[Clamav-users] false alert - Trojan.FakeAlert-566

Hi List, we use clamav-0.94/mod_clamav for proftpd and my users have problems uploading files since 03 Sep 2008 . http://lurker.clamav.net/message/20080903.182645.120cafee.en.html A lot of files are found with Trojan.FakeAlert-566. I scanned this files with virscan.org with different engines an

Re: [Clamav-users] wiki

Hello Ian, > How come a security project thinks it's OK that I should send a password in > the clear? Fixed, Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC55

Re: [Clamav-users] PUAs

Hello Ian, > BTW, any chance that we could get a link to Configuration Tips from the > main wiki page, please? An essential part of getting ClamAV running on a > live mail service is getting the configuration right. done, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus

Re: [Clamav-users] Error scanning specific .pdf file

On Thu, 11 Sep 2008 15:22:02 -0400 "Jason Bertoch" <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:clamav-users- > > [EMAIL PROTECTED] On Behalf Of James Kosin > > Sent: Thursday, September 11, 2008 3:14 PM > > To: ClamAV users ML > > Subject: Re: [Cla

Re: [Clamav-users] Error scanning specific .pdf file

> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of James Kosin > Sent: Thursday, September 11, 2008 3:14 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] Error scanning specific .pdf file > > Well, since nobody has access now to bug

Re: [Clamav-users] Error scanning specific .pdf file

Jason Bertoch wrote: >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:clamav-users- >> [EMAIL PROTECTED] On Behalf Of Tomasz Kojm >> Sent: Thursday, September 11, 2008 2:00 PM >> To: clamav-users@lists.clamav.net >> Subject: Re: [Clamav-users] Error scanning specific .pdf file >> >>

Re: [Clamav-users] Error scanning specific .pdf file

> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Tomasz Kojm > Sent: Thursday, September 11, 2008 2:00 PM > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] Error scanning specific .pdf file > > On Thu, 11 Sep 2008 13:54:0

Re: [Clamav-users] Error scanning specific .pdf file

On Thu, 11 Sep 2008 13:54:00 -0400 "Jason Bertoch" <[EMAIL PROTECTED]> wrote: > Should I open a bug report over something as simple as a strange pdf > problem? Yes, please do. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg

[Clamav-users] Error scanning specific .pdf file

While scanning my users' home directories with clamscan, I found a mailbox that generated an error. I eventually sorted out that the problem was with a pdf attached to one of the messages. I pulled the pdf out and scanned with clamscan which produced an error of: LibClamAV Error:

Re: [Clamav-users] PUAs

Ian Eiloart wrote: > Anyway, can anyone think of a reason why anyone on a University Campus > would (a) have a need to transfer files in any category below, Absolutely. A lot of those categories (and examples) cover tools with legit systems administration and/or troubleshooting uses. You just

Re: [Clamav-users] PUAs

--On 11 September 2008 13:22:25 +0100 Steve Basford <[EMAIL PROTECTED]> wrote: >> Could anyone knowledgeable comment? > > I've knocked something quickly together, it won't be 100% accurate and is > very vague, but it might give you a few pointers: Thanks Steve. That's very helpful. I've put th

Re: [Clamav-users] PUAs

Steve Basford wrote: I've knocked something quickly together, it won't be 100% accurate and is very vague, but it might give you a few pointers: Thanks a lot, that's very helpful already. Perhaps this could be put on the Wiki, and over time, expanded. -- Tilman Schmidt Phoenix Software GmbH Bo

Re: [Clamav-users] How To Clean Infected Files

> > > $clamscan -r /home --remove > This is correct. > > > -- > Carlos Williams <[EMAIL PROTECTED]> > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- http://www.volatileminds.net

Re: [Clamav-users] clamd using 200-300MiB of memory? (normal..or a memory leak?)

> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Justin Piszcz > Sent: Thursday, September 11, 2008 7:55 AM > To: clamav-users@lists.clamav.net > Subject: [Clamav-users] clamd using 200-300MiB of memory? (normal..or a > memory leak?) > >

Re: [Clamav-users] PUAs

> Could anyone knowledgeable comment? I've knocked something quickly together, it won't be 100% accurate and is very vague, but it might give you a few pointers: Vague Outline - PUA is a potentially unwanted application Sub-Type: RAT is Remote Access Trojans Description: tools used

Re: [Clamav-users] How To Clean Infected Files

Matus UHLAR - fantomas wrote: > On 10.09.08 11:43, Brandon Perry wrote: >> Because you are removing the file, not just the virus. ClamAV can't >> disinfect as there is no need to. > > Sctually, some viruses append javascript code at the end offile they are > modifying. Cleaning that would help (al

[Clamav-users] clamd using 200-300MiB of memory? (normal..or a memory leak?)

Is this normal? Host: Linux box 2.6.26.3 #2 SMP Mon Sep 1 08:47:07 EDT 2008 x86_64 GNU/Linux Dist: Debian Testing 353.1MB | /usr/sbin/clamd | up: 3:14 Or, from top: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 2887 clamav20 0 353m 227m 1052 S0 2.9 3:14.95

[Clamav-users] default ScanPDF value

Hello, may I ask, why the default for ScanPDF is "no" ? Are there any problems with performance, false positives, is it just low effect (e.g. w/o sanesecurity signatures), or is there a different reason? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT t

Re: [Clamav-users] How To Clean Infected Files

On 10.09.08 11:43, Brandon Perry wrote: > Because you are removing the file, not just the virus. ClamAV can't > disinfect as there is no need to. Sctually, some viruses append javascript code at the end offile they are modifying. Cleaning that would help (although I don't know until when...) --

Re: [Clamav-users] NodalCore cards in use ?

On Thu, 11 Sep 2008 06:48:11 +0200 Andreas Schulze <[EMAIL PROTECTED]> wrote: > Hello, > > realy nobody has used an ClamAV-Accelerator ? > So the sourcecode contains code which nobody uses ? Support for the hardware acceleration is available as a separate patch (see clamav-devel/contrib/hwaccel)

Re: [Clamav-users] mirrors and cdiff files?

On Thu, 11 Sep 2008 10:50:12 +1200 "Spiro Harvey, Knossos Networks Ltd" <[EMAIL PROTECTED]> wrote: > > daily-7912? we're at daily-8212.cdiff as of 15 minutes ago, you're 200 > > patches behind... 7912 was loaded on Aug. 1 16:53:05 (CDT). > > I see. It must have been an issue with my cache.. > >

Re: [Clamav-users] PUAs

On 05.09.2008 20:38, [EMAIL PROTECTED] wrote: On Fri, 5 Sep 2008, Ian Eiloart wrote: I'm looking for some documentation on PUAs, but can only find a very terse list of the categories, at : RC NetTool Packed PwTool RAT Script Server Spy Tool But what do any o