Re: [Clamav-users] How to determine if you installed from vendor package or source?

2009-08-10 Thread Tilman Schmidt
/clamscan file /usr/local/bin/clamscan is not owned by any package [...@gimli ~]$ rpm -qf /usr/sbin/sendmail sendmail-8.13.8-2.el5 shows that ClamAV was installed from source on that machine, while Sendmail came from the EL5 package. HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany

Re: [Clamav-users] clamav + proftpd

2009-08-28 Thread Tilman Schmidt
: > mod_clamav/0.11rc: error: Cannot connect to Clamd (2): No such file or > directory Is your proftpd running chrooted? In that case you'll have to put clamd.sock somewhere inside its chroot jail, and strip the chroot path from the "ClamLocalSocket" parameter. HTH T. -- T

Re: [Clamav-users] clamav + proftpd

2009-08-30 Thread Tilman Schmidt
Yavuz Maşlak schrieb: >> Is your proftpd running chrooted? > > Yes I running proftpd as chrooted. when I remove chrooted, proftpd will > run with clamd. Ok, that explains it. >> In that case you'll have >> to put clamd.sock somewhere inside its chroot jail, and >> strip the chroot path from the

Re: [clamav-users] Clarification of report needed

2011-09-02 Thread Tilman Schmidt
haps you should exclude .kde/share/apps/kmail/imap from ClamAV scans. Most mail applications do not take it kindly when virus scanners operate on their innards. HTH Tilman - -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany -BEGIN PGP SIGNATURE- Ver

Re: [clamav-users] Freshclam problems after updating packages

2011-11-20 Thread Tilman Schmidt
A shot in the dark: is your freshclam really running as user "clamav"? Fun story: not so long ago I encountered a CentOS system where automatic update had switched to a ClamAV package from a different repo which had been compiled to run as user "clam" instead of "clamav". Took me a while to spot .

Re: [clamav-users] ClamAV 0.97.4 - 2 notices

2012-03-16 Thread Tilman Schmidt
Am 16.03.2012 13:35, schrieb Andreas Schulze: > 2. > Avira, a german antivirus vendor, may(*) classify the sourcecode tarball as > malicious: > > clamav-0.97.4/test/.split/split.clam-pespin.exeaa <<< PCK/PESpin ; packer ; > File has been compressed with an unusual runtime compression tool > (PC

Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak

2013-02-13 Thread Tilman Schmidt
Evasi0n does nothing to MacOSX. HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak

2013-02-13 Thread Tilman Schmidt
nshot, which can be found in your System >>> Preferences. >> >> where is it ?, apple is imho not worse then android when it comes to >> control off spyware and poision of mobile phones, but how to make cvd >> files would be nice to see in wiki, hopefully this is pos

Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak

2013-02-15 Thread Tilman Schmidt
at it doesn't include me or anyone in my virtual vicinity. :-) IOW, please don't claim you represent the majority without substantiation. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature

Re: [Clamav-users] clange log...

2007-07-18 Thread Tilman Schmidt
Steve Holdoway schrieb: > I'm trying to find the changelog for 0.91.1. Can anyone point me towards it? I had to search a bit too but finally found them the SourceForge download area: http://sourceforge.net/project/shownotes.php?release_id=523634&group_id=86638 HTH -- Ti

Re: [Clamav-users] Problems with installation

2007-08-02 Thread Tilman Schmidt
t; I can't find that it did anything, although it appeared to compile properly. So far you haven't compiled anything, just configured it for compiling. As a next step, type "make" - that'll start the actual compilation. After that, type "make install"

Re: [Clamav-users] clamav-milter timeouts - 0.91

2007-08-07 Thread Tilman Schmidt
ould be too weird! :-) "Your message was empty!""Nah, your mailreader is broken!" -- Tilman Schmidt Abteilungsleiter Technik -------- Tilman Schmidt [EMAIL PROTECTED] Phoenix Softwar

Re: [Clamav-users] Zip module failure ERROR with 0.91.1

2007-08-09 Thread Tilman Schmidt
ee if it reports any errors. I'd say it's precisely damaged and incorrectly created files that ClamAV must be able to cope with. Deliberate format violations are a popular vector for malware. -- Tilman Schmidt Abteilungsleiter Technik -----

Re: [Clamav-users] clamav 0.91.2 is out. Don't use it.

2007-08-21 Thread Tilman Schmidt
hat fixes this problem) Would you care to elaborate? Which platforms are affected? Which usage? Do I understand correctly that using ClamAV via the clamscan command isn't affected? What about access through the socket interface? Than

Re: [Clamav-users] clamav 0.91.2 is out. Don't use it.

2007-08-21 Thread Tilman Schmidt
n can upgrade without fear? Thanks, Tilman -- Tilman Schmidt Abteilungsleiter Technik -------- Tilman Schmidt [EMAIL PROTECTED] Phoenix Software GmbH Tel. +49 228 97199 0 Geschäftsfü

Re: [Clamav-users] clamav 0.91.2 is out. Don't use it.

2007-08-21 Thread Tilman Schmidt
asy to fix, but very troublesome, issue". Forgive me for being dense, but I still don't understand: what exactly am I to achieve by not upgrading, if it's not the continued safety of my servers? Thanks -- Tilman Schmidt Abteilungsleiter Technik ----

Re: [Clamav-users] Question About Version 0.91.2

2007-08-27 Thread Tilman Schmidt
elpLine at > 800-856-1983 and properly dispose of this information. Oh, PLEASE ... -- Tilman Schmidt Abteilungsleiter Technik ------------ Tilman Schmidt [EMAIL PROTECTED] Phoenix Software GmbH Tel.

Re: [Clamav-users] As soon as Sourcefire starts charging for viru... STOP it already

2007-08-29 Thread Tilman Schmidt
Now that this dead horse has been beaten into pulp and is slowly seeping into the gravel, can we please, pretty please leave that fruitless discussion? Thank you very much for your understanding. -- Tilman Schmidt Abteilungsleiter Technik

Re: [Clamav-users] Missing Freshclam after upgrade to clamav-0.90.3-1.fc7

2007-09-17 Thread Tilman Schmidt
Works every time it's tried as the rpm creators have discovered. > > One option. But one that is guaranteed to cause future problems on an rpm > based system. I run a couple of RPM based systems here but always compile ClamAV from source. Never saw any of those &quo

Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Tilman Schmidt
/var/log/clam/infected/ > total 4 > drwxr-xr-x 2 rootroot 80 Oct 17 08:55 . > drwxr-xr-x 4 rootroot 232 Oct 17 06:56 .. > -rw-r--r-- 1 justlgn users 69 Oct 16 10:56 eicar.com The EICAR test file itself, however, is again owned by you. What user are you running clamscan as

Re: [Clamav-users] possible GPG verify problem

2007-10-23 Thread Tilman Schmidt
s is normally done in a face to face meeting where the key owner hands you the correct fingerprint and you check his/her ID, but depending on your security concerns (or lack thereof), other more or less trusted channels such as a publication in a printed magazine or

Re: [Clamav-users] PhishingScanURLs is dreadfully slow/CPU-intensive

2007-11-09 Thread Tilman Schmidt
ation? Not in the least. HTH T. -- Tilman Schmidt Abteilungsleiter Technik -------- Tilman Schmidt [EMAIL PROTECTED] Phoenix Software GmbH Tel. +49 228 971

Re: [Clamav-users] PhishingScanURLs is dreadfully slow/CPU-intensive

2007-11-12 Thread Tilman Schmidt
John Rudd schrieb: > Tilman Schmidt wrote: > >> (Remember the viruses ClamAV checks for >> are *Windows* viruses. A unixoid OS doesn't run ClamAV for its own >> protection but for the protection of Windows clients.) > > OpenOffice isn't vulnerable to Off

[Clamav-users] virus threats to Linux (was: PhishingScanURLs is dreadfully slow/CPU-intensive)

2007-11-13 Thread Tilman Schmidt
Kelson schrieb: > Tilman Schmidt wrote: >> Also, OpenOffice on Linux is normally run from a non-privileged user ID, >> heavily limiting the ability of any malicious macro to harm or propagate. > > Huh? What difference does running as a non-privileged user make when > th

Re: [Clamav-users] Phishing feature defaults, naming, and 0.92

2007-11-27 Thread Tilman Schmidt
lved". The new heuristic phishing detection features are by definition more prone to false positives than classic signature based virus detection. But if you set the "PhishingScanURLs" configuration option to "No" you should be fine - certainly better than staying with 0.88.

Re: [Clamav-users] Issue starting clamd

2008-01-02 Thread Tilman Schmidt
on CentOS it can't. CentOS has SELinux enabled by default. HTH T. -- Tilman Schmidt Abteilungsleiter Technik Phoenix Software GmbH Tel. +49 228 97199 0 Geschäftsführer: W. Grießl

[Clamav-users] Suse RPM for ClamAV 10.2

2008-01-14 Thread Tilman Schmidt
) still don't have a 0.92 package. Are there any plans for providing one? Thanks -- Tilman Schmidt Abteilungsleiter Technik Phoenix Software GmbH Tel. +49 228 97199 0 Geschäftsführer: W. G

Re: [Clamav-users] Suse 10.0 RPM for ClamAV 0.92 (!)

2008-01-14 Thread Tilman Schmidt
ClamAV 0.92 refuses being compiled with because of a compiler bug. So I thought I'd take the easy way out and convert ClamAV on those machines running Suse 10.0 from self-compiled to RPM installed. Thanks -- Tilman Schmidt Phoenix Software GmbH www.phoenixsoftwa

Re: [Clamav-users] Suse 10.0 RPM for ClamAV 0.92 (!)

2008-01-14 Thread Tilman Schmidt
n question? Then you should be able to compile the ClamAV 0.92 your own. Sure, if that's the only way then I'll do it that way. Thanks, -- Tilman Schmidt Phoenix Software GmbH www.phoenixsoftware.de 53227 Bonn, GermanyAmtsg

Re: [Clamav-users] Scan All incoming attactment

2008-03-11 Thread Tilman Schmidt
e you weren't either. HTH T. -- Tilman Schmidt Phoenix Software GmbH Tel. +49 228 97199 0 Adolf-Hombitzer-Str. 12Fax +49 228 97199 99 53227 Bonn, Germany www.phoenixsoftware.de signature.asc Descriptio

Re: [Clamav-users] Trojan.Maliframe!html Virus defination

2008-03-11 Thread Tilman Schmidt
Tarak Ranjan schrieb: Hi List, Has anyone got this virus Trojan.Maliframe!html. it's not detecting in my clamd , for this any definition in clamav AFAIK that's not a virus, but Symantec's generic name for their malicious HTML code detection heuristics. HTH T. -- Tilman

Re: [Clamav-users] Scan All incoming attactment

2008-03-12 Thread Tilman Schmidt
Tarak Ranjan schrieb: On Tue, 2008-03-11 at 18:18 +0100, Tilman Schmidt wrote: Tarak Ranjan schrieb: > Hi List, > How can i configure my clamd , that will scan all my incoming mails > attactments,... Install the appropriate mail filter extension for your mail software, and configure

[Clamav-users] all my ClamAV daemons died last night

2008-04-07 Thread Tilman Schmidt
ould not prevent the continued use of the scan service with the signatures it already has. Is this: - a misconfiguration (ie. my own fault)? - a bug? - a feature? TIA T. -- Tilman Schmidt Phoenix Software GmbH Tel. +49 228 97199 0 Adolf-Hombitzer-Str. 12

Re: [Clamav-users] all my ClamAV daemons died last night

2008-04-08 Thread Tilman Schmidt
A few hiccups here too [db.de.clamav.net], but not nearly as bad as the night before, and a long way from actually killing the scan deamons. -- Tilman Schmidt Phoenix Software GmbH Tel. +49 228 97199 0 Adolf-Hombitzer-Str. 12Fax +49 228 97199 99

Re: [Clamav-users] Many Javascript false - positives

2008-04-11 Thread Tilman Schmidt
legal ones. mixing them up like this makes my life and work more difficult. Please don't do it. Thanks, T. -- Tilman Schmidt Phoenix Software GmbH Tel. +49 228 97199 0 Adolf-Hombitzer-Str. 12Fax +49 228 97199 99 53227 Bonn, Germany

Re: [Clamav-users] WARNING: Suspicious recipient address blocked

2008-04-15 Thread Tilman Schmidt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 14.04.2008 16:30 schrieb Michael Brown: > The | character is not allowed in any e-mail address because it's a Unix > shell reserved character. RFC 2822 disagrees with you. To begin with, there's no reason reserved characters of any Unix shell or o

Re: [Clamav-users] WARNING: Suspicious recipient address blocked

2008-04-17 Thread Tilman Schmidt
Eric Rostetter schrieb: Quoting John Rudd <[EMAIL PROTECTED]>: It is not ClamAV's place to make policy decisions for me. And ClamAV does not. The milter is. That distinction is immaterial. The milter comes as part of the ClamAV package. s/ClamAV/clamav-milter/ throughout my posting if you

Re: [Clamav-users] successfull upgrade from 0.92 to 0.93

2008-04-21 Thread Tilman Schmidt
. Thanks, Tilman -- Tilman Schmidt Phoenix Software GmbH, Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] WARNING: Suspicious recipient address blocked

2008-04-22 Thread Tilman Schmidt
September and December. But since 2008-04-18, there are systematically several delivery attempts per day to addresses formed by prefixing a valid mail address on the server with '|'. Coincidence? -- Tilman Schmidt Phoenix Software GmbH 53227 Bonn, Germany signature.asc Description: OpenP

Re: [Clamav-users] clamav exiting

2008-06-16 Thread Tilman Schmidt
0.93, and indeed I haven't seen it reoccur with 0.93 or 0.93.1. HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clama

Re: [Clamav-users] simplest replacement for ancient amavis-perl

2008-08-08 Thread Tilman Schmidt
David F. Skoll schrieb: OK, look. I guess I need to spell it out for you. End-user PC has virus. Virus does this: telnet isps-smtp-server 25 In my experience that's very unusual behaviour for a virus. The vast majority try to connect directly to the recipient's MX. -- Tilm

Re: [Clamav-users] simplest replacement for ancient amavis-perl

2008-08-12 Thread Tilman Schmidt
(holding breath) One example is Arcor, a biggish German access provider. Their outgoing mailservers do resend mail on a 4xx error - but only after a delay of eight hours. That sort of delay is quite enough to upset many users. But Arcor's tech support doesn't see a problem with that.

Re: [Clamav-users] simplest replacement for ancient amavis-perl

2008-08-12 Thread Tilman Schmidt
t lawmakers' support in the fight against spam ...) So dropping mail into the bitbucket is not an alternative. I have to either reject it or deliver it. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature __

Re: [Clamav-users] ClamAV scan report

2008-08-19 Thread Tilman Schmidt
x27;s how xargs works. See "man xargs". HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] simplest replacement for ancient amavis-perl

2008-08-19 Thread Tilman Schmidt
Steve Wray schrieb: Tilman Schmidt wrote: [...] So dropping mail into the bitbucket is not an alternative. I have to either reject it or deliver it. Wow. So... the default, unpatched build of qmail is quite popular in Germany? I won't enter that minefield. :-) But unpatched qma

Re: [Clamav-users] Unknown phishing email virus?

2008-08-26 Thread Tilman Schmidt
tives. Blocking a customer's internet connection based on such a check is inacceptable. HTH T. -- Tilman Schmidt Abteilungsleiter Technik Phoenix Software GmbH Tel. +49 228 97199 0 Adolf-Hombitz

Re: [Clamav-users] freshclam "Can't connect to port 80 of host database.clamav.net"

2008-09-05 Thread Tilman Schmidt
clam[14586]: Verification: MD5 verification error Sep 5 02:36:43 posthamster freshclam[14586]: Trying again in 5 secs... HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a com

[Clamav-users] bzip2 1.0.5 for CentOS

2008-09-05 Thread Tilman Schmidt
at vulnerability, so I am probably doing something wrong. But what? Thanks in advance for any hints. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive

Re: [Clamav-users] PUAs

2008-09-11 Thread Tilman Schmidt
l. Without any information on what that option might flag as "infected", I cannot risk enabling it on a production system. So my answer to these questions is "nothing", "none", and "I don't know". HTH T. -- Tilman Schmidt Phoen

Re: [Clamav-users] PUAs

2008-09-11 Thread Tilman Schmidt
Steve Basford wrote: I've knocked something quickly together, it won't be 100% accurate and is very vague, but it might give you a few pointers: Thanks a lot, that's very helpful already. Perhaps this could be put on the Wiki, and over time, expanded. -- Tilman Schmidt Phoeni

Re: [Clamav-users] PUAs

2008-09-15 Thread Tilman Schmidt
only, there are legitimate uses for it, and I should try it myself to see. So I am a bit reluctant to declare all IRC server based programs "possibly unwanted". Actual malware OTOH should be caught by the regular (non-PUA) signatures already. Again, it all depends on the precise d

Re: [Clamav-users] How important are file extensions?

2008-09-25 Thread Tilman Schmidt
program for opening it, which it will by default permanently associate with that suffix, and then it isn't unassigned anymore. So no suffix you try to put aside will ever be safe from being assigned to an application, either by the application's author or by individual users. HTH T. --

Re: [Clamav-users] Virus not detected on Linux/MacOSX

2008-09-26 Thread Tilman Schmidt
"file.exe: not scanned - exceeds max-filesize" Change "Scanned files: 1" to "Scanned files: 0" and add a new count to the summary "Not scanned: 1". I'd like to support that suggestion. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signatur

Re: [Clamav-users] Compile error

2008-10-01 Thread Tilman Schmidt
attribute__((format(printf, 2,3))); #else wasn't applied. Did you verify that the line added by that hunk, which declares the variable "use_stderr", does appear in shared/output.h after applying the patch? HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germ

Re: [Clamav-users] Displaying configuration file

2008-12-08 Thread Tilman Schmidt
axFileSize is DEPRECATED *** *** ArchiveMaxRecursion is DEPRECATED *** *** ArchiveMaxFiles is DEPRECATED *** *** ArchiveMaxCompressionRatio is DEPRECATED *** *** ArchiveBlockMax is DEPRECATED *** [...] [EMAIL PROTECTED]:~> fgrep ArchiveMax /usr/local/etc/clamd.conf [EMAIL PROTECTED]:~>

Re: [Clamav-users] opensuse11.1 loses network connection duringa cronjob that utilizes freshclam and clamscan

2009-01-09 Thread Tilman Schmidt
any sense and may cause system malfunctions. HTH T. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] freshclam not updating with clamav-0.95.1

2009-04-21 Thread Tilman Schmidt
rmally the ClamAV installation will leave existing config files alone. HTH -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

[clamav-users] LibClamAV Warning: Unsupported message format `http'

2017-12-22 Thread Tilman Schmidt
ClamAV running on Ubuntu Xenial, package version 0.99.2+dfsg-0ubuntu0.16.04.2, emits the following warning message when scanning one of my Thunderbird IMAP mail folders: LibClamAV Warning: Unsupported message format `http' - if you believe this file contains a virus, submit it to www.clamav.net I

Re: [clamav-users] Is this an issue to worry about?

2018-01-22 Thread Tilman Schmidt
Am 22.01.2018 um 15:08 schrieb Personal: > I have a clamscan running once a week as:'clamscan -rv > --exclude-dir="^/sys" / | grep FOUND >> filename.txt' You should fix that grep pattern. It's too unspecific. > I have gotten the following hits back for the last three weeks and > wondered, if this

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Tilman Schmidt
Am 26.01.2018 um 11:36 schrieb Reindl Harald: > Am 26.01.2018 um 11:28 schrieb Andreas Schulze: >> >> just updated to 0.99.3 ( which is a 0.99.2 + Security fixes ) bit >> still clamav don't work as expected. >> >> Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: >> Fri Jan 26 11:23:10 2018 -> ER

Re: [clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

2018-01-26 Thread Tilman Schmidt
Try # service clamav-freshclam stop The exact command may vary depending on your OS and distribution which you didn't mention. Am 26.01.2018 um 11:54 schrieb Rajesh M: > hi all > > even though i removed > > daily.cld > main.cld > bytecode.cld > mirrors.dat > > all of these has been recreated

Re: [clamav-users] 99.3 for Ubuntu

2018-01-26 Thread Tilman Schmidt
Ubuntu doesn't have 0.99.3 release yet. You need to go to http://www.clamav.net/downloads Am 26.01.2018 um 15:31 schrieb Chris: > On Thu, 2018-01-25 at 19:18 -0800, Al Varnell wrote: >> Are you sure you have the correct 0.99.3 download released late today >> from ?

Re: [clamav-users] How the bad signature happened - conjecture (was

2018-01-26 Thread Tilman Schmidt
Am 26.01.2018 um 17:13 schrieb Martin Gagne: > > Hi Paul, > > =20 > > Can you please help me getting a copy of 24255 ? > =20 > Thanks ! > > =20 > > =20 > > Best regards, Martin Gagne Don't go that way. It's much better to add the signature Vbs.Downloader.Generic-6431223-0 which is causing th

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.4 has been released!

2018-03-08 Thread Tilman Schmidt
What definitely isn't fine is this endless griping about how people should phrase their questions differently, know more than they do, have read this and that (blindly assuming that they hadn't) and so on which contributes exactly nothing to a solution. What isn't fine either is rude language. Jo

[clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

2018-05-23 Thread Tilman Schmidt
ation about the threat. What is that signature trying to detect? Is this a Known Problem? What's the best way handle it? -- Tilman Schmidt Head of System and Network Engineering Tel. 0221 / 95 64 95 .417 Fax 0221 / 95 64 95 .999 e-Mail tschm...@cardtech.de cardtech Card & POS Servic

Re: [clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

2018-05-23 Thread Tilman Schmidt
Am 23.05.2018 um 18:07 schrieb G.W. Haywood: > My advice would be a more general "use your loaf". :) Cute idiom. I had to google that. :-) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clama

Re: [clamav-users] WARNING: Local version: 0.99.4 Recommended version: 0.100.0

2018-06-19 Thread Tilman Schmidt
Am 19.06.2018 um 04:17 schrieb Jobst Schmalenbach: > Receiving the message: WARNING: Local version: 0.99.4 Recommended version: > 0.100.0 [...] > Listing epel shows: > > clamav-0.99.4-1.el6.i686.rpm 2018-03-02 17:32 > 4.4M > clamav-0.99.4-1.el6.x86_64.rpm

[clamav-users] LibClamAV Warning: Bytcode 73 failed to run: Time limit reached

2018-06-20 Thread Tilman Schmidt
The last nightly ClamAV scan on one of my machines emitted a series of error messages I'm not familiar with: LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set LibClamAV Warning: [Bytecode JIT]: recovered from error LibClamAV Warning: [Bytecode JIT]: JITed code intercepted

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Tilman Schmidt
Am 20.06.2018 um 19:14 schrieb Andrew McGlashan: > This is an opportunity to fix things, such an opportunity should not > lost, especially if it helps more people to understand the problems with > having too liberal SPF rules (defeating the purpose of SPF). I disagree. The purpose of clamav-users

Re: [clamav-users] LibClamAV Warning: Bytcode 73 failed to run: Time limit reached

2018-06-25 Thread Tilman Schmidt
-2cd5ef82 ~/.java/deployment/cache/6.0/6$ file 41d72bc6-2cd5ef82 41d72bc6-2cd5ef82: Java archive data (JAR) Any thoughts? Am 20.06.2018 um 10:41 schrieb Tilman Schmidt: > The last nightly ClamAV scan on one of my machines emitted a series of > error messages I'm not familiar with: > >

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-28 Thread Tilman Schmidt
t.html#ml > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq

Re: [clamav-users] Freshclam IPv6 error messages on IPv4-only systems

2018-07-04 Thread Tilman Schmidt
Am 04.07.2018 um 15:42 schrieb Walter H.: > On 04.07.2018 15:00, Matt Vander Werf wrote: >> This has been mentioned at various points in several threads over the >> past week or two (sometimes off-hand), but just wanted to somewhat >> consolidate them here and also add my +1 to getting this bug add

Re: [clamav-users] Is ClamAV available on the hypervisor?

2018-07-05 Thread Tilman Schmidt
These are strange questions. Am 05.07.2018 um 07:59 schrieb "조정환": > Hello, I am using ClamAV for my organization, but I am using it only on > the VM server. I assume that by "the VM server" you mean a server which is running as a virtual machine, or perhaps even several of them. If not, please c

Re: [clamav-users] LibClamAV Warning: Bytcode 73 failed to run: Time limit reached

2018-07-06 Thread Tilman Schmidt
Just to let you know: The daily messages have become too annoying so I cleared my Java cache to get rid of the offending file. Consequently I won't be available for testing a fix anymore, at least until the problem reappears on some other file. Am 25.06.2018 um 11:12 schrieb Tilman Schmidt:

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
I've been trying in vain to get an answer on that one since 2018-06-20. For me it's bytecode 73, otherwise the same. Looks like no-one knows or cares. I ended up bisecting the scan and removing the file whose scan triggered the message. Luckily it wasn't needed for the operation of the affected sy

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
as > I suspect they would have figured it out by now. > > -Al- > ClamXAV User > > On Mon, Jul 09, 2018 at 01:27 AM, Tilman Schmidt wrote: >> I've been trying in vain to get an answer on that one since 2018-06-20. >> For me it's bytecode 73, otherwise the same.

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
v|WMV|ts|TS|flv|FLV|mov|MOV|JPG|jpg|mp3|MP3|tc) > that are very big, that may cause this, but I might forget something > other big too. > > Thank you > Pavel Kosina > > > > Tilman Schmidt napsal(a) dne 9.7.2018 v 10:27: >> I've been trying in vain to get a

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
quot;omit", "erase", "do not use". Just change "-ri" to "-r" in your command line and try again. You'll see that clamscan will print all files, whether infected or not. It will even print "OK" after those that aren't. > Tilman Sch

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
ring the timeout.  > > It isn't entirely surprising that a more complex file for which we have > a bytecode signature could also cause the default timeout to be exceeded.   > > Cheers, > Micah >   > Micah Snyder > ClamAV Development > Talos > Cisco Systems, In

[clamav-users] LibClamAV Warning: RWX mapping denied

2018-07-10 Thread Tilman Schmidt
This morning, a bunch of RHEL6 systems greeted me with mails saying: /etc/cron.daily/freshclam: ERROR: During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied I found an old Red Hat Bugzilla entry (Bug 1172774) for Fedora 21 which was closed as

Re: [clamav-users] Bytecode 86 failed to run

2018-08-07 Thread Tilman Schmidt
x file for which we have > a bytecode signature could also cause the default timeout to be exceeded. > > Cheers, > Micah > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > >> On Jul 9, 2018, at 4:51 AM, Tilman Schmidt > <mailto:t

[clamav-users] Bytecode 86 failed to run

2018-08-07 Thread Tilman Schmidt
e, so I can see if we already have it? > > Thanks, > > - Alain > > On Tue, Aug 7, 2018 at 9:50 AM, Tilman Schmidt <mailto:tschm...@cardtech.de>> wrote: > > The problem is back, this time with two bytecodes: 2 and 90. > ClamAV version is 0.100.1. >

Re: [clamav-users] Bytecode 86 failed to run

2018-08-08 Thread Tilman Schmidt
Am 07.08.2018 um 22:24 schrieb Alain Zidouemba: > We do not have the sample. Please submit here, even though it's not > malicious: http://www.clamav.net/reports/malware Done. > On Tue, Aug 7, 2018 at 2:00 PM, Tilman Schmidt <mailto:tschm...@cardtech.de>> wrote: >

Re: [clamav-users] Bytecode 86 failed to run

2018-08-08 Thread Tilman Schmidt
Am 08.08.2018 um 10:40 schrieb Tilman Schmidt: > JFTR it did. Total runtime was > >> Time: 34574.821 sec (576 m 14 s) > > which is pretty much exactly 144*24ms > > Seems the default --bytecode-timeout is really much smaller than the > 6ms mentioned in the

Re: [clamav-users] Bytecode 86 failed to run

2018-08-09 Thread Tilman Schmidt
c (0 m 15 s) Thanks, Tilman Am 07.08.2018 um 20:02 schrieb Tilman Schmidt: > > $ sha256sum .java/deployment/cache/6.0/6/41d72bc6-799a1944 > 97432da2d77d78872ececf4de2eef1c759e7846db85d4fb14eb02764b6bd02ad > .java/deployment/cache/6.0/6/41d72bc6-799a1944 > [...] >> >>

Re: [clamav-users] Bytecode 86 failed to run

2018-08-13 Thread Tilman Schmidt
Am 08.08.2018 um 10:40 schrieb Tilman Schmidt: > Am 07.08.2018 um 22:24 schrieb Alain Zidouemba: >> We do not have the sample. Please submit here, even though it's not >> malicious: http://www.clamav.net/reports/malware > > Done. Starting Saturday the file is now r

Re: [clamav-users] freshclam vs sudo freshclam

2018-08-23 Thread Tilman Schmidt
Am 23.08.2018 um 01:56 schrieb Michael Newman: > What I didn’t understand was why using sudo caused dns and network > errors but using freshcalm without sudo worked fine: You wouldn't have SELinux active in enforcing mode on that machine by any chance? -- Tilman Schmidt cardtech

Re: [clamav-users] Whitelisting extensions for virus scan

2018-10-29 Thread Tilman Schmidt
Am 26.10.18 um 15:34 schrieb Johnny Time: > For exemple, we wanted to authorize only a white list which contains > *.doc,*.xls,*.pdf and ban the others extensions. Surely you meant to write "*.docx,*.xlsx,*.pdf"? *.doc and *.xls are the old, malware-prone MS-Office filetypes. You don't want to let

Re: [clamav-users] Whitelisting extensions for virus scan

2018-10-30 Thread Tilman Schmidt
Am 29.10.18 um 17:33 schrieb Kris Deugau: > Tilman Schmidt wrote: >> Am 26.10.18 um 15:34 schrieb Johnny Time: >>> For exemple, we wanted to authorize only a white list which contains >>> *.doc,*.xls,*.pdf and ban the others extensions. >> >> Surely

[clamav-users] Multios.Coinminer.Miner-6781728-1 detected in Snort rules file and log

2018-12-21 Thread Tilman Schmidt
Since yesterday, ClamAV started to report: [clamAV_Log 20.12.2018 23:00:01] [clamAV_Log 20.12.2018 23:00:01] --- [clamAV_Log 20.12.2018 23:00:01] [clamAV_Log 20.12.2018 23:00:01] /var/log/sid_changes.log: Multios.Coinminer

Re: [clamav-users] ClamAV Scan results

2019-01-04 Thread Tilman Schmidt
Do not run clamscan over your entire filesystem. It's a bad idea. In your case clamscan found something looking like a virus in its own signatures, which is hardly surprising and certainly not a sign of an infection. Am 04.01.19 um 13:28 schrieb Kaushal Shriyan: > > when i am running clamscan  >

Re: [clamav-users] Input Stream Scanning for very large files

2019-01-29 Thread Tilman Schmidt
Am 28.01.19 um 18:02 schrieb G.W. Haywood: > On Sat, 26 Jan 2019, Dennis Peterson wrote: > On 1/25/19 11:38 AM, G.W. Haywood wrote: > >> > ... I'd call it madness. >> >> Sometimes it is a management or compliance requirement. > > Are these not just synonyms? Not quite, though often quite close.

Re: [clamav-users] Issue with clamav logical signature generation

2019-02-28 Thread Tilman Schmidt
Am 25.02.19 um 19:44 schrieb G.W. Haywood via clamav-users: > Just as decimal strings are strings composed of decimal digits and can > be any length, hexadecimal strings are strings composed of hexadecimal > digits - and can also be any length.  They usually present as an even > number of digits on

Re: [clamav-users] unexplainable tar behaviour

2019-11-05 Thread Tilman Schmidt
Am 30.10.19 um 03:34 schrieb Paul Kosinski via clamav-users: > I thought ClamAV unpacked TARs (and other archives) and looked at the > contents. If it doesn't, it wouldn't be very effective in detecting > viruses in compressed files. Yes it does, but IIUC it matches signatures not only to the extr

Re: [clamav-users] Problem to update virus database

2020-01-24 Thread Tilman Schmidt
if you would like to start using DEMS, > please email Doc2disk Ltd for prices (sa...@doc2disk.com). > > > > _______ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clama