ds, Scott
>
Oh, indeed.
At first, JS didn't work.
Thanks, Scott.
To Joel:
why make getting the key harder than necessary? :-(
> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf
> Of Tomasz Papszun
> Sent: Monday
.tar.gz
> > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID
> > 260429A0
> > gpg: Good signature from "Talos (Talos GPG Key) <resea...@sourcefire.com>"
> > gpg: Note: This key has expired!
> > Primary key fingerprint: F79F B2D0 8751 57
to do a quick
one-time malware scan.
If I understand your needs correctly,
'-i' option (Only print infected files) is the solution for you.
Present in clamscan for years.
P.S.
Please don't top-post.
--
Tomasz Papszun | And it's only
tomek at lodz.tpsa.pl http
, and unable to reveal full headers,
shouldn't mess with any mail server anyway.
--
Tomasz Papszun | And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
. It is not allowed to break the rules of the mailing list
(not mentioning the general netiquette).
If the company doesn't like the ML rules, then it should not subscribe.
Simple solution: use some other email account which permits decent
behaviour.
--
Tomasz Papszun
asshole happened to be. -
Anonymous.
Won't happen again, but just FYI.
I hope.
[ top-posted parts removed ]
How many levels of quoted mailing list footers is enough?
--
Tomasz Papszun | And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso
, symlinks to files to scan, there should be no
need to split the list of symlinks into smaller parts. Plain launching
clamdscan on that directory should be sufficient.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones
: both checksums are identical.
$ sigtool -i /var/lib/clamav/main.cvd | grep MD5 | cut -d -f 2
bbd0a1fe83da562a1d6b43e22f4c0626
$ tail -c +513 /var/lib/clamav/main.cvd main.cvd.tmp
$ md5sum main.cvd.tmp
bbd0a1fe83da562a1d6b43e22f4c0626 main.cvd.tmp
--
Tomasz PapszunSysAdm @ TP S.A. Lodz
missed some detail but why not just send a test message
containing EICAR test virus and see whether the system stops it or
not?
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http
db for 0.90rc and for 0.8x.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http
.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list/clamav
/20061030.211043.4d2310a4.en.html
P.S. Please shorten the lines length in your posts.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
and to
updates/fixes of the code. And he possesses a sense of humour :-) .
We highly appreciate Stephen's work.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL
to the official daily.pdb would not work, unfortunately - only one
.pdb can be loaded by clamscan. When clamscan tries to load another
.pdb, it exits with an error.
regards,
rob.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl
.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list/clamav-users.html
of the /etc/group entry like amavis:x:105:clamav) and
use AllowSupplementaryGroups in clamd.conf. This way clamd will be able
to read amavisd's files without giving to amavisd too much power over
clamd.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl
is up to date (version: 1590, sigs: 3108, f-level: 8, builder:
sven)
http://www.clamav.net/doc/0.88.3/html/node45.html
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http
in amavisd.conf - these with virus_lovers in their
names.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
)
-
* freshclam: new option HTTPUserAgent to force different User-Agent header
Patch by Andy Fiddaman clam*fiddaman.net
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek
then.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list/clamav
Blars and five-ten-sg:
http://openrbl.org/client/#216.35.188.120
Some time ago I've made some evaluation of RBLs for my purposes and I've
seen blackholes.five-ten-sg.com has too high false positive rate to
being usable.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek
- for the crontab entry as a whole - you must
experiment.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
you'll have to run clamd as root. Note that generally
it's not the best idea (due to security reasons). Especially (but not
only) if untrusted users have shell accounts on the server).
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl
of them) to let our members know that they might have a virus. I contacted
a couple and they said that their networks are clean.
Quite likely.
The principle is sad nowadays: you can't trust any mail headers beyond
your own mailserver's ones.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland
to detect.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list/clamav
the same _with_ and _without_ your .hdb file?
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
m 11 s)
BTW, Fcart.zip included in the message is 3,2 MB in size, while your
clamd.conf contains ArchiveMaxFileSize 1M, so clamd won't scan it.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek
On Thu, 08 Dec 2005 at 18:44:25 +0100, Tomasz Papszun wrote:
[...]
Nothing bad with this file for me:
$ clamdscan 1EKLBH-0002g4-Ek.eml
/tmp/1EKLBH-0002g4-Ek.eml: OK
--- SCAN SUMMARY ---
Infected files: 0
Time: 11.527 sec (0 m 11 s)
[...]
Sorry, I forgot to mention:
my
in the sense that clamdscan will use clamd which uses the options
specified in the config file. I.e. the way of clamdcan's work depends
indirectly on the specified clamd.conf - because the selected clamd
instance depends on that clamd.conf.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland
lines.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list
/amavis/amavis-20051123T113353-16974/parts/part-3
Este es el mensaje del virus Nov 23 11:34:38 pumas.iingen.unam.mx
amavisd[16974]: (16974-08) INFECTED (Worm.Sober.U), [EMAIL PROTECTED]
- [EMAIL PROTECTED],
This is a message from amavisd, *not* from ClamAV.
--
Tomasz PapszunSysAdm
On Thu, 17 Nov 2005 at 7:07:44 -0800, saravanan ganapathy wrote:
Set the ArchiveMaxCompressionRatio 300 or higher
... that stopped it for me.
Even I tried to change to 2000, but it doesn't work.
Are you absolutely sure that your setup uses clamd, not clamscan?
--
Tomasz Papszun
unneeded fragments of previous messages - especially commercial
footers, mailing list footers, long signatures.
Shorten your signature, please.
http://www.xs4all.nl/~hanb/documents/quotingguide.html
http://www.netmeister.org/news/learn2quote.html
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland
: 0.86.2.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list
processing of the messages.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http
to enable scanning of e-amail files before sending to
user mailboxes.
Will appreciate any assistance.
http://www.clamav.net/sendvirus.html
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net
it suits your
needs, but you may want to know about that package. If you can't find
that message, I can forward it to you.
P.S. Lines produced by your MUA are as long as 7 standard lines.
Please configure it so that lines are no longer than about 74 chars.
--
Tomasz PapszunSysAdm @ TP S.A
want to verify that there are no some forgotten clamd.conf
files in the system and, generally, files from old clamav installation.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http
On Thu, 22 Sep 2005 at 11:53:55 +0200, Marco Berizzi wrote:
Tomasz Papszun wrote:
On Thu, 22 Sep 2005 at 11:09:07 +0200, Marco Berizzi wrote:
Marco Berizzi wrote:
I'm using clam 0.87 with mimedefang.
This moring a virus has been slipped through.
This is the output from
On Thu, 22 Sep 2005 at 16:48:36 +0200, Tomasz Papszun wrote:
On Thu, 22 Sep 2005 at 11:53:55 +0200, Marco Berizzi wrote:
[...]
As you can see clamd is *working* and it is cacthing viruses. Only
that stupid zip is slipping throught. Running clamdscan with eicar
test file is fine as you can
://www.clamav.net/bugs.html#pagestart .
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
.
Fortunately, ArchiveMaxFileSize has a default limit (10M), so even
without explicit setting, the system is protected.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net
WARNING: NO SUPPORT FOR DIGITAL SIGNATURES, you haven't
had digital signature support already (in 0.86.1).
FAQ entry 20.
http://www.clamav.net/faq.html
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek
On Tue, 13 Sep 2005 at 9:03:05 -0400, Tripp Sims wrote:
Tomasz Papszun wrote:
[...]
Anyway, we appreciate submitting currently spreading malware caught in
the wild. If you select some distinct name for submitting, we'll be
able to easier monitor your submissions.
Yesterday I submitted
monitor your submissions.
Thanks
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http
need.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list
. it scans the
/root dir and finds eicar virus.
the documentation you refer to is very basic, are you
a debian user?
Kevin,
Stephen Gran is not only a Debian user, but also the respectable Debian
maintainer of ClamAV packages! :-)
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland
no problems with accessing the files for scanning.
Here you are an example which worked for me:
VirusEvent /usr/bin/logger Test. Name: %v has been found.
which gave in the user.log:
Jul 29 16:37:41 hostname logger: Test. Name: Eicar-Test-Signature has
been found.
--
Tomasz PapszunSysAdm @ TP S.A
.18387537
It has the inscription which explains why its price is higher than of
any ordinary magnet button: I pay ClamAV so you don't have to :-) .
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek
!
http://www.clamav.net/bugs.html#pagestart
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
the Debug setting since it
doesn't get restarted. clamscan doesn't use the clamd daemon, so you
accomplish all that is asked without having to potentially damage the
flow of mail across your machine.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl
to the console messages from ClamAV. I.e.,
exclude the ClamAV's facility (LOG_LOCAL6 by default, but may be
changed with LogFacility in clamd.conf).
or
2) You can configure your syslog daemon to write to the console
only messages which exceed some priority (e.g. crit).
--
Tomasz PapszunSysAdm @ TP S.A
for your help so far Dave.
[...]
---
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net
.).
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list/clamav
.
[...]
Not the reason, just a circumstance, but... check what
'cat /proc/sys/fs/file-max ; cat /proc/sys/fs/file-nr'
says.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL
the entire mailbox file, i need it to
remove: Just The Infected Email From The Mailbox. I've not found a way to tell
clamscan to do this ?
I supossed this to be a very common problem, but i didn't found info about it.
http://www.clamav.net/faq.html ; entry 32.
--
Tomasz PapszunSysAdm @ TP
*
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
___
http://lurker.clamav.net/list/clamav
On Wed, 23 Mar 2005 at 19:49:30 +0100, Guillaume Arcas wrote:
Tomasz Papszun a écrit :
Unpack the CVD containers so some other directory, remove the unwanted
signature from the plain text databases, instruct the clamscan (or
clamd) to use databases from that other directory.
Means
no reply anyway. That's why you can replace
'database.clamav.net' with some hostname which you know is pingable.
Use a hostname, not an IP address, so that you can notice a DNS-related
problem during startup in case it's the reason.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
On Wed, 23 Mar 2005 at 19:15:03 +0100, Guillaume Arcas wrote:
What is the process to build one's own CVD files from *.db files ?
I mean : how does the --server option runs exactly ?
You can't use it. It's for database developers only.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland
On Wed, 23 Mar 2005 at 19:30:11 +0100, Guillaume Arcas wrote:
Tomasz Papszun a écrit :
You can't use it. It's for database developers only.
OK. So, if for any - good or bad - reason I want to disable a signature,
how can I do that ?
Unpack the CVD containers so some other directory
.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
JS.Spam.Scramble.A
(Clam)=3c736372697074206c616e67756167653d224a617661536372697074223e
On Tue, 22 Mar 2005 at 8:33:09 -0600, Sam wrote:
On Tue, 22 Mar 2005, Tomasz Papszun wrote:
If you mean JS.Spam.Scramble.A, please find it attached.
Disclaimer: use it at your own risk.
Thanks Tomas!
(I'm a little worried now though with your disclaimer... :) Was it just
=index.htmlbranch=root=/cvsrootsubdir=mozilla-org/html/editorcommand=DIFF_FRAMESETrev1=1.57rev2=1.58
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus
/724/Fri Feb 25 00:55:18
2005 as Broken.Executable . Be careful when submitting samples and
remember to run freshclam!
I believe your clamscan will detect it when you use option
--detect-broken.
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http
running
is a mysterious: [...]
Why do you think that freshclam stops running when there is an updated
version of the code??
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http
/faq.html#pagestart
Surprise, surprise ;-) .
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
-archive.com/clamav-users@lists.clamav.net/msg12349.html
--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
advise on what I am supposed to be
commenting out
Both example lines.
and how to save changes?
In 'nano': Ctrl-X
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net
the downtime seems to be longer than it was announced.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
the scanner _once_, not every time for every single file (like it
happens when scanning incoming mail). So you may try to stop clamd and
run just clamscan with nice(1).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros
it at
http://www.clamav.net/sendvirus.html ?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http
On Tue, 25 Jan 2005 at 6:42:33 -0700, Hal Goldfarb wrote:
On Monday 24 January 2005 05:21, Tomasz Papszun wrote:
On Mon, 24 Jan 2005 at 3:04:22 -0700, Hal Goldfarb wrote:
[...]
Problem: When I run clamdscan (which uses the daemon), it generates
zillions of errors in the clamd.log
:-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman
there are no clamav
related files left elsewhere (older installation?) and start from
scratch, doing _as little changes in relation to the INSTALL file, as
possible_.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros
On Thu, 20 Jan 2005 at 8:02:43 -0800, Dennis Peterson wrote:
Tomasz Papszun wrote:
On Thu, 20 Jan 2005 at 16:36:14 +0100, Cali Federico wrote:
[...]
-- is it possible, after a virus detection, to forwarding the e-mail
to the original destination without the attachment ?
Please don't
is caused by
something at the pre-compiling stage, most likely options given to
./configure.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
works fine.
Any ideas?
Does the error occur also with the CVS version?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
some problem with frequency of
checks.
Try adding Checks number
where number is the number of database checks per day.
Also, add LogVerbose to see more details in the log.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones
(: is the field separator).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi
CVS version for this (or wait for releasing 0.81).
Though I'm not sure about something you call mbx format mailbox files
as you contrast them with standard unix mailbox files.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones
that virus ?
http://www.clamav.net/sendvirus.html
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav
in the attachment itself? (not in the mail
message but in the naked Textfile.zip).
If yes, there is some problem in your setup (Clamfilter?).
If not, submit the file at http://www.clamav.net/sendvirus.html .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
instead
of its configuration file is a last resort.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
properly decode it.
BTW, 'uudeview' segfaults on that sample. 'mimencode' decodes it
successfully.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
: '/pub/CDImages/Office 2000
CD1.iso' infected with virus 'Exploit.IFrame.Gen'
I assume that the iso file contains the same signature as the virus.
An updated signature will be released shortly. Then the false signature
will be removed from the main.cvd.
--
Tomasz Papszun SysAdm @ TP S.A
description of its core
business, description of servers running ClamAV, number of domain
hosted, number of scans performed each day.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
-1
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman/listinfo
on behalf of that blocked IP address.
Or do some redirecting of packets by means of the firewall or
the firewall code in the host itself.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman/listinfo
putting together?
Seems it's an OpenBSD issue. You may want to ask OpenBSD folks.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
ClamAV scan message_text.txt what it isn't an executable and
let it go through :?
Does ClamAV detect a malware if you change the filename to some
normal, short name?... No? Then nothing shows that there is any
problem with long filenames.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
On Wed, 24 Nov 2004 at 11:03:56 +0100, Alvaro Uria wrote:
On Wed, 24 Nov 2004 10:17:24 +0100
Tomasz Papszun [EMAIL PROTECTED] wrote:
Does ClamAV detect a malware if you change the filename to some
normal, short name?... No? Then nothing shows that there is any
problem with long
probably use for your goal. Maybe ask at some Snort
forums also.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
1.300Mhz 128MB.
Clamav is called from P3scan pop3 proxy for 1300 emails per day.
Version 0.80 was released more than 1 month ago. Please upgrade.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL
On Fri, 19 Nov 2004 at 22:26:24 -0600, Damian Menscher wrote:
On Sat, 20 Nov 2004, Tomasz Papszun wrote:
On Fri, 19 Nov 2004 at 20:09:06 -0600, Damian Menscher wrote:
Clamd didn't find the EICAR pattern. Your virus database(s) could be
borked!
Eicar-Test-Signature was moved to daily.cvd
and access rights of them.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net
?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Fri, 19 Nov 2004 at 20:09:06 -0600, Damian Menscher wrote:
On Sat, 20 Nov 2004, Tomasz Papszun wrote:
[...]
What, exactly, was wrong?
All my servers did this two times (15 minutes apart):
Subject: Cron [EMAIL PROTECTED] /usr/local/sbin/clamdwatch.pl -q
/etc/init.d/clamd condrestart
1 - 100 of 360 matches
Mail list logo