code. Therefore I
would like to ask if I should just submit such code or is there anything
other that must be done to be able to detect malicious javascript?
I can provide some examples if you need...
Please upload them in the normal way at:
http://www.clamav.net/sendvirus/
-trog
an
hour to write one from scratch).
This question is covered in the FAQ.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list
to their
resources.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
would like a nice UltraSPARC, HP 9000 and an IBM z9.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
, it will not bother
checking if it needs to reload the database.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
On Mon, 2007-12-10 at 13:06 +0200, Gareth Koopman wrote:
Hope this helps...
[ophelia:~]# cat /proc/sys/vm/overcommit_memory
0
Ok, no problem there.
Does the problem only start after clamd has been running for a while?
Roughly how long?
-trog
signature.asc
Description
has been reached.
Try using vmstat to check memory.
Check thread limits with ulimit and in /proc/sys/kernel/threads-max
You can also try running the diagnostic program that is here:
http://lurker.clamav.net/message/20070619.182345.dc79226b.en.html
-trog
signature.asc
Description
?
This are generally seen in MS mail files that look like OLE2 containers,
but aren't. Unless the file is an Office document of some sort, they can
be ignored.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build
On Fri, 2007-10-12 at 10:11 +0200, Pieter wrote:
- according the info I found on the wiki/docs mailing list, currently the
daily and main.inc database system is used as pattern updates due to high
load problems on the update servers. I read on the mailing list that it
isn't possible anymore
this time.
4. Remove the sanesecurity sigs and see if the problem goes away.
5. strace clamd during the 'hang' to see what clamd is doing.
6. Use tcpdump to see what is happening on the network.
-trog
signature.asc
Description: This is a digitally signed message part
'normal' right now.
You've taken note of the recent postings on trouble with the standard
Solaris regex library? And how to switch to using PCRE, which solves the
problem.
-trog
___
Help us build a comprehensive ClamAV guide: visit http
Quoting rick pim [EMAIL PROTECTED]:
so: i have three alternatives. in more or less the order of increasing
amount of work:
Forth alternative: use current SVN code, which has it's own regex code to
overcome platform issues.
-trog
___
Help us build
at a time.?
Not sure if anyone else has contacted you yet from the development team.
How big are we talking here?
Thanks,
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build a comprehensive ClamAV guide: visit http
with the latest version of clamav we thought of
postponing the upgrade.
Submit a sample. See the website for details.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build a comprehensive ClamAV guide: visit http
a gdb backtrace from when clam is unresponsive.
The backtrace must include all threads.
Then let clam continue for a few seconds and do another full backtrace.
-trog
signature.asc
Description: This is a digitally signed message part
___
Help us build
On Mon, 2007-04-23 at 13:34 +0300, Kapetanakis Giannis wrote:
Now the time is gone down from 30 to 12 seconds for 0.90.2
Still seems long to me.
use clamd/clamdscan
-trog
signature.asc
Description: This is a digitally signed message part
in your tmp dir and see what files clam actually pulled out of
your powerpoint file. There may be something surprising in there (and there may
not)
PowerPoint is very bad for hiding extra files inside the ppt files.
-trog
___
Help us build
for working). If we don't find something
suitable in the next weeks, we'll disable that engine of the service.
Have you tried the official ClamAV win32 port?
http://w32.clamav.net/
-trog
___
Help us build a comprehensive ClamAV guide: visit http
and Encrypted.RAR.
ArchiveBlockEncrypted no is the wrong syntax.
Starting ClamAV daemon: ERROR: Parse error at line 23: Option
ArchiveBlockEncrypted doesn't support arguments (got 'no').
Then you aren't running the current version of ClamAV and need to
upgrade.
-trog
signature.asc
Description
these files (--debug).
-trog
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
On Thu, 2006-09-28 at 16:40 +0800, Ardi wrote:
Hi:
I compress eicar.com.txt sample virus with WinRAR 3.50, then check the
rar file. ClamAv can not check the virus.
Does ClamAV support scan rar file?
Current CVS version support v3 RAR.
-trog
signature.asc
Description
the following string:
Add New Workbook, Infect It, Save It As Book1.
I'd guess it unlikely that a legitimate spreadsheet would try and infect
a Workbook.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net
an option is not used (hashed or doesn't exist in the
configuration file) clamd takes a default action.
You need to uncomment DisableDefaultScanOptions
and then uncomment all the options that you do want. E.g.
DisableDefaultScanOptions
ScanPE
#ScanOLE2
ScanMail
ScanHTML
etc.
-trog
On Wed, 2006-04-26 at 14:14 +0300, Halid Faith wrote:
Hello
I use clamav antivirus on qmail mail server.
How can I increase performance of clamav ?
use clamd.
-trog
signature.asc
Description: This is a digitally signed message part
___
http
do it at all, because it's completely
pointless.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
me an example file please.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
however.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
or journalling.
Next, I would investigate the pthreads libraries. If your system has
more than one to choose from, try the other one. Failing that, disable
thread support at compile time.
If that doesn't help, you'll need to do some profiling to find out where
all the time is being spent.
-trog
is wrong here?
You've probably told freshclam and clamd/sigtool that the databases are
in different places, and now have two copies.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav
On Wed, 2005-10-26 at 15:15 +0200, Pierre-Emmanuel Brinette wrote:
Somebody know how to solve this problem ?
Yes, read the documentation.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list
On Mon, 2005-10-17 at 06:47 -0700, Joanna Roman wrote:
Hi, How does clamd know whether someone is using the
signature tree when it reloads (after it frees) the
signature tree ? How is this race-condition handled in
the code. I don't see that this condition is ever
checked in the code.
ref
On Thu, 2005-10-06 at 13:36 +0100, Randal, Phil wrote:
We've received over two dozen copies of a new Bagle / Mytob variant in
the last few hours.
Christoph already release a sig for it.
-trog
signature.asc
Description: This is a digitally signed message part
On Fri, 2005-09-23 at 09:52 -0500, R. Steven Rainwater wrote:
But I guess the big question now is how can determine for sure if it's a
specifically formatted email that's causing the clamav crashes and, if
so, how can I capture one of the emails?
What platform are you using?
-trog
are using.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
are some tips for anyone following this aproach:
- DO NOT start it for single-user runlevel , i.e.
av:2345:respawn:/usr/local/sbin/clamd
Alternatively, use daemontools.
-trog
signature.asc
Description: This is a digitally signed message part
___
http
On Wed, 2005-07-06 at 12:20 -0400, Mitch wrote:
What effect will that have not building it with libcurl?
You won't be able to use MailFollowURLs which is disabled by default.
-trog
signature.asc
Description: This is a digitally signed message part
any improvement.
Upgrade to 0.86.1
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
any improvement.
Where 0.85 is 0.85.1 and 0.86 is 0.86.1
Upgrade to 0.86.1
What version of zlib do you have?
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
/libz.so.2
Doing a strings on that file should pull out the version number -
there's probably a better way, but FreeBSD isn't my main platform.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list
from Oct 3 2004 as the latest version.
Where is the version that was released yesterday ?
The current site is at:
http://www.gzip.org/
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav
On Thu, 2005-07-07 at 09:48 -0400, Christopher X. Candreva wrote:
On Thu, 7 Jul 2005, Trog wrote:
http://www.gzip.org/
Thanks, but http://www.gzip.org/zlib/ is also showing 1.2.2 from 10/3/2004
as the current version.
What I wrote and what you wrote are different, hence different
to be pointed in the right direction, we are
running curl-7.12.1
also tired to build it without zlib and still nothing.
./configure --disable-zlib-vcheck
Disable libcurl:
./configure --without-libcurl
-trog
signature.asc
Description: This is a digitally signed message part
I send an zip
attachment through it. It worked on the previous
version just fine. Any suggestions I believe it does
have something to do with the StreamSaveToDisk option
that is nolonger supported.
Upgrade your zlib.
-trog
signature.asc
Description: This is a digitally signed message part
to be acquired during the first database update (something
that did not happen before).
Thats expected behaviour. See the archives regarding clmilter becoming
quiescent during a reload.
-trog
signature.asc
Description: This is a digitally signed message part
database update, ram usage increases to 15 meg. It
doesn't go back down, as I would have expected.
I wouldn't expect it to go back down. free() won't release memory back
to the system, just keep it until malloc() requires it.
-trog
signature.asc
Description: This is a digitally signed message
On Thu, 2005-06-16 at 14:58 +0200, [EMAIL PROTECTED] wrote:
Hi clamav users
I've a very strange problem with clamd.
Its a 2x2.6 Ghz HT enabled and 1 GB of ram.
The problem is that clamd uses 100% cpu all the time.
What version of Clam are you using? It is less than 0.85.1 then upgrade.
, and weren't using the glib
versions. Check your libraries. GDB will tell you what libraries are in
use.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
On Thu, 2005-06-02 at 15:25 +0530, ramya wrote:
These two viruses are being caught on servers by other scanners.. but
not by ClamAV.. Can anyone explain this to me??
I have 0.85.1 version running.
Enable ScanPE and DetectBrokenExecutables
-trog
signature.asc
Description
on this issue recently, that's
the first good suggestion. I like the idea and will have a look into it
ASAP.
Thats how clamd currently works.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav
a system call. Check out 'man accept' (on a Unix-like system:).
I think he knows that.
The accept call is done within Sendmail, I believe.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav
appear to have upgraded to
0.85.1 correctly, which is your actual problem.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
On Wed, 2005-05-18 at 10:20 +0200, rybka52 wrote:
clamd 0.85 and 0.85.1 same result, system OpenBSD 3.5
on first server work fine on second clamdscan report OK
any sugestion ?
How many signatures is each reporting to have?
-trog
signature.asc
Description: This is a digitally signed message
On Wed, 2005-05-18 at 12:44 +0200, David wrote:
Hello,
I have a problem with an extension .FM6.
Really, this file is an encrypted zip and the clamd says
ASBHCI83.FM6: Input/Output error ERROR
How I can exclude this extension from the clamd?
Upgrade to 0.85.1
-trog
On Wed, 2005-05-18 at 13:28 +0200, David wrote:
But, if i need to exclude an extension. How i do it?
Use --exclude, easy when you read the manual.
-trog
signature.asc
Description: This is a digitally signed message part
___
http
log file. They must be accessible by the
user the milter runs as.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
On Tue, 2005-05-17 at 15:44 +0400, Sergey wrote:
T Check the permissions on your log file. They must be accessible by the
T user the milter runs as.
T -trog
they are accesseble
No they aren't. Actually look at the file permissions this time.
-trog
signature.asc
Description
would be most welcome.
There is something wrong with your configuration. Probably something
related to the way you have plugged clam and postfix together.
-trog
signature.asc
Description: This is a digitally signed message part
___
http
messages per day which get past ClamAV but are picked up by
another AV product. Nonetheless, ClamAV is a credit to the developers.
Picked up as what, by what scanner(s)?
-trog
signature.asc
Description: This is a digitally signed message part
___
http
no
end_av
And then add an entry in the dot-qmail file, before the delivery line,
something like:
|/usr/bin/odeiavir -av 8
(where 8 indicates which virus scanner definition to use in the config
file)
Anyway, if you want to try it but need some help, get back to me.
-trog
signature.asc
versions are predominantly bug fix releases.
As the RAR code has been completely re-written (including RAR version 1
and 2 support), it is currently scheduled for the 0.90 release, which
will have a longer testing period due to the new features it is getting.
-trog
signature.asc
Description
suggest you try going back to using --external and clamd.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
On Thu, 2005-05-05 at 11:25 +0200, Silvio - Network Operations wrote:
Box is FreeBSD 5.2.1-RELEASE, clamav version is 0.83, running smoothly for
3 months in a row, before this ...
Upgrade.
-trog
signature.asc
Description: This is a digitally signed message part
for your environment
to perform assurance testing.
Apart from missing potential crash fixes, you are also missing detection
of some viruses by not upgrading:
W32.Magistr.A and B
W32.Parite.A B C and D
some JPEG exploits
some email Worms that use non-standard encoding schemes to by-pass
filters
-trog
files, for example). They then try and send themselves
and/or other virus files to people on IRC channels.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
be told to upgrade to the latest
version.
Now that we have reports of spam crashing v0.80, it is time for me to
test v0.84.
How can you say 0.80 is the most stable, when you haven't tested 0.84?
Did you test anything after 0.80?
-trog
signature.asc
Description: This is a digitally signed
=search-type.cgifields=display
Try searching Trojan.Lowzone-37
Got following response
File 'daily.zmd' missing in archive; has the db format
changed? --- What is this ?
All the signatures in daily.zmd were moved to main.zmd (in main.cvd).
Wrong assumption on that web site.
-trog
and is causing overheads. Maybe you should
also try 2.6.x kernel with more effective I/O scheduler
If your users are also accessing the data via Samba, then use on-access
scanning via Samba VFS. The vscan module does that
http://www.openantivirus.org/projects.php#samba-vscan
-trog
StreamMinPort and StreamMaxPort settings are
conservative, e.g.
StreamMinPort 1024
StreamMaxPort 4096
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
ERROR: pthread_create failed
and the scanning is freezing
Any ideas?
Raise your softlimits.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
with other jobs - not
that we dare to have a private life ;-)
We are, of course, also looking for people to volunteer to become sig
makers. Assuming that they have the time and the relevant skills.
-trog
signature.asc
Description: This is a digitally signed message part
On Mon, 2005-04-18 at 18:22 +, Andy Fiddaman wrote:
On Mon, 18 Apr 2005, Trog wrote:
;
; Run autoreconf
Is this something that has changed and will stay this way ? I don't
currently have the auto utilities on my Sun servers and don't really want
to add and have to maintain them
On Tue, 2005-04-19 at 09:20 +, Andy Fiddaman wrote:
Fair enough, but it's a recent change which is why I wondered if it was
intentional.
It's not a recent change, we just don't change the build that often.
-trog
signature.asc
Description: This is a digitally signed message part
'make'.
I don't see anything in the ChangeLog to help me get out of this.
Run autoreconf
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
On Fri, 2005-04-15 at 06:39 -0700, Joanna Roman wrote:
Can phishing be considered one kind of spam ?
What is the universe in and where are God's parents?
signature.asc
Description: This is a digitally signed message part
___
:-(
# SCAN /home/wjanssen
bash: SCAN: command not found
use the program clamdscan to communicate with clamd.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
it to crash. Try adding:
#include clamav.h
to server-th.c
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
not an 'official' site.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
On Sun, 2005-03-20 at 11:03 -0500, Robert Stampfli wrote:
My question: Does the ClamAV team want examples of these
phishing emails submitted to them through their
http://cgi.clamav.net/sendvirus.cgi interface?
You can submit them via the web interface.
-trog
signature.asc
Description
On Mon, 2005-03-21 at 16:06 +0100, Julian Mehnle wrote:
Trog wrote:
Robert Stampfli wrote:
My question: Does the ClamAV team want examples of these
phishing emails submitted to them through their
http://cgi.clamav.net/sendvirus.cgi interface?
You can submit them via the web
not
over-written)? Probably not, but I thought I'd ask. :)
Sounds like a feature request to me... can we have a user.cvd file (in
addition to main.cvd and daily.cvd)
The features been there for a long time already. Read the documentation.
-trog
signature.asc
Description: This is a digitally
On Fri, 2005-03-18 at 14:36 +0545, [EMAIL PROTECTED] wrote:
My version is 0.80 and I think it should be solved by installing 0.83 can
any one help me with this. It would be better if it is a rpm installation
file
http://www.clamav.net/binary.html#pagestart
-trog
signature.asc
On Wed, 2005-03-09 at 13:47 -0500, Jerry Bell wrote:
Likewise, I have run strings on all libraries in /usr/local/lib and
/usr/lib looking for the string 0\.81 and have only found
/usr/local/lib//usr/local/lib/libclamav.so.1.
Are you running under a chroot() somewhere?
-trog
signature.asc
some old libraries from 0.81 on your system still. Find and
delete them.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
attachments (or level of
attachments?), and a threadmanager after a database update, waiting for
the mail scan to finish.
Tomasz? Trog?
That looks about correct. This should all be fixed in CVS. Please try
the CVS version, or the nightly tarball from today.
-trog
signature.asc
Description
On Tue, 2005-03-08 at 12:15 +0300, Jijos wrote:
how to find the old libaries?? of 0.81
Go and look in your lib directories.
run ldd on your freshclam binary.
-tog
signature.asc
Description: This is a digitally signed message part
___
On Fri, 2005-03-04 at 11:59 -0500, Robert Blayzor wrote:
Trog wrote:
What software are you using to do stream scanning? It is switched off by
default in clamav-milter 0.83
I'm using a PERL script that is taking the messages and stream scanning
them with clamd. It's been running fine
On Mon, 2005-03-07 at 13:08 +0100, Julian Mehnle wrote:
Trog wrote:
You can't send multiple commands. You *must* follow the following
sequence:
send: SESSION
pause
send: SCAN /my/file
read reply
send: SCAN /my/file2
read reply
What's pause supposed to mean?
pause
n
In that case it should be:
connect 1:
send: STREAM\n
waitfor: PORT \d+
connect 2: localhost:(port)
dump message
close connect 2:
wait for response
close connect 1:
(notice the close connect 2 moved up)
-trog
signature.asc
Description: This is a digitally signed message part
programming
implementation. :)
Quite. Which is why clamav-milter defaults to not using sessions.
It needs a new protocol defining, be it ICAP or something else. It's not
high on my personal TODO list at the moment. Another developer may make
it a higher priority though.
-trog
signature.asc
= min_port + cli_rndnum(max_port - min_port + 1);
I hope your script handles ERROR responses correctly :-)
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
On Mon, 2005-03-07 at 09:38 -0500, Robert Blayzor wrote:
$err = $1 if ($r =~ /^ERROR\:(.*)/);
Assuming I'm reading it right, I think it should be the other way
around. Error strings look like:
Reason ERROR
-trog
signature.asc
Description: This is a digitally signed message part
. make
6. make install
Just guesses for you I'm afraid:
1. Have you tried with just ./configure CFLAGS='-g -O2 -fPIC'
2. try with --disable-pthreads as well.
-trog
signature.asc
Description: This is a digitally signed message part
___
http
.
What software are you using to do stream scanning? It is switched off by
default in clamav-milter 0.83
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
happened to HTML.Script.Evasion.gen ???
The signature was removed due to possible false positives. The signature
was aimed at capturing possible future malware, and as such, there was
no loss of detection capability.
-trog
signature.asc
Description: This is a digitally signed message part
-starter. ClamAV has to
support whatever platform people choose to use.
There is a solution, which is planned for future development.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav
at the console, just a line feed.
You've misunderstood. PING and VERSION are commands you can issue to
clamd through a socket connection, not command line options.
-trog
signature.asc
Description: This is a digitally signed message part
___
http
no. Don't submit your pagefile.sys. I suggest you exclude it
from the scan.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
or not.
'Banned filename'? ClamAV doesn't do banned filenames.
-trog
signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html
1 - 100 of 366 matches
Mail list logo