--- SCAN SUMMARY ---
Infected files: 0
Time: 0.008 sec (0 m 0 s)
real0m0.012s
user0m0.000s
sys 0m0.000s
Depending on which times one compares, one gets:
0.721/0.008 ~= 90 or:
0.726/0.012 ~= 60.
You can see the difference! ;-)
--
Tomasz Papszun SysAdm @ TP S.A. Lodz
: 131072 bytes
Time: 0.718 sec (0 m 0 s)
$ clamdscan Worm.Yaha.Y.msg
/tmp/Worm.Yaha.Y.msg: Worm.Yaha.Y FOUND
--- SCAN SUMMARY ---
Infected files: 1
Time: 0.026 sec (0 m 0 s)
As you can see, clamscan didn't find a virus in the mail message, but
clamdscan did!
--
Tomasz Papszun
available. Especially when a virus is new and other vendors don't detect
it.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
their systems :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.net email
have some special
structure? It can be a MTA job, not an AV scanner's one.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
impression is perfectly right :-) .
somehow, restricting who can post to the list and ensuring the Reply-To: header
I'm leaving it open for considering.
of posts is not set to the list address? Or have I misunderstood the purpose of
the clamav-virusdb list?
No, you didn't :-) .
--
Tomasz
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.net email is sponsored by: IBM Linux
if you run
'clamscan -r videos.zip'?...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Mon, 05 Jan 2004 at 13:32:31 -0300, René Bellora wrote:
Tomasz Papszun wrote:
A blind shot: does it make a difference if you run
'clamscan -r videos.zip'?...
it doesn't:
# clamscan -r videos.zip
videos.zip: OK
--- SCAN SUMMARY ---
Known viruses: 12013
And what
) for checking mirrors uses such
User-Agent string. I don't know if it was that, but it _may_ be a
reason.
P.S. I'm on the vacation so if you reply something, I won't read it
soon.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl
.
==
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Fri, 12 Dec 2003 at 11:31:32 +, Payal Rathod wrote:
On Fri, Dec 12, 2003 at 11:49:20AM +0100, Tomasz Papszun wrote:
On Fri, 12 Dec 2003 at 3:39:16 +, Payal Rathod wrote:
Well, I got the general idea. But I am not getting what difference will
it make to change,
#define
:-(( . We could register it for ClamAV.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
there is a small problem with clamscan because
Probably the same should regard to files violating
ArchiveMaxCompressionRatio.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http
On Fri, 28 Nov 2003 at 21:24:43 -0800, Chris Paul wrote:
On Fri, 28 Nov 2003 18:24:02 +0100
Tomasz Papszun [EMAIL PROTECTED] wrote:
I have also seen stopped .doc files compressed with ratio 236.
And .dbf files with ratio 1101. Also, .wav files with ratio 1182.
Users send quite
Clamav on its own.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.net email
, among others.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.net email
/alternative;
boundary=6A128_28.4_A8E6C.942
but the declared boundary string doesn't exist in the body of the
message. The file is included as usual uuencoded body (begin 644
Happy99.exe), not an attachment.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
On Thu, 13 Nov 2003 at 12:25:08 +0100, Mark wrote:
[snip]
Pozdrawiam,
Tomasz Kojm
Nothing personal but is it possible to speak/write ONLY english...
[...]
In case someone else isn't sure: that message was sent to the
mailing list in error, of course. We apologise.
--
Tomasz Papszun
polishing of 0.65.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.clamav.net/ A GPL virus scanner
---
This SF.Net email
...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does
On Wed, 05 Nov 2003 at 23:40:09 +0800, Lars Hansson wrote:
On Wed, 2003-11-05 at 18:59, Tomasz Papszun wrote:
Well, not exactly. We (the database developers) do _not_ give viruses
to anyone who would want them. It's just too dangerous contents.
Hmm..I thought he was talking about
is very old! Please upgrade.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does
the zip, what can I do ?
You can show us the exact result you get :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored
is infected,
period.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you
/c995944d53c70058/Achates.html: OK
/home/tomek/c995944d53c70058/register.reg: OK
/home/tomek/vir/Backdoor.Konik.06b.zip: Infected Archive FOUND
--- SCAN SUMMARY ---
Known viruses: 9902
Scanned directories: 1
Scanned files: 6
Infected files: 3
(all files and viruses are reported).
--
Tomasz
/sendvirus.cgi
so that database developers could prepare the signature and update the
database.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net
for Mandrake.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what
this feature?
It hardly looks like a report from ClamAV. ClamAV doesn't detect
HTML forms because forms aren't viruses.
Most probably you've got some other software that scans email, besides
ClamAV.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
match via the normal way
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi , clearly stating
that you think that it's not infected file and it gives false positive
about what virus. Give all details as above.
Thanks
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL
= new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|gibe'i,
qr'exploit\.iframe\.gen'i );
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl
to the socket name in this entry
Any ideas what I am doing wrong?
~gerard
But does /var/run/clamav/clamd exist?
If not, maybe clamd can't create the file (permission problem?).
Does clamd process exist?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source
, please type a little shorter lines.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: SF.net Giveback Program
was
removed from the database at 2003.10.07 21:19 GMT - and it was you who
submitted the report and the sample :-) . It was announced in a normal
message to clamav-virusdb :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones
= new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|gibe\.f'i,
);
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
in obviously infected file, then submit a sample, not earlier.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This sf.net email is sponsored by:ThinkGeek
be the reason.
See a thread started with this message:
From: Mike Silbersack
Subject: [Clamav-users] One reason Gibe.F isn't being detected
Message-ID: [EMAIL PROTECTED]
Date: Sat, 20 Sep 2003 00:25:59 -0500 (CDT)
Replacing metamail with uudeview helped the sender.
--
Tomasz Papszun SysAdm @ TP S.A
scanner should detect them.
If you've got any, please upload them at
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
:-)
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
. Is it the real mailbox
format? I mean: is the first line like here:
From [EMAIL PROTECTED] Fri Sep 5 19:36:25 2003
(without signs of course).
If you want, you can send me an example file (zipped, with password
virus) and I'll have a look at it.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz
. Usually clamd (not clamscan) as a
primary scanner. When a primary scanner (clamd or other) fails, it
uses any backup scanners available, like clamscan.
So in normal situation clamscan is not used, only in emergency
situation, which is good for performance.
--
Tomasz Papszun SysAdm @ TP S.A
technically precise, he could remove the new signature from
viruses.db2 file (the old one is still in viruses.db) for the time
being ;-) .
Regards
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
these ones in /etc/rc.d/) often contain
explicitly set PATH variable. Maybe the PATH in your /etc/rc.d/rc.local
does not contain the directory in which clamdscan is?...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones
don't want to start another war about this or that OS and
this or that MTA superiority :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net
On Mon, 25 Aug 2003 at 16:00:52 -0700, Jessica Ruble-English wrote:
On 8/25/2003 3:41 PM, Tomasz Papszun wrote:
On Mon, 25 Aug 2003 at 14:39:19 -0700, Jessica Ruble-English wrote:
clamav-milter[26563]: recv failed from clamd getting PORT
I've tried running clamav-milter
check it with clamscan? In the latter
case, a virus will not be detected in it obviously, due to described
reason.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
-dev.html
which contains the file usr/lib/libmilter/libsmutil.a
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: VM Ware
On Tue, 26 Aug 2003 at 8:24:41 -0700, [EMAIL PROTECTED] wrote:
Quoting Tomasz Papszun [EMAIL PROTECTED]:
About the sample you sent to me: this is a message in Maildir format,
not Mailbox. As it has been already written a couple of times here
lately, clamscan does not (yet) recognizes
though, anyway I think
it should be :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: VM Ware
With VMware you can run
the current
division of topics, would make even bigger mess then.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.net email is sponsored by: VM Ware
not to do top-posting. And remove previous marketing
signatures of Sourceforge from the message when replying.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
#204340 in which the example solution
is described:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=204340
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
normal.
Sorry if I'm asking obvious questions.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites
... and not with From nor
with Return-Path: ...
I'm attaching the patch for libclamav/scanners.c.
But Tomasz Kojm already knows the problem so he'll fix it in the near
future, I'm sure.
Also, new Debian package by Magnus Ekdahl is uploaded (0.60-6).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
this clause in my .procmailrc:
:0HB
* ! ? clamit
clamav/
[...]
-Bennett
[ End of quoting Bennett Todd ]
---
HIH
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
On Thu, 14 Aug 2003 at 16:12:39 +0200, Tomasz Papszun wrote:
On Thu, 14 Aug 2003 at 15:45:28 +0200, [EMAIL PROTECTED] wrote:
Hi,
are there anyone who are able to check signature in a windows-exe-file.
ClamAV reject mails because finding W95/Elkern, CAI, trend-micro don't
find anything
this .exe to me (zipped with password virus). I'll check
it with other scanners.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
---
This SF.Net email sponsored
On Mon, 11 Aug 2003 at 12:32:26 -0700, TwinsPop wrote:
On Mon, Aug 11, 2003 at 10:55:54AM +0200, Tomasz Papszun wrote:
With --mbox option clamscan does handle attachments. At least it
Hrmf. Not here.
mail:~/Maildir/cur (106) % cat 1057682150.37472_57:2,S | clamscan --mbox -
LibClamAV
On Tue, 12 Aug 2003 at 14:11:11 +0200, Tomasz Papszun wrote:
I'm attaching the patch for libclamav/scanners.c.
Of course, I forgot to add the attachment :-( .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
be examined later.
And update the Clamav packages when there's a new version, as Clamav is
being actively developed and corrected :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros
301 - 360 of 360 matches
Mail list logo
