of using the
package that comes with Red Hat. Is that correct?
RHEL's package installs in /usr/lib and /usr/lib64, not in /usr/local/lib.
It's also simpler to install. Just run yum install zlib zlib-devel
and it'll download and install automatically, including any dependencies.
--
Kelson Vibber
to
be a newfangled self-important fad not worth the neologism. :-P
Besides, running a blog with, as you say, actual content takes a *lot*
more time than setting up Twitter. I can say that from experience.
--
Kelson Vibber
SpeedGate Communications www.speed.net
, but might also be used to sneak
something unwanted onto a system. There was a thread a few weeks ago
where someone had a whole list of things like VNC clients, port
scanners, etc.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
Help us build
network was relatively
patchwork and tended to be low on network tools. Though I think even
Windows 98 had at least a command-line FTP client, so I'd think anything
with working email should at least be able to retrieve a file from an
FTP server.
--
Kelson Vibber
SpeedGate Communications
://jquery.com/
The obfuscation, in this case, is a really annoying form of compression.
(95 KB for the source code vs. 29 KB for the packed script.)
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
Help us build a comprehensive ClamAV guide
can probably bundle in NTFS drivers from http://rpm.livna.org
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
the earlier posts in this thread, but this makes it sound a
lot like the problem encountered in this series of posts:
http://isc.sans.org/diary.html?storyid=3817
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
Help us build a comprehensive ClamAV
the target file.
4. Attacker can either enjoy the chaos, or attempt to manipulate just
what the privileged app will write.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
*? It doesn't need
root access to modify the user's own files.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
; will eventually need to add categories.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
that
trigger false positives on that rule, then yes, they're going to see
tons of them -- regardless of the number of hits in anyone else's logs.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
.
--
Kelson Vibber
SpeedGate Communications, www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
the recipient and
choose a likely admin address for their domain, like
[EMAIL PROTECTED], [EMAIL PROTECTED], etc. -- and those often exist.
--
Kelson Vibber
SpeedGate Communications, www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
Harry Phillips wrote:
I was wondering if it is possible and if it is advisable to trigger freshclam
when I receive a message that the daily database has been updated.
I used to do this, but it's no longer necessary now that freshclam can
check for updates via a DNS query. You can run it as a
what's necessary) and see if that does it.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
to set up a tree in
your home directory so you can build as yourself.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
a package manager to take care of *all* of that
(and maybe even save a copy of my config files in case I wanted to
reinstall). I mean, that's what you get with RPM, and people are always
telling me that Debian has *better* package management.
--
Kelson Vibber
SpeedGate Communications www.speed.net
Kelson wrote:
Isn't that the whole point of a package manager?
Never mind -- I should have read the original post and realized he was
upgrading from a manually-installed ClamAV to a pacakged version. Under
that circumstance, you *do* need to manually remove everything first
before installing
this
behavior but being a neophyte I was only able to figure out and
recompile with:
You're probably better off removing the RPM entirely, rather than
writing over its files. It's cleaner that way, and easier to keep track
of what version is actually installed.
--
Kelson Vibber
SpeedGate
to be adding several signatures a day for variations of
this virus.
Presumably Sophos is looking for a more generic signature that catches
several variants instead of looking for lots of specific signatures.
--
Kelson Vibber
SpeedGate Communications www.speed.net
it as a ordinary binary
file.
To further clarify: Yes, ClamAV can scan DLL files, just as it can scan
EXE files. They're ordinary files, so no special process is needed to
scan them.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http
Niek wrote:
If you want protection from ad- spyware, get anti-spyware software.
I don't want to start up another flame war, but I really have to ask
this question:
Isn't email-borne spyware more in a virus scanner's domain than phishing is?
--
Kelson Vibber
SpeedGate Communications
you suggest.
And even *those* solutions have problems.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
to the same
server (all to verify the same forged address), they just drop to the
next MX, use up those connections and drop to the next
Eventually they get down to our ultra-low priority decoy MX that we set
up to attract spammers, and they land in our tar pit.
--
Kelson Vibber
SpeedGate
ClamAV, and he usually updates
quickly: http://dag.wieers.com/home-made/apt/
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
it -- or want it! -- if you just want to enable
additional features on top of the defaults.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
for Gentoo and Mandrake
(Jan. 31) and Trustix (Feb. 11).
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lurker.clamav.net/list/clamav-users.html
*are* in the database, and they're
the libraries you compiled, with your options, patches and
optimizations, built from the newer version your distro isn't willing to
package because they prefer backporting fixes to upgrading.
--
Kelson Vibber
SpeedGate Communications www.speed.net
it.
In other words... Does anyone know which trojan/virus/etc. does this,
and does ClamAV detect it?
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
ERROR messages over the last few days. (At first I
thought something had broken in 0.81, since they started the same day I
upgraded.)
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
/clmilter.sock,F=,T=S:4m;R:4m)dnl
define(confINPUT_MAIL_FILTERS, clmilter)dnl
Looks to me as though you've used the wrong opening quote character.
And closing quote character. IIRC, it should open with an ASCII
backtick (`) and close with a (vertical) ASCII apostrophe (')
--
Kelson Vibber
., and a few specific names to
decide how to handle the message. (FWIW, we use MIMEDefang to integrate
the scanners and discard/reject/disinfect messages.)
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lists.clamav.net/cgi-bin
.
This can probably be done using action_external_filter, but you still
need to figure out which parts to convert and which to discard, pick a
parser (as Matthew pointed out, there can be security concerns here),
change the mime type, etc.
--
Kelson Vibber
SpeedGate Communications www.speed.net
...dynamically rewriting all email to a standard format.
I believe you can do this with Can-It Pro. http://www.roaringpenguin.com/
They're the authors of MIMEDefang. Can-It is their commercial product,
and a much more thorough solution.
--
Kelson Vibber
SpeedGate Communications www.speed.net
, clamav-milter, clamav-db,
clamd) instead of just the 2 (clamav and clamav-milter) in the default
RPM spec. Unfortunately, that means if you upgrade from DAG's package
to a home-grown one, you can't just use rpm -Uvh like you would in most
situations.
--
Kelson Vibber
SpeedGate Communications
.
--
Kelson Vibber
SpeedGate Communications www.speed.net
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Simple solution to the question of whether to send a notice:
You know what virus was detected. You know whether it's a mass-mailer
or something else. (starts with Worm., ends with @mm, a few specific others)
Based on that, you can decide whether to reject it or discard it.
--
Kelson Vibber
to it, so as long as
the signature is there, it should find it.
--
Kelson Vibber
SpeedGate Communications www.speed.net
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your
[EMAIL PROTECTED] wrote:
I use RedHat9
I've just installed clamav and I've started clamd.
How can I chack if the daemon is really work?
Is there any test virus to send to my email?
See http://www.testvirus.org
--
Kelson Vibber
SpeedGate Communications www.speed.net
them.
Kelson Vibber
SpeedGate Communications www.speed.net
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink Toner - Free
this?
Tons of 'em. Run freshclam -- update 444 picks it up as Trojan.JS.RunMe.
Kelson Vibber
SpeedGate Communications www.speed.net
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk
asking Should we be concerned about this? I forget whether it
had come in through another channel or just before freshclam picked up the
signature, but they ended up on our blacklist because of the forward. So
there are risks to anything.
Kelson Vibber
SpeedGate Communications www.speed.net
that is calling freshclam.
Kelson Vibber
SpeedGate Communications www.speed.net
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson Lucent use to
deliver higher performing products
-party RPMs
built for RHEL 3 should also work on WBEL. I installed it on a test box,
and while I haven't done a whole lot with it, I haven't run into any
problems with what I have tried.
I hope this helps!
Kelson Vibber
SpeedGate Communications www.speed.net
44 matches
Mail list logo