Hi,
On Thu, 23 Jun 2005, Damian Menscher wrote:
Just FYI, the difference between 0.86 and 0.86.1 is a single character
in the source code.
Oh, I see.
free(a);
changed to
free(b);
so no big deal ;)
Greetings Daniel, just kidding
--
... yesterday I met the woman I couldn't drink pretty ...
Hello,
I had some time to play with my PoC it's now available at
http://sourceforge.net/projects/squidclam/
Comments, suggestions, patches, reviews... welcome.
Greetings Daniel
--
Those who desire to give up Freedom in order to gain Security,
will not have, nor do they deserve, either one.
Hello Kristof,
On Tue, Jan 18, 2005 at 07:18:45PM +0100, Kri??tof Petr wrote:
Im trying your squidclam, but it is not working.
bad
Hi Tomasz, Kristof,
On Wed, Jan 19, 2005 at 12:36:54AM +0100, Tomasz Kojm wrote:
On Wed, 19 Jan 2005 00:19:59 +0100
Daniel Lord [EMAIL PROTECTED] wrote:
I'll have a look at why clamlib doesn't detect you test file.
If I use clamscan it's found.
sorry blamed libclam too fast :\ it's
*
* | || *
* -+-++ *
*/
/*
* Copyright (C) 2005 Daniel Lord (d_lord At gmx DoT de
Hi Kevin,
On Fri, Sep 17, 2004 at 07:59:51AM +0100, Kevin Spicer wrote:
On Fri, 2004-09-17 at 03:02, Tomasz Kojm wrote:
Okay, well I've found an easier to understand source...
http://www.funducode.com/freec/Fileformats/format3/format3b.htm
and it seems that the particular exploit byte
On Fri, Sep 17, 2004 at 01:07:25PM +0200, Tomasz Kojm wrote:
On Fri, 17 Sep 2004 07:59:51 +0100
Kevin Spicer [EMAIL PROTECTED] wrote:
bytes a * will match?
Yes, there is (but only supported by the development versions). The
format is HEX1{limit}HEX2, and possible limits are:
exact:
Hi List,
On Fri, Sep 17, 2004 at 03:31:25PM +0200, Daniel Lord wrote:
those two are valid and (IMHO) catch the xploit in JFIF and EXIF but may also
produce false positives. Just test them.
Those signatures don't catch the poc xploit found at
http://www.gulftech.org/?node=downloads. But maybe
Hi Matt,
On Fri, Sep 17, 2004 at 03:43:34PM +0100, Matt wrote:
Daniel Lord wrote:
0xFFFE is the comment Marker in a JPEG. So it's not that bad to
detect. It ist followed by the length field. With is where the
Problem occures. So you have to detect the following sequence from
Hi Tomasz, hi List,
On Fri, Aug 27, 2004 at 12:48:30AM +0200, Tomasz Kojm wrote:
On Thu, 26 Aug 2004 23:32:56 +0200
Daniel Lord [EMAIL PROTECTED] wrote:
just put something together to aid me in generating signatures
for my database. Perhaps someone likes it. Just use your favorit
hex
On Fri, Aug 27, 2004 at 02:12:59PM +0200, Tomasz Papszun wrote:
On Fri, 27 Aug 2004 at 13:21:33 +0200, Daniel Lord wrote:
[...]
Offset looked up by hand. And signature generated by siggen :)
Linux.god.rk.tgz.sshsignatur.lo
(Clam
/*
* Copyright (C) 2004 Daniel Lord*
* *
* This is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License
Hi,
On Tue, Jul 27, 2004 at 02:35:56PM -0700, zbuckholz wrote:
I just took your suggestion and tried it and it still does not detect the
virus. I have the original text email that I scan like follows:
./clamscan sample.txt
This is a copy of the atomic-time-stamp type file in the Maildir
man
13 matches
Mail list logo
