Dear,
One of our customers got a virus not detected by
Clamav:dhl-express-prtcopy-Delivery-Failure-Notification-HXZsVlN[...].exe
A fake DHL non-delivery report.
Other engines do detect it:
BitDefender 7.2 2011.06.27 Trojan.Zbot.1911
F-Secure 9.0.16440.0 2011.06.27 Trojan.Zbot.1911
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any solution?
I have the same problem.
I manage a mail server used by a vendor of DHL.
Pretty annoying as far as all emails from DHL are sensible and
important for the suers :-)
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any solution?
I have the same problem.
I manage a mail server used by a vendor of DHL.
Pretty
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any solution?
I have the same problem.
Hi there,
On Wed, 29 Jun 2011 Jerry wrote:
I have a FreeBSD-8.2/amd64 that runs the latest version of Clamav
without any serious problems. From time to time it does suddenly
die...
Would you share with us your definition of serious problems?
--
73,
Ged.
On 2011-06-29 13:04, polloxx wrote:
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same problem? Any
On Jun 29, 2011, at 6:04 AM, polloxx wrote:
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx poll...@gmail.com wrote:
Are there other user with the same
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
(instead of waiting for it to come through Virustotal)
J
On Jun 29, 2011, at 5:24 AM, polloxx wrote:
Dear,
One of our customers got a virus
On Wed, 29 Jun 2011 13:12:30 +0300
Török Edwin articulated:
On 2011-06-29 13:04, polloxx wrote:
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote:
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby
wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx
On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler jes...@sourcefire.com wrote:
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
(instead of waiting for it to come through Virustotal)
Joel,
I did
On Jun 29, 2011, at 7:58 AM, polloxx wrote:
On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler jes...@sourcefire.com wrote:
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
(instead of waiting for
I think he should demand all his money back.
--
Michael Scheidell, CTO
SECNAP Network Security
-Original message-
From: Joel Esler jes...@sourcefire.com
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Wed, Jun 29, 2011 10:50:25 GMT+00:00
Subject: Re: [clamav-users] Virus not
On 2011 Jun 29, at 12:49 , Joel Esler wrote:
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it bubble up so the rule writers can get to it faster.
Or if you're lucky and it's the exact same file every time, you can trivially
create your own
Ok, so not just me.
I am going to ask Ralf Hildebrandt what version of os he is using.
maybe we can track this down.
Original Message
Subject:Re: AV timeout?
Date: Wed, 29 Jun 2011 09:36:20 +0200
From: Ralf Hildebrandt ralf.hildebra...@charite.de
To:
Seriously! Why not have the user shut down his mail system entirely.
That would pretty much ensure that no Virus or Malware is delivered via
SMTP.
Your suggest is only feasible if the user never wants to receive any
executable or archived file formats. Assuming that they do, a better
On Wed, 29 Jun 2011 12:45:37 +0300
Henrik K h...@hege.li wrote:
So your users receive lot of legimate exes?
Nope, exes are zipped
--
RMA.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On 6/29/11 9:24 AM, Michael Scheidell wrote:
Ok, so not just me.
I am going to ask Ralf Hildebrandt what version of os he is using.
maybe we can track this down.
so, its not just on amd64, freebsd 7.3.
he answered this:
freebsd? amd64? what version of Freebsd?
Debian Linux Testing,
On 6/28/11 3:23 PM, Török Edwin wrote:
Maybe this one:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=bbfe830c935837cfc357541cb307a7b863394abb;hp=d9ff9e65080d7c70de722e174d365d3b2cb312d3
But it survived a full regression test here (Linux/amd64).
Will go through the code again
On 2011-06-29 17:01, Michael Scheidell wrote:
On 6/29/11 9:24 AM, Michael Scheidell wrote:
Ok, so not just me.
I am going to ask Ralf Hildebrandt what version of os he is using.
maybe we can track this down.
so, its not just on amd64, freebsd 7.3.
he answered this:
freebsd? amd64?
On 6/29/11 10:32 AM, Török Edwin wrote:
Can you ask him to attach gdb to it?
Or to run gcorepid?
That way we could get a stacktrace and have some idea on where the bug is.
Best regards,
--Edwin
___
already did.
we, who appreciate all the work the clamav team does for us will always
* Török Edwin edwinto...@gmail.com:
On 2011-06-29 17:01, Michael Scheidell wrote:
On 6/29/11 9:24 AM, Michael Scheidell wrote:
Ok, so not just me.
I am going to ask Ralf Hildebrandt what version of os he is using.
maybe we can track this down.
so, its not just on amd64,
On 6/28/11 2:49 PM, Török Edwin wrote:
SOMETHING changed from 0.97 to 0.97.1 that affects 64bit, and/or amd64.
If you still have one of those hung 0.97.1 (or come across in the future) can
you run
$ gcorepid
This should generate a core file of the hung process that can be investigated
On 6/29/11 2:33 PM, Mark Martinec wrote:
It may be possible to have two instances of clamd running on
separate sockets, and when one fails switch over and restart
amavisd on the other, while leaving the first for experimentation.
I have this.. sorta.
all of my amavisd.conf (2.6.4) have a
On 2011-06-29 22:12, Michael Scheidell wrote:
On 6/29/11 2:33 PM, Mark Martinec wrote:
It may be possible to have two instances of clamd running on
separate sockets, and when one fails switch over and restart
amavisd on the other, while leaving the first for experimentation.
I have this..
On 6/29/11 3:29 PM, Török Edwin wrote:
Interesting. That appears to be some kernel lock.
Can you run:
procstat -k 20021
Best regards,
--Edwin
too late for that.. I put 0.97.1_1 (0.97.1 portrevsion 1. without wdt
patch) on it.
getting the rest of it for you now.
--
Michael Scheidell, CTO
On 6/29/11 3:29 PM, Török Edwin wrote:
(gdb) backtrace full
(gdb) backtrace full
#0 0x0008018baf4a in __error () from /lib/libthr.so.3
No symbol table info available.
#1 0x0008018bac3b in __error () from /lib/libthr.so.3
No symbol table info available.
#2 0x0008018b66c5 in
26 matches
Mail list logo
