[Clamav-users] Re: Re: 5 from testvirus.com came through

[Ignasi Prat]

> >>On Friday 27 February 2004 10:27 pm, Bryce wrote:
> >>
> >>
> >>>Test # 17, 8, 5, 4, and 2 are making it through. I am using version
.65.
> >>>What can I do to prevent this?
> >>>
> >>>
> >>
> >>Binhex was added in 0.67, so all binhex encoded e-mails will get through
> >>unless you upgrade.
> >>
> >>-Nigel
> >>
> >>
> >>
> > I guess that answers my question about test 8 as well.
> >
> >
> I am using 0.67 and the binhex ones (5,8) are still getting through.
> Actually, they are the only ones out of 17 that are not stopped.  Are they
> any special options that need to be enabled to catch the binhex encoded
> emails?
>

Hi all at clamav-users:

I am in the same situation as Jim, the only test failed is #17. Any hints ?

All mail scanned with clamdscan with ScanMail and ScanArchive active,
running Win32 Clamav-devel 20040219.

Has this been corrected in last CVS ? I can send the specific email message
that passes the scan if it is necessary.

Congratulations for yor great work !





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Re: 5 from testvirus.com came through

[Thomas Lamy]

Ignasi Prat schrieb:
On Friday 27 February 2004 10:27 pm, Bryce wrote:

Test # 17, 8, 5, 4, and 2 are making it through. I am using version
What can I do to prevent this?
Binhex was added in 0.67, so all binhex encoded e-mails will get through
unless you upgrade.
-Nigel

I guess that answers my question about test 8 as well.

I am using 0.67 and the binhex ones (5,8) are still getting through.
Actually, they are the only ones out of 17 that are not stopped.  Are they
any special options that need to be enabled to catch the binhex encoded
emails?


Hi all at clamav-users:

I am in the same situation as Jim, the only test failed is #17. Any hints ?

All mail scanned with clamdscan with ScanMail and ScanArchive active,
running Win32 Clamav-devel 20040219.
Has this been corrected in last CVS ? I can send the specific email message
that passes the scan if it is necessary.
Congratulations for yor great work !

No, #17 gets through becasuse the attachment therein doesn't contain the 
EICAR test signature (although the attachment filename makes one guess so).
At last clamav isn't a vulnerabilty scanner. It catches virii in such 
crafted mails, so it does it's job as a virus scanner well.

Thomas

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] password-protected Worm.Bagle.F

[Fajar A. Nugraha]

Hi,

Recently (starting 15.00 +07.00 GMT) our network is infected by yet 
another mass-mailing worm.
I already submitted this worm as submission number 1530. ClamAv hasn't 
detected it yet.

The thing is, after I manually unpack the zip file (which contains a 
.scr), the .scr was recognized as Worm.Bagle.F
ClamAV couldn't recognize it since the zip was password-protected. So 
far (I only have two different samples now) the password is the same : 
31517.

Since the password is the same, hopefully it won't take virus db team 
long to update the signature.
However what IF:

-   there's a new virus
-   the virus just passes known (detected) worm, in a zip file
-   the zip file is password-protected, and the password always changes 
(random, included in email body), thus
-   the zip file always changes. Creating signature from zip is 
imposssible.
-   ClamAV can't extract the real content.

Can clamav (or ANY AV scanner, for that matter) detects this kind of virus?

Regards,

Fajar A. Nugraha

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Segmentation Fault (Again Again)!

[Trog]

On Sun, 2004-02-29 at 17:55, Philipp Grosswiler wrote:
> OK, now I got something for you... but could be that the problem is already
> solved in the latest CVS version... just that the latest CVS is not working
> for me (see my earlier post about readdb()).
> 

> (gdb) continue
> Continuing.
> [New Thread 278546 (LWP 6642)]
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 32769 (LWP 6269)]
> 0x4009511b in pthread_start_thread_event () from /lib/i686/libpthread.so.0
> (gdb) bt
> #0  0x4009511b in pthread_start_thread_event () from
> /lib/i686/libpthread.so.0
> #1  0x4300 in ?? ()
> #2  0x0f21 in ?? ()
> #3  0x08b90ca0 in ?? ()
> #4  0x08053458 in ?? ()
> #5  0x0805345c in ?? ()
> #6  0x08053460 in ?? ()
> #7  0x08053464 in ?? ()
> #8  0x08053474 in ?? ()
> #9  0x4000d290 in _dl_runtime_resolve () from /lib/ld-linux.so.2
> #10 0x42e01000 in ?? ()
> #11 0x42e0 in ?? ()
> #12 0x1000 in ?? ()
> #13 0x001ff000 in ?? ()
> #14 0x4009d68c in __JCR_LIST__ () from /lib/i686/libpthread.so.0
> #15 0x08050660 in ?? ()
> #16 0x0006 in ?? ()
> #17 0x08053604 in ?? ()
> #18 0x40094ccf in __pthread_manager () from /lib/i686/libpthread.so.0

The libpthread thread manager seg faulted. I've never seen that happen
before. I guess that would be either a bug in libpthread or some very
bad memory corruption somewhere.

A quick Google doesn't come up with any one else seeing this particular
crash.

I'll have to ask some people.

Cheers.
-trog




signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] password-protected Worm.Bagle.F

[Fajar A. Nugraha]

Fajar A. Nugraha wrote:

So far (I only have two different samples now) the password is the 
same : 31517.

Update : I just got another sample with different password (submission 
number 1534).
Should I start blocking .zip files too?

Regards,

Fajar A. Nugraha

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Re: Re: 5 from testvirus.com came through

[Ignasi Prat]

> > Hi all at clamav-users:
> >
> > I am in the same situation as Jim, the only test failed is #17. Any
hints ?
> >
> > All mail scanned with clamdscan with ScanMail and ScanArchive active,
> > running Win32 Clamav-devel 20040219.
> >
> > Has this been corrected in last CVS ? I can send the specific email
message
> > that passes the scan if it is necessary.
> >
> > Congratulations for yor great work !
> >
> No, #17 gets through becasuse the attachment therein doesn't contain the
> EICAR test signature (although the attachment filename makes one guess
so).
> At last clamav isn't a vulnerabilty scanner. It catches virii in such
> crafted mails, so it does it's job as a virus scanner well.
>
> Thomas
>

You are correct, the attachement is a simple text file that does not contain
eicar virus. In this way I see no way it can hurt us.

Thanks,

 Ignasi





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] password-protected Worm.Bagle.F

[Bill Taroli]

Perhaps a silly question... if the .ZIP attachment is passworded, how 
are the target users supposed to be opening them and getting infected? 
Has the password been included in the email in which the .ZIP was attached?

Fajar A. Nugraha wrote:

Fajar A. Nugraha wrote:

So far (I only have two different samples now) the password is the 
same : 31517.

Update : I just got another sample with different password (submission 
number 1534).
Should I start blocking .zip files too?

Regards,

Fajar A. Nugraha


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] password-protected Worm.Bagle.F

[Ola Thoresen]

Mon, 01 Mar 2004 at 09:06 GMT "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote


> Since the password is the same, hopefully it won't take virus db team 
> long to update the signature.
> However what IF:
> 
> -   there's a new virus
> -   the virus just passes known (detected) worm, in a zip file
> -   the zip file is password-protected, and the password always changes 
> (random, included in email body), thus
> -   the zip file always changes. Creating signature from zip is 
> imposssible.
> -   ClamAV can't extract the real content.
> 

Please forgive my ignorance, I have not used windows in a long time, but
if the Zip-file is password protected, how can the virus spread?

How does the user trying to extract the content know the password?
Especially if it is a "random" password for each file?


Rgds.

Ola Thoresen



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] password-protected Worm.Bagle.F

[Fajar A. Nugraha]

Bill Taroli wrote:

Perhaps a silly question... if the .ZIP attachment is passworded, how 
are the target users supposed to be opening them and getting infected? 
Has the password been included in the email in which the .ZIP was 
attached?

No, silly me. I forgot to mention that the password is included in email 
body.

Which means that the only way it can infect you is if you use Windows, 
don't have any updated AV scanner, open the attachment,  and 
intentionally type in the password.

However, judging from the fact that it IS spreading in my network now, 
some people tend to do exactly that.

Regards,

Fajar

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] password-protected Worm.Bagle.F

[Jesper Juhl]

On Mon, 1 Mar 2004, Ola Thoresen wrote:

> Mon, 01 Mar 2004 at 09:06 GMT "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote
>
>
> > Since the password is the same, hopefully it won't take virus db team
> > long to update the signature.
> > However what IF:
> >
> > -   there's a new virus
> > -   the virus just passes known (detected) worm, in a zip file
> > -   the zip file is password-protected, and the password always changes
> > (random, included in email body), thus
> > -   the zip file always changes. Creating signature from zip is
> > imposssible.
> > -   ClamAV can't extract the real content.
> >
>
> Please forgive my ignorance, I have not used windows in a long time, but
> if the Zip-file is password protected, how can the virus spread?
>
> How does the user trying to extract the content know the password?
> Especially if it is a "random" password for each file?
>
I'm guessing here, but one could immagine that the worm/virus generates a
random password for the ZIP archive and then writes the password in the
body of the mail, hoping that the recipient will extract the archive using
the provided password and run the executable.

/Jesper Juhl



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Segmentation Fault (Again Again)!

[Philipp Grosswiler]

Hello Trog. 

> The libpthread thread manager seg faulted. I've never seen that happen 
> before. I guess that would be either a bug in libpthread or some very 
> bad memory corruption somewhere.

Well, this happened about 2-3 times (before, I was not able to use gdb). But
I am using the current CVS snapshot (20040229) and it is working great until
now. I didn't have any crashes since then. Could be that it is already
solved in this version? You said that someone fixed a segmentation fault
problem...

> A quick Google doesn't come up with any one else seeing this 
> particular crash.
> 
> I'll have to ask some people.

Thanks for your great work and support!

Regards,
Phil.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: password-protected Worm.Bagle.F

[Toorop]

Bill Taroli,

BT> Perhaps a silly question... if the .ZIP attachment is passworded, how 
BT> are the target users supposed to be opening them and getting infected? 
BT> Has the password been included in the email in which the .ZIP was attached?

Perhaps the password is in the message :

"Open my confidential hot pictures using 1234565 passwd" .

--  
Toorop




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] libclamav question

[Jose Marcio Martins da Cruz]

Hello,

libclamav has three functions to scan an object : cl_scanbuff, 
cl_scandesc and cl_scanfile. Only cl_scanbuff doesn't have the parameter 
"options". What kind of objects are scanned by cl_scanbuff ?

Thanks,

Jose-Marcio

--
 ---
 Jose Marcio MARTINS DA CRUZ   Tel. :(33) 01.40.51.93.41
 Ecole des Mines de Paris  http://j-chkmail.ensmp.fr
 60, bd Saint Michelhttp://www.ensmp.fr/~martins
 75272 - PARIS CEDEX 06  mailto:[EMAIL PROTECTED]


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] libclamav question

[Thomas Lamy]

Jose Marcio Martins da Cruz schrieb:



Hello,

libclamav has three functions to scan an object : cl_scanbuff, 
cl_scandesc and cl_scanfile. Only cl_scanbuff doesn't have the parameter 
"options". What kind of objects are scanned by cl_scanbuff ?

Memory buffers. This needs no "options", as it is supposed to be the 
very last function called in the scan process. The others get flags for 
"ScanMail", "ScanArchive" etc via their "options" argument.

Thomas

PS: This question had better fit to clamav-devel...

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Segmentation Fault (Again Again)!

[Trog]

On Mon, 2004-03-01 at 10:37, Philipp Grosswiler wrote:
> Hello Trog. 
> 
> > The libpthread thread manager seg faulted. I've never seen that happen 
> > before. I guess that would be either a bug in libpthread or some very 
> > bad memory corruption somewhere.
> 
> Well, this happened about 2-3 times (before, I was not able to use gdb). But
> I am using the current CVS snapshot (20040229) and it is working great until
> now. I didn't have any crashes since then. Could be that it is already
> solved in this version? You said that someone fixed a segmentation fault
> problem...
> 

Thats possible, as your stack trace indicates that the stack has been
corrupted.

-trog



signature.asc
Description: This is a digitally signed message part

[Clamav-users] clamdscan: input via stdin

[Marc Cuypers]

Hi,

I'm running clamav 0.60 on Debian.

Can I 'cat' a file to clamdscan, or must it be a physical file on the disk?

Thanks for your time,

--Marc



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Virus

[Adrian Gurbina (main)]

i allways run clamd with freshclam so i;m updated all the time i got some
problem with a virus is : [EMAIL PROTECTED]
is not reconised by clamscan
I find it out using NAV/Symantec
What shall i do?



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Virus

[Antony Stone]

On Monday 01 March 2004 1:23 pm, Adrian Gurbina (main) wrote:

> i allways run clamd with freshclam so i;m updated all the time i got some
> problem with a virus is : [EMAIL PROTECTED]
> is not reconised by clamscan
> I find it out using NAV/Symantec
> What shall i do?

Submit a sample of the virus through the web page at 
http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi so that a new signature 
can be generated.

Antony.

-- 
It is also possible that putting the birds in a laboratory setting 
inadvertently renders them relatively incompetent.

 - Daniel C Dennet

 Please reply to the list;
   please don't CC me.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Suspected.Zip

[Kristof Hardy]

Hi,

Clamd (v067-1) on our CGPro just reported:
Mon Mar  1 14:16:10 2004 -> /tmp/cgpavyuPWe6: Suspected.Zip FOUND
Now, I have searched the mailing list archives and did a "sigtool 
--list-sigs | grep -i Suspected" but could not find this anywhere.

Any idea what this might be?

Ps, Bagle.A3 now also seems to get pretty active here in Belgium :)

--
Kristof
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segmentation Fault (Again Again)!

[Loren Salsgiver]

Set your thread timeout to zero.  Setting this to any other value causes 
users with dialup connections to timeout while sending attachments, in 
addition my seg faults are gone.  This  is the best reason to do this, 
I've been running for 4 days now without a single crash, previoiusly I 
was restarting up to 2 times a day.

Loren

Trog wrote:
On Sun, 2004-02-29 at 17:55, Philipp Grosswiler wrote:

OK, now I got something for you... but could be that the problem is already
solved in the latest CVS version... just that the latest CVS is not working
for me (see my earlier post about readdb()).


(gdb) continue
Continuing.
[New Thread 278546 (LWP 6642)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 32769 (LWP 6269)]
0x4009511b in pthread_start_thread_event () from /lib/i686/libpthread.so.0
(gdb) bt
#0  0x4009511b in pthread_start_thread_event () from
/lib/i686/libpthread.so.0
#1  0x4300 in ?? ()
#2  0x0f21 in ?? ()
#3  0x08b90ca0 in ?? ()
#4  0x08053458 in ?? ()
#5  0x0805345c in ?? ()
#6  0x08053460 in ?? ()
#7  0x08053464 in ?? ()
#8  0x08053474 in ?? ()
#9  0x4000d290 in _dl_runtime_resolve () from /lib/ld-linux.so.2
#10 0x42e01000 in ?? ()
#11 0x42e0 in ?? ()
#12 0x1000 in ?? ()
#13 0x001ff000 in ?? ()
#14 0x4009d68c in __JCR_LIST__ () from /lib/i686/libpthread.so.0
#15 0x08050660 in ?? ()
#16 0x0006 in ?? ()
#17 0x08053604 in ?? ()
#18 0x40094ccf in __pthread_manager () from /lib/i686/libpthread.so.0


The libpthread thread manager seg faulted. I've never seen that happen
before. I guess that would be either a bug in libpthread or some very
bad memory corruption somewhere.
A quick Google doesn't come up with any one else seeing this particular
crash.
I'll have to ask some people.

Cheers.
-trog





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] virus getting thru

[Loren Salsgiver]

>>Norton AntiVirus removed the attachment: bill.zip.
>>The attachment was infected with the [EMAIL PROTECTED] virus.
>>
This seems to be common, can anyone help?

Loren



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] sigtool --list-sigs

[Joe Kletch]

sigtool --list-sigs
Does not work on my install. Is the best way to get this corrected to 
upgrade Clam 0.67?

mail burtonmayer.com $ clamd -V
clamd / ClamAV version 0.65
Thanks!

Joe Kletch

On Mar 1, 2004, at 7:43 AM, Kristof Hardy wrote:

sigtool --list-sigs


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segmentation Fault (Again Again)!

[Trog]

On Mon, 2004-03-01 at 14:04, Loren Salsgiver wrote:
> Set your thread timeout to zero.  Setting this to any other value causes 
> users with dialup connections to timeout while sending attachments, in 
> addition my seg faults are gone.  This  is the best reason to do this, 
> I've been running for 4 days now without a single crash, previoiusly I 
> was restarting up to 2 times a day.
> 
> Loren
> 
> Trog wrote:
> > On Sun, 2004-02-29 at 17:55, Philipp Grosswiler wrote:
> > 
> >>OK, now I got something for you... but could be that the problem is already
> >>solved in the latest CVS version... just that the latest CVS is not working
> >>for me (see my earlier post about readdb()).
> >>

(don't top post please)

Phil is using the CVS version, which doesn't use the thread timeout
value at all, as it doesn't have that broken code in it.

-trog



signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] sigtool --list-sigs

[Kristof Hardy]

Joe Kletch wrote:
sigtool --list-sigs
Does not work on my install. Is the best way to get this corrected to 
upgrade Clam 0.67?
mail burtonmayer.com $ clamd -V
clamd / ClamAV version 0.65
It can't hurt anyway to upgrade to v0.67-1. Maybe try finding it with 
'whereis sigtool' (or 'locate sigtool') ?

--
Kristof
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamscan not detecting virus

[Matthew Daubenspeck]

I am using the backported.org package of ClamAV:

$ clamscan --version
clamscan / ClamAV version 0.67+CVS20040221

So far clam has been catching 90% of the viruses that are sent to the
server, but it has missed a few others. I downloaded the specific virus
itself and tried to submit it using the online scanner
[http://www.gietl.com/test-clamav/] and the results are:

File is valid, and was successfully uploaded. 

clamav scans the file ...

Clamav-Output:

/tmp/phpDkbyoR: Worm.SomeFool.B FOUND

And found something:
Worm.SomeFool.B  

Since clamav already recognizes the content you submitted there is no
reason to resubmit it.

But my local copy is not working. I checked the syslog and it says
nothing other then the message is clean. Any ideas where to start
checking?
-- 
  Matthew Daubenspeck
  http://www.oddprocess.org

10:28:39 up 55 days, 1:39, 1 user, load average: 0.00, 0.00, 0.00


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] virus getting thru

[Peter McCreath]

 --- Loren Salsgiver <[EMAIL PROTECTED]> wrote: > 
>>Norton AntiVirus removed the attachment:
> bill.zip.
>  >>The attachment was infected with the
> [EMAIL PROTECTED] virus.
>  >>
> 
> This seems to be common, can anyone help?
> 
> Loren
> 
> 
>
I;m having the same problem, it always seems to be
Bse64 encoded zip files. 

Peter


Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Segmentation Fault (Again Again)!

[Trog]

On Mon, 2004-03-01 at 10:37, Philipp Grosswiler wrote:
> Well, this happened about 2-3 times (before, I was not able to use gdb). But
> I am using the current CVS snapshot (20040229) and it is working great until
> now. I didn't have any crashes since then. Could be that it is already
> solved in this version? You said that someone fixed a segmentation fault
> problem...

Ok, if this does crash again, could you also issue the following gdb
commands BEFORE doing the backtrace:

info shared
shared .

(don't forget the . above)

Thanks
-trog



signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] sigtool --list-sigs

[Tomasz Papszun]

On Mon, 01 Mar 2004 at  8:18:25 -0600, Joe Kletch wrote:
> >sigtool --list-sigs
> 
> Does not work on my install. Is the best way to get this corrected to 
> upgrade Clam 0.67?
> 
> mail burtonmayer.com $ clamd -V
> clamd / ClamAV version 0.65
> 

Please, don't "top-post".

Yes.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamscan not detecting virus

[Thomas Lamy]

Matthew Daubenspeck wrote:
I am using the backported.org package of ClamAV:

$ clamscan --version
clamscan / ClamAV version 0.67+CVS20040221
So far clam has been catching 90% of the viruses that are sent to the
server, but it has missed a few others. I downloaded the specific virus
itself and tried to submit it using the online scanner
[http://www.gietl.com/test-clamav/] and the results are:
File is valid, and was successfully uploaded. 

clamav scans the file ...

Clamav-Output:

/tmp/phpDkbyoR: Worm.SomeFool.B FOUND

And found something:
Worm.SomeFool.B  

Since clamav already recognizes the content you submitted there is no
reason to resubmit it.
But my local copy is not working. I checked the syslog and it says
nothing other then the message is clean. Any ideas where to start
checking?
What is your exact setup, i.e. what is the "glue" between your mailer 
and clam? clamav-milter, amavisd-new, ... ?

If in doubt, please send me (an URL to) the sample in private (I'm the 
co-maintainer for debian packages).

Thomas

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Correct clamav-milter options to --postmaster-only

[Nigel Horne]

On Monday 01 Mar 2004 4:55 am, Stevens, John wrote:
> Hi All,
> I have clamd and clamav-milter (0.67-1) on my two mail gateways, and am
> really happy with the performance and detection rates.  Job well done to
> the devs. The only problem I have at the moment is getting alerted to a
> virus detection by clamav-milter WITHOUT bouncing the message back.  I use
> clamav-milter with the -lobP options set and [EMAIL PROTECTED]  But
> it still sends a bounce message out.  From my understanding of the man page
> -b (--bounce) and -P (--postmaster-only) must both be set for a bounce
> message to be received by the postmaster mail address.  Any pointers?  What
> am I doing wrong? Regards

Please post an example of the bounce message, then I can see where it's coming from.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] virus getting thru

[Nagy Ferenc László]

Peter McCreath wrote:

 --- Loren Salsgiver <[EMAIL PROTECTED]> wrote: > 

Norton AntiVirus removed the attachment:
bill.zip.
>>The attachment was infected with the
[EMAIL PROTECTED] virus.
>>
This seems to be common, can anyone help?

Loren



I;m having the same problem, it always seems to be
Bse64 encoded zip files. 

Peter
Does the zip file have a password?

If not, you can submit it on the web interface.

Nagy Ferenc László



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] E-mail Notice Replies

[Marc Brooks]

Hello All,

Is it possible to turn off the e-mail notification that is returned to the
user (who sent the virus)?

Running Clamav 0.67 w/ milter on FreeBSD 4.7

Marc S. Brooks
Programmer/Systems Admin
975 Andreasen
Escondido, CA 92029
760-740-2625 ph
760-740-2643 fx



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamdscan: input via stdin

[Adam Webb - Network Manager]

cat filename | clamdscan -

Marc Cuypers [EMAIL PROTECTED] wrote:
> Hi,
> 
> I'm running clamav 0.60 on Debian.
> 
> Can I 'cat' a file to clamdscan, or must it be a physical file on the disk?
> 
> Thanks for your time,
> 
> --Marc
> 
> 
> 
> ---
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

-- 
Adam Webb - Network Manager


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] E-mail Notice Replies

[Rob]

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Marc Brooks
> 
> Is it possible to turn off the e-mail notification that is 
> returned to the
> user (who sent the virus)?
> 
> Running Clamav 0.67 w/ milter on FreeBSD 4.7

Yup - don't use --bounce in the command line that starts clamav-milter!


PLEASE - keep list traffic on the list.  Email sent directly to me may be
ignored utterly.

-- 
Rob | What part of "no" was it you didn't understand? 


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ClamAV not detecting Netsky.C in .zip file

[Ninetwoaccord]

Hello, I have just joined the email list and would
like to thank everyone in advance for their help. I
have searched the archives and google until my eyes
have hurt and have waited about 10 days before
escelating my issue to this list. 

Here is my issue. I have setup
Postfix/Amavis-new/ClamAV/SpamAssassin on RedHat9,
everything from source. 

I had someone send me an email they received with
netsky.c so I could test the system. The zip file
contains the file "found_id.txt.pif". Clamd is not
detecting the virus when the file is passed via
amavis-new. I turned on the clean logging features and
verified that clamd received the file and declared it
OK. I then added the ClamAV and F-Prot command line
scanners as primary scanners in Amavis-new and sent
the message again. Clamd did not detect the virus,
neither did the command line clamscan. The F-Prot did
detect the virus as Netsky.C. If I do not scan the
message at all, Panda Platinum 7 running on my Win2k
box detects the virus as Netsky.C. The file is
definately infected with Netsky.C.

I wanted to make sure my archive scanning settings
were correct for clamd. I searched these email
archives and found that Archive support should be
turned on (it was) as well as StreamSaveToDisk (it
wasn't). I tested with StreamSaveToDisk and it still
did not find the virus.

I scanned manually using clamscan -v yep.msg (the
email message)and did not find a virus. I then ran the
F-Prot command line scanner and it did find the virus.

I checked to make sure I have been updating my
definitions correctly and I have. Last update was Mon
Feb 23 at 15:04:35 2004. (This morning)

Does anyone have any insight? Am I missing something?

Thanks again for your help.
Ian



__
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamscan not detecting virus

[Matthew Daubenspeck]

On Mon, Mar 01, 2004 at 05:53:59PM +0100, Thomas Lamy wrote:
> >But my local copy is not working. I checked the syslog and it says
> >nothing other then the message is clean. Any ideas where to start
> >checking?
> 
> What is your exact setup, i.e. what is the "glue" between your mailer 
> and clam? clamav-milter, amavisd-new, ... ?
> 
> If in doubt, please send me (an URL to) the sample in private (I'm the 
> co-maintainer for debian packages).

Doh. I found the issue. It looks like freshclam wasn't working properly.
In /etc/clamav/freshclam.conf, it had :

MaxAttempts true

And when manually running this, I got an error that it needed a number
of max tries, not "true". I changed it to 5 and the system updated. It
then found the virus.

-- 
  Matthew Daubenspeck
  http://www.oddprocess.org

14:48:33 up 55 days, 5:59, 1 user, load average: 0.00, 0.02, 0.00


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] password-protected Worm.Bagle.F

[Erik Corry]

On Mon, Mar 01, 2004 at 05:31:35PM +0700, Fajar A. Nugraha wrote:
> Bill Taroli wrote:
> 
> >Perhaps a silly question... if the .ZIP attachment is passworded, how 
> >are the target users supposed to be opening them and getting infected? 
> >Has the password been included in the email in which the .ZIP was 
> >attached?
>
> No, silly me. I forgot to mention that the password is included in email 
> body.
> 
> Which means that the only way it can infect you is if you use Windows, 
> don't have any updated AV scanner, open the attachment,  and 
> intentionally type in the password.
> 
> However, judging from the fact that it IS spreading in my network now, 
> some people tend to do exactly that.

Kaspersky have added the text string to their signatures (the one
that tries to entice you into unpacking the zip file).  That seems
to be all you can do right now.  In the somewhat longer run perhaps
the engine needs to be able to get a list of possible passwords so it
can have a go at decrypting the zip file.

-- 
Erik Corry I'd be a Libertarian, if they weren't all a
[EMAIL PROTECTED] bunch of tax-dodging professional whiners.   - B. Breathed.


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Suspected.Zip

[Tomasz Kojm]

On Mon, 01 Mar 2004 14:43:27 +0100
Kristof Hardy <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> Clamd (v067-1) on our CGPro just reported:
> Mon Mar  1 14:16:10 2004 -> /tmp/cgpavyuPWe6: Suspected.Zip FOUND
> 
> Now, I have searched the mailing list archives and did a "sigtool 
> --list-sigs | grep -i Suspected" but could not find this anywhere.
> 
> Any idea what this might be?

That means the archive contained a file entry with an empty name. Some
worms (eg. some Mimails) distribute such files.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Mon Mar  1 21:09:54 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] ClamAV not detecting Netsky.C in .zip file

[Kristof Hardy]

Ninetwoaccord wrote:
I wanted to make sure my archive scanning settings
were correct for clamd. I searched these email
archives and found that Archive support should be
turned on (it was) as well as StreamSaveToDisk (it
wasn't). I tested with StreamSaveToDisk and it still
did not find the virus.
is mailbox scanning active?
try: clamscan --mbox yep.msg
if that works, make sure the parameter ScanMail is active in your 
clamav.conf.

If it doesn't work, feel free to make that file available somewhere on 
the net, but I suppose it's a setting somewhere..

--

Best regards,
Kristof
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Just setting up...Exim 4.2, Exiscan and Clam 0.66

[Frank DeChellis DSL]

Hi.

We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
server.  I just setup clamav on a separate server.

How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
configuration to use clam off another server?

What do I enter in my clamav.conf to give another server access to it?

Thanks for any help you can offer.

Frank

---
Frank DeChellis
Internet Access Worldwide
3 East Main StreetWelland, Ontario, CanadaL3B 3W4
905-714-1400 fax 905-732-0524
www.iaw.com
--


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV not detecting Netsky.C in .zip file

[Ninetwoaccord]

Hello Kristof, thank you VERY much for your response.
I tried what you suggested and it did not find the
virus. I also have mail scanning on. 

One other person replied and requested I send them the
.zip file and clamAV did not detect it as
worm.somefool.B 

This is what they detected:
The virus detector said this about the message:
ClamAV: found_id.zip contains Worm.SomeFool.B 
AntiVir: ALERT: [Worm/NetSky.C worm] found_id.zip <<<
Contains 
signature of the worm Worm/NetSky.C
F-Prot: found_id.zip->found_id.txt.pif  Infection:
W32/[EMAIL PROTECTED]
McAfee: found_id.zip/FOUND_ID.TXT.PIFFound the
W32/[EMAIL PROTECTED] 
virus !!!

So this would mean I am missing something. My updates
are up to date. What else would prevent it from
detecting the virus? Compression issues? 


--- Kristof Hardy <[EMAIL PROTECTED]>
wrote:
> Ninetwoaccord wrote:
> > I wanted to make sure my archive scanning settings
> > were correct for clamd. I searched these email
> > archives and found that Archive support should be
> > turned on (it was) as well as StreamSaveToDisk (it
> > wasn't). I tested with StreamSaveToDisk and it
> still
> > did not find the virus.
> 
> is mailbox scanning active?
> try: clamscan --mbox yep.msg
> if that works, make sure the parameter ScanMail is
> active in your 
> clamav.conf.
> 
> If it doesn't work, feel free to make that file
> available somewhere on 
> the net, but I suppose it's a setting somewhere..
> 
> -- 
> 
> Best regards,
> Kristof
> 
> 
>
---
> SF.Net is sponsored by: Speed Start Your Linux Apps
> Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
>
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/clamav-users


__
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV not detecting Netsky.C in .zip file

[Patrik Nilsson]

At 11:01 2004-03-01 -0800, Ninetwoaccord wrote:
I checked to make sure I have been updating my
definitions correctly and I have. Last update was Mon
Feb 23 at 15:04:35 2004. (This morning)
Was that a typo?
If not - Feb 23 was monday last week, not this morning...
Patrik  



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] password-protected Worm.Bagle.F

[Martin Hermanowski]

On Mon, Mar 01, 2004 at 09:06:12PM +0100, Erik Corry wrote:
> On Mon, Mar 01, 2004 at 05:31:35PM +0700, Fajar A. Nugraha wrote:
> > Bill Taroli wrote:
> > 
> > >Perhaps a silly question... if the .ZIP attachment is passworded, how 
> > >are the target users supposed to be opening them and getting infected? 
> > >Has the password been included in the email in which the .ZIP was 
> > >attached?
> >
> > No, silly me. I forgot to mention that the password is included in email 
> > body.
> > 
> > Which means that the only way it can infect you is if you use Windows, 
> > don't have any updated AV scanner, open the attachment,  and 
> > intentionally type in the password.
> > 
> > However, judging from the fact that it IS spreading in my network now, 
> > some people tend to do exactly that.
> 
> Kaspersky have added the text string to their signatures (the one
> that tries to entice you into unpacking the zip file).  That seems
> to be all you can do right now.  In the somewhat longer run perhaps
> the engine needs to be able to get a list of possible passwords so it
> can have a go at decrypting the zip file.

I do not believe this would work in the long run, as we would have a
problem very similar to recognising typical spam phrases (ie. splitting
the word through html code, gappy text, etc), which is obviously not
trivial to solve.

I think blocking encrypted zip files or (better) educating users (as
they have to do much more than just clicking) are the only options.

LLAP, Martin


signature.asc
Description: Digital signature

Re: [Clamav-users] ClamAV not detecting Netsky.C in .zip file

[Ninetwoaccord]

Nope not a typo, an overlook. Thank you VERY much for
taking the time to read my post. Freshclam was running
24 times a day, and it stopped on the 23rd. Ran the
update and it detected the virus. 

Thanks again for your time. Now to find out why it
stopped on the 23rd...

Ian

--- Patrik Nilsson <[EMAIL PROTECTED]> wrote:
> At 11:01 2004-03-01 -0800, Ninetwoaccord wrote:
> >I checked to make sure I have been updating my
> >definitions correctly and I have. Last update was
> Mon
> >Feb 23 at 15:04:35 2004. (This morning)
> 
> Was that a typo?
> If not - Feb 23 was monday last week, not this
> morning...
> 
> Patrik  
> 
> 
> 
>
---
> SF.Net is sponsored by: Speed Start Your Linux Apps
> Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
>
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/clamav-users


__
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Just setting up...Exim 4.2, Exiscan and Clam 0.66

[Jesper Juhl]

On Mon, 1 Mar 2004, Frank DeChellis DSL wrote:

> Hi.
>
> We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
> server.  I just setup clamav on a separate server.
>
> How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
> configuration to use clam off another server?
>
> What do I enter in my clamav.conf to give another server access to it?
>
> Thanks for any help you can offer.
>

Unfortunately I can't offer any help on Exim, but I can tell you this;

To have clamd listen on a TCP socket (needed so you can commect from
remote hosts - by default it uses a UNIX domain socket) you need to use
the TCPSocket keyword in clamav.conf - example :

TCPSocket 3310

That would make clamd listen on TCP port 3310

If you have several network interface cards in the machine running clamd,
then you may also need to specify TCPAddr to make clamd only bind to a
specific IP (by default it'll bind to INADDR_ANY, thereby listening on
any available IP address) - example :

TCPAddr 192.168.1.123

There are also some settings controlling some limits, like
MaxConnectionQueueLength which defines how many connections may be "in
queue" - default is 15, but you may want to raise it if you expect a large
load.

There is also MaxThreads that specifies how many threads clamd uses, you
probably want to raise this from the default of 5 to some larger number on
a busy server - experiment to find the proper setting (I use 25 on my
mailserver which gets ~25000 mails a day).

There are other settings that you may want to tune, but you can read about
them all in the comments in the clamav.conf file.


finally, why are you running clamd on a sepperate host? It does not use a
huge amount of resources, so unless your Exim server is very busy it would
probably not be overly burdened by running clamd locally.


Kind regards,

Jesper Juhl



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV not detecting Netsky.C in .zip file

[Tomasz Kojm]

On Mon, 1 Mar 2004 11:01:19 -0800 (PST)
Ninetwoaccord <[EMAIL PROTECTED]> wrote:

> I scanned manually using clamscan -v yep.msg (the

You must enable ScanMail in clamav.conf (for clamd) and use --mbox in
clamscan.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Mon Mar  1 21:32:10 CET 2004



pgp0.pgp
Description: PGP signature

RE: [Clamav-users] Correct clamav-milter options to --postmaster-only

[Stevens, John]

>Please post an example of the bounce message, then I can see where it's coming from.

>-Nigel
Hi Nigel,
From: MAILER-DAEMON
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Virus intercepted
A message you sent to [EMAIL PROTECTED] contained a virus and has not been delivered.
stream: Worm.Bagle.E FOUND
 
No Message ID included as detailed in the man page, and always CC.


TUSC Computer Systems - www.tusc.com.au
John Stevens - MIS Manager, Senior Project Engineer
Mobile: 0419840411
Direct: 03 9840 4428




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Just setting up...Exim 4.2, Exiscan and Clam 0.66

[Stephen Gran]

On Mon, Mar 01, 2004 at 03:47:57PM -0500, Frank DeChellis DSL said:
> Hi.
> 
> We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
> server.  I just setup clamav on a separate server.
> 
> How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
> configuration to use clam off another server?

av_scanner = clamd:192.168.0.3 3310

> What do I enter in my clamav.conf to give another server access to it?

TCPSocket 3310

-- 
 --
|  Stephen Gran  | We were so poor that we thought new |
|  [EMAIL PROTECTED] | clothes meant someone had died. |
|  http://www.lobefin.net/~steve | |
 --


pgp0.pgp
Description: PGP signature

[Clamav-users] Re: password-protected Worm.Bagle.F

[Derrick 'dman' Hudson]

On Mon, Mar 01, 2004 at 09:06:12PM +0100, Erik Corry wrote:
| On Mon, Mar 01, 2004 at 05:31:35PM +0700, Fajar A. Nugraha wrote:
| > Bill Taroli wrote:

| > However, judging from the fact that it IS spreading in my network now, 
| > some people tend to do exactly that.
| 
| Kaspersky have added the text string to their signatures (the one
| that tries to entice you into unpacking the zip file).  That seems
| to be all you can do right now.  In the somewhat longer run perhaps
| the engine needs to be able to get a list of possible passwords so it
| can have a go at decrypting the zip file.

Is the zip file really encrypted, or is the password just an
"advisory" flag that an unzip tool is supposed to honor?  If its the
latter, then clamav could just ignore the password to unpack and scan
the archive anyways.

-D

-- 
One OS to rule them all, one OS to find them,
One OS to bring them all and in the darkness bind them,
In the Land of Redmond, where the Shadows lie.
 
www: http://dman13.dyndns.org/~dman/jabber: [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Re: [Clamav-users] Just setting up...Exim 4.2, Exiscan and Clam 0.66

[Frank DeChellis DSL]

I have those settings in there but there seems to be no communication
between the 2 units.  Is there an ACL entry for exim?

Is there a way to tell if the 2 systems are talking?

Thanks
Frank


On Mon, 1 Mar 2004, Stephen Gran wrote:

> Date: Mon, 1 Mar 2004 20:37:53 -0500
> From: Stephen Gran <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Just setting up...Exim 4.2, Exiscan and Clam 0.66
>
> On Mon, Mar 01, 2004 at 03:47:57PM -0500, Frank DeChellis DSL said:
> > Hi.
> >
> > We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
> > server.  I just setup clamav on a separate server.
> >
> > How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
> > configuration to use clam off another server?
>
> av_scanner = clamd:192.168.0.3 3310
>
> > What do I enter in my clamav.conf to give another server access to it?
>
> TCPSocket 3310
>
> --
>  --
> |  Stephen Gran  | We were so poor that we thought new |
> |  [EMAIL PROTECTED] | clothes meant someone had died. |
> |  http://www.lobefin.net/~steve | |
>  --
>

---
Frank DeChellis
Internet Access Worldwide
3 East Main StreetWelland, Ontario, CanadaL3B 3W4
905-714-1400 fax 905-732-0524
www.iaw.com
--


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Just setting up...Exim 4.2, Exiscan and Clam 0.66

[Stephen Gran]

On Mon, Mar 01, 2004 at 09:52:25PM -0500, Frank DeChellis DSL said:
> On Mon, 1 Mar 2004, Stephen Gran wrote:
> > On Mon, Mar 01, 2004 at 03:47:57PM -0500, Frank DeChellis DSL said:
> > > Hi.
> > >
> > > We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
> > > server.  I just setup clamav on a separate server.
> > >
> > > How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
> > > configuration to use clam off another server?
> >
> > av_scanner = clamd:192.168.0.3 3310
> >
> > > What do I enter in my clamav.conf to give another server access to it?
> >
> > TCPSocket 3310

Please try ot to top-post, if your mail client makes it reasonably
feasible - it's much easier to read this way round.

> I have those settings in there but there seems to be no communication
> between the 2 units.  Is there an ACL entry for exim?

There should be.
I use (rather long):
acl_check_data:
   warn condition = ${if !def:h_Message-ID: {1}}
hosts = +relay_from_hosts
message = Message-ID: <[EMAIL PROTECTED]>


   deny  message = Found MIME error ($demime_reason).
  demime  = *
  condition = ${if >{$demime_errorlevel}{2}{1}{0}}

   deny  message = contains $found_extension file (blacklisted).
  demime = ade : adp : asx : bas : bat : chm : cmd : com : cpl : crt \
 : exe : hlp : hta : inf : ins : isp : js : jse : lnk : mda \
 : mdb : mde : mdt : mdw : mdz : msi : msp : mst : ops : pcd \
 : pif : prf : reg : scf : scr : shb : shs : url : vb : vbe \
 : vbs : wsc : wsf : wsh : cnf : mad : maf : mag : mam : maq \
 : mar : mas : mat : mav : maw : xnk : mhtml : msc : sct

   deny  message = This message contains a virus: ($malware_name) please scan your 
system.
  demime = *
  malware = *

   warn  message = X-Scanned-By: ClamAV at mail.lobefin.net

The imprtant line is malware = * - that sends it to the av_scanner
defined earlier.

> Is there a way to tell if the 2 systems are talking?

tcpdump comes to mind, otherwise try the logfiles.  Is there firewalling
between the two hosts?  That caused no end of problems when setting up a
sendmail server with the milter interface for me.

-- 
 --
|  Stephen Gran  | There is more to life than increasing   |
|  [EMAIL PROTECTED] | its speed.   -- Mahatma Gandhi  |
|  http://www.lobefin.net/~steve | |
 --


pgp0.pgp
Description: PGP signature

[Clamav-users] debian-sid package broken

[Me Its]

I am using debian - sid, but I got error when I apt-get upgrade, when 
it tries to install the new ClamAV

Setting up clamav-base (0.67-5) ...
dirname: too few arguments
Try `dirname --help' for more information.
dpkg: error processing clamav-base (--configure):
 subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of clamav:
 clamav depends on clamav-base (= 0.67-5); however:
  Package clamav-base is not configured yet.
dpkg: error processing clamav (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of clamav-freshclam:
 clamav-freshclam depends on clamav (= 0.67-5); however:
  Package clamav is not configured yet.
dpkg: error processing clamav-freshclam (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of clamav-daemon:
 clamav-daemon depends on clamav (= 0.67-5); however:
  Package clamav is not configured yet.
dpkg: error processing clamav-daemon (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 clamav-base
 clamav
 clamav-freshclam
 clamav-daemon
E: Sub-process /usr/bin/dpkg returned an error code (1)

What should I do next ?



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] debian-sid package broken

[Derek J. Balling]

On Mar 1, 2004, at 11:00 PM, Me Its wrote:

I am using debian - sid, but I got error when I apt-get upgrade, when
it tries to install the new ClamAV
Sounds like something is odd. I just did that myself and now:

# dpkg --list | grep clamav
ii  clamav 0.67-5 Antivirus scanner for Unix
ii  clamav-base0.67-5 Base package for clamav, an 
anti-virus utili
ii  clamav-daemon  0.67-5 Powerful Antivirus scanner daemon
ii  clamav-freshcl 0.67-5 Downloads clamav virus databases from 
the In
ii  clamav-milter  0.67-5 Fast antivirus scanner for sendmail
ii  libclamav1 0.67-5 Virus scanner library

I seem to be just spiffy. I'm not sure if it matters, but I usually use 
dist-upgrade instead of upgrade. Might be worth trying...

D



smime.p7s
Description: S/MIME cryptographic signature

[Clamav-users] Re: debian-sid package broken

[Derrick 'dman' Hudson]

On Tue, Mar 02, 2004 at 12:00:28PM +0800, Me Its wrote:
| I am using debian - sid, but I got error when I apt-get upgrade, when 
| it tries to install the new ClamAV

| What should I do next ?

Look for a related bug report on http://bugs.debian.org.  If there is
none, report the bug.  At any rate, this is a debian packaging issue,
not a clamav one.

-D

PS  It is a good idea to know this before running "unstable".  It's a
little safer to run "testing" instead, if you aren't that
comfortable with running into such issues at times.

-- 
\begin{humor}
Disclaimer:
If I receive a message from you, you are agreeing that:
   1. I am by definition, "the intended recipient"
   2. All information in the email is mine to do with as I see fit and make
such financial profit, political mileage, or good joke as it lends
itself to. In particular, I may quote it on USENET or the WWW.
   3. I may take the contents as representing the views of your company.
   4. This overrides any disclaimer or statement of confidentiality that may
be included on your message
\end{humor}
 
www: http://dman13.dyndns.org/~dman/jabber: [EMAIL PROTECTED]


signature.asc
Description: Digital signature

Re: [Clamav-users] debian-sid package broken

[Stephen Gran]

On Tue, Mar 02, 2004 at 12:00:28PM +0800, Me Its said:
> I am using debian - sid, but I got error when I apt-get upgrade, when 
> it tries to install the new ClamAV
> 
> Setting up clamav-base (0.67-5) ...
> dirname: too few arguments
> Try `dirname --help' for more information.
> dpkg: error processing clamav-base (--configure):
>  subprocess post-installation script returned error exit status 1
> dpkg: dependency problems prevent configuration of clamav:
>  clamav depends on clamav-base (= 0.67-5); however:
>   Package clamav-base is not configured yet.
> dpkg: error processing clamav (--configure):
>  dependency problems - leaving unconfigured
> dpkg: dependency problems prevent configuration of clamav-freshclam:
>  clamav-freshclam depends on clamav (= 0.67-5); however:
>   Package clamav is not configured yet.
> dpkg: error processing clamav-freshclam (--configure):
>  dependency problems - leaving unconfigured
> dpkg: dependency problems prevent configuration of clamav-daemon:
>  clamav-daemon depends on clamav (= 0.67-5); however:
>   Package clamav is not configured yet.
> dpkg: error processing clamav-daemon (--configure):
>  dependency problems - leaving unconfigured
> Errors were encountered while processing:
>  clamav-base
>  clamav
>  clamav-freshclam
>  clamav-daemon
> E: Sub-process /usr/bin/dpkg returned an error code (1)
> 
> What should I do next ?

I made a mistake in clamav-base's postinst.  You have 3 options:

Edit /var/lib/dpkg/info/clamav-base.postinst, and comment or remove all
lines from
if [ -e /etc/clamav/clamav.conf ]
to the final 'fi' before the ';;'

Install the old version, in /var/cache/apt/archives/

Wait until tomorrow, when the fixed version will be out.

Sorry about that,

-- 
 --
|  Stephen Gran  | The human race has one really effective |
|  [EMAIL PROTECTED] | weapon, and that is laughter.   -- Mark |
|  http://www.lobefin.net/~steve | Twain   |
 --


pgp0.pgp
Description: PGP signature

[Clamav-users] FYI: clamav-devel-20040301 build error on Solaris

[Fajar A. Nugraha]

Hi,

building the latest snapshot on Solaris gives this error :
ld: fatal: file dazukoio_compat12.o: wrong ELF machine type: EM_386
ld: fatal: File processing errors. No output written to .libs/clamd
collect2: ld returned 1 exit status
make[2]: *** [clamd] Error 1
make[2]: Leaving directory 
`/opt/clamav-auto-build/clamav-devel-20040301/clamd'

What does a 386 binary doing here? Surely my gcc can't produce that?

Sure enough, I found these files on source tarball:
./clamd/dazukoio.o
./clamd/dazukoio_compat12.o
Deleted these files, and clamav compiles OK.

Regards,

Fajar

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] HMM

[Adrian Gurbina (main)]

SO there is any possible way to make local clamscan to detect the virus
that i ask about cause seem to know about it
if so please give me some ideas
thanks


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamd problem Solaris 8

[Clamav]

Hello!
I have the problem that clamd sometimes crashes. I use ClamAV version
0.66 with clamav-milter version '0.66m' and sendmail 8.12.10 on Solaris
8.

In the clamd.log file I found the following messages:

Tue Mar  2 02:45:38 2004 -> SelfCheck: Database status OK.
Tue Mar  2 02:53:48 2004 -> ERROR: ScanStream: Can't create temporary
file.
Tue Mar  2 02:54:10 2004 -> ERROR: ScanStream: Can't create temporary
file.
Tue Mar  2 02:56:35 2004 -> Session 0 stopped due to timeout.
Tue Mar  2 03:05:02 2004 -> +++ Started at Tue Mar  2 03:05:02 2004

Is this a known problem ?

Thanks
Wolfgang


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav 0.65 not detecting Worm.Bagle.F

[Joey Esquibal]

Sorry, might not be the correct mailing list to post but any comments 
are greatly appreciated.

I have successfully configured MailScanner with ClamAV-0.65. Tested it 
with some of the known viruses like Mydoom and it was indeed detecting 
it. Unfortunately, the new variant of virus (Worm.Bagle) was not being 
detected by ClamAV. Don't have any idea why but here are some of the 
logs that might help debug the problem:

##
Mar  2 15:13:15 MTI-MAIL MailScanner[19945]: New Batch: Scanning 1 
messages, 32592 bytes
Mar  2 15:13:16 MTI-MAIL MailScanner[19945]: Saved archive copies of 
i227DEb5020160
Mar  2 15:13:16 MTI-MAIL MailScanner[19945]: Spam Checks: Starting
Mar  2 15:13:27 MTI-MAIL MailScanner[19945]: Virus and Content Scanning: 
Starting
Mar  2 15:13:27 MTI-MAIL MailScanner[19945]: Uninfected: Delivered 1 
messages
Mar  2 15:13:27 MTI-MAIL sendmail[20171]: i227DEb5020160: 
to=<[EMAIL PROTECTED]>, delay=00:00:13, 
xdelay=00:00:00, mailer=local, pri=152011, dsn=2.0.0, stat=Sent
##

The log above came from the sendmail maillog through MailScanner. I 
tried to send an e-mail with Worm.Bagle virus but it went through my 
tester account.

So, what I did was to invoke the command line of clamscan and scanned 
the mailbox itself. Below are the result:

###
[EMAIL PROTECTED] mail]# clamscan --mbox tester
tester: Worm.Bagle.F-zippwd FOUND
--- SCAN SUMMARY ---
Known viruses: 20350
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.07 MB
I/O buffer size: 131072 bytes
Time: 0.998 sec (0 m 0 s)
###
clamscan had successfully detected the virus.

Any help of pointers are greatly appreciated.

Cheers!

Joey Esquibal

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problem or not?

[Adrian Gurbina (main)]

According to http://www.gietl.com/test-clamav/

File is valid, and was successfully uploaded. clamav scans the file ...
Clamav-Output:/tmp/php3ttpQi: Worm.Bagle.A3 FOUND
And found something: Worm.Bagle.A3

But localy the clamscan dont remove the virus is let it spread over the
network
does any1 know the issue to fix that problem?



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] How to disable notification

[Janis]

Hi!

I am using clamav/sendmail to scan  mail for viruses.

I'd like to know whether is it possible to disable sending of notification
to sender of incomming mail about the virus in the e-mail.

As you know - viruses are using fake addreses, so the person in from field
could be not gilty at all.

Janis



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] password protected zip file

[kengheng]

Hi, Can clamav detected those virus that is 
protected by a password in a zipped file?
 
 
Thanks