I just started using ClamAV and it is performing great so far. :)
As I prefer to call ClamAV from procmail (actually, I used YAVR before,
a procmail only based virus signature scanner) my current setup is
procmail / clamassassin / clamdscan.
Rather than dumping all Virii to a single
On a related note: I am using clamassassin [1], but shortly after I
installed it the website and mailing list seems to be down. Does anyone
know anything about it?
FYI only, up and working again.
...guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for
Hi all,
i have a small question on the virus naming, if i run the following two lines
on Linux i get different result, any reason for this?
sigtool -l | wc -l
32207
sigtool -l | uniq | wc -l
31912
If i'm correct there are many viruses with duplicate names, or some virus with
multiple
On Sun, 10 Apr 2005, [iso-8859-2] Róth Tamás wrote:
sigtool -l | wc -l
32207
sigtool -l | uniq | wc -l
31912
Actually, it's worse than you think. Try piping through sort before
sending it through uniq, and you'll find another 400 duplicates (you
only saw 300, but there are actually 700).
On Sun, 10 Apr 2005 10:44:57 +0200
Róth Tamás [EMAIL PROTECTED] wrote:
Hi all,
i have a small question on the virus naming, if i run the following
two lines on Linux i get different result, any reason for this?
sigtool -l | wc -l
32207
sigtool -l | uniq | wc -l
31912
If i'm
Words by Damian Menscher [Sun, Apr 10, 2005 at 09:34:58AM -0500]:
On Sun, 10 Apr 2005, [iso-8859-2] Róth Tamás wrote:
sigtool -l | wc -l
32207
sigtool -l | uniq | wc -l
31912
Actually, it's worse than you think. Try piping through sort before
Worse? How come worse?
sending it
On Sun, 10 Apr 2005, Jose Celestino wrote:
Words by Damian Menscher [Sun, Apr 10, 2005 at 09:34:58AM -0500]:
Actually, it's worse than you think. Try piping through sort before
Worse? How come worse?
sending it through uniq, and you'll find another 400 duplicates (you
Damian Menscher said:
On Sun, 10 Apr 2005, Jose Celestino wrote:
Words by Damian Menscher [Sun, Apr 10, 2005 at 09:34:58AM -0500]:
Actually, it's worse than you think. Try piping through sort before
Worse? How come worse?
sending it through uniq, and you'll find another 400 duplicates
Depending on your tool set:
sigtool -l |sort |uniq -c |sort -rn |less will show you the details. I
think it's not a big deal - unique names are not necessarily needed. A
virus with 1000 variants means a lot of -xxx's and that makes for a pretty
messy report.
I'd sure hate to see the genus, phyla,
On Fri, 2004-12-17 at 13:20 -0700, Philip Ershler wrote:
Does your e-mail system have the means of using RTBL (Real Time Black List)
servers? If so you might want to try that. Our spam load decreased
remarkably after we implemented our RTBL.
What tests do you have for false positives with
On Sat, 18 Dec 2004, Nigel Horne wrote:
What tests do you have for false positives with RTBL?
The good lists allow you to manually de-list yourself in a few seconds, so
even if you take no other precautions, there should never be a case where
a user can't send legit mail (unless their machine is
Hello all,
Yep another newbie question.
We are currently looking at switching to Clamav from Symantec SMTP and
there is one feature that I really like from Symantec that I cannot find
in Clamav (at least I cannot find). This is the ability to identify
mass-mailing viruses based on the name of
Carnegie, Martin wrote:
Hello all,
Yep another newbie question.
We are currently looking at switching to Clamav from Symantec SMTP and
there is one feature that I really like from Symantec that I cannot find
in Clamav (at least I cannot find). This is the ability to identify
mass-mailing viruses
On Fri, 2004-12-17 at 10:56 -0700, Carnegie, Martin wrote:
Hello all,
Yep another newbie question.
We are currently looking at switching to Clamav from Symantec SMTP and
there is one feature that I really like from Symantec that I cannot find
in Clamav (at least I cannot find). This is
Carnegie, Martin wrote:
This is the ability to identify
mass-mailing viruses based on the name of the virus detected. For
example the W32.Beagle (or Bagle) from Symantec shows up as
[EMAIL PROTECTED] This means that can then drop any messages with the
@mm instead of just removing the attachment
Jim Maul wrote:
This is not really a function of the av scanner, but rather a function
of the program which is used to call the av scanner. clamav just says
YES or NO it is a virus or isnt. Just as an example, im using qmail
with qmail-scanner and clamav. qmail-scanner has the ability to
Jason Haar wrote:
Jim Maul wrote:
This is not really a function of the av scanner, but rather a function
of the program which is used to call the av scanner. clamav just says
YES or NO it is a virus or isnt. Just as an example, im using qmail
with qmail-scanner and clamav. qmail-scanner has
Pardon, I didnt mean to imply that clamav doesnt provide the name of
the
virus as well. The point i was trying to make was that clamav itself
doesnt know or care about what is actually done after the virus is
detected. That part is left up to something else (qmail-scanner in my
case).
On Fri, 17 Dec 2004 13:09:31 -0700
Carnegie, Martin [EMAIL PROTECTED] wrote:
Again thanks for the feedback. Looks like I can drop Symantec :)
It's always good to have two or more independent scanners.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\.
on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
Pardon, I didnt mean to imply that clamav doesnt provide the name of
the
virus as well. The point i was trying to make was that clamav itself
doesnt know or care about what is actually done after the virus is
detected.
on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
Does your e-mail system have the means of using RTBL (Real Time Black List)
servers? If so you might want to try that. Our spam load decreased
remarkably after we implemented our RTBL.
My 2 cents,
Phil
If you like
on 12/17/04 1:26 PM, Dennis Peterson at [EMAIL PROTECTED] wrote:
on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
Does your e-mail system have the means of using RTBL (Real Time Black List)
servers? If so you might want to try that. Our spam load decreased
remarkably
on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED]
wrote:
Does your e-mail system have the means of using RTBL (Real Time Black
List)
servers? If so you might want to try that. Our spam load decreased
remarkably after we implemented our RTBL.
My 2 cents,
Phil
If you like
on 12/17/04 2:31 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED]
wrote:
Does your e-mail system have the means of using RTBL (Real Time Black
List)
servers? If so you might want to try that. Our spam load decreased
remarkably
Hi!
I've put up a web page that connects ClamAV virus names to more popular
ones until an official solution comes.
http://www.nfllab.com/projects/cvnr/
Nagy Ferenc Lszl
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and
25 matches
Mail list logo