Slight modification to the last one. The new .ndb file allows the
signature offset to be defined, so instead of * in the third field you
should put 0 to anchor the JPEG magic number to the start of the file.
The 5 means it is definitely a graphics file before it is checked against
the signature
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
Just use http://www.virustotal.com/ - excellent resource for scanning
suspicious files with multiple engines at once. As mentioned in the
Thanks all for the checking... as a extra site to bookmark, this site is
good too:
http://virusscan.jotti.dhs.org/ ( Jotti's malware scan: samples are added
Thanks Jotti ! Really awesome site ! Good work!
It's a very useful site, along with VirusTotal's site.
Before I go anymore off-topic, just two points to note:
a) Jotii isn't running the very lastest CVS version, he will only
run the lastest STABLE version, so it won't cope too well with the
Hi All,
Just came across this:
http://www.securiteam.com/securitynews/6E00G2ABFY.html
Bit hard to say if this would impact ClamAV?
Cheers,
Steve
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
since ClamAV reached v0.80, I am using it to scan and reject e-mail
messages. Today I noticed that ClamAV also detects phishing attacks.
Phishing is pure social engineering and poses no threat whatsoever in a
technical sense.
I'm certainly *very* happy that ClamAV team have added more phishing
Been ages since I posted anything about the sigs... so just a reminder,
they are still being updated:
Phishing and Scam Signatures for:
ClamAV
Windows Installer versions for:
w32 clamav
ClamWin
ClamMail
http://www.sanesecurity.com/clamav/
Cheers,
Steve
I've noticed the above in my hourly syslog snip thoughout the day today.
Its
not appearing each and every time a message is checked. Could someone
advise
me on what the problem may be and what the fix might be?
First of all I need to apologise to everyone using the Sanesecurity
scam.ndb.gz
Ben Lambrey wrote:
We received several samples of Trojan.Conka.A (name by BitDefender)
Trojan.MGK
(name by FRISK) at our viruswall last week.
I've submitted a sample of the captured virus twice to Clamav, but is still
undetected by Clamav. I wonder why?
Hi Ben,
While you wait for
Christopher X. Candreva wrote:
In my experience, it means a database maintainer who made a simple mistake
in one line.
I don't think this'll really add anything useful to the discussion
but I've seen that happen in one of the mrsbl
databases.. but there are some small things the
Hi All,
95% of all SaneSecurity signature users are finally using the gzipped
compressed phish.ndb.gz database...
so I've now removed all the signatures from the old uncompressed
phish.ndb file and just left one test signature,
so it doesn't break anyone's system phew
FinallyAs the year
[EMAIL PROTECTED] wrote:
I am not available at the moment
flameproof-suit mode on ducks for cover etc. ;)
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Jay Lee wrote:
one more. Again, sorry.
It's not me you have to worry about... it's the others ;)
Good reminder to everyone though :)
Cheers,
Steve
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
carren stuart wrote:
Is there some reason why my posts aren't even being acknowledged? I
can't believe that nobody knows the answer to my question. This IS the
users list and I'm a user, so could somebody PLEASE help me with this.
Hi,
Sorry I can't really help you... but I did find
Salvatore wrote:
FixStaleSocket
How about:
**FixStaleSocket yes
FixStaleSocket no
In other words, the format for .conf files changed in 0.90... you need yes/no
after the option.
Example:
Sean Pinegar wrote:
I trusted clamav for a long time but ran across an interesting problem today.
I received an e-mail from a friend that included a powerpoint. I opened the
powerpoint in linux and wine flagged it as a virus (not sure how wine knew
there was a virus...can anyone enlighten
Hi,
Just a heads up for those using the msrbl sigs.
As of last week:
Downloading of the signature files is currently only available via rsync:
rsync rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb /path/MSRBL-SPAM.ndb
rsync rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb
Dennis Peterson wrote:
My guess is the MSRBL folks would like it if you downloaded the new
files only if the file has been modified.
I think you're right... the size of their images .ndb file
(un-compressed) jumped to about 7.5 meg in size and I guess shifting
that amount of data for x
Thomas Bernthaler wrote:
[EMAIL PROTECTED] root]# /usr/bin/clamdscan --quiet /usr/bin/php
ERROR: Parse error at line 34: Option LogTime requires boolean argument.
Please see: http://wiki.clamav.net/Main/UpgradeNotes090
eg:
clamd.conf:
change option: 'LogTime' to 'LogTime yes' ( was just
Luis Miguel R. wrote:
Hi all, Is ClamAV detecting ANI xploits?
Hi,
Yes from what I can remember, it'll be these sigs:
Trojan.Downloader-4467
Exploit.CVE_2007_0038-1
Exploit.CVE_2007_0038-2
Exploit.CVE_2007_0038-3
Cheers,
Steve
___
Help us
Bill Landry wrote:
If it was a SaneSecurity signature that caused the virus match, did
you advise Steve Basford
You beat me to a reply... you must type faster then me :)
Thanks Bill!
Cheers,
Steve
___
Help us build a comprehensive ClamAV guide
Hi Eric,
I tried sending you an off-list email, but:
SMTP error from remote mail server after RCPT TO:eric at
vipstructures.com:
host rodan.vipstructures.com [66.195.71.71]: 554 5.7.1
ns1g.dataflame.net[85.13.252.178]:
Client host rejected: ripe ncc france block?
:(
Sorry list!
Due to me nearly running out of bandwidth last month (17gb out of a 20gb
host package), some urgent changes were needed to the signature hosting,
otherwise I'd start getting charged for the extra bandwidth :(
So, to keep this short, here's a to-do list ;)
*** One: Mirrors ***
Three new mirrors
Christopher X. Candreva wrote:
If the script could be on the file name instead of the directory name it
would be better.
Hmm... would this work for you script?
http://www.sanesecurity.com/clamav/phishsigs/index.php
http://www.sanesecurity.com/clamav/scamsigs/index.php
554 Failure Messagecontains an infected attachment (Email.Phishing.RB-827)
The laptop that is sending the message is not infected with any virus.
RB-827 is a phishing signature for regions bank, I won't post the full url
for the signature but here's a part of it:
/ibsregions/cmserver/
So,
Lyle Giese wrote:
Gary V wrote:
Looks like I can no longer resolve (from a couple different networks):
www.sanesecurity.co.uk
sanesecurity.co.uk is down... I think it's a dns issue... going to give
the hosting people a kick...
The following URLs are the one to make sure you are using:
SM wrote:
At 11:55 08-08-2007, Jonathan Armitage wrote:
It's not a virus, it's these greeting card messages with a link to
download the malware. It's currently being identified as
Email.Phishing.RB-1222.
And this is when it was added to the database:
Gerard wrote:
I am not sure if Steve has had the time to
upload it to his servers yet. He is quite busy.
Just uploaded the updated script to both domains :)
Cheers,
Steve
___
Help us build a comprehensive ClamAV guide: visit
Andy Fiddaman wrote:
It's not just core Clam signatures either, SaneSecurity recently changed
the capitalisation on some of their sigs which caused me a few issues (I'm
checking case-insensitively now!
Sorry about that... bit of finger trouble on a output script... normal
service should now
Hi All,
Just a couple of updates, people who were having problems with ClamAV
restarts today and use SaneSecurity
signatures (or other Third-Party sigs for that matter) should have a
quick peek here:
http://sanesecurity.blogspot.com/2007/09/sanesecurity-news-corrupt-signatures.html
Sorry for
umarzuki mochlis wrote:
I believe g2p3s.exe, t.exe and autorun.inf are some sort of trojan or
something but calm doesn't seem to detect it.
Hi,
Might be worth submitting the files to the following sites and see what
other AV scanners think of it :
http://www.virustotal.com/
The implication of the above is that clamav 0.93 would now
no longer detect many once prevalent viruses for which it
only has hexdump signatures.
The whitespace change will cause slightly lower detection rates on some
Third Party sigs too (depending on the sig type)... unless the old sigs
are
Sorry to hijack the list...just a few quick updates:
1. Signature Tests
I've introduced a few Sanesecurity Signature tests, to help you make
sure you are getting the best out of the signatures available. Make sure
you pass all three tests (scroll down page) here:
I ran the 3 tests and I can detect tests 2 3, but not test #1, even if
I place the raw text of the e-mail into a file and scan it directly with
clamdscan. Thoughts?
Same results here.
clamdscan being called via simscan.
Ooops...Make sure the email you create for test #1 is a HTML
Hi All,
Just a few items of news
The new Rogue signature database contains hashes of known Rogue
Anti-Virus software and also contains known Fake Videos/Codecs.
Most of these files are currently being distributed via the current wave
of fake CNN/Msnbc/BBC news and fake video emails (54
On Mon, 18 Aug 2008 04:45:58 -0500
libclamav is right, the entry at the line 53 in rogue.hdb is incorrect
(double colon
before the virus name)
Fixed... Thanks Tomasz...
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Could anyone knowledgeable comment?
I've knocked something quickly together, it won't be 100% accurate and is
very vague, but it might give you a few pointers:
Vague Outline
-
PUA is a potentially unwanted application
Sub-Type: RAT is Remote Access Trojans
Description: tools used
A lot of files are found with Trojan.FakeAlert-566. I scanned this files
with virscan.org with different engines and just only clamav is reporting
a
trojan.
Upload your file here and Select the False Positive option:
http://cgi.clamav.net/sendvirus.cgi
I report one such FP yesterday
I have opened a bug #1188
I've added Bug 1190
I've got the same problem, using a windows port too
--- SCAN SUMMARY ---
Known viruses: 448486
Engine version: 0.94
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 16.54 MB
Time: 21.500 sec (0 m 21 s)
Dennis Peterson wrote:
I have nothing but problems with (67.15.61.160).
Not sure if this is an still up-to-date list checker... but some of the
mirrors do look a little ropey:
http://www.clamav.net/mirrors.html
Cheers,
Steve
Sanesecurity
Hi All,
There are a few changes to the Sanesecurity signature names and database
names (including updated downlaod scripts).
Please read the following, as it contains all the information on the new
changes:
http://www.sanesecurity.co.uk/clamav/changes.pdf
Cheers,
Steve
Sanesecurity
My question is what am I doing wrong or what do I need to do in order
for Clamav to recognize that a archived attachment contains a banned
file extension and to reject it immediately?
If you really want to block dangerous runnable attachments, create
a .zmd file (and you'll need a .rmd file)
For details of the new features please refer to the Changelog. For an
overview please refer to http://www.clamav.net/press/0.94.1-WhatsNew.pdf.
Nigel, does the stats sent... only send information regarding ClamAV
default signatures (when detected)... or does this also include detections
by
There's a special option in freshclam (--submit-stats, currently
deactivated)
Hi Tomasz, from how I'd use it here, it'd certainly be a good idea to
enable this option.
As a side note, for users of the windows port... they'd normally run
freshclam damonised... and then could run the special
Hi,
We've got a user whose files are being detected as
Worm.Mydoom.M.log. These ones all happen to be PDF files saved
from Word 2007.
I know this doesn't help... but...looks like that name is a special hard
coded name:
special.c:
int cli_check_mydoom_log(int desc, const char **virname)
Hmm... I can't get it to work either :\
Well, doesn't work on Sanesecurity sigs now either:
created a fake sample email and did a quick test
local.ign:
phish.ndb:9492:Sanesecurity.Phishing.Bank.9492
c:\tmp\test2.eml: Sanesecurity.Phishing.Bank.9492.UNOFFICIAL FOUND
grep
On Thu, 30 Oct 2008 14:40:47 - (GMT)
The local whitelisting feature is currently not functional, the problem
will be
fixed in 0.94.1 which is scheduled for November 3rd.
Thanks for the confirmation Tomasz.
___
Help us build a comprehensive
Nigel Horne wrote:
Notifications of ClamAV signature updates are now available via our
Twitter feed at http://twitter.com/clamav.
Just to add Sanesecurity updates are also available on Twitter, showing
all updates to the signatures, since July: http://twitter.com/sanesecurity
Hi All,
My webhost disabled sanesecurity.com due to high cpu usage, they could
only give me the following infomation which doesn't mean a lot to me,
but does this sound high?
Swap: 4096564k total, 408264k used, 3688300k free, 801468k cached
PID USER PR NI VIRT RES SHR S %CPU
14/12/08
Sanesecurity signatures are no longer being updated or distributed due
to extremely high server resource usage, which appears to be from a
distributed denial of service attack (DDoS). I've moved server hosts
twice (which takes time) and both times have resulted in the site being
On Mon, 26 Jan 2009, Tom Shaw wrote:
Local.zoosextour:4:*:0a0a687474703a2f2f{-50}2f7a6f6f736578746f75720a0a
Just to add something that confused me for a while... lf *or* cr/lf ;)
if you use 0a0a, it'll only work on non-windows system
if you use 0d0a0d0a, it'll only work on windows system
Hi All,
Just realised that I hadn't posted an update about the signatures in
this list, so thought I better had:
http://sanesecurity.blogspot.com/2009/01/200109-news.html
So, in short the signatures are now back.. but in a new download format.
Cheers,
Steve
Sanesecurity
Alex Davidson wrote:
send myself EICAR test
virus strings but firstly only 3 of the 7 tests hit my mail server,
and secondly ClamAV doesn't detect anything, yet the next-level AV
detects it just fine.
I tried to send the 7 tests to my main address... only 3 arrived
(the clean one - and 2 of
Hello, Anyone knows when sanesecurity phishing databases will be online?
They are online... but the old scripts wil not work
See: http://sanesecurity.co.uk/news.htm
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
Having used clamd for several years without it ever crashing, I am now
faced with it crashing quite often. This follows me setting up the new
sanesecurity system!
I used the old system, before that was stopped, without any problems (I am
using 0.94.2).
Hi Phil,
Firstly, sorry for the
Dennis Peterson wrote:
Sparc Solaris 9, 500Mhz
Known viruses: 563036
Engine version: 0.95rc1
LibClamAV Warning: *** Please update it as soon as possible.***
Known viruses: 208929
Engine version: 0.95rc1
Hi Dennis, 208929 vs 563036 sigs? would that be the speed difference?
Dennis Peterson wrote:
I understand that, but look at the title of this thread and the
misunderstanding
it implies (and spreads!). Help spread the word that it may have nothing to
do
with third-party sigs, and certainly not Sane Security in particular as the
title suggests.
When I
On 2009-03-05 00:09, Bill Landry wrote:
clamscan only uses the hardcoded database directory by default, it
doesn't look at your clamd.conf settings.
Hi Edwin,
Just a quick question.. if you use this command it loads *just* the clamav
databases fine...
clamscan c:\tmp\test.eml
Here is information on my crash of today:
Thanks Chris.
Out of interest I wonder if it's worth someone who gets crashes.. could
have a go at setting up http://www.virtualbox.org/ with a minimal linux
system that crashes... then the ClamAV team could then download the image
(maybe 2 gig) and
No, it just has all sorts of characters in the virus name, like ][.
Chris/All...
If you want to manually fix, try replaing ][Date: with -
see if that passes the 0.95RC1 tests
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV
The safebrowsing.cvd will be distributed under Google's terms and
license. Therefore, before enabling SafeBrowsing in freshclam.conf
one should check that he's OK with that license. We'll provide all
necessary information and links to make it easy to find out.
Hi,
Just a quick question:
Any particular reason why they are using 0.94.1 (and it appears with
the most non aggressive settings)? You are not showing off your best
side...
Hi Tom,
They use windows based version of software, as far as I can remember.
Having said that... 0.94.2 is available for windows:
Is there a test string I can use to see if the SafeBrowsing code is
working properly? I've just set up 0.95RC2 with SafeBrowsing enabled.
I've sent an EICAR and detected that, and scanned
the /usr/share/doc/clamav-0.95/test/ directory to find ClamAV-Test-File,
but I would like to see a
Has anyone else ever experienced such a DNS spoofing attack against
database.clamav.net?
Hi,
I know this doesn't really help... but there is certainly malware out
there that will try to block access to Clamav.net
Hi All,
I've been having a few instances of the above getting flagged as a
virus. Worryingly it is also flagging some of the automatic virus
detected emails that mailscanner sends out. Does anyone know why it is
kicking in?
That signature matches Xiagra and x pills in the Subject
(replace
Remote host said: 550 ClamAV detected
Sanesecurity.Phishing.Bank.3259.UNOFFICIAL
Can someone give me some information on this or ask more questions so that
I can help. I've searched online but can't seem to find anything?
Hi Mike,
Could you email the sample to: ste...@webtribe.net
I've
li...@grounded.net wrote:
In this particular case though I think the signature is too weak and
non-specific, prone to greater failure in a developer's environment than
at the local community center, but still weak. It needs a larger context.
Agreed... hence it's been dropped.
Cheers,
Steve
Glad to hear I didn't find something new. Now, on the other hand, how do I
get my output to the users of the mailing list I was trying to reply to?
Once of these should do the trick...
http://pastebin.ca/
http://jqd.org/pastebin
http://papernapkin.org/pastebin/home
... or http://www.rot13.com
Greetings!
Received the following e-mail that looks like a phishing attempt,
with an attached zipped .exe file ...
Hi Charles,
It's been out since yesterday lunchtime... bit more info here:
http://www.calendarofupdates.com/updates/index.php?showtopic=19142
Blocked yesterday as:
I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot
recognizes them as Win32/Bredolab!Generic but ClamAV does not.
Hi,
Just in case this helps block them... I've been detecting these for a
while if its the same sort of fake invoices I've been receiving here,
using the
Yeah, we already know that. Can you please cutpaste the full message
returned by the form? Thanks,
Hi Luca,
I've *just* uploaded 4 copies of the dhl invoice malware that have been
missed by up-to-date official sigs.
These were blocked using Sanesecurity.Malware.12505.UNOFFICIAL.
Hope it
ClamAV does not pick up the GTUBE test pattern.
GTUBE - the Generic Test for Unsolicited Bulk Email.
Hi James,
I've added support (should be ready in the next hour on the mirrors)
ie: Sanesecurity.TestSig.GTUBE.UNOFFICIAL FOUND
Cheers,
Steve
Sanesecurity
# echo word1 | sigtool --hex-dump
776f7264310a
# echo word2 | sigtool --hex-dump
776f7264320a
echo word3 | sigtool --hex-dump
776f7264330a
Then I have put it into my test.ndb file:
MyVirus:0:*:776f7264310a*776f7264330a*776f7264330a
Hi,
remove the 0a character(s) as echo introduces
remove the 0a character(s) as echo introduces them into sigtool.
Sorry, forgot to add... this might be quicker in future...
printf word0 | sigtool --hex-dump
printf word1 | sigtool --hex-dump
printf word2 | sigtool --hex-dump
Cheers,
Steve
Sanesecurity
Steve you are a genius :) Thanks a stack its working 100% now
No problem Patric, glad it worked.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Original Message
Subject:Advance Warning: End of Life Announcement: ClamAV 0.94.x
Date: Wed, 07 Oct 2009 20:47:57 +0100
From: Steve Basford steveb_cla...@sanesecurity.com
To: sanesecur...@freelists.org, sanesecurity_annou...@freelists.org
Hi All,
While
Tomasz Kojm wrote:
Steve,
0.95.3 will be a bugfix-only release and won't include any new features
Thanks Tomasz
... so will boundary support (B) /.ign2 format be introduced later next
year?
Cheers,
Steve
Sanesecurity
___
Help us build
I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case - exactly what is the url to
download from - or to
Steve,
The samples I have of that one are being detected by ClamAV standard
sigs as Trojan.Peed-477. Wonder why you and some others didn't detect
it with standard sigs? Could this be a problem? Do you have samples
that were undetectable?
Not sure Tom... here's a quick test...
Official
Undetected Outlook Express malware:
h t t p :/ / www.iki.fi/jarif/malware/install.zip
That's one of 'em:
Sanesecurity.Rogue.736.UNOFFICIAL
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
The script I use has a bit more finesse than this simple overview. I use a
randomizer to prevent this process from running at the same minute past
the hour
Note there's a *tiny* chance if the script runs at 10.07 and then 11.03,
you'll get temp block for an hour from some of the mirrors,
Hope I haven't missed this one being discussed... but ...
Has anyone turned this into a regularly updated set of ClamAV signatures?
Hi,
Firstly, spear.ndb generated from the APER feed and has been for a while now:
http://sanesecurity.co.uk/databases.htm
Secondly, I've two more databases
Check out Julian Field's ScamNailer:
http://www.scamnailer.info/
18/10/2009 - New scamnailer.ndb ClamAV signature database is now
available from http://www.mailscanner.eu/scamnailer.ndb. This is updated
very frequently. Do not download it more than once per hour!
Ok, that's the database
Hi All,
Some users (mainly x86_64 so far) noticed database errors (malformed
database) when loading signatures.
As signature integrity is checked before upload to the mirrors and the
download scripts check integrity before use, this issue should not arise.
With help from various people on
Hi All,
I'm pleased to announce two new signatures databases:
New Database 1:
Database name: spearl.ndb
Description: phishing_links is a list of generic forms used for e-mail
account phishing
Provider: APER
Risk of FP's: low
Website: http://code DOT google DOT
I am getting some legitimate mail tagged as SPAM. Below is the header
from one such e-mail.
X-Virus-Status: Infected (Sanesecurity.Phishing.Pay.6348.UNOFFICIAL)
Subject: freebsd-stable Digest, Vol 328, Issue 3
Hi,
Just a quick note to add that this wasn't a False Positive as such, a
Tom Shaw wrote:
Link of website goes to SF and there there is the sig but not the gz'd
source.
Hi Tom,
Perhaps it's got something to do with this?:
2009-10-28: Unplanned outage
Wednesday, October 28th, 2009
From 16:34 to 18:11 UTC today, Wednesday October 28, 2009,
SourceForge.net
Hi
same Error on FreeBSD 4.10
This fix was added yesterday, so that might be the issue:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=e889924a70e881e0d74ade2b53b5255b94523161
ie:
unistd.h - standard symbolic constants and types:
(int getpagesize(void); (LEGACY))
Hi everyone,
We are using Sanesecurity signatures in clamd for scanning mails. Recently
we are seeing some load issues on clamd server due to sanesecurity
signatures (load is automatically decreasing when the sanesecurity sigs
are
removed)
Hi Avinash,
I guess as others have already asked,
Last week I offered some help to early diagnose possible problems before
they hit the end users and I was trying to establish some cooperation
with you and the other db providers in order to improve your QA process.
Hi sorry for not replying earlier... I'll email off-list with a few
Freddie Cash wrote:
Yes, I still have this directory. If anyone is interested in it, I
can tar it up and make it available. Can also tar up the working
directory is needed.
Hi,
Yep, I'll take a look and see if I can see anything this end.
Cheers,
Steve
Sanesecurity
Couple of announces for those using Third-Party signatures
Original Message
Hi All,
Due to my dns management provider withdrawing their free dns platform,
I've now moved over to their paid dns platform.
I've now updated all the public rsync.sanesecurity.net and the private
maybe we could just start with a dedicated twitter account
(clamav_infrastructure or something similar) where I could post updates
regarding planned downtimes similar stuff.
I've seen other projects doing the same.
Hi Luca,
I use both identi.ca and Twitter to post updates, with seemingly
Attached document? I did not see an attachment. Can you send a link?
Is this the TargetType you are after...
2.3.4 Extended signature format
The extended signature format allows for specification of additional
information such as a target file type, virus offset or engine version,
making
Tom Shaw wrote:
Is there a def of .fmt format?
Hi Tom,
Ah, see what you wanted now ;)
BTW, don't forget Sanesecurity has had additional types for a while now,
in sanesecurity.ftm and distributed on the mirrors.
Cheers,
Steve
Sanesecurity
___
Any ideas? I have a couple more like this in my DB.
Hi Tom,
Drop me the sample (usual email address) and I'll test things this end.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Hi,
www.clamav.net seems to have been down for short periods of time today,
is there extra load due to the EOL announce on the site?
Example here:
http://host-tracker.com/check_res_ajx/4730986-0/
Cheers,
Steve
Sanesecurity
___
Help us build a
Hi,
Just for interest.. feedback on EOL...
http://search.twitter.com/search?q=clamav
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Does anyone know if there is still a Windows compilation which will run on
Windows Server 2003 SP2? ClamAV (clam-latest-32.exe) refuses to install on
this operating system and ClamWin seems to have mutated into a desktop
product which lacks clamd and clamdscan etc.
Hi Tim,
Have you tried
Does anyone know if there is still a Windows compilation which will run on
Windows Server 2003 SP2? ClamAV (clam-latest-32.exe) refuses to install on
this operating system and ClamWin seems to have mutated into a desktop
product which lacks clamd and clamdscan etc.
Speaking of the
1 - 100 of 521 matches
Mail list logo