On Sun, 2011-03-06 at 15:39 -0500, Alex wrote:
Some time ago I posted a message requesting help tracking down a false
positive, and trying to learn why it triggered. I have another one.
Yes, back in Sep 2010. A lot of people using threading and keeping an
archive are unlikely to ever read this
On Sun, 2011-03-06 at 17:22 -0500, Alex wrote:
There was some discussion about this particular signature on the
Sanesecurity list. Archives here:
http://news.gmane.org/gmane.comp.security.virus.clamav.sanesecurity
Thanks everyone for the information. I thought for sure it was that I
was
On Sun, 2011-03-06 at 17:52 -0500, Alex wrote:
In-Reply-To and References headers. Set when replying.
guenther -- who has given up hoping long ago, that folks running mail
servers should understand mail headers
I'm not sure if I should quit while I'm still behind, or if
On Sun, 2011-03-06 at 20:32 -0500, Alex wrote:
Every email has a unique-ish Message-Id. Proper MUAs, when replying,
will set the In-Reply-To header to the just replied-to message's
Message-Id, and likewise add it to the list in the References header.
Yes, I understand this. I just thought
On Sun, 2010-05-23 at 17:43 +0300, Török Edwin wrote:
If a file is determined to be clean, its MD5 is added to an in-memory
cache.
When scanning a new file, its MD5 is computed and looked up in the
cache. If found, it is considered clean.
On DB reload the entire cache is cleared.
On Sun, 2010-05-23 at 10:21 +0300, Török Edwin wrote:
else
Scan it like it does now
( with everything in the DB, I assume. )
}
A simpler form of this is already implemented in 0.96 :)
If a file is determined to be clean, its MD5 is added to an in-memory cache.
When scanning
On Mon, 2009-09-14 at 17:27 +0200, Wolfgang Breyha wrote:
I'm running clamd with both official and sanesecurity sigs.
Now I made a test with my virus archive and recognized that clamd prefers the
sanesecurity sigs. Using only ClamAV original sigs I have ~3500 virus matches.
Using both
On Fri, 2009-02-20 at 22:25 -0500, Gary L Burnore wrote:
Laurens laur...@wildeboer.id.au wrote:
I have been wanting to unsubscribe from this fucking thing for over a
year can not remember log in details etc and as a result I keep
getting this shit.
Ok, someone's gotta say it, YOU
On Thu, 2009-02-19 at 10:50 +, Ian Eiloart wrote:
http://www.clamav.net/support/ml
Can we not have the list unsubscribe link in the footer, too? It's a legal
Maybe start by following the link you quoted... ;)
requirement in the UK to have an easy to use mechanism to unsubscribe to
On Tue, 2008-12-02 at 10:10 +0100, Tomasz Kojm wrote:
On Tue, 02 Dec 2008 00:59:01 +0100
Karsten Bräckelmann [EMAIL PROTECTED] wrote:
FWIW, detected as Trojan.Invo-13 and Trojan.Downloader-60790.
Which (again) raises the question why that variation, for what appears
to be a single malware
Today started again what seems to establish itself as the Monday run [1]
of user-frightening malware attachments, properly phrased German. The
last one is exactly one week ago, and they appear to start after office
hours. *sigh*
Given the recent report on this list of malware submissions, where
On Tue, 2008-11-04 at 12:55 -0500, Jason Bertoch wrote:
Use the advanced search tab. Or select 'All' instead of 'Open Bugs'.
I suppose I should have mentioned I tried that. Even with all components,
versions, statuses, resolutions, severities, priorities, hardware, and OS's
checked, a
On Sat, 2008-10-25 at 16:27 +0200, Karsten Bräckelmann wrote:
Recent flood of (German only?) Trojan.Agent malware, partly slipping by
ClamAV. So I now am submitting samples where I spot 'em...
FWIW, also reported by Heise (sorry, German only).
http://www.heise.de/security/news/meldung/117971
On Sun, 2008-10-26 at 10:22 +0100, Robert Schetterer wrote:
Karsten Bräckelmann schrieb:
Recent flood of (German only?) Trojan.Agent malware, partly slipping by
ClamAV. So I now am submitting samples where I spot 'em...
By doing so, two questions came up:
[ Yet unanswered sample
Recent flood of (German only?) Trojan.Agent malware, partly slipping by
ClamAV. So I now am submitting samples where I spot 'em...
By doing so, two questions came up:
(a) After testing the sample message with Virustotal, should I even
bother submitting it from clamav.net, too? If memory
On Thu, 2008-04-10 at 13:58 +0100, Greg Smith wrote:
I am trying to scan files so that clam scans the entire file for all viruses
^
Smells like mbox.
and doesnt stop at the first one it finds? Is this possible?
In that case, formail is your friend. If you're not
On Sun, 2008-01-27 at 16:44 -0500, xue wen wrote:
The signature I have made up is like this:
Worm.Yawen (Clam)=61*7c62
where 617c62 means a|b. Once I add the wildcard into this signature,
there will be an error, no matter I put it into a .db or .ndb file. Is there
something wrong of the
On Sun, 2008-01-27 at 17:03 -0500, xue wen wrote:
I just want to learn the format of ClamAV's signature. So I tried to build a
signature containing a wildcard by myself. The example I used is as follows:
I have made up a signature of: Worm.Yawen (Clam)=61*7c62
where 617c62 means a|b.
I
On Sat, 2008-01-26 at 10:29 +0100, Tomasz Kojm wrote:
On Sat, 26 Jan 2008 01:20:26 +0100
Karsten Bräckelmann [EMAIL PROTECTED] wrote:
$ cat test.ndb
local.test:4:0:{-4096}74657374
It won't work because there's no 'sub-signature' preceding the range wildcard.
You can use a floating
On Fri, 2008-01-25 at 18:41 -0800, Dennis Peterson wrote:
Karsten Bräckelmann wrote:
On Fri, 2008-01-25 at 17:54 -0800, Dennis Peterson wrote:
The sigs are full of unbound RE's. That's why scanning mbox mail files is
pointless.
Yes, I know. I contributed that fact to the thread
On Fri, 2008-01-25 at 17:54 -0800, Dennis Peterson wrote:
Karsten Bräckelmann wrote:
The main purpose was, to keep ClamAV from scanning the entire, possibly
large file (err, mail). And maybe even speed it up. It's good practice
to bound your REs or wildcards anyway.
I wonder
Please resist the urge to top-post.
On Mon, 2007-12-17 at 15:52 -0800, fchan wrote:
Hello,
I'm on a MacBookPro running 10.4.11 with xcode
2.5 and I tried your suggestion export
CC=gcc-3.4 and I got this error:
The advice was rather specific to Debian. And actually started by
installing GCC
I seem to recall I have come across this before, but I just can't find
it. Maybe someone knows off-hand. :)
When using additional, third party signatures, is there any particular
order in the signatures? If both, the official as well as the third
party sigs match, which one is being reported?
On Mon, 2007-10-22 at 14:43 -0500, Noel Jones wrote:
At 12:37 PM 10/22/2007, Karsten Bräckelmann wrote:
When using additional, third party signatures, is there any particular
order in the signatures?
No particular order.
If both, the official as well as the third
party sigs match, which
On Mon, 2007-10-08 at 16:25 -0300, Joao S Veiga wrote:
Of course. However, I got the impression that neither of the recent
reporters does this additional step. Also, this gets even more annoying
(and maybe impossible) when dealing with PST files (which one of the OPs
does).
Hi, if one
On Wed, 2007-10-03 at 18:31 -0500, René Berber wrote:
Karsten Bräckelmann wrote:
Another downside of this approach, together with ClamAV treating mbox
format files as text/plain is, that only the first hit will be reported.
That was made to improve performance, the Changelog say so
On Mon, 2007-10-08 at 09:15 -0700, Dennis Peterson wrote:
Karsten Bräckelmann wrote:
Another downside of this approach, together with ClamAV treating mbox
format files as text/plain is, that only the first hit will be reported.
That was made to improve performance, the Changelog say so
On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
Karsten Bräckelmann wrote:
Developers, read on. :)
Somewhat simplified, the signature reads Subject with the string game
and an IP style http link.
Scanning maildirs as well as scanning individual messages before
delivering
On Tue, 2007-10-02 at 10:24 -0700, Dennis Peterson wrote:
Can anyone offer a reason why the OP found a virus in the mbox file but not
in the
split out maildir messages? That kind of inconsistency is unsettling.
Rather easy I guess, given your analysis of the RE earlier. :)
Caveat: I have
On Wed, 2007-09-12 at 07:28 -0700, John Rudd wrote:
(to the developers, not in answer to Burnie)
See, the current name scheme needs to be fixed. And no one responded at
all to my proposed scheme from a month or two ago.
Coincidentally, my very first question on this list years ago was
On Tue, 2007-08-28 at 13:26 -0500, Bryan Johns wrote:
On 8/28/07, Bowie Bailey [EMAIL PROTECTED] wrote:
I'm not worried about ClamAV being acquired. At the moment, everyone is
saying that there are no plans to change anything. As long as that
remains the case, the only difference is that
On Mon, 2007-08-06 at 13:47 -0400, Pedro Luis Domínguez Viqueira wrote:
My fresclam say
ERROR: Can't get information about db.us1.clamav.net: Host not found
Check your configuration. Where does that host name come from? There is
no surprise here, because -- as freshclam correctly told you --
32 matches
Mail list logo
