Re: [Clamav-users] Virus Names

(according to other scanner), though they select that the sample is detected by other scanner and sometimes they even write which scanner (but no virus name). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros

Re: [Clamav-users] Re: Some viruses go through

LibClamAV Warning: Multipart MIME message contains no boundary lines av-inet1.txt: Worm.SomeFool.P FOUND $ clamscan -V clamscan / ClamAV version devel-20040323 So it _is_ detected. I'd bet: you've got old version or misconfigured system. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's

Re: [Clamav-users] False positives

On Wed, 07 Apr 2004 at 12:12:25 -0700, Kevin W. Gagel wrote: How/Where do I report false positives? Like other samples - at http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi Don't forget to select the A false positive option. Give as many details as possible. -- Tomasz Papszun SysAdm

Re: [Clamav-users] virus not detected

detect it as a virus. Thanks Oh, no, the same question repeated nearly everyday... Have you ever visited the ClamAV WWW main page? :-) (I fear of suggesting searching the mailing list's archives ;-) ). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED

Re: [Clamav-users] clamav.conf

On Fri, 09 Apr 2004 at 15:35:40 +0200, Mike van Vugt wrote: [...] User clamav ScanMai ^ ?! Is this the exact quote (ScanMai instead of ScanMail)? Or a typo only in this message? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED

Re: [Clamav-users] submitting samples (name instead?)

On Fri, 09 Apr 2004 at 7:15:54 -0700, Henry Harvey wrote: [EMAIL PROTECTED] [...] [EMAIL PROTECTED] [EMAIL PROTECTED] A search on the database of ClamAV results with nothing with those same variants. Tip: search archives of clamav-virusdb mailing list. -- Tomasz Papszun SysAdm @ TP

Re: [Clamav-users] Problems with Clamav and freshclam

see clamd running. Is it should be running? [...] -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] False positive on Worm.Gibe.F

--- -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored

Re: [Clamav-users] Clam assigns wrong virus name??

name? I guess that you use very old database - Win32.Mix isn't present in the database since the end of February 2004. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net

Re: [Clamav-users] Clam assigns wrong virus name??

left which also is used by your mail subsystem. Search the filesystem for .cvd and .db files. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Plexus/Explet

On Fri, 04 Jun 2004 at 10:10:30 -0700, Jim wrote: What does clamav refer to Plexus or Explet as ? The symantec name is [EMAIL PROTECTED] Worm.Plexus.A Does clamav catch this virus? Yes. Since 2004.06.04 22:07 GMT. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL

Re: [Clamav-users] clamd dead on a x86_64 fedora core 2 machine

. And the numbers of viruses are different (21857, 21773). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Can't access the file ERROR\n

. Isn't clamd running as root now? (check with 'ps aux|grep clamd'). Not secure... You can use User amavis in clamav.conf instead. Or read Stephen Gran's message in this thread. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones

Re: [Clamav-users] ClamAV 0.72 Released

/logrotate.d/ use directives like these: delaycompress postrotate /etc/init.d/clamav-freshclam reload /dev/null endscript -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] problems with clamuko

distribution modified ClamAV extensively. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] problems with clamuko

On Mon, 14 Jun 2004 at 11:28:57 +0200, Pippi Langstrumpf wrote: --- Tomasz Papszun [EMAIL PROTECTED] schrieb: On Wed, 09 Jun 2004 at 16:38:27 +0200, Pippi Langstrumpf wrote: I have a problem to activate clamuko. I tested it with an clamav-testfile. I opend the file and nothing

Re: [Clamav-users] Freshclam not updating

to find them and remove. Similar situations have been described on the list. HTH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] amavisclamav: Socket communication failure

results, but...), my socket: $ v /var/run/clamav/clamd.ctl srwxrwxrwx1 amavis amavis 0 Jun 7 19:55 /var/run/clamav/clamd.ctl= Please help me, because I don't know where I can continue looking for errors, thanks Harald Seems that my message won't help you, sorry. -- Tomasz Papszun

Re: [Clamav-users] amavisclamav: Socket communication failure

On Wed, 16 Jun 2004 at 15:07:02 +0200, Harald Arnold wrote: Am Mit, 2004-06-16 um 13.48 schrieb Tomasz Papszun: On Wed, 16 Jun 2004 at 13:04:45 +0200, Harald Arnold wrote: Socket definition: srwxr-x---1 vscanvscan 0 Jun 16 10:29 amavisd.sock Again, just

Re: [Clamav-users] How to disinfect an mbox file?

it back to some mailbox-type folder, thus converting them to mailbox-type. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] uncompressing/scanning Mac archives (i.e. .sit, .sitx, and .hqx)

users)? Seems that amavisd-new (an interface between MTA and virus scanner/content filters) supports .hqx files. I don't know about .sit and .sitx though - maybe not. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros

Re: [Clamav-users] How to disinfect an mbox file?

in clamav.conf. box that I'm running it on, and clamav must be pretty CPU intensive. [...] -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Bad Virus Signature?

soon. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email sponsored

Re: [Clamav-users] [Fwd: memory hog in 0.72 and 0.73]

as big ;-) . I don't even believe that 1 b (1 bit) is divisible into 1 thousand parts (1 mb means 1 milibit) :-| . I _do_ consider a 134 MB email as big, though. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros

Re: [Clamav-users] /etc/cron.daily/freshclam exited with return code 1

Of course remove set -x as it was needed only for debugging. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Help Setup Newbie Please

programs ;-) . problem that I don't even have clamav.conf?? clamav.conf isn't used by clamscan (just by clamd and clamdscan), so if you don't use clamd, you don't need clamav.conf. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl

Re: [Clamav-users] Log file doesn't rotate and problem with user settings when using with qmailscanner

endscript are present. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net

Re: [Clamav-users] Debian package: dependencies on unzoo and arj

with your country code. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email

Re: [Clamav-users] error in fressshclam execution

Is database.clamav.net resolvable with 'host' command? You may want to check the archives for similar DNS-related problems. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http

[Clamav-users] Broken stream scanning in clamdscan 0.74

to clamdscan directly on command line. The bug was reported today by Piotr Gackiewicz. A fix will be available tomorrow in CVS. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net

Re: [Clamav-users] MD5 checksum always wrong

your freshclam doesn't use the freshclam.conf you edited. Maybe you have some older freshclam left from old installation (or other clamav-related files anyway). Try to find such files and remove them. Tip: what happens when you run freshclam calling it with the full path name? -- Tomasz Papszun

Re: [Clamav-users] not in gzip format

CEST using DSA key ID 985A444B gpg: BAD signature from Tomasz Kojm [EMAIL PROTECTED] -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Reducing CPU consumption?

on MTA used, such simple filtering (of extensions, subjects etc.) can be done in MTA itself, before reaching amavisd-new. I think that you should get more details about their setup and then you can search documentation and mailing lists of those particular programs. -- Tomasz Papszun SysAdm

Re: [Clamav-users] Not Detecting Netsky.P (With Sample)

On Thu, 08 Jul 2004 at 23:59:14 -0600, Patrick Liechty wrote: I am using Qmail with Maildir format. Does -mbox work with Maildir mail boxes? From the ChangeLog: Fri Aug 29 06:00:01 CEST 2003 - * libclamav: enabled support for Maildir files -- Tomasz

Re: [Clamav-users] Clamdscan Error 2

:10 2004 - ERROR: ScanStream: accept timeout. [EMAIL PROTECTED]:/var/log/clamav# I don't know if Debian package of 0.74 already contains the fix for the following bug or not. Quoting my own message: From: Tomasz Papszun [EMAIL

Re: [Clamav-users] RE: Not finding W32.Beagle virus

StreamSaveToDisk, ScanOLE2, ScanMail, ScanArchive enabled. How can this be fixed so Norton can go away? Thanks, Alex http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones

Re: [Clamav-users] Worm.Bagle.AG (or something) sending empty zip files?

to recieve a copy of this myself, so all i have are forwards from outlook, which makes an ungodly mess of the email itself. however, i can provide a sample if anyone is interested. No, thanks :-) . We have got many. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland

Re: [Clamav-users] clamdscan (fails) vs. clamscan

. [...] -- Eric Wheeler -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net

Re: [Clamav-users] Missing W32.Magistr.A signature

help? http://www.gossamer-threads.com/lists/clamav/virusdb/10298 : From: Tomasz Papszun [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Clamav-virusdb] Update (main: 24, daily: 398) Date: Thu, 8 Jul 2004 02:50:02 +0200 Message-ID

Re: [Clamav-users] New variant Bagle not being detected?

. It's described in signatures.pdf. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Virus submission page claims already known, but clamav not catching

in the updates list entry for 423 about updating to version 0.75; is this necessary for some new sigs? I'm running 0.72. Yes. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] New virus not getting scanned, but web interface says already detected?

. Still don't get a positive scan on my end, though. Help? Don't want to post the virus publicly of course... what now? As a temporary, one-time solution, send it to me (to the address @lodz.. shown below). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] ClamAV 0.67 vs 0.70

should try to use the current version (0.75 at the moment). If your SuSE doesn't deliver it, just compile and install it yourself. It isn't difficult. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL

Re: [Clamav-users] New virus not getting scanned, but web interface says already detected?

getting through -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email

Re: [Clamav-users] New virus not getting scanned, but web interface says already detected?

, backported changes: [...] * libclamav: Some MyDoom.I were getting through -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] New virus not getting scanned, but web interface says already detected?

encoded messages. ClamAV devel-20040722 does. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] New virus not getting scanned, but web interface says already detected?

On Mon, 26 Jul 2004 at 22:16:42 +0200, Tomasz Papszun wrote: On Mon, 26 Jul 2004 at 14:08:21 -0500, Damian Menscher wrote: On Mon, 26 Jul 2004, Mitch (WebCob) wrote: I *THINK* it *MIGHT* be because mydoom.o has uneven linelengths in the uuencoding. I know that bug was fixed recently

Re: [Clamav-users] Sigtool Build Time

pointers. I don't know how many hours back off GMT is US Central time. You need just decrease some number of hours from the above value. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] Reporting from Freshclam

or a corresponding entry in freshclam.conf, e.g.: OnUpdateExecute /path/to/fresh.sh where fresh.sh is a shell script which does needed things. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] 0.75.1 not detecting many more viruses :-(

On Tue, 03 Aug 2004 at 14:16:15 +0100, Bad Apple wrote: Many thank for quick reply .I will upload the virus file The signature has been added (Worm.Mabutu.A.2) and the database updated. Thank you. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] Another upgrade question.

systems delete ordinary files in /tmp during a startup. So if, for whatever reason, a reboot happens before you have completed your upgrade and restored all the needed configuration details, you're lost anyway. Well, maybe not entirely - you have backups, haven't you? :-) HTH -- Tomasz Papszun

Re: [Clamav-users] Ignoring option -r

start clamd only with -c to point to the configuration file. Which options you start clamd with - is irrelevant here. It matters which options you call clamdscan with! -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones

Re: [Clamav-users] Ignoring option -r

On Tue, 10 Aug 2004 at 13:39:57 +0300, Arthur Kerpician wrote: Tomasz Papszun wrote: Which options you start clamd with - is irrelevant here. It matters which options you call clamdscan with! I was using a snapshot (clamav-20040805.tar.gz) when getting this warning. Now I rolled back

Re: [Clamav-users] Ignoring option -r

On Tue, 10 Aug 2004 at 14:30:32 +0200, Niek wrote: Tomasz Papszun said the following on 8/10/2004 1:45 PM GMT+2: On Tue, 10 Aug 2004 at 13:39:57 +0300, Arthur Kerpician wrote: Clamdscan is called by qmail-scanner-1.23 and don't remember setting any -r option anywhere. I don't know qmail

Re: [Clamav-users] daily.db.clamav.or.id : clamav db update via DNS

time? Overall, I'm impressed, I must say :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] daily.db.clamav.or.id : clamav db update via DNS

a .cvd file with sigtool. Only virusdb maintainers can. Cvd files are digitally signed by them. It is on purpose - to make faking database impossible. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED

Re: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}

On Mon, 16 Aug 2004 at 21:55:16 +0200, Niek wrote: I don't know what your return times of the sourceforge mailing lists are. But over here, it can take up to 1.5, 2hours during USA daytime. Indeed. We are planning to move MLs to a new server in September. -- Tomasz Papszun SysAdm @ TP

Re: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}

] [...] -- -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] freshclam --quiet warnings/bugs

condition (the filenames are very predictable). You'd better use files in a directory writable only by the user executing the scripts or use mktemp(1) to create unique filenames. You remove the files at the end of scripts, so having nice-looking names isn't needed anyway. -- Tomasz Papszun SysAdm @ TP

Re: [Clamav-users] False positive or problem with zipped exe

. But if I unzip the files and run clamscan on those files I didn't get the trojan. = May be a bug with internal unzip for executables ? Nobody can answer unless you submit the file. http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland

Re: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}

. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net email is sponsored by Shop4tech.com-Lowest

Re: [Clamav-users] upgrade to 0.75.1: Not suported signature type detected

. These contain a new, advanced structure of patterns and are understood and used by devel versions. It's only a minor problem for people using the stable version. You can safely ignore those messages. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] clam newbie

and test signatures (EICAR and ClamAV-Test-Signature). Also, do NOT send notifications to intended recipients (or they will hate you ;-) ). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED

Re: [Clamav-users] clamav and queue files of CGPro

the current devel version? Email scanning has been improved significantly in devel. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}

proxy server and TCP port for database downloads. freshclam.conf(5) -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Getting signature file versions in PERL

0100 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] clamav and queue files of CGPro

, a today's devel becomes a tomorrow's stable. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Downloading clam virus definition files automatically

for new updates ( so for every 10 mins it can check 5 different locations..right ? Is this a good idea ? No. P.S. Please stop top-posting. http://www.xs4all.nl/~hanb/documents/quotingguide.html http://www.netmeister.org/news/learn2quote.html -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland

Re: [Clamav-users] Question

a compression ratio of 466. Is this possible ? [...] Of course. It depends just on the kind of compressed data. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL

Re: [Clamav-users] Siggen -- small tool to (hopefully) aid someone :)

On Fri, 27 Aug 2004 at 13:21:33 +0200, Daniel Lord wrote: [...] Offset looked up by hand. And signature generated by siggen :) Linux.god.rk.tgz.sshsignatur.lo (Clam)=726F6F74406C6573736F6E732E6D656E636865792E636F6D7D957D9503FF All letters in signatures must be lowercase. -- Tomasz

Re: [Clamav-users] Question

it in the archive) that I have seen BMP files compressed more than 200 times. DOCs: 236. DBF: 1101. WAV: 1182. P.S. Please don't top-post. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] LibClamAV Warning: Not all attachments will be scanned

to move SPAM around? Yes, there are known exploits with .chm files. An example notice is at http://www.us-cert.gov/cas/techalerts/TA04-099A.html -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED

Re: [Clamav-users] ERROR: Can't unlink the socket file /var/run/clamav/clamd.ctl

/clamav/clamd.pid --- Stopped at Sun Aug 29 06:34:34 2004 I searched on the internet (google) and I see similar problems, but not this problem. Any help would be appreciated. Looks like a permission problem. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED

Re: [Clamav-users] --no-summary broken in clamdscan?

programs.) -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored

Re: [Clamav-users] Virus with p0rn picture attachment?

] Win32.HLLM.Blackworm -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email

Re: [Clamav-users] Worm.Mydoom.R

can't be sure it's exactly the same virus. (Otherwise I am very happy with clamav. I use it for 6 month now and had only 2 virii getting through. One was added to the database several minutes Good to hear that :-) . later, the other is the one above.) -- Tomasz Papszun SysAdm @ TP S.A. Lodz

Re: [Clamav-users] Re: Win32.HLLM.MyDoom.43520 (DrWeb)

in the ChangeLog, UPX decompressor has been added to devel versions in June/July 2004. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] Win32.HLLM.MyDoom.43520 (DrWeb)

). To enable stable version to detect this, the signature Worm.Mydoom.V has just been added to the database. Similar problem with Worm.Mydoom.U was addresses 2,5 h ago. Thanks -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones

Re: [Clamav-users] Win32.HLLM.MyDoom.43520 (DrWeb)

On Sat, 11 Sep 2004 at 11:14:25 +0500, Sergey wrote: On Friday 10 September 2004 23:01, Tomasz Papszun wrote: That's right, devel versions have been able to detect this (and an other new variant - Worm.Mydoom.U - also). Hmm... Is the online scanner not latest ClamAV ? I understand what

Re: [Clamav-users] Windows port ?

upload MS-DOS samples. Submitting them normal way ( http://www.clamav.net/sendvirus.html ) would be probably a waste of your and our time, but via FTP is OK. Thank you -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros

Re: [Clamav-users] clamav on debian stable

? If with clamdscan, then the user running clamd would have to have access to the scanned files. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] announcing ClamAV 0.80rc

are simply too lazy to add, activate, or tune new options without such dramatic changes. I'd like to add that changing the name from clamav.conf to clamd.conf was requested by users on the ML a few times. So, it's not our fault ;-). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's

Re: [Clamav-users] Manual download of clamav virus definitions

to the internet with our aix systems, but I would like the peace of mind having a scanning tool in place. Thanks. http://database.clamav.net/main.cvd http://database.clamav.net/daily.cvd -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso

Re: [Clamav-users] COPYING FOUND

Why does clamav report those? Because of a mistake. It will be corrected quickly. We are sorry. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus

Re: [Clamav-users] RE: freshclam.pid: Permission denied

-r--r-- 4 lplp 136 18 Oct 10:49 clamav And inside are: -rw-rw 1 root lp 4 18 Oct 10:39 clamd.pid srwxrwxrwx 1 root lp 0 18 Oct 10:39 clamd.sock Why is /var/clamav (and files there) owned by lp (i.e. print) user and group?? -- Tomasz Papszun SysAdm @ TP S.A. Lodz

Re: [Clamav-users] clamdscan / results in ACCESS DENIED

much. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman

Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

and I've found such messages dated far more ago (since February). From various senders. If I'm the only one seeing it I'll troubleshoot my amavis-new config to see if it is doing something bizarre... -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

to be from Trog, thought the other poster that said they were forwarded That's strange as none of messages from Trog to clamav-users (as delivered to my mailbox) contains rfc822. So maybe some local problem at your sites?... -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL

Re: [Clamav-users] New version Clamd with Daemontools

' for the list of accepted command-line options. Other options can be enabled in clamd.conf, as shown in the warnings. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net

Re: [Clamav-users] Unable to open file or directory ERROR

with modes like a-r if the files in the archive were such. Then it couldn't scan them. Obviously the type of the files (gif, doc etc.) didn't matter. It was quickly fixed after I reported it - thanks to amavisd-new developers :-). So, it may be (or not) a similar situation. -- Tomasz Papszun

Re: [Clamav-users] Odd error

]: ProcessClamAVOutput: unrecognised line webuserprefs-0.5/ChangeLog. Please contact the authors! [...] And so I figured I'd send this here to see what the problem might be. As it was MailScanner that printed it, you should contact the MailScanner's authors, not ClamAV's ones, I think. -- Tomasz Papszun SysAdm

Re: [Clamav-users] [Clamav-virusdb] SPF records

On Wed, 27 Oct 2004 at 15:22:00 +0100, [EMAIL PROTECTED] wrote: [...] Well at least I know this SPF thing really works. !!! It is almost as good as ClamAV. But it makes .forward hardly useful :-( . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] SomeFool.P in .doc file?

objects into Office files. So, without examining the sample, one can't say if it contained a malware or whether it was a false positive. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http

Re: [Clamav-users] Switching off default config options

. This option disables recommended options and allows you to enable selected options. DO NOT ENABLE IT unless you know what you are doing. Default: disabled -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http

Re: [Clamav-users] cygwin clamscan hangs

. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo

Re: [Clamav-users] Online scanner vs Sendvirus.cgi

errors and retry. I though I missed something and repeated the process but got the same result. Any ideas? Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables option while clamav online scanner - not. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only

Re: [Clamav-users] offline update

/20040924.154209.259e44e9.en.html -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman

Re: [Clamav-users] LibClamAV Warning: Broken PE header detected

of signature is missing because a file it's broken?) I believe so. To be sure, the samples would have to be examined. I don't think clamav and kav use signatures which differs a lot, do they? They surely differ. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL

Re: [Clamav-users] ClamAV should not try to detect phishing and other social engineering attacks

/Further_proof_that_the_human_race_is_doomed.htm http://www.doheth.co.uk/funny/doomed.php -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner

Re: [Clamav-users] clamdscan / clamscan / --move option

(with one launching of clamscan), performance increasing thanks to using clamdscan instead of clamscan - is negligible (because the program and the database are loaded only one time). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso

  1   2   3   4   >