On 10/3/07 7:26 AM, Joao S Veiga [EMAIL PROTECTED] wrote:
Pagamento (payment) is a VERY common subject in Portuguese, and having a
numeric
link anywhere after that in your mailbox or in the same email causes the false
positive. That signature is WAY too prone of false positives!
Sounds like
Joao S Veiga wrote:
Hi, I was getting tons of these false positives (just reportedsubmitted a
sample).
you can delete the line:
Email.FreeGame:4:*:75626a6563743a{-30}(67|47)616d65*687474703a2f2f(31|32|33|34|35|36|37|38|39)
from /var/lib/clamav/daily.inc/daily.ndb
and it will go
Hi John,
think long and hard about the combination of payments and entities which are
reduced to using numeric IPs in URLs. I suspect my business goes elsewhere.
Agreed :-), but the problem is (and what has caused most of my problems) that if
you have an email with the Subject: Pagamento in
Joao S Veiga wrote:
Hi John,
think long and hard about the combination of payments and entities which are
reduced to using numeric IPs in URLs. I suspect my business goes elsewhere.
Agreed :-), but the problem is (and what has caused most of my problems) that
if
you have an email with
Bill Landry wrote:
Dennis Peterson wrote:
Joao S Veiga wrote:
Hi John,
think long and hard about the combination of payments and entities which
are
reduced to using numeric IPs in URLs. I suspect my business goes
elsewhere.
Agreed :-), but the problem is (and what has caused most of
Dennis Peterson wrote:
I've been following this discussion for the past few days, and I got to ask
why
scan an mbox file in the first place? I realize that if one does choose to
scan
an mbox file, then the scanner should do the right thing and consider each
message within the mbox as a
Dennis Peterson wrote:
Joao S Veiga wrote:
Hi John,
think long and hard about the combination of payments and entities which are
reduced to using numeric IPs in URLs. I suspect my business goes elsewhere.
Agreed :-), but the problem is (and what has caused most of my problems)
that if
Hi Dennis and others, thanks for pointing out that this has been discussed
already. Sorry about that; I only searched for Email.FreeGame and got to this
thread (I wasn't subscribing).
Hi Bill,
If one is not scanning at transport time, then since the infected message has
already been delivered,
Hi,
If one has hundreds of thousands of users,
I only have 50 users; I can put those wasted watts to work at night when the
servers are idle.
At some point you have to pass the responsibility onto the end user (personal
virus scanner, updated regularly), otherwise you make yourself liable
On Wednesday October 03, 2007 at 02:16:30 (PM) Joao S Veiga wrote:
If one has hundreds of thousands of users,
I only have 50 users; I can put those wasted watts to work at night when the
servers are idle.
At some point you have to pass the responsibility onto the end user
(personal
Jon Wagoner - Red Cheetah wrote:
Is there any way I can disable the check for Email.FreeGame?
Is there any reason to suspect this file will ever contain a viable virus? If
not
then don't bother scanning it. Sorry I don't have an answer for your question.
dp
Jon Wagoner - Red Cheetah wrote:
Yes, I'm periodically doing scans of the full drive. I could just
skip
the mysql directory, but that seems pretty bad security practice.
Why does it seem that way to you ?
It appears clamav just does a substring match on the exclude, so it
would be easy to
On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
Yes, I'm periodically doing scans of the full drive. I could just skip
the mysql directory, but that seems pretty bad security practice.
Why does it seem that way to you ?
I don't think scanning raw mysql database files is going to give
Yes, I'm periodically doing scans of the full drive. I could just
skip
the mysql directory, but that seems pretty bad security practice.
Why does it seem that way to you ?
It appears clamav just does a substring match on the exclude, so it
would be easy to hide viruses. E.g. If I
On Fri, September 28, 2007 12:41 pm, Dennis Peterson said:
Jon Wagoner - Red Cheetah wrote:
Is there any way I can disable the check for Email.FreeGame?
Is there any reason to suspect this file will ever contain a viable
virus? If not then don't bother scanning it. Sorry I don't have an
On Fri, September 28, 2007 12:41 pm, Dennis Peterson said:
Jon Wagoner - Red Cheetah wrote:
Is there any way I can disable the check for Email.FreeGame?
Is there any reason to suspect this file will ever contain a viable
virus? If not then don't bother scanning it. Sorry I don't
On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
It appears clamav just does a substring match on the exclude, so it
would be easy to hide viruses. E.g. If I excluded .MYD, then you could
just have your virus named somevirus.MYD and it would not be caught. If
I would not exclude *.MYD
On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
It appears clamav just does a substring match on the exclude, so it
would be easy to hide viruses. E.g. If I excluded .MYD, then you
could
just have your virus named somevirus.MYD and it would not be caught.
If
I would not
On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
hidden
in /home/someuser/var/lib/mysql/my-virus-here.
Users should not be able to write to that directory at all, it should
be
Take a closer look, that's not the real mysql directory, just a
subdirectory under the users home
19 matches
Mail list logo
