(according to other
scanner), though they select that the sample is detected by other
scanner and sometimes they even write which scanner (but no virus name).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros
... :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email is sponsored
To: [EMAIL PROTECTED]
Subject: [Clamav-virusdb] Update (daily: 46)
Date: Sat, 6 Dec 2003 04:57:29 +0100
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus
one).
Please stop littering our MLs with such inappropriate messages. There
are much better ways to spread your address to spammers and viruses.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros.
[EMAIL PROTECTED
that now it's OK. Is it?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net
Fri 26 Mar 2004 14:05:20 GMT
libclamav1-0.70-3mdk Fri 26 Mar 2004 14:05:19 GMT
[...]
A proxy server between?...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
(version: 21, sigs: 20094, f-level: 1, builder: tkojm)
daily.cvd updated (version: 215, sigs: 608, f-level: 1, builder: diego)
Database updated (20702 signatures) from database.clamav.net (209.94.36.5).
If not, we'll try to search for the reason.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
requested for clamscan in command line (e.g. ScanMail). If so,
scanning with clamdscan can require more resources than simple
'clamscan'.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http
is this: if my clamav.conf
says to use /var/lib/clamav, and freshclam is downloading the files to
there, then why does clamscan use the files in /usr/local/share/clamav?
Maybe you compiled ClamAV with this path?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
that started this thread, but it appears to be a
good place
to mention that something else is going wrong with the downloads also.
You use old version of ClamAV. Please upgrade.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl
On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote:
At 05:24 PM 3/25/04, Tomasz Papszun wrote:
On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
I'm updating from clamav.elektrapro.com and starting a short time ago it
now wants
to update viruses.db
file ./1c136a7d92ca0d50 to write
open: Permission denied
ERROR: Can't download viruses.db2 from clamav.elektrapro.com
Don't know the particular reason of this error...
But you really should upgrade your Clamav. You use quite an old version!
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
On Thu, 25 Mar 2004 at 0:48:03 +0800, cc wrote:
[...]
can someone tell me what the procedure
is to submit a sample?
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
Should I just zip up the attachment
and encrypt the file?
No. Submit it as it is.
--
Tomasz Papszun
should
be used in conjuction with another scanner like
qmail-scanner. clamav should be installed first.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email is sponsored by: IBM
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email is sponsored by: IBM Linux
PROTECTED]@[EMAIL PROTECTED]@Received:
from...
Does all your messages looks like this, or is it some modified file?
If this is a normal message format at your system, you can contact Nigel
Horne with details.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
in your MUA.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email
On Wed, 03 Mar 2004 at 11:56:50 +0100, Marc Cuypers wrote:
Tomasz Papszun wrote:
On Wed, 03 Mar 2004 at 11:18:15 +0100, Marc Cuypers wrote:
I'm using clamav 0.67 on Debian Woody.
When I run 'clamdscan file1'. I get the message it contains the virus
Worm.Gibe.F FOUND.
When I run
saved in a separate
directory and clamscan misses all of those.
Just use --mbox and tell us what happens.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus
interface, describing the problem of course.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
developers) crawl through this
rubbish instead of working on other threats :-(( .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Thu, 04 Mar 2004 at 12:08:57 +0100, Laurent Wacrenier wrote:
Tomasz Papszun wrote:
Despite adding to the submission page (in BIG fontsize!) this request:
DO NOT SUBMIT naked zip files IF their contents is DETECTED as infected
by ClamAV AFTER UNZIPPING
they keep submitting
with password zip files
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email
is rebooted clamav does not start. How do I get this going
properly with sendmail and procmail?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
Bagle zip files
Notes: Signature by Trog
Added: Yes
Does this mean that 0.67 will now detect the the encrypted versions
regardless of password?
Yes.
In otherwords, I don't have to switch to cvs version to detect these?
You haven't.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
haven't tried it yet.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
SF.Net is sponsored
you typed are identical.
Have you searched the archives anyway?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Wed, 03 Mar 2004 at 7:50:34 -0500, jef moskot wrote:
On Wed, 3 Mar 2004, Tomasz Papszun wrote:
Our signatures Worm.Bagle.F-zippwd* are based on the real contents of
mail messages (stream of characters as they are), while amavisd-new (and
probably amavis) divide messages to parts
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
SF.Net is sponsored by: Speed Start Your
it.
If no, then submit it.
2) If ClamAV with fresh database does NOT detect a virus in _unzipped_
file, then submit it.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL
) to us as it's quite impossible to create a signature for them.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Tue, 02 Mar 2004 at 15:00:16 +0800, Joey Esquibal wrote:
[...]
I have successfully configured MailScanner with ClamAV-0.65. Tested it
[...]
Any help of pointers are greatly appreciated.
Please upgrade.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
On Tue, 02 Mar 2004 at 3:38:32 -0500, jef moskot wrote:
On Tue, 2 Mar 2004, Tomasz Papszun wrote:
So please folks, stop submitting encrypted zip files (without a full
message) to us as it's quite impossible to create a signature for them.
Does this mean you still want samples including
in their contents and even sizes. So checksums are different.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Tue, 02 Mar 2004 at 11:05:53 -0500, B.K. DeLong wrote:
At 10:04 AM 3/2/2004 +0100, Tomasz Papszun wrote:
As usually: only if ClamAV with an up-to-date database isn't detecting
an infection in a sample. In this particular case a sample = a full
message sample.
OK - I am still receiving
in
size. Attachments themselves (decoded) are between 15 KB and 30 KB.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
[...]
sh-2.04$ /usr/local/clamav-0.67/bin/clamdscan ./your_archive.pif
/var/amavis/./your_archive.pif: OK
Only a short note related to clamdscan itself:
is your_archive.pif readable by user running clamd? (not you, but
clamd).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
On Mon, 01 Mar 2004 at 8:18:25 -0600, Joe Kletch wrote:
sigtool --list-sigs
Does not work on my install. Is the best way to get this corrected to
upgrade Clam 0.67?
mail burtonmayer.com $ clamd -V
clamd / ClamAV version 0.65
Please, don't top-post.
Yes.
--
Tomasz Papszun SysAdm
is shown when you scan some file?
(Known viruses: 20816).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
your
checks/updates slower as many people rush to servers at the same time!
Just select some random number in a range 1;59 and run freshclam at
that many minutes after full hours (or every 2 or how-many-you-want
hours).
Thank you
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
:
\ask_daemon, [CONTSCAN {}\n, '/var/run/clamav/clamd.ctl'],
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
with
clamav-daemon (clamd), but mail continue to flow _scanned_. A very nice
solution!
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
Please upgrade.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
SF.Net
work, you must be doing some mistake :-).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
/gmane.comp.security.virus.clamav.virusdb
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
SF.Net
command to
SMTP server. After sending a message you need just type quit
and the connection is properly closed. That's all.
Or start a new mail from... sequence.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL
, as error is connected with other file
(e.g. /var/amavis/amavis-07047767/parts)...
I am not sure what the problem could be? It runs fine if I comment out the
User clamav option in /etc/clamav.conf file. (runs fine as root)
Any ideas? Thanks in advance.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz
On Mon, 16 Feb 2004 at 18:36:31 +0100, Tomasz Papszun wrote:
On Mon, 16 Feb 2004 at 9:46:48 -0700, Chadwick Wachs wrote:
There is an empty directory /var/clamav_db. Where should the
database be and how do I get it in there?
Database files should be in the directory configured
needless files from database directory not only because they
unnecessarily use more memory, but also because after we remove any
possible false positive signature from current database, you'll still
have it in your setup, which may cause false alarms.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz
On Mon, 16 Feb 2004 at 3:10:48 -0700, Starbane wrote:
Tomasz Papszun wrote:
On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote:
--- SCAN SUMMARY ---
Known viruses: 41374
^
You've got some superfluous database files.
There are only 20718 signatures
/ClamAV/bin/freshclam -d --checks=2 --quiet -l
/internet/ClamAV/log/freshclam.log
What am I doing wrong ?
Maybe you have also a cronjob which executes freshclam?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
/clamav_db
ERROR: Database initialization error.
There is an empty directory /var/clamav_db. Where should the
database be and how do I get it in there?
Database files should be in the directory configured with DataDirectory
directive.
One must run freshclam after installing ClamAV.
--
Tomasz
with database (just in case).
$ ls -ld /var/lib/clamav
drwxr-xr-x4 clamav clamav 4096 Feb 13 02:44 /var/lib/clamav/
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http
the sigs to
you guys.
You are welcome. But please submit also original samples.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Tue, 10 Feb 2004 at 13:28:14 -0500, Rob Mangiafico wrote:
On Tue, 10 Feb 2004, Tomasz Papszun wrote:
I admit that I'm quite focused on Postfix + Amavisd-new + ClamAV
solution (I don't know details of milter and so on) so maybe I'm missing
something... But what do you mean by I use clamd
in the moment.
We apologise for the delay! :-( .
As a quick, temporary fix, you can use the attached file, containing the
signature prepared by one of developers - Christoph Cordes. Just place
it in your database directory and reload clamd.
Once again: sorry!
--
Tomasz Papszun SysAdm @ TP S.A
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
SF.Net is sponsored by: Speed Start Your Linux
samples. Not mentioning our private life suffering from lack of time.
I see that at least some people read out announcements ;-) .
Thanks for warm word. We appreciate your appreciation :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
(200.68.106.40)
I looked in the clam-update.log, and this is what the entry there says:
[...]
Did I set something up wrong?
No. Simply that mirror has some problem.
I believe that freshclam succeeds with a next mirror in turn.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
heavily and messages are no longer in a email format.
Obviously, ClamAV can't detect an infection in them.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus
? Maybe you use clamav-milter, but
you just didn't mention it...
I think that one can't help you not knowing more details of your setup.
In case you use clamav-milter:
it's being very actively developed by Nigel and I believe that the
current version is far more powerful than 0.65.
--
Tomasz
can
download .cvd file with wget, lynx or whatever browser you like.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
:35:40 +0100
After I removed first 4 lines:
$ clamscan --mbox 40820.msg
40820.msg: Worm.SCO.A FOUND
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus
anymore, as it is no longer
quoted-printable encoded...
Is there a solution to this problem ?
The solution is probably a correcting the signature by us ;-) .
Thank you for pointing this out!
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
. But as sigtool grants the http
download of cvd files, might we focus on the download routines ?
Sure, I mentioned 'md5sum' in case sigtool would give strange result.
Let's see if Tomasz Kojm has any idea. I haven't any left at the moment.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
: make sure what is the correct syntax of
this option. I don't know about the newest CVS version, but yet 2 days
ago a space between -l and the path wasn't permitted:
--list-sigs[=FILE] -l[FILE]List signature names
^^
--
Tomasz Papszun SysAdm @ TP S.A
and check
the rest of them.
You are welcome to crash-test Clamav and report the result here :-).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
Thank you
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
; start'.
I haven't tried SIGHUP.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
The SF.Net
of using clamav so I can't say for
sure... but no, it doesn't allow viruses to pass. In the worst case MTA
just queues messages for a while, when clamd isn't up.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
On Tue, 03 Feb 2004 at 13:28:07 +0100, Kritof Petr wrote:
Tomasz Papszun wrote:
It may be true, unfortunately.
I'd like to stress that, though logrotate and clamd cooperate for me, it
may be the effect of restarting clamd, not SIGHUPping it:
postrotate
/etc/init.d/clamav-daemon
variable is set) before starting clamd.
After starting it, you can set it back, of course.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
.
Option UseProcessess is enabled.
My config files are below.
Petr
clamav.conf-
[...]
UseProcessess
[...]
I don't know if this is the reason, but this has a typo error.
It should read UseProcesses, not UseProcessess (doubled s).
--
Tomasz Papszun
to this, the logfile is still open and new entries can be written to
it. Then on reload or restart, the handle (file descriptor?) is released
and the new logfile is created. Not earlier!
I don't know if it makes any difference for clamd, though.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
On Mon, 02 Feb 2004 at 7:43:28 -0600, Daniel J McDonald wrote:
On Mon, 2004-02-02 at 07:27, Tomasz Papszun wrote:
On Mon, 02 Feb 2004 at 14:03:55 +0100, Kritof Petr wrote:
Tomasz Kojm wrote:
The current logfile is _moved_ to other filename, not removed (deleted).
Initially, yes
On Mon, 02 Feb 2004 at 14:53:10 +0100, Daniel Wiberg wrote:
On Mon, Feb 02, 2004 at 02:27:18PM +0100, Tomasz Papszun wrote:
I didn't look at the sources but I've always thought that log rotating
is done different way.
The current logfile is _moved_ to other filename, not removed (deleted
clamd is running as, has to have read access to scanned
files.
As an example put some world-readable file in a world-readable
directory and you'll see that clamdscan works.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones
set ScanMail in clamav.conf?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
The SF.Net
refusals of accepting an email message, not sendings
some messages to some email addresses.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
can use clamscan instead.
Or run clamd as root (not recommended). Note that then all files will be
accessible for scanning for every user which isn't a good idea.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
some clue's in implementing such feature using
amavis-ng
Maybe there is some mailing list of amavis-ng users?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL
.
I suspect that your proxy (or settings concerning it) is the culprit.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
viruses)
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
The SF.Net email is sponsored
with clamav-milter
-Troy
Well, false positives happen. But we must have a sample.
P.S.
Please don't use existing thread when you start a new topic.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED
-if-empty, -r
If the standard input does not contain any nonĀ
blanks, do not run the command. Normally, the comĀ
mand is run once even if there is no input.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
still have its signature in your database. I can't
invent why you could not have it after you had it, but...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus
a decryption routine in
; order to contend with Mimail.q successfully.
Our signature of Worm.Mimail.Q _is_ a polymorphic one. Of course it
may happen that it's not optimal. If there are samples not detected by
Clamav, we'll see.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's
|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|gibe'i,
qr'exploit\.iframe\.gen|bics|bagle|worm.sco'i,
);
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl
Jan 20 00:11:02 gateway clamd[19226]: Reading databases from
/var/lib/clamav
[...]
Maybe you have set also LogFile to the same file?...
Though I can be wrong - I haven't tried them both together.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
not exceed about 75 chars.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
The SF.Net email
..
Do you mean the smallest size that a virus can be?
There are viruses which are only 25 B (yes: twenty five bytes!).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net
On Thu, 15 Jan 2004 at 10:55:41 -0800, Robin Lynn Frank wrote:
On Thursday 15 January 2004 09:33, Tomasz Papszun wrote:
On Thu, 15 Jan 2004 at 9:08:11 -0800, Robin Lynn Frank wrote:
No this is not spam. My question is does anyone know the smallest size
for virus/trojan/worm payload
,
if you really want, you can disable this check in amavisd.conf. But
your protection will be weaker.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus
-2003 14:3071k
[ ] viruses.md5 02-Dec-2003 15:40 1k
[ ] viruses2.md508-Dec-2003 14:30 1k
P. S.
Please remove unneeded fragments of previous messages when quoting.
Especially commercial footers and mailing list footers!
--
Tomasz Papszun SysAdm @ TP S.A
or similar (check in syslog.conf where
mail facility is logged).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
maybe the quoted message is a virus message after removing binary
attachment.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Mon, 12 Jan 2004 at 13:20:45 -0500, jef moskot wrote:
On Mon, 12 Jan 2004, Tomasz Papszun wrote:
Added are viruses which users submitted to us :-) . Or found by us.
Well, yes, obviously, but could you maybe take a recent representative
update and give us an idea of what the added
or subjectively (for
Clamav team) recent? :-).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
this :-). This is a process, not
a one-time event.
catching up with a bunch of old and relatively rare viruses.
I'm not making a judgement about what should be done, I'm just curious as
to what is actually happening.
The newest, spreading viruses should be (and are) added qucker.
--
Tomasz
201 - 300 of 360 matches
Mail list logo