Justin wrote:
After getting 20040203 to compile tonight on my RH 9 box, I ran into
trouble starting the new daemon. It was convinced I had a Malformed
Database. The old version of clamd I was running didn't seem to think
so. I remembered reading something about clamd picking up all files in
Michael St. Laurent wrote:
Are you using clamav-milter for the email scanning?
No.
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity.
Hi,
I am using clamav to filter email. Here is the version info in
the RPM (downloaded from the clamav site).
Name: clamav Relocations: (not relocateable)
Version : 0.65 Vendor: B.O.F.H. Corp.
Release : 4
On Wed, Feb 04, 2004 at 12:34:33AM -0600, Justin wrote:
After getting 20040203 to compile tonight on my RH 9 box, I ran into
trouble starting the new daemon. It was convinced I had a Malformed
.
.
.
Everything seems to be running smoothly now. I wonder though, should I
have a main.cvd?
Hi
Just a note to say I tried some of the zip and bzip bombs described in
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
and found that clamav copes very well with them. In particular I was able
to scan a mail consisting of a 10Gbyte bzip2 bomb followed by a copy
Stefan Kaltenbrunner wrote:
Nigel Horne wrote:
4) Yes I am working on a solution and yes I am aware of it!
I have just disabled binhex decoding in CVS while I further
investigate this.
A sidenote to everyone using the CVS version: It seems sf.net's public
CVS service lags behind the
When clamav will detect MyDoom?
I hope soon?!
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
Hmmm... My impression was that ClamAV catches MyDoom
(it called it SCO.A) from the start.
Sincerely yours, Roman A.Suzi
--
- Petrozavodsk - Karelia - Russia - mailto:[EMAIL PROTECTED] -
On Wed, 4 Feb 2004, Dinko Ivanov wrote:
When clamav will detect MyDoom?
I hope soon?!
Actually, Clamav was (IIRC) the first antivirus package that had a
signature for MyDoom. Sophos and Mcafee were hours later, possibly because
they couldn't agree upon a spiffy name for the newcomer.
so, clamav *does* scan for mydoom. if your version doesn't, check whether
the automatic update
Dinko Ivanov wrote:
When clamav will detect MyDoom?
I hope soon?!
It already does (and, in fact, most commercial vendors published their
definitions _after_ the clamav team).
It's called Worm.SCO.* in clamav, though.
Thomas
---
The SF.Net
On Wed, Feb 04, 2004 at 12:56:30PM +0200, Dinko Ivanov wrote:
When clamav will detect MyDoom?
I hope soon?!
This is when my first Worm.SCO.A was caught, this is soon enought for me :
--
Date: Mon, 26 Jan 2004 23:36:28 +0100 (CET)
I think you'll find it was one of the first to detect it.
ClamAV calls it Worm.SCO.A, and it has caught hundred of the critters here.
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From:
On Wed, 04 Feb 2004 12:33:57 +0100
Thomas Lamy [EMAIL PROTECTED] wrote:
Dinko Ivanov wrote:
When clamav will detect MyDoom?
I hope soon?!
It already does (and, in fact, most commercial vendors published their
definitions _after_ the clamav team).
It's called Worm.SCO.* in clamav,
-Original Message-
From: [EMAIL PROTECTED] [mailto:clamav-users-
[EMAIL PROTECTED] On Behalf Of Dinko Ivanov
Sent: 4. februar 2004 11:57
To: [EMAIL PROTECTED]
Subject: [Clamav-users] MyDoom???
When clamav will detect MyDoom?
I hope soon?!
ClamAV was updated 21:23 (+0100) the
Alex S Moore wrote:
I plan to talk with our head guy at blastwave.org and hopefully will provide
packages for Solaris 8 and 9 for SPARC and x86 soon. Clamav is a great product
and I want to do whatever I can to help it grow in popularity.
Wonder why nobody provides official Solaris binaries
On Wed, 04 Feb 2004 13:54:32 +0700
Fajar A. Nugraha [EMAIL PROTECTED] wrote:
I think it's the b8946eefa674d8c5. The download wasn't completed
because of (perhaps) network error.
[EMAIL PROTECTED] /usr/local/share/clamav]# freshclam
ClamAV update process started at Wed Feb 4 00:24:25 2004
Well, but i can not detect it with clamscan! Why?
This my report:
Known viruses: 20612
Scanned directories: 1
Scanned files: 63
Infected files: 0
Data scanned: 90.24 MB
This returned from freshclam:
]# freshclam
ClamAV update process started at Wed Feb 4 15:07:55 2004
Reading CVD header
On Wed, 04 Feb 2004 12:56:30 +0200
Dinko Ivanov [EMAIL PROTECTED] wrote:
When clamav will detect MyDoom?
I hope soon?!
No comment.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED] www.ClamAV.net
(\/)\. http://www.clamav.net/gpg/tkojm.gpg
ClamAV version : clamscan / ClamAV version devel-20040203
OS : FreeBSD 4.9-STABLE #35: Wed Jan 28
It seems clamscan is having trouble finding SCO.a in a multiply-attached
file.
I have the following files:
vir1: multiply-attached message with SCO.a
On Wednesday 04 Feb 2004 1:26 pm, James F. Hranicky wrote:
The files can be found here
http://www.cise.ufl.edu/~jfh/sco-examples
But they can't be accessed:
www.cise.ufl.edu/~jfh/sco-examples/vir1
Either you are not authorized to access the requested page on the CISE Web Server, or
On Wed, 4 Feb 2004 14:16:07 +
Nigel Horne [EMAIL PROTECTED] wrote:
On Wednesday 04 Feb 2004 1:26 pm, James F. Hranicky wrote:
The files can be found here
http://www.cise.ufl.edu/~jfh/sco-examples
But they can't be accessed:
Sorry, fixed.
As usual, the best method is to
I'd like to obtain one in order to identify which viruses should generate
recipient warnings (i.e. we have quarantined a message containing a virus).
The goal is to not notify user about the typical worms like Klez, MiDoom,
etc... where there would nothing of value in the message anyway.
Thanks,
I saw an article on bigtraq today that discussed an interesting vectored
attack against anti-virus software and was curious if any type of checks
were in place for clamav.
Basically a decompression bomb is a zero padded file of extreme size
(100GB) that is compressed using bzip, gzip, zip, etc...
did you try running clamscan with the --mbox option?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dinko
Ivanov
Sent: Wednesday, February 04, 2004 7:57 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] MyDoom???
Well, but i can not detect it
On Wed, 04 Feb 2004 at 9:35:07 -0600, Tom Walsh wrote:
I saw an article on bigtraq today that discussed an interesting vectored
attack against anti-virus software and was curious if any type of checks
were in place for clamav.
Basically a decompression bomb is a zero padded file of extreme
On Wed, Feb 04, 2004 at 09:35:07AM -0600, Tom Walsh wrote:
I saw an article on bigtraq today that discussed an interesting vectored
attack against anti-virus software and was curious if any type of checks
were in place for clamav.
http://sourceforge.net/mailarchive/forum.php?thread_id=3839743forum_id=
34617
Eric, thanks for that... I must have missed that email this morning
since the topic didn't quite trigger anything in my brain... More along
the lines of I thought it was a bug report... Ie: bzip bombs as in
blows up
Thanks for the reply.
On Wed, 4 Feb 2004, Fajar A. Nugraha wrote:
AFAIK, for every new install clamav always zeroes out main.cvd and
daily.cvd. The real mistery is why you have non-zero daily.cvd but zero
main.cvd
I didn't know this. Interesting...
Everything seems to be running
On Wed, 4 Feb 2004, Tomasz Kojm wrote:
Downloading main.cvd [*]
viruses.db updated (version: 19, sigs: 19987, f-level: 1, builder:
^^
What's that ?
It seems you have changed the name of the main virus database with
--with-dbname..
Howdy, Tomasz. Thanks for the reply.
On Wed, 4 Feb 2004, Tomasz Kojm wrote:
It seems you have changed the name of the main virus database with
--with-dbname..
I removed both --with-db* configure options and recompiled (something I
remember now was that it wouldn't compile without them back when I first
got started with clam).
When trying to scan some messages in my quarantine directory, i am getting
the following output:
LibClamAV Warning: Ignoring empty field in charset=
This happens with about 5 out of 800 messages.
Anyone have any ideas what might be causing this?
Thanks.
Jim Maul
Eastern Long Island Hospital
Hi :
Today morning, I installed the Windows XP on some machine. After that, I
downloaded a latest virus databases and I checked the C:\WINDOWS directory
with a clamscan.exe (windows port). Results are below.
windows XP
C:\WINDOWS/system32/dllcache/rpcrt4.dll: Exploit.DCOM.Gen FOUND
On Wednesday 04 Feb 2004 5:52 pm, Jim Maul wrote:
When trying to scan some messages in my quarantine directory, i am getting
the following output:
LibClamAV Warning: Ignoring empty field in charset=
Anyone have any ideas what might be causing this?
Virus writers don't honour RFCs (what a
Interesting problem going on here. Using clamav-milter w/ sendmail on
RH9. Sending email seems to take a VERY LONG TIME.
The /var/log/maillog shows:
Feb 4 10:37:57 titan clamav-milter[27829]: hit max-children limit (7 =
2): waiting for some to exit
Even though the /etc/clamav.conf file has:
On Wednesday 04 Feb 2004 5:52 pm, Jim Maul wrote:
When trying to scan some messages in my quarantine directory, i
am getting
the following output:
LibClamAV Warning: Ignoring empty field in charset=
Anyone have any ideas what might be causing this?
Virus writers don't honour RFCs
Hi,
I'm using clamav-0.65-4 (rpm version) on a RH9.0 and dazuko-1.2.3 (Clamuko is
configured to scan
on open, close and exec for paths /home and /tmp.
Everything works great until I execute freshclam.
Freshclam updates the virus definition files and on next SelfCheck, clamd detects the
database
On Wednesday 04 Feb 2004 6:37 pm, Chris Barnes wrote:
Interesting problem going on here. Using clamav-milter w/ sendmail on
RH9. Sending email seems to take a VERY LONG TIME.
What version of clamav-milter? (clamav-milter --version will tell you)
The /var/log/maillog shows:
Feb 4 10:37:57
On Wednesday 04 of February 2004 19:37, Chris Barnes wrote:
Interesting problem going on here. Using clamav-milter w/ sendmail on
RH9. Sending email seems to take a VERY LONG TIME.
The /var/log/maillog shows:
Feb 4 10:37:57 titan clamav-milter[27829]: hit max-children limit (7 =
2):
On Wed, 4 Feb 2004 16:02:19 -0300 (ART)
Claudio Alonso [EMAIL PROTECTED] wrote:
Any idea on why does it happen and how to solve it?
Thanks in advance,
Dazuko support is broken. A fix will be available on days.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED]
in CVS while I further investigate
this.
-Nigel
Doh, I must have misinterpreted comments in the Changelog to mean it's been
fixed. Sorry and thanks for all your hard work.
I have now tested the latest tar.gz from
http://www.clamav.net/snapshot/clamav-devel-20040204.tar.gz and can
On Wed, 04 Feb 2004 at 19:12:27 +0100, Przemyslaw Holowczyc wrote:
Today morning, I installed the Windows XP on some machine. After that, I
downloaded a latest virus databases and I checked the C:\WINDOWS directory
with a clamscan.exe (windows port). Results are below.
windows XP
On Wed, 4 Feb 2004, Przemyslaw Holowczyc wrote:
On Wednesday 04 of February 2004 19:37, Chris Barnes wrote:
Interesting problem going on here. Using clamav-milter w/ sendmail on
RH9. Sending email seems to take a VERY LONG TIME.
The /var/log/maillog shows:
Feb 4 10:37:57 titan
Nigel Horne [EMAIL PROTECTED] wrote:
What version of clamav-milter? (clamav-milter --version will tell you)
ClamAV version 0.65, clamav-milter version 0.60p
Have you checked to see if you have another clamav.conf on your
system, say /usr/local/etc/clamav.conf?
Nothing there.
Przemyslaw
On Wednesday 04 February 2004 12:14 pm, Ola Thoresen wrote:
I have now tested the latest tar.gz from
http://www.clamav.net/snapshot/clamav-devel-20040204.tar.gz and can
verify that the problem with memory allocations on special binhex-files
has been fixed.
I have about 10 different files
Hi,
Just wondering (i'm trying to understand), my CG Pro and ClamAV find the
virus in the message correctly. The msg is discarded and put in
Quarantine. Ok, so I tried a manual scan afterwards on this .msg file
with clamscan (example below) but it can't find a virus. Is there a
reasonable
On Wednesday 04 of February 2004 21:05, Tomasz Papszun wrote:
The normal way of reporting viruses not yet detected by ClamAV or
false positives, is:
1. Scan samples at clamav online specimen scanner
http://www.gietl.com/test-clamav/ and if this doesn't detect a
virus go to point 2.
On Tue, 3 Feb 2004, [UTF-8] Kritof Petr wrote:
KPI decided to switch from LocalSocket to TcpSocket on clamd server
KPfor windows users can start testing windows client from their Win
KPworkstations.
KP
KPBut this option is exclusive with --quarantine-dir on clamav-milter.
KP
KPIs there some
Quoting Tomasz Kojm [EMAIL PROTECTED]:
On Wed, 28 Jan 2004 09:35:45 -0700
[EMAIL PROTECTED] wrote:
Hi,
I finally have got a sample of damages zip archive that causes clamd
to die with this error:
Tue Jan 27 09:58:59 2004 - /var/spool/MIMEDefang/mdefang-
hello!
i got 2 errors with clamav 0.65 and the latest snapshot (i tried today).
# clamd --version
clamd / ClamAV version devel-20040204
1)ERROR: Socket file /tmp/clamd exists. Either remove it, or configure a
different one.
2)ERROR: Can't save PID in file /var/run/clamd.pid
mario
--
Erstellt
On Wed, 04 Feb 2004 23:40:35 +0100
mario kammerer [EMAIL PROTECTED] wrote:
1)ERROR: Socket file /tmp/clamd exists. Either remove it, or configure
a different one.
Enable FixStaleSocket in clamav.conf.
2)ERROR: Can't save PID in file /var/run/clamd.pid
That must be a permission problem.
On Wed, 4 Feb 2004 14:34:36 -0700
[EMAIL PROTECTED] wrote:
Is there a way to tell daemon not to use internal zip and rar
archiver, but external, like I can do with clamscan: --mbox
--disable-archive --unzip -- unrar --unace --arj --zoo --lha --jar
--tar --deb --tgz ?
No, it can't use
Hi Nigel,
Yes the disclaimer is crap. I have been arguing against it to the MD for a year to no
avail. We have even sometimes put really weird stuff in it just to find out if people
read it, and it has never given a response. I'd tell the MD, but he would get pissed
off at me and sick the
This is another post about the problems that some people have been
having with sco.a seemingly making it past clam due to doggy mime
structure in bounce messages.
I noticed that Symantec on our exchange servers (which are behind a
mailscanner box running clam and sophos) is picking up a few Sco's
On Wed, 2004-02-04 at 23:29, Stevens, John wrote:
and sorry for this stupid disclaimer.
We also have a stupid disclaimer, but one question about yours - can you
have omissions that are present?
I did think about making it a very small font, or white text on a white
background - but then you
Am Thu, 5 Feb 2004 00:11:23 +0100 hat Tomasz Kojm [EMAIL PROTECTED]
geschrieben:
On Wed, 04 Feb 2004 23:40:35 +0100
mario kammerer [EMAIL PROTECTED] wrote:
1)ERROR: Socket file /tmp/clamd exists. Either remove it, or configure
a different one.
Enable FixStaleSocket in clamav.conf.
i already
Hi,
I browsed the documentation but couldn't find much info about the format
of the virus database (CVD), not counting the info on how to use it
append to it.
My question is towared the following: there was a recent discussion in
the MailScanner mailing list because Julian Field (the
Ah lawyers..
You wouldn't believe how often that one is pointed out.
On Wed, 2004-02-04 at 23:29, Stevens, John wrote:
and sorry for this stupid disclaimer.
We also have a stupid disclaimer, but one question about yours - can you
have omissions that are present?
---
This message
My question is towared the following: there was a recent discussion in
the MailScanner mailing list because Julian Field (the developer) is not
only deprecating, but also eliminating, the possibility of 'bouncing' a
mail containing a virus back to its (aparent) originator.
What I do is :
-
58 matches
Mail list logo
