Eric Rostetter wrote:
Quoting John Rudd [EMAIL PROTECTED]:
Tilman Schmidt wrote:
So why am I dissecting that list like this? Just to show that blocking
or not blocking certain unusal characters in mail addresses is indeed a
policy decision which should not be forced by a piece of software,
James Brown wrote:
On 16/04/2008, at 4:33 AM, fchan wrote:
This part of clamav-0.92 and new fix of a bug.
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613
And in short we need to get gcc4.1.1 or newer to get this work on
Macintosh 10.4.11 and xcode 2.5 which only has an gcc 4.0.1.
Eric Rostetter schrieb:
Quoting John Rudd [EMAIL PROTECTED]:
It is not ClamAV's place to make policy decisions for
me.
And ClamAV does not. The milter is.
That distinction is immaterial. The milter comes as part of the ClamAV
package. s/ClamAV/clamav-milter/ throughout my posting if you
Thanks for solving out mystery for me :)
Looks like you might have been loading one of the tables twice.
dp
--
Regards,
Noor Ahmed Afridi
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
John Rudd wrote:
It is never good to be the wrong tool for the job, nor fixing
something that isn't broken. And, therefore, it is doubly bad to be both.
In general:
DO NOT HARDCODE POLICY
Otherwise, your tool becomes irritating or possibly even harmful.
Regards,
David.
Thanks, Michael. I didn't see QUARANTINE as a access file option in the man
pages.
I will try that.
Thanks again!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Isaev
Sent: Wednesday, April 16, 2008 11:30 PM
To: ClamAV users ML
Subject: Re:
Hello,
I'm trying to add some values to whitelist following phishsigs_howto.pdf
doc. It's a simple conf, but it doesn't work.
With 'clamscan --debug email.file' command capture:
LibClamAV debug: Phishcheck:Checking url
Hello,
I'm trying to add some values to whitelist following phishsigs_howto.pdf
doc. It's a simple conf, but it doesn't work.
With 'clamscan --debug email.file' command capture:
LibClamAV debug: Phishcheck:Checking url
Hi,
Today I've updated my clamav from 0.92.1 to 0.93 (compiled in a redhat
5.1 server)
Now my clamdwatch.pl script doesn't work.
If I run it I get the following message:
Clamd is in an unknown state.
It returned: UNKNOWN COMMAND
Any idea?
I also attach my clamdwatch.pl
jordi garcia wrote:
Hello,
I'm trying to add some values to whitelist following phishsigs_howto.pdf
doc. It's a simple conf, but it doesn't work.
With 'clamscan --debug email.file' command capture:
LibClamAV debug: Phishcheck:Checking url
Artini Alessio wrote:
Hi,
Today I've updated my clamav from 0.92.1 to 0.93 (compiled in a redhat
5.1 server)
Now my clamdwatch.pl script doesn't work.
If I run it I get the following message:
Clamd is in an unknown state.
It returned: UNKNOWN COMMAND
Any idea?
Replace
Some time ago (after 0.90.3) clamav changed its license, downgrading it from
GPLv2 or later to GPLv2 only, thus making it incompatible with programs
linking to libclamav and released under the GPLv3 or later, which are now
being common.
The first application to drop clamav support is the Claws
Török Edwin wrote:
Replace RAWSCAN with SCAN.
It would be nice if the removal of RAWSCAN (1) were mentioned more
prominently than a one-liner in Changelog, and (2) were removed from
the docs at docs/html/node23.html
Regards,
David.
___
Help us build
Hello Edwin,
how Can I add the entry to daily.fp or submit the sample?
I read clamav man and didn't found any information about that.
Kind regards
Jordi
2008/4/17, Török Edwin [EMAIL PROTECTED]:
jordi garcia wrote:
Hello,
I'm trying to add some values to whitelist following
jordi garcia wrote:
Hello Edwin,
how Can I add the entry to daily.fp
See signatures.pdf 2.5 Whitelist databases.
You can either put the md5 into a .fp file, or add an entry to local.ign.
or submit the sample?
I read clamav man and didn't found any information about that.
Submit it here,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Apr 17, 2008 at 12:03:42PM -0400, Jerry Ferguson wrote:
Problem: clamav-milter loads and immediately terminates
You gave lots of good build information, but didn't say how you were
calling the milter itself. To give you something to compare
On Thu, Apr 17, 2008 at 06:52:12PM +0300, T?r?k Edwin wrote:
...
In case other people missed it.
From: jordi garcia [EMAIL PROTECTED]
To:ClamAV users ML clamav-users@lists.clamav.net
Subject: Re: [Clamav-users] phising whitelist
Date: Thu, 17 Apr 2008 17:44:25 +0200
It seems like this is rejecting the mail with a 'reject=553 5.3.0 QUARANTINE'
error instead of quarantining it to a folder.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gomes, Rich
Sent: Thursday, April 17, 2008 9:03 AM
To: ClamAV users ML
Subject:
Problem: clamav-milter loads and immediately terminates
You gave lots of good build information, but didn't say how you were
calling the milter itself. To give you something to compare to, here's
how I call it on mine:
# ps aux | grep clamav-milter | grep -v grep
clamav 686 0.0 0.2
At 09:03 17-04-2008, Jerry Ferguson wrote:
I have a Clamav-milter problem. Can anyone help?
Problem: clamav-milter loads and immediately terminates
Hardware: Computer processor is AMD, sata raid 1
software: NetBSD 4.0 (I386 platform)
[snip]
_res is not supported for multi-threaded programs.
This is version 4.2.2 of GMP, and it SEEMS to compile just fine; I can
run make check with no errors.
running
nm /usr/local/lib/libgmp.a |grep __gmpz_init
returns nothing;
and then configuring clamav with either:
LDFLAGS=-R/usr/local/lib -L/usr/local/lib -L/usr/lib -L/usr/local/ssl
At 09:03 17-04-2008, Jerry Ferguson wrote:
I have a Clamav-milter problem. Can anyone help?
Problem: clamav-milter loads and immediately terminates
Hardware: Computer processor is AMD, sata raid 1
software: NetBSD 4.0 (I386 platform)
[snip]
_res is not supported for multi-threaded programs.
hmm. well.
grepping for just mpz_init on libgmp.a also returns nothing.
grepping for mpz_init in gmp.h returns:
gmp.h: 0654-203 Specify an XCOFF object module.
On Thu, Apr 17, 2008 at 2:40 PM, Török Edwin [EMAIL PROTECTED] wrote:
Naomi Hospodarsky wrote:
This is version 4.2.2 of GMP, and
Naomi Hospodarsky wrote:
hmm. well.
grepping for just mpz_init on libgmp.a also returns nothing.
grepping for mpz_init in gmp.h returns:
gmp.h: 0654-203 Specify an XCOFF object module.
That string doesn't contain mpz_init, are you sure you used grep on
gmp.h and not nm?
This is weird.
At 12:41 17-04-2008, Jerry Ferguson wrote:
no, I downloaded and compiled from source which I have done since v 0.85
pkgsrc is version 92.1 which I will use for now.
pkgsrc contains version 0.93.
Regards,
-sm
___
Help us build a comprehensive
Quoting John Rudd [EMAIL PROTECTED]:
And ClamAV does not. The milter is. And the milter is designed to
work with sendmail. And if leaving this enabled by default produces
an exploitable sendmail, then it is wrong.
It does not. What leaves an exploitable sendmail is a poorly
configured
Quoting Tilman Schmidt [EMAIL PROTECTED]:
That distinction is immaterial. The milter comes as part of the ClamAV
package. s/ClamAV/clamav-milter/ throughout my posting if you want, it
doesn't change my argument in any way.
I think it completely changes your argument. Had you done that
in the
Quoting David F. Skoll [EMAIL PROTECTED]:
In general:
DO NOT HARDCODE POLICY
Otherwise, your tool becomes irritating or possibly even harmful.
In general, don't distribute code that allows remote root exploit of systems.
Otherwise, your tool becomes irritating or possibly
I tried building and running clamav 0.93 on a handful of BSD systems,
running clamd on TCP port 3310 and seeing if I can get it to do respond
to STREAM commands (and do the correct thing with a few samples).
Mostly I had success, but with one exception:
FreeBSD 7.0 - builds and runs fine
FreeBSD
Eric Rostetter wrote:
Quoting David F. Skoll [EMAIL PROTECTED]:
In general:
DO NOT HARDCODE POLICY
Otherwise, your tool becomes irritating or possibly even harmful.
In general, don't distribute code that allows remote root exploit of systems.
Otherwise, your tool
At 14:42 17-04-2008, Eric Rostetter wrote:
I don't know the history of this expliot, etc. So I can't comment on
whether the fix should stay or not. It would depend on the default
settings for sendmail, how long the fix has been in sendmail, how widely
available the patched sendmail is today,
When clamd is listening via TCPsocket it seems to be possible
for any user to shut it down by sending SHUTDOWN using e.g.
telnet clamdhost 3310
SHUTDOWN
Can this behaviour be disabled or restricted?
It would appear that this could be abused for a DOS attack
against a clamav server.
Quoting SM [EMAIL PROTECTED]:
At 14:42 17-04-2008, Eric Rostetter wrote:
I don't know the history of this expliot, etc.
Do you know which version of sendmail can be used with the
milter? If the exploit is prior to that, then the fix may not be applicable.
I never argued otherwise. And no,
-
Robert Johnston
Datajockeys, LLC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Gomes, Rich wrote:
It seems like this is rejecting the mail with a 'reject=553 5.3.0
QUARANTINE' error instead of quarantining it to a folder.
Yes, older versions of sendmail cannot quarantine the mail. QUARANTINE option
appears in sendmail
since V8.13
And some precise for access file:
Eric Rostetter wrote:
In general, don't distribute code that allows remote root exploit of
systems.
Sendmail doesn't allow remote exploit due to recipient addresses with
funny characters in them. It certainly hasn't since Milter has been
around, so fixing the problem in a milter is dumb.
Eric Rostetter wrote:
For all I know, from what _little_ I know, the problem is in the
popen() call in the milter,
Yikes popen()
In a piece of SECURITY software???
I'm very glad I've never used Clam's milter.
Regards,
David.
___
Help us
Eric Rostetter wrote:
Well, we disagree on that point. It is a security tool, and as such
has an even greater burden to try to be as secure as possible.
In order for a security tool to be as secure as possible, it first of
all needs to adhere to this basic principle:
The tool behaves as
Quoting David F. Skoll [EMAIL PROTECTED]:
Unless the behaviour with weird recipient addresses was prominently
advertised,
then it's surprising behaviour, and surprising behaviour is the enemy of
security.
As I said in almost every message so far, yes, it should have been
documented.
Quoting David F. Skoll [EMAIL PROTECTED]:
Sendmail doesn't allow remote exploit due to recipient addresses with
funny characters in them. It certainly hasn't since Milter has been
around, so fixing the problem in a milter is dumb.
Not if the problem is in the milter, or in the shell between
On Thu, Apr 17, 2008 at 09:10:45PM -0400, David F. Skoll wrote:
Eric Rostetter wrote:
For all I know, from what _little_ I know, the problem is in the
popen() call in the milter,
Yikes popen()
In a piece of SECURITY software???
I'm very glad I've never used Clam's milter.
41 matches
Mail list logo
