Re: [Clamav-users] Find bagle in Zip files.

Im running a smtp server with f-secure and clamav. I have a problem with the f-secure server because it cant find the bagle virus in password protected zip files but clamav does. I e-mailed f-secure support about and they said to me it isnt any virus scanner today that can find virus in

Re: [Clamav-users] conbination with spamassasin

Hi. (B (BExiscan is a patch for the source program of Exim, (Bso Exim should be compiled. (BHowever, I am using cPanel also. (BMy admin thinks Amavisd-new is better than Exiscan. (B (BIs there any way to use amavisd-new for realizing the combinaion (B with spamassasin? (B (BMany thanks.

Re: [Clamav-users] Find bagle in Zip files.

How do I get ClamAV do search thru password protected files? Im using ClamAV-devel-20030318 //Regards Jonas - Original Message - From: Simon Gate [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 8:04 AM Subject: [Clamav-users] Find bagle in Zip files. Hello. Im

Re: [Clamav-users] Application to generate CLAMAV report

How do I get ClamAV to generate this repport? //Regards Jonas - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 7:35 AM Subject: [Clamav-users] Application to generate CLAMAV report Dear all, I have created a small application

Re: [Clamav-users] email structure logging

On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote: Is there any way to make clamd log the structure of a message and it's attachments? BinHex, MIME, plain-text, ZIP, RAR, BZIP, GZIP, OLE2, etc...? I don't consider that to be the job of a virus scanner. -Nigel -- Nigel Horne.

[Clamav-users] Building Clam-RPM without milter support ?

Hi, Just downloaded the src RPM clamav-0.70rc-1.src.rpm I wanted to build RPM without milter support ? What i need to change in SPEC file... Sorry i know very very little abt SPEC file . Thanks -Dilip -- The brain is a wonderful organ. It gets automounted the moment you get Up

Re: [Clamav-users] Building Clam-RPM without milter support ?

Dilip M wrote: Hi, Just downloaded the src RPM clamav-0.70rc-1.src.rpm I wanted to build RPM without milter support ? What i need to change in SPEC file... Sorry i know very very little abt SPEC file . Thanks -Dilip Try: 'rpmbuild -ba clamav.spec --without milter' Petr

Re: [Clamav-users] Help with clamav-milter.sh

Bryce wrote: The startup script clamav-milter.sh Makes a few calls to init.d. I am on a Virtual Private Server so I do not have init.d available to me. All I have is rc.d. How can I then get clamav-milter to start when I reboot my server? Thanks Write your own simple script and put them to

Re: [Clamav-users] Building Clam-RPM without milter support ?

On Fri, 26 Mar 2004 14:33:46 +0530, Dilip M [EMAIL PROTECTED] wrote: Hi, Just downloaded the src RPM clamav-0.70rc-1.src.rpm I wanted to build RPM without milter support ? Did %define _without_milter 1 its getting built :) --- This

Re: [Clamav-users] conbination with spamassasin

Joe's Web Hosting $B!!(B-- $B;3EDhttp://www.ijs.si/software/amavisd/README.exim_v4 (BYou add amavis router, amavis transport, and local_interfaces directive. (B (BAnyway, as I said earlier this is the wrong list, (BYou might get better luck on exim-users or amavis-users list. (B (B

Re: [Clamav-users] Yet another TESTVIRUS.org result !!

On Wed, 24 Mar 2004 10:19:26 -0300, Everton da Silva Marques [EMAIL PROTECTED] wrote: On Wed, Mar 24, 2004 at 02:33:09PM +0530, Dilip M wrote: I'm running clamav-0.67-1, with Exim 4.30/exiscan-acl patch revision 14. I got these viruses skipped while testing tro testvirus.org Test #

[Clamav-users] RE: Clamav error

Jesse Guardiani uname -na Linux korn 2.4.23 #2 Fri Dec 26 13:44:13 BRST 2003 i686 unknown --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies.

Re: [Clamav-users] Yet another TESTVIRUS.org result !!

[..] Test # 12,19,21,23,25 Is this normal or i need to upgrade ? Get latest clamav, 0.70rc or even CVS, then enable ScanMail. Just now i got this CLAMAV installed... --- # rpm -qa|grep clam clamav-0.70rc-1 - ClamAV update process started at Fri Mar 26 15:45:25 2004

Re: [Clamav-users] Find bagle in Zip files.

On Fri, 26 Mar 2004 07:31:58 GMT Tomasz Klim [EMAIL PROTECTED] wrote: clamav to find a virus in a password protected file when f-secure support claims it isnt possible? Clamav doesn't find viruses in passworded zip archives. Clamav just have in its virus database 2 special signatures,

RE: [Clamav-users] clam not fresh

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak Sent: Thursday, March 25, 2004 5:37 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] clam not fresh SNIP I did exactly that, deleted the cvd files and re-ran freshclam. I am only

Re: [Clamav-users] clam not fresh

Jim, On Mar 26, 2004, at 8:43 AM, Jim Maul wrote: SNIP I did exactly that, deleted the cvd files and re-ran freshclam. I am only showing through SomeFool.M, no O, P or P-dll. Any ideas or tips appreciated. Thanks, Mark Well, being that this makes no sense, the only thing i can suggest is

RE: [Clamav-users] clam not fresh

I do still have the old style signatures located in /usr/share/clamav from clam-0.65. Tomasz mentioned in an earlier post that this could be the problem. I am wondering if I should change the freshclam.conf database line from /var/lib/clamav to /usr/share/clamav? It seems to me that I

[Clamav-users] Segfault on password protected rar?

I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3. The other day, the following worm slipped through my clamav scanner: Worm.Bagle.Gen-rarpwd At first, I thought it was a new rar file, and tried to submit it. This variant had already been input into the database. Figuring

RE: [Clamav-users] clam not fresh

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak Sent: Friday, March 26, 2004 10:14 AM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] clam not fresh My number of signatures is exactly the same as yours. When I grep for somefool, I

[Clamav-users] Re: email structure logging

Nigel Horne wrote: On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote: Is there any way to make clamd log the structure of a message and it's attachments? BinHex, MIME, plain-text, ZIP, RAR, BZIP, GZIP, OLE2, etc...? I don't consider that to be the job of a virus scanner. :) Why

Re: [Clamav-users] reject=451 4.7.1 Please try again later

The evidence points to incoming connections taking a long time (minutes) to send the first line of header after establishing a connection.so clamd gives up waiting. Increasing clamd's timeout will help. I have seen 4-5 minutes between an SMTP connection being established and the conversation

[Clamav-users] Re: Yet another TESTVIRUS.org result !!

Dilip M wrote: [...] Only improvement is Test # 12 was detected ? Where as all other Viruses,ie Test # 19,21,23,25 came through :( That is exactly what I'm getting with qmail-scanner-1.21 and clamav0.70-rc (and the CVS version from 2004/03/25). I think there was a discussion about these

[Clamav-users] Re: Application to generate CLAMAV report

Ralph Angenendt wrote: [...] grep FOUND /var/log/messages \ | cut -d : -f 5 \ | sed -e s/\ FOUND// \ | sort \ | uniq -c \ | sort -r This gives us the following output (yes, no percentages, one might hack that into it): 9353 Worm.SomeFool.Gen-1 3647

Re: [Clamav-users] Re: email structure logging

Jesse, On Fri, 2004-03-26 at 10:46, Jesse Guardiani wrote: :) Why not if it can already performing actions on the above items? Clamav is a virus scanner. Features like that belong in whatever rips apart messages for Clamav to scan (amavisd-new in my case). However, it sounds like something

Re: [Clamav-users] Segfault on password protected rar?

* Ethan P [EMAIL PROTECTED] [20040326 19:15]: wrote: I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3. Does it still behave the same if you upgrade to higher version? cheers - wash

Re: [Clamav-users] clam not fresh [Solved]

All, SNIP I think it is time for you to erase ALL of your clamAV files, wherever you have them scattered, and reinstall and reconfigure, so you only have one set of .conf files and one set of .cvd files, and then reboot. At least then you'll know where to look and/or get meaningful error

RE: [Clamav-users] Re: email structure logging

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jesse Guardiani :) Why not if it can already performing actions on the above items? Code bloat is a Bad Thing. I'd rather have my virus scanner doing exactly what it's supposed to do - no more.

Re: [Clamav-users] clam not fresh

On Fri, 26 Mar 2004 09:14:08 -0600, Mark Novak [EMAIL PROTECTED] wrote: Jim My number of signatures is exactly the same as yours. When I grep for somefool, I stop at M. I do still have the old style signatures located in /usr/share/clamav from clam-0.65. Tomasz mentioned in an earlier

[Clamav-users] Freshclam timeout error

Hi, I've check the archive at length but I don't think any of the other posts are the same problem. the error is freshclam wont, error in log is: ClamAV update process started at Fri Mar 26 15:01:37 2004 ERROR: Maximal time (1200 seconds) reached. I've installed clam from the latest RPMs on a

[Clamav-users] Re: Clamav error

Jesse Guardiani wrote: [...] I see similar symptoms when my clamd (0.70-rc) process chokes on a message it doesn't like. The clamd process starts eating between 50% and 100% CPU and gobbling up RAM. Quick note: The CVS version from 2004/03/26 fixes this problem for me. -- Jesse Guardiani,

Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1

On Thu, 25 Mar 2004 13:36:00 -0300 (ART) Claudio Alonso [EMAIL PROTECTED] wrote: I'm using Clamuko with Dazuko 2.0. only on /home and /tmp I know Clamuko support isn't very tested, but is it possible for Clamuko to generate a clamd segm. fault? Or may it be a different problem? It's a good

Re: [Clamav-users] clam not fresh

On Fri, 26 Mar 2004 15:27:23 - Randal, Phil [EMAIL PROTECTED] wrote: I think it is time for you to erase ALL of your clamAV files, wherever you have them scattered, and reinstall and reconfigure, so you only have one set of .conf files and one set of .cvd files, and then reboot. Reboot ?

RE: [Clamav-users] Segfault on password protected rar?

Ethan, Qmail-Scanner 1.21 has a new option: --block-password-protected [yes|no] Defaults to no. Setting this to yes allows you to quarantine any incoming zip files that are password protected. This is primarily to stop viruses such as

Re: [Clamav-users] reject=451 4.7.1 Please try again later

On Fri, 2004-03-26 at 15:44, Nigel Horne wrote: The evidence points to incoming connections taking a long time (minutes) to send the first line of header after establishing a connection.so clamd gives up waiting. Increasing clamd's timeout will help. I have seen 4-5 minutes between an SMTP

Re: [Clamav-users] reject=451 4.7.1 Please try again later

Nigel Horne wrote: The evidence points to incoming connections taking a long time (minutes) to send the first line of header after establishing a connection.so clamd gives up waiting. Increasing clamd's timeout will help. I have seen 4-5 minutes between an SMTP connection being established

Re: [Clamav-users] Find bagle in Zip files.

On Fri, 2004-03-26 at 13:48, Tomasz Kojm wrote: But AFAIK, Kaspersky AntiVirus can crack a password on zip archive in some special circumstances. I have a program, that can do the same, but Tomasz Kojm is not interested in it. Right. ClamAV must be transparent in its licensing. The key

Re: [Clamav-users] reject=451 4.7.1 Please try again later

Trog wrote: On Fri, 2004-03-26 at 15:44, Nigel Horne wrote: The evidence points to incoming connections taking a long time (minutes) to send the first line of header after establishing a connection.so clamd gives up waiting. Increasing clamd's timeout will help. I have seen 4-5 minutes

[Clamav-users] Re: Segfault on password protected rar?

I think I figured it out. Just read the release notes for .66 (the fix for this issue). I'm on .70RC and it's working like a champ now. -Ethan P Ethan P writes: I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3. The other day, the following worm slipped through my

[Clamav-users] Re: Application to generate CLAMAV report

Let me preface this by stating that I am a newbie with using the commands below, I have only ever used grep to locate simple things, I have not used any of the others... So how come when I enter the commands below, I get an error that says: grep: unknown directories method? Ralph Angenendt

[Clamav-users] GMX Systematic Comparison

Hello. GMX released a paper where they were comparing the four biggest e-mail provider in Germany and how successful the most known viruses are caught by the e-mail software. They were testing the following providers and virus software: www.1und1.de (Symantec) www.gmx.de (Sophos Anti-Virus)

Re: [Clamav-users] reject=451 4.7.1 Please try again later

On Fri, 2004-03-26 at 17:03, Joe Maimon wrote: # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. ThreadTimeout 600 Still happening. Besides

[Clamav-users] OT: Re: Application to generate CLAMAV report

What os are you using? - Original Message Follows - From: Craig Daters [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Clamav-users] Re: Application to generate CLAMAV report Date: Fri, 26 Mar 2004 10:39:24 -0700 Let me preface this by stating that I am a newbie with using the

Re: [Clamav-users] Re: Yet another TESTVIRUS.org result !!

On Mar 26, 2004, at 11:10 AM, Jesse Guardiani wrote: Dilip M wrote: [...] Only improvement is Test # 12 was detected ? Where as all other Viruses,ie Test # 19,21,23,25 came through :( That is exactly what I'm getting with qmail-scanner-1.21 and clamav0.70-rc (and the CVS version from

Re: [Clamav-users] clamd hanging on SunOS 5.8

Many thanks Fajar! I had ScanMail enabled! I thought we needed that.. Darn; I just disabled it now. thanks a lot, -turgut --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President

Re: [Clamav-users] Re: Application to generate CLAMAV report

Fri, 26 Mar 2004 at 17:47 GMT Jesse Guardiani [EMAIL PROTECTED] wrote snip Here's a sample output: snip And if you mix this output with a cronjob, some sql and jpgraph (http://www.aditus.nu/jpgraph/), you might end up with something like this:

[Clamav-users] clamav.conf - user

Hello, I'm running ClamAV 0.68-1 on a OpenBSD-machine (i386, snapshot 190304). When I set 'User _clamd' in clamav.conf and start clamd as root I'm not able to use clamdscan (not able to open file...most probably due to file-restrictions). When I replace _clamd with root everything works

Re: [Clamav-users] clamav.conf - user

Björn Ketelaars wrote: Hello, I'm running ClamAV 0.68-1 on a OpenBSD-machine (i386, snapshot 190304). When I set 'User _clamd' in clamav.conf and start clamd as root I'm not able to use clamdscan (not able to open file...most probably due to file-restrictions). When I replace _clamd with root

[Clamav-users] Re: Application to generate CLAMAV report

Craig Daters wrote: Let me preface this by stating that I am a newbie with using the commands below, I have only ever used grep to locate simple things, I have not used any of the others... So how come when I enter the commands below, I get an error that says: grep: unknown directories

Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1

--- Tomasz Kojm [EMAIL PROTECTED] escribió: It's a good idea to disable archive/mail support when using on-access scanner. Hello Tomasz, Disabling archive support means that compressed files will be managed using external decompressors? Los mejores usados y las más tentadoras

Re: [Clamav-users] Re: Application to generate CLAMAV report

On Friday 26 March 2004 5:39 pm, Craig Daters wrote: Let me preface this by stating that I am a newbie with using the commands below, I have only ever used grep to locate simple things, I have not used any of the others... So how come when I enter the commands below, I get an error that

Re: [Clamav-users] OT: Re: Application to generate CLAMAV report

RH9 with Sendmail What os are you using? - Original Message Follows - From: Craig Daters [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Clamav-users] Re: Application to generate CLAMAV report Date: Fri, 26 Mar 2004 10:39:24 -0700 Let me preface this by stating that I am a newbie with

Re: [Clamav-users] Re: Yet another TESTVIRUS.org result !!

On Fri, 2004-03-26 at 18:35, Bart Silverstrim wrote: Hmm...when I just tested it (postfix, clamav, amavisd-new) tests 8, 12, 24, and 25 got through. Am I missing something in my config? How worried should I be about those viruses getting through? :-/ #8 was blocked with current CVS

[Clamav-users] Re: Application to generate CLAMAV report

Been there, done that. The man page offers no clues... Craig Daters wrote: Let me preface this by stating that I am a newbie with using the commands below, I have only ever used grep to locate simple things, I have not used any of the others... So how come when I enter the commands below, I

Re: [Clamav-users] Re: Application to generate CLAMAV report

Okay, I discovered that all of the logging is being done in /var/log/maillog as opposed to /var/log/messages, and once I pointed grep to the right file, then all has become well in the universe. Thanks again. Try starting with the simple grep command, then add each command with its pipe symbol

Re: [Clamav-users] clam not fresh

On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote: I just ran freshclam again and instead of downloading viruses.db and then giving me a checksum error it now claims: Connected to clamav.elektrapro.com. Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server

Re: [Clamav-users] Re: Application to generate CLAMAV report

On Friday 26 March 2004 8:44 pm, Craig Daters wrote: Craig Daters wrote: Let me preface this by stating that I am a newbie with using the commands below, I have only ever used grep to locate simple things, I have not used any of the others... So how come when I enter the commands

Fwd: Re: [Clamav-users] Re: Application to generate CLAMAV report

Looks like my previous posting on this topic didn't make it to the list... -- Forwarded Message -- Subject: Re: [Clamav-users] Re: Application to generate CLAMAV report Date: Fri, 26 Mar 2004 19:28:14 + From: Antony Stone [EMAIL PROTECTED] To: [EMAIL PROTECTED] On Friday

Re: [Clamav-users] reject=451 4.7.1 Please try again later

Trog wrote: On Fri, 2004-03-26 at 17:03, Joe Maimon wrote: # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. ThreadTimeout 600 Still happening.

Re: [Clamav-users] reject=451 4.7.1 Please try again later

On Fri, 26 Mar 2004, Joe Maimon wrote: Nigel Horne wrote: The evidence points to incoming connections taking a long time (minutes) to send the first line of header after establishing a connection.so clamd gives up waiting. Increasing clamd's timeout will help. I have seen 4-5 minutes

Re: [Clamav-users] Freshclam timeout error

On Fri, 26 Mar 2004 at 16:21:10 +, Roger Fishwick wrote: I've check the archive at length but I don't think any of the other posts are the same problem. the error is freshclam wont, error in log is: ClamAV update process started at Fri Mar 26 15:01:37 2004 ERROR: Maximal time (1200

Re: [Clamav-users] Re: Application to generate CLAMAV report

Craig Daters wrote: Okay, I discovered that all of the logging is being done in /var/log/maillog as opposed to /var/log/messages, and once I pointed grep to the right file, then all has become well in the universe. I wouldn't have dared posting about that. ;-) -- /Peter Bonivart --Unix lovers

Re: [Clamav-users] clam not fresh

At 01:11 PM 3/26/2004, you wrote: On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote: I just ran freshclam again and instead of downloading viruses.db and then giving me a checksum error it now claims: Connected to clamav.elektrapro.com. Reading md5 sum (viruses.md5): ERROR: md5

[Clamav-users] Rejected messages

I am getting messages rejected. I've been getting a few notifications that messages are not arriving. I get the following messages in my mail log. Note: sender, recipient, myserver and mydomain.com.au are fictitious. Mar 26 22:59:40 myserver sm-mta[9106]: i2QBvPA0009106: from=[EMAIL

Re: [Clamav-users] Re: Yet another TESTVIRUS.org result !!

On Mar 26, 2004, at 2:35 PM, Trog wrote: On Fri, 2004-03-26 at 18:35, Bart Silverstrim wrote: Hmm...when I just tested it (postfix, clamav, amavisd-new) tests 8, 12, 24, and 25 got through. Am I missing something in my config? How worried should I be about those viruses getting through? :-/

Re: [Clamav-users] Re: Yet another TESTVIRUS.org result !!

[...] Some people complained that ClamAV is not a 'vulnerability/exploit' scanner, but a virus scanner. This makes sense (and helps to avoid code bloat), but if [...] After blocking 'com' extension i absorved that many of viruses from testvirus.org had 'com' extension!! Better i block the