Im running a smtp server with f-secure and clamav. I have a problem with
the f-secure server because it cant find the bagle virus in password
protected zip files but clamav does. I e-mailed f-secure support about
and they said to me it isnt any virus scanner today that can find virus
in
Hi.
(B
(BExiscan is a patch for the source program of Exim,
(Bso Exim should be compiled.
(BHowever, I am using cPanel also.
(BMy admin thinks Amavisd-new is better than Exiscan.
(B
(BIs there any way to use amavisd-new for realizing the combinaion
(B with spamassasin?
(B
(BMany thanks.
How do I get ClamAV do search thru password protected files?
Im using ClamAV-devel-20030318
//Regards Jonas
- Original Message -
From: Simon Gate [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 8:04 AM
Subject: [Clamav-users] Find bagle in Zip files.
Hello.
Im
How do I get ClamAV to generate this repport?
//Regards Jonas
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 7:35 AM
Subject: [Clamav-users] Application to generate CLAMAV report
Dear all,
I have created a small application
On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote:
Is there any way to make clamd log the structure of
a message and it's attachments? BinHex, MIME, plain-text,
ZIP, RAR, BZIP, GZIP, OLE2, etc...?
I don't consider that to be the job of a virus scanner.
-Nigel
--
Nigel Horne.
Hi,
Just downloaded the src RPM clamav-0.70rc-1.src.rpm
I wanted to build RPM without milter support ?
What i need to change in SPEC file...
Sorry i know very very little abt SPEC file .
Thanks
-Dilip
--
The brain is a wonderful organ. It gets automounted the moment you get Up
Dilip M wrote:
Hi,
Just downloaded the src RPM clamav-0.70rc-1.src.rpm
I wanted to build RPM without milter support ?
What i need to change in SPEC file...
Sorry i know very very little abt SPEC file .
Thanks
-Dilip
Try:
'rpmbuild -ba clamav.spec --without milter'
Petr
Bryce wrote:
The startup script clamav-milter.sh Makes a few calls to init.d. I
am on a Virtual Private Server so I do not have init.d available to
me. All I have is rc.d. How can I then get clamav-milter to start when
I reboot my server?
Thanks
Write your own simple script and put them to
On Fri, 26 Mar 2004 14:33:46 +0530, Dilip M [EMAIL PROTECTED] wrote:
Hi,
Just downloaded the src RPM clamav-0.70rc-1.src.rpm
I wanted to build RPM without milter support ?
Did
%define _without_milter 1
its getting built :)
---
This
Joe's Web Hosting $B!!(B-- $B;3EDhttp://www.ijs.si/software/amavisd/README.exim_v4
(BYou add amavis router, amavis transport, and local_interfaces directive.
(B
(BAnyway, as I said earlier this is the wrong list,
(BYou might get better luck on exim-users or amavis-users list.
(B
(B
On Wed, 24 Mar 2004 10:19:26 -0300, Everton da Silva Marques
[EMAIL PROTECTED] wrote:
On Wed, Mar 24, 2004 at 02:33:09PM +0530, Dilip M wrote:
I'm running clamav-0.67-1,
with Exim 4.30/exiscan-acl patch revision 14.
I got these viruses skipped while testing tro testvirus.org
Test #
Jesse Guardiani
uname -na
Linux korn 2.4.23 #2 Fri Dec 26 13:44:13 BRST 2003 i686 unknown
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies.
[..]
Test # 12,19,21,23,25
Is this normal or i need to upgrade ?
Get latest clamav, 0.70rc or even CVS, then enable ScanMail.
Just now i got this CLAMAV installed...
---
# rpm -qa|grep clam
clamav-0.70rc-1
-
ClamAV update process started at Fri Mar 26 15:45:25 2004
On Fri, 26 Mar 2004 07:31:58 GMT
Tomasz Klim [EMAIL PROTECTED] wrote:
clamav to find a virus in a password protected file when f-secure
support claims it isnt possible?
Clamav doesn't find viruses in passworded zip archives. Clamav just
have in its virus database 2 special signatures,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
Sent: Thursday, March 25, 2004 5:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] clam not fresh
SNIP
I did exactly that, deleted the cvd files and re-ran freshclam. I am
only
Jim,
On Mar 26, 2004, at 8:43 AM, Jim Maul wrote:
SNIP
I did exactly that, deleted the cvd files and re-ran freshclam. I am
only showing through SomeFool.M, no O, P or P-dll.
Any ideas or tips appreciated.
Thanks,
Mark
Well, being that this makes no sense, the only thing i can suggest is
I do still have the old style signatures located in
/usr/share/clamav from clam-0.65. Tomasz mentioned
in an earlier post that this could be the problem.
I am wondering if I should change the freshclam.conf
database line from /var/lib/clamav to /usr/share/clamav?
It seems to me that I
I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3.
The other day, the following worm slipped through my clamav scanner:
Worm.Bagle.Gen-rarpwd
At first, I thought it was a new rar file, and tried to submit it. This
variant had already been input into the database. Figuring
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
Sent: Friday, March 26, 2004 10:14 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] clam not fresh
My number of signatures is exactly the same as yours. When I grep for
somefool, I
Nigel Horne wrote:
On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote:
Is there any way to make clamd log the structure of
a message and it's attachments? BinHex, MIME, plain-text,
ZIP, RAR, BZIP, GZIP, OLE2, etc...?
I don't consider that to be the job of a virus scanner.
:) Why
The evidence points to incoming connections taking a long time (minutes) to send the
first
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes between an SMTP connection being established and
the conversation
Dilip M wrote:
[...]
Only improvement is Test # 12 was detected ?
Where as all other Viruses,ie
Test # 19,21,23,25
came through :(
That is exactly what I'm getting with qmail-scanner-1.21 and clamav0.70-rc
(and the CVS version from 2004/03/25).
I think there was a discussion about these
Ralph Angenendt wrote:
[...]
grep FOUND /var/log/messages \
| cut -d : -f 5 \
| sed -e s/\ FOUND// \
| sort \
| uniq -c \
| sort -r
This gives us the following output (yes, no percentages, one might hack
that into it):
9353 Worm.SomeFool.Gen-1
3647
Jesse,
On Fri, 2004-03-26 at 10:46, Jesse Guardiani wrote:
:) Why not if it can already performing actions on the above
items?
Clamav is a virus scanner. Features like that belong in whatever rips
apart messages for Clamav to scan (amavisd-new in my case). However, it
sounds like something
* Ethan P [EMAIL PROTECTED] [20040326 19:15]: wrote:
I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3.
Does it still behave the same if you upgrade to higher version?
cheers
- wash
All,
SNIP
I think it is time for you to erase ALL of your clamAV
files, wherever you have them scattered, and reinstall
and reconfigure, so you only have one set of .conf files
and one set of .cvd files, and then reboot.
At least then you'll know where to look and/or get
meaningful error
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Jesse Guardiani
:) Why not if it can already performing actions on the above
items?
Code bloat is a Bad Thing. I'd rather have my virus scanner doing
exactly what it's supposed to do - no more.
On Fri, 26 Mar 2004 09:14:08 -0600, Mark Novak [EMAIL PROTECTED] wrote:
Jim
My number of signatures is exactly the same as yours. When I grep for
somefool, I stop at M.
I do still have the old style signatures located in /usr/share/clamav
from clam-0.65. Tomasz mentioned in an earlier
Hi,
I've check the archive at length but I don't think any of the other posts
are the same problem.
the error is freshclam wont, error in log is:
ClamAV update process started at Fri Mar 26 15:01:37 2004
ERROR: Maximal time (1200 seconds) reached.
I've installed clam from the latest RPMs on a
Jesse Guardiani wrote:
[...]
I see similar symptoms when my clamd (0.70-rc) process chokes on a
message it doesn't like. The clamd process starts eating between 50%
and 100% CPU and gobbling up RAM.
Quick note: The CVS version from 2004/03/26 fixes this problem for me.
--
Jesse Guardiani,
On Thu, 25 Mar 2004 13:36:00 -0300 (ART)
Claudio Alonso [EMAIL PROTECTED] wrote:
I'm using Clamuko with Dazuko 2.0. only on /home and /tmp
I know Clamuko support isn't very tested, but is it possible for
Clamuko to generate a clamd segm. fault? Or may it be a different
problem?
It's a good
On Fri, 26 Mar 2004 15:27:23 -
Randal, Phil [EMAIL PROTECTED] wrote:
I think it is time for you to erase ALL of your clamAV
files, wherever you have them scattered, and reinstall
and reconfigure, so you only have one set of .conf files
and one set of .cvd files, and then reboot.
Reboot ?
Ethan,
Qmail-Scanner 1.21 has a new option:
--block-password-protected [yes|no] Defaults to no. Setting this to yes
allows
you to quarantine any incoming zip files that are
password
protected. This is primarily to stop viruses such
as
On Fri, 2004-03-26 at 15:44, Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send the
first
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes between an SMTP
Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send the
first
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes between an SMTP connection being established
On Fri, 2004-03-26 at 13:48, Tomasz Kojm wrote:
But AFAIK, Kaspersky AntiVirus can crack a password on zip archive
in some special circumstances. I have a program, that can do the
same, but Tomasz Kojm is not interested in it.
Right. ClamAV must be transparent in its licensing.
The key
Trog wrote:
On Fri, 2004-03-26 at 15:44, Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send the
first
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes
I think I figured it out. Just read the release notes for .66 (the fix for
this issue). I'm on .70RC and it's working like a champ now.
-Ethan P
Ethan P writes:
I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3.
The other day, the following worm slipped through my
Let me preface this by stating that I am a newbie with using the
commands below, I have only ever used grep to locate simple things, I
have not used any of the others...
So how come when I enter the commands below, I get an error that
says: grep: unknown directories method?
Ralph Angenendt
Hello.
GMX released a paper where they were comparing the four biggest e-mail
provider in Germany and how successful the most known viruses are caught by
the e-mail software.
They were testing the following providers and virus software:
www.1und1.de (Symantec)
www.gmx.de (Sophos Anti-Virus)
On Fri, 2004-03-26 at 17:03, Joe Maimon wrote:
# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT:
Increase the
# timeout instead of disabling it.
ThreadTimeout 600
Still happening.
Besides
What os are you using?
- Original Message Follows -
From: Craig Daters [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Re: Application to generate CLAMAV report
Date: Fri, 26 Mar 2004 10:39:24 -0700
Let me preface this by stating that I am a newbie with using the
On Mar 26, 2004, at 11:10 AM, Jesse Guardiani wrote:
Dilip M wrote:
[...]
Only improvement is Test # 12 was detected ?
Where as all other Viruses,ie
Test # 19,21,23,25
came through :(
That is exactly what I'm getting with qmail-scanner-1.21 and
clamav0.70-rc
(and the CVS version from
Many thanks Fajar!
I had ScanMail enabled! I thought we needed that.. Darn; I just
disabled it now.
thanks a lot, -turgut
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President
Fri, 26 Mar 2004 at 17:47 GMT Jesse Guardiani [EMAIL PROTECTED] wrote
snip
Here's a sample output:
snip
And if you mix this output with a cronjob, some sql and jpgraph
(http://www.aditus.nu/jpgraph/), you might end up with something like
this:
Hello,
I'm running ClamAV 0.68-1 on a OpenBSD-machine (i386, snapshot 190304).
When I set 'User _clamd' in clamav.conf and start clamd as root I'm not
able to use clamdscan (not able to open file...most probably due to
file-restrictions). When I replace _clamd with root everything works
Björn Ketelaars wrote:
Hello,
I'm running ClamAV 0.68-1 on a OpenBSD-machine (i386, snapshot 190304).
When I set 'User _clamd' in clamav.conf and start clamd as root I'm not
able to use clamdscan (not able to open file...most probably due to
file-restrictions). When I replace _clamd with root
Craig Daters wrote:
Let me preface this by stating that I am a newbie with using the
commands below, I have only ever used grep to locate simple things, I
have not used any of the others...
So how come when I enter the commands below, I get an error that
says: grep: unknown directories
--- Tomasz Kojm [EMAIL PROTECTED] escribió:
It's a good idea to disable archive/mail support when using on-access
scanner.
Hello Tomasz,
Disabling archive support means that compressed files will be managed using external
decompressors?
Los mejores usados y las más tentadoras
On Friday 26 March 2004 5:39 pm, Craig Daters wrote:
Let me preface this by stating that I am a newbie with using the
commands below, I have only ever used grep to locate simple things, I
have not used any of the others...
So how come when I enter the commands below, I get an error that
RH9 with Sendmail
What os are you using?
- Original Message Follows -
From: Craig Daters [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Re: Application to generate CLAMAV report
Date: Fri, 26 Mar 2004 10:39:24 -0700
Let me preface this by stating that I am a newbie with
On Fri, 2004-03-26 at 18:35, Bart Silverstrim wrote:
Hmm...when I just tested it (postfix, clamav, amavisd-new) tests 8, 12,
24, and 25 got through. Am I missing something in my config?
How worried should I be about those viruses getting through? :-/
#8 was blocked with current CVS
Been there, done that. The man page offers no clues...
Craig Daters wrote:
Let me preface this by stating that I am a newbie with using the
commands below, I have only ever used grep to locate simple things, I
have not used any of the others...
So how come when I enter the commands below, I
Okay, I discovered that all of the logging is being done in
/var/log/maillog as opposed to /var/log/messages, and once I pointed
grep to the right file, then all has become well in the universe.
Thanks again.
Try starting with the simple grep command, then add each command with its pipe
symbol
On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote:
I just ran freshclam again and instead of downloading viruses.db and
then giving me a checksum error it now claims:
Connected to clamav.elektrapro.com.
Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server
On Friday 26 March 2004 8:44 pm, Craig Daters wrote:
Craig Daters wrote:
Let me preface this by stating that I am a newbie with using the
commands below, I have only ever used grep to locate simple things, I
have not used any of the others...
So how come when I enter the commands
Looks like my previous posting on this topic didn't make it to the list...
-- Forwarded Message --
Subject: Re: [Clamav-users] Re: Application to generate CLAMAV report
Date: Fri, 26 Mar 2004 19:28:14 +
From: Antony Stone [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
On Friday
Trog wrote:
On Fri, 2004-03-26 at 17:03, Joe Maimon wrote:
# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT:
Increase the
# timeout instead of disabling it.
ThreadTimeout 600
Still happening.
On Fri, 26 Mar 2004, Joe Maimon wrote:
Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send
the first
line of header after establishing a connection.so clamd gives up waiting.
Increasing clamd's timeout
will help. I have seen 4-5 minutes
On Fri, 26 Mar 2004 at 16:21:10 +, Roger Fishwick wrote:
I've check the archive at length but I don't think any of the other posts
are the same problem.
the error is freshclam wont, error in log is:
ClamAV update process started at Fri Mar 26 15:01:37 2004
ERROR: Maximal time (1200
Craig Daters wrote:
Okay, I discovered that all of the logging is being done in
/var/log/maillog as opposed to /var/log/messages, and once I pointed
grep to the right file, then all has become well in the universe.
I wouldn't have dared posting about that. ;-)
--
/Peter Bonivart
--Unix lovers
At 01:11 PM 3/26/2004, you wrote:
On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote:
I just ran freshclam again and instead of downloading viruses.db and
then giving me a checksum error it now claims:
Connected to clamav.elektrapro.com.
Reading md5 sum (viruses.md5): ERROR: md5
I am getting messages rejected. I've been getting a few notifications that
messages are not arriving. I get the following messages in my mail log.
Note: sender, recipient, myserver and mydomain.com.au are
fictitious.
Mar 26 22:59:40 myserver sm-mta[9106]: i2QBvPA0009106:
from=[EMAIL
On Mar 26, 2004, at 2:35 PM, Trog wrote:
On Fri, 2004-03-26 at 18:35, Bart Silverstrim wrote:
Hmm...when I just tested it (postfix, clamav, amavisd-new) tests 8,
12,
24, and 25 got through. Am I missing something in my config?
How worried should I be about those viruses getting through? :-/
[...]
Some people complained that ClamAV is not a 'vulnerability/exploit'
scanner,
but a virus scanner. This makes sense (and helps to avoid code bloat),
but if
[...]
After blocking 'com' extension i absorved that many of viruses from
testvirus.org had 'com' extension!!
Better i block the
65 matches
Mail list logo