> On Feb 18, 2020, at 6:10 AM, Steve Basford
> wrote:
>
> On 2020-02-18 02:02, Paul Kosinski via clamav-users wrote:
>> How big is the img file? ClamAV has a 4 GB (2**32-1) size limit (alas),
>> maybe others do too.
> Here's 3 samples from a few days ago, so vary in size but not near 4 GB…
>
This was a new one that I have not seen before.
I uploaded the payload inside to VirusTotal, and it's not caught there
either:
https://www.virustotal.com/gui/file/368906d50bd279e9576aaa3d6dea269515410a5f
74cd93112767eb4bac310d1d/detection
My question is since this was in a disk image
> On Feb 27, 2016, at 6:09 PM, Al Varnell wrote:
>
> I understand SHA-256 is preferred, but MD-5 will also work.
>
> Submit them back here.
>
> -Al-
$ openssl dgst -sha256 invoice_SCAN_fGYbuu.zip
SHA256(invoice_SCAN_fGYbuu.zip)=
I understand SHA-256 is preferred, but MD-5 will also work.
Submit them back here.
-Al-
On Sat, Feb 27, 2016 at 06:08 PM, Kristen wrote:
>
> On 2/27/16 4:50 PM, Joel Esler (jesler) wrote:
>> Kristen,
>>
>> We'll take a look.
>>
>> Please send us the hashes of the files.
>>
>> --
>> Joel
On 2/27/16 4:50 PM, Joel Esler (jesler) wrote:
> Kristen,
>
> We'll take a look.
>
> Please send us the hashes of the files.
>
> --
> Joel Esler
> Manager, Talos Group
Which hashes do you desire? And then where should I submit them?
Kristen
>
> On Feb 27, 2016, at 8:21 PM, Kristen
>
Kristen,
We'll take a look.
Please send us the hashes of the files.
--
Joel Esler
Manager, Talos Group
Sent from my iPad
On Feb 27, 2016, at 8:21 PM, Kristen
> wrote:
List,
I just submitted to the virus submission webpage a new sample of a
List,
I just submitted to the virus submission webpage a new sample of a virus
email that slipped through clamd on my mail server. I received an email
with the subject "Successfully processed" from clamav.net. However the
content of this mail states;
Result:
Please encrypt your ZIP files with
Vincent Aniello wrote:
I know that the new clamav-milter is a work in progress. Is there any
chance of email notifications to an administrator when a virus is
detected being added back into clamav-milter in the future?
Hi Vincent,
I'm not particularly hot about notifications in the milter.
I know that the new clamav-milter is a work in progress. Is there any
chance of email notifications to an administrator when a virus is
detected being added back into clamav-milter in the future?
Thanks.
--Vincent
Disclaimer: Any references to Pipeline performance contained herein
Good morning,
I have local signatures (local.ndb) define.
One of my rules is not allways matched because
the UA or MTA may generate/modify different headers.
I have defined a match on:
application/zip; name=testdu28.zip
But emails are sometimes generated with:
...application/zip;
On Mon, 1 Sep 2008 Ken LEpee wrote:
I read once that many anti viruses which are meant for linux based
os don't work in computers using dual processor
On 01.09.08 11:34, G.W. Haywood wrote:
That is nonsense.
I guess that should mean that many antiviruses can't use two CPUs/cores etc.
[EMAIL PROTECTED]
Greetings,
i'm Ken and i'm new to linux, also the free software world. I'd like to ask:
I read once that many anti viruses which are meant for linux based os don't
work in computers using dual processor, such as the intel duo core and
dual-duo-core. Has this problem been
On 2008-09-01 12:34, Ken LEpee wrote:
[EMAIL PROTECTED]
Greetings,
i'm Ken and i'm new to linux, also the free software world. I'd like to ask:
I read once that many anti viruses which are meant for linux based os don't
work in computers using dual processor, such as the intel duo core
Hi there,
On Mon, 1 Sep 2008 Ken LEpee wrote:
i'm Ken and i'm new to linux, also the free software world...
Welcome. :)
I read once that many anti viruses which are meant for linux based
os don't work in computers using dual processor
That is nonsense. I have been using dual processor
- Forwarded message from Cron Daemon [EMAIL PROTECTED] -
X-NetKnow-InComing-4694-2-MailScanner-Watermark:
[EMAIL PROTECTED]
X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org
Date: Tue, 15 Apr 2008 16:48:03 -0600 (MDT)
From: Cron Daemon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Hi,
I need to register in order to post my email on this list.
Thanks
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
On Wed, 12 Mar 2008 17:06:20 -0300
Jaime Munita [EMAIL PROTECTED] wrote:
I need to register in order to post my email on this list.
Is that meant as a question or as a statement?
--
Gerard
[EMAIL PROTECTED]
Brain fried -- core dumped
signature.asc
Description: PGP signature
In reply to various responses:
We haven't reconfigured our local or domain Postfix mail servers
recently to do graylisting etc., but in April we moved from a shared
Web host to a dedicated computer for our domain (iment.com). At that
time, we installed a what was perhaps a newer Postfix as our
Paul Kosinski wrote:
In reply to various responses:
We haven't reconfigured our local or domain Postfix mail servers
recently to do graylisting etc., but in April we moved from a shared
Web host to a dedicated computer for our domain (iment.com). At that
time, we installed a what was
Hi there,
On Fri, 28 Dec 2007 Brian Read wrote:
I use a number of smeservers (aka e-smith), which all use clamav to
scan incoming emails. Up to (and including) version 6 I got plenty
of hits from clamav. As I upgraded to version 7, the clamav hits
subsided to only phishing emails being
Xavier Beaudouin escreveu:
Hello,
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing attempts, and
not even very many of them. In fact it seems that
El Monday, 24 December del 2007 a las 10:55:51AM, Dennis Peterson escribió:
Paul Kosinski wrote:
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing
G.W. Haywood wrote:
Hi there,
On Tue, 25 Dec 2007 Paul Kosinski wrote:
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing attempts, and
not even
Luis Miguel R. wrote:
El Monday, 24 December del 2007 a las 10:55:51AM, Dennis Peterson escribió:
Paul Kosinski wrote:
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem
John Rudd wrote:
Luis Miguel R. wrote:
El Monday, 24 December del 2007 a las 10:55:51AM, Dennis Peterson escribió:
Paul Kosinski wrote:
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and
Hi there,
On Tue, 25 Dec 2007 Paul Kosinski wrote:
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing attempts, and
not even very many of them. In
Paul Kosinski wrote:
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing attempts, and
not even very many of them. In fact it seems that our log
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing attempts, and
not even very many of them. In fact it seems that our log file shows
almost as many
Paul Kosinski wrote:
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing attempts, and
not even very many of them. In fact it seems that our log file
Hello again,
I had a problem of not detecting Email.Faketube on our configuration, using
clamav with amavisd-new.
I finally found that the problem seems to be the following :
- when I directly scan the email file, clamav finds that it's an email file
which correspond to type 4 in the signature
On Tue, 28 Aug 2007 12:17:16 +0200
Frederic Goudal [EMAIL PROTECTED] wrote:
I wonder what is to be done there :
- should amavisd-new send the original file and not the parts to clamav
(that's an amavis problem).
Yes, I belive there's some option in amavisd-new to do this..
- should clamav
Steve Basford [EMAIL PROTECTED]
Date: Tue, 28 Aug 2007 11:45:09 BST
Subject: Re: [Clamav-users] Email malware type detection and amavis
Frederic Goudal wrote:
- when amavisd-new calls clamd, it just gives the inside of the mail, which
does not correspond to type 4 in the signature database
On Monday 04 June 2007, BG Mahesh wrote:
Since many users had performance issues with the latest version of clamav we
thought of postponing the upgrade.
Wed May 30 23:24:29 CEST 2007
-
V 0.90.3
* Bugfixes:
skip
- libclamav/matcher-ac.c: optimize memory
On Mon, 2007-06-04 at 11:13 +0530, BG Mahesh wrote:
hi
We are using clamav-0.90.1 on Linux. Emails that are infected with
[EMAIL PROTECTED] are getting thru. Norton on our PC has been detecting
it.
Any idea what needs to be done to fix this problem? Since many users had
performance issues
hi
We are using clamav-0.90.1 on Linux. Emails that are infected with
[EMAIL PROTECTED] are getting thru. Norton on our PC has been detecting
it.
Any idea what needs to be done to fix this problem? Since many users had
performance issues with the latest version of clamav we thought of
postponing
James Miller schrieb:
[EMAIL PROTECTED] is not be picked up by clamav.
It is (and was) here:
| 2006-01-18 09:34:18 [...] H=p54a7c5f6.dip.t-dialin.net (amd2)
[84.167.197.246] F=[...] rejected after DATA: This message contains a virus
(Worm.VB-8).
Worm.VB-8 is ClamAV's name for [EMAIL
Thomas Hochstein [EMAIL PROTECTED]
James Miller schrieb:
[EMAIL PROTECTED] is not be picked up by clamav.
It is (and was) here:
| 2006-01-18 09:34:18 [...] H=p54a7c5f6.dip.t-dialin.net (amd2)
[84.167.197.246] F=[...] rejected after DATA: This message contains a virus
(Worm.VB-8).
On Thu, 19 Jan 2006, Gerard Seibert wrote:
Thomas Hochstein [EMAIL PROTECTED]
Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the
advisories I read.
I believe that, that definition was only added on the 18th. On 2/16 and
Not true. The first VB-8 I have logged is from 11:53
Christopher X. Candreva wrote:
On Thu, 19 Jan 2006, Gerard Seibert wrote:
Thomas Hochstein [EMAIL PROTECTED]
Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the
advisories I read.
I believe that, that definition was only added on the 18th. On 2/16 and
Not true. The
On Thu, 19 Jan 2006, Bill Maidment wrote:
Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 .
That all depends on your time zone. EST in Australia may be different to EST
somewhere else. Let's not get into a fight over this.
I mean GMT-0500 . I wasn't aware there were any
Bill Maidment wrote:
Christopher X. Candreva wrote:
On Thu, 19 Jan 2006, Gerard Seibert wrote:
Thomas Hochstein [EMAIL PROTECTED]
Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the
advisories I read.
I believe that, that definition was only added on the 18th. On
Christopher X. Candreva wrote:
On Thu, 19 Jan 2006, Bill Maidment wrote:
Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 .
That all depends on your time zone. EST in Australia may be different to EST
somewhere else. Let's not get into a fight over this.
I mean
On Thu, 19 Jan 2006 23:34:26 +1100 in [EMAIL PROTECTED]
Bill Maidment [EMAIL PROTECTED] wrote:
(My state is oh dear I need another beer)
A man has to believe in something, and I believe I'll have another beer.
--
Brian Morrison
bdm at fenrir dot org dot uk
GnuPG key ID DE32E5C5 -
Hi all,
[EMAIL PROTECTED] is not be picked up by clamav. I'm running 0.88 and have
the latest sigs (main version 35 and daily 1245).
I know I should figure out how to write a sig for this but is an update
expected soon?
Thanks,
Jim
___
On Wed, 18 Jan 2006, James Miller wrote:
[EMAIL PROTECTED] is not be picked up by clamav. I'm running 0.88 and have
the latest sigs (main version 35 and daily 1245).
I know I should figure out how to write a sig for this but is an update
expected soon?
Have you submitted a sample? If not,
i am a little bit confused:
i discovered that my customer has a pc infected with [EMAIL PROTECTED];
now i wonder if clamscan is able to find it and with which name it records the
virus; where i start to search?
thnx for help :)
m.
___
On 11/10/05, Maurizio Marini [EMAIL PROTECTED] wrote:
i am a little bit confused:
i discovered that my customer has a pc infected with [EMAIL PROTECTED];
now i wonder if clamscan is able to find it and with which name it records
the virus; where i start to search?
i am a little bit confused:
i discovered that my customer has a pc infected with [EMAIL PROTECTED];
now i wonder if clamscan is able to find it and with which name it records
the virus; where i start to search?
thnx for help :)
Ask the people who came up with [EMAIL PROTECTED]; what
Is it even possible for ClamAV on an MTA to block WALLON-style virii that
only include a link to themselves?
http://secunia.com/virus_information/9323/
[EMAIL PROTECTED]805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -eprint join
On Thu, Mar 25, 2004 at 05:05:42PM -0500, Jesse Guardiani wrote:
Howdy list,
Is there any way to make clamd log the structure of
a message and it's attachments? BinHex, MIME, plain-text,
ZIP, RAR, BZIP, GZIP, OLE2, etc...?
This information would be great for statistics, but I
could
On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote:
Is there any way to make clamd log the structure of
a message and it's attachments? BinHex, MIME, plain-text,
ZIP, RAR, BZIP, GZIP, OLE2, etc...?
I don't consider that to be the job of a virus scanner.
-Nigel
--
Nigel Horne.
Howdy list,
Is there any way to make clamd log the structure of
a message and it's attachments? BinHex, MIME, plain-text,
ZIP, RAR, BZIP, GZIP, OLE2, etc...?
This information would be great for statistics, but I
could imagine it being useful during troubleshooting
or tech support also.
--
Hi,
Quick question. By default, clamav sends an email to the sender, receiver
and the postmaster. How do i change the [EMAIL PROTECTED] to
another address?
Thanks
-=Raul=-
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free
PROTECTED]
Sent: Wednesday, March 03, 2004 3:14 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] email report
Hi,
Quick question. By default, clamav sends an email to the sender, receiver
and the postmaster. How do i change the [EMAIL PROTECTED] to
another address?
Thanks
-=Raul
On Wed, 3 Mar 2004, Raul Elizondo wrote:
Hi,
Quick question. By default, clamav sends an email to the sender, receiver
and the postmaster. How do i change the [EMAIL PROTECTED] to
another address?
Clam does not send any emails. It only scans files and detects virii.
What is sending the
be apreciated. :)
Regards,
-=Raul=-
- Original Message -
From: Dennis Skinner [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 3:15 PM
Subject: Re: [Clamav-users] email report
On Wed, 2004-03-03 at 16:13, Raul Elizondo wrote:
Hi,
Quick question
Actually, that notification to the sender, receiver and postmaster came by
default. I got clamav-0.67.tar.gz from http://www.clamav.net.
- Original Message -
From: Dennis Skinner [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 3:15 PM
Subject: Re: [Clamav-users
Message -
From: John Vestrum [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 3:27 PM
Subject: RE: [Clamav-users] email report
clamav sends an email to...
Nobody. That's the job of your MTA and filter package. I'm using postfix
and
amavis-new, what are you using?
You
Quick question. By default, clamav sends an email to the sender,
receiver and the postmaster. How do i change the
[EMAIL PROTECTED] to another address?
With the --postmaster option of clamav-milter. See man clamav-milter.
-Nigel
I am using the clamav-milter as a MTA.
What is the format of your mail files ? We may need some samples to
implement support for it.
Here are three infected mails (http://oban.ac-rouen.fr/virus/) get from
my postfix server.
When I extract manualy the attachement (with a mimencode -u) viruses are
detected by clamscan. When I scan
Here are three infected mails (http://oban.ac-rouen.fr/virus/) get from
my postfix server.
When I extract manualy the attachement (with a mimencode -u) viruses are
detected by clamscan. When I scan them directly with clamscan they
aren't detected (I'm using clamav0.6).
I works well with the
Am 28.10.2003 um 17:07 schrieb Cedric Foll:
Here are three infected mails (http://oban.ac-rouen.fr/virus/) get
from
my postfix server.
When I extract manualy the attachement (with a mimencode -u) viruses
are
detected by clamscan. When I scan them directly with clamscan they
aren't detected (I'm
Cedric Foll wrote:
Here are three infected mails (http://oban.ac-rouen.fr/virus/) get from
my postfix server.
When I extract manualy the attachement (with a mimencode -u) viruses are
detected by clamscan. When I scan them directly with clamscan they
aren't detected (I'm using clamav0.6).
On Mon, 27 Oct 2003 12:04:50 -0500
gabriel russell [EMAIL PROTECTED] wrote:
Under either clamav-devel-20031027 or clamav-0.60, using either
clamdscan or clamscan, if I scan an email containing a virus, the
virus is not seen, but the detatched exe, even zipped, is identified
as a virus. I've
-- Forwarded message -
Hello, New to Clamav.
My goal is to successfully scan and intercept incoming virus into my
email. But virus's keep going into my email. If I manually scan my
email with the command clamscan -r --mbox /var/spool/mail the virus is
detected. I delete
* Tom Bartos [EMAIL PROTECTED] [20031016 18:35]: wrote:
Question: How do I configure Clamav to automatically scan incoming
email and detect virus's
Intergrating Clamav with your mail server (MTA) is the solution.
cheers
- wash
On Fri, 2003-09-19 at 23:59, Antony Stone wrote:
Try clamscan --help
I already did (after your previous post) and it is there, I just think
it should be added to the man page as well, that is what man pages are
for after all.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
At 22:09 18/09/2003, Darryl W. DeLao Jr wrote:
Anyone
know of a way to make clamscan email you when its done scanning with the
results included?
pipe the results into mail
viz:-
(cd /;/usr/bin/clamscan --recursive --quarantine /var/clamav/quarantine
--infected --stdout --log
On Thu, 2003-09-18 at 23:30, Antony Stone wrote:
On Thursday 18 September 2003 10:58 pm, Kevin Spicer wrote:
clamscan ${YOUR_OPTIONS} --stdout | grep -v OK | mail -s Clamscan
results [EMAIL PROTECTED]
Achieve the same thing by including -i or --infected in ${YOUR_OPTIONS}
You know, I
On Thursday 18 September 2003 10:58 pm, Kevin Spicer wrote:
On Thu, 2003-09-18 at 22:09, Darryl W. DeLao Jr wrote:
Anyone know of a way to make clamscan email you when its done scanning
with the results included?
clamscan ${YOUR_OPTIONS} --stdout | mail -s Clamscan results
[EMAIL
70 matches
Mail list logo