Re: [Clamav-users] CVD code
On Fri, Oct 10, 2003 at 05:26:01AM +0200, Tomasz Kojm wrote: [Testing on FreeBSD 5.1] > > Thank you very much. What is the system architecture ? x86 ? > Yep, x86 (Athlon XP) //daniel wiberg -- www.wiberg.nu --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] detecting Swen vs. Worm.Gibe
Hi all, I just noticed something strange... I have a virus file that McAffee VirusScan reports as Swen, and clamd reports as Worm.Gibe.F Do those have similar signatures? I wonder why that would be. Ricardo --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] detecting Swen vs. Worm.Gibe
On Fri, 10 Oct 2003 06:42:46 -0700 "Ricardo Kleemann" <[EMAIL PROTECTED]> wrote: > Hi all, > > I just noticed something strange... I have a virus file that > McAffee VirusScan reports as Swen, and clamd reports as > Worm.Gibe.F > > Do those have similar signatures? I wonder why that would Gibe.F is just an (popular) alias for Swen. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] detecting Swen vs. Worm.Gibe
On Fri, Oct 10, 2003 at 06:42:46AM -0700, Ricardo Kleemann wrote: > I just noticed something strange... I have a virus file that > McAffee VirusScan reports as Swen, and clamd reports as > Worm.Gibe.F > > Do those have similar signatures? I wonder why that would > be. > Taken from the SYmantec website, info about Swen: Also Known As: Swen [F-Secure], W32/[EMAIL PROTECTED] [McAfee], W32/Gibe-F [Sophos], I-Worm.Swen [KAV], Win32 Swen.A [CA], WORM_SWEN.A [Trend], Worm.Automat.AHB [Previous Symantec Detection] //daniel wiberg -- www.wiberg.nu --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] detecting Swen vs. Worm.Gibe
On Fri, 2003-10-10 at 08:42, Ricardo Kleemann wrote: > Hi all, > > I just noticed something strange... I have a virus file that > McAffee VirusScan reports as Swen, and clamd reports as > Worm.Gibe.F > > Do those have similar signatures? I wonder why that would > be. Because Sophos called it Gibe.F, and they came out with a signature first. It's only us silly americans that call it swen.a ;-) > -- Daniel J McDonald, CCIE 2495, CNX Austin Energy --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] detecting Swen vs. Worm.Gibe
On Fri, 10 Oct 2003 at 6:42:46 -0700, Ricardo Kleemann wrote: > > I just noticed something strange... I have a virus file that > McAffee VirusScan reports as Swen, and clamd reports as > Worm.Gibe.F That's right. > Do those have similar signatures? I wonder why that would > be. Those are the same virus. See e.g. http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] "(...) Also Known As: Swen [F-Secure], W32/[EMAIL PROTECTED] [McAfee], W32/Gibe-F [Sophos], I-Worm.Swen [KAV], Win32 Swen.A [CA], WORM_SWEN.A [Trend], Worm.Automat.AHB [Previous Symantec Detection]". Various AV vendors use various names for the same virus. ClamAV tries to use the most appropriate and common name when releasing a signature but when there's an outbreak of some new virus, it is more important to update the database quickly than to survey possible names :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Compilation errors on RH 7.2
Hi all! I just tried ti compile latest snapshot on my RH 7.2 machine with all the latest patches but I get a pile of errors regarding autoconf and auttomake like below. Any suggestions? There are no rpm:s with newer version of these bins for RH 7.2 Regards Nicklas Hardman Univ of Borås Sweden [EMAIL PROTECTED] clamav-devel-20031010]# make cd . && /bin/sh /home/nicklas/clamav-devel-20031010/missing --run aclocal-1.6 /home/nicklas/clamav-devel-20031010/missing: aclocal-1.6: command not found WARNING: `aclocal-1.6' is missing on your system. You should only need it if you modified `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . && \ /bin/sh /home/nicklas/clamav-devel-20031010/missing --run automake-1.6 --gnu Makefile /home/nicklas/clamav-devel-20031010/missing: automake-1.6: command not found WARNING: `automake-1.6' is missing on your system. You should only need it if you modified `Makefile.am', `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . && /bin/sh /home/nicklas/clamav-devel-20031010/missing --run autoconf FATAL ERROR: Autoconf version 2.52 or higher is required for this script make: *** [configure] Error 1 --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] CVD code
On Fri, 10 Oct 2003 09:50:32 +0300 "Odhiambo G. Washington" <[EMAIL PROTECTED]> wrote: > > checking for __gmpz_init in -lgmp... no > > WARNING: GNU MP 3 or newer NOT FOUND - digital signature support > > will be disabled ! checking syslog.h usability... yes I'm not sure GNU MP 3 is really needed. Probably v2 will work as well, you can try to tweak the configure script. > I have installed libgmp4, but clamav continues to see the old version > that came in the FreeBSD base system. libgmp is backward compatible so you can remove/overwrite the old version. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: AW: [Clamav-users] Warning messages
On Fri, 10 Oct 2003 08:45:51 +0200 "SCHULZ, Wolfgang" <[EMAIL PROTECTED]> wrote: > I tried it but got an error message in config.log: > > configure:8806: gcc -o conftest -g -O2 conftest.c -lgmp >&5 > ld: fatal: file > /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.2.2/../../../libgmp.so: > wrong E LF class: ELFCLASS64 > ld: fatal: File processing errors. No output written to conftest > collect2: ld returned 1 exit status > configure:8806: $? = 1 > configure: failed program was: > > The libraries are under /usr/local/lib - maybe they are not compiled > correctly??? Do you have an idea? No, I don't. But try to add -L/usr/local/lib to the gcc command. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
AW: AW: AW: [Clamav-users] Warning messages
Found the problem - had to configure gmp with ABI=32 !!! Is this what you want to see?? /clamav-devel-20031009 ./sigtool/sigtool -i test.cvd Creation time: Oct-06 23-45 CEST Version: 1 # of signatures: 9656 Functionality level: 1 Builder: tk MD5: 8d0fdfb0f07354d92d0f0242307fc51e Digital signature: iW26GxWta2AQ0f835Sl+ETIYYAJYwf4U4qy4IdnLHGpPXukxI3gT06vOAFoJnDsKDRGZ0EyD W3KulEjYyvbXkcrXcJeCJAEqgHbpfY+JCR/lmOXeq85lYhHimq7sudUd9YORcd/tLeMV8oUV p50gdDYERc03b/i0mxyYVkyEZob Verification OK. > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag > von Tomasz Kojm > Gesendet: Freitag, 10. Oktober 2003 16:27 > An: [EMAIL PROTECTED] > Betreff: Re: AW: AW: [Clamav-users] Warning messages > > > On Fri, 10 Oct 2003 08:45:51 +0200 > "SCHULZ, Wolfgang" <[EMAIL PROTECTED]> wrote: > > > I tried it but got an error message in config.log: > > > > configure:8806: gcc -o conftest -g -O2 conftest.c -lgmp >&5 > > ld: fatal: file > > > /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.2.2/../../../libgmp.so: > > wrong E LF class: ELFCLASS64 > > ld: fatal: File processing errors. No output written to conftest > > collect2: ld returned 1 exit status > > configure:8806: $? = 1 > > configure: failed program was: > > > > The libraries are under /usr/local/lib - maybe they are not > compiled > > correctly??? Do you have an idea? > > No, I don't. But try to add -L/usr/local/lib to the gcc command. > > Best regards, > Tomasz Kojm > -- > oo. [EMAIL PROTECTED] > (\/)\. http://www.konarski.edu.pl/~zolw > \..._ I nie zapomnij kliknac w brzuszek... > //\ /\\ <- C. Amboinensiswww.pajacyk.pl > > > --- > This SF.net email is sponsored by: SF.net Giveback Program. > SourceForge.net hosts over 70,000 Open Source Projects. See > the people who have HELPED US provide better services: Click > here: http://sourceforge.net/supporters.php > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav CVS version
On Thu, 9 Oct 2003 16:35:35 +0300 Odhiambo Washington <[EMAIL PROTECTED]> wrote: > Se dam jour, > > I am requesting anyone who has successfully managed to checkout the > latest cvs version to send me a tarball of it. All my attempts to > get it has failed - connection refused! > > Thanks. > > > -Wash > Nope. I haven't had any luck with Sourceforge's CVS server for quite some time. I have three different routes to the internet, from three different physical locations, running 5 different flavors of Win32, Linux and *BSD, and with CVS versions from 1.11.1-1.12.1 All get: # cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav login Logging in to :pserver:[EMAIL PROTECTED]:2401/cvsroot/clamav CVS password: cvs [login aborted]: connect to cvs.sourceforge.net(66.35.250.207):2401 failed: Connection refused with every attempt for the past several weeks. My last successful download was 23 Sep 2003 and even then it took several attempts to connect. Could someone with contacts at Sourceforge please jiggle their elbow a bit on this? -- Ed Vázquez ~ Can anything be so elegant as to have few wants, and to serve them one's self? - Ralph Waldo Emerson --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav CVS version
On Fri, 10 Oct 2003 14:40:25 -0600 (Mountain Daylight Time), Ed Vazquez <[EMAIL PROTECTED]> wrote: with every attempt for the past several weeks. My last successful download was 23 Sep 2003 and even then it took several attempts to connect. Hi, today I've downloaded from the CVS server without any problems. Are you sure you aren't behind a firewall?. German Staltari --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re : [Clamav-users] How to build clamav library for Windows Operatingsytems
You can use Cygwin. I successfully build clamav 0.60 under cygwin after minors source modifications : After ./configure I have made this modification : * file zzip-stdint.h at line 22 #if !defined(C_CYGWIN) typedef unsigned char uint8_t;typedef signed char int8_t; #endif *file freshclam.c at line 41 /* #ifndef C_CYGWIN RB pour cygwin */ struct passwd *user; char *newdir; #ifndef C_CYGWIN * file clamd.c at line 158 #if !defined(C_CYGWIN) /* RB */ setgroups(1, &user->pw_gid) #endif *file other.c line 127 #if defined(CLAMD_USE_SYSLOG) && !defined(C_AIX) && !defined(C_CYGWIN) : /* ajout RB pour CYGWIN */ maybe there is a better way but this work for me René BEDDOK --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re[2]: [Clamav-users] clamav CVS version
On Fri, 10 Oct 2003 18:20:56 -0300 German Staltari <[EMAIL PROTECTED]> wrote: > Hi, today I've downloaded from the CVS server without any problems. > Are > you sure you aren't behind a firewall?. > > German Staltari I am behind a firewall, but this has not been an issue for non-Sourceforge CVS servers such as the BSD-Airtools project, etc. I seem to be getting random responses such as: cvs [login aborted]: end of file from server (consult above messages if any) cvs [login aborted]: unrecognized auth response from cvs.sourceforge.net: M PserverBackend::PserverBackend() Connect (Connection refused) cvs [login aborted]: recv() from server cvs.sourceforge.net: EOF cvs [login aborted]: connect to cvs.sourceforge.net(66.35.250.207):2401 failed: Connection refused I wonder if the CVS server at Sourceforge is configured such that instead of continuing a network session, it attempts to make a new connection to the client IP. That would be contrary to common network practices as well as the majority of security standards, but not too surprising. Oh, and I did try bypassing my firewalls (where possible, one is a commercial environment where bypassing is a severe security breach) with no better success. Ideas? -- Ed Vázquez ~ Can anything be so elegant as to have few wants, and to serve them one's self? - Ralph Waldo Emerson --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
