Re: [Clamav-users] Virus Names

(according to other scanner), though they select that the sample is detected by other scanner and sometimes they even write which scanner (but no virus name). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros

Re: [Clamav-users] Re: Don't Understand

... :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored

Re: [Clamav-users] Trojan.Dropper.JS.Mimail.B ?

To: [EMAIL PROTECTED] Subject: [Clamav-virusdb] Update (daily: 46) Date: Sat, 6 Dec 2003 04:57:29 +0100 -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus

Re: [Clamav-users] test message

one). Please stop littering our MLs with such inappropriate messages. There are much better ways to spread your address to spammers and viruses. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED

Re: [Clamav-users] clam not fresh

that now it's OK. Is it? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net

Re: [Clamav-users] Freshclam timeout error

Fri 26 Mar 2004 14:05:20 GMT libclamav1-0.70-3mdk Fri 26 Mar 2004 14:05:19 GMT [...] A proxy server between?... -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros

Re: [Clamav-users] clam not fresh

(version: 21, sigs: 20094, f-level: 1, builder: tkojm) daily.cvd updated (version: 215, sigs: 608, f-level: 1, builder: diego) Database updated (20702 signatures) from database.clamav.net (209.94.36.5). If not, we'll try to search for the reason. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland

Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE

requested for clamscan in command line (e.g. ScanMail). If so, scanning with clamdscan can require more resources than simple 'clamscan'. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] clam not fresh

is this: if my clamav.conf says to use /var/lib/clamav, and freshclam is downloading the files to there, then why does clamscan use the files in /usr/local/share/clamav? Maybe you compiled ClamAV with this path? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED

Re: [Clamav-users] clam not fresh

that started this thread, but it appears to be a good place to mention that something else is going wrong with the downloads also. You use old version of ClamAV. Please upgrade. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl

Re: [Clamav-users] clam not fresh

On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote: At 05:24 PM 3/25/04, Tomasz Papszun wrote: On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote: I'm updating from clamav.elektrapro.com and starting a short time ago it now wants to update viruses.db

Re: [Clamav-users] freshclam debugging help

file ./1c136a7d92ca0d50 to write open: Permission denied ERROR: Can't download viruses.db2 from clamav.elektrapro.com Don't know the particular reason of this error... But you really should upgrade your Clamav. You use quite an old version! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland

Re: [Clamav-users] Netsky Q version

On Thu, 25 Mar 2004 at 0:48:03 +0800, cc wrote: [...] can someone tell me what the procedure is to submit a sample? http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi Should I just zip up the attachment and encrypt the file? No. Submit it as it is. -- Tomasz Papszun

Re: [Clamav-users] debian/qmail install

should be used in conjuction with another scanner like qmail-scanner. clamav should be installed first. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL

Re: [Clamav-users] clamav-0.67 hangs periodically (postfix+amavisd-new+clamav)

. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM

Re: [Clamav-users] testvirus.org

-- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux

Re: [Clamav-users] MyDoom.G detected by clamscan but not by clamd

PROTECTED]@[EMAIL PROTECTED]@Received: from... Does all your messages looks like this, or is it some modified file? If this is a normal message format at your system, you can contact Nigel Horne with details. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] PB: ClamAV works but doesn't detect viruses

in your MUA. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email

Re: [Clamav-users] clamdscan gives wrong output

On Wed, 03 Mar 2004 at 11:56:50 +0100, Marc Cuypers wrote: Tomasz Papszun wrote: On Wed, 03 Mar 2004 at 11:18:15 +0100, Marc Cuypers wrote: I'm using clamav 0.67 on Debian Woody. When I run 'clamdscan file1'. I get the message it contains the virus Worm.Gibe.F FOUND. When I run

Re: [Clamav-users] Occasionally missing viruses

saved in a separate directory and clamscan misses all of those. Just use --mbox and tell us what happens. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus

Re: [Clamav-users] Occasionally missing viruses

interface, describing the problem of course. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Re: password-protected Worm.Bagle.H

developers) crawl through this rubbish instead of working on other threats :-(( . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Re: password-protected Worm.Bagle.H

On Thu, 04 Mar 2004 at 12:08:57 +0100, Laurent Wacrenier wrote: Tomasz Papszun wrote: Despite adding to the submission page (in BIG fontsize!) this request: DO NOT SUBMIT naked zip files IF their contents is DETECTED as infected by ClamAV AFTER UNZIPPING they keep submitting

Re: [Clamav-users] Re: Simple patch for dealing with password zip files

with password zip files -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email

Re: [Clamav-users] I need help with clamav-milter.

is rebooted clamav does not start. How do I get this going properly with sendmail and procmail? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Re: [Clamav-virusdb] Update (daily: 165)

Bagle zip files Notes: Signature by Trog Added: Yes Does this mean that 0.67 will now detect the the encrypted versions regardless of password? Yes. In otherwords, I don't have to switch to cvs version to detect these? You haven't. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland

Re: [Clamav-users] passworded zips slipping thru

haven't tried it yet. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored

Re: [Clamav-users] clamdscan gives wrong output

you typed are identical. Have you searched the archives anyway? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] passworded zips slipping thru

On Wed, 03 Mar 2004 at 7:50:34 -0500, jef moskot wrote: On Wed, 3 Mar 2004, Tomasz Papszun wrote: Our signatures Worm.Bagle.F-zippwd* are based on the real contents of mail messages (stream of characters as they are), while amavisd-new (and probably amavis) divide messages to parts

Re: [Clamav-users] db signatures

. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your

Re: [Clamav-users] New virus Worm.Bagle.Gen-1, has password-zip version not being caught

it. If no, then submit it. 2) If ClamAV with fresh database does NOT detect a virus in _unzipped_ file, then submit it. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

) to us as it's quite impossible to create a signature for them. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] clamav 0.65 not detecting Worm.Bagle.F

On Tue, 02 Mar 2004 at 15:00:16 +0800, Joey Esquibal wrote: [...] I have successfully configured MailScanner with ClamAV-0.65. Tested it [...] Any help of pointers are greatly appreciated. Please upgrade. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

On Tue, 02 Mar 2004 at 3:38:32 -0500, jef moskot wrote: On Tue, 2 Mar 2004, Tomasz Papszun wrote: So please folks, stop submitting encrypted zip files (without a full message) to us as it's quite impossible to create a signature for them. Does this mean you still want samples including

Re: [Clamav-users] password-protected Worm.Bagle.H

in their contents and even sizes. So checksums are different. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

On Tue, 02 Mar 2004 at 11:05:53 -0500, B.K. DeLong wrote: At 10:04 AM 3/2/2004 +0100, Tomasz Papszun wrote: As usually: only if ClamAV with an up-to-date database isn't detecting an infection in a sample. In this particular case a sample = a full message sample. OK - I am still receiving

Re: [Clamav-users] For those using Procmail - a simple rule to hinder the Bagle-I virus

in size. Attachments themselves (decoded) are between 15 KB and 30 KB. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Some more evidence for my last mail ...

[...] sh-2.04$ /usr/local/clamav-0.67/bin/clamdscan ./your_archive.pif /var/amavis/./your_archive.pif: OK Only a short note related to clamdscan itself: is your_archive.pif readable by user running clamd? (not you, but clamd). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only

Re: [Clamav-users] sigtool --list-sigs

On Mon, 01 Mar 2004 at 8:18:25 -0600, Joe Kletch wrote: sigtool --list-sigs Does not work on my install. Is the best way to get this corrected to upgrade Clam 0.67? mail burtonmayer.com $ clamd -V clamd / ClamAV version 0.65 Please, don't top-post. Yes. -- Tomasz Papszun SysAdm

Re: [Clamav-users] ClamAV 0.67 upgrade from.065 doesn't work

is shown when you scan some file? (Known viruses: 20816). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] clamd: Segmentation Fault?

your checks/updates slower as many people rush to servers at the same time! Just select some random number in a range 1;59 and run freshclam at that many minutes after full hours (or every 2 or how-many-you-want hours). Thank you -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only

Re: [Clamav-users] amavisd-new and clamav: getting clamd.ctl location right

: \ask_daemon, [CONTSCAN {}\n, '/var/run/clamav/clamd.ctl'], -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Couple of questions regarding ClamAV

with clamav-daemon (clamd), but mail continue to flow _scanned_. A very nice solution! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Virus listing

Please upgrade. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net

Re: [Clamav-users] [signatures] How to use self-made signatures ?

work, you must be doing some mistake :-). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Re: Worm.SomeFool is this w32/Netsky.b@MM

/gmane.comp.security.virus.clamav.virusdb -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net

Re: [Clamav-users] amavisd-new install

command to SMTP server. After sending a message you need just type quit and the connection is properly closed. That's all. Or start a new mail from... sequence. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL

Re: [Clamav-users] Can't access the file ERROR

, as error is connected with other file (e.g. /var/amavis/amavis-07047767/parts)... I am not sure what the problem could be? It runs fine if I comment out the User clamav option in /etc/clamav.conf file. (runs fine as root) Any ideas? Thanks in advance. -- Tomasz Papszun SysAdm @ TP S.A. Lodz

Re: [Clamav-users] Database initialize error

On Mon, 16 Feb 2004 at 18:36:31 +0100, Tomasz Papszun wrote: On Mon, 16 Feb 2004 at 9:46:48 -0700, Chadwick Wachs wrote: There is an empty directory /var/clamav_db. Where should the database be and how do I get it in there? Database files should be in the directory configured

Re: [Clamav-users] Clamscan -m segfault , possibly a big problem

needless files from database directory not only because they unnecessarily use more memory, but also because after we remove any possible false positive signature from current database, you'll still have it in your setup, which may cause false alarms. -- Tomasz Papszun SysAdm @ TP S.A. Lodz

Re: [Clamav-users] Re: Clamscan -m segfault , possibly a big problem

On Mon, 16 Feb 2004 at 3:10:48 -0700, Starbane wrote: Tomasz Papszun wrote: On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote: --- SCAN SUMMARY --- Known viruses: 41374 ^ You've got some superfluous database files. There are only 20718 signatures

Re: [Clamav-users] Freshclam checks.

/ClamAV/bin/freshclam -d --checks=2 --quiet -l /internet/ClamAV/log/freshclam.log What am I doing wrong ? Maybe you have also a cronjob which executes freshclam? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros

Re: [Clamav-users] Database initialize error

/clamav_db ERROR: Database initialization error. There is an empty directory /var/clamav_db. Where should the database be and how do I get it in there? Database files should be in the directory configured with DataDirectory directive. One must run freshclam after installing ClamAV. -- Tomasz

Re: [Clamav-users] 0.66

with database (just in case). $ ls -ld /var/lib/clamav drwxr-xr-x4 clamav clamav 4096 Feb 13 02:44 /var/lib/clamav/ -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] new virus definition library

the sigs to you guys. You are welcome. But please submit also original samples. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] 0.65 is deprecated ?

On Tue, 10 Feb 2004 at 13:28:14 -0500, Rob Mangiafico wrote: On Tue, 10 Feb 2004, Tomasz Papszun wrote: I admit that I'm quite focused on Postfix + Amavisd-new + ClamAV solution (I don't know details of milter and so on) so maybe I'm missing something... But what do you mean by I use clamd

Re: [Clamav-users] MyDoom.D - manual signature generation?

in the moment. We apologise for the delay! :-( . As a quick, temporary fix, you can use the attached file, containing the signature prepared by one of developers - Christoph Cordes. Just place it in your database directory and reload clamd. Once again: sorry! -- Tomasz Papszun SysAdm @ TP S.A

Re: [Clamav-users] 0.65 is deprecated ?

. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux

Re: [Clamav-users] 0.65 is deprecated ?

samples. Not mentioning our private life suffering from lack of time. I see that at least some people read out announcements ;-) . Thanks for warm word. We appreciate your appreciation :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] Cron Daemon errors

(200.68.106.40) I looked in the clam-update.log, and this is what the entry there says: [...] Did I set something up wrong? No. Simply that mirror has some problem. I believe that freshclam succeeds with a next mirror in turn. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only

Re: [Clamav-users] 0.65 is deprecated ?

heavily and messages are no longer in a email format. Obviously, ClamAV can't detect an infection in them. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus

Re: [Clamav-users] 0.65 is deprecated ?

? Maybe you use clamav-milter, but you just didn't mention it... I think that one can't help you not knowing more details of your setup. In case you use clamav-milter: it's being very actively developed by Nigel and I believe that the current version is far more powerful than 0.65. -- Tomasz

Re: [Clamav-users] Older database version wanted

can download .cvd file with wget, lynx or whatever browser you like. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] CG Pro and ClamAV finds virus but can't find it when scanning with clamscan manually

:35:40 +0100 After I removed first 4 lines: $ clamscan --mbox 40820.msg 40820.msg: Worm.SCO.A FOUND -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus

Re: [Clamav-users] Clamav and quoted-printable

anymore, as it is no longer quoted-printable encoded... Is there a solution to this problem ? The solution is probably a correcting the signature by us ;-) . Thank you for pointing this out! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

. But as sigtool grants the http download of cvd files, might we focus on the download routines ? Sure, I mentioned 'md5sum' in case sigtool would give strange result. Let's see if Tomasz Kojm has any idea. I haven't any left at the moment. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland

Re: [Clamav-users] Accessing the virus-db via php or perl

: make sure what is the correct syntax of this option. I don't know about the newest CVS version, but yet 2 days ago a space between -l and the path wasn't permitted: --list-sigs[=FILE] -l[FILE]List signature names ^^ -- Tomasz Papszun SysAdm @ TP S.A

Re: [Clamav-users] Decompression Bombs

and check the rest of them. You are welcome to crash-test Clamav and report the result here :-). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] False alarms ?

://clamav.sourceforge.net/cgi-bin/sendvirus.cgi Thank you -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Logrotate won't restart clamd

; start'. I haven't tried SIGHUP. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net

Re: [Clamav-users] Logrotate won't restart clamd

of using clamav so I can't say for sure... but no, it doesn't allow viruses to pass. In the worst case MTA just queues messages for a while, when clamd isn't up. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros

Re: [Clamav-users] Logrotate won't restart clamd

On Tue, 03 Feb 2004 at 13:28:07 +0100, Kritof Petr wrote: Tomasz Papszun wrote: It may be true, unfortunately. I'd like to stress that, though logrotate and clamd cooperate for me, it may be the effect of restarting clamd, not SIGHUPping it: postrotate /etc/init.d/clamav-daemon

Re: [Clamav-users] ERROR: Unable to create temporary directory

variable is set) before starting clamd. After starting it, you can set it back, of course. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Clamd ignores updates

. Option UseProcessess is enabled. My config files are below. Petr clamav.conf- [...] UseProcessess [...] I don't know if this is the reason, but this has a typo error. It should read UseProcesses, not UseProcessess (doubled s). -- Tomasz Papszun

Re: [Clamav-users] Logrotate won't restart clamd

to this, the logfile is still open and new entries can be written to it. Then on reload or restart, the handle (file descriptor?) is released and the new logfile is created. Not earlier! I don't know if it makes any difference for clamd, though. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only

Re: [Clamav-users] Logrotate won't restart clamd

On Mon, 02 Feb 2004 at 7:43:28 -0600, Daniel J McDonald wrote: On Mon, 2004-02-02 at 07:27, Tomasz Papszun wrote: On Mon, 02 Feb 2004 at 14:03:55 +0100, Kritof Petr wrote: Tomasz Kojm wrote: The current logfile is _moved_ to other filename, not removed (deleted). Initially, yes

Re: [Clamav-users] Logrotate won't restart clamd

On Mon, 02 Feb 2004 at 14:53:10 +0100, Daniel Wiberg wrote: On Mon, Feb 02, 2004 at 02:27:18PM +0100, Tomasz Papszun wrote: I didn't look at the sources but I've always thought that log rotating is done different way. The current logfile is _moved_ to other filename, not removed (deleted

Re: [Clamav-users] Clamdscan problem

clamd is running as, has to have read access to scanned files. As an example put some world-readable file in a world-readable directory and you'll see that clamdscan works. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones

Re: [Clamav-users] Viruses not detected, Please help.

set ScanMail in clamav.conf? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net

Re: [Clamav-users] clamav-milter not honoring the --quiet switch?

refusals of accepting an email message, not sendings some messages to some email addresses. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Clamdscan problem

can use clamscan instead. Or run clamd as root (not recommended). Note that then all files will be accessible for scanning for every user which isn't a good idea. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros

Re: [Clamav-users] SCO virus - Clam 0.65

some clue's in implementing such feature using amavis-ng Maybe there is some mailing list of amavis-ng users? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL

Re: [Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}

. I suspect that your proxy (or settings concerning it) is the culprit. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Re: SCO.a not being caught at all

viruses) -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored

Re: [Clamav-users] yahoo groups??

with clamav-milter -Troy Well, false positives happen. But we must have a sample. P.S. Please don't use existing thread when you start a new topic. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED

Re: [Clamav-users] Suggestion: Read list of files to scan from file/stdin

-if-empty, -r If the standard input does not contain any non­ blanks, do not run the command. Normally, the com­ mand is run once even if there is no input. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] SOT: SCO.A disappearing?

still have its signature in your database. I can't invent why you could not have it after you had it, but... -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus

Re: [Clamav-users] Mimail.q - polymorphic virus

a decryption routine in ; order to contend with Mimail.q successfully. Our signature of Worm.Mimail.Q _is_ a polymorphic one. Of course it may happen that it's not optimal. If there are samples not detected by Clamav, we'll see. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's

Re: [Clamav-users] SCO virus - Clam 0.65

|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|gibe'i, qr'exploit\.iframe\.gen|bics|bagle|worm.sco'i, ); -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl

Re: [Clamav-users] LogSyslog logs twice?

Jan 20 00:11:02 gateway clamd[19226]: Reading databases from /var/lib/clamav [...] Maybe you have set also LogFile to the same file?... Though I can be wrong - I haven't tried them both together. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] Multiple stability problems on Solaris 9

not exceed about 75 chars. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email

Re: [Clamav-users] a question of size

.. Do you mean the smallest size that a virus can be? There are viruses which are only 25 B (yes: twenty five bytes!). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net

Re: [Clamav-users] a question of size

On Thu, 15 Jan 2004 at 10:55:41 -0800, Robin Lynn Frank wrote: On Thursday 15 January 2004 09:33, Tomasz Papszun wrote: On Thu, 15 Jan 2004 at 9:08:11 -0800, Robin Lynn Frank wrote: No this is not spam. My question is does anyone know the smallest size for virus/trojan/worm payload

Re: [Clamav-users] Disabling Filename blocks / Images coming up as Viruses

, if you really want, you can disable this check in amavisd.conf. But your protection will be weaker. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus

Re: [Clamav-users] problem in updating virus db

-2003 14:3071k [ ] viruses.md5 02-Dec-2003 15:40 1k [ ] viruses2.md508-Dec-2003 14:30 1k P. S. Please remove unneeded fragments of previous messages when quoting. Especially commercial footers and mailing list footers! -- Tomasz Papszun SysAdm @ TP S.A

Re: [Clamav-users] Re: Lots of clamav-milter processes running

or similar (check in syslog.conf where mail facility is logged). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] How to make Clam-AV to detect perticular virus

maybe the quoted message is a virus message after removing binary attachment. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] type of viruses being added to database

On Mon, 12 Jan 2004 at 13:20:45 -0500, jef moskot wrote: On Mon, 12 Jan 2004, Tomasz Papszun wrote: Added are viruses which users submitted to us :-) . Or found by us. Well, yes, obviously, but could you maybe take a recent representative update and give us an idea of what the added

Re: [Clamav-users] type of viruses being added to database

or subjectively (for Clamav team) recent? :-). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] type of viruses being added to database

this :-). This is a process, not a one-time event. catching up with a bunch of old and relatively rare viruses. I'm not making a judgement about what should be done, I'm just curious as to what is actually happening. The newest, spreading viruses should be (and are) added qucker. -- Tomasz

<    1   2   3   4   >