You have to upgrade ClamAV to the next version. Right now, the current version of ClamAV is 0.88.4-1. You update your def's by running freshclam.
Franklyn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ZhangFrank Sent: Saturday, October 07, 2006 10:08 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] how to upgrade ClamAV-0.87 into ClamAV-0.88.4? when I run freshclam and clamd, it says 'Your ClamAV installation is OUTDATED ','DNS record is older than 3 hours'and 'Your ClamAV installation is OUTDATED' then I check my DNS setting and clock setting, nothing is wrong. In /var/db/pkg there is clamav-0.87, so I think this is the reason that after I install clamav by pkg_add, the engine is out of date. So, how can I upgrade it? Best, Frank ---------------------------------------- > From: [EMAIL PROTECTED] > Subject: clamav-users Digest, Vol 25, Issue 5 > To: clamav-users@lists.clamav.net > Date: Sat, 7 Oct 2006 12:00:03 +0200 > > Send clamav-users mailing list submissions to > clamav-users@lists.clamav.net > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of clamav-users digest..." > > > Today's Topics: > > 1. Re: how to decern what to scan? (Robert Allerstorfer) > 2. Re: how to decern what to scan? (Andres Gonzalez Cantu) > 3. clamav-milter vs clamscan (Carl Thompson) > 4. Re: daily.wdb and daily.pdb (Robert Allerstorfer) > 5. Re: daily.wdb and daily.pdb ( T?r?k Edvin ) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 6 Oct 2006 14:33:50 +0200 > From: Robert Allerstorfer <[EMAIL PROTECTED]> > Subject: Re: [Clamav-users] how to decern what to scan? > To: ClamAV users ML <clamav-users@lists.clamav.net> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii > > On Thu, 5 Oct 2006, 08:45 GMT-04 Jim Shupert, Jr. wrote: > > > I have clam av on a redhat ES3 linux machine. > > > I do not see where i can declare what directory it is to scan? > > > what do I config to make that happen? > > > like if I wanted to scan mnt/data ( where data is a mounted 2nd drive ) or > > mnt/data/dog ( where dog is a dir on the drive data ) > > > and if I wanted to scan this once a day? > > I wrote a shell script which is intended to be run via cron once a > day and scans the entire system. The results will be mailed to the > root user. You can find it within the latest "SoftlabsAV" package at > http://sourceforge.net/projects/softlabsav/ > in the etc/cron.daily directory. Just put that file ('clamscan') into > your /etc/cron.daily directory and you are done. I am using it as it > is, also on a RHEL3 system. > > regards, > rob. > > > > > > > > > > ------------------------------ > > Message: 2 > Date: Fri, 06 Oct 2006 11:08:19 -0500 > From: Andres Gonzalez Cantu <[EMAIL PROTECTED]> > Subject: Re: [Clamav-users] how to decern what to scan? > To: clamav-users@lists.clamav.net > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > On Fri, 2006-10-06 at 12:00 +0200, [EMAIL PROTECTED] > wrote: > > Send clamav-users mailing list submissions to > > clamav-users@lists.clamav.net > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of clamav-users digest..." > > > > > > Today's Topics: > > > > 1. how to decern what to scan? (Jim Shupert, Jr.) > > 2. Re: how to decern what to scan? (Jim Maul) > > 3. Re: clamd shutdown periodicly (Nigel Horne) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Thu, 5 Oct 2006 08:45:01 -0400 > > From: "Jim Shupert, Jr." <[EMAIL PROTECTED]> > > Subject: [Clamav-users] how to decern what to scan? > > To: <clamav-users@lists.clamav.net> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="iso-8859-1" > > > > I have clam av on a redhat ES3 linux machine. > > > > I do not see where i can declare what directory it is to scan? > > > > what do I config to make that happen? > > > > like if I wanted to scan mnt/data ( where data is a mounted 2nd drive ) or > > mnt/data/dog ( where dog is a dir on the drive data ) > > > > and if I wanted to scan this once a day? > > > > thanks! > > > > j > > > > ------------------------------ > > > > Message: 2 > > Date: Thu, 05 Oct 2006 08:51:52 -0400 > > From: Jim Maul <[EMAIL PROTECTED]> > > Subject: Re: [Clamav-users] how to decern what to scan? > > To: ClamAV users ML <clamav-users@lists.clamav.net> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Jim Shupert, Jr. wrote: > > > I have clam av on a redhat ES3 linux machine. > > > > > > I do not see where i can declare what directory it is to scan? > > > > > > > pass it on the command line? > > > > > what do I config to make that happen? > > > > your brain? > > > > > > > > like if I wanted to scan mnt/data ( where data is a mounted 2nd drive ) or > > > mnt/data/dog ( where dog is a dir on the drive data ) > > > > clamscan /mnt/data/dog/ ? > > > > > > > > and if I wanted to scan this once a day? > > > > > > > cron? > > > > > thanks! > > > > > > > welcome? > > > > > > > > > > ------------------------------ > > > > Message: 3 > > Date: Thu, 05 Oct 2006 14:06:04 +0100 > > From: Nigel Horne <[EMAIL PROTECTED]> > > Subject: Re: [Clamav-users] clamd shutdown periodicly > > To: ClamAV users ML <clamav-users@lists.clamav.net> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="iso-8859-1" > > > > On 04/10/06 15:55 +0700, zen wrote: > > > Dear users, > > > i`ve just updated my clamav installation to the latest tarball, > > > but after this, my clamd service periodicly shutdown with this error > > > messages: > > > > > > Wed Oct 4 15:47:07 2006 -> No stats for Database check - forcing reload > > > Wed Oct 4 15:47:07 2006 -> Reading databases from /usr/local/share/clamav > > > Wed Oct 4 15:47:10 2006 -> ERROR: reload db failed: Unable to create > > > temporary file > > > Wed Oct 4 15:47:10 2006 -> Terminating because of a fatal error.Wed > > > Oct 4 15:47:10 2006 -> Shutting down the main socket. > > > > Build it without --enable-experimental. > > > > > > > Jim Shupert Jr. wrote: > > I have clam av on a redhat ES3 linux machine. > > > > I do not see where i can declare what directory it is to scan? > > > > what do I config to make that happen? > > > > like if I wanted to scan mnt/data ( where data is a mounted 2nd drive ) or > > mnt/data/dog ( where dog is a dir on the drive data ) > > > > and if I wanted to scan this once a day? > > > > thanks! > > > > j > > > Dear Jim, > > If you want to scan a file or a directory: > > $ mkdir /tmp/virus > > $ clamscan -riv --move=/tmp/virus [your selected file or directory, > (/home/user, for example)]. > > If you want that clamAV scans your entire HD, edit cron (I use Debian > GNU/Linux so I edited my /etc/crontab file). Maybe you > want ClamAV do this at 1:00 a.m., every day: > > 00 1 * * * root mkdir /tmp/virus ; clamscan -ri > --log=/var/log/clamscan.log --move=/tmp/virus / > > Hopefully, this could help you. > > -- > Andrés González Cantú > [EMAIL PROTECTED] > > > > ------------------------------ > > Message: 3 > Date: Fri, 06 Oct 2006 11:53:27 -0500 > From: "Carl Thompson" <[EMAIL PROTECTED]> > Subject: [Clamav-users] clamav-milter vs clamscan > To: clamav-users@lists.clamav.net > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > Does anyone have an answer to the question does clamscan act differently than > clamav-milter/clamd when mail is scanned. > > I have taken attachment files from the emails and created custom signatures > using sigtool. > > The extracted attachment is identified properly by clamscan but emails > containing the attachment are NOT identified by clamscan as being infected. > I have created these signatures on the encoded and decoded versions of the > attachment and neither are caught in an email. > > Carl > > > > > ------------------------------ > > Message: 4 > Date: Fri, 6 Oct 2006 22:14:33 +0200 > From: Robert Allerstorfer <[EMAIL PROTECTED]> > Subject: Re: [Clamav-users] daily.wdb and daily.pdb > To: ClamAV users ML <clamav-users@lists.clamav.net> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=iso-8859-1 > > On Wed, 4 Oct 2006, 10:59 GMT+03 Török Edvin wrote: > > > On 10/3/06, Robert Allerstorfer wrote: > > >> Reading phishsigs_howto.pdf from the latest snapshot tarball, it says > >> that each line must consist of *three* fields, in the form > >> > >> Flags RealURL DisplayedURL > >> > >> Is there an updated documentation where the two-fields form will be > >> explained? > > > There will be changes to the .pdb/.wdb format, and after that the > > documentation will be updated. > > For now the only change is: The two-field form, is valid only for type > > 'H', and means: > > match the host part of realURL, i.e. displayedURL can be anything. > > You seem to mean 'somedomain.tld' of the 2-field-form > > H somedomain.tld > > is the Host part of DisplayedURL (not RealURL), while RealURL (not > DisplayedURL) can be anything. > > >> (2) How can yet undetected phishings be submitted to the project? > > Submit a sample: http://cgi.clamav.net/sendvirus.cgi, following the > > rules on that page. > > OK, just submitted 2 raw mails (more than 2 submissions a day are not > allowed according to that page) which should add > > H bankofcastile.com > H imglt.com > > to 'daily.pdb' (as of 'daily.cvd' version 2000). That decreased the > amount of false-negatives (when '--phish-scan-alldomains' is not > applied) from 88.1 to 59.5% within my real-life test environment of > currently 42 Phishing.Email mails. > > If there would also be a way to add Host names of RealURLs, the > percentage decreasing would even be better. > > Best regards, > rob. > > > > ------------------------------ > > Message: 5 > Date: Fri, 6 Oct 2006 23:41:15 +0300 > From: " T?r?k Edvin " <[EMAIL PROTECTED]> > Subject: Re: [Clamav-users] daily.wdb and daily.pdb > To: "ClamAV users ML" <clamav-users@lists.clamav.net> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 10/6/06, Robert Allerstorfer <[EMAIL PROTECTED]> wrote: > > On Wed, 4 Oct 2006, 10:59 GMT+03 Török Edvin wrote: > > > For now the only change is: The two-field form, is valid only for type > > > 'H', and means: > > > match the host part of realURL, i.e. displayedURL can be anything. > > > > You seem to mean 'somedomain.tld' of the 2-field-form > > > > H somedomain.tld > > > > is the Host part of DisplayedURL (not RealURL), while RealURL (not > > DisplayedURL) can be anything. > > Right, sorry for the confusion. Actually the string following 'H' > doesn't have to be of the form 'subdomain.tld', its enough if it is a > substring of DisplayedURL. > > > > > >> (2) How can yet undetected phishings be submitted to the project? > > > Submit a sample: http://cgi.clamav.net/sendvirus.cgi, following the > > > rules on that page. > > > > OK, just submitted 2 raw mails (more than 2 submissions a day are not > > allowed according to that page) which should add > > > > H bankofcastile.com > > H imglt.com > > > > to 'daily.pdb' (as of 'daily.cvd' version 2000). That decreased the > > amount of false-negatives (when '--phish-scan-alldomains' is not > > applied) from 88.1 to 59.5% within my real-life test environment of > > currently 42 Phishing.Email mails. > > > > If there would also be a way to add Host names of RealURLs, the > > percentage decreasing would even be better. > > You can use type 'R' entries in the .pdb, where you can specify both > the realURL, and displayedURL with a regex. > However listing a realURL in the .pdb is less effective wrt future > phishes: it will only catch phishes containing that > url/host/subdomain/..., and when somebody uses a new host, it will > won't be picked up anymore. > Also watch out for false positives, when you create regexes: if you > make them too generic you might get more FPs. > > Best regards, > Edwin > > > ------------------------------ > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > End of clamav-users Digest, Vol 25, Issue 5 > ******************************************* _________________________________________________________________ 率先尝试 Windows Live Mail。 http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
