On Wed, 2005-02-16 at 12:28 +0700, Fajar A. Nugraha wrote:
Trog wrote:
No, it requires 1.2.2
To be specific, does it absolutely require 1.2.2, or does a
lower-but-not-buggy version work?
e.g. will 1.2.0.7 work ?
How on earth am I supposed to answer that? Sorry, my crystal ball has
On Feb 16, 2005, at 02:44, Dennis Peterson wrote:
christian laubscher said:
On Tue, Feb 15, 2005 at 06:40:42PM -0700, Hal Goldfarb wrote:
[...] I also think RPM binaries
should be made available before an official release. [...]
please not!
Piggy-backing:
Maybe they could stick a broom up their
On Tuesday 15 Feb 2005 11:19, abac wrote:
hi,
I installed the clamav-0.82.tar.gz and the webmin module for clamav,the
installation was successful,but now when i want to open the clamav in
webmin this is theerror:
WARNING: Please fill in the location of the clamav daemon startup file
in the
On Wednesday 16 Feb 2005 08:44, Trog wrote:
No, it requires 1.2.2
To be specific, does it absolutely require 1.2.2, or does a
lower-but-not-buggy version work?
e.g. will 1.2.0.7 work ?
How on earth am I supposed to answer that? Sorry, my crystal ball has
failed on this occassion.
[EMAIL PROTECTED] wrote:
I have mail folder name VIR that containts 43 mail attach with Netsky and
2 mail attach with Bagle.
My FC1 has 0.83 and i do this :
clamscan VIR
clamdscan VIR
cat VIR | clamscan -
but it says no viruses.
Can anybody tell me why clam cannot found the viruses ?
Why? Because
Okay, okay.
I guess the RPM business went too far. And you are right this is free
software. But the thing that actually gets me is that when a new release of
Clam comes out, it seems like there is all sorts of catching up to do.
Believe it or not, I actually know how to use rpm tools. And
On Wed, 16 Feb 2005 at 3:16:25 -0700, Hal Goldfarb wrote:
[...]
The issue started out -- and then I went overboard because I felt frustrated
-- that all of a sudden I discover that freshclam is not running, and only
because I happened to be looking at it at that moment. Why it stops
On Wed, 16 Feb 2005 03:16:25 -0700 in [EMAIL PROTECTED]
Hal Goldfarb [EMAIL PROTECTED] wrote:
The issue started out -- and then I went overboard because I felt
frustrated -- that all of a sudden I discover that freshclam is not
running, and only because I happened to be looking at it at
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Hal Goldfarb
Sent: Tuesday, February 15, 2005 9:41 PM
I am trying to play by the rules, honest. Can you instruct me on how to
properly be informed of clamav code updates? I also think RPM binaries
On Wednesday 16 Feb 2005 06:07, Joseph Filla wrote:
I'm running openBSD 3.6 and cannot for the life of me
install clamav. I've tried the ports (via cvsup) but
run into gmp install errors (I can't figure that out)
so I've moved to compiling from source. I've tried to
compile .82 and .83 and
Hi list, I have posted before about an issue with clamd hanging and yesterday
we finally managed to find out what the underlying problem was. We came
across an 800k mail that we initially thought was causing clamd to hang. The
truth infact was that once we turned on debugging, we noticed that
On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
Dörfler Andreas said:
the versioncheck for zlib isnt the best.
suse for example fixes the security hole
in 1.2.1 with patches and not with a installation
from a new version.
forget the warning.
Sounds like suse has introduced a
On Tue, 2005-02-15 at 17:15, Trog wrote:
On Tue, 2005-02-15 at 17:07 +0100, Tarjei Knapstad wrote:
I've got a mail server here running RH8 (yes, yes I know... :)), and
when trying to build clamav 0.83 RPMs it required zlib 1.2.1.2.
No, it requires 1.2.2
May I ask why? There doesn't
On Wed, 2005-02-16 at 14:57 +0100, Tarjei Knapstad wrote:
On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
Dörfler Andreas said:
the versioncheck for zlib isnt the best.
suse for example fixes the security hole
in 1.2.1 with patches and not with a installation
from a new version.
--On Wednesday, February 16, 2005 2:52 PM +0200 Scott Ryan
[EMAIL PROTECTED] wrote:
On Wednesday 16 February 2005 14:50, Ted Fines shaped the electrons to
say:
Would you please send me this attachment off-list.
Please zip it and password protect it (password='password') so it comes
through.
On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
FOUR MINUTES, 13 SECONDS for an 800k email.
Look at the file again. It is NOT an 800k mail. It is over 200 emails embedded
within each other. By definition the largest message is about 800K and the
smallest
is about 1K give or take, giving an
* Ted Fines [EMAIL PROTECTED] [20050216 17:20]: wrote:
--On Wednesday, February 16, 2005 2:52 PM +0200 Scott Ryan
[EMAIL PROTECTED] wrote:
On Wednesday 16 February 2005 14:50, Ted Fines shaped the electrons to
say:
Would you please send me this attachment off-list.
Please zip
Piggy-backing:
Maybe they could stick a broom up their bum and sweep the floor at the
same time, too. Dayum, guy - this stuff is free. Get off your butt and
build your own binaries - hell, it takes maybe 10 minutes, is repeatable,
and you get all the credit.
Don't even suggest they put my Solaris
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nigel Horne wrote:
On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
FOUR MINUTES, 13 SECONDS for an 800k email.
Look at the file again. It is NOT an 800k mail. It is over 200 emails embedded
within each other. By definition the largest
-Original Message-
From: Hal Goldfarb [mailto:[EMAIL PROTECTED]
Subject: [Clamav-users] No announcement of 0.83 on clamav-announce ML
I am trying to play by the rules, honest. Can you instruct
me on how to
properly be informed of clamav code updates? I also think
RPM
On Wednesday 16 Feb 2005 14:58, Bogusaw Brandys wrote:
Oversized.Mail ? Do we need such new detection or is better solution ?
I need to finish the work on the new scanner that is already underway (see
mbox.c) which removes the parser.
Boguslaw Brandys
--
Nigel Horne. Arranger, Composer,
On Wednesday 16 February 2005 16:26, Nigel Horne shaped the electrons to say:
On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
FOUR MINUTES, 13 SECONDS for an 800k email.
Look at the file again. It is NOT an 800k mail. It is over 200 emails
embedded within each other. By definition the
On Wednesday 16 Feb 2005 15:15, Scott Ryan wrote:
On Wednesday 16 February 2005 16:26, Nigel Horne shaped the electrons to say:
On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
FOUR MINUTES, 13 SECONDS for an 800k email.
Look at the file again. It is NOT an 800k mail. It is over 200
On Wed, 2005-02-16 at 15:11, Trog wrote:
On Wed, 2005-02-16 at 14:57 +0100, Tarjei Knapstad wrote:
On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
snip
A simple search in the archive for zlib 1.2.2 turns this up:
http://lurker.clamav.net/message/20041103.143255.97fa22ec.en.html
On Wednesday 16 February 2005 17:34, Nigel Horne shaped the electrons to say:
On Wednesday 16 Feb 2005 15:15, Scott Ryan wrote:
On Wednesday 16 February 2005 16:26, Nigel Horne shaped the electrons to
say:
On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
FOUR MINUTES, 13 SECONDS for an
On Wednesday 16 Feb 2005 15:51, Scott Ryan wrote:
Would it be possible to request that some kind of recursion limit be added
here like there currently is on zip files?
That would be bad idea since it would be v. easy for a virus writer to get
around.
--
Nigel Horne. Arranger, Composer,
Tarjei Knapstad wrote:
On Wed, 2005-02-16 at 15:11, Trog wrote:
On Wed, 2005-02-16 at 14:57 +0100, Tarjei Knapstad wrote:
On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
snip
A simple search in the archive for zlib 1.2.2 turns this up:
On Wed, 2005-02-16 at 16:00 +, Nigel Horne wrote:
On Wednesday 16 Feb 2005 15:51, Scott Ryan wrote:
Would it be possible to request that some kind of recursion limit be added
here like there currently is on zip files?
That would be bad idea since it would be v. easy for a virus
Your right 99.% of the people using computers are not Unix Admins. But
they sure have an impact on the amount of traffic generated by infected
systems sending email.
While I agree that you should not hold up any code just so you can do a
release across the board. In the long run we all
On Tue, 15 Feb 2005 22:00:57 -0500
Dale Walsh [EMAIL PROTECTED] wrote:
I've noticed the use of libbz2 in building ClamAV, this limits the
scan to zipped files, would libz not allow tar and gz files to be
scanned and make a better choice?
libbz2 and libz are two different things.
--
oo
On Wed, 16 Feb 2005 15:02:59 +0100
Tarjei Knapstad [EMAIL PROTECTED] wrote:
On Tue, 2005-02-15 at 17:15, Trog wrote:
On Tue, 2005-02-15 at 17:07 +0100, Tarjei Knapstad wrote:
I've got a mail server here running RH8 (yes, yes I know... :)),
and when trying to build clamav 0.83 RPMs it
On Wed, 16 Feb 2005 14:57:16 +0100
Tarjei Knapstad [EMAIL PROTECTED] wrote:
Nobody is whining here Dennis.
I was asking a question about what the zlib warning was all about. The
www.zlib.net:
October 3rd, 2004
Version 1.2.2 eliminates a potential security vulnerability in zlib
1.2.1, so
On Wed, 16 Feb 2005 18:23:51 +0200 in
[EMAIL PROTECTED] Peter Hubbard
[EMAIL PROTECTED] wrote:
That would be bad idea since it would be v. easy for a virus writer
to get around.
Okay. How about an option to dump an email - or flag it as a
*possible* virus - if a specified recursion
On Wed, 16 Feb 2005 17:51:28 +0200
Scott Ryan [EMAIL PROTECTED] wrote:
I will just have to allow these types of mails to go unscanned. Four
minutes to scan 1 will cause a DOS.
So increase the number of MaxThreads...
Would it be possible to request that some kind of recursion limit be
added
On Wednesday 16 February 2005 18:43, Tomasz Kojm shaped the electrons to say:
On Wed, 16 Feb 2005 17:51:28 +0200
Scott Ryan [EMAIL PROTECTED] wrote:
I will just have to allow these types of mails to go unscanned. Four
minutes to scan 1 will cause a DOS.
So increase the number of
Hello everybody !
I get mail from a remote pop server with fetchmail.
How can I have user´s mail scanned with clam antivirus before mails are
appended to /var/spool/mail/user
If possible without using procmail
Can anybody help ?
Thanks !!
PD: I´m using Fedora
On Wed, Feb 16, 2005 at 02:21:40PM -0300, Gabriel Carini said:
Hello everybody !
I get mail from a remote pop server with fetchmail.
How can I have user´s mail scanned with clam antivirus before mails are
appended to /var/spool/mail/user
If possible without using procmail
Can anybody help
On Wed, 16 Feb 2005 19:05:22 +0200
Scott Ryan [EMAIL PROTECTED] wrote:
What is that limit?
libclamav/scanners.c:
#define MAX_MAIL_RECURSION 15
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
\..._
Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:
WIN-
WIN- GW1- -MAIL SERVER- -GW2
WIN-
One WIN
On Feb 16, 2005, at 3:13 PM, vaida bogdan wrote:
Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:
WIN-
WIN- GW1-
On February 16, 2005 12:13 pm, vaida bogdan wrote:
Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:
WIN-
WIN-
On Wednesday 16 February 2005 09:30, John Gallagher wrote:
Your right 99.% of the people using computers are not Unix Admins. But
they sure have an impact on the amount of traffic generated by infected
systems sending email.
While I agree that you should not hold up any code just so you
On Wed, 16 Feb 2005 15:02:57 -0700
Hal Goldfarb [EMAIL PROTECTED] wrote:
alert packagers to get a jump? Maybe 2 or 3 days before the support
for the previously supported code is abandoned. Maybe won't work,
You're still missing the point here. Please read my yesterday's posts.
--
oo
vaida bogdan wrote:
Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:
WIN-
WIN- GW1- -MAIL SERVER-
Several times now, we've been burned by virii that are picked up by other
virus scanners when ClamAV doesn't yet have the signature. Within a
couple of hours, when the bulk of the threat has already passed, Clam then
catches up. Mydoom.M-2 was the virus of the day today.
What is being done to
On Wed, 16 Feb 2005, John Madden wrote:
Several times now, we've been burned by virii that are picked up by other
virus scanners when ClamAV doesn't yet have the signature. Within a
This is the exact opposite of our experience.
How often do you run freshclam ?
On Wed, 16 Feb 2005 18:08:01 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
Several times now, we've been burned by virii that are picked up by
other virus scanners when ClamAV doesn't yet have the signature.
Within a couple of hours, when the bulk of the threat has already
passed, Clam
Several times now, we've been burned by virii that are picked up by
other
virus scanners when ClamAV doesn't yet have the signature. Within a
This is the exact opposite of our experience.
Hmm. For example, Clam was about 2 hours behind McAfee's update of the
2/16/05 MyDoom variant.
How
You haven't submitted anything on our site.
I would've today, had I not been off-site at a conference. Trouble is, by
the time I receive a copy, it's too late. I suppose it's a perception
problem with our users more than anything.
Actually you're an egoist.
How so?
John
--
John Madden
On Wed, 16 Feb 2005 18:38:38 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
You haven't submitted anything on our site.
I would've today, had I not been off-site at a conference. Trouble
is, by the time I receive a copy, it's too late. I suppose it's a
perception problem with our users
On Wed, 16 Feb 2005, John Madden wrote:
Hmm. For example, Clam was about 2 hours behind McAfee's update of the
2/16/05 MyDoom variant.
Odd.
In any case, Clam is a user supported project. ALL viruses are submitted by
end users. So, the only way response will get any better is if you submit
Have you submitted any sample for the last two years?
Yes, when appropriate, which I believe has been thrice. (We haven't been
on Clam for that long, though.)
John
--
John Madden
UNIX Systems Engineer
Ivy Tech State College
[EMAIL PROTECTED]
___
In any case, Clam is a user supported project. ALL viruses are submitted
by
end users. So, the only way response will get any better is if you submit
new viruses you receive that get by clam.
It's not going to 'improve' any other way.
Well, that'd be my assumption as well. What I'm poking
On Wednesday 16 February 2005 05:08 pm, John Madden wrote:
Several times now, we've been burned by virii that are picked up by other
virus scanners when ClamAV doesn't yet have the signature. Within a
couple of hours, when the bulk of the threat has already passed, Clam then
catches up.
I agree with Christopher that this has been the exact opposite experience
that
I have had.
Hmm.
Are there factors that can affect freshclam's performance? I got the
Mydoom.M-2 sig at 17:10EST today. When was it available? (The mailing
list archive doesn't appear to yet reflect today's
John Madden wrote:
well, something must be wrong with *your* virus scanner, because the
one over *here* in *Exchange* caught it.
I think it's inherently a good thing to run multiple virus scanners from
different vendors. Sometimes ClamAV will update first, sometimes other vendors
will update
On Wed, 16 Feb 2005 18:56:32 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
Have you submitted any sample for the last two years?
Yes, when appropriate, which I believe has been thrice. (We haven't
been on Clam for that long, though.)
Found 0 submissions - Total results (0 pages)
(on
On Wed, 16 Feb 2005 19:04:25 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
managers want to buy AV licenses.
Is that bad?
It's always good to have two or more e-mail virus scanners if
resources funds allow that.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\.
Found 0 submissions - Total results (0 pages)
(on both your name and ivytech)
Uh. 'Guess I can't explain that, unless submissions for already-submitted
virii don't count.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech State College
[EMAIL PROTECTED]
On Wed, 16 Feb 2005 20:04:55 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
Found 0 submissions - Total results (0 pages)
(on both your name and ivytech)
Uh. 'Guess I can't explain that, unless submissions for
already-submitted virii don't count.
They count so this is a bad argument
Tomasz Kojm wrote:
On Wed, 16 Feb 2005 20:04:55 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
Found 0 submissions - Total results (0 pages)
(on both your name and ivytech)
Uh. 'Guess I can't explain that, unless submissions for
already-submitted virii don't count.
They count so this is a
On Wed, 16 Feb 2005 20:27:27 -0500
Rick Macdougall [EMAIL PROTECTED] wrote:
Tomasz Kojm wrote:
On Wed, 16 Feb 2005 20:04:55 -0500 (EST)
John Madden [EMAIL PROTECTED] wrote:
Found 0 submissions - Total results (0 pages)
(on both your name and ivytech)
Uh. 'Guess I can't
Tomasz Kojm wrote:
On Wed, 16 Feb 2005 20:27:27 -0500
Rick Macdougall [EMAIL PROTECTED] wrote:
Two of them have been published, one (some trojan, i.e. low priority) is
still waiting for its turn:
Page(s):1
Found 3 submissions - Total results (1 pages)
Cool, I'm a hero :)
But I never
On Wed, 16 Feb 2005 20:37:23 -0500
Rick Macdougall [EMAIL PROTECTED] wrote:
Have a good day/night Tomasz, you are doing incredible work.
Thanks, it's 2:50 a.m. here. The whole team is working hard in its free
time and sometimes I must take that unrewarding position and protect
our cave ;-) even
Thanks, it's 2:50 a.m. here. The whole team is working hard in its free
time and sometimes I must take that unrewarding position and protect
our cave ;-) even if I may sound harsh and boorish.
No one's attacking your cave.
Fact of the matter is, for whatever reason, we had GB's of this virus
John Madden wrote:
Several times now, we've been burned by virii that are picked up by other
virus scanners when ClamAV doesn't yet have the signature. Within a
couple of hours, when the bulk of the threat has already passed, Clam then
catches up. Mydoom.M-2 was the virus of the day today.
What
66 matches
Mail list logo