Re: [clamav-users] Email payload in .img container

> On Feb 18, 2020, at 6:10 AM, Steve Basford > wrote: > > On 2020-02-18 02:02, Paul Kosinski via clamav-users wrote: >> How big is the img file? ClamAV has a 4 GB (2**32-1) size limit (alas), >> maybe others do too. > Here's 3 samples from a few days ago, so vary in size but not near 4 GB… >

[clamav-users] Email payload in .img container

This was a new one that I have not seen before. I uploaded the payload inside to VirusTotal, and it's not caught there either: https://www.virustotal.com/gui/file/368906d50bd279e9576aaa3d6dea269515410a5f 74cd93112767eb4bac310d1d/detection My question is since this was in a disk image

Re: [clamav-users] email error submitting a virus sample

> On Feb 27, 2016, at 6:09 PM, Al Varnell wrote: > > I understand SHA-256 is preferred, but MD-5 will also work. > > Submit them back here. > > -Al- $ openssl dgst -sha256 invoice_SCAN_fGYbuu.zip SHA256(invoice_SCAN_fGYbuu.zip)=

Re: [clamav-users] email error submitting a virus sample

I understand SHA-256 is preferred, but MD-5 will also work. Submit them back here. -Al- On Sat, Feb 27, 2016 at 06:08 PM, Kristen wrote: > > On 2/27/16 4:50 PM, Joel Esler (jesler) wrote: >> Kristen, >> >> We'll take a look. >> >> Please send us the hashes of the files. >> >> -- >> Joel

Re: [clamav-users] email error submitting a virus sample

On 2/27/16 4:50 PM, Joel Esler (jesler) wrote: > Kristen, > > We'll take a look. > > Please send us the hashes of the files. > > -- > Joel Esler > Manager, Talos Group Which hashes do you desire? And then where should I submit them? Kristen > > On Feb 27, 2016, at 8:21 PM, Kristen >

Re: [clamav-users] email error submitting a virus sample

Kristen, We'll take a look. Please send us the hashes of the files. -- Joel Esler Manager, Talos Group Sent from my iPad On Feb 27, 2016, at 8:21 PM, Kristen > wrote: List, I just submitted to the virus submission webpage a new sample of a

[clamav-users] email error submitting a virus sample

List, I just submitted to the virus submission webpage a new sample of a virus email that slipped through clamd on my mail server. I received an email with the subject "Successfully processed" from clamav.net. However the content of this mail states; Result: Please encrypt your ZIP files with

Re: [Clamav-users] Email notifications in clamav-milter 0.95

Vincent Aniello wrote: I know that the new clamav-milter is a work in progress. Is there any chance of email notifications to an administrator when a virus is detected being added back into clamav-milter in the future? Hi Vincent, I'm not particularly hot about notifications in the milter.

[Clamav-users] Email notifications in clamav-milter 0.95

I know that the new clamav-milter is a work in progress. Is there any chance of email notifications to an administrator when a virus is detected being added back into clamav-milter in the future? Thanks. --Vincent Disclaimer: Any references to Pipeline performance contained herein

[Clamav-users] Email header parsing

Good morning, I have local signatures (local.ndb) define. One of my rules is not allways matched because the UA or MTA may generate/modify different headers. I have defined a match on: application/zip; name=testdu28.zip But emails are sometimes generated with: ...application/zip;

Re: [Clamav-users] [EMAIL PROTECTED]: Question about dual processorMandriva. Please kindly help.

On Mon, 1 Sep 2008 Ken LEpee wrote: I read once that many anti viruses which are meant for linux based os don't work in computers using dual processor On 01.09.08 11:34, G.W. Haywood wrote: That is nonsense. I guess that should mean that many antiviruses can't use two CPUs/cores etc.

[Clamav-users] [EMAIL PROTECTED]: Question about dual processorMandriva. Please kindly help.

[EMAIL PROTECTED] Greetings,   i'm Ken and i'm new to linux, also the free software world. I'd like to ask: I read once that many anti viruses which are meant for linux based os don't work in computers using dual processor, such as the intel duo core and dual-duo-core. Has this problem been

Re: [Clamav-users] [EMAIL PROTECTED]: Question about dual processorMandriva. Please kindly help.

On 2008-09-01 12:34, Ken LEpee wrote: [EMAIL PROTECTED] Greetings, i'm Ken and i'm new to linux, also the free software world. I'd like to ask: I read once that many anti viruses which are meant for linux based os don't work in computers using dual processor, such as the intel duo core

Re: [Clamav-users] [EMAIL PROTECTED]: Question about dual processorMandriva. Please kindly help.

Hi there, On Mon, 1 Sep 2008 Ken LEpee wrote: i'm Ken and i'm new to linux, also the free software world... Welcome. :) I read once that many anti viruses which are meant for linux based os don't work in computers using dual processor That is nonsense. I have been using dual processor

[Clamav-users] [EMAIL PROTECTED]: Cron [EMAIL PROTECTED] /usr/contrib/bin/freshclam]

- Forwarded message from Cron Daemon [EMAIL PROTECTED] - X-NetKnow-InComing-4694-2-MailScanner-Watermark: [EMAIL PROTECTED] X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org Date: Tue, 15 Apr 2008 16:48:03 -0600 (MDT) From: Cron Daemon [EMAIL PROTECTED] To: [EMAIL PROTECTED]

[Clamav-users] email

Hi, I need to register in order to post my email on this list. Thanks ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] email

On Wed, 12 Mar 2008 17:06:20 -0300 Jaime Munita [EMAIL PROTECTED] wrote: I need to register in order to post my email on this list. Is that meant as a question or as a statement? -- Gerard [EMAIL PROTECTED] Brain fried -- core dumped signature.asc Description: PGP signature

Re: [Clamav-users] Email viruses almost non-existent?

In reply to various responses: We haven't reconfigured our local or domain Postfix mail servers recently to do graylisting etc., but in April we moved from a shared Web host to a dedicated computer for our domain (iment.com). At that time, we installed a what was perhaps a newer Postfix as our

Re: [Clamav-users] Email viruses almost non-existent?

Paul Kosinski wrote: In reply to various responses: We haven't reconfigured our local or domain Postfix mail servers recently to do graylisting etc., but in April we moved from a shared Web host to a dedicated computer for our domain (iment.com). At that time, we installed a what was

Re: [Clamav-users] Email viruses almost non-existent?

Hi there, On Fri, 28 Dec 2007 Brian Read wrote: I use a number of smeservers (aka e-smith), which all use clamav to scan incoming emails. Up to (and including) version 6 I got plenty of hits from clamav. As I upgraded to version 7, the clamav hits subsided to only phishing emails being

Re: [Clamav-users] Email viruses almost non-existent?

Xavier Beaudouin escreveu: Hello, In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem to be only phishing attempts, and not even very many of them. In fact it seems that

Re: [Clamav-users] Email viruses almost non-existent?

El Monday, 24 December del 2007 a las 10:55:51AM, Dennis Peterson escribió: Paul Kosinski wrote: In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem to be only phishing

Re: [Clamav-users] Email viruses almost non-existent?

G.W. Haywood wrote: Hi there, On Tue, 25 Dec 2007 Paul Kosinski wrote: In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem to be only phishing attempts, and not even

Re: [Clamav-users] Email viruses almost non-existent?

Luis Miguel R. wrote: El Monday, 24 December del 2007 a las 10:55:51AM, Dennis Peterson escribió: Paul Kosinski wrote: In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem

Re: [Clamav-users] Email viruses almost non-existent?

John Rudd wrote: Luis Miguel R. wrote: El Monday, 24 December del 2007 a las 10:55:51AM, Dennis Peterson escribió: Paul Kosinski wrote: In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and

Re: [Clamav-users] Email viruses almost non-existent?

Hi there, On Tue, 25 Dec 2007 Paul Kosinski wrote: In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem to be only phishing attempts, and not even very many of them. In

Re: [Clamav-users] Email viruses almost non-existent?

Paul Kosinski wrote: In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem to be only phishing attempts, and not even very many of them. In fact it seems that our log

[Clamav-users] Email viruses almost non-existent?

In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem to be only phishing attempts, and not even very many of them. In fact it seems that our log file shows almost as many

Re: [Clamav-users] Email viruses almost non-existent?

Paul Kosinski wrote: In December 2006, we were running ClamAV 0.88.7, and there were still a fair number of real viruses being detected in inbound email. Now running 0.91.2 and 0.92, there seem to be only phishing attempts, and not even very many of them. In fact it seems that our log file

[Clamav-users] Email malware type detection and amavis

Hello again, I had a problem of not detecting Email.Faketube on our configuration, using clamav with amavisd-new. I finally found that the problem seems to be the following : - when I directly scan the email file, clamav finds that it's an email file which correspond to type 4 in the signature

Re: [Clamav-users] Email malware type detection and amavis

On Tue, 28 Aug 2007 12:17:16 +0200 Frederic Goudal [EMAIL PROTECTED] wrote: I wonder what is to be done there : - should amavisd-new send the original file and not the parts to clamav (that's an amavis problem). Yes, I belive there's some option in amavisd-new to do this.. - should clamav

Re: [Clamav-users] Email malware type detection and amavis

Steve Basford [EMAIL PROTECTED] Date: Tue, 28 Aug 2007 11:45:09 BST Subject: Re: [Clamav-users] Email malware type detection and amavis Frederic Goudal wrote: - when amavisd-new calls clamd, it just gives the inside of the mail, which does not correspond to type 4 in the signature database

Re: [Clamav-users] [EMAIL PROTECTED] is getting thru

On Monday 04 June 2007, BG Mahesh wrote: Since many users had performance issues with the latest version of clamav we thought of postponing the upgrade. Wed May 30 23:24:29 CEST 2007 - V 0.90.3 * Bugfixes: skip - libclamav/matcher-ac.c: optimize memory

Re: [Clamav-users] [EMAIL PROTECTED] is getting thru

On Mon, 2007-06-04 at 11:13 +0530, BG Mahesh wrote: hi We are using clamav-0.90.1 on Linux. Emails that are infected with [EMAIL PROTECTED] are getting thru. Norton on our PC has been detecting it. Any idea what needs to be done to fix this problem? Since many users had performance issues

[Clamav-users] [EMAIL PROTECTED] is getting thru

hi We are using clamav-0.90.1 on Linux. Emails that are infected with [EMAIL PROTECTED] are getting thru. Norton on our PC has been detecting it. Any idea what needs to be done to fix this problem? Since many users had performance issues with the latest version of clamav we thought of postponing

Re: [Clamav-users] [EMAIL PROTECTED] undetected

James Miller schrieb: [EMAIL PROTECTED] is not be picked up by clamav. It is (and was) here: | 2006-01-18 09:34:18 [...] H=p54a7c5f6.dip.t-dialin.net (amd2) [84.167.197.246] F=[...] rejected after DATA: This message contains a virus (Worm.VB-8). Worm.VB-8 is ClamAV's name for [EMAIL

Re: [Clamav-users] [EMAIL PROTECTED] undetected

Thomas Hochstein [EMAIL PROTECTED] James Miller schrieb: [EMAIL PROTECTED] is not be picked up by clamav. It is (and was) here: | 2006-01-18 09:34:18 [...] H=p54a7c5f6.dip.t-dialin.net (amd2) [84.167.197.246] F=[...] rejected after DATA: This message contains a virus (Worm.VB-8).

Re: [Clamav-users] [EMAIL PROTECTED] undetected

On Thu, 19 Jan 2006, Gerard Seibert wrote: Thomas Hochstein [EMAIL PROTECTED] Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the advisories I read. I believe that, that definition was only added on the 18th. On 2/16 and Not true. The first VB-8 I have logged is from 11:53

Re: [Clamav-users] [EMAIL PROTECTED] undetected

Christopher X. Candreva wrote: On Thu, 19 Jan 2006, Gerard Seibert wrote: Thomas Hochstein [EMAIL PROTECTED] Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the advisories I read. I believe that, that definition was only added on the 18th. On 2/16 and Not true. The

Re: [Clamav-users] [EMAIL PROTECTED] undetected

On Thu, 19 Jan 2006, Bill Maidment wrote: Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 . That all depends on your time zone. EST in Australia may be different to EST somewhere else. Let's not get into a fight over this. I mean GMT-0500 . I wasn't aware there were any

Re: [Clamav-users] [EMAIL PROTECTED] undetected

Bill Maidment wrote: Christopher X. Candreva wrote: On Thu, 19 Jan 2006, Gerard Seibert wrote: Thomas Hochstein [EMAIL PROTECTED] Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the advisories I read. I believe that, that definition was only added on the 18th. On

Re: [Clamav-users] [EMAIL PROTECTED] undetected

Christopher X. Candreva wrote: On Thu, 19 Jan 2006, Bill Maidment wrote: Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 . That all depends on your time zone. EST in Australia may be different to EST somewhere else. Let's not get into a fight over this. I mean

Re: [Clamav-users] [EMAIL PROTECTED] undetected

On Thu, 19 Jan 2006 23:34:26 +1100 in [EMAIL PROTECTED] Bill Maidment [EMAIL PROTECTED] wrote: (My state is oh dear I need another beer) A man has to believe in something, and I believe I'll have another beer. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 -

[Clamav-users] [EMAIL PROTECTED] undetected

Hi all, [EMAIL PROTECTED] is not be picked up by clamav. I'm running 0.88 and have the latest sigs (main version 35 and daily 1245). I know I should figure out how to write a sig for this but is an update expected soon? Thanks, Jim ___

Re: [Clamav-users] [EMAIL PROTECTED] undetected

On Wed, 18 Jan 2006, James Miller wrote: [EMAIL PROTECTED] is not be picked up by clamav. I'm running 0.88 and have the latest sigs (main version 35 and daily 1245). I know I should figure out how to write a sig for this but is an update expected soon? Have you submitted a sample? If not,

[Clamav-users] [EMAIL PROTECTED]

i am a little bit confused: i discovered that my customer has a pc infected with [EMAIL PROTECTED]; now i wonder if clamscan is able to find it and with which name it records the virus; where i start to search? thnx for help :) m. ___

Re: [Clamav-users] [EMAIL PROTECTED]

On 11/10/05, Maurizio Marini [EMAIL PROTECTED] wrote: i am a little bit confused: i discovered that my customer has a pc infected with [EMAIL PROTECTED]; now i wonder if clamscan is able to find it and with which name it records the virus; where i start to search?

Re: [Clamav-users] [EMAIL PROTECTED]

i am a little bit confused: i discovered that my customer has a pc infected with [EMAIL PROTECTED]; now i wonder if clamscan is able to find it and with which name it records the virus; where i start to search? thnx for help :) Ask the people who came up with [EMAIL PROTECTED]; what

[Clamav-users] email link virii

Is it even possible for ClamAV on an MTA to block WALLON-style virii that only include a link to themselves? http://secunia.com/virus_information/9323/ [EMAIL PROTECTED]805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -eprint join

Re: [Clamav-users] email structure logging

On Thu, Mar 25, 2004 at 05:05:42PM -0500, Jesse Guardiani wrote: Howdy list, Is there any way to make clamd log the structure of a message and it's attachments? BinHex, MIME, plain-text, ZIP, RAR, BZIP, GZIP, OLE2, etc...? This information would be great for statistics, but I could

Re: [Clamav-users] email structure logging

On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote: Is there any way to make clamd log the structure of a message and it's attachments? BinHex, MIME, plain-text, ZIP, RAR, BZIP, GZIP, OLE2, etc...? I don't consider that to be the job of a virus scanner. -Nigel -- Nigel Horne.

[Clamav-users] email structure logging

Howdy list, Is there any way to make clamd log the structure of a message and it's attachments? BinHex, MIME, plain-text, ZIP, RAR, BZIP, GZIP, OLE2, etc...? This information would be great for statistics, but I could imagine it being useful during troubleshooting or tech support also. --

[Clamav-users] email report

Hi, Quick question. By default, clamav sends an email to the sender, receiver and the postmaster. How do i change the [EMAIL PROTECTED] to another address? Thanks -=Raul=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free

RE: [Clamav-users] email report

PROTECTED] Sent: Wednesday, March 03, 2004 3:14 PM To: [EMAIL PROTECTED] Subject: [Clamav-users] email report Hi, Quick question. By default, clamav sends an email to the sender, receiver and the postmaster. How do i change the [EMAIL PROTECTED] to another address? Thanks -=Raul

Re: [Clamav-users] email report

On Wed, 3 Mar 2004, Raul Elizondo wrote: Hi, Quick question. By default, clamav sends an email to the sender, receiver and the postmaster. How do i change the [EMAIL PROTECTED] to another address? Clam does not send any emails. It only scans files and detects virii. What is sending the

Re: [Clamav-users] email report

be apreciated. :) Regards, -=Raul=- - Original Message - From: Dennis Skinner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 3:15 PM Subject: Re: [Clamav-users] email report On Wed, 2004-03-03 at 16:13, Raul Elizondo wrote: Hi, Quick question

Re: [Clamav-users] email report

Actually, that notification to the sender, receiver and postmaster came by default. I got clamav-0.67.tar.gz from http://www.clamav.net. - Original Message - From: Dennis Skinner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 3:15 PM Subject: Re: [Clamav-users

Re: [Clamav-users] email report

Message - From: John Vestrum [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 3:27 PM Subject: RE: [Clamav-users] email report clamav sends an email to... Nobody. That's the job of your MTA and filter package. I'm using postfix and amavis-new, what are you using? You

Re: [Clamav-users] email report

Quick question. By default, clamav sends an email to the sender, receiver and the postmaster. How do i change the [EMAIL PROTECTED] to another address? With the --postmaster option of clamav-milter. See man clamav-milter. -Nigel I am using the clamav-milter as a MTA.

Re: [Clamav-users] email scanning not working

What is the format of your mail files ? We may need some samples to implement support for it. Here are three infected mails (http://oban.ac-rouen.fr/virus/) get from my postfix server. When I extract manualy the attachement (with a mimencode -u) viruses are detected by clamscan. When I scan

Re: [Clamav-users] email scanning not working

Here are three infected mails (http://oban.ac-rouen.fr/virus/) get from my postfix server. When I extract manualy the attachement (with a mimencode -u) viruses are detected by clamscan. When I scan them directly with clamscan they aren't detected (I'm using clamav0.6). I works well with the

Re: [Clamav-users] email scanning not working

Am 28.10.2003 um 17:07 schrieb Cedric Foll: Here are three infected mails (http://oban.ac-rouen.fr/virus/) get from my postfix server. When I extract manualy the attachement (with a mimencode -u) viruses are detected by clamscan. When I scan them directly with clamscan they aren't detected (I'm

Re: [Clamav-users] email scanning not working

Cedric Foll wrote: Here are three infected mails (http://oban.ac-rouen.fr/virus/) get from my postfix server. When I extract manualy the attachement (with a mimencode -u) viruses are detected by clamscan. When I scan them directly with clamscan they aren't detected (I'm using clamav0.6).

Re: [Clamav-users] email scanning not working

On Mon, 27 Oct 2003 12:04:50 -0500 gabriel russell [EMAIL PROTECTED] wrote: Under either clamav-devel-20031027 or clamav-0.60, using either clamdscan or clamscan, if I scan an email containing a virus, the virus is not seen, but the detatched exe, even zipped, is identified as a virus. I've

[Clamav-users] Email not getting scanned

-- Forwarded message - Hello, New to Clamav. My goal is to successfully scan and intercept incoming virus into my email. But virus's keep going into my email. If I manually scan my email with the command clamscan -r --mbox /var/spool/mail the virus is detected. I delete

Re: [Clamav-users] Email not getting scanned

* Tom Bartos [EMAIL PROTECTED] [20031016 18:35]: wrote: Question: How do I configure Clamav to automatically scan incoming email and detect virus's Intergrating Clamav with your mail server (MTA) is the solution. cheers - wash

Re: [Clamav-users] Email results

On Fri, 2003-09-19 at 23:59, Antony Stone wrote: Try clamscan --help I already did (after your previous post) and it is there, I just think it should be added to the man page as well, that is what man pages are for after all. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000

Re: [Clamav-users] Email results

At 22:09 18/09/2003, Darryl W. DeLao Jr wrote: Anyone know of a way to make clamscan email you when its done scanning with the results included? pipe the results into mail viz:- (cd /;/usr/bin/clamscan --recursive --quarantine /var/clamav/quarantine --infected --stdout --log

Re: [Clamav-users] Email results

On Thu, 2003-09-18 at 23:30, Antony Stone wrote: On Thursday 18 September 2003 10:58 pm, Kevin Spicer wrote: clamscan ${YOUR_OPTIONS} --stdout | grep -v OK | mail -s Clamscan results [EMAIL PROTECTED] Achieve the same thing by including -i or --infected in ${YOUR_OPTIONS} You know, I

Re: [Clamav-users] Email results

On Thursday 18 September 2003 10:58 pm, Kevin Spicer wrote: On Thu, 2003-09-18 at 22:09, Darryl W. DeLao Jr wrote: Anyone know of a way to make clamscan email you when its done scanning with the results included? clamscan ${YOUR_OPTIONS} --stdout | mail -s Clamscan results [EMAIL