be made:
Create a text file, msrbl.list, with these two lines:
MSRBL-SPAM.ndb
MSRBL-Images.hdb
Run rsync and call that file
Henrik Krohns wrote:
On Fri, Mar 02, 2007 at 09:28:13PM -0800, MrC wrote:
An upcoming amavisd-new release provides the ability to consider Phishing
scams, etc. as spam rather than viruses.
And it works great! Now the statistics look silly, so little real viruses
coming in..
Don't forget
Sean Pinegar wrote:
thanks for the replies. I know that sometimes one scanner will find a
file that the other wont i was just curious if clamAV tends to not
find viruses that norton finds. Thanks again for your reply
Daniel...a couple other people tried to make me sound like i had no
clue how a
Lyle Giese wrote:
In this case, was the file really infected or did Norton throw a false
positive?
At this point, we really don't know which product is producing an
error. How about downloading AVG and scanning this file again?( they
have free and trial versions)
Lyle
There are also
Sean Pinegar wrote:
The file has been submitted. Thank you.
Something else to consider is that your mail system has a max size for
files it will submit for scanning, and that this file was larger than
that max size. Just something to look for in trying to debug the failure.
dp
This is an interesting list for what it shows. It is a list from the
last 10,000 viruses caught here where there were 10 or more of a
particular virus caught. Clearly most of them are not viruses at all but
image spam and penny stock scams. Might be time to re-word the way the
information is
Tomasz Kojm wrote:
On Thu, 01 Mar 2007 11:09:49 -0500
Craig Green [EMAIL PROTECTED] wrote:
The failure happens when the perms on the daily.inc directory
mysteriously become 700 and thus deny group reads. Since the vast
Thanks for the good report, the problem is now fixed in SVN.
What is
Tomasz Kojm wrote:
On Mon, 26 Feb 2007 23:41:39 -0800
Dennis Peterson [EMAIL PROTECTED] wrote:
Wolf, Brian wrote:
Brian wrote:
both freshclam and clamd 0.90 have been dying with
Can't lock database directory every time a new
version of signatures comes out.
It looks like my problem
Dennis Peterson wrote:
Tomasz Kojm wrote:
On Mon, 26 Feb 2007 23:41:39 -0800
Dennis Peterson [EMAIL PROTECTED] wrote:
Wolf, Brian wrote:
Brian wrote:
both freshclam and clamd 0.90 have been dying with
Can't lock database directory every time a new version of
signatures comes out
Wolf, Brian wrote:
Brian wrote:
both freshclam and clamd 0.90 have been dying with
Can't lock database directory every time a new
version of signatures comes out.
It looks like my problem was caused by having freshclam run
a script after an update using the OnUpdateExecute line in
Frank Tanner III wrote:
Before I begin, I have read the Wiki with regards to this issue, and the
information it has doesn't cover this issue. I didn't see anything in
the archive list either. There is only a single occurrence of the
executables and libraries.
When I run clamscan I get the
Frank Tanner III wrote:
Turned out there was a defective boolean in the default clamd.conf file
that I had to fix. The FixStaleSocket directive is a boolean and had
nothing after it. Putting a yes after it seems to have fixed the date
problem. It also appears to have fixed the segfault as
Frank Tanner III wrote:
On Sun, 2007-02-25 at 16:38 -0800, Dennis Peterson wrote:
Frank Tanner III wrote:
Turned out there was a defective boolean in the default clamd.conf file
that I had to fix. The FixStaleSocket directive is a boolean and had
nothing after it. Putting a yes after
Shawn Badger wrote:
I'm sure this has been asked already, but I haven't been able to find
it. How do I get the .cdiff files? I had a local mirror set up, but
since .90 was installed they are looking for the .cdiff files.
Before I was just doing a symbolic link on my server to .cvd files it
was
Shawn Badger wrote:
I could do that, but on my server where the mirror is stored the
daill.cvd ahs been replaced by a folder called daily.inc. The folder
now holds several daily files none of which are cvd's.
On 2/23/07, Dennis Peterson [EMAIL PROTECTED] wrote:
In freshclam.conf
Solaris 9, ClamAV 0.90, running fresh clam I get this:
LibClamAV Error: Database Directory: /usr/local/share/clamav not locked
What is it trying to tell me?
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
After about an hour, or maybe at busy times, clamd disappears without a
trace. No core dump, nothing in the logs.
This happens on every Solaris instance I've built. It does not matter if it
is Sol8, Sol9, or Sol10. I've not had time to go back in and rebuild it without
the experimental
carren stuart wrote:
Dennis Peterson wrote:
There really is an error in your system's timezone or clock/calendar,
but let's focus on your auto scan because that is why you are here.
I've spent the last couple of days working on this trying to find out
exactly what the problem was. It turned
carren stuart wrote:
Dennis Peterson wrote:
Not quite right yet, Carren.
Sigh
If it's not right this time I'm throwing this thing out the window and
going back to a slate and chalk!
I think the Maori tradition for successes like this is to go out and
have a beer.
dp
carren stuart wrote:
Anyway, those of you who were more than happy to have my mail going to
your SPAM folder - you may consider this an apology. Those of you who
actually did your best to help me, without making me feel like an idiot
- may consider it an official Thank you.
So what was
Steve Holdoway wrote:
On Mon, 19 Feb 2007 15:25:26 -0800
Dennis Peterson [EMAIL PROTECTED] wrote:
carren stuart wrote:
Dennis Peterson wrote:
Not quite right yet, Carren.
Sigh
If it's not right this time I'm throwing this thing out the window and
going back to a slate and chalk!
I
carren stuart wrote:
[EMAIL PROTECTED] wrote:
Ugg, as much as I hate to continue this OT subject. Something with your
time
is jacked. Whether it be your time or timezone I don't really care or care
enough to tell you where you have it wrong. You mail is showing up in
peoples mailboxes as if
Jonathan Armitage wrote:
I have just successfully built 0.90 on a PC running Solaris 10.
However, I had to explicitly set LDFLAGS=-L/usr/local/lib for configure
to find the gmp library.
I'm sure I've never had to do this before.
Jon
Is /usr/local/lib included in the path returned by
Jonathan Armitage wrote:
Jonathan Armitage wrote:
I have just successfully built 0.90 on a PC running Solaris 10.
However, I had to explicitly set LDFLAGS=-L/usr/local/lib for
configure to find the gmp library.
Sorry, should have added output from crle:
Default Library Path (ELF):
Jonathan Armitage wrote:
Jonathan Armitage wrote:
I have just successfully built 0.90 on a PC running Solaris 10.
However, I had to explicitly set LDFLAGS=-L/usr/local/lib for
configure to find the gmp library.
Sorry, should have added output from crle:
Default Library Path (ELF):
carren stuart wrote:
Dennis Peterson wrote:
Um excuse me ... for your information, my system clock is set correctly.
And before you ask - yes, I just double checked it (specially for you).
So long ... and thanks for all the fish.
So what the heck time zone are you whining from? It's really
*bump*
Dennis Peterson wrote:
What is the current significance of the daily.inc directory? It is
present in my rc3 environment but not in 0.90.
I've not found anything in the docs about this, including in the mirrors
how-to. I'd like to continue distributing cvd files internally from
It should be present in 0.90 after the first scripted update.
Ok -- I understand now what is happening there.
I've not found anything in the docs about this, including in the mirrors
how-to. I'd like to continue distributing cvd files internally from a
single Internet connected
So, its been a few days. How is everyone feeling about the new version?
I've hesitated to upgrade just yet. I've seen alot of feedback indicating
problems and very little about smooth and great upgrades.
What's the general concensous - You can't upgrade fast enough or Stay where
you are?
Tomasz Kojm wrote:
On Thu, 15 Feb 2007 13:51:54 -0800
Bill Landry [EMAIL PROTECTED] wrote:
I just had to back it out of production. It would not run more than a
couple minutes under a normal load that 88.7 shrugs off. It dies without
any error messages.
dp
Yep, I observed the same behavior on
Tomasz Kojm wrote:
On Thu, 15 Feb 2007 15:13:38 -0800
Bill Landry [EMAIL PROTECTED] wrote:
Tomasz Kojm wrote the following on 2/15/2007 3:00 PM -0800:
On Thu, 15 Feb 2007 13:51:54 -0800
Bill Landry [EMAIL PROTECTED] wrote:
I just had to back it out of production. It would not run more
Christopher X. Candreva wrote:
On Thu, 15 Feb 2007, Dennis Peterson wrote:
In my case the only difference from every previous build was to enable
experimental. I have just one build script I've used for years.
Try without experimental.
I have a similar set-up (Sun Sparc Ultra 2s, Solaris 8
carren stuart wrote:
Jim Maul wrote:
ack. Would you rather someone reply and say wow, that sucks, but i
cant help you?
Actually, yes I would. At least that would be acknowledgment of my
problem and request.
Maybe people are looking at the post time of your messages and see you
can't
Steve Holdoway wrote:
On Thu, 15 Feb 2007 19:26:34 -0800
Dennis Peterson [EMAIL PROTECTED] wrote:
I realize that and I apologize, but I've got a lot going on just now.
There's not a lot to say yet. Solaris 9 in a Sun E250 w/2g ram, 80,000
messages/day per instance, running with a milter (J
carren stuart wrote:
Dennis Peterson wrote:
Maybe people are looking at the post time of your messages and see you
can't even manage your system clock so aren't surprised you're whining
about configuring something as complex as a fully integrated anti-virus
solution.
Um excuse me
aCaB wrote:
Dennis Peterson wrote:
Dennis Peterson wrote:
Now that 0.90 is released how long will 88.7 supported? I have a lot
of backend stuff to rewrite and still have some DST patches to fight
with :)
The 0.8x serie is no longer supported, but we have provided package
maintainers
What is the current significance of the daily.inc directory? It is
present in my rc3 environment but not in 0.90.
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Now that 0.90 is released how long will 88.7 supported? I have a lot of
backend stuff to rewrite and still have some DST patches to fight with :)
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Dennis Peterson wrote:
Now that 0.90 is released how long will 88.7 supported? I have a lot of
backend stuff to rewrite and still have some DST patches to fight with :)
It compiled and installed beautifully, btw. What ever problems existed
in rc3 are gone in this one. Nice job again!
dp
René Berber wrote:
Is anybody working on upgrading perl module Mail::ClamAV?
Current version 0.17 does not build under clamav version 0.90, there's at least
2 defined constants that don't exist anymore, maybe other problems.
The real problem will show for users of MailScanner, without a
Tim Boyer wrote:
On Sun, 4 Feb 2007 14:28:29 +0100, Sven Strickroth [EMAIL PROTECTED] wrote:
I upgraded last night on two machines, and configured with
--enable-experimental:
I left my conf file alone, and when I try to start up, I get this:
Commenting out the DetechPhishing enables
Randal, Phil wrote:
Christopher X. Candreva wrote
I've been running 0.90rc2 here for a few months. IMHO it is
more stable than
the 0.88.x I was running previously.
Just yeaterday I received a Bugzilla note from one I had
submitted that it
was fixed in 0.90rc3. I am taking that to mean we
Christian Kuehn wrote:
Hmm
already successful compiled in Solaris 10_x86
SunOS rzviwa02 5.10 Generic_118855-19 i86pc i386 i86pc
works fine.
Kind Regards
Christian
50-50 isn't bad. Can you share your configure params?
dp
___
Help us build a
Christopher X. Candreva wrote:
On Thu, 1 Feb 2007, Dennis Peterson wrote:
50-50 isn't bad. Can you share your configure params?
Compiled fine on Solaris 8 Sparc, gcc 4.1.1, binutils 2.17
I configure with just ./configure --enable-milter
It built to completion when I left out --enable
Stephen Gran wrote:
On Thu, Feb 01, 2007 at 08:17:03AM -0800, Dennis Peterson said:
Randal, Phil wrote:
Christopher X. Candreva wrote
I've been running 0.90rc2 here for a few months. IMHO it is
more stable than
the 0.88.x I was running previously.
Just yeaterday I received a Bugzilla note
Henrik Krohns wrote:
Pretty obvious that -liconv is missing. Using GNU iconv? Not rocket science
to fix. :)
-hk
Probably not - but RC2 continues to build fine. I'm only reporting what
I see. iconv is alive and well, I assure you :)
dp
___
Help
Stephen Gran wrote:
On Thu, Feb 01, 2007 at 08:52:33AM -0800, Dennis Peterson said:
Henrik Krohns wrote:
Pretty obvious that -liconv is missing. Using GNU iconv? Not rocket science
to fix. :)
-hk
Probably not - but RC2 continues to build fine. I'm only reporting what
I see. iconv is alive
Aleksander wrote:
So the big question:
How does clamav answer to a PING while updating/loading the virus db?
or
How do we detect, that clamd is not dead, but simply updating it's
database?
For now, I'll simply disable the clamav protocol test and stick with
only checking the INET socket.
Galactic wrote:
Seems it is already in the DB as something else, Trojan.Downloader-6xx.
Norton was stripping the file from my email so I couldn't read the headers
on it. Not sure why it was slipping past ClamAV however. When I tried to
upload these 3 files postcard.exe, Full Clip.exe, and
Galactic wrote:
I tried to submit them, however the submission system wouldn't let me upload
them as the files I was uploading were scanned by the system and detected
them as already being in the database.
Franklyn
When that happens it's worth checking to see if your installation
Andy wrote:
I'm still confused to what caused this though so I can stop it happening
again. I'm also still worried it couldn't scan that .exe file, yet by just
upgrading the DB it can somehow magically do it now?
It is quite possible the exe file was incomplete making it impossible to
Andy wrote:
Dennis Peterson ([EMAIL PROTECTED]) wrote:
It is quite possible the exe file was incomplete making it impossible to
decompress. That happens a lot. It is curious that you bother scanning
exe files at all, though. Many admins reject them immediately along with
all the other file
Kelly Jones wrote:
Any thoughts?
Send your users this link: http://www.securityfocus.com/news/11380
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Nigel Horne wrote:
Dennis Peterson wrote:
I've decided to explore clamav-milter. The objective is to have a
single server where all clamAV process run. Think of it as a virtual
AV appliance (Because that is what it is).
The lab environment is a mail server (Solaris 9, Sparc) running
Some new problems below:
Nigel Horne wrote:
Dennis Peterson wrote:
I've decided to explore clamav-milter. The objective is to have a
single server where all clamAV process run. Think of it as a virtual
AV appliance (Because that is what it is).
The lab environment is a mail server
Odhiambo Washington wrote:
Is anyone using Exim with exiscan in this forum? That is where the
subject is heading, as I can see.
Peterson, what do you use?
J-Chkmail from Jose-Marcio in France. Works great.
dp
___
Help us build a comprehensive
Stephen Gran wrote:
On Tue, Jan 16, 2007 at 09:47:45AM -0800, Chuck Swiger said:
Edit the freshclam.conf and clamd.conf files and uncomment the User
or DatabaseUser entries; these files will be under /etc/spam/clamav
if you are using Apple's default location.
Please see earlier discussion
I've decided to explore clamav-milter. The objective is to have a single
server where all clamAV process run. Think of it as a virtual AV
appliance (Because that is what it is).
The lab environment is a mail server (Solaris 9, Sparc) running sendmail
and another server (Solaris 10, X86)
Tomasz Kojm wrote:
On Sun, 14 Jan 2007 23:31:59 +0100
bsd [EMAIL PROTECTED] wrote:
Hello,
I am using OS X Server 10.4.8 and I am trying to use clamscan to scan
a shared point (AFP SMB) share using clamscan.
When I issue a simple command such as
# clamscan -l /var/log/clamscan.log -r
Chuck Swiger wrote:
On Jan 15, 2007, at 10:44 AM, Dennis Peterson wrote:
Elsewhere in the thread: OS X always has a root account - what it
doesn't always have is a root password.
Phrase it as you wish: it is true that MacOS X ships with an /etc/passwd
that lists a uid-0 root user
Stephen Gran wrote:
On Mon, Jan 15, 2007 at 10:44:33AM -0800, Dennis Peterson said:
Tomasz Kojm wrote:
Please reconfigure ClamAV sources with ./configure --with-user=clamav
Clamscan doesn't use that parameter.
./clamscan/defaults.h:
#define UNPUSER CLAMAVUSER
#define UNPUSER clamav
1001 - 1100 of 1693 matches
Mail list logo