Nigel,
Thanks for your reply, and please accept my apologies for the woeful lack of
detail in my first post.
Here's how we kick off clamav:
#!/bin/sh
/usr/local/bin/freshclam -d -p /var/clamav/freshclam.pid
/usr/local/sbin/clamd
/usr/local/sbin/clamav-milter --debug -c /etc/clamav.conf -AdNq
Hello,
Mitch (WebCob) wrote:
This is not an isolated case. The virus submission page must be changed
to run the latest RELEASED version of clamav.
Haven't looked in a while, but I think it should:
Display result using latest RELEASE
Display result using latest CVS
Display IDENTITY of the virus
Hello,
Bill Maidment wrote:
I'm getting these errors on multiple machines when trying to scan an
email with an attachment on 0.80rc2 and upgrading to rc3 didn't help.
Any ideas?
Sep 29 14:27:44 video mimedefang.pl[28480]: i8T4Rc2d028538: Clamd
returned error:
Hi,
I see that a similar reported problem was fixed (RFC2298 fixes) but I
have a slightly different problem.
After some debugging, I can see that clamav doesn't seem to be able to
scan POSIX tar archives (returns Bad format or broken data ERROR)
while GNU tar archives are fine.
I used 'file'
Note that I couldn't get clamav-milter to accept --dubug-level=n despite
this being documented in the man page and building with
% ./configure --enable-debug
That should read --debug-level not --dubug-level.
-Nigel
---
This SF.net
On Tue, 2004-09-28 at 21:35, Steffen Heil wrote:
Hi
I have a serious issue with the current way virus samples are submitted.
Right now, many viruses, such as the currently-spreading jpeg virus (see
http://www.easynews.com/virus.txt) are detected by 0.80rc# or by some CVS
version. But we
Hi everyone,
Bogusaw Brandys wrote:
This is not an isolated case. The virus submission page must be
changed to run the latest RELEASED version of clamav.
Seconded. I run an up-to-date release version of ClamAV (0.75), there
are virusses getting trough, but I can't submit them because 0.80rc3
Askari wrote:
Yes, my raq4i run linux system. Any links tutorial and file for setup
clamav on my raq4i ?, where i can found it?.
Seeing as it would not appear that you have even attempted installation
yet, reading the basic documentation may, (by some weird stroke of
fortune), point you in
On Wed, 2004-09-29 at 11:21, Paul Boven wrote:
Hi everyone,
Bogusaw Brandys wrote:
This is not an isolated case. The virus submission page must be
changed to run the latest RELEASED version of clamav.
Seconded. I run an up-to-date release version of ClamAV (0.75), there
The
On Wednesday 29 Sep 2004 09:28, Steve Brown wrote:
After some debugging, I can see that clamav doesn't seem to be able to
scan POSIX tar archives (returns Bad format or broken data ERROR)
while GNU tar archives are fine.
Send me an example, please, and I'll have a look into it.
I used
Hello list,
I am using clamav version 0.72
qmail 1.3
Qmail-scanner-queue 1.21st
I have a problem and I think it is related to
clamav.
The is a virus with name W32.Netsky.p.dam ( according to
Norton antivirus) not caught by clamav.
Is there is something wrong in my setup or it is not yet in
Hi,
Steve Brown wrote:
Hi,
I see that a similar reported problem was fixed (RFC2298 fixes) but I
have a slightly different problem.
After some debugging, I can see that clamav doesn't seem to be able to
scan POSIX tar archives (returns Bad format or broken data ERROR)
while GNU tar archives
Paul Boven wrote:
This is not an isolated case. The virus submission page must be
changed to run the latest RELEASED version of clamav.
Seconded. I run an up-to-date release version of ClamAV (0.75), there
are virusses getting trough, but I can't submit them because 0.80rc3
would
Kareem Mahgoub wrote:
Hello list,
I am using clamav version 0.72
qmail 1.3
Qmail-scanner-queue1.21st
I have a problem and I think it is related to clamav.
The is a virus with name W32.Netsky.p.dam ( according to Norton
antivirus) not caught by clamav.
Is there is something wrong in my setup
On Wed, 2004-09-29 at 12:42, Bill Maidment wrote:
Trog wrote:
The current stable version is 0.75.1
The stable webpage points me to 0.80rc3 as the latest!!!
No it doesn't. It takes you to a page containing a number of links and
information, one such link is to
Hi, in my /var/log/clamav/freashcleam.log:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 14:45:30 2004
ERROR: Can't open new file ./clamav-8afb9be871b84532 to write
ERROR: Can't download main.cvd from 147.229.3.16
.. the owner of
- Original Message -
From: Kareem Mahgoub [EMAIL PROTECTED]
Hello list,
I am using clamav version 0.72
Upgrade to at least 0.75.1, update your signatures and try again.
--
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a
Nigel Horne wrote:
Send me an example, please, and I'll have a look into it.
Sure, I already asked the user to create an example suitable for the
public domain in advance of my query ;-)
Naturally he's on holiday today, and I'm away from tomorrow for a
week... When I get back I'll forward it.
Hi
There are a significant amount of other methods that will generally detect
an infected email. Approximately 3.8% of infected emails ever reach the
stage where the virus scanners I use get called into action, and Clam hasn't
missed one of those yet. Check for other email exploits before
Lol @ preacher
-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]
Sent: 29 September 2004 14:45
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] virus submission problem
Paul Boven wrote:
This is not an isolated case. The virus submission page must be
changed to run the
On Wed, 2004-09-29 at 05:34, Brandon Knitter wrote:
I have a few images that seem to be flagged as virii, when they are not. I'm
taking an image that is considered fine (no virus), then when I process it
through convert (ImageMagick) it thinks it's has the virus. I have over 4000
images
On Wed, 29 Sep 2004 15:20:50 +0200 in
[EMAIL PROTECTED] Salvatore Basso
[EMAIL PROTECTED] wrote:
.. the owner of /var/log/clamav/ permission is clamav/clamav
(user/group), and the /var/lib/clamav is empty !
When I mistake ??
Ownership of /var/lib/clamav? Should be clamav/clamav
Salvatore Basso wrote:
Hi, I have the following problem with clamav 0.75.1 on fc 2:
[EMAIL PROTECTED] Archive-Zip-1.13]# /usr/local/bin/freshclam -d
ERROR: Can't open /var/log/freshclam.log in append mode.
ERROR: Problem with internal logger
.. when I mistake ??
Your mistake was not searching
On Wed, 29 Sep 2004 17:34:06 +0200
Bogusław Brandys [EMAIL PROTECTED] wrote:
What is the value of TMPDIR variable ? Empty ? I suspect that
Freshclam doesn't use TMPDIR, it only create files in DatabaseDirectory.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\.
Is clamd running? It's difficult to read your mail because you've sent
from Hotmail which annoyingly puts HTML in e-mails, but it looks as
though clamd is running OK. Try to clamdscan (note the d) a file.
Are you running 0.75 or 0.80?
What makes you believe that incoming messages aren't being
Matt scribbled on Wednesday, September 29, 2004 4:02 AM:
Askari wrote:
Yes, my raq4i run linux system. Any links tutorial and file for setup
clamav on my raq4i ?, where i can found it?.
Seeing as it would not appear that you have even attempted
installation yet, reading the basic
Put /var/lib/clamav to owner clamav group clamav.
Salvatore Basso wrote:
Hi, in my /var/log/clamav/freashcleam.log:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 14:45:30 2004
ERROR: Can't open new file ./clamav-8afb9be871b84532 to
On Wednesday 29 Sep 2004 13:28, Damon McMahon wrote:
gt; Sep 29 10:57:31 localhost clamd[9693]: clamd daemon 0.75.1 (OS:
darwin7.5.0,
If I'd looked closer I'd seen that. Duh. You're sunning 0.75.1 I see. The other
questions are still valid though.
-Nigel
--
Nigel Horne. Arranger, Composer,
On Wed, Sep 29, 2004 at 03:17:08PM +0200, Steffen Heil said:
Hi
There are a significant amount of other methods that will generally detect
an infected email. Approximately 3.8% of infected emails ever reach the
stage where the virus scanners I use get called into action, and Clam hasn't
Bogusaw Brandys wrote:
First check how is set TMPDIR and permissions to that directory , i
think (but I maybe wrong ;-)
TMPDIR is not set to anything. What controls that? I've never had any
problems like this until today.
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/
snip
I agree totally with Matt. Definitely read everything in the
docs before
attempting an install. I would also suggest using MailScanner
as a wrapper
for ClamAV (and Spamassassin if desired) as it makes things
much easier.
There is a tutorial for the raq4 at
Matt wrote:
Steffen Heil wrote:
For example, I DO have dnsblacklists, helo string checking, mime checks,
clsid extension checks, empty and to large boundary checks, verify
sender domain and soon some callout-checks in front of clamav.
However, some mail should get delivered and those should be
I guess a better way of putting it is this. Here is a copy of what my
inbox looks like:
With 80RC3:
[EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k
[EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k
With 75.1
[EMAIL PROTECTED] 8:50 Virus intercepted 1.6 k
[EMAIL PROTECTED] 8:50 Virus
Hi .. now the owner of /var/lib/clamav is clamav/clamav and the problem result .. but
I have still problem:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 18:45:30 2004
main.cvd updated (version: 27, sigs: 23982, f-level: 2, builder:
Joe Maimon wrote:
I may be in the minority here but I strenuously object to the banned
extensions methodology. Especialy when implementing outside of the SMTP
layer.
For a service provider its a hassle for their customers. An internal
corp. may be able to inflict such abuse on its users,
I can't remember the original problem, you've removed the history from this
post that would have reminded me!
-Nigel
On Wednesday 29 Sep 2004 02:58, Damon McMahon wrote:
Nigel,
Thanks for your reply, and please accept my apologies for the woeful lack of
detail in my first post.
Here's
On Wed, 29 Sep 2004 21:05:54 +0200 in
[EMAIL PROTECTED] Salvatore Basso
[EMAIL PROTECTED] wrote:
ERROR: Clamd was NOT notified: Can't connect to clamd through
/tmp/clamd
.. why I have this error ?? perhaps after that I configured
user/group clamav on /var/lib/clamav is necessary only
Hi
The main types of checks that should be done are regarding the composition
of the emails. For example, the ones you mention above, clsid and boundary
checks, will stop a proportional amount of virus mails from getting any
further.
Okay... already doing so.
Then there are others, like
Salvatore Basso wrote:
.. is normal that I haven't file /etc/clamd.conf ??
You're running 0-75.1. The config file is clamav.conf.
Matt
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your
.. however start and stop clamd and try again /usr/local/bin/freshclam -d and in
freshclam.log there is writed:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 22:29:30 2004
main.cvd updated (version: 27, sigs: 23982, f-level: 2,
Steffen Heil wrote:
I cannot prevent such things. I have no way to tell my customers: you
may not send each other executables or html-files with frames. They
would go somewhere else immediately.
Just shifted the reply to this thread, Steffen. The iframe exploit, you
are already
On Wed, 29 Sep 2004 22:30:55 +0200 in
[EMAIL PROTECTED] Salvatore Basso
[EMAIL PROTECTED] wrote:
.. therefore now is all ok ??!!, it's just ??
thanks.
Possibly, I've just noticed that your config file for clamd is probably
still called clamav.conf as you are using 0.75.1, so you need:
Sorry if this has been reported already; I'm behind on email.
Running 0.80rc3.
[EMAIL PROTECTED] etc]# /etc/init.d/clamav-milter start
Starting clamav-milter: clamav-milter: ScanMail not enabled in
/usr/local/encap/clamav-0.80rc3/etc/clamd.conf
The .conf file says:
# Enable internal e-mail
On Wed, 29 Sep 2004, Brandon Knitter wrote:
I'm unsure what type of camera originally took the pictures. But the original
pictures DO NOT show as having a virus. After I put it through ImageMagick's
convert (I make thumbnails) it then thinks it has the virus.
Now, I'm pretty sure that
Dennis Peterson wrote:
Since building and installing .80rc2 and then rc3, all the memory leaks
are gone.
You know, I just noticed that you're right :)
I wouldn't call it memory leaks though, since it may be just high
memory usage
(remember the long kernel: Out of Memory thread?)
But the point
On Wed, 29 Sep 2004 10:21:10 -0700
Brandon Knitter [EMAIL PROTECTED] wrote:
I'm unsure what type of camera originally took the pictures. But the
original pictures DO NOT show as having a virus. After I put it
through ImageMagick'sconvert (I make thumbnails) it then thinks it
has the virus.
On or about Wed, 29 Sep 2004 09:09:25 +1000
Gib Gilbertson Jr. [EMAIL PROTECTED] allegedly wrote:
I just downloaded and tried to make and get the same error message.
According to the date of the post below from the archives, I would think
this was fixed by now?
I'm running FreeBSD 4.10,
Please ignore this message.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
\..._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Thu Sep 30 02:31:51 CEST 2004
pgpjroeTZFQkd.pgp
Tomasz Kojm wrote:
Please ignore this message.
Ummm, make me ?
Rick
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Wed, 29 Sep 2004, Damian Menscher wrote:
I just upgraded to 0.80rc3 on a RH9 machine. As a test of clamav, I went
into my public_html directory and did a clamscan -r. It found one of my
images to contain the virus:
[EMAIL PROTECTED] public_html]# clamscan -r .
./Asia_Pics/New
Damian Menscher said:
On Wed, 29 Sep 2004, Damian Menscher wrote:
If I had to guess, I'd say clamscan has some uninitialized memory that's
causing occasional false positives. If anyone can suggest an
alternative
explanation, or a way I could debug this further, I'd love to help.
Problem
On Wed, 29 Sep 2004, Dennis Peterson wrote:
Anyone got a plan for when encrypted zip'd jpeg files start showing up?
dp
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Either start a password greper/parser which should be able
Joe,
On Wed, 2004-09-29 at 23:04, Joe Christy wrote:
Will clamav-announce and clamav-virusdb be moving as well?
All of the clamav(-*) mailing lists are on lists.clamav.net now.
Cheers,
Mike
___
53 matches
Mail list logo