> I am a tad confused about your reporting comment as the
> clamav web reporting mechanism works fine at least for me
> and you can also
> report via virustotal as well.
>
> Anyway glad your happy with your config.
>
> Tom
>
> btw its winnow as in to remove the wheat from the chaff
> and has
>
> Jari Fredriksson wrote:
>
>> I give rat's ass to WinNow. If I would have been
>> interested in SaneSecurity or WinNow I would have
>> installed those again, and tested with them.
>>
>
> Don't let it fall through the cracks that people here are
> trying to help you.
>
Of course, just like I
At 12:20 AM +0300 9/24/09, Jari Fredriksson wrote:
>>
This is what I found about Phishing and Heuristics.
Dangerous? When I review the quaratine anyway.
No more than sanesecurity rules and alot more than my
winnow_malware.hdb which would have caught your virus.
Point being you might jus
Jari Fredriksson wrote:
I give rat's ass to WinNow. If I would have been interested in SaneSecurity
or WinNow I would have installed those again, and tested with them.
Don't let it fall through the cracks that people here are trying to help you.
dp
___
>>
>> This is what I found about Phishing and Heuristics.
>> Dangerous? When I review the quaratine anyway.
>
> No more than sanesecurity rules and alot more than my
> winnow_malware.hdb which would have caught your virus.
>
> Point being you might just want to consider what you have
> running..
Hi mailinglist,
On Mit, 2009-09-23 at 11:44 -0500, Dan Denton wrote:
[...]
> I've got an RHEL 3 server (yes, I know...) running clamd on generic
> hardware. When I start clamd, it appears two processes are created.
> None of my other systems do this (RHEL 4 and 5 systems). I didn't
> notice this h
At 11:31 PM +0300 9/23/09, Jari Fredriksson wrote:
> At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote:
>>
I don't run ClamAV via SpamAssassin. I have it called
by amavisd-new, which does what it does: quarantine.
Sure hope your not using heuristics, phishing and/or
safebrowsing op
> At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote:
>> >>
I don't run ClamAV via SpamAssassin. I have it called
by amavisd-new, which does what it does: quarantine.
>>>
>>> Sure hope your not using heuristics, phishing and/or
>>> safebrowsing options in ClamAV if you feel that way.
At 10:42 PM +0300 9/23/09, Jari Fredriksson wrote:
> On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari
Fredriksson wrote:
Ehm, were you scoring SaneSecurity hits like one is
supposed to, or just plain rejecting with them? Sounds
like the latter.
I don't run ClamAV via SpamAssassin. I hav
At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote:
>>
I don't run ClamAV via SpamAssassin. I have it called by
amavisd-new, which does what it does: quarantine.
Sure hope your not using heuristics, phishing and/or
safebrowsing options in ClamAV if you feel that way.
I use amavisd-new d
> On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari
> Fredriksson wrote:
>>>
>>> Ehm, were you scoring SaneSecurity hits like one is
>>> supposed to, or just plain rejecting with them? Sounds
>>> like the latter.
>>>
>>
>> I don't run ClamAV via SpamAssassin. I have it called by
>> amavisd-new, wh
>>
>> I don't run ClamAV via SpamAssassin. I have it called by
>> amavisd-new, which does what it does: quarantine.
>
> Sure hope your not using heuristics, phishing and/or
> safebrowsing options in ClamAV if you feel that way.
>
I use amavisd-new default options, have not touched those.
Anywa
Jari Fredriksson wrote:
I have not tried virustotal.
I have the zip file and the extracted exe as well on disk, and clamscan does
NOT detect it.
I have F-Prot and BitDefender in my amavisd-new as well, and I have no problems detecting these.
The point in this post is that ClamAV website
At 8:11 PM +0300 9/23/09, Jari Fredriksson wrote:
> On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari
Fredriksson wrote:
Jari Fredriksson wrote:
Then I decided SaneSecurity is not worth it, as
SpamAssassin catches those too, and has less false
positives.
SaneSecurity triggers way too of
On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari Fredriksson wrote:
> >
> > Ehm, were you scoring SaneSecurity hits like one is
> > supposed to, or just plain rejecting with them? Sounds
> > like the latter.
> >
>
> I don't run ClamAV via SpamAssassin. I have it called by amavisd-new,
> which doe
> On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari
> Fredriksson wrote:
>>> Jari Fredriksson wrote:
>>>
Then I decided SaneSecurity is not worth it, as
SpamAssassin catches those too, and has less false
positives.
SaneSecurity triggers way too often when some dumb us
Hello forum.
I've got an RHEL 3 server (yes, I know...) running clamd on generic hardware.
When I start clamd, it appears two processes are created. None of my other
systems do this (RHEL 4 and 5 systems). I didn't notice this happening until a
couple days ago when nagios started alerting low m
On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari Fredriksson wrote:
> > Jari Fredriksson wrote:
> >
> >>
> >> Then I decided SaneSecurity is not worth it, as
> >> SpamAssassin catches those too, and has less false
> >> positives.
> >>
> >> SaneSecurity triggers way too often when some dumb user
>
> Jari Fredriksson wrote:
>
>>
>> Then I decided SaneSecurity is not worth it, as
>> SpamAssassin catches those too, and has less false
>> positives.
>>
>> SaneSecurity triggers way too often when some dumb user
>> pastes a spam into his mail, or some robot sends a
>> bounce with an attachment.
Jari Fredriksson wrote:
Then I decided SaneSecurity is not worth it, as SpamAssassin catches those
too, and has less false positives.
SaneSecurity triggers way too often when some dumb user pastes a spam into
his mail, or some robot sends a bounce with an attachment. I do not want to
report th
>> I get lots of 'invoices' from DHL containing a zipped
>> trojan. F-Prot recognizes them as Win32/Bredolab!Generic
>> but ClamAV does not.
>
> Hi,
>
> Just in case this helps block them... I've been detecting
> these for a while if its the same sort of fake invoices
> I've been receiving here,
>> -Original Message-
>> From: clamav-users-boun...@lists.clamav.net
>> [mailto:clamav-users- boun...@lists.clamav.net] On
>> Behalf Of Jari Fredriksson
>> Sent: Wednesday, September 23, 2009 9:14 AM
>> To: ClamAV Users
>> Subject: [Clamav-users] DHL invoices
>>
>>
>> I get lots of 'invo
At 3:09 PM +0100 9/23/09, Steve Basford wrote:
>
I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot
recognizes them as Win32/Bredolab!Generic but ClamAV does not.
Hi,
Just in case this helps block them... I've been detecting these for a
while if its the same sort of fake
Hello,
I would like to test my virus protection behavior by using false
positives in clamav-0.95.2.tar.gz/test/.split
McAfee found viruses but ClamAV did not (by using clamscan)
what could be wrong ?
regards,
Fred
___
Help us build a comprehensive C
>
> I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot
> recognizes them as Win32/Bredolab!Generic but ClamAV does not.
Hi,
Just in case this helps block them... I've been detecting these for a
while if its the same sort of fake invoices I've been receiving here,
using the Sanes
> -Original Message-
> From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
> boun...@lists.clamav.net] On Behalf Of Jari Fredriksson
> Sent: Wednesday, September 23, 2009 9:14 AM
> To: ClamAV Users
> Subject: [Clamav-users] DHL invoices
>
>
> I get lots of 'invoices' from DH
I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot recognizes
them as Win32/Bredolab!Generic but ClamAV does not.
I tried to post one to ClamAV site, but it was said to be recognized already.
I have
ClamAV 0.95.2/9826/Wed Sep 23 14:06:01 2009
main.cvd is up to date
thanx it works well now
2009/9/23 Török Edwin :
> On 2009-09-23 12:14, Frédéric SOSSON wrote:
>> yes but I do not understand why I get daily.cld instead of daily.cvd
>>
>
> Freshclam converts a daily.cvd to a daily.cld when it downloads updates
> if you have ScriptedUpdates turned On.
> See the FA
On 2009-09-23 12:14, Frédéric SOSSON wrote:
> yes but I do not understand why I get daily.cld instead of daily.cvd
>
Freshclam converts a daily.cvd to a daily.cld when it downloads updates
if you have ScriptedUpdates turned On.
See the FAQ.
Best regards,
--Edwin
__
yes but I do not understand why I get daily.cld instead of daily.cvd
2009/9/23 Török Edwin :
> On 2009-09-23 10:35, Frédéric SOSSON wrote:
>> Hello,
>>
>> I've made a local mirror using Apache. I can download daily.cld and
>> main.cvd via wget or linx but freshclam on client displays :
>>
>
> Tha
On 2009-09-23 10:35, Frédéric SOSSON wrote:
> Hello,
>
> I've made a local mirror using Apache. I can download daily.cld and
> main.cvd via wget or linx but freshclam on client displays :
>
Thats the problem, you should have a daily.cvd, not a daily.cld.
Best regards,
--Edwin
Hello,
I've made a local mirror using Apache. I can download daily.cld and
main.cvd via wget or linx but freshclam on client displays :
Wed Sep 23 09:23:41 2009 -> WARNING: Can't read main.cvd header from
mymachine.mydomain (IP: )
Wed Sep 23 09:23:41 2009 -> Trying again in 5 secs...
Wed Sep 23
32 matches
Mail list logo