Re: [Clamav-users] Version 0.66? (was RE: VBA decoding, update)
On Fri, 23 Jan 2004 10:55:58 -0500 Dennis Skinner <[EMAIL PROTECTED]> wrote: > On Fri, 2004-01-23 at 05:28, Tomasz Kojm wrote: > > > Great work !! Hope the community will help us with testing (just run > > the latest CVS clamscan on your office files). > > Are you going to release 0.66 before implementing the OLE2 unpacker? There will be a small delay (like always) in the new stable release OLE2/VBA support is very important and we really need it in the next stable version to start collecting missing signatures for macro viruses. Sorry ! Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 23 21:00:46 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Version 0.66? (was RE: VBA decoding, update)
Tomasz Kojm wrote: On Fri, 23 Jan 2004 10:55:58 -0500 Dennis Skinner <[EMAIL PROTECTED]> wrote: On Fri, 2004-01-23 at 05:28, Tomasz Kojm wrote: Great work !! Hope the community will help us with testing (just run the latest CVS clamscan on your office files). Are you going to release 0.66 before implementing the OLE2 unpacker? There will be a small delay (like always) in the new stable release OLE2/VBA support is very important and we really need it in the next stable version to start collecting missing signatures for macro viruses. Sorry ! Best regards, Tomasz Kojm Hm, I thought you would release 0.66 /without/ OLE2 and VBA, to make it a real _stable_ version. Then 0.67-dev could come up with OLE2 and VBA, which could receive proper testing before also becoming a new stable release. Just my 0.02 Euros Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamd (0.65): Segmentation Fault
Hello list, Found ( in "clamd.log"): Mon Jan 26 11:36:32 2004 -> Accepted connection on port 35707, fd 5 Mon Jan 26 11:36:34 2004 -> Segmentation fault :-( Bye.. With clamav 0.65 With clamav-0.60, the clamd proc die, but "segmentation fault" not logged on the "log" file. Why? please.. helpme!!! Clamav.conf : LogFileUnlock LogTime LogSyslog LogVerbose PidFile /var/run/clamd.pid LocalSocket /var/run/clamd.sock StreamSaveToDisk MaxThreads 1 ThreadTimeout 100 MaxDirectoryRecursion 15000 SelfCheck 6 User root ScanMail ScanArchive ScanRAR ArchiveMaxFileSize 0M ArchiveMaxRecursion 5 ArchiveMaxFiles 0 ArchiveLimitMemoryUsage ClamukoIncludePath /var/spool/mail --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd (0.65): Segmentation Fault
Marino, Santiago Maximiliano wrote: Hello list, Found ( in "clamd.log"): Mon Jan 26 11:36:32 2004 -> Accepted connection on port 35707, fd 5 Mon Jan 26 11:36:34 2004 -> Segmentation fault :-( Bye.. With clamav 0.65 With clamav-0.60, the clamd proc die, but "segmentation fault" not logged on the "log" file. Why? please.. helpme!!! I don't really know (maybe Tomasz can). I'd like to help you, but need more information (perhaps better in private mail rather than to the list): - Which OS (if Linux also kernel version and distribution) - exact version (from "clamscan --version") - Which file does clamd die on? It would be of _great_ help if you could make that file available somehow (but please, don't post _the file_ to the list; either mail in private or post a URL) - Nice to have: If you got that file per mail, which software do you use to feed the mails into clamd (possibly clamav-milter, amavisd, amavisd-new, mailscanner, trashcan, qmail-scanner.) Thanks for more information, Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] SCO.A virus
Hi, McAfee has picked it up and is calling it MyDOOM. Virus Information Name: W32/[EMAIL PROTECTED] Risk Assessment - Home Users: High-Outbreak - Corporate Users:High-Outbreak Date Discovered:1/26/2004 Date Added: 1/26/2004 Origin: Unknown Length: 22,528 bytes Type: Virus SubType:E-mail DAT Required: 4319 http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100983 I've blocked over 1000 of them in the last hour or so since I forced a freshclam. Regards, Rick --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] SCO.A virus
On Mon, 2004-01-26 at 23:19, Rick Macdougall wrote: > Hi, > > McAfee has picked it up and is calling it MyDOOM. > Symantec are calling it [EMAIL PROTECTED] BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] SCO.a
clamscan is finding the SCO.a fine after the attachment has been decoded out of an email: /var/spool/qmailscan/quarantine/new/body.pif: Worm.SCO.A FOUND but it will not find it while it is still in the body of the attachment mime encoded. /var/spool/qmailscan/quarantine/new/prupref-mailgate10751714524615485: OK Content-Type: application/octet-stream; name="body.pif" Content-Transfer-Encoding: base64 Content-Description: body.pif Content-Disposition: attachment; filename="body.pif" TVqQAAME//8AALgAQAAA qAAA Any suggestions? It finds other virii fine when they are still encoded, maybe the definitions need to be added for its MIME version? thanks --- Chris McKeever If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com http://www.prupref.com Prudential Preferred Properties www.prupref.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-devel-20040125 : cltypes.h: No such file or directory {Scanned}
Dear All, I just (09:00 hrs GMT, Mon 26th Jan 2004) downloaded the latest tarball to try out the OLE2 / VBA stream stuff on our file server. /configure seemed to go OK, I then tried "make" and got: > > In file included from scanners.c:39: > vba_extract.h:26: cltypes.h: No such file or directory > make[1]: *** [scanners.lo] Error 1 > make[1]: Leaving directory `/usr/local/src/clamav-devel-20040125/libclamav' > make: *** [all-recursive] Error 1 > labserver:/usr/local/src/clamav-devel-20040125# > labserver is an AMD Duron Debian box, kernel 2.4.18-1-k7. I was running as root and using gcc version 2.95.4. Any ideas? Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav Debian Packages
Hello Listers, I hereby announce that Stephen Gran and me have taken over maintenance for clamav packages in Debian. The former maintainer, Magnus Ekdahl, just doesn't find the time to take care of them. Thank you, Magnus, for your time and effort you put into them. The new packages are based on 0.65 and contain most changes from the CVS as of Jan 25, fixing at least 9 of the bugs filed at http://bugs.debian.org/clamav. If testing turns out well (it already did on 6 machines), they will get uploaded this week. There will be also (unofficial) backports for Woody, I'll post the URL here when QA has finished. After the package can be considered stable again (i.e. any reported bugs have been fixed), I am confident the debian packages will catch up on clamav development again. Looking forward, Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
