Re: [Clamav-users] Duplicates in viruses.db?
>thanks for the report. There will be general database cleanups at the >end of the year when we will be moving the current signatures to a new >database format (cvd is only a container file). will there also be "date added" and "last change" or similiar fields? well, this is not really needed in the DB used to scan, but would be a very nice feature in some reports for example, i missed that at the search form of http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Duplicates in viruses.db?
> will there also be "date added" and "last change" or similiar fields? Yes, there will. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Welcome to the "Clamav-users" mailing list
Hi, I don't know if it's the right list for this post, if not, take my apologizes for this message. I've got some problem for running qmailscanner + ClamAV on FreeBSD 4.8. All messages > 5/10 kb are refused with this error (/var/log/qmail/smtpd/current) : clam_scanner: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 This is my startup script /service/qmail-smtpd/run : #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` qmaildir=/var/qmail QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE QS_SPAMASSASSIN="on" export QS_SPAMASSASSIN exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp "$qmaildir"/bin/qmail-smtpd 2>&1 -- This script works fine with qmailscanner/ClamAV on Debian distibution, and I use the same for my FreeBSD box. I use qmail-scanner-1.20rc1 (rc4 fail to configure on FreeBSD) and ClamAV 0.54. Any ideas ? Regards --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Welcome to the "Clamav-users" mailing list
make sure clamd is running as qscand (or whatever the username of qmail-scanner is). On Thursday, October 30, 2003, at 07:06 AM, David du SERRE-TELMON wrote: Hi, I don't know if it's the right list for this post, if not, take my apologizes for this message. I've got some problem for running qmailscanner + ClamAV on FreeBSD 4.8. All messages > 5/10 kb are refused with this error (/var/log/qmail/smtpd/current) : clam_scanner: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 This is my startup script /service/qmail-smtpd/run : #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` qmaildir=/var/qmail QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE QS_SPAMASSASSIN="on" export QS_SPAMASSASSIN exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp "$qmaildir"/bin/qmail-smtpd 2>&1 -- This script works fine with qmailscanner/ClamAV on Debian distibution, and I use the same for my FreeBSD box. I use qmail-scanner-1.20rc1 (rc4 fail to configure on FreeBSD) and ClamAV 0.54. Any ideas ? Regards --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamscan does not extract zip's
Hi, i hope now i can post. I have a problem with clamscan 0.6 on SuSe 8.2: I made a archive containing some directories, subdirectories and eicar.com-files. It works fine for .rar and .tar archives. But when i use it on the same package as zip, it checks only the zip as a file. (Scanned files: 1) and it detects only that one file. Other scanners are detecting them all, even clamscan when they are packed as rar or tar. It's not a zip-file-error - i tried many options, my unzip-tool works fine. clamscan --unzip -r aha.zip clamscan -r aha.zip clamscan aha.zip clamscan --mbox aha.zip ...and so on - always the same output I even tried chmod 777 on all the files and zipped it again... like I said, clamscan --tar aha.tar works fine, other scanners are detecting the files inside the zip, what can I do ? -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Milter errors...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Clam-users I downloaded clamav .60 and compiled with the milter option for use with sendmail on my redhat9 system. It worked for about a day and started to refuse connections to the socket giving mailog errors like this: Milter (clmilter): to error state: 64 Time(s) Milter (clmilter): error connecting to filter: Connection refused by /var/run/clmilter.sock: 64 Time(s) So I downloaded, compiled, and installed the latest development build (yesterday) and it *appears* to work. If I send a test virus, it refuses the connection and fires out an email stating so, but I'm STILL getting the same errors in my mailogs. Any ideas what's going on?? Many thanks, Tobias -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/oRyQ8SyNUqEG5J0RAjxLAKCfgvFQM+8GcVNPN9tRXAZ62mTUeQCfb9zD qT79E3BZCvgrmqSMpni4EDI= =0wfF -END PGP SIGNATURE- --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
On Thu, 30 Oct 2003 14:42:59 +0100 (MET) "Riki Cubek" <[EMAIL PROTECTED]> wrote: > the files inside the zip, what can I do ? Please send me that zip (or upload it to some site) for analysis. Best regards, Tomasz Kojm -- oo. http://www.clamav.net/gpg/tkojm.gpg (\/)\. 0DCA5A08407D5288279DB43454822DC8985A444B \..._ Thu Oct 30 15:05:59 CET 2003 //\ /\ pgp0.pgp Description: PGP signature
Re: [Clamav-users] clamscan does not extract zip's
On Thu, 30 Oct 2003 at 14:42:59 +0100, Riki Cubek wrote: > > I have a problem with clamscan 0.6 on SuSe 8.2: > > I made a archive containing some directories, subdirectories and > eicar.com-files. > It works fine for .rar and .tar archives. But when i use it on the same > package as zip, it > checks only the zip as a file. (Scanned files: 1) and it detects only that > one file. Other > scanners are detecting them all, even clamscan when they are packed as rar > or tar. > > It's not a zip-file-error - i tried many options, my unzip-tool works fine. > > clamscan --unzip -r aha.zip > clamscan -r aha.zip > clamscan aha.zip > clamscan --mbox aha.zip ...and so on - always the same output So, what's the output, exactly? > I even tried chmod 777 on all the files and zipped it again... > > like I said, clamscan --tar aha.tar works fine, other scanners are detecting > > the files inside the zip, what can I do ? You can show us the exact result you get :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
clamscan --unzip -r aha.zip or clamscan -r aha.zip: /home/riki/temp/aha.zip: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.294 sec (0 m 0 s) the same files and directories, as tar: clamscan --tar -r aha.tar: eicar.com nocheindir/ nocheindir/einText.txt testdir1/ testdir1/eicar.com testdir1/testdir2/ testdir1/testdir2/eicar.com testdir1/testdir2/einText.txt testdir1/testdir2/aha.com testdir1/einText.txt testdir1/aha.com /tmp/57764d91c2c6f6c7/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/testdir2/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/nocheindir/einText.txt: OK /home/riki/temp/aha.tar: Infected Archive FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 4 Scanned files: 8 Infected files: 5 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.308 sec (0 m 0 s) -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ aha.zip Description: Zip archive
Re: [Clamav-users] clamscan does not extract zip's
clamscan --unzip -r aha.zip or clamscan -r aha.zip: /home/riki/temp/aha.zip: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.294 sec (0 m 0 s) the same files and directories, as tar: clamscan --tar -r aha.tar: eicar.com nocheindir/ nocheindir/einText.txt testdir1/ testdir1/eicar.com testdir1/testdir2/ testdir1/testdir2/eicar.com testdir1/testdir2/einText.txt testdir1/testdir2/aha.com testdir1/einText.txt testdir1/aha.com /tmp/57764d91c2c6f6c7/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/testdir2/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/nocheindir/einText.txt: OK /home/riki/temp/aha.tar: Infected Archive FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 4 Scanned files: 8 Infected files: 5 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.308 sec (0 m 0 s) -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
On Thu, 30 Oct 2003 at 15:07:03 +0100, Tomasz Kojm wrote: > On Thu, 30 Oct 2003 14:42:59 +0100 (MET) > "Riki Cubek" <[EMAIL PROTECTED]> wrote: > > > the files inside the zip, what can I do ? > > Please send me that zip (or upload it to some site) for analysis. > > Tomasz Kojm Riki, I can see that you posted the zip file to the mailing list. This is bad. Tomasz Kojm asked you to send it *to him*, not all the list! Moreover, as the file contains "viruses" (in fact, just test viruses, but anyway), the message was, of course, stopped by ClamAV and quarantined. So for future purposes: if you want to send some file for checking, you must zip it in another zip file, with password protection, and write that password in the body of the message (the best password for such purpose is "virus"). Anyway, I looked at the quarantined message and I can see that you wrote there: clamscan --unzip -r aha.zip or clamscan -r aha.zip: /home/riki/temp/aha.zip: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.294 sec (0 m 0 s) the same files and directories, as tar: clamscan --tar -r aha.tar: eicar.com nocheindir/ nocheindir/einText.txt testdir1/ testdir1/eicar.com testdir1/testdir2/ testdir1/testdir2/eicar.com testdir1/testdir2/einText.txt testdir1/testdir2/aha.com testdir1/einText.txt testdir1/aha.com /tmp/57764d91c2c6f6c7/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/testdir2/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/nocheindir/einText.txt: OK /home/riki/temp/aha.tar: Infected Archive FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 4 Scanned files: 8 Infected files: 5 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.308 sec (0 m 0 s) === So you are concerned that only one virus was found by clamscan in the zip file, aren't you? No need to. This is a normal behaviour of clamscan. When it finds a first infected file in the zip archive, it reports that the archive (as a whole) is infected (contains a virus). It's enough, checking the rest is a waste of time. The archive itself is infected, period. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Milter errors...
I change clamav-milter with ivs-milter (search Internet with Google) and works very well ! - Original Message - From: "Tobias Rice" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 30, 2003 4:13 PM Subject: [Clamav-users] Milter errors... > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Clam-users > I downloaded clamav .60 and compiled with the milter option for use with > sendmail on my redhat9 system. It worked for about a day and started to > refuse connections to the socket giving mailog errors like this: > > Milter (clmilter): to error state: 64 Time(s) > Milter (clmilter): error connecting to filter: Connection refused by > /var/run/clmilter.sock: 64 Time(s) > > > So I downloaded, compiled, and installed the latest development build > (yesterday) and it *appears* to work. If I send a test virus, it refuses > the connection and fires out an email stating so, but I'm STILL getting > the same errors in my mailogs. > Any ideas what's going on?? > Many thanks, > Tobias > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.3 (MingW32) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQE/oRyQ8SyNUqEG5J0RAjxLAKCfgvFQM+8GcVNPN9tRXAZ62mTUeQCfb9zD > qT79E3BZCvgrmqSMpni4EDI= > =0wfF > -END PGP SIGNATURE- > > > > --- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
> Riki, I can see that you posted the zip file to the mailing list. > This is bad. Tomasz Kojm asked you to send it *to him*, not all the > list! Sorry, i thought only with eicar.com that would be ok (although I know that eicar.com is detected like real viruses !?!). I also thought I sent it (only) to Tomasz Kojm. > So you are concerned that only one virus was found by clamscan in the > zip file, aren't you? > No need to. This is a normal behaviour of clamscan. Yes, I was - and I'm still ! > When it finds a first infected file in the zip archive, it reports that > the archive (as a whole) is infected (contains a virus). It's enough, > checking the rest is a waste of time. The archive itself is infected, > period. When I check an archive manually, i want the command line scanner to give me detailed information about the file AND the files archived (at least by option) - like all the other command line scanners do, or like clamscan even does itself with .rar, .tar.gz or .tar-files. Isn't it normally that users like me get unsure when all the scanners - clamscan included - make the same output for all the archive-types, but only clamscan does a special one with zip-files ? -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Segmentation faults with clamscan
Hello! I am using clamscan 0.60 on FreeBSD 4.8. I am using clamscan to check mbox files and have had a 10% rate of failure. The program is dumping a core. I was able to isolate the emails in the mboxes which are causing the problem. I don't see anything unusual about the emails. Is there a problem I am not aware of with clamscan on FreeBSD? If someone is interested, I can send the emails and the core dumps. Thanks, - Jamie --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Segmentation faults with clamscan
On Do 30 Okt 2003 07:59:02p jamie wrote: > I am using clamscan 0.60 on FreeBSD 4.8. Hi, this version is hopelessly outdated. Grab a new snapshot from here: http://clamav.sourceforge.net/snapshot/ Greetings, Bernd --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] New cvd database update
Hi! I have the impression that the new databases are not updated e.g. on http://clamav.sourceforge.net/database/. Is there a reason for that? I run already clamd with the new virus database formats (20031026 snapshot) and rely on the updates. Wolfgang --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New cvd database update
I'm sitting at my desk, reconfiguring my network monitor, when the phone rings. Caller-ID tells me it's Wolfgang Schulz. I pick the receiver up and say: > I have the impression that the new databases are not updated e.g. on > http://clamav.sourceforge.net/database/. Is there a reason for that? I > run already clamd with the new virus database formats (20031026 > snapshot) and rely on the updates. There was a problem when uploading the database to the mirrors sites. It should be ok now. Sorry for the inconvenience. -- Luca 'NERvOus' Gibelli ([EMAIL PROTECTED] || [EMAIL PROTECTED]) Home Page: http://www.nervous.it BOFH excuse 8769: * That's easy to fix, but I can't be bothered. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Segmentation faults with clamscan
On Thu, 30 Oct 2003, Bernd Kuhls wrote: > On Do 30 Okt 2003 07:59:02p jamie wrote: > > > I am using clamscan 0.60 on FreeBSD 4.8. > > Hi, > > this version is hopelessly outdated. Grab a new snapshot from here: > > http://clamav.sourceforge.net/snapshot/ > > Greetings, Bernd Thanks, Bernd. That fixed the problem. - Jamie > > > > --- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
On Thu, 30 Oct 2003 at 18:56:13 +0100, Riki Cubek wrote: > > > So you are concerned that only one virus was found by clamscan in the > > zip file, aren't you? > > No need to. This is a normal behaviour of clamscan. > > Yes, I was - and I'm still ! > > > When it finds a first infected file in the zip archive, it reports that > > the archive (as a whole) is infected (contains a virus). It's enough, > > checking the rest is a waste of time. The archive itself is infected, > > period. > > When I check an archive manually, i want the command line scanner to give > me detailed information about the file AND the files archived (at least by > option) - like all the other command line scanners do, or like clamscan > even does itself with .rar, .tar.gz or .tar-files. Isn't it normally that > users like me get unsure when all the scanners - clamscan included - make > the same output for all the archive-types, but only clamscan does a > special one with zip-files ? > The way to get results of scanning of all files in a zip file is disabling built-in archive support in libclamav (--disable-archive) and enabling scanning with external unzip program (--unzip[=FULLPATH]). The examples of scanning a zip file contaning more than one infected file in the archive: 1) default way: $ clamscan Backdoor.Konik.06b.zip Backdoor.Konik.06b.zip: Trojan.Konik.06b-client FOUND --- SCAN SUMMARY --- Known viruses: 9902 Scanned directories: 0 Scanned files: 1 Infected files: 1 (only one virus is reported), 2) "enhanced" way: $ clamscan --disable-archive --unzip Backdoor.Konik.06b.zip Archive: /home/tomek/vir/Backdoor.Konik.06b.zip inflating: info_trojan.txt inflating: klient_konik.exe inflating: config.exe inflating: winamp.exe inflating: Achates.html inflating: register.reg /home/tomek/c995944d53c70058/info_trojan.txt: OK /home/tomek/c995944d53c70058/klient_konik.exe: Trojan.Konik.06b-client FOUND /home/tomek/c995944d53c70058/config.exe: Trojan.Konik.06b-config FOUND /home/tomek/c995944d53c70058/winamp.exe: Trojan.Konik.06b-server FOUND /home/tomek/c995944d53c70058/Achates.html: OK /home/tomek/c995944d53c70058/register.reg: OK /home/tomek/vir/Backdoor.Konik.06b.zip: Infected Archive FOUND --- SCAN SUMMARY --- Known viruses: 9902 Scanned directories: 1 Scanned files: 6 Infected files: 3 (all files and viruses are reported). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
> The way to get results of scanning of all files in a zip file is > disabling built-in archive support in libclamav (--disable-archive) and > enabling scanning with external unzip program (--unzip[=FULLPATH]). > > The examples of scanning a zip file contaning more than one infected > file in the archive: > $ clamscan --disable-archive --unzip Backdoor.Konik.06b.zip > Archive: /home/tomek/vir/Backdoor.Konik.06b.zip > inflating: info_trojan.txt > inflating: klient_konik.exe > inflating: config.exe > inflating: winamp.exe > inflating: Achates.html > inflating: register.reg > /home/tomek/c995944d53c70058/info_trojan.txt: OK > /home/tomek/c995944d53c70058/klient_konik.exe: Trojan.Konik.06b-client > FOUND > /home/tomek/c995944d53c70058/config.exe: Trojan.Konik.06b-config FOUND > /home/tomek/c995944d53c70058/winamp.exe: Trojan.Konik.06b-server FOUND > /home/tomek/c995944d53c70058/Achates.html: OK > /home/tomek/c995944d53c70058/register.reg: OK > /home/tomek/vir/Backdoor.Konik.06b.zip: Infected Archive FOUND > > --- SCAN SUMMARY --- > Known viruses: 9902 > Scanned directories: 1 > Scanned files: 6 > Infected files: 3 > > (all files and viruses are reported). > Thanks, that's it ! Maybe with that option its not as fast as with built-in archive support - but that is what i'm searching for. -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav-milter frequently dies
I installed clamav just a couple of weeks ago, and really like it when everything works fine, but the clamav-milter frequently dies on the system. Now every 6 hours I have a cron job restart clamav-milter and clamd just to make sure things are running, but even that doesn't seem to help all the time. It takes anywhere from minutes to hours for the clamav-milter to lock up. I don't see too many people complaining about the clamav-milter functionality, so is it me or is it the code? Thanks for any feedback! Dan Metcalf Network & Security Consulting http://networking.metcalfs.com t. 818-244-9607 System notes: RedHat 8.0 - patched Sendmail 8.12 - patched spamassassin 2.6 spamass-milter clamav 0.60 Config files for those who would like to see them: sendmail.mc dnl Spamass-Milter configuration INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl dnl ClamAV Anti-Virus configuration INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clmilter.sock,F=, T=S:1m;R:1m;E:4m')dnl clamav.conf LogFile /var/log/clamav LogTime LogSyslog PidFile /var/run/clamd.pid DataDirectory /usr/local/share/clamav LocalSocket /var/run/clamd.sock MaxConnectionQueueLength 30 StreamSaveToDisk StreamMaxLength 10M ThreadTimeout 500 MaxDirectoryRecursion 15 FollowDirectorySymlinks FollowFileSymlinks SelfCheck 3600 ScanMail ScanArchive ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec ClamukoIncludePath /home ClamukoMaxFileSize 1M ClamukoScanArchive --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter frequently dies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I posted the same thing this morning, actully... Try using the current snapshot. Dan Metcalf wrote: | I installed clamav just a couple of weeks ago, and really like it when | everything works fine, but the clamav-milter frequently dies on the system. | Now every 6 hours I have a cron job restart clamav-milter and clamd just to | make sure things are running, but even that doesn't seem to help all the | time. It takes anywhere from minutes to hours for the clamav-milter to lock | up. I don't see too many people complaining about the clamav-milter | functionality, so is it me or is it the code? | | Thanks for any feedback! | | Dan Metcalf | Network & Security Consulting | http://networking.metcalfs.com | t. 818-244-9607 | | System notes: | RedHat 8.0 - patched | Sendmail 8.12 - patched | spamassassin 2.6 | spamass-milter | clamav 0.60 | | Config files for those who would like to see them: | sendmail.mc | | dnl Spamass-Milter configuration | INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, | T=C:15m;S:4m;R:4m;E:10m')dnl | dnl ClamAV Anti-Virus configuration | INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clmilter.sock,F=, | T=S:1m;R:1m;E:4m')dnl | | clamav.conf | | LogFile /var/log/clamav | LogTime | LogSyslog | PidFile /var/run/clamd.pid | DataDirectory /usr/local/share/clamav | LocalSocket /var/run/clamd.sock | MaxConnectionQueueLength 30 | StreamSaveToDisk | StreamMaxLength 10M | ThreadTimeout 500 | MaxDirectoryRecursion 15 | FollowDirectorySymlinks | FollowFileSymlinks | SelfCheck 3600 | ScanMail | ScanArchive | ArchiveMaxFileSize 10M | ArchiveMaxRecursion 5 | ArchiveMaxFiles 1000 | ClamukoScanOnOpen | ClamukoScanOnClose | ClamukoScanOnExec | ClamukoIncludePath /home | ClamukoMaxFileSize 1M | ClamukoScanArchive | | | | --- | This SF.net email is sponsored by: SF.net Giveback Program. | Does SourceForge.net help you be more productive? Does it | help you create better code? SHARE THE LOVE, and help us help | YOU! Click Here: http://sourceforge.net/donate/ | ___ | Clamav-users mailing list | [EMAIL PROTECTED] | https://lists.sourceforge.net/lists/listinfo/clamav-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/oaBr8SyNUqEG5J0RAsFrAKC8YWu9DPig619HP1lqbSrhWTiY/QCfRGBv vya275g9Y/G8n5ANHFVm2H0= =7oD3 -END PGP SIGNATURE- --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
