On Mon, 2005-08-29 at 17:24 +0500, Shahzad Abid wrote:
I know what error mesg says but this is FACT that when i emply specified
quortine folder clamd starts with following command i.e. service clamd
start.
This occurs once in a week.
Is there any permanent solution for this?
Is
On Sun, 2005-08-28 at 14:31 -0700, Roger E. Rustad, Jr. wrote:
I have a ASSP antivirus relay setup
(assp.sourceforge.nethttp://assp.sourceforge.net)
that's currently filtering spam and viruses for one domain. I'd like for it
to do the same for other domains, but would like to make sure if
On Sun, 2005-07-17 at 22:11 -0400, Jim Popovitch wrote:
One follow-up question: I currently use clamav-milter to integrate
clamav w/ sendmail. Would I be better served by using amavisd-new, or
does clamav-milter cover the ground good? It sounds to me, based on
your comments above, that
The following message seems to be the cause of one of the most
frequently asked questions around here...
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
May I suggest that as this is in the FAQ that any point where this
message is displayed (freshclam, configure?) it also displays the
On Wed, 2004-09-29 at 05:34, Brandon Knitter wrote:
I have a few images that seem to be flagged as virii, when they are not. I'm
taking an image that is considered fine (no virus), then when I process it
through convert (ImageMagick) it thinks it's has the virus. I have over 4000
images
On Wed, 2004-09-22 at 15:17, Nikhil Parva wrote:
hi,
try using mailscanner-mrtg. It is available in the form of RPM and the
webpage can be displayed using apache.
So long as you're using MailScanner of course! If you are using
MailScanner you might also like to look at vispan (the two
On Wed, 2004-09-22 at 14:25, [EMAIL PROTECTED] wrote:
The database is not a script. It is a binary compilation.
It's not a script, true, but it also is not a binary compilation. If
you look inside any of the database files unpacked by sigtool (sigtool
--unpack) you'll note that they are
On Tue, 2004-09-21 at 02:21, Tomasz Kojm wrote:
It seems there's a small type in filetypes.c. Try changing
{0, \377\330\377, 4, JPEG, CL_TYPE_GRAPHICS},
to
{0, \377\330\377, 3, JPEG, CL_TYPE_GRAPHICS}
That did the trick, thanks very much Tomasz.
BMRB
I'm just playing about with this and I can't seem to get it to work
quite the way I expect. I've created two signatures, to match the jpeg
exploit we discussed recently. My idea is that although the signature
is very small it minimises false positives by being restricted to
graphics files and
On Sat, 2004-09-18 at 06:25, Matt wrote:
One last question, do the fffe 000(0|1) bytes
always have to follow each other for this exploit, or is this just a pure
example of the possibility of this exploit?
they have to follow each other fffe denotes the start of a jpeg comment
field and the
On Fri, 2004-09-17 at 03:02, Tomasz Kojm wrote:
Okay, well I've found an easier to understand source...
http://www.funducode.com/freec/Fileformats/format3/format3b.htm
and it seems that the particular exploit byte sequence would be unique
within jpeg files. I've also tracked down docs on
On Fri, 2004-09-17 at 16:21, Daniel Lord wrote:
Those signatures don't catch the poc xploit found at
http://www.gulftech.org/?node=downloads. But maybe it's better to
leave this alone till there are real worms etc. to produce good
signatures. At the moment clamav sigs don't seem good enought
I guess everyones heard about the jpeg vulnerability in certain
Microsoft products? CERT have put out an advisory, and it is being
ranked as critical.
Now I know that strictly speaking this isn't a virus, its a
vulnerability - but there have been, in the past, signatures added for
some
On Fri, 2004-09-10 at 14:33, Stelian wrote:
We curently have about 6 POP3 acounts stored on our ISP server. The
viral trafic (incoming, of course) on them is very high, up to the
point where we cannot longer use them.
My task is to provide some kind of filtering server, to keep the viri
out
On Wed, 2004-08-18 at 07:48, Tomasz Papszun wrote:
Please, make sure you do NOT send notifications to senders (they are
almost always spoofed nowadays), maybe except pertaining MS Office
macros and test signatures (EICAR and ClamAV-Test-Signature).
I completely agree with that, but...
Also,
On Tue, 2004-08-17 at 17:04, Randall Perry wrote:
ClamAV update process started at Mon Aug 16 23:22:04 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Ok, installed the gmp package and reinstalled clamav.
I'm still getting the error above stating no support for signatures -- is
On Tue, 2004-08-17 at 18:43, Randall Perry wrote:
on 8/17/04 12:32 PM, Kevin Spicer at [EMAIL PROTECTED] wrote:
Depending on your OS and how you installed clam you may need to install
the gmp-devel package and configure; make; make install clam again.
I can only find gmp-devel in an RPM
On Sun, 2004-08-15 at 21:02, Martin Konold wrote:
IANAL... but wouldn't that count as 'prior art' ?
No, basically MS patented the obvious addition not mentioned in the publically
posted email.
Then can't it be appealed as patents are supposed to be for non-obvious
inventions? Maybe the
On Wed, 2004-07-28 at 06:51, Michael Brennen wrote:
On Tue, 27 Jul 2004, Matt wrote:
On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
I have not submitted any virii (correct word?)
viruses
I'm no Latin scholar, but I've heard
On Wed, 2004-07-28 at 17:51, Denis De Messemacker wrote:
It means the signature was done at 3:12 pm (15:12) , in a GMT+2 zone.
So 1:12pm GMT.
Assuming Central Standard Time USA is GMT-5 in summer, it makes 8:12 am.
Perhaps there would be some sense in timestamping the signature
databases
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
I have not submitted any virii (correct word?)
viruses
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the
On Mon, 2004-07-26 at 11:46, Suril Patel wrote:
I have currently got no AV installed and want to know if installing
ClamAV will let me call the virus scanner from a PHP script during
the upload process and reject/accept the attachment based on the
results.
Yes, easily. I've done the exact
On Thu, 2004-07-22 at 22:01, Kevin W. Gagel wrote:
I'm confused because the docs say it will return a 1 which it does if I run
them from the command line, just not in a script.
Perhaps you could post your script?
Are you using the same shell in your script as you use at the command
line, some
On Mon, 2004-06-21 at 16:05, Benjamin Sherman wrote:
I was wondering if false positives ever make it into the virus DB updates?
They do
Since the update on Jun18, all of my windows 2000 workstations with
Service Pack 4 are showing what I beleive to be false positives for
Worm.Lovgate.W-2.
On Wed, 2004-06-16 at 22:26, List wrote:
Hi,
I notice some errors in my cron.daily. I am running RedHat 9 and Clam 7.2.
Errors listed below :-
/etc/cron.daily/clamscan:
/etc/cron.daily/clamscan: line 1: clamscan: command not found
/etc/cron.daily/clamscan: line 1: sigtool: command not
On Sat, 2004-06-12 at 22:12, Philipp Grosswiler wrote:
Now I read a news article on heise.de, that F-Secure calls those e-mails
under the name of Sober.H. I would like that ClamAV could also add those
signatures to the database, as there seem to be a lot of victims out there
being infected by
On Wed, 2004-06-09 at 20:10, Samuel Benzaquen wrote:
I think the only way I could think is reporting the IP to some DNSBLs.
That way you can stop receiving their mails and you leave the cleansing
problem to their ISP.
Or simply block the IP with sendmails acces database (or the equivalent
for
On Fri, 2004-06-04 at 07:15, Gervase wrote:
On Thu, 2004-06-03 at 15:22, Jo Mills wrote:
Don't give up!
Many thanks for joining in. Unfortunately I was impatient and
reinstalled. But, alas, the problem did not go away.
Have you tried something along the lines of:
host google.co.uk
On Tue, 2004-06-01 at 22:09, Fajar A. Nugraha wrote:
Gervase wrote:
ERROR: Can't get information about database.clamav.net host.
Seems like DNS problem. Configure your DNS server properly,
or use proxy (edit freshclam.conf)
Make sure your firewall allows DNS over both UDP _and_ TCP,
On Fri, 2004-05-28 at 16:29, Brandon wrote:
Good Morning!
Has anyone on this list had any luck running clamav with CommuniGate Pro?
Our mail volume is approximately 40,000 messages per hour across two front
end servers. Does anyone have any statistics they would like to share
about
On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote:
Just noticed that scanning files with clamdscan does not scan
filesthat are not world readable.
Perhaps it would be better if clamd could implement some kind of
privilege separation, so that a minimal process running as root reads
the files,
On Tue, 2004-05-25 at 17:12, Ken Jones wrote:
Is it possible to configure clamav to block certain
types of attachements even if they do not have a virus?
Take a look at MailScanner http://www.mailscanner.info it offers a
number of ways to apply all sorts of policy to email.
signature.asc
On Tue, 2004-05-25 at 17:12, Ken Jones wrote:
Is it possible to configure clamav to block certain
types of attachements even if they do not have a virus?
Take a look at MailScanner http://www.mailscanner.info it offers a
number of ways to apply all sorts of policy to email.
BMRB
On Tue, 2004-05-25 at 17:12, Ken Jones wrote:
Is it possible to configure clamav to block certain
types of attachements even if they do not have a virus?
Take a look at MailScanner http://www.mailscanner.info it offers a
number of ways to apply all sorts of policy to email.
signature.asc
On Wed, 2004-05-19 at 12:54, Betsy Schwartz wrote:
Some PC's on our network have been flagged as having
agobot,gaobot,polybot (or a sasser variant), by the perimiter security
system. I have looked at Kevin's excellent database at
http://www.rainingfrogs.co.uk and don't see any matches made
On Thu, 2004-05-20 at 19:21, Peter Bonivart wrote:
Jim Maul wrote:
There is something that is causing clamav to not be able to detect this
virus after the message has been bounced and now forwarded.
Damaged bounces are not dangerous. Why bother making signatures for them
when you don't
For those that found my virus alias database useful I have now moved it
to http://www.rainingfrogs.co.uk to get0 rid of the annoying UK2 popup
add and banner. This also means that it will now accept direct links to
URL's of specific entries, for those that requested that facility.
Kevin
On Thu, 2004-05-13 at 20:53, Damian Menscher wrote:
You are obviously correct in the case of an intrusion. But I don't know
many 1337 h4x0rs that would mess with:
//usr/share/doc/libxml2-devel-2.5.4/example.html: Exploit.Junksurf.A FOUND
which is why i recommended updating clamav before
On Tue, 2004-05-11 at 00:58, Mitch (WebCob) wrote:
I'm sure there are many (including myself) that could be convinced to host
mirrors once the concept stabilizes...
Or alternatively, you could allow download of the db and functions so people
wouldn't have to keep hitting your server...
On Mon, 2004-05-10 at 18:24, jef moskot wrote:
So, if I type in Netsky, I don't see any ties to SomeFool. If I put in
SomeFool, I don't see any immediate reference to Netsky, but if I poke
around a little, it becomes apparent that we're talking about the same
thing.
But if you put in
On Mon, 2004-05-10 at 11:38, Russ Phillips wrote:
I had a look, and I have a couple of thoughts/comments.
1. Will it handle heavy loads? It may start to get a lot of hits once
people start to find out about it
Its running PHP MySQL on apache2, unfortunately this is my home box
(that said
On Mon, 2004-05-10 at 19:57, Bora wrote:
Sorry, this may not be appropriate to post here, but I know many of you are
using RH and are figuring new options as they are no longer offering free
download for RH 7, 8 and 9.
When starting a new topic please would you create a fresh message rather
I submitted a false positive of Joke.BinLaden last week (through the web
interface), but I haven't heard anything of it, and its not shown up in
the virusdb list. Should I resubmit?
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
I've put a little more work into my virus alias database (at
http://www.kevinspicer.co.uk) and it is now indexing virus definitions
from Sophos, F-Prot, Norman and Vexira as well as those from F-Secure
and Symantec that were indexed previously. This has nearly doubled the
number of virus names
On Fri, 2004-05-07 at 18:36, Ken Morley wrote:
I was surprised when clamdscan reported:
//proc/kcore: Trojan.MiniCommander.dr FOUND
What's the possibility that the server is really infected?
It got to be somewhat unlikely that a running linux kernel would get
infected with a Windows
On Fri, 2004-05-07 at 18:27, Mike Lambert wrote:
Again, the advantage is sending 5xx instead of 2xx. IMO, giving the
connecting mta a status code appropriate to the message disposition is
better than simply accepting _all_ messages only to drop some later (I
do not consider generating a
On Fri, 2004-04-30 at 08:05, Bernard Elbourn wrote:
Unfortunately this installation is remote to me so not so easy to just
update. Shame I did not get any warning!
How can I find out when I should update so I can plan ahead?
Subscribe to clamav-announce list. Generally speaking its a
On Thu, 2004-04-29 at 21:42, Bernard Elbourn wrote:
From a 1 year old installation
[snip]
Is it time to upgrade?
Oh yes. It was probably time to upgrade some months ago!
Virus scanning (and virus production) is an arms race, really well
advised to keep pace.
BMRB International
I've put up a proof-of-concept (read 'ugly') virus alias database at
http://www.kevinspicer.co.uk Its currently rather limited in that it
only fully indexes Clam, Fsecure and Symantec (although some aliases for
other vendors are picked up). If people feel it is worth pursuing then
I'll try and
On Sun, 2004-03-28 at 15:45, Fred Flintstone wrote:
Any other quick 'n' dirty suggestions for this one? :)
Have you tried just building a statically linked binary on a more recent
distro and seeing if it works on yours?
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
On Tue, 2004-03-16 at 17:53, Alex S Moore wrote:
Has the number of virus signatures increased significantly lately? I
thought there were around 21,000 but now I have this msg in clamd.log.
Tue Mar 16 11:45:22 2004 - Protecting against 40969 viruses.
Maybe you have both old and new style
On Mon, 2004-03-15 at 20:20, [EMAIL PROTECTED] wrote:
Has the Ladmar.A virus been merged as a different virus? The count went
down by 1 and Ladmar was removed. Any ideas?
It was temporarily removed due to a false positive. You can keep track
of additions and removals by subscribing to
Would it be possible for posts to clamav-announce to be cross-posted
here please. I imagine I'm not the only one here that didn't know about
0.68.
Cross posting to the users list seems to be fairly common among other
projects (it makes sense that anyone on the users list is going to want
to
On Wed, 2004-03-03 at 02:28, Rembrandt wrote:
I know guys wich are working as administrators at a newspaper.
They make backups.. yes..
But they make it only for 1 week (couse there's too much data).
So they're able to restore all files wich changed since date X.
But what's about a virii wich
On Wed, 2004-03-03 at 20:57, Grzesiek Staleczyk wrote:
MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which
can block password-protected .zip files.
RP MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which
RP can block password-protected .zip files.
On Wed, 2004-02-18 at 00:19, Luc de Louw wrote:
Hi all,
Does someone know a software, that allows users to browse and handle
quarantined Mails?
Preferably a Web-interface...
You don't say what you are using to quarantine, but if using MailScanner
then I think Mailwatch for MailScanner
at
# [EMAIL PROTECTED]
# or by paper mail at
# Julian Field
# Dept of Electronics Computer Science
# University of Southampton
# Southampton
# SO17 1BJ
# United Kingdom
#
#
# Modifications by Kevin Spicer [EMAIL PROTECTED] to get
# external unpackers working
On Fri, 2004-02-13 at 22:19, Craig Daters wrote:
Maybe it's cool for you but surely not for a sender who receives that
auto spam.
How is it spam? The sender is simply receiving an email asking for
them to confirm that they sent the message? All they do is reply to
it. It is no different
On Fri, 2004-02-13 at 23:17, Antony Stone wrote:
What's a joe-job?
As with all jargon see ESR's excellent jargon lexicon!
http://catb.org/~esr/jargon/html/J/joe-job.html
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
On Thu, 2004-02-12 at 17:02, Randal, Phil wrote:
And the license.txt reads:
snip!
IANAL but I believe points 2, 3, and maybe 6 would make this license GPL
incompatible.
2. The unRAR sources may be used in any software to handle RAR
archives without limitations free of charge, but
This is another post about the problems that some people have been
having with sco.a seemingly making it past clam due to doggy mime
structure in bounce messages.
I noticed that Symantec on our exchange servers (which are behind a
mailscanner box running clam and sophos) is picking up a few Sco's
On Wed, 2004-02-04 at 23:29, Stevens, John wrote:
and sorry for this stupid disclaimer.
We also have a stupid disclaimer, but one question about yours - can you
have omissions that are present?
I did think about making it a very small font, or white text on a white
background - but then you
(Posting this again as it seem not to have reached the list)
I encountered some behavior that was not as I expected with some zip
files and clamscan (I'm not saying it is a bug - it may be by design).
One of our clients attempted to send us a zipfile or data which had been
compressed down to
On Wed, 2004-01-28 at 16:01, Patricia Viana wrote:
Hi.
My SMTP filter running ClamAV is blocking a huge amount of messages with the
Worm.SCO.A.
It seams to be the same virus as MyDoom or Novarg.
Can anyone confirm this?!
That is correct.
Clam had a signature whilst the
On Wed, 2004-01-21 at 22:19, Peter Bonivart wrote:
Leif Neland wrote:
How does this fit in with sendmail 8.12 already having two queues, mqueue
and mqueue-client?
You really should have posted this on the MailScanner list since nothing
of this is Clam related.
I'll second that, I'd
On Mon, 2004-01-19 at 20:57, Tom Walsh wrote:
Anybody seen these yet?
http://www.viruslist.com/eng/alert.html?id=783050
There has been some discussion on bugtraq about it's payload today.
Just curious...
Yeah, we had about 30 today so far. It seems to be spreading quite
rapidly.
On Mon, 2004-01-19 at 21:31, Tim Wilde wrote:
On Mon, 19 Jan 2004, Kevin Spicer wrote:
Yeah, we had about 30 today so far. It seems to be spreading quite
rapidly. Good news is its supposed to deactivate on the 28th.
Only 30? I've seen over 500 on my mail systems since getting the new
Could someone confirm whether the correct argument for handling zoo
archives is --zoo or --unzoo, clamdoc.pdf and man clamscan don't agree
on this.
---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn
I'm cross-posting this message from the MailScanner mailing list because
I think folks here might be interested in it. If anyone needs a copy of
that zip please let me know.
Kevin
On Wed, 2003-11-05 at 02:04, Chris Yuzik wrote:
Hi everyone,
No sooner do we (well...Julian) come out a
On Sat, 2003-10-25 at 00:08, Noel Jones wrote:
At 05:46 PM 10/24/03, Walgamotte, David wrote:
I didn't have luck with amavisd-net mailscanner is the way to go ...
Don't use MailScanner with postfix. MailScanner manipulates the postfix
queue in an unsupported manner and will cause loss of
On Thu, 2003-10-16 at 12:09, Informacion wrote:
Hi,
Check the: /etc/cron.hourly/msec and /etc/cron.daily/msec ...
This is the problem, the script msec, chown all files in /var/log to root
user.
Rather than turning those scripts off you can easily customise how they
behave...
You need to
On Mon, 2003-10-13 at 05:57, Odhiambo Washington wrote:
I am behind a firewall, but this has not been an issue for
non-Sourceforge CVS servers such as the BSD-Airtools project, etc.
Check the status page of sf.net, theres been problems with pserver based
cvs access for a while. SF expect
On Fri, 2003-09-19 at 23:59, Antony Stone wrote:
Try clamscan --help
I already did (after your previous post) and it is there, I just think
it should be added to the man page as well, that is what man pages are
for after all.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
On Thu, 2003-09-18 at 23:30, Antony Stone wrote:
On Thursday 18 September 2003 10:58 pm, Kevin Spicer wrote:
clamscan ${YOUR_OPTIONS} --stdout | grep -v OK | mail -s Clamscan
results [EMAIL PROTECTED]
Achieve the same thing by including -i or --infected in ${YOUR_OPTIONS}
You know, I
On Wed, 2003-08-27 at 00:20, Mark wrote:
Is it possible to scan the traffic (via plug in or so) with SQUID or an
SOCKS-Proxy (like Dante)?
If not: Feature Request - TrafficScan via PlugIN, own mod or Daemon :)
Dansguardian (http://www.dansguardian.org) is a content filter for squid
which has
On Wed, 2003-08-20 at 17:12, Martin-Éric Racine wrote:
Greetings,
I installed clamav to scan mails from work (I telework and the stupid company
doesn't scan emails for possible viruses) and doing a quick run of clamscan
indeed found one virus. The problem is we're dealing with a mailfile
sigtool -c clamscan --stdout -f message.zip -s message
Someone correct me if I'm wrong but I'm pretty sure you can't use
sigtool to extract the virus signature from a zip (no matter what
scanner you use). The zip itself is not infected, you need to unzip the
file and extract the signature from
77 matches
Mail list logo
