(according to other
scanner), though they select that the sample is detected by other
scanner and sometimes they even write which scanner (but no virus name).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros
LibClamAV Warning: Multipart MIME message contains no boundary lines
av-inet1.txt: Worm.SomeFool.P FOUND
$ clamscan -V
clamscan / ClamAV version devel-20040323
So it _is_ detected.
I'd bet: you've got old version or misconfigured system.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's
On Wed, 07 Apr 2004 at 12:12:25 -0700, Kevin W. Gagel wrote:
How/Where do I report false positives?
Like other samples - at
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
Don't forget to select the A false positive option. Give as many
details as possible.
--
Tomasz Papszun SysAdm
detect it as a virus. Thanks
Oh, no, the same question repeated nearly everyday...
Have you ever visited the ClamAV WWW main page? :-)
(I fear of suggesting searching the mailing list's archives ;-) ).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
On Fri, 09 Apr 2004 at 15:35:40 +0200, Mike van Vugt wrote:
[...]
User clamav
ScanMai
^ ?!
Is this the exact quote (ScanMai instead of ScanMail)? Or a typo only in
this message?
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
On Fri, 09 Apr 2004 at 7:15:54 -0700, Henry Harvey wrote:
[EMAIL PROTECTED]
[...]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
A search on the database of ClamAV results
with nothing with those same variants.
Tip:
search archives of clamav-virusdb mailing list.
--
Tomasz Papszun SysAdm @ TP
see clamd
running. Is it should be running?
[...]
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.net email is sponsored
name?
I guess that you use very old database - Win32.Mix isn't present in
the database since the end of February 2004.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net
left which also is used by your mail subsystem. Search the
filesystem for .cvd and .db files.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Fri, 04 Jun 2004 at 10:10:30 -0700, Jim wrote:
What does clamav refer to Plexus or Explet as ? The symantec name is
[EMAIL PROTECTED]
Worm.Plexus.A
Does clamav catch this virus?
Yes. Since 2004.06.04 22:07 GMT.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL
.
And the numbers of viruses are different (21857, 21773).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
.
Isn't clamd running as root now? (check with 'ps aux|grep clamd').
Not secure...
You can use User amavis in clamav.conf instead. Or read Stephen Gran's
message in this thread.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones
/logrotate.d/ use directives like these:
delaycompress
postrotate
/etc/init.d/clamav-freshclam reload /dev/null
endscript
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
distribution
modified ClamAV extensively.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Mon, 14 Jun 2004 at 11:28:57 +0200, Pippi Langstrumpf wrote:
--- Tomasz Papszun [EMAIL PROTECTED]
schrieb: On Wed, 09 Jun 2004 at 16:38:27 +0200,
Pippi
Langstrumpf wrote:
I have a problem to activate clamuko. I tested it
with
an clamav-testfile. I opend the file and nothing
to
find them and remove.
Similar situations have been described on the list.
HTH
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
results, but...), my socket:
$ v /var/run/clamav/clamd.ctl
srwxrwxrwx1 amavis amavis 0 Jun 7 19:55 /var/run/clamav/clamd.ctl=
Please help me, because I don't know where I can continue looking
for errors, thanks Harald
Seems that my message won't help you, sorry.
--
Tomasz Papszun
On Wed, 16 Jun 2004 at 15:07:02 +0200, Harald Arnold wrote:
Am Mit, 2004-06-16 um 13.48 schrieb Tomasz Papszun:
On Wed, 16 Jun 2004 at 13:04:45 +0200, Harald Arnold wrote:
Socket definition:
srwxr-x---1 vscanvscan 0 Jun 16 10:29 amavisd.sock
Again, just
it back to some mailbox-type
folder, thus converting them to mailbox-type.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
users)?
Seems that amavisd-new (an interface between MTA and virus
scanner/content filters) supports .hqx files.
I don't know about .sit and .sitx though - maybe not.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros
in clamav.conf.
box that I'm running it on, and clamav must be pretty
CPU intensive.
[...]
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
soon.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email sponsored
as big ;-) .
I don't even believe that 1 b (1 bit) is divisible into 1 thousand
parts (1 mb means 1 milibit) :-| .
I _do_ consider a 134 MB email as big, though.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros
Of course remove set -x as it was needed only for debugging.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
programs ;-) .
problem that I don't even have clamav.conf??
clamav.conf isn't used by clamscan (just by clamd and clamdscan), so if
you don't use clamd, you don't need clamav.conf.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl
endscript
are present.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net
with your country code.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email
Is database.clamav.net resolvable with 'host' command?
You may want to check the archives for similar DNS-related problems.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
to clamdscan directly on command line.
The bug was reported today by Piotr Gackiewicz.
A fix will be available tomorrow in CVS.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net
your freshclam doesn't use the freshclam.conf you edited.
Maybe you have some older freshclam left from old installation (or other
clamav-related files anyway).
Try to find such files and remove them.
Tip: what happens when you run freshclam calling it with the full path
name?
--
Tomasz Papszun
CEST using DSA key ID 985A444B
gpg: BAD signature from Tomasz Kojm [EMAIL PROTECTED]
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
on MTA used, such simple filtering (of extensions,
subjects etc.) can be done in MTA itself, before reaching amavisd-new. I
think that you should get more details about their setup and then you
can search documentation and mailing lists of those particular programs.
--
Tomasz Papszun SysAdm
On Thu, 08 Jul 2004 at 23:59:14 -0600, Patrick Liechty wrote:
I am using Qmail with Maildir format. Does -mbox work with Maildir mail
boxes?
From the ChangeLog:
Fri Aug 29 06:00:01 CEST 2003
-
* libclamav: enabled support for Maildir files
--
Tomasz
:10 2004 - ERROR: ScanStream: accept timeout.
[EMAIL PROTECTED]:/var/log/clamav#
I don't know if Debian package of 0.74 already contains the fix for the
following bug or not. Quoting my own message:
From: Tomasz Papszun [EMAIL
StreamSaveToDisk, ScanOLE2,
ScanMail, ScanArchive enabled.
How can this be fixed so Norton can go away?
Thanks, Alex
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones
to recieve a copy of this myself, so
all i have are forwards from outlook, which makes an ungodly
mess of the email itself. however, i can provide a sample if
anyone is interested.
No, thanks :-) . We have got many.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
.
[...]
--
Eric Wheeler
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net
help?
http://www.gossamer-threads.com/lists/clamav/virusdb/10298 :
From: Tomasz Papszun [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Clamav-virusdb] Update (main: 24, daily: 398)
Date: Thu, 8 Jul 2004 02:50:02 +0200
Message-ID
. It's described in signatures.pdf.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
in the updates list entry for 423 about
updating to version 0.75; is this necessary for some new
sigs? I'm running 0.72.
Yes.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
.
Still don't get a positive scan on my end, though.
Help? Don't want to post the virus publicly of course... what now?
As a temporary, one-time solution, send it to me (to the address @lodz..
shown below).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
should try to use the current version (0.75 at the
moment). If your SuSE doesn't deliver it, just compile and install it
yourself. It isn't difficult.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL
getting through
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email
, backported changes:
[...]
* libclamav: Some MyDoom.I were getting through
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
encoded messages.
ClamAV devel-20040722 does.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
On Mon, 26 Jul 2004 at 22:16:42 +0200, Tomasz Papszun wrote:
On Mon, 26 Jul 2004 at 14:08:21 -0500, Damian Menscher wrote:
On Mon, 26 Jul 2004, Mitch (WebCob) wrote:
I *THINK* it *MIGHT* be because mydoom.o has uneven linelengths in the
uuencoding. I know that bug was fixed recently
pointers.
I don't know how many hours back off GMT is US Central time. You need
just decrease some number of hours from the above value.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
or a corresponding
entry in freshclam.conf, e.g.:
OnUpdateExecute /path/to/fresh.sh
where fresh.sh is a shell script which does needed things.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
On Tue, 03 Aug 2004 at 14:16:15 +0100, Bad Apple wrote:
Many thank for quick reply .I will upload the virus
file
The signature has been added (Worm.Mabutu.A.2) and the database updated.
Thank you.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
systems delete ordinary files in /tmp during a startup. So if, for
whatever reason, a reboot happens before you have completed your upgrade
and restored all the needed configuration details, you're lost anyway.
Well, maybe not entirely - you have backups, haven't you? :-)
HTH
--
Tomasz Papszun
start clamd only
with -c to point to the configuration file.
Which options you start clamd with - is irrelevant here.
It matters which options you call clamdscan with!
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones
On Tue, 10 Aug 2004 at 13:39:57 +0300, Arthur Kerpician wrote:
Tomasz Papszun wrote:
Which options you start clamd with - is irrelevant here.
It matters which options you call clamdscan with!
I was using a snapshot (clamav-20040805.tar.gz) when getting this
warning. Now I rolled back
On Tue, 10 Aug 2004 at 14:30:32 +0200, Niek wrote:
Tomasz Papszun said the following on 8/10/2004 1:45 PM GMT+2:
On Tue, 10 Aug 2004 at 13:39:57 +0300, Arthur Kerpician wrote:
Clamdscan is called by qmail-scanner-1.23 and don't remember
setting any -r option anywhere.
I don't know qmail
time?
Overall, I'm impressed, I must say :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
a .cvd file with sigtool. Only virusdb maintainers
can. Cvd files are digitally signed by them. It is on purpose - to make
faking database impossible.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED
On Mon, 16 Aug 2004 at 21:55:16 +0200, Niek wrote:
I don't know what your return times of the sourceforge mailing lists are.
But over here, it can take up to 1.5, 2hours during USA daytime.
Indeed.
We are planning to move MLs to a new server in September.
--
Tomasz Papszun SysAdm @ TP
]
[...]
--
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
condition (the filenames
are very predictable).
You'd better use files in a directory writable only by the user
executing the scripts or use mktemp(1) to create unique filenames.
You remove the files at the end of scripts, so having nice-looking names
isn't needed anyway.
--
Tomasz Papszun SysAdm @ TP
.
But if I unzip the files and run clamscan on those files I didn't get
the trojan.
= May be a bug with internal unzip for executables ?
Nobody can answer unless you submit the file.
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
SF.Net email is sponsored by Shop4tech.com-Lowest
.
These contain a new, advanced structure of patterns and are understood
and used by devel versions.
It's only a minor problem for people using the stable version. You can
safely ignore those messages.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
and test signatures (EICAR and ClamAV-Test-Signature).
Also, do NOT send notifications to intended recipients (or they will
hate you ;-) ).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED
the current devel version?
Email scanning has been improved significantly in devel.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
proxy server and TCP port for database
downloads.
freshclam.conf(5)
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
0100 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
, a today's devel becomes a tomorrow's stable.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
for new updates ( so for every 10 mins it
can check 5 different locations..right ? Is this a good idea ?
No.
P.S.
Please stop top-posting.
http://www.xs4all.nl/~hanb/documents/quotingguide.html
http://www.netmeister.org/news/learn2quote.html
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland
a compression ratio of 466. Is this
possible ?
[...]
Of course. It depends just on the kind of compressed data.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL
On Fri, 27 Aug 2004 at 13:21:33 +0200, Daniel Lord wrote:
[...]
Offset looked up by hand. And signature generated by siggen :)
Linux.god.rk.tgz.sshsignatur.lo
(Clam)=726F6F74406C6573736F6E732E6D656E636865792E636F6D7D957D9503FF
All letters in signatures must be lowercase.
--
Tomasz
it in the archive) that
I have seen BMP files compressed more than 200 times. DOCs: 236. DBF:
1101. WAV: 1182.
P.S.
Please don't top-post.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
to move SPAM around?
Yes, there are known exploits with .chm files.
An example notice is at
http://www.us-cert.gov/cas/techalerts/TA04-099A.html
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED
/clamav/clamd.pid
--- Stopped at Sun Aug 29 06:34:34 2004
I searched on the internet (google) and I see similar problems, but not
this problem. Any help would be appreciated.
Looks like a permission problem.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED
programs.)
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email is sponsored
]
Win32.HLLM.Blackworm
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
---
This SF.Net email
can't be sure it's exactly the same virus.
(Otherwise I am very happy with clamav. I use it for 6 month now and had
only 2 virii getting through. One was added to the database several minutes
Good to hear that :-) .
later, the other is the one above.)
--
Tomasz Papszun SysAdm @ TP S.A. Lodz
in the ChangeLog, UPX decompressor has been added to
devel versions in June/July 2004.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
).
To enable stable version to detect this, the signature Worm.Mydoom.V has
just been added to the database.
Similar problem with Worm.Mydoom.U was addresses 2,5 h ago.
Thanks
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones
On Sat, 11 Sep 2004 at 11:14:25 +0500, Sergey wrote:
On Friday 10 September 2004 23:01, Tomasz Papszun wrote:
That's right, devel versions have been able to detect this (and an other
new variant - Worm.Mydoom.U - also).
Hmm... Is the online scanner not latest ClamAV ? I understand what
upload
MS-DOS samples. Submitting them normal way
( http://www.clamav.net/sendvirus.html ) would be probably a waste of
your and our time, but via FTP is OK.
Thank you
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros
? If with
clamdscan, then the user running clamd would have to have access to the
scanned files.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
are
simply too lazy to add, activate, or tune new options without such
dramatic changes.
I'd like to add that changing the name from clamav.conf to clamd.conf
was requested by users on the ML a few times. So, it's not our fault
;-).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's
to the internet with our aix systems, but I would like
the peace of mind having a scanning tool in place. Thanks.
http://database.clamav.net/main.cvd
http://database.clamav.net/daily.cvd
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso
Why does clamav report those?
Because of a mistake. It will be corrected quickly. We are sorry.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus
-r--r-- 4 lplp 136 18 Oct 10:49 clamav
And inside are:
-rw-rw 1 root lp 4 18 Oct 10:39 clamd.pid
srwxrwxrwx 1 root lp 0 18 Oct 10:39 clamd.sock
Why is /var/clamav (and files there) owned by lp (i.e. print) user
and group??
--
Tomasz Papszun SysAdm @ TP S.A. Lodz
much.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman
and I've found such messages
dated far more ago (since February). From various senders.
If I'm the only one seeing it I'll troubleshoot my amavis-new config to
see if it is doing something bizarre...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
to be from Trog, thought the other poster that said they were forwarded
That's strange as none of messages from Trog to clamav-users (as
delivered to my mailbox) contains rfc822.
So maybe some local problem at your sites?...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL
' for the list of accepted
command-line options. Other options can be enabled in clamd.conf, as
shown in the warnings.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net
with modes like a-r if the files
in the archive were such. Then it couldn't scan them. Obviously the type
of the files (gif, doc etc.) didn't matter. It was quickly fixed after I
reported it - thanks to amavisd-new developers :-).
So, it may be (or not) a similar situation.
--
Tomasz Papszun
]: ProcessClamAVOutput:
unrecognised line webuserprefs-0.5/ChangeLog. Please contact the authors!
[...]
And so I figured I'd send this here to see what the problem might be.
As it was MailScanner that printed it, you should contact the
MailScanner's authors, not ClamAV's ones, I think.
--
Tomasz Papszun SysAdm
On Wed, 27 Oct 2004 at 15:22:00 +0100, [EMAIL PROTECTED] wrote:
[...]
Well at least I know this SPF thing really works. !!! It is almost as good
as ClamAV.
But it makes .forward hardly useful :-( .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
objects into Office files.
So, without examining the sample, one can't say if it contained a
malware or whether it was a false positive.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http
. This option disables recommended options
and allows you to enable selected options. DO NOT
ENABLE IT unless you know what you are doing.
Default: disabled
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http
.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman/listinfo
errors and retry.
I though I missed something and repeated the process but got the same
result. Any ideas?
Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables
option while clamav online scanner - not.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
/20040924.154209.259e44e9.en.html
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman
of signature is missing because a file it's
broken?)
I believe so. To be sure, the samples would have to be examined.
I don't think clamav and kav use signatures which differs a
lot, do they?
They surely differ.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL
/Further_proof_that_the_human_race_is_doomed.htm
http://www.doheth.co.uk/funny/doomed.php
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
(with one launching of clamscan), performance
increasing thanks to using clamdscan instead of clamscan - is
negligible (because the program and the database are loaded only one
time).
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso
1 - 100 of 360 matches
Mail list logo