On Friday 02 Sep 2011 G.W. Haywood wrote: > Hello again, > > On Fri, 2 Sep 2011 Anne Wilson wrote: > > ... > > Since these folders are created by KMail, I assume they act as some sort > > of pointer but I can't see any clue as to exactly what they are. > > I have never used KMail and I have no idea what it might be doing. Does > > ls -l > > followed by the directory or file name help at all? > No. As I reported yesterday, that returns
ls: cannot access /home/anne/.kde/share/apps/kmail/imap/.1687036093.directory/.INBOX.directory/Newsletters: No such file or directory > > The directory that holds Newsletters would indeed have messages such as > > it claims to find. That's where I store newsletters from certain > > companies that I deal with, and some of them do indeed have such sales. > > No matter how you look at it, that makes them definitely not junk. The > > other one, from a very careful friend, probably has a news item link > > that it objects to - he often sends me them. > > The plot thickens. :) > > > I repeat, I should not have to see this false statement every day in the > > reports - I should be allowed to tell it that it's wrong. > > Firstly, you don't have to see anything you don't want to see, this is > the joy of Open Source. :) > > Secondly, these are not false statements and you should not be allowed > to tell it that it's wrong because it isn't wrong. *I* repeat, it > seems likely to me that you aren't yet in possession of all the facts. > No, you are mistaken. See below. > Thirdly, you could be a lot more forthcoming with information to allow > us to help you, but I appreciate that you may not know what many of > the questions will be, never mind the answers, so for now just try to > slow down a bit. :) > > ClamAV doesn't invent directories and their contents just to irritate > you. If we discount the theory that there's a fault in the software, > then at the time that those nauseating messages were gratuitously > written into your infuriating logs, the files mentioned in those > messages did in fact exist and did contain the strings which triggered > the warnings. > Yet ls says they do not exist. I am not denying that ClamAV found something it felt to be suspicious. I have accepted from the first that the complication is that the report is misleading - possibly through the 'fault' of KMail - and the actual mail is elsewhere. > That leaves two possibilities. Either they're still there unchanged, > or they aren't. If they are still there unchanged, then you need to > find out why you can't find them when ClamAV could. If they aren't, > presumably something modified or deleted them. Perhaps you don't > care, but I like to know what's modifying files and directories on my > systems, and why. If you just want a sticking plaster to cover up the > symptoms, I can't help you. > > Like you, I just use ClamAV, and for my purposes it works well in the > installations which I manage. I have used ClamAV for several years, and in fact use it on my Windows netbook as well. > The main reason that I use it is > apparently precisely why you don't like it, that is because it allows > me to use the Sanesecurity databases to eliminate mountains of junk > mail. And that, of course, is what has changed. My old installation did not enable Sanesecurity databases and the new one apparently does - or maybe I unwittingly turned them on. Hence my surprise at seeing these messages that had not been seen before, when scanning the same partitions. > You are at liberty not to use them if that's any help. Unfortunately, it rather looks as though definitions have been written into my database, and disabling them now does not stop the reports. In fact I have got rid of almost all of them, since they were largely in backups (and backups of backups) that are no longer required. > If you > don't know what I'm talking about then it means that you need to learn > more about how ClamAV works instead of telling us on this list that > ClamAV is making false statements -- and in all probablility wasting > resources for no good reason. It seems you are deliberately mis-representing my questions. I saw reports that I did not initially understand, and asked for help in understanding them. You are the one that is putting an evil slant on the matter. > At its simplest you can if you wish > just delete the offending databases, but you might also need to modify > a script or scripts somewhere in your system, to prevent any database > update routines (if they exist) from replacing the deleted databases > the next time they run. Alternatively you can create your own list of > signatures to be ignored. See section 3 of > > http://www.clamav.net/doc/latest/phishsigs_howto.pdf > I will read that carefully, thanks. The one thing that you constantly overlook is that one man's meat is another man's poison. You may like mail about gaming sites, I would mark them as spam. I like mail from sewing supplies companies, you would mark them as spam. That's why I choose to have bogofilter for my spam filtering - I make the definitions. When I installed ClamAV with CentOS 6 I expected it to continue to filter malware, not spam. Maybe I enabled lines in the config file that have caused this - I am quite able to believe that it is my fault - but I did not understand them to be spam filtering. That is, to me, unexpected in a virus detection tool. Using the tools that are available to me, I will attempt to turn off spam filtering. Thanks to those who tried to help. Anne
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
