[clamav-users] Same system but different daily

Hello, I've two equal system, but today I saw that on server 1 there is a daily.cld (202299904 Bytes) and on server 2 a daily.cvd instead (63677565 Bytes). On both servers I see the message "daily... database is up-to-date". Server 1 ls -al /var/lib/clamav/daily.cld -rw-r--r-- 1 clamav

Re: [clamav-users] ClamAV 1.0.X for EPEL 7 & 8

Huge +1 for EPEL for RHEL 9, please. We use it for mail services, and having an EPEL package would be *awesome* to me. -- Thomas On 4/29/24 04:03, Ben Argyle via clamav-users wrote: I'd be extremely grateful if you could consider EPEL 9 as well, please! With thanks, Ben -Original

[clamav-users] QNAP NAS virus definition updates.

Hello all! I was wondering if anyone knows the ports or IP addresses that my QNAP NAS reaches out to in order to receive definition updates. I have locked down my firewall but would like to allow the automatic updates. Thanks, Tom ___ Manage your

Re: [clamav-users] on my microsoft windows with both edited freshclam.conf and clamd.conf unfornately i can't update and i can't scan

://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat Looks like you sent a PGP encrypted message to the list. Maybe try again, unencrypted? Thomas

Re: [clamav-users] Mail contains virus ? MBL_162040584.UNOFFICIAL and some errors.

ser next time, I promise! :) Thomas B ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation ht

Re: [clamav-users] Mail contains virus ? MBL_162040584.UNOFFICIAL and some errors.

exist. Because it can take up to a minute to check the "virusmail" (cpu too slow?) So I better ask again if I really do have to whitelist all the virus names one by one. Thomas B ___ clamav-users mailing list clamav-users@lists.clamav

[clamav-users] Mail contains virus ? MBL_162040584.UNOFFICIAL and some errors.

multipart message, it contains the text and the typical ms html part of the message. I can't see where the danger lurks. Any suggestions what I can do? Thomas B ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net

Re: [clamav-users] clamd RAM issue?

Hi, On Sun, Oct 31, 2021 at 08:32:00PM -0400, Michael Orlitzky via clamav-users wrote: > On Sun, 2021-10-31 at 13:05 -0400, Mark G Thomas wrote: > > > > Has anyone else had similar experiences recently? > > Not recently per se, but it happens. Do you limit the number of sc

[clamav-users] clamd RAM issue?

-daemon.service failed. -- Mark G. Thomas , KC3DRE ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

Dear All, I posted the answer of QNAP support in the wrong thread (sorry). In short, the NAS has not sufficient memory to process the update. Only manual update is working. Here the answer: The root cause is the size of the update files in the database. Because of that the automatic updates are

Re: [clamav-users] Downloading CVD files manually..

Dear All, Thanks already for your feedback! Find here below the answer I received from QNAP support: Dear Customer, Thank you for contacting QNAP support. The root cause is the size of the update files in the database. Because of that the automatic updates are failing on the older NAS models.

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

Hello All, I restarted an old QNAP NAS (TS419P). I updated the firmware to the latest version available for this model (4.3.3.1432 build 20200106). I tried to use the GUI provided by QNAP to update the ClamAV on the NAS. I received "update failed" message. I made some searches on the ClamAV

[clamav-users] Kindly help in create unofficial signature

Dear Clamav users, Today I got a spam email, containing .xz file in its attachment. I downloaded it, and unzipped it, then I found .exe file inside the file. I am still learning to help create signatures for clamav here, so please be kind and help me. My question is, what kind of signature

[clamav-users] Malware reporting question

Hello, I have submitted reports for some malwares hidden in docs and xlsx format at https://www.clamav.net/reports/malware. Before submitting, I have ensured and checked those infected files mentioned at Virustotal and also have provided links to the check result which are most likely already

Re: [clamav-users] Freshclam not working on freshly build source 0.102.1 on Debian 10

Am 31.01.2020 um 14:14 schrieb Thomas Plant via clamav-users: > Hello, > > kindly asking advice for my problem in the subject. > > I compiled Clamav 0.102.1 from source on a freshly installed Debian 10 > 64bit. > Just did a "./configure --enable-llvm=yes --with-sy

[clamav-users] Freshclam not working on freshly build source 0.102.1 on Debian 10

he distribution, Centos in my case) the updates work normally so I presume it has to do something with my build. Greetings, Thomas ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

, but it s getting better. I have fun trying to understand the code work. Regards Thomas Barth ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV gu

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Am 2019-09-07 21:03, schrieb Robert M. Stockmann via clamav-users: Why everyone needs two minutes for this task, independent from which hardware is used, is a puzzle to me. Anyone who has the clamd .cvd files loaded on a fast SSD storage ? I also use unofficial signatures from several

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Am 2019-09-05 11:35, schrieb G.W. Haywood via clamav-users: It seems that the two hour loading is hardcoded in the daemon. No. There are two ways to trigger reloading the databases. One is to set the 'SelfCheck' interval. The other is to send a 'RELOAD' command on the port or socket on

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Am 2019-09-05 09:14, schrieb Sergey: On Thursday 05 September 2019, Thomas Barth via clamav-users wrote: Please, where can I change the interval value or times for loading the databases? You can run freshclam by cron for example. ps aux | grep clam clamav 439 0.0 0.0 51152 11360

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Am 2019-09-05 00:30, schrieb G.W. Haywood via clamav-users: The database load times are a couple of orders of magnitude shorter than the database update periods. It makes no sense to try to make the load times shorter when they can already be done by a separate thread, while scanning

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Am 2019-09-01 19:30, schrieb Joel Esler (jesler) via clamav-users: Alright. I think we’ve beat the proverbial dead horse here. The devs know this is a request and they will get it into their dev queue for examination. I saw that clamd use just one core at a time to load the databases. top -

[clamav-users] Am I allowed to use yara rules?

Hello, today I got informed that I should not use the yara rules. They have major issues with clamav 1.0.1, ie memory leaks and complete failure of clamav. ls -al /var/lib/clamav/*.yar* -rw-r--r-- 1 clamav clamav 465 Sep 2 17:50 /var/lib/clamav/CVE-2010-0805.yar -rw-r--r-- 1 clamav

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Am 2019-09-01 19:12, schrieb G.W. Haywood via clamav-users: Hi there, On Sun, 1 Sep 2019, Thomas Barth via clamav-users wrote: Am 2019-08-31 20:35, schrieb G.W. Haywood via clamav-users: That's exactly what the patch in #10979 does. ... And where can I find this patch? If you navigate

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Am 2019-08-31 20:35, schrieb G.W. Haywood via clamav-users: That's exactly what the patch in #10979 does. Unfortunately, although as I've said it's simple enough to apply the patch, it's by no means a simple patch and it would greatly benefit from some serious testing by the community -

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

ry sending. Not the spammer. On Sat, Aug 31, 2019 at 04:25:05PM +0200, Thomas Barth via clamav-users wrote: Hallo Mailinglist, sometimes I get in Postfix the error messages "451 4.3.0 Error: queue file write error". There is a warning timeout talking to localhost:10024 (Amavis) Aug 31

[clamav-users] How to boost clamav? Reloading database results in a talking timeout?

ity.Scam.12559.UNOFFICIAL(:6449) FOUND Is reloading a database blocking the e-Mail scanning? So how can I boost this process? It's a virtual server with 100% ssd and 6 cores (Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz) and Debian Buster. B

Re: [clamav-users] YARA support on ClamAV

-unofficial-sigs/issues/203#issuementment-400211109 Sorry. T. Am 01.07.19 um 18:04 schrieb Thomas Trüten: > > Hello Munaf, > > you can use the clamav-unofficial-sigs by extremeshok > (https://github.com/extremeshok/clamav-unofficial-sigs). The last > update of the plugin is already

Re: [clamav-users] YARA support on ClamAV

documents/using-yara-rules-in-clamav > >   > > Thanks > > Munaf > >   > -- Bonan tagon, Thomas Trueten http://www.trueten.de PGP Key Id: 0xD96D6E68 available @ pgp KeyServers Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68 Threema: FS9ZFT

Re: [clamav-users] broken link

Those links should of been corrected Friday ( yesterday), are you still having the issue ? > On Mar 6, 2019, at 4:53 AM, Arnaud Jacques wrote: > > Hello, > > https://www.clamav.net/documents/doc is broken. > Link found at https://www.clamav.net/documents/miscellaneous-faq. > > -- >

Re: [clamav-users] Batch file for Windows.

Does it have to be a batch file? Python could do it, fairly easily. From: clamav-users on behalf of Jeff Reply-To: "jeffsh...@gmail.com" , ClamAV users ML Date: Monday, September 17, 2018 at 9:44 PM To: "clamav-users@lists.clamav.net" Subject: [clamav-users] Batch file for Windows. Guys

Re: [clamav-users] Malwarepatrol false positive

Mark G Thomas wrote: > > >Hi, > > > >And YET ANOTHER today. I figured others here might want the heads up. > > > >[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool --decode-sigs > > Sigh. > > I've just added to the main Sansecurity w

Re: [clamav-users] Malwarepatrol false positive

irect anybody with inquiries to > directly contact us. > ? > ?Once again, thank you for reporting this issue. > ? > ?Regards, > ? > ?Luciana > ?Malware Patrol Team -- Mark G. Thomas (m...@misty.com), KC3DRE ___ clamav-users mailing

Re: [clamav-users] Malwarepatrol false positive

+0200, lukn wrote: > Hi > > cudasvc was recently listed on Spamhaus' DBL. Looks like Barracuda has > some kind of issues with their service. > The other question is, why do people use such link cloakers? > > > On 27.08.2018 22:44, Mark G Thomas wrote: > > Hi

Re: [clamav-users] Malwarepatrol false positive

ose using download scripts.. using the ign2 > file on the Sanesecurity mirrors. > > Cheers, > > Steve > Twitter: @sanesecurity > On 27 August 2018 19:16:49 Mark G Thomas wrote: > > >Hi, > > > >This seems to be an ongoing trend. > > > >

Re: [clamav-users] Malwarepatrol false positive

- > On Mon, Aug 20, 2018 at 08:34 PM, Alex wrote: > > Hi, fyi > # sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs > VIRUS NAME: MBL_12952716 > TARGET TYPE: ANY FILE > OFFSET: * > DECODED SI

Re: [clamav-users] Malformed database issue

Oh, check your permissions on var/lib/clamav, see if clam has access to it On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart" wrote: > Hey Jay, > > > Not sure which it is referring to db wise, but deleting main.cvd, daily, bytecode and mirror.dat > should

Re: [clamav-users] Malformed database issue

Hey Jay, Not sure which it is referring to db wise, but deleting main.cvd, daily, bytecode and mirror.dat should fix it after another freshclam. Thank you, Tom M On 7/15/18, 5:05 PM, "clamav-users on behalf of Jay Hart" wrote: Hello and good afternoon, Yessterday on a

Re: [clamav-users] I thought this was fixed...

Hello, Yes, it is going to. Because it’s beta and not an “official version” Once you upgrade to the official version, that should disappear. Thank you, Tom McCourt | Talos: Open Source Team| tmcco...@cisco.com From: clamav-users on behalf of Eric Tykwinski

Re: [clamav-users] db.gb.clamav.net

Hey, Try deleting your mirror.dat file, and try again. It’s not even trying the 104 address because mirror.dat reported errors at some point. That should fix it, I think for you. Thank you, Tom McCourt | Talos: Open Source Team| tmcco...@cisco.com From:

Re: [clamav-users] Test Message

Test 2 worked for me. From: clamav-users on behalf of "Joel Esler (jesler)" Reply-To: ClamAV users ML Date: Friday, May 18, 2018 at 3:04 PM To: ClamAV users ML Subject: Re:

Re: [clamav-users] clamsubmit error

No such thing as 'too many submissions for us' We will take them all __ On 5/11/18, 9:21 AM, "clamav-users on behalf of Arnaud Jacques" wrote: Hello Jesler, > Is that you sending us all those

Re: [clamav-users] Errors connecting to mirrors

e other 5 may already have been "bad" for quite a while. In particular, 150.214.142.197 failed Sun 25 Mar (but 155.98.64.87 worked). On Thu, 29 Mar 2018 00:58:17 + "Thomas McCourt (tmccourt)" <tmcco...@cisco.com> wrote: > T

Re: [clamav-users] Errors connecting to mirrors

The 'ignoring mirror' message was due to previous errors, not current ones. It is just skipping them because they errored out for you and it's saved that in the mirror.dat file. Clear that file, and it potentially, could remove those messages. (unless those mirrors are messed up.) On

Re: [clamav-users] Errors connecting to mirrors

Hey all- There is no mirror status page that exists as of right now. That might change in the future. As far as mirror issues, there was one earlier today with the daily, and that has thus been corrected. As far as timeouts for specific mirrors, I can look into those mirrors directly to see

Re: [clamav-users] Errors connecting to mirrors

If you are seeing mirror errors, enter a Bugzilla ticket. Please provide the mirror that is causing an issue, so I can investigate it. If it is your mirror that is having an issue, provide more information or also create a ticket and specifically state it is a mirror YOU maintain and what seems

Re: [clamav-users] ClamAV performance overhead on RHEL & Solaris

Hello, For what it is worth, the two most used packages for ClamAV per the survey by customers are Ubuntu and Debian. I have had no issue running ClamAV on RHEL or Solaris. I hope that in the near future, the ClamAV team will be able to focus on performance improvements, better monitoring of

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.4 has been released!

Thanks for the information. The problem- we are aware of and will fix. Sorry for the confusion, and thank you for making us aware! Thanks, Tom McCourt | Talos: Open Source Team| tmcco...@cisco.com On 3/7/18, 4:37 PM, "clamav-users on behalf of Brian Fluet"

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.4 has been released!

Hey Brian, What warning are you seeing ? Thanks, Tom McCourt | Talos: Open Source Team| tmcco...@cisco.com On 3/7/18, 12:06 PM, "clamav-users on behalf of Brian Fluet-Denver Equip of Chlt" wrote: I just

Re: [clamav-users] No updates since Monday 26th - daily 24352 ?

this doesn’t happen in the future. Thank you, Tom McCourt | Talos: Open Source Team| tmcco...@cisco.com On 2/28/18, 9:24 AM, "clamav-users on behalf of Thomas McCourt (tmccourt)" <clamav-users-boun...@lists.clamav.net on behalf of tmcco...@cisco.com> wrote:

Re: [clamav-users] No updates since Monday 26th - daily 24352 ?

Hey everyone, I am looking into what is going on, I will provide an update when I have more information. Thank you, Tom McCourt | Talos: Open Source Team| tmcco...@cisco.com On 2/28/18, 9:11 AM, "clamav-users on behalf of Mark Allan"

Re: [clamav-users] Centos 7 dependencies

Hello, I am not sure your entire question, though. If you are downloading from a apt-get, yum or whatever package for the ClamAV product- the dependencies should automatically install for the system. If you are installing from source, that is not the case. Thank you, Tom McCourt | Talos:

Re: [clamav-users] 0.99.3 upgrade

Eric, What do they get when they do a freshclam —version What operating system? Thanks, Tom McCourt On 2/1/18, 8:35 AM, "clamav-users on behalf of Eric Broch" wrote: >Hello list, > >I have user who has upgraded

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 has been released!

Hello, We are looking into the signature issue and will post soon with more details. Thank you, Tom M On 1/26/18, 10:18 AM, "clamav-users on behalf of Jason J. W. Williams" wrote: >Hi Joel & Micah, > >Is

Re: [clamav-users] Detected duplicate databases

Hello, Please enter a bug ticket in https://bugzilla.clamav.net/ For the private mirror issue. I will look into it. Thank you, Tom M On 1/18/18, 4:45 PM, "clamav-users on behalf of Al Varnell" wrote: >As I mentioned

Re: [clamav-users] Unable to upload a false positive.

Hello Ramos, Yes, we are aware of the issue on the site and are working to correct this for false positives, we are sorry for any inconvenience. Thank you, Tom M On 1/17/18, 3:52 PM, "clamav-users on behalf of Ramos Alexiou"

Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors

Hello George, 1) Did you delete mirror.dat, then re-run freshclam? 2) Did you include in your freshclam.conf your countryside in the DatabaseMirror section? Db.xy.clamav.net? Once doing that, run freshclam. Thanks, Tom M On 12/15/17, 4:52 AM, "clamav-users on behalf of George"

Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND mirrors

Hello, In the freshclam.conf, there will be: # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. # You can use db.XY.ipv6.clamav.net for IPv6 connections. #DatabaseMirror db.XY.clamav.net Where XY is

Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND mirrors

Hello Al, The issue should be corrected now. I am sorry for any confusion or difficulty using the mirrors. We have been working on making the mirrors better for sometime, though it is a long process to clean up Some of the old mirrors and such. If you still experience issues, let me know.

Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND mirrors

Hey George, What does your freshclam.log file say? Any errors generating when you download via freshclam? Replace XY with your country code in the below database mirror section. You could look at the freshclam.conf file and make sure you have the below settings: # Uncomment the following

Re: [clamav-users] (no subject)

Hello, Yeah, run the wget command Wget database.clamav.net/main.cvd That should download it Thanks, Tom On 12/6/17, 11:18 AM, "clamav-users on behalf of George" wrote: >wget >database.clamav.net/main.cvd'

Re: [clamav-users] (no subject)

Hello George, I will look into those mirrors to see if they are down. IF a mirror is not working, it should look to find another one. You could also try 'wget database.clamav.net/main.cvd' To see if it manually downloads it that way, then drop the file in the location We have been working

Re: [clamav-users] (no subject)

Hey, Firstly, this is a permissions issue with the freshclam.log file. I would verify that clamav can write to the log file and see what you have the permissions of that file as. IF you created the clamav user when you first installed clamav, you might need to chown the file with the clamav

Re: [clamav-users] RHEL 6 (workstation repo) Clam install error

amav.net/cgi-bin/mailman/listinfo/clamav-users >or, via email, send a message with subject or body 'help' to > clamav-users-requ...@lists.clamav.net > >You can reach the person managing the list at > clamav-users-ow...@lists.clamav.net > >When replying, please edi

Re: [clamav-users] RHEL 6 Clam AV Installation

Hello Jason, Using Yum, I can do the following command and download both Epel-release and clamav. This of course, downloads 99.2 (not the beta version). yum install -y epel-release yum install -y clamav Duck]# yum install -y epel-release Loaded plugins: fastestmirror, refresh-packagekit,

Re: [clamav-users] EXTERNAL: Re: Compiling ClamAV on RHEL7

My bad. I needed the openssl-devel package. -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Brad Scalio Sent: Friday, July 15, 2016 9:13 PM To: ClamAV users ML Subject: EXTERNAL: Re: [clamav-users]

[clamav-users] Compiling ClamAV on RHEL7

Hi, I'm working on compiling ClamAV on RHEL7. I ran ./configure and it ended with the message: configure: error: OpenSSL not found. I have both the openssl and openssl-libs packages installed. Any thoughts? My Googling came up with nothing. Tom A. -- Tom Albrecht III,

[clamav-users] ClamAV and DoD Approval

Hi, I'm hoping someone on this list can answer this question. I work as a defense contractor, and one (frustrating) requirement that we've had for years is that we've had to install antivirus tools on our servers, no matter the context or risk. In addition, they had to be "DoD approved" AV

Re: [clamav-users] clamscan false positives

Am 17.03.16 um 12:01 schrieb Joel Esler (jesler): > Best thing to do is submit them as false positives on > ClamAV.net<http://clamav.net> Thanks for the tipp. Will do so. cheers t. > -- > Joel Esler > iPhone > > On Mar 17, 2016, at 6:54 AM, Thomas Stein > <h

[clamav-users] clamscan false positives

Hello Clamav users. Last week i started to check a gentoo distfiles directory with clamscan. To my big surprise clamscan found a lot of infected files. Taking a closer look leads to the assumption all of them are false positives because most of them are debugging tools. ClamAV update process

[clamav-users] ClamAV Update Authenticity?

Is there a method to authenticate ClamAV updates? I see that GnuPG can be used to verify the signature of the ClamAV installation, what about the virus database updates. I use ClamAV completely offline and do not have the ability to connect directly to any network for updates. I use a

Re: [clamav-users] Clam in a very low memory environment?

On 03/09/2014 05:15 PM, Jim Preston wrote: Not knowing your situation but.have to ask if there are any other services you can turn off to conserve memory? And any possible chance of smaller foot print daemons of any essential services? I have actually turned off pretty much everything

Re: [clamav-users] Clam in a very low memory environment?

On 03/08/2014 03:05 AM, Al Varnell wrote: On Mar 7, 2014, at 9:13 AM, Thomas Cameron thomas.came...@camerontech.com wrote: I am taking advantage of the free tier at Amazon (640M memory) to host my e-mail server. Naturally, my first move was to install SpamAssassin and ClamAV for mail

Re: [clamav-users] Clam in a very low memory environment?

On 03/08/2014 06:02 AM, Martin Hepworth wrote: can you split this to several hosts as doing SA on a reasonable mail volume can require quite a bit of memory anyway Well, it's a personal domain with only a handful of users, so it's kind of not worth it. I'd have to go to the non-free tier on

[clamav-users] Clam in a very low memory environment?

Clam in a very low memory configuration? Is it do-able? Thanks! Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMZ/iAACgkQmzle50YHwaCJjwCfdqKYuEVdH4CnJlcX8e1MZM8G m

[clamav-users] clamav-milter - send failed: Broken pipe

This is cropping up in our log files every so often and we're not sure why. I'm guessing that we'll need to increase the logging levels to figure out why? Possibly also need to increase the logging levels of clamd? /var/log/maillog Jun 10 20:14:37 fvs-pri clamav-milter[2421]: send failed:

[clamav-users] Virus decscriptions ?

Last night 4 files on one of our internal servers were flagged as being infected with Exploit.PDF.Dropped-20. How do I find out what Exploit.PDF.Dropped-20 is and how to fix the files or the user's workstation from which they got uploaded? -- Thomas Kern ActioNet, Inc. On contract to: U.S

Re: [clamav-users] Virus decscriptions ?

Thanks. That goes into the file of handy things to know. -- Thomas Kern ActioNet, Inc. On contract to: U.S. Department of Energy 301-903-2211 (Office) 301-905-6427 (Mobile) -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net

Re: [clamav-users] Virus decscriptions ?

A guy from the ClamAV team asked for copies of my files, checked them and reported to me that they were all false positives. -- Thomas Kern ActioNet, Inc. On contract to: U.S. Department of Energy 301-903-2211 (Office) 301-905-6427 (Mobile) -Original Message- From: clamav-users-boun

[clamav-users] False Positive Exception list ?

. We would like to continue to use DLP but do not want to wade through this long list of false positives every day. Is there some mechanism to have a false positive exception file listing all the files that we know are false positives, so that Clamav will not report that on it? -- Thomas Kern

Re: [clamav-users] Major new false positive? BC.Exploit.CVE_2012_0184

http://wiki.clamav.net http://www.clamav.net/support/ml -- Mark G. Thomas (m...@misty.com) Web: http://mgtinternet.com/ Tel: +1-215-512-0112 US: 877-512-0112 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net

Re: [Clamav-users] No debian woody support anymore?

Simon Hobson schrieb: OK, how's this then. 9.5.3 (IIRC) came out about the time the notice was published. It costs virtually nothing to add an extra DNS entry, and the release could have had the default server URL changed for Freshclam to fetch updates. it wouldn't even have been a great

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

Noel Jones-2 wrote: On 4/22/2010 10:51 AM, Thomas Herzog wrote: Török Edwin wrote: On 04/22/2010 10:24 AM, Török Edwin wrote: lxhv1m02:~# grep ctl /etc/amavis/conf.d/15-av_scanners \ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd.ctl], You need to tell amavis to pass

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

Rob MacGregor wrote: On Wed, Apr 21, 2010 at 16:02, Thomas Herzog thomas.her...@leoni.com wrote: Hello, We're running clamav 0.95.3 with amavisd-new-2.6.1and postfix 2.5.5. Sending a message with a virus attached clamav-daemon didn't find it. - http://www.clamav.net/lang/en/sendvirus

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

Thomas Herzog wrote: Rob MacGregor wrote: On Wed, Apr 21, 2010 at 16:02, Thomas Herzog thomas.her...@leoni.com wrote: Hello, We're running clamav 0.95.3 with amavisd-new-2.6.1and postfix 2.5.5. Sending a message with a virus attached clamav-daemon didn't find it. - http

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

Rob MacGregor wrote: On Thu, Apr 22, 2010 at 07:16, Thomas Herzog thomas.her...@leoni.com wrote: Thanks for your reply, just to get this right. The virus is detected by the binaries clamdscan or clamscan, but not by the deamon called through amavis - see the attachment of my first post

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

Török Edwin wrote: On 04/22/2010 10:01 AM, Thomas Herzog wrote: Amavis seems to be calling the clam deamon, it finds also some other exploits, viruses... /var/log/clamav/clamav.log: Thu Apr 22 08:15:07 2010 - /tmp/UPS_invoice_4557.zip: Suspect.Bredozip-zippwd-5 FOUND BTW

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

/p001: Suspect.Bredozip-zippwd-5 FOUND Thank You very much Edwin, Regards Thomas -- View this message in context: http://old.nabble.com/clamav-daemon-didn%27t-recognise-attached-virus-tp28288042p28327757.html Sent from the clamav-users mailing list archive at Nabble.com

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

banned_filename_re-filter out. Perhaps, there's another solution? Thanks Thomas -- View this message in context: http://old.nabble.com/clamav-daemon-didn%27t-recognise-attached-virus-tp28288042p28330848.html Sent from the clamav-users mailing list archive at Nabble.com

[Clamav-users] clamav-daemon didn't recognise attached virus

. Thanks Thomas Herzog http://old.nabble.com/file/p28288042/logging.TXT logging.TXT -- View this message in context: http://old.nabble.com/clamav-daemon-didn%27t-recognise-attached-virus-tp28288042p28288042.html Sent from the clamav-users mailing list archive at Nabble.com

Re: [Clamav-users] ClamAV not starting up on Debian Etch

Thank you Gary, You were perfectly right. I was running 0.90.1, so I updated to 0.95.2 using Etch backports, and clamav-daemon started right away. Best regards, -- VOD visioconference - http://www.digiprof.tv ___ Help us build a comprehensive

[Clamav-users] ClamAV not starting up on Debian Etch

Hi, I wanted to setup ClamAV with my Citadel server, but for some reason it does not appear to start as far as netstat -anp says. I reconfigured using: dpkg-reconfigure clamav-base, so that TCP is used. The process is started, but nothing is listening on port 3100. I'm using a Debian Etch

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

On 12/3/2009 10:32 PM, Dennis Peterson wrote: I quoted viruses above because much of what is found is actually blacklisted URL's, scams, spam, etc. Very few true viruses show up anymore. That seems to be true if you're doing DNSBLs that block the dynamic address ranges. I see a steady

Re: [Clamav-users] SubmitDetectionStats Error

On 11/15/2009 5:17 PM, Chris wrote: I've seen this in the last three freshclam runs: ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance Curious as to whether anyone else sees the same I'm seeing: Nov 16 15:14:29 fvs-pri freshclam[26543]:

Re: [Clamav-users] SubmitDetectionStats Error

On 11/16/2009 4:32 PM, Luca Gibelli wrote: the stats server is under maintenance as freshclam is reporting to some of you. I don't know why some of you are getting a different error message, I'll investigate that. I expect it to be back online in ~24h. The 2pm to 4pm (eastern US time) check

Re: [Clamav-users] All quiet on the virus front?

On 11/11/2009 11:49 AM, fchan wrote: Hello, Ever since about 10-Nov-2009 1810UTC I haven't gotten any virus hits on my mail server and I'm checking if anyone seen the same thing. Before that time, I used to get about 1000 virus hits per day so are the virus writers/spammers gone away or this is

[Clamav-users] Startup script for ClamAV 0.95.3 on CentOS / Red Hat?

We use CentOS 5 here and recently ran across this issue with ClamAV 0.95.3 (we're using the clamav-0.95.3-46.el5 RPM from either RPMForge or ATRPMs). The startup script in that RPM is still written for ClamAV prior to 0.95 where clamav-milter did not use a configuration file. The old script

Re: [Clamav-users] Major upgrade db compatibility

mirror. I don't know what's planned for 0.96, but I'm sure there will be some grace period of time if the signature format changes again or other large-scale changes occur. It's always good practice to test RCs and read the changelogs attentively. Kind regards Thomas -- Thomas Lamy Ingolstadt

Re: [Clamav-users] nonblock_connect: connect timing out (30 secs)

the argument to NotifyClamd correctly points to clamd's config file. Good Luck Thomas -- Thomas Lamy Ingolstadt Online GmbH thomas.l...@in-online.net Fon: +49 841 885 212-0 Fax: +49 841 885 212-0 Web: www.in-online.net Pflichtangaben lt. §35a GmbHG: Ingolstadt Online GmbH, Münchener Str. 71, 85051

Re: [Clamav-users] Using ClamAV from PHP

. The protocol was pretty easy to implement. Kind regards Thomas Lamy -- Thomas Lamy Ingolstadt Online GmbH thomas.l...@in-online.net Fon: +49 841 885 212-0 Fax: +49 841 885 212-29 Web: www.in-online.net Pflichtangaben lt. §35a GmbHG: Ingolstadt Online GmbH Münchener Strasse 7185051

  1   2   3   4   5   >