Nigel - thanks for the reply - I didnt have an original, because they do get caught by
the second filter...
I will play around with it and see if I can..however, I sent you an attached file
witht the virus that does get through clam
On Tue, 27 Jan 2004 06:31 , Shawn Tayler [EMAIL PROTECTED]
I am running the following:
./configure\
--enable-milter\
--sysconfdir=/etc
make
make install
Clamd is installed normally and is running fine. However, clamav-milter is
not being installed, no errors are generated.
I tried running make clean and rerunning the command and still no luck.
I
On Tuesday 27 Jan 2004 12:53 pm, Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop
Yes I'm not sure.. do we put SCO Worm.SCO or Worm.SCO.A in the
fake_sender list?
On Tue, 2004-01-27 at 10:44, Brian Read wrote:
At 14:57 27/01/2004, you wrote:
Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender
On Tuesday 27 Jan 2004 2:31 pm, Shawn Tayler wrote:
Nigel,
I have several examples of this. Even with older virii.
Would you be interested in them as well?
Yes but please send me the original. Many people send me the bounce
message which contains the virus. This is no help to the parser, I
Brian Read wrote:
At 14:57 27/01/2004, you wrote:
I am using Amavis-ng, and the amavisd.conf doesn't seem to have that
line in it. However it does seem to know about other ones which spoof
the reply, so i guess it must be somewhere?
Probabli... but try to change to amavisd-new, I thing is
I've got a user who says yahoo groups is getting an error message when
trying to send an email to our email server.
Here's a part of the transcript from the customer:
*
Recent Bounced Messages
Most recent messages Response
Date Type of message sent Date Result
1/1/2004 Auto
On Mon, 26 Jan 2004, Rick Macdougall wrote:
I've blocked over 1000 of them in the last hour or so since I forced a
freshclam.
Oddly enough, Spam Assassin picked one up for me at 4:45 PM EST here. at
4:50, my hourly cron job ran, updated the DB, and I've been filtering them
ever since.
Seem to
the end of the bounce message. Although I'm sure the MIME is no longer set up
right so it may be harmles, Norton seems to catch these while ClamAV does
It's not only problem with ClamAV mime unpacker - even ripmime is
unable to extract attachment in the body of bounce message.
For
Does anyone know how to use clamscan to scan http web uploads on and
Apache/PHP server ?
Someone has written a mod_clamav module. Try searching on Google for it.
David
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED]
Well, despite my better judgement I decided to go ahead and install
clamav-devel-20040110 on my OSX 10.1.5 machine. Seems to work well, as
far as I can tell. Tests run fine.
The only issues I've had are freshclam's -c flag seems broken:
[dina:/var/log/clamav] engineer% sudo freshclam -d -c 2
On Wednesday 28 Jan 2004 12:52 am, James Nelson wrote:
Not that I am aware of. Iinstalled sendmail from the src files not an RPM
In that case, did you install libmilter?
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED]
On Wednesday 28 Jan 2004 12:03 am, Jure Pear wrote:
This would greatly reduce the work for mail administrators, with only
minimal changes to av engines and wrappers around them (like amavisd-new
co).
Yes it's a good idea but it can't be trusted
and we still need a solution here. I am working
Mailing Lists wrote:
I got clamd+clamav-milter working on my Redhat 9 mail server and it is
blocking all of the latest worms. My question is this.
Does clamav-milter delete these emails or move them to some quarantine
directory. I am using a default rpm install from
I am curious,
It appears that I have missed something very important in my Clamav setup,
0.65, in that I have several examples of Maildir files that contain a
known, detectable virus, that will not show as conatining such unless the
file is converted to binary from mime.
I use the --mbox and
Jason Holland wrote:
Richard,
I had this very problem today on a fedora box. By default, with those
rpm's, it doesn't seem to do anything. The virus is detected, but the
email is allowed to pass through. I messed with this for a few hours and
could not get it to do anything with the email.
I dunno but I had to restart clamd on all my servers this morning to get
it to notice them.. is that normal?
On Tue, 2004-01-27 at 10:24, Erick Ivaan Lopez Carreon wrote:
El mar, 27-01-2004 a las 02:52, Nigel Horne escribió:
On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
Any
Mailing Lists wrote:
Sure, do you have the src RPM so I can build for RH9 or will Fedora
binary work? I am running 0.60, not 0.65
Richard,
it is not good idea to install fedora binaries on old RH versions.
Rebuild src package on your system and the result will be better.
BTW, clamav-0.60 is
Nigel - I sent a message to you that made it through the system after I turned off the
second AV for the mail.
so that is an *original* copy of an email that got through
thanks
---
Chris McKeever
If you want to reply directly to me, please use
I am having this problem as well. I have about 20 emails in my quaratine
which my qmail-scanner blocked because they had .exe or /pif attachments.
We have these attachment types blocked for security reasons. However it
turns out these attachements all had virii in them. Some flat out .exe
On Wed, Jan 28, 2004 at 08:20:41AM +0100, Tomasz Kojm wrote:
On Tue, 27 Jan 2004 15:23:56 -0800 (PST)
Ryan Finnie [EMAIL PROTECTED] wrote:
find /path -ctime -1 -exec clamscan \{\} \;
but that invokes clamscan for EVERY matching file found. Instead, I
would like to request that a new
Richard,
I had this very problem today on a fedora box. By default, with those
rpm's, it doesn't seem to do anything. The virus is detected, but the
email is allowed to pass through. I messed with this for a few hours and
could not get it to do anything with the email.
This
My make log is indicating its not even trying to make the clamav-milter.
Making all in clamav-milter
make[1]: Entering directory `/usr/src/clamav-0.65/clamav-milter'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/usr/src/clamav-0.65/clamav-milter'
make[1]: Entering directory
On Thu, 22 Jan 2004 15:40:17 -0600
Sean Tempesta [EMAIL PROTECTED] wrote:
Basically, the error exim receives from clam is:
/var/spool/exim/scan/1AjmNJ-0007VL-Jw/1AjmNJ-0007VL-Jw-0.com: Zip
module failure. ERROR
Please send me some sample that causes clamscan to generate this error.
If
Hi,
I have tried to use freshclam from the cvs version devel-20040127, but
after 20 minutes it times out. My job shows the following:
Starting the daily download of the clamAV virus databases to the
Labserver at Wed Jan 28 11:39:26 GMT 2004
WARNING: Proxy settings are now only configurable
# clamdscan readme.zip
/root/readme.zip: Can't access the file ERROR
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.001 sec (0 m 0 s)
And everything I try to scan gives me the same ERROR.
---
The SF.Net email is sponsored
On Tue, 27 Jan 2004 at 15:23:56 -0800, Ryan Finnie wrote:
I was looking for a way to set up a cron job to, once per day, scan only
files that have changed in the last day. find works pretty well for that,
but the question is how to get the data to clamscan. My first thought was
xargs, but
Andrzej Zawadzki wrote:
Brian Read wrote:
At 14:57 27/01/2004, you wrote:
I am using Amavis-ng, and the amavisd.conf doesn't seem to have that
line in it. However it does seem to know about other ones which spoof
the reply, so i guess it must be somewhere?
Probabli... but try to change to
I noticed that the virus count has dropped back to pre-SCO.A levels
starting around 0330 UTC this morning. I have not seen a single SCO.A
since then. Has anyone also seen this?
Jeffrey
---
The SF.Net email is sponsored by EclipseCon 2004
Kritof Petr wrote:
Mailing Lists wrote:
Sure, do you have the src RPM so I can build for RH9 or will Fedora
binary work? I am running 0.60, not 0.65
Richard,
it is not good idea to install fedora binaries on old RH versions.
Rebuild src package on your system and the result will be better.
El mié, 28-01-2004 a las 06:58, Thomas Lamy escribió:
Andrzej Zawadzki wrote:
Brian Read wrote:
At 14:57 27/01/2004, you wrote:
I am using Amavis-ng, and the amavisd.conf doesn't seem to have that
line in it. However it does seem to know about other ones which spoof
the reply,
Hi.
My SMTP filter running ClamAV is blocking a huge amount of messages with
the Worm.SCO.A.
It seams to be the same virus as MyDoom or Novarg.
Can anyone confirm this?!
Thanks.
Att,
Patrícia Viana
Network Administrator
Eletrobolt Power Plant - Rio de Janeiro-
BRAZIL
Tel: +55 (21)
On Wed, Jan 28, 2004 at 04:19:05PM -0600, Jeffrey L. Taylor wrote:
I noticed that the virus count has dropped back to pre-SCO.A levels
starting around 0330 UTC this morning. I have not seen a single SCO.A
since then. Has anyone also seen this?
No; I'm still seeing ~40 virus a minute as
On Wednesday 28 Jan 2004 4:37 pm, james nelson wrote:
That's the very tail end of the make log. Any clues why it is not even
trying to build it, even though the appropriate flag is used as posted
previously, and the .configure log appears to show everything is ok. The
only no flags I have
I have LOTS of samples, whre can i send them to?
On Fri, Jan 23, 2004 at 10:27:56PM +0100, Tomasz Kojm wrote:
On Thu, 22 Jan 2004 15:40:17 -0600
Sean Tempesta [EMAIL PROTECTED] wrote:
Basically, the error exim receives from clam is:
Hi all,
I think you should say clamscan with --mbox because I haven't found
--mbox flag for clamdscan isn't it?
Nevertheless if a similar flag exist flag exist for clamdscan (0.65
release) I will be very interrested in.
Best regards,
Jose THOMAS.
Le 28 janv. 04, à 16:47, Jim Maul a écrit :
Tomasz,
Thank you for responding to my email. I realized I made a blatant
mistake in thinking there was a problem with Clam on Solaris. The
errors I am seeing are relating to Clam trying to unzip a file that is
not a .zip file. I have a small collection of viri that I have been
feeding
On Thu, 29 Jan 2004 08:19, Jeffrey L. Taylor wrote:
I noticed that the virus count has dropped back to pre-SCO.A levels
starting around 0330 UTC this morning. I have not seen a single SCO.A
since then. Has anyone also seen this?
Jeffrey
From my mail server's /var/log/messages:
Jan 29
On Wed, 28 Jan 2004 at 16:19:05 -0600, Jeffrey L. Taylor wrote:
I noticed that the virus count has dropped back to pre-SCO.A levels
starting around 0330 UTC this morning. I have not seen a single SCO.A
since then. Has anyone also seen this?
No. Many SCOs still arrive.
Better check if you
Yay! I'm not crazy!
On Wed, 2004-01-28 at 08:23, Dirk Meyer wrote:
Eric Wieling schrieb:,
Try clamscan rather than clamdscan. I was having a similar problem and
it started working when I used clamscan rather than clamdscan. I
assumed it was a config issue on my part, but
I
Jeffrey L. Taylor wrote:
I noticed that the virus count has dropped back to pre-SCO.A levels
starting around 0330 UTC this morning. I have not seen a single SCO.A
since then. Has anyone also seen this?
Jeffrey
Hi,
Nope, better check your settings. I'm showing the same if not increased
levels.
Nope, still getting hit with it.
--
Jeff
I noticed that the virus count has dropped back to pre-SCO.A levels
starting around 0330 UTC this morning. I have not seen a single SCO.A
since then. Has anyone also seen this?
Jeffrey
---
The
On Tue, 27 Jan 2004 16:10:55 -0700
[EMAIL PROTECTED] wrote:
Quoting Tomasz Kojm [EMAIL PROTECTED]:
On Tue, 27 Jan 2004 12:18:11 -0700
[EMAIL PROTECTED] wrote:
I also figured out that the cause for this error is damaged ZIP
archive.
So there's no problem - clamd properly
On Tue, 27 Jan 2004 15:23:56 -0800 (PST)
Ryan Finnie [EMAIL PROTECTED] wrote:
find /path -ctime -1 -exec clamscan \{\} \;
but that invokes clamscan for EVERY matching file found. Instead, I
would like to request that a new flag, say -f, be added to
clamscan/clamdscan that takes a list of
On Tue, 27 Jan 2004 16:39:25 -0800 (PST)
Nick Stephens [EMAIL PROTECTED] wrote:
make[1]: *** No rule to make target `../docs/clamav-milter.8', needed
by `all-am'. Stop.
make[1]: Leaving directory `/root/clamav-0.65/clamav-milter'
make: *** [all-recursive] Error 1
[/snip]
cd
On Wed, 2004-01-28 at 16:01, Patricia Viana wrote:
Hi.
My SMTP filter running ClamAV is blocking a huge amount of messages with the
Worm.SCO.A.
It seams to be the same virus as MyDoom or Novarg.
Can anyone confirm this?!
That is correct.
Clam had a signature whilst the
On Tue, 27 Jan 2004 22:02:14 +
Steve King [EMAIL PROTECTED] wrote:
- - Linux 2.4.18 (it was 2.4.10 when I first had this problem)
- - KDE 3.1.5 (3.1.4 until recently)
Heh, KDE should not affect clamd ;-)
- - I use clamuko, with dazuko version 1.2.2 (so when clamd crashes,
Please disable
47 matches
Mail list logo