it on
loaded servers.
Default: disabled
I can think of any number of reasons why this is a bad idea,
Me too.
if it is going to follow links, wouldn't it make sense to follow them
correctly?
Yes, it would. The relevant code is in ./libclamav/mbox.c, for the record.
--
Matthew.van.Eerde
of Evil, where Charlton
Heston's character says:
A policeman's job is only easy in a police state.
http://www.imdb.com/title/tt0052311/quotes
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
occasionally tempted to run ClamAV on the quarantine directory prior to
archiving, just to make sure that I'm only archiving things that could be
useful. But I haven't gone that far yet.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
, though. Then the
necessary notification could be picked up by the sending server, which
presumably knows more about who should receive the notification than does the
receiving server.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
Steven Stern wrote:
If I change ownership of clamd.log to clamav:clamav, clamav-milter is
happy until the logs roll on monday morning.
What am I missing?
Configure your log rotation utility to chown the files to clamav:clamav.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554
Robert Isaac wrote:
The libclamav.so.1 files are 777
Danger, Will Robinson!
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav
Matthew van Eerde wrote:
Robert Isaac wrote:
The libclamav.so.1 files are 777
Danger, Will Robinson!
Hmmm, so are mine...
Ah, I see, libclamav.so.1 is a symbolic link to libclamav.so.1.0.17
___
http://lurker.clamav.net/list/clamav-users.html
?
You'll have to ask the package maintainer about that one.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
better to
have a known limit with known consequences (REJECT) than an unknown limit with
unknown consequences (server crash)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
on the MTAs and high-powered MUAs. But
there should still be a line (probably measured in GB, for such a shop)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http
Ed Stover wrote:
What tcp ports does freshclam use to update the virus database?
DNS/UDP (53/udp) and HTTP/TCP (80/tcp)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
for a particular
message content and added to the virus signature database.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav
when qmail-scanner is invoked.
But surely clam*d*scan doesn't use a database at all. Your problem may be
cosmetic.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
MIMEDefang.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
pointed out, in the US, half /past/ four is 4:30.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
.
Some of the things that match *clam* are part of logwatch. Try reinstalling
logwatch.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list
if, instead of reporting
to the envelope-sender, they did a WHOIS lookup on the sending IP and emailed
the virus notification to the responsible party for the narrowest containing
subnet.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
Yes, please wikify it for posterity...
http://wiki.clamav.net/
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
Chuck Swiger wrote:
I require my users to zip or tarball attachments before they send them.
Heh. I quarantine incoming zip attachments. :)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
://wiki.clamav.net/
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
yours. :)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
the email
So I don't ever get any kind of Status header except for
X-Virus-Status: Clean
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http
that it's really a .zip file.
As a workaround, ask the customer to rename the file to have an extension
.zip-remove
and see if that gets through.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
. That
starts another instance of clamd with the unrecognized argument QUIT.
The socket commands (QUIT) are not command-line arguments. You have to echo
them to the socket. Try sending clamd a kill signal instead.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic
Matthew.van.Eerde wrote:
The Disc Shop wrote:
[EMAIL PROTECTED] wrote:
clamdscan --config-file=/usr/local/etc/clamd.conf abc
Hmm... why is there a --config-file switch for clamdscan? I see it's in the
man page... does it really work for all options?
--
Matthew.van.Eerde (at) hbinc.com
is detecting the virus, but clamdscan is not? Please confirm.
When was the last time you restarted clamd? Perhaps it's not reloading the
virus database whenever freshclam downloads a new update. Can you post your
freshclam config as well (without blank lines and comments)
--
Matthew.van.Eerde
Kill all your freshclam and clamd processes. Put your .pid and socket files in
a place that clamd can write. clamd starts as root, but if it needs to SIGHUP,
it needs to recreate the .pid files and reinitialize the socket as clamd.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554
accept a
--database=/var/db/clamav command-line option.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
really, REALLY don't want to click on whatever that is. Want to
provide some more detail?
It's Secunia's top-ranking vulnerability at the moment:
http://secunia.com/advisories/15546/
http://secunia.com/
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc
-mitler (I've never used
the milter, so I'm not sure what's necessary) and see if that does
it.
I've already tried a couple of restarts to no avail.
What are your clamd and clamav-milter options?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
nocompress
create 640 clamav defang
postrotate
/bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2 /dev/null`
2 /dev/null || true
endscript
}
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
Brian C. Hill wrote: wrote:
But that must be on a Linux system (I am assuming because
you are running logrotate).
Yup -- Slackware
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
/root/aaa
/root/aaa: Oversized.Zip FOUND
clamscan doesn't look at clamd.conf IIRC. clamd does. clamdscan relies on
clamd... do you have clamd running?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
for no and see what options you get.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
-milter
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
Matthew.van.Eerde wrote:
John Belamaric wrote:
Try grepping for no and see what options you get.
Hi Matthew,
Unfortunately that didn't do it:
Maybe it's not in the .conf file, but is instead being passed as a
command-line argument.
Check these files:
/etc/rc.d/init.d/clamav
Joanna Roman wrote:
What is the time zone of the timestamps in main.cvd
and daily.cvd ?
I believe timestamps are stored internally in seconds-since-the-epoch. So
whatever your ls -l command says in your time zone, that's the correct time.
--
Matthew.van.Eerde (at) hbinc.com
and forwarding... Outlook QuoteFix, for example
http://home.in.tum.de/~jain/software/outlook-quotefix/
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net
mails or wahetever)
to postmaster or my linux user everytime it detects a virus in a mail
man clamav-milter
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http
:%{_localstatedir}/clamav/clmilter.socket
Note that the -b is short for --bounce.
Missed that one. So he has both --bounce and --noreject??? LOL
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
system,
--quiet wins.
So the net effect seems to be that this config should silently absorb viruses -
accept, destroy, don't deliver.
Or did I miss something else?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software
Don Levey wrote:
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.86.2 Recommended version: 0.87
So why am I being told that this is outdated? Any ideas?
Have you killed the running clam processes since you upgraded?
--
Matthew.van.Eerde
use the
MIMEDefang thread somewhere else (like running a SpamAssassin check, for
example.)
I occasionally consider writing a Mail::SpamAssassin::Client module to lighten
up the MIMEDefang threads, too... just run a few spamd threads and have the
MIMEDefang threads share...
--
Matthew.van.Eerde
should
### read the documentation and tweak it as you wish.
...
--noreject
...
he has it set to absorb viruses (don't reject, don't deliver, don't bounce)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
incoming mail they scan. Maybe that would be useful... you might install
one of these archive milters, making sure it appears before clamav-milter in
the list of milters... then when a thread goes haywire, check the last few
emails in the archive for fishyness.
--
Matthew.van.Eerde
a fresh install or an upgrade or an uninstall/install? Are you
using precisely this release?
http://sourceforge.net/project/showfiles.php?group_id=86638release_id=356974
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software
, I
may need to downgrade back to 0.86.
Have you tried running clamd and using --external on clamav-milter?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http
using --external?
How does clamav-milter know when new virus definitions are available? I assume
freshclam doesn't notify clamav-milter threads.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
important. How/when does clamav-milter find out about virus definition updates?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav
action_discard to action_bounce for suspicious characters. That at least takes
care of false positives. YMMV.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http
as suspicious.
Bingo...
Fortunately, MIMEDefang allows multiple virus scanners.
Fortunately, MIMEDefang logs virus detections.
Unfortunately, MIMEDefang doesn't include which scanner caught the virus.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc
for your load as disk I/O is a real
bottleneck.
Are you doing synchronous syslogging? Try asynchronous (just add a - in the
right place in syslog.conf)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
]; then
echo Starting clamav-milter: /usr/local/sbin/clamav-milter -eCfq /var/run/c
lamav/milter.sock
/usr/local/sbin/clamav-milter -eCfq /var/run/clamav/milter.sock
# give it time to start up and let the socket create itself
sleep 2
fi
}
Note -e is --external
--
Matthew.van.Eerde
, and I like clamav-milter to
use the pre-existing pool rather than forming its own.
clamav-milter uses /etc/clamd.conf to a certain extent, but has many other
options that can only be specified at the command line. man clamav-milter for
the gory details.
--
Matthew.van.Eerde (at) hbinc.com
.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
Thomas Cameron wrote:
2005-08-27 smX-0.0.Beta0.0 has been released. Do you have a plans
on adaptation clamav-milter for smX ?
What is Sendmail X? Enquiring minds want to know!
http://www.sendmail.org/sm-X/
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic
viruses by default. If there is an option to turn
this on, fine, but this is pushing the envelope a bit too far for me.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift
- ?
1 - ?
1 - ?
Your sig doesn't seem to match the published doc format.
What does sigtool -i ./local/empty.zmd say?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi
q# wrote:
Wrong signature format: zmd != ndb
Alright - where's the documentation of the zmd database format?
Does sigtool --list-sigs | grep Zip.Empty have any output? That should at
least verify whether the sig is being loaded.
--
Matthew.van.Eerde (at) hbinc.com
.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lurker.clamav.net/list/clamav-users.html
(without the -d.) Do not run
freshclamd -d through cron or you'll be running multiple daemons and eventually
bring your machine to its knees.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k
some of these have obvious purposed (graphing or log
file processing), are there any of these necessary for me to get up
and going in my environment?
No.
TIA for any pointers or URL's where I can RTFM.
www.mimedefang.com
www.spamassassin.org
www.clamav.net
--
Matthew.van.Eerde (at) hbinc.com
) Recognize the initial packet of the zip file
2) Accumulate all future packets of that stream
3) Put all the packets together to get the complete zip file
4) Decompress the zip file
5) Scan the decompressed contents
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic
is really committed to infecting
themselves, and astoundingly resourceful.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg
,
with malicious virus definitions. I'll let everyone imagine the worst-case
consequences of that.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga
this concern.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lurker.clamav.net/list/clamav
access database script
There's a version for Exchange 2000 and another for Exchange 5.5
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg
] and
Archive::Zip
[1] www.mimedefang.com
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lurker.clamav.net/list/clamav-users.html
-milter thread handling that caused
it to time out if it did the work itself. I was forced to start it with
--external which passes the work to running clamd daemons.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software
a problem at all. None of my machines is as high specs
as his.
Easy, cowboy. When he says that problems are confined to FreeBSD, that does
not imply that all FreeBSD installations will have problems.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc
analizing that big
email.
Mounting /tmp as a tmpfs file system can be a real performance lifesaver for a
busy clamd setup.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print
clamd.sock than it would be to connect to a
TCP socket.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg
accomplish all that is asked without having to potentially damage the
flow of mail across your machine.
Or just use clamscan --debug?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k
.rp wrote:
Is there a build anywhere that will run under NT4 ?
This is a good place to start looking:
http://www.clamav.net/binary.html#pagestart
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap
to agree on what to call each virus.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http
it is configured identically :-?)
I'm using both clamav-milter and MIMEDefang (which prints directly to
clamd.sock)
This behavior is new as of 0.85.1
What could I be doing wrong and how do I fix it?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc
NotifyClamd
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lurker.clamav.net/list/clamav
Matthew.van.Eerde wrote:
Damian Menscher wrote:
On Wed, 18 May 2005 [EMAIL PROTECTED] wrote:
LibClamAV Warning: Not reloading database until idle - waiting for 2
children
Could you tell us how you're running clamav-milter? Specifically,
I'd like to know if you're using --external
/usr
|| true
endscript
}
I use defang as a generic mail administration group, which is why that group
gets read access.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi
aspell thinks that is a word... and probably some
spammers do, rofl.
It IS a word...just not the one you wanted. swine spellchekers
On that note:
http://jobsearch.monster.com/jobsearch.asp?q=manger
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc
BIND: 9.3.1
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lurker.clamav.net/list/clamav
tell because I wasn't able to allocate memory
and I can't tell because...)
You could adopt a policy that yes, password-protected zip files can be assumed
to be viruses with the following clamd.conf option:
ArchiveBlockEncrypted
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
, it should
never be 2.
Matter of opinion. I wish ArchiveBlockEncrypted were the default. Guess it
depends on what you use ClamAV for.
I guess an additional ArchiveIgnoreEncrypted (return 0) option would make us
both happy.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic
the way sockets work.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lurker.clamav.net/list
] urban myths
[x] (company) will pay you $ for every person you forward this to
[x] cute puppies
[x] sob stories
...
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg
Nigel Horne wrote:
On Thursday 14 Apr 2005 01:12, [EMAIL PROTECTED] wrote:
You're correct, clamav-milter won't listen on a TCP port, only on a
local socket.
Wrong.
*removes foot from mouth* oops, sorry...
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic
machine?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
http://lurker.clamav.net/list/clamav
: [Clamav-users] New Virus?
Thread-Index: AcU2HfVJlXoUlYzJRuC2osx2VBm8CwABWsIg
Looks like you have reason to deploy security by obscurity.
FWIW recent versions of Outlook block user access to received attachments of
the form .exe .com .bat .pif .scr
Matthew.van.Eerde (at) hbinc.com
itself to detecting (and
rejecting) threats of the first kind by default. If an option is added to
detect and reject threats of the second kind, that can only be a good thing -
so long as it is an option.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc
from registering a domain like onlinebanking.example and
then sending out - perfectly legitimately - from [EMAIL PROTECTED]
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi
a feature request to me... can we have a user.cvd file (in
addition to main.cvd and daily.cvd)
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg
. You need not to sign the .db file.
I presume clamd needs to be HUP'd?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg
in spam scanning a file if it has
been identified as a virus.
Of the two processes (spam scanning and virus scanning), spam scanning is more
resource-intensive (at least the way I do it) - so I virus scan first, and
spam-scan second.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
with the idea of writing a SpamAssassin::Client module to emulate spamc, but
haven't done anything serious with it. I know someone else got a working
prototype together.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software
Dennis Peterson wrote:
Now if we can make people aware of the evils of out-of-office
auto-responders...
I know! Why isn't there an SMTP code for this?
- RCPT TO: [EMAIL PROTECTED]
- 2?0 OK, but he's out of the office right now
- RSET never mind then
Matthew.van.Eerde (at) hbinc.com
Tim Howell wrote:
Several of my users have received the virus classified by ClamAV as
Worm.Sober.K today...
How should I go about tracking this down?
Find a particular infected message and check the logs for errors or warnings
around the time the message went through
Matthew.van.Eerde
ahellary wrote:
i STILL cannont get either version .81 or .82 to detect any virus
Try 0.83?
its slackware
I've got 0.83 running OK on slackware... but I had to upgrade zlib... do you
get any make errors?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business
Keith Patton wrote:
ahellary wrote:
... on our qmail...
Look at http://www.mimedefang.org
But MIMEDefang is a sendmail-only milter...
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k
1 - 100 of 137 matches
Mail list logo
