Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/08/2012 05:43 AM, Gene Heskett wrote: Yes, and one way is to do an uninstall before upgrading. I do this for each of my clamav upgrades. I have found that each of the distro's tends to customize the install location to their own liking and which is usually not the same as anyone elses. Jim

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/08/2012 12:59 AM, Dennis Peterson wrote: file. It can be anywhere but is specified by the configure/compile operation, the installer if built from source, the RPM packager, and the command line in the launch script. Any or all can be screwed up or got right by any of the people involved.

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On Saturday 08 December 2012 07:34:39 Jim Preston did opine: > On 12/06/2012 12:12 PM, Gene Heskett wrote: > > On Thursday 06 December 2012 14:09:16 Dennis Peterson did opine: > >> On 12/6/12 10:44 AM, Gene Heskett wrote: > >>> Speaking of clamd.conf, I wonder if some of you might be editing the >

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/7/12 11:44 PM, Jim Preston wrote: On 12/06/2012 12:12 PM, Gene Heskett wrote: On Thursday 06 December 2012 14:09:16 Dennis Peterson did opine: On 12/6/12 10:44 AM, Gene Heskett wrote: Speaking of clamd.conf, I wonder if some of you might be editing the wrong clamd.conf file? I am not s

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/06/2012 12:12 PM, Gene Heskett wrote: On Thursday 06 December 2012 14:09:16 Dennis Peterson did opine: On 12/6/12 10:44 AM, Gene Heskett wrote: Speaking of clamd.conf, I wonder if some of you might be editing the wrong clamd.conf file? I am not sure how it got to be, but according the t

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On 12/7/12 1:50 AM, franckm wrote: Dennis Peterson wrote: That is a functionality of the desktop, no? There are command line tools as well. Inode cron will do this. If you're not in a hurry and understand the risks of non-atomic file transfers you can do this with cron. Here's a link to incro

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

Jari Fredriksson skrev den 06-12-2012 19:26: 06.12.2012 19:44, franckm kirjoitti: Is it possible to have clamd (clamav deamon) watch a specific folder (and only that one) and automatically scan the files as they are dropped into it? I'm afraid it is not possible with clamd alone. You need a

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Friday 07 December 2012 10:11:32 franckm did opine: > gene heskett-4 wrote: > > On Thursday 06 December 2012 13:59:05 franckm did opine: > >> TR Shaw wrote: > >> > Linux, bsd unix and MacOSX all support directory/folder changed > >> > actions. > >> > > >> > Tom > >> > > >> > On Dec 6, 2012, a

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

Dennis Peterson wrote: > > On 12/6/12 10:30 AM, TR Shaw wrote: >> Linux, bsd unix and MacOSX all support directory/folder changed actions. >> >> Tom >> >> On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: >> >>> 06.12.2012 19:44, franckm kirjoitti: Is it possible to have clamd (clamav de

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

gene heskett-4 wrote: > > On Thursday 06 December 2012 13:59:05 franckm did opine: > >> TR Shaw wrote: >> > Linux, bsd unix and MacOSX all support directory/folder changed >> > actions. >> > >> > Tom >> > >> > On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: >> > _

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On 12/6/12 6:34 PM, Jari Fredriksson wrote: 06.12.2012 20:44, Dennis Peterson kirjoitti: That is a functionality of the desktop, no? There are command line tools as well. Inode cron will do this. If you're not in a hurry and understand the risks of non-atomic file transfers you can do this with

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

06.12.2012 20:44, Dennis Peterson kirjoitti: > On 12/6/12 10:30 AM, TR Shaw wrote: >> Linux, bsd unix and MacOSX all support directory/folder changed actions. >> >> Tom >> >> On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: >> >>> 06.12.2012 19:44, franckm kirjoitti: Is it possible to have

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thursday 06 December 2012 21:00:10 Dennis Peterson did opine: > > > Just observing the OP did not specify email. > > > > > > dp > > > > Humm, an item I was remiss in not noting. Can I blame that on > > Oldtimers? I certainly qualify at 78 I think. :) > > I'm 67 and have so sure - you get a

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thursday 06 December 2012 20:59:06 Greg Folkert did opine: > On Thu, 2012-12-06 at 14:57 -0500, Gene Heskett wrote: > > On Thursday 06 December 2012 14:55:20 Dennis Peterson did opine: > > > On 12/6/12 11:14 AM, Gene Heskett wrote: > > > > On Thursday 06 December 2012 14:13:13 Dennis Peterson d

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

> > > > > Just observing the OP did not specify email. > > > > dp > > Humm, an item I was remiss in not noting. Can I blame that on Oldtimers? > I certainly qualify at 78 I think. :) > I'm 67 and have so sure - you get a pass:) dp ___ Help us bu

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thu, 2012-12-06 at 14:57 -0500, Gene Heskett wrote: > On Thursday 06 December 2012 14:55:20 Dennis Peterson did opine: > > > On 12/6/12 11:14 AM, Gene Heskett wrote: > > > On Thursday 06 December 2012 14:13:13 Dennis Peterson did opine: > > >> On 12/6/12 10:50 AM, Gene Heskett wrote: > > >>> On

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thursday 06 December 2012 14:55:20 Dennis Peterson did opine: > On 12/6/12 11:14 AM, Gene Heskett wrote: > > On Thursday 06 December 2012 14:13:13 Dennis Peterson did opine: > >> On 12/6/12 10:50 AM, Gene Heskett wrote: > >>> On Thursday 06 December 2012 13:45:09 franckm did opine: > Is it

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On 12/6/12 11:14 AM, Gene Heskett wrote: On Thursday 06 December 2012 14:13:13 Dennis Peterson did opine: On 12/6/12 10:50 AM, Gene Heskett wrote: On Thursday 06 December 2012 13:45:09 franckm did opine: Is it possible to have clamd (clamav deamon) watch a specific folder (and only that one)

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thursday 06 December 2012 14:13:13 Dennis Peterson did opine: > On 12/6/12 10:50 AM, Gene Heskett wrote: > > On Thursday 06 December 2012 13:45:09 franckm did opine: > >> Is it possible to have clamd (clamav deamon) watch a specific folder > >> (and only that one) and automatically scan the fil

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On Thursday 06 December 2012 14:09:16 Dennis Peterson did opine: > On 12/6/12 10:44 AM, Gene Heskett wrote: > > Speaking of clamd.conf, I wonder if some of you might be editing the > > wrong clamd.conf file? I am not sure how it got to be, but according > > the the launcher script in /etc/init.d.

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thursday 06 December 2012 13:59:05 franckm did opine: > TR Shaw wrote: > > Linux, bsd unix and MacOSX all support directory/folder changed > > actions. > > > > Tom > > > > On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: > > ___ > > Help us build

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thursday 06 December 2012 13:51:25 Jari Fredriksson did opine: > 06.12.2012 19:44, franckm kirjoitti: > > Is it possible to have clamd (clamav deamon) watch a specific folder > > (and only that one) and automatically scan the files as they are > > dropped into it? > > I'm afraid it is not poss

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On 12/6/12 10:50 AM, Gene Heskett wrote: On Thursday 06 December 2012 13:45:09 franckm did opine: Is it possible to have clamd (clamav deamon) watch a specific folder (and only that one) and automatically scan the files as they are dropped into it? You can do better than that if you're a procm

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On Thursday 06 December 2012 13:45:09 franckm did opine: > Is it possible to have clamd (clamav deamon) watch a specific folder > (and only that one) and automatically scan the files as they are > dropped into it? You can do better than that if you're a procmail user. Scan it before its dropped

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/6/12 10:44 AM, Gene Heskett wrote: Speaking of clamd.conf, I wonder if some of you might be editing the wrong clamd.conf file? I am not sure how it got to be, but according the the launcher script in /etc/init.d. it is using /etc/clamav/clamd.conf, but I have others also. You should mak

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On Thursday 06 December 2012 13:21:24 Bowie Bailey did opine: > On 12/6/2012 11:25 AM, franckm wrote: > > Bowie Bailey wrote: > >> On 12/6/2012 10:43 AM, franckm wrote: > >>> Ok I've done that. LogTimes are shown (in a weird datetime format) > >>> but the > >>> > >>> file that I've just scanned i

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

On 12/6/12 10:30 AM, TR Shaw wrote: Linux, bsd unix and MacOSX all support directory/folder changed actions. Tom On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: 06.12.2012 19:44, franckm kirjoitti: Is it possible to have clamd (clamav deamon) watch a specific folder (and only that one) a

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

TR Shaw wrote: > > Linux, bsd unix and MacOSX all support directory/folder changed actions. > > Tom > > On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

Linux, bsd unix and MacOSX all support directory/folder changed actions. Tom On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: > 06.12.2012 19:44, franckm kirjoitti: >> Is it possible to have clamd (clamav deamon) watch a specific folder (and >> only that one) and automatically scan the files

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

06.12.2012 19:44, franckm kirjoitti: > Is it possible to have clamd (clamav deamon) watch a specific folder (and > only that one) and automatically scan the files as they are dropped into it? > I'm afraid it is not possible with clamd alone. You need a separate daemon watching the folder(s) and the

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/6/12 9:20 AM, franckm wrote: Thanks Dennis. Do you mean LogSyslog can provide more detailed log than LogFile? Does the LogFacility setting apply to LogSyslog only or it also applies to LogFile. I have noticed my LogFacility setting does not have the default value. It is set to LOG_MAI

[clamav-users] [Clamav-users] Specify a watch folder for clamav

Is it possible to have clamd (clamav deamon) watch a specific folder (and only that one) and automatically scan the files as they are dropped into it? -- View this message in context: http://old.nabble.com/Specify-a-watch-folder-for-clamav-tp34767414p34767414.html Sent from the clamav-users mai

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

Dennis Peterson wrote: > > On 12/6/12 8:25 AM, franckm wrote: >> >> >> >> >> Thanks it works now but I am not getting the log line when a new file is >> getting scanned. I only get the result (OK line) >> >> > Syslog uses a two-part record (facility.severity) to decide what to put > into a log

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

Bowie Bailey wrote: > > On 12/6/2012 11:25 AM, franckm wrote: >> Bowie Bailey wrote: >>> On 12/6/2012 10:43 AM, franckm wrote: Ok I've done that. LogTimes are shown (in a weird datetime format) but the file that I've just scanned is not listed at all: > clamdscan >>

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/6/12 8:25 AM, franckm wrote: Thanks it works now but I am not getting the log line when a new file is getting scanned. I only get the result (OK line) Syslog uses a two-part record (facility.severity) to decide what to put into a log file. Assuming you are using the default LOCAL6 sy

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/6/2012 11:25 AM, franckm wrote: Bowie Bailey wrote: On 12/6/2012 10:43 AM, franckm wrote: Ok I've done that. LogTimes are shown (in a weird datetime format) but the file that I've just scanned is not listed at all: clamdscan /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.tx

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

Bowie Bailey wrote: > > On 12/6/2012 10:43 AM, franckm wrote: >> Ok I've done that. LogTimes are shown (in a weird datetime format) but >> the >> file that I've just scanned is not listed at all: >> >> >>> clamdscan /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt >> /tmp/clamscan

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/6/2012 10:43 AM, franckm wrote: Ok I've done that. LogTimes are shown (in a weird datetime format) but the file that I've just scanned is not listed at all: clamdscan /tmp/clamscan-franck-test/clamscan-franck-testclamscan-man.txt /tmp/clamscan-franck-test/clamscan-franck-testclamscan-ma

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

David Raynor wrote: > > On Thu, Dec 6, 2012 at 10:04 AM, Bowie Bailey > wrote: > > > Bowie is right. The logfile contents and the output on stdout are treated > differently. Check your clamd.conf for the LogFile option (and make sure > it > is not commented out). > > Dave R. > > -- > ---

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On Thu, Dec 6, 2012 at 10:04 AM, Bowie Bailey wrote: > On 12/6/2012 7:28 AM, franckm wrote: > >> With clamdscan, it still does not show timestamps (see below) >> >> The default config (/etc/clamd.conf) is to no show LogTimes. I have >> changed >> that (LogTime yes). Is there anything I need to d

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/6/2012 7:28 AM, franckm wrote: With clamdscan, it still does not show timestamps (see below) The default config (/etc/clamd.conf) is to no show LogTimes. I have changed that (LogTime yes). Is there anything I need to do after having changed the clamd config? Restart clamd. releasemast

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

Al Varnell wrote: > > On 12/6/12 3:05 AM, "franckm" wrote: > >> >> I am using clamav on linux in the command line >> >> When I use clamscan from the command line the log file does not show >> timestamps >> >> I have seen no option to turn timestamps on in log files >> >> I'd like to get a

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On 12/6/12 3:05 AM, "franckm" wrote: > > I am using clamav on linux in the command line > > When I use clamscan from the command line the log file does not show > timestamps > > I have seen no option to turn timestamps on in log files > > I'd like to get a timestamp especially for the "scanni

[clamav-users] [Clamav-users] clamav no timestamp in the logs

I am using clamav on linux in the command line When I use clamscan from the command line the log file does not show timestamps I have seen no option to turn timestamps on in log files I'd like to get a timestamp especially for the "scanning" and "OK" log lines. I have seen that /etc/clamd.conf

Re: [clamav-users] [Clamav-users] Clamscan detected a UNIX.Exploit.CVE_2010_3301

Hi Alain, After recent update, clamav didn't reported it as a UNIX.Exploit.CVE_2010_3301 again. Downloading daily-15491.cdiff [100%] Downloading daily-15492.cdiff [100%] daily.cld updated (version: 15492, sigs: 277603, f-level: 63, builder: guitar) $ clamscan -r /var/lib/rpm --infected ---

Re: [clamav-users] [Clamav-users] Clamscan detected a UNIX.Exploit.CVE_2010_3301

Hi David, thanks for the response. With todays antivirus definitions it isn't detected anymore. Regards, Christoph - Ursprüngliche Mail - > Von: "David Raynor" > An: "ClamAV users ML" > Gesendet: Montag, 22. Oktober 2012 17:56:21 > Betreff: Re: [

Re: [clamav-users] [Clamav-users] Clamscan detected a UNIX.Exploit.CVE_2010_3301

On Mon, Oct 22, 2012 at 4:35 AM, Christoph Mitasch < cmita...@thomas-krenn.com> wrote: > Hello, > > I have the same problem since a few days. > > When I try to submit it as False Positive, it says it is not recognized by > ClamAV. > http://www.clamav.net/lang/en/sendvirus/submit-fp/ > > But on the

Re: [clamav-users] [Clamav-users] Clamscan detected a UNIX.Exploit.CVE_2010_3301

Hello, I have the same problem since a few days. When I try to submit it as False Positive, it says it is not recognized by ClamAV. http://www.clamav.net/lang/en/sendvirus/submit-fp/ But on the commandline it is definitely reported. host:~# tail -f /var/log/clamav/freshclam.log Mon Oct 22 10:1

Re: [clamav-users] [Clamav-users] Clamscan detected a UNIX.Exploit.CVE_2010_3301

Please submit a false positive report here: http://www.clamav.net/lang/en/sendvirus/submit-fp/ We will analyze your sample and get back to you as soon as possible. Thanks, - Alain ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav

[clamav-users] [Clamav-users] Clamscan detected a UNIX.Exploit.CVE_2010_3301

Hi, When I scan my systems I found the following, /var/lib/rpm/Packages: UNIX.Exploit.CVE_2010_3301 FOUND I understand that new signature was added on the recent daily.cld updated (version: 15479). Currently the system is using Centos 6.2 kernel 2.6.32-220.7.1.el6.x86_64. I believe they should

Re: [clamav-users] clamav-users Digest, Vol 96, Issue 14

2012/9/19 Michael Wu > > Message: 9 >> Date: Tue, 18 Sep 2012 19:09:50 -0700 >> From: Al Varnell >> Subject: Re: [clamav-users] Help to download ClamAV 0.97.6 tar.gz >> source code >> To: ClamAV users ML >> Message-ID: >> Content-Type: text/plain; CHARSET=US-ASCII >> >> On 9/18/12 5:54

Re: [clamav-users] clamav-users Digest, Vol 96, Issue 14

> Message: 9 > Date: Tue, 18 Sep 2012 19:09:50 -0700 > From: Al Varnell > Subject: Re: [clamav-users] Help to download ClamAV 0.97.6 tar.gz > source code > To: ClamAV users ML > Message-ID: > Content-Type: text/plain; CHARSET=US-ASCII > > On 9/18/12 5:54 PM, "Michael Wu" wrote: > > > We

Re: [clamav-users] clamav-users Digest, Vol 94, Issue 6

Den 2012-07-09 07:43, Wojciech Michalak skrev: Just empty files don't work as they don't pass verification tests that are run on startup. ups that part i missed, but sigtool --unpack-current=main and sigtool --unpack-current=daily will give the unsigned sigs, clamav should work with it, but s

Re: [clamav-users] clamav-users Digest, Vol 94, Issue 6

On 07.07.2012 12:00, clamav-users-requ...@lists.clamav.net wrote: > create them self, and disable freshclam, not tested but should be it I cannot create the files myself. Signtool for creating the cvd files requires access to a (as far as I know) publicly unavailable signing server. Just empty file

Re: [clamav-users] clamav-users Digest, Vol 91, Issue 17

> > "Postfix" questions should be directed to the "Postfix Mail Forum" > "Spamassassin" questions should be > directed towards their mailing lists: > . > > You could check the documentation for both the "clamav-mi

Re: [clamav-users] [Clamav-users] problem with clamav-milter recipient notification

On 05/24/12 16:54, Giles Coochey wrote: > Was a bug / feature request ever opened for this? Was it ever fixed? Yup, https://bugzilla.clamav.net/show_bug.cgi?id=2879 Cheers, -- aCaB ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clama

Re: [clamav-users] [Clamav-users] problem with clamav-milter recipient notification

aCaB wrote: > > On 05/24/11 17:48, Annette Jaekel wrote: >> If I understood right, the script >> gets the recipients from the sendmail macro rcpt_addr. Now clean mails go >> trough >> clamav-milter and deliver to all recipients. But always if a virus is >> found for >> a mail with more than one

Re: [clamav-users] [Clamav-users] no GUI update

Thanks guys, just gone through your replies, found the rpm for Mandriva2010.2, download, install and now ALL is good. Some nice touches in the new GUI. So many thanks, Joe. joeclem111 wrote: > > Clamav 097.3 shows GUI is out of date, check for updates in "help" shows > new GUI available but t

Re: [clamav-users] [Clamav-users] no GUI update

I am running Mandriva Linux 2010.2 (Official) and 2010.1_64 (Official) on another PC. joeclem111 wrote: > > Clamav 097.3 shows GUI is out of date, check for updates in "help" shows > new GUI available but there is no way to do the update. How do I do this > please? > -- View this message in c

Re: [clamav-users] [Clamav-users] no GUI update

On Thu, 2 Feb 2012 13:12:33 -0600, Dave M wrote: On Thu, Feb 2, 2012 at 1:09 PM, Al Varnell wrote: On 2/2/12 10:50 AM, "joeclem111" wrote: Clamav 097.3 shows GUI is out of date, check for updates in "help" shows new GUI available but there is no way to do the update. How do I do this please?

Re: [clamav-users] [Clamav-users] no GUI update

On Thu, Feb 2, 2012 at 1:09 PM, Al Varnell wrote: > On 2/2/12 10:50 AM, "joeclem111" wrote: > >> >> Clamav 097.3 shows GUI is out of date, check for updates in "help" shows new >> GUI available but there is no way to do the update. How do I do this please? >> > GUI for what OS? > > > -Al- > Based

Re: [clamav-users] [Clamav-users] no GUI update

On 2/2/12 10:50 AM, "joeclem111" wrote: > > Clamav 097.3 shows GUI is out of date, check for updates in "help" shows new > GUI available but there is no way to do the update. How do I do this please? > GUI for what OS? -Al- -- Al Varnell Mountain View, CA ___

Re: [clamav-users] [Clamav-users] no GUI update

> Clamav 097.3 shows GUI is out of date, check for updates in "help" shows new > GUI available but there is no way to do the update. How do I do this please? > -- You can get updates at http://clamtk.sf.net in rpm, deb, and tar.gz formats. Dave M ___ He

[clamav-users] [Clamav-users] no GUI update

Clamav 097.3 shows GUI is out of date, check for updates in "help" shows new GUI available but there is no way to do the update. How do I do this please? -- View this message in context: http://old.nabble.com/no-GUI-update-tp33251672p33251672.html Sent from the clamav-users mailing list archive

Re: [clamav-users] [Clamav-users] Heuristics.Phishing.Email.SpoofedDomain

Facebook dot com is one of the "protected" web sites when checking for phishing attempts. I learned here the other day that the clamav engine checks a list of currently 236 url's that are often used for phishing attempts and runs through something like 15 steps to see if it should be flagged. I'l

Re: [clamav-users] [Clamav-users] Heuristics.Phishing.Email.SpoofedDomain

Hi It appears that when im sending from pradipda...@xtra.co.nz to pra...@unlock.net.nz it comes up with the error. (Have both of these accounts linked to a yahoo webmail) Ive just had a little break through. I think it has to do with my signature - I removed some of the signature and the email

Re: [clamav-users] [Clamav-users] Heuristics.Phishing.Email.SpoofedDomain

On Jul 28, 2011, at 2:10 PM, ExodusNZ wrote: > This is the top of the email they are getting > > > Sorry, we were unable to deliver your message to the following address. > > : > Remote host said: 550 (Heuristics.Phishing.Email.SpoofedDomain) [BODY] > Without having a sample message or

[clamav-users] [Clamav-users] Heuristics.Phishing.Email.SpoofedDomain

Hi I am new to the forum / newbie with linux/perl etc!! And dont know where else to turn ? Ive emailed my webserver host and they are unless saying check the STMP im using ? WTF! ANyways my problem is that everytime someone emails me they are getting sent an error message (will paste below) My

Re: [clamav-users] [Clamav-users] PUA.PDF.OpenActionObject too broad

PUA.PDF.OpenActionObject has been dropped and has been replaced with the signatures below: PUA.Script.PDF.OpenActionObjectwithJavascript PUA.Script.PDF.OpenActionObjectwithJS Thanks, -Alain On Sun, Apr 24, 2011 at 5:03 AM, Johannes Schulz wrote: > "sigtool -fPUA.PDF.OpenActionObject|sigtool --

[clamav-users] [Clamav-users] PUA.PDF.OpenActionObject too broad

"sigtool -fPUA.PDF.OpenActionObject|sigtool --decode-sigs" says: VIRUS NAME: PUA.PDF.OpenActionObject TARGET TYPE: ANY FILE OFFSET: 0 DECODED SIGNATURE: %PDF-{WILDCARD_ANY_STRING}obj{WILDCARD_ANY_STRING(LENGTH<=2)}<<{WILDCARD_ANY_STRING}/OpenAction /OpenAction comes in two variants - the PDF Refe

Re: [clamav-users] [Clamav-users] Tracking false positives

* Dennis Peterson wrote: > > There are 823070 signatures in the current daily.cld, main.cld, and > bytecode.cld, and 190586 signatures in the various Sane Security files. > This is a Sun Sparc box running Solaris. > > Which begs another question - anyone have a single command that will > generate

Re: [clamav-users] [Clamav-users] Tracking false positives

Hi, > Every email has a unique-ish Message-Id. Proper MUAs, when replying, > will set the In-Reply-To header to the just replied-to message's > Message-Id, and likewise add it to the list in the References header. Yes, I understand this. I just thought the "thread view" period for a message would

Re: [clamav-users] [Clamav-users] Tracking false positives

On Sun, 2011-03-06 at 17:52 -0500, Alex wrote: > > In-Reply-To and References headers. Set when replying. > > > > guenther -- who has given up hoping long ago, that folks running mail > > servers should understand mail headers > > I'm not sure if I should quit while I'm still behin

Re: [clamav-users] [Clamav-users] Tracking false positives

Hi, >> I'll also start a new thread next time; I didn't think it would be >> associated with that old thread any longer for the very reason that it >> was so old. > > In-Reply-To and References headers. Set when replying. > >  guenther  -- who has given up hoping long ago, that folks running mail

Re: [clamav-users] [Clamav-users] Tracking false positives

On Sun, 2011-03-06 at 17:22 -0500, Alex wrote: > > There was some discussion about this particular signature on the > > Sanesecurity list. Archives here: > > http://news.gmane.org/gmane.comp.security.virus.clamav.sanesecurity > Thanks everyone for the information. I thought for sure it was that I

Re: [clamav-users] [Clamav-users] Tracking false positives

Hi, > There was some discussion about this particular signature on the > Sanesecurity list.  Archives here: > http://news.gmane.org/gmane.comp.security.virus.clamav.sanesecurity > > This signature is provided by Malware Patrol.  Apparently, originally the > signature matched the string "updat", wh

Re: [clamav-users] [Clamav-users] Tracking false positives

Hi, >> The MBL_144360 is still present in the mbl database, but now it >> doesn't match. > > That signature has a big google footprint. I found it here, for example: > > http://permalink.gmane.org/gmane.comp.security.virus.clamav.sanesecurity/3094 > > It would seem there is a QA problem and that p

Re: [clamav-users] [Clamav-users] Tracking false positives

On 3/6/2011 3:43 PM, Alex wrote: Hi, $ sigtool --find-sigs MBL_144360 | sigtool --decode-sigs VIRUS NAME: MBL_144360 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: update.multivaccine.co.kr/setupa Is that the correct way? I looked at the email itself, and not only is it from a trusted send

Re: [clamav-users] [Clamav-users] Tracking false positives

On Sun, 2011-03-06 at 15:39 -0500, Alex wrote: > Some time ago I posted a message requesting help tracking down a false > positive, and trying to learn why it triggered. I have another one. Yes, back in Sep 2010. A lot of people using threading and keeping an archive are unlikely to ever read this

Re: [clamav-users] [Clamav-users] Tracking false positives

On 3/6/11 1:43 PM, Alex wrote: The MBL_144360 is still present in the mbl database, but now it doesn't match. That signature has a big google footprint. I found it here, for example: http://permalink.gmane.org/gmane.comp.security.virus.clamav.sanesecurity/3094 It would seem there is a QA pro

Re: [clamav-users] [Clamav-users] Tracking false positives

Hi, >> $ sigtool --find-sigs MBL_144360 | sigtool --decode-sigs >> VIRUS NAME: MBL_144360 >> TARGET TYPE: ANY FILE >> OFFSET: * >> DECODED SIGNATURE: >> update.multivaccine.co.kr/setupa >> >> Is that the correct way? I looked at the email itself, and not only is >> it from a trusted sender, but it

Re: [clamav-users] [Clamav-users] Tracking false positives

On 2011-03-06 22:39, Alex wrote: > Hi, > > Some time ago I posted a message requesting help tracking down a false > positive, and trying to learn why it triggered. I have another one. > This is the information from the logs for that message: > > Mar 4 00:02:05 smtp01 amavis[16992]: (16992-212) V

Re: [clamav-users] [Clamav-users] Tracking false positives

Hi, Some time ago I posted a message requesting help tracking down a false positive, and trying to learn why it triggered. I have another one. This is the information from the logs for that message: Mar 4 00:02:05 smtp01 amavis[16992]: (16992-212) Virus MBL_144360.UNOFFICIAL matches pattern (?-x

Re: [clamav-users] [Clamav-users] Heuristics.Phishing.Email.SpoofedDomain FPs on Google Alerts mail

Someone just emailed me offlist to see if I found a solution - I haven't seen anything, although for the one customer who reported the problem I just whitelisted the Google Alerts email further upstream in the filtering process. Any suggestions for a solution within ClamAV beyond disabling the

Re: [clamav-users] [Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

On Fri, 03 Dec 2010 09:50:22 + James Brown wrote: > Török Edwin wrote: > > On Sat, 27 Nov 2010 05:24:19 + > > James Brown wrote: > > > >> When scanning, clamscan give me the above messages of errors. > >> What could it mean? > > > > It probably means that the file changed its size whil

Re: [clamav-users] [Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

Török Edwin wrote: > On Sat, 27 Nov 2010 05:24:19 + > James Brown wrote: > >> When scanning, clamscan give me the above messages of errors. >> What could it mean? > > It probably means that the file changed its size while you were > scanning it, i.e. clamscan thought the file still had 4077

Re: [Clamav-users] [ClamAV-users] HELP!unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

chmod g+w $SOCKET_PATH chgrp postfix $SOCKET_PATH else log_warning_msg "Socket not created. Investigate" fi fi log_end_msg $ret ;; stop) OPTIND=1 log_daemon_msg "Stopping $DESC" "$BASENAME" if [ -n "$PID" ]; then PID=`echo $PID | sed '

Re: [Clamav-users] [ClamAV-users] HELP!unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

Does anyone have a fix for this? -Original Message- From: Gomes, Rich Sent: Tuesday, April 28, 2009 10:40 AM To: ClamAV users ML Subject: RE: [Clamav-users] [ClamAV-users] HELP!unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid' Thanks, this is a new install

Re: [Clamav-users] [ClamAV-users] HELP!unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of James Kosin Sent: Tuesday, April 28, 2009 10:27 AM To: ClamAV users ML Subject: Re: [Clamav-users] [ClamAV-users] HELP!unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid' Noel

Re: [Clamav-users] [ClamAV-users] HELP! unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

Noel Jones wrote: > Gomes, Rich wrote: >> Line referring to the pid has been removed from the conf file but it still >> throws the same error >> Root owns the files, (same as the old mail server) > > Do NOT use the --pidfile *command line* option when starting > clamav-milter! Please read the c

Re: [Clamav-users] [ClamAV-users] HELP! unrecognizedoption `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

: Tuesday, April 28, 2009 9:36 AM To: ClamAV users ML Subject: Re: [Clamav-users] [ClamAV-users] HELP! unrecognizedoption `--pidfile=/var/run/clamav-milter/clamav-milter.pid' Gomes, Rich wrote: > Line referring to the pid has been removed from the conf file but it still > throws the

Re: [Clamav-users] [ClamAV-users] HELP! unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

Gomes, Rich wrote: > Line referring to the pid has been removed from the conf file but it still > throws the same error > Root owns the files, (same as the old mail server) Do NOT use the --pidfile *command line* option when starting clamav-milter! Please read the clamav-milter man page. You m

Re: [Clamav-users] [ClamAV-users] HELP! unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

Line referring to the pid has been removed from the conf file but it still throws the same error Root owns the files, (same as the old mail server) Where else to look? -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Beh

Re: [Clamav-users] clamav-users Digest, Vol 47, Issue 14

Su -Original Message- From: [EMAIL PROTECTED] To: clamav-users@lists.clamav.net Sent: 17/08/08 11:00 Subject: clamav-users Digest, Vol 47, Issue 14 Send clamav-users mailing list submissions to clamav-users@lists.clamav.net To subscribe or unsubscribe via the World Wide Web, visi

Re: [Clamav-users] Clamav-users] Database correctly reloaded (0 signatures)

On Mon, 14 Jul 2008, Tomasz Kojm wrote: > The logs prove that this was (is?) a problem with your clamav installation. > Most likely, freshclam was updating files in another directory. (nod) Ah, right. Somewhere around 0.93.1 (mid Feb.) when the (RH9) packages were downloaded, I reviewed the new co

Re: [Clamav-users] clamav-users Digest, Vol 46, Issue 15

Hi Stephen, On Tue, 15 Jul 2008 Stephen Gran wrote: > On Mon, Jul 14, 2008 at 12:31:06PM +0100, G.W. Haywood said: > > > > > > > Here's a graph of the memory used by clamd on one of my servers: > > > > http://www.jubileegroup.co.uk/JOS/misc/clamav-milter-0.9x.gif > > > > > > can you also plo

Re: [Clamav-users] clamav-users Digest, Vol 45, Issue 20

> > Hermann T. Ribeiro wrote: > > Message: 3 > > Date: Wed, 18 Jun 2008 15:23:43 +0300 > > From: T?r?k Edwin <[EMAIL PROTECTED]> > > Subject: Re: [Clamav-users] Problem with internal logger > >(UpdateLogFile = > /opt/zimbra/log/freshclam.log). > > To: ClamAV users ML > > Message-ID: <[EMAI

Re: [Clamav-users] clamav-users Digest, Vol 45, Issue 19

Hermann T. Ribeiro wrote: > Message: 3 > Date: Wed, 18 Jun 2008 15:23:43 +0300 > From: T?r?k Edwin <[EMAIL PROTECTED]> > Subject: Re: [Clamav-users] Problem with internal logger >(UpdateLogFile = > /opt/zimbra/log/freshclam.log). > To: ClamAV users ML > Message-ID: <[EMAIL PROTECTED]> > Co

Re: [Clamav-users] clamav-users Digest, Vol 45, Issue 19

Message: 3 Date: Wed, 18 Jun 2008 15:23:43 +0300 From: T?r?k Edwin <[EMAIL PROTECTED]> Subject: Re: [Clamav-users] Problem with internal logger (UpdateLogFile = > /opt/zimbra/log/freshclam.log). To: ClamAV users ML Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1

Re: [Clamav-users] clamav-users Digest, Vol 44, Issue 3

Hi guys, On Sat, 3 May 2008 [EMAIL PROTECTED] wrote: > [snip 66kB of message, including 60kB of useless crap] Please guys, trim your posts properly. Some of us are busy. 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clama

<    1   2   3   >