On 2/17/2015 12:11 AM, Manoj Ramakrishnan wrote:
> Hi Al,
>
> Thanks for replying.
> It is exactly what I thought. But why is it different from ZIP file?
> I added extra characters in the beginning of the ZIP file but no issues in
> scanning that and finding eicar signature.
zip and gzip are very
On 2/21/2015 6:42 PM, Daniel Spies wrote:
> Hello,
>
> what is the correct way to prevent clamav-milter (0.98.5 in Debian
> Wheezy) from scanning and tagging _outgoing_ e-mail? I assumed it
> was the LocalNet option; however, I did not manage to get it to
> work. Here is the man entry:
>
> LocalN
's a local policy decision)
# master.cf
...
submission smtpd
... other stuff
smtpd_milters=
ie. set smtpd_milters empty for that service.
If you need to do this in clamav-milter, such as if you need to do
this for port 25 as well as submission, you should probably look at
th
r further details, feel free to ask on the
postfix-users list.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On 4/30/2015 10:06 AM, John McGowan wrote:
>> clamdscan scanning is made by clamd, this process use to run with non-root
>> privileges
>
> Knowing that I wanted clamd to be able to scan any part of the file
> system, I did reconfigure clamd to run as root by commenting out the
> config param that
On 5/30/2015 5:48 AM, Janko "Jt" stimac wrote:
> Hey there All! :-)
>
> Also,...I was wondering if there is any other way than "command-line" to
> start Clamav (ie, something other than "clamscan -" to start the ClamAV
> program)?
> I heard about there being a "front-end" for Linux for ClamAV, but
On 6/22/2015 2:50 PM, MarkusGMX wrote:
> Am 20/06/15 um 19:15 schrieb Markus Egg:
>> Hello,
>>
>> how can I use clamscan on multicore CPUs ?
>> I found "clamdscan" with --multiscan but for some reasons
>> --multiscan does not work with "clamscan".
>>
>> Thank you for any pointer.
>>
>> ME
>
> Bump
On 7/22/2015 7:23 AM, JD Ackle wrote:
> Hello,
>
> Currently, ClamAV run from Linux reports Docx.Exploit.CVE_2015_1770 in my
> Windows 8.1 install, in files:
> - pageFile.sys
> - Windows/System32/config/SOFTWARE (a piece of the Windows registry)
>
> If I understand it correctly, pageFile.sys wor
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Tracking cookies are exactly what they sound like, and are not an
indicator of malware. You can remove them for priv
On 2/17/2016 10:40 AM, Joel Esler (jesler) wrote:
> Okay, so this is a long email, let me respond inline:
>
>
> --
> Joel Esler
> Manager, Talos Group
>
Unfortunately, due to lack of quoting it's impossible to tell which
parts ar
o add. Open a bug/feature request.
-- Noel Jones
On 2/18/2016 11:21 AM, Michael Grant wrote:
> I don't want to deliver the message, I want to quarantine it (like put it
> in a directory somewhere), and then refuse it at the milter/smtp level.
> There is not a violation of the pro
You may have more luck with the POSIX character class [[:space:]]
rather than shorthand \s.
-- Noel Jones
On 2/18/2016 5:22 PM, Dennis Peterson wrote:
> ^New\ Doc.* (<- that is from the below example but is actually a
> poorly constructed regex because it will search to end of
>
nteen it for later
> inspection so here, I use a procmail recipe to run it thru clamscand,
Right, it's not possible to reject & quarantine with procmail since
the message has already been received and it's too late to reject
it. Reject & quarantine can on
t are not allowed in email. Unfortunately,
*many* legit .pdf files contain javascript.
This is more of a local policy decision than a tech decision.
-- Noel Jones
On 3/31/2016 9:25 AM, polloxx wrote:
> That's known to me Steve.
> I'm afraid malware will not be detected in that
On 8/25/2016 1:39 PM, Alex wrote:
> Hi,
>
>>> When this option is set to Yes, the
>>> emails are tagged, but even emails with macro virus attachments are
>>> forwarded on, not blocked
>>
>> problem is that you don't understand your mailsystem, clamd itself only
>> hives back with signatures are hi
Sounds as if the quarantined copy was somehow corrupted. Maybe
check with the ClamTk folks.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
ironment variables. Feel free
to open a bug report/feature request and make your case.
-- Noel Jones
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive C
Looks as if somebody does...
# sigtool -l | grep -i '^Andr' | wc -l
204132
I doubt running clam on an android device would be useful due to the
resources required. Maybe a fun time-waster though, just to see
what happens. There's several free and apparently competent
antivirus programs bette
signatures for this, but I recommend them.
-- Noel Jones
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.co
effective, slower to respond to new threats, and now considering a
decision to reduce their user base. This makes me sad.
My systems all meet the proposed requirements, so this doesn't
affect me directly. But I feel this reflects a deeper problem
within the project -- a lack of consideration
emember what you did to get this daily scan, start
with looking at your crontab to see what runs daily.
After you find your offending script, fix the script so it creates a
new file every day rather than appending to a file.
The fix is probably as easy as changing a '>>' to a si
f the post didn't go through.
-- Noel Jones
On 6/15/2017 12:36 PM, Orrick, Diana wrote:
> Appreciate the prompt response Joel.
>
> I did not get a list copy of my own reply (below, sent at 1:12 pm)
>
>
> On 6/15/2017 1:32 PM, Joel Esler (jesler) wrote:
>> I got you
The clamav project doesn't publish malware analysis.
Upload the offending file to VirusTotal and see what other scanners
say. They will probably show a different name you can try looking
up, or of nothing else hits on it maybe it's a false positive.
-- Noel Jones
On 3/29/202
d system.
Use freshclam from a supported version of clamav to get database
updates.
The "virus database" section on https://www.clamav.net/downloads has
details for how to get a copy for a machine with no or limited
internet access.
For more info, see the discussion in
on.
For the command line, use move or delete. Or better, just get the
report and then decide what to do.
Never use move or delete when scanning system files since a false
positive could be disastrous.
-- Noel Jones
___
clamav-users maili
your help, support, and kind words all these years. I
wish you all the best in your new position.
-- Noel Jones
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a
shclam log for errors.
-- Noel Jones
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.cl
s hung waiting on broken disk io
Clamav, nor anything, can be expected to work normally and reliably if there
are underlying system problems.
— Noel Jones
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.n
clamav is working and able to detect test viruses, any
failure scanning email is in your email scanning method or software
and not clamav.
-- Noel Jones
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.n
ange the "clamd"
daemon configuration and does it replace or just amend file "/etc/clam-
av/clamav.conf"?
I believe it changes it just for that instance of clamdscan, and
does not affect the clamd daemon or other clamdscan runs.
-- Noel Jones
__
incoming email. The handful of hits over the last several
months appeared to be spam. YMMV and all that.
I disabled it earlier this morning ("Safebrowsing no" in
freshclam.conf) because the updates appeared to be hanging
freshclam.
-- Noel Jones
nverted to a .cld when a
*.cdiff incremental update is applied by freshclam.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
does not require changes to your amavisd-new
configuration.
http://www.postfix.org/MILTER_README.html
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
s in clamd.conf
(PhishingScanURLs no), or whitelist the domain that's being
detected as phish.
http://www.clamav.net/doc/latest/phishsigs_howto.pdf
At any rate, you should submit the offending mail as a false
positive. http://www.clamav.net/sendviru
ing to too many help
desk complaints.
The documentation is here:
http://www.clamav.net/doc/latest/phishsigs_howto.pdf
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
with winnow.complex.patterns.ldb.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Try opening a terminal window and pasting (all one line):
wget
'http://downloads.sourceforge.net/project/clamav/clamav/0.95.3/clamav-0.95.3.tar.gz?use_mirror=softlayer'
are you running out of space on your filesystem or wherever
tmp files are stored on your system?
--
ring software you're using.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
g, the milter works well and
is easy to set up.
If you want more features, such as SpamAssassin integration,
DKIM signing/verifying, etc., amavisd-new is robust, flexible
and well supported.
-- Noel Jones
___
Help us build a comprehensive
c1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 7.176 sec (0 m 7 s)
What am I missing?
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clama
On 3/11/2010 11:49 AM, Török Edwin wrote:
On 03/11/2010 07:42 PM, Noel Jones wrote:
I installed clam 0.96rc1 on a FreeBSD 5.3 test server. "make" seemed to
run normally.
When I scan any file with clamscan, I get:
# clamscan /etc/motd
LibClamAV Warning: JIT not compiled in
/et
side effect of this is that the mail will be virus scanned
twice; once for the whole message, and again each decoded
part. On my machine clam is fast enough that this doesn't
make a significant difference in processing time.
-- Noel Jones
__
quest
for a "don't scan decoded parts" feature ...
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On 5/4/2010 10:32 PM, eric wrote:
I send email attached .xls file which infected X97M.Escape, but clamd didn`t
find it.
My server : postfix+MailScanner+clamd
Eric
Please submit missed samples here.
http://www.clamav.net/lang/en/sendvirus/
___
H
On 7/6/2010 12:35 PM, Russ Tyndall wrote:
On Jul 6, 2010, at 12:35 PM, Nathan Gibbs wrote:
Usually all that I see are log entries like this
Jul 6 05:11:32 host clamd[30362]: /path/to/infected/file/infectedfile:
VirusName FOUND
or this
Jul 6 05:12:26 host clamd[30362]: stream: VirusName FO
amd.conf -ls
Make sure you restart clamd after editing clamd.conf.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
urity lists since shortly after
they became publicly available.
I've found them to be safe and very effective.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
7;t mean it's a
good idea. The main problem I see is that it gives a false
sense of security because there are too many ways to
intentionally or accidentally bypass it. This isn't something
to bet the farm on working 100%, because it can't.
-- Noel Jones
___
s the user.
Steve
Options in your clamd.conf file affect how clamdscan works.
You need to test with clamdscan, and then adjust clamd.conf
options if you don't like what it's doing.
-- Noel Jones
___
Help us build a comprehensive Clam
atrol. Apparently,
originally the signature matched the string "updat", which
understandably caused quite a number of false positives.
Later, the signature was replaced with it's current value.
Don't spend too much time trying to debug it now, because the
signature has ch
contents
PUA.PDF.OpenActionObject
and the restart clamd.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
onsistently
unavailable should be removed from the pool until it can be reliably
accessed.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
d port 80 no longer shows "closed"
from here.
Thanks!
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOcKGiAAoJEJGRUHb5Oh6gLoMH/RnRPHpNfxpm
istently dead mirrors.
While it would be a mistake to ignore a host after a low number of
transient connection errors, we're shooting ourselves in the foot
to never consider connection errors.
-- Noel Jones
-BEGIN PGP SIGNATURE-
V
m SA; any detection results in a reject.)
In amavisd-new, the score added (or whether to just go straight to
quarantine) is controlled in the amavisd.conf file. See the
amavisd-users list or docs for details.
There are likely other filters or milters that do similar things.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
command
would be
# amavisd-release virus-deDamcLb32uD
If you have further questions about amavisd-new, consult the
amavisd-new documentation, or ask on the amavis users mail list.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit htt
On 8/8/2012 9:02 AM, Len Conrad wrote:
> -- Original Message --
> From: Rick Macdougall
> Reply-To: ClamAV users ML
> Date: Wed, 08 Aug 2012 09:20:18 -0400
>
>> On 08/08/2012 9:17 AM, Len Conrad wrote:
>>> postfix + clamsmtpd + clam
>>>
>>> Received a bad
a last-ditch effort, if you put a couple of quarantine files in a
pastebin, *maybe* someone here (or clamsmtp, or postfix-users, since
this is getting OT for this list) can give a hand.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
> Tom
This makes getting source code unnecessarily complicated; lots of
folks do not use a browser on their production server. Please
remove the offending web code immediately.
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozi
On 10/1/2012 11:18 AM, Shawn Webb wrote:
> On Mon, Oct 1, 2012 at 10:33 AM, Noel Jones wrote:
>> This makes getting source code unnecessarily complicated; lots of
>> folks do not use a browser on their production server. Please
>> remove the offending web code immediate
able files have a few
bytes near the beginning of the file that identify it as executable
to the OS. Look at the "file" utility included with linux and the
"magic" database that "file" uses for what to use for a clamav
signature.
Have fun!
-- Noel Jones
_
This has been long fixed, and the background
daemon is the recommended method now, as it somewhat randomizes the
checking time to spread load on the download servers. But you don't
lose anything by running it under cron.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
daemonized, the default
behavior is to check DNS for the current version to decide if a
download is needed.
-- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Two choices:
- wait. It will eventually sort itself out.
- remove mirrors.dat and run freshclam manually. Might have to do
this more than once.
-- Noel Jones
On 2/14/2013 12:59 PM, Ryan Goode wrote:
> Is that the only solution? We have to hit a ton of servers as none of our
> s
AV debug: Ignoring signature Trojan.SubSeven.14 (Clam)
> LibClamAV debug: Ignoring signature VBS.CrazyWorm.C
...
These are signatures intentionally turned off due to false
positives. In most cases they are replaced with "better" signatures.
All is well.
-- Noel Jones
___
On 9/19/2013 2:04 PM, Joel Esler wrote:
> http://blog.clamav.net/2013/09/clamav-098-has-been-released.html
>
> ClamAV 0.98 has been released!
>
Upgraded successfully. Thanks for your hard work on this new release.
# freshclam -v
...
Software version from DNS: 0.97.8
WARNING: Your ClamAV install
pparently webmin wants the path to the daily.info directory,
probably something like /var/db/clamav/daily.info
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
or wherever you
>have put it, is the likely issue.
>
>--
>Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
I don't have clamd.socket
That was an example. To find the path to the socket you are using, try
# grep LocalSocket clamd.conf
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
ist and
the amavisd-new web site.
and please submit the false positive to sanesecurity for correction.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
d a couple times on several servers last
night because of the update problems. Everything was running
smoothly when I arrived this morning.
Yes, clamd and the whole clamav structure should be more resistant to
failure. Your choices are to either work with it as is, or wait
unti
more complicated
than a simple freshclam failure. Hopefully the developers will be
able to solve this.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
ecurity.sh appears to use "clamscan -d" to
test for a valid database before installing them in the live
directory. Didn't check the others...
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
gz && \
gunzip -f phish.ndb.gz && \
clamscan -d phish.ndb phish.ndb && \
cp phish.ndb /var/lib/clamav/ && \
chown vscan:vscan /var/lib/clamav/phish.ndb
wget -nd -m http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz && \
gunzip -f scam.ndb.gz && \
clamscan -d
;
>So, good idea/bad idea?
Tested, seems to work. I think this is a great idea. One less thing
for end-users to maintain, the download scripts don't have to be
updated every time mirrors change.
--
Noel Jones
___
Help us build a comprehens
At 01:24 AM 5/21/2007, Alexandros Fragkiadakis wrote:
> >
>I have the same problem with clamav. How can i switch from clamscan to
>clamdscan? I'm using postfix.
How are you calling clamscan from postfix?
--
Noel Jones
__
ion
>--recursive (-r)
>May 21 19:38:27 hermes MailScanner[26275]: WARNING: Ignoring option --unrar
>
>
>
>Should i worry about it?
You should find where MailScanner is setting those options and remove them.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
current daily.wdb from daily.inc:
# rm /var/db/clamav/daily.inc/daily.wdb
# clamscan /tmp/tmp/email.txt
/tmp/tmp/email.txt: OK
clamd is also hung and unkillable.
Anyone else having this problem?
--
Noel Jones
___
Help us build a comprehensive ClamAV
At 09:56 PM 6/1/2007, Christopher X. Candreva wrote:
>On Fri, 1 Jun 2007, Noel Jones wrote:
>
> > I seem to be having trouble with clamscan 0.91rc1 choking with the current
> > daily.wmd file. It was working fine until the most recent db update.
>
>I don't have this
At 10:20 PM 6/1/2007, Christopher X. Candreva wrote:
>On Fri, 1 Jun 2007, Noel Jones wrote:
>
> > fatfinger error on the name, I am referring to daily.wdb as the
> > pasted session shows.
>
>Ah, sorry. Bleary-eyed error not catching it in the sesion. :-)
>
> >
At 10:48 PM 6/1/2007, jef moskot wrote:
>On Fri, 1 Jun 2007, Noel Jones wrote:
> > Ok, I've narrowed it down to the following TWO lines in daily.wdb:
> > X:http.//www\.ebay\.co\.uk.+:.+emailpics.\.ebay\.com:14-
> > X:http.//info.citibank.com.+:https.//offer.citibank.com:
At 11:39 PM 6/1/2007, Dennis Peterson wrote:
>Noel Jones wrote:
> >
>I'm running Solaris 10 x86 here and cannot duplicate your error. I moved
>the daily.wdb file to /tmp and clamd died. I restarted it with svcadm
>and it started and ran file. I then rsync'd daily.wdb fr
2. Please ask for any additional
required information.
It might be helpful if others who reported problems in this thread
report what OS they are using so the developers can tell if this is
isolated to FreeBSD.
--
Noel Jones
___
Help us
At 04:44 PM 6/4/2007, Tomasz Kojm wrote:
>On Sat, 2 Jun 2007 13:02:54 +0200
>Tomasz Kojm <[EMAIL PROTECTED]> wrote:
>
> > On Sat, 02 Jun 2007 00:22:48 -0500
> > Noel Jones <[EMAIL PROTECTED]> wrote:
> >
> > > I recompiled clamav without --enable-ex
>
>dp
main.inc is created only when a scripted update is applied. Since
main.cvd doesn't change often, you'll have a main.cvd until the next
update to that database is released.
main.inc is deleted if it's corrupted or if there is an update but
the scripted update file is
ymore, therefore the OnUpdateExecute command doesn't work.
>
>Now, how can I get the information of the daily DB?
You can use:
echo "clamav database updated" | mail -s "Clamav Update OK"
[EMAIL PROTECTED]
or for mor
e thing for your OnUpdateExecute
script to do is simply report that an update occurred.
If you want information on the database version loaded, pipe the
output of "tail /path/to/freshclam.log" or "clamscan --version" to mail.
--
Noel Jones
_
r" option, b) compile clamav using
the --with-user= option so it matches amavisd-new by default, c) using
"AllowSupplementaryGroups yes" in clamd.conf and adding the clamd user
to the group amavisd runs as.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
se pdf spams, and does not depend on clamav PDF support.
http://sanesecurity.co.uk/clamav/usage.htm
the pdf sigs are in the "scam" database
I'm a huge fan of the SaneSecurity signatures and highly recommend
them to anyone who wants to expand clamav's anti-phish & anti-scam
ca
n to
write to the database directory. Maybe your freshclam.conf specifies
a different DatabaseDirectory than the compiled-in default of clamscan.
# clamconf
and
# clamscan --debug
might show something interesting, or at least will show where clam is
looking for the databases.
--
Use the wget -N option.
Also, it looks as if you are removing your tmp files every time the
script runs. This causes rsync to download the whole file rather
than checking for changes, and makes it impossible for wget -N to work.
Your script still needs some work.
--
Noel Jones
permission to
> > write to the database directory. Maybe your freshclam.conf specifies
> > a different DatabaseDirectory than the compiled-in default of clamscan.
> > # clamconf
> > and
> > # clamscan --debug
> > might show something interesting, or at least
dates every hour is wasteful, every 4 hours is more reasonable.
Here's a perl "one-liner" you might want to integrate in your script
- it signals clamd to reload the database. Only run this if one of
the databases has changed.
# perl -MIO::Socket::UNIX -we 'my $s = IO::Socket::
y.cvd before they were upgraded. A .inc directory should be
created automatically next time a scripted update is applied. Any
attempt to "force" creation of a .inc directory is unlikely to be successful.
--
Noel Jones
___
Help us buil
r a *.inc as long as freshclam reports
you are current. Do be concerned if freshclam is consistently unable
to get future scripted updates.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
GB ram, SCSI disks. Clamav version 0.90.2 .
> Thanks,
> Bye,
> Marcello
please repeat the test with the current release clamav 0.91.1.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
n
the sense that there really is a spoofed domain in the email.
and yes, you found the right clamd.conf knob to disable this if you
want to go that route.
# turn off heuristic phishing detection
PhishingScanURLs no
--
Noel Jones
___
Help
ovement over previous
versions. Of course, the wise admin would try it on a test server
first regardless of glowing endorsements found on a public list ...
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.ne
th clamscan and/or clamdscan does
it work as expected?
Unfortunately, clamd doesn't seem to log (all) options on startup, so
the log isn't terribly useful this time.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
p phishing /path/to/clamd.log
Mon Aug 27 15:01:48 2007 -> Disabling URL based phishing detection.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
ut ours. Sorry for the noise.
Glad you were able to find the problem.
--
Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
1 - 100 of 252 matches
Mail list logo