that would explain why not enough organizations do AV
content filtering of web traffic: their IT groups got lynched when they
tried to implement it ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F
screaming
(PS: yes the AVs all took 2minutes to download and process the same file
- but the *perception* of performance is the key attribute I want to see)
Jason
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E
://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us
-download it instead of feeding out of cache. If the file
ends up with a newer date, then that confirms there's a proxy in between
(and as a side effect should have replaced the stale cached entry - so
freshclam will be happy again - at least for a short while)
--
Cheers
Jason Haar
Corporate Information
greater than Y bytes in size. Either of those options would work for
this bitcoin lark too
Don't forget, a virus is just a file until you execute it - only then is
it really a virus
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP
simply monitoring this list - probably by scraping one
of the thousand-odd web mailing-list archives
These days, the only safe email address is the non-existent one that
is also never used ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP
checksums against (say) virustotal.com in an automated
fashion so that only files marked as malware by another product end up
in the final human-facing queue?
I'm sure ClamAV staff would like a too large corpus of malware than
too little?
--
Cheers
Jason Haar
Information Security Manager, Trimble
in automating up sample submission of stuff we
missed like Jason is suggesting, please feel free to contact me
offlist and I'll provide automated ways for sending us samples.
Cheers,
-matt
On Wed, May 30, 2012 at 7:29 PM, Jason Haar jason_h...@trimble.com wrote:
On 30/05/12 23:17, G.W. Haywood wrote
to see the 32bit limit on a 64bit
system)
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive
in case it crashes.
What about upstart? Both Ubuntu (Debian?) and Redhat are moving away
from SysVinit to upstart, and it fully supports a daemontools-like
interface for permanently monitoring the state of a service process
I think safe_clamd may not be needed...
--
Cheers
Jason Haar
Information
?!?!?!? Huh!?!??
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive ClamAV guide: visit
On 05/14/2010 02:52 PM, Dennis Peterson wrote:
On 5/13/10 7:10 PM, Jason Haar wrote:
Why is Sourcefire allowing a third-party to use their brandname (and
linking to their site) when it doesn't use ClamAV code itself? It
supports other AV vendor products, but not the product it gets its name
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http
apply to AV software - but they won't
make an exception of it.
Hence the need for a third-party - like DAG - who do keep it up to date
(but fiddles with defaults - which we don't like - sigh!)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64
time reporting of an automated process, isn't Twitter and co just
RSS done badly?
(I'm getting old and don't understand why everyone throws out perfectly
good old technology for the Latest Thing ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377
there is always a bottleneck in any
process, it's only a matter of deciding whether it matters or not).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
have determined that the file is not malware.
I'd suggest doing what virustotal does - refer to previously uploaded
files by their md5/sha1 checksums. They are independent of filename and
much easier to check against programmatically.
--
Cheers
Jason Haar
Information Security Manager, Trimble
was just concerned that this thread of conversation was not
about ClamAV and we were beginning to annoy other people :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D
on the same
box) as parent proxies. End result: all the creamy goodness of Squid
plus the sanitized delightedness of clean webpages (well, mostly ;-)
See http://www.server-side.de/
Jason
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64
John Horne wrote:
On Wed, 2009-02-11 at 09:17 +1300, Jason Haar wrote:
We use the open source HAVP proxy. It supports clamav, sophie, trophie,
and several other commercial AV products and works very well. We still
use it in conjunction with Squid, as it is a pure AV proxy and doesn't
have
think they do. You've got to really carefully read the
documentation to see the limitations.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
of this: there is a havp list for those interested. There's
nothing clamav-specific about all this.
Jason
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
does squid + clamd mean?
How many users? The hardware you mention would be brilliant for a
10-user network with a 1Mbs link, but would be atrocious for a
million-user network. I'd guess you are somewhere in between - but you
don't say.
--
Cheers
Jason Haar
Information Security Manager, Trimble
doing
that ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive ClamAV guide
still stands: it's just adds load with no up-side.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build
forum to discuss HAVP issues - join
their mailing-list and ask there. You'll get more answers! :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
/
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive ClamAV guide: visit
://www.server-side.de/) - it
works well for us :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build
, so far this week the
following percentages are seen (for our mail servers) as being
responsible for malware/spam
84% Windows
13% Linux
3% the rest
So Linux systems can send viruses and spam - but these will be 0wned Web
servers - not workstations...
--
Cheers
Jason Haar
Information
...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive ClamAV guide: visit http
Tarak Ranjan wrote:
Hi List,
Has anyone done the integration of ClamAV in Squid web proxy
Yes - use HAVP! It's brilliant :-)
http://www.server-side.de/
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP
Dennis Peterson wrote:
So does this have to be rebuilt each time ClamAV has an upgrade?
Well - have a look and find out for yourself. It supports both linking
against libclamav and merely calling clamd like clamdscan does. So yes
and no are the answer.
--
Cheers
Jason Haar
Information
-v ^USER|awk '{print $5 $0}'|sort -n
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build
time and forget?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Help us build a comprehensive ClamAV guide
would be some Web-based change control
system so new sigs can be created, tested and then signed off on before
going live - and let 10,000 people be able to create sigs, 200 test, and
30 signoff on...]
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635
Since clamAV does such a great job at catching phishing attacks, I was
wondering if the sig-writers would want to help out this project by
reporting any URLs they find in phishy email?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3
René Berber wrote:
Another thing I would do different is not use Eicar as a test, just
use the
whole clamav-0.88.4.tar.gz file and all the test files should trigger
what you
want to see.
You can just see the success of this biting you where it hurts. You get
it working, and the next time a
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http://lurker.clamav.net/list/clamav-users.html
block it - even though it really contained no ACTIVE virus (if you want
to put it that way).
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
that could ever add up to
the 1330 seconds you are seeing)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http
of
those 1300 seconds is actually how long it took the message to be
written to the queue - which indicates a slow network - not a software
problem. The new release of Qmail-Scanner specifically separates out
that time now - for this very reason.
--
Cheers
Jason Haar
Information Security Manager
Elvis Altherr wrote:
my $clamscan_binary='/usr/local/bin/clamscan';
clamscan?!?!?!?
Why, why, why.
And why.
[hint: I'm commenting about you using clamscan]
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP
a virus...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http://lurker.clamav.net/list/clamav-users.html
- they do good work.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http://lurker.clamav.net/list/clamav
other AV
products while applying such harsh rules to your ClamAV proposal...
Of course, I'd be quite willing to set up a permanent site that you can
have HTTPS pattern access to for a really big fee!! ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635
just blind? (the latter
is quite possible ;-)
See http://cme.mitre.org/
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
if
it was?
Is there a process by which people can volunteer? I think more skills
than need to know how to run md5sum will be required ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F
it
within either the uuencoded attachment, or the raw email itself.
clamscan --verbose --debug file.eml shows it loading the homemade
signature, but shows no reference to uudecoding.
I have just uploaded it via the submission form.
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble
Oh! I missed my actual question! :-)
Is this expected behavior. i.e. a limitation with making your own simple
MD5-based sigs.
Jason Haar wrote:
Hi there
The new W32/Nyxem-D virus seems to escape clamav fairly well.
It comes in as a .HQX or .MIM attachment - which is base64 encoded
that are
currently detecting Sober.U - there are already some variants that even
it can't catch.
Looks like the prats are having a let's release 100 different variants
today party :-(
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
Tomasz Papszun wrote:
ACK.
...not to be confused with Ack! ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
(or at least some largish data window). How they do that inline and
manage to drop the session (i.e. killing the virus download) is a bit
beyond me - I guess they rely on a RSET on the last packet being enough
to cause the entire transfer to fail?
--
Cheers
Jason Haar
Information Security
is important
as our email AV system doesn't notify the sender if a virus is detected,
so I'm concerned that someone valid sending in a corrupt executable will
just have their email blackhole...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3
!)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http://lurker.clamav.net/list/clamav-users.html
FYI
Apparently ClamAV failed to detect the virus in
http://www.geocities.com/visitbipin/test_nav.zip
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
://www.securityfocus.com/archive/1
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http://lurker.clamav.net/list/clamav
to POP or IMAP mail directly
from end-Internet mail servers onto your LAN, how do you know that's not
where these infected e-mails are coming from? Webmail like Hotmail is
also another source.
Just some ideas...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3
Just thought someone should know. I'd like to see that up and running -
Thunderbird has GREAT rss support ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
use an Open
Source Content Filter like Qmail-Scanner or Amavis, then you can change
the code.
ClamAV's ability to block Phishing attacks makes it EXTREMELY attractive
IMHO.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP
to notify the sender - AS THEY DIDN'T SEND IT :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http
are listed below.
What is a value of softlimit?
More to the point - why are you using clamscan instead of clamdscan?
There is no good reason I'm aware of to EVER use clamscan over clamdscan
on a mail server.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64
, clamscan uses internal unzip routines, and
with it clamscan calls /usr/bin/unzip?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
file
attachments?) - so AT BEST you might save 1-2% system resources.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
:-) - so it's not a simple issue of ignoring /net or anything.
Can this be done without resorting to some find pre-processor? (i.e.
use find -nofollow to get a list of local dirs to scan).
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax
a virus when it's
unpacked (so it must be some random byte-string match that is triggered
by the CAB file and not by the content) - so cannot make them any
smaller to submit.
Any ideas how else these files can be submitted?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble
I have a 4.5Mb Setup executable that clamav thinks is Trojan.Zappa
It was on a users workstation (who runs up-to-date Sophos), is dated Jan
2003, and Sophos, Trend, Panda and BitDefender all don't detect any
problem with it - so I think it's a False Positive.
I've tried uploading it via
[EMAIL PROTECTED] wrote:
Peter J. Holzer wrote:
Otherwise, if it is HTML, filter it through w3m, lynx, or some other
html to text converter.
This is the dangerous part. If there's going to be any way for a malignant
HTML email to overflow a buffer, it's here.
Well it's always about
to detect spyware - i.e they want us
the consumers to pay TWICE to gain full protection.
I think it's a crock - and I'm glad to see the ClamAV developers do too.
Viruses/trojans/phishing/spyware - it's all rubbish I would rather was
not in my end-users mailboxes.
--
Cheers
Jason Haar
Information
[EMAIL PROTECTED] wrote:
Doesn't that idea forces you to have everyone's password to connect
via the IMAP server?
That would tear it.
Exchange does allow you to declare administrative accounts with complete access to all mailboxes. But I don't know enough about IMAP to know if you can log in
Tim Howell wrote:
How do you grant an account full access to all mailboxes?
--TWH
one at a time
Obviously there will be some tool you can get/buy that will allow you to
automate it, but via the Great GUI - one at a time... :-(
Jason
___
Joe Maimon wrote:
Since when was this decided to be a good idea? Suppose I am running
clamd under ulimit to control its memory usage. I dont want it to die
on out of memory issues caused by scan jobs, making it unavailable for
possible jobs that wont cause OOM and terminating all other scanning
is spelt out well enough if people are going
around making RPMs like that :-/
BTW: the RPM in question is clamd-0.80-1.1.fc2.dag - part of
http://apt.sw.be/fedora/
[I don't use it myself - just suffered the fallout...]
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd
simply run
it from cron (say) every 5 minutes to check the status of your AV daemons.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
of clamdscan if its actually clamscan - that is
really too gross to allow to continue.
I hope someone has contacted the author...? He can't fix what he doesn't
know is a problem...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
be on purpose:
note that some commercial AVs appear to want to differentiate between
anti-virus and anti-spyware - as if some how the latter was different...)
...i.e. when I put the commercial one in front of ClamAV - 99% are caught
by the commercial one...
--
Cheers
Jason Haar
Information
reports access
denied - no following OK...
Keep up the good work guys - ClamAV is superb!!!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
On Fri, Oct 15, 2004 at 02:06:54AM +0200, Tomasz Kojm wrote:
On Fri, 15 Oct 2004 12:03:51 +1300
Jason Haar [EMAIL PROTECTED] wrote:
I've got a message being unable to be delivered via Qmail-Scanner
because clamdscan is reporting Bad format or broken data ERROR when
processing the message
format or broken data ERROR
partial-1.eml: OK
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.002 sec (0 m 0 s)
bash$ echo $?
2
Jason
On Mon, Oct 18, 2004 at 10:21:03AM +1300, Jason Haar wrote:
On Fri, Oct 15, 2004 at 02:06:54AM +0200, Tomasz Kojm wrote:
On Fri, 15 Oct 2004 12
by the exit status. i.e. zero means OK, one means
virus, and anything else means something went wrong.
clamdscan is saying something went wrong whereas clamscan says it's
all OK...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP
.
Thanks for that - and sorry for the screw-up :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
http
should trigger an error.
Shouldn't clamdscan match what clamscan produces?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
running softlimits would almost invariably also be calling clamd
under a supervise script, so if clamd died, it would be auto-restarted.
That's the condition we are trying to achieve]
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635
different Linux
systems as far as libraries/etc go.
I hope someone else can help out - there is a problem that needs solving
there.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422
I checked by hand).
ClamAV rulz. :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
---
This SF.Net email
- which I would actually prefer)
To blame users for such an action is a bit extreme...
Not everyone is a Linux user or a Windows programmer/designer - like we are
;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint
- and that'w why I want to use softlimit to stop that happening.
...and yet I can't :-(
Can clamd be made to exit on memory errors? That way daemontools can just
start it from scratch again
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax
Negative (for the commercial AVs), or just too new. A timestamp would
help clear away one of the options there
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D
! Now just pony up the $100K needed for the first week of lawyer
fees...
This is one of the fundamental disadvantages Open Source developers have
against large companies: they don't have the financial clout to fight legal
battles - even if they ar cut and dry...
--
Cheers
Jason Haar
Information
to the daily.RAW file, plus downloading the new (tiny) digital
signature of that file?
Just a thought
-
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-
again - not a normal situation for an AV server.
DNS for serial numbers plus HTTP for actual data transfer still sounds best
to me... All outgoing connections only, all well established (nothing exotic)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3
that.
That falls into the must have really good business case - can we put you in
a standalone DMZ? case for most largish companies.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422
enforce it.
Just my 2c worth
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
---
SF.Net email is sponsored
that file checksum later, it doesn't have
to scan it again. Obviously there would have to be timeouts/etc, but it's a
good idea. Sophos does it on their Windows workstation AV too...
Just food for thought.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635
using a window of
some description - to keep resource requirements down?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
/spamd server? Why
do you think that'll be less load than just using NFS? NFS over UDP
should be faster than short-lived TCP-based connections (they're the
worst kind)
You may be correct - I just don't think you should throw NFS out as
quickly as that.
--
Cheers
Jason Haar
Information Security
to figure this stuff out
automatically. RPM builds, etc can/do move the directories involved all
over the place - making automagic calls difficult.
Jason Haar
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from
?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
---
This SF.Net email is sponsored by: Oracle 10g
Get certified
is responsible for the
virus.
i.e. we alert on locally-generated viruses, but just ignore (for alerts)
Internet-generated viruses.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063
-worshippers, because if you went:
grep satan /proc/kcore
you got a match! Got quite a few bites too as I recall :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D
1 - 100 of 108 matches
Mail list logo
