[Clamav-users] why don't detect
Hi I've question about my mbox-submission: Submission: 2021 Sender: Korchmenuk Nickolay Submitted virus name: Win32.HLLM.MyDoom.32768 Notes: Triple bounced e-mail with Worm.SCO.A. If Notes: attachment is extracted virus is detected. Added: No Could you say why clamscan and clamdscan didn't detect virus in this e-mail? I've clamav 0.70rc, databases updated every hour. -- Korchmenuk Nickolay 17 Mar 2004 16:50:31 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] why don't detect
Hi On Wed, 17 Mar 2004 17:29:27 +0100 "Diego d'Ambra" <[EMAIL PROTECTED]> wrote: > > Submission: 2021 > > Sender: Korchmenuk Nickolay > > Submitted virus name: Win32.HLLM.MyDoom.32768 > > Notes: Triple bounced e-mail with Worm.SCO.A. If > > Notes: attachment is extracted virus is detected. > > Added: No > > > > Could you say why clamscan and clamdscan didn't detect virus in this > > e- mail? > > I'm unable to tell why the --mbox option didn't detect the virus. Your > sample has been forwarded to Nigel, so I expect he will have more > details. I've 11 e-mails like that with SCO.A, Netsky, I-Frame.exploit etc. -- Korchmenuk Nickolay 18 Mar 2004 09:20:57 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] milter and clamscan
Hi I,ve install clamav 0.70rc vs milter support. Clamav-milter detect viruses well, but I check all incoming mail via procmail(clamscan) additionaly. And clamscan detect some viruses sometime (SomeFool-Gen and others). Why milter doesn't detect that viruses??? I've FreeBSD 5.2.1p1, Sendmail 8.12.11 installed on server. Freshclam update viruses db via cron every hour. -- Korchmenuk Nickolay 18 Mar 2004 09:23:28 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] why don't detect
Hi On Thu, 18 Mar 2004 13:09:13 + Nigel Horne <[EMAIL PROTECTED]> wrote: > On Thursday 18 Mar 2004 7:23 am, Korchmenuk Nickolay wrote: > > I've 11 e-mails like that with SCO.A, Netsky, I-Frame.exploit etc. > Please send to me, the more samples the better! You can download samples from www.nyck.kiev.ua/clamav/ --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] whatis wrong?
Hi I've problem with clamscan: bash-2.05b# clamscan --mbox infected/drweb.quarantine.6v1IlY infected/drweb.quarantine.6v1IlY: OK --- SCAN SUMMARY --- Known viruses: 20482 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.02 MB I/O buffer size: 131072 bytes Time: 0.870 sec (0 m 0 s) bash-2.05b# clamdscan infected/drweb.quarantine.6v1IlY /usr/home/user/infected/drweb.quarantine.6v1IlY: Worm.Bagle.V FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.010 sec (0 m 0 s) Why clamscan doesn't detect virus? -- Korchmenuk Nickolay 29 Mar 2004 15:21:27 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] whatis wrong?
On Mon, 29 Mar 2004 21:37:57 +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Mon, 29 Mar 2004 15:22:42 +0300 > Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote: > > > Hi > > > > I've problem with clamscan: > > > > bash-2.05b# clamscan --mbox infected/drweb.quarantine.6v1IlY > > infected/drweb.quarantine.6v1IlY: OK > > > > --- SCAN SUMMARY --- > > Known viruses: 20482 > The database is outdated. It seems to be true. I've change db dir. but clamscan doesn't read this options from clamav.conf -- Korchmenuk Nickolay 30 Mar 2004 09:42:51 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] rarlib question
Hi Look at this: 1) clamscan without --unrar #clamscan --database=/var/clamav/db rarfail.rar rarfail.rar: RAR module failure. rarfail.rar: OK 2) clamscan with --unrar # clamscan --database=/var/clamav/db --unrar=/usr/local/bin/unrar rarf /usr/home/user/rarfail.rar: RAR module failure. UNRAR 3.30 freeware Copyright (c) 1993-2004 Eugene Roshal Extracting from /usr/home/user/rarfail.rar Extracting test1 OK All OK /var/tmp//717eeede073c5dba/test1: ClamAV-Test-Signature FOUND /usr/home/test/rarfail.rar: Infected Archive FOUND 3) clamdscan (ScanRAR option in clamav.conf is turned on) clamdscan rarfail.rar /usr/home/nyckadm/rarfail.rar: RAR module failure. ERROR Why clamscad doesn't detect ClamAV-Test-Signature? p.s.bash-2.05b# clamscan -V clamscan / ClamAV version devel-20040326 bash-2.05b# clamdscan -V clamdscan / ClamAV version devel-20040326 -- Korchmenuk Nickolay 30 Mar 2004 11:16:29 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] rarlib question
On Tue, 30 Mar 2004 15:43:24 +0500 Sergey <[EMAIL PROTECTED]> wrote: > And more: > "Due to security reasons clamd only scans archives supported by libclamav > and can't use external programs" what about unrar from freebsd ports? could developers include some code from unrarsrc-3.x.xm for rar v3 support? -- Korchmenuk Nickolay 30 Mar 2004 14:58:39 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamd - NEVER use "%f" in your "VirusEvent"
Hi read this: http://www.opennet.ru/base/netsoft/1080715226_147.txt.html -- Korchmenuk Nickolay 01 Apr 2004 11:20:19 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Spam/Virus stats using mrtg
On Sat, 3 Apr 2004 03:21:05 +0200 (CEST)
Jakub Jankowski <[EMAIL PROTECTED]> wrote:
> On 2004-04-02, Antony Stone wrote:
>
> >On Friday 02 April 2004 10:46 pm, Daniel J McDonald wrote:
> >
> >> grep FOUND clamd.log | cut -d \ -f 2 | sort | uniq -c
> >
> >grep FOUND clamd.log | cut -d \ -f 2 | sort | uniq -c | awk '{print $2,$1}'
>
> grep FOUND clamd.log | awk '{print $8}' | sort | uniq -c | sort -k1nr,1
>
> Who's next? ;-)
me :-)
top10 from clamd.log
grep FOUND clamd.log | awk '{print $8}' | sort | uniq -c | sort -r | head
top from clamd.log for current day
grep FOUND clamd.log | grep \"$(date -j \"+%b %e\")\" | grep \"$(date -j \"+%Y\")\" |
awk '{print $8}' | sort | uniq -c | sort -r
virus variations counter
---
grep FOUND clamd.log | awk '{print $8}' | sort | uniq | wc -l
--
Korchmenuk Nickolay
05 Apr 2004 11:03:49
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Names
On Mon, 5 Apr 2004 23:38:08 -0500 "Erick Perez - Vision Media" <[EMAIL PROTECTED]> wrote: > Question: > If Worm.SomeFool is Netsky, then why is not labeled as netsky? > Also, is there a way to make an alias in the virus database so my users can > see netsky instead of Worm.Somefool? It's time to place answer for this question into faq. -- Korchmenuk Nickolay 06 Apr 2004 14:25:24 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Spam/Virus stats using mrtg
Hi On Fri, 02 Apr 2004 20:47:34 -0500 Rick Macdougall <[EMAIL PROTECTED]> wrote: > Or see http://mail.limelyte.net/admin/qsla/ Is it your script? Can I download this script? -- Korchmenuk Nickolay 07 Apr 2004 10:11:55 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] rarlib question
On Tue, 30 Mar 2004 21:28:18 +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Tue, 30 Mar 2004 15:00:50 +0300 > Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote: > > > On Tue, 30 Mar 2004 15:43:24 +0500 > > Sergey <[EMAIL PROTECTED]> wrote: > > > > > And more: > > > "Due to security reasons clamd only scans archives supported by > > > libclamav and can't use external programs" > > what about unrar from freebsd ports? could developers include some > > code from unrarsrc-3.x.xm for rar v3 support? > > Unfortunately the license of unrar-3 conflicts with the GPL. last qustion about rar from me: why clamscan can use external unrar program and clamdscan(clamav-milter) can't? speed? -- Korchmenuk Nickolay 07 Apr 2004 12:50:13 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] How to bypass milter scanning for selectedusers?
On Tue, 13 Apr 2004 16:30:24 +0100 Nigel Horne <[EMAIL PROTECTED]> wrote: > On Tuesday 13 Apr 2004 3:11 pm, Andrei Bucur wrote: > > > can i stop scaning email for selected users ? not from ! > > No-one has ever asked for that before, so the answer is currently no means to do > that. It wood be pretty good to have not only source and destiantion ignore e-mail lists. What about mask([EMAIL PROTECTED] for example) in that lists? and I wood like to ignore scan mail for some subnets. -- Korchmenuk Nickolay 29 Apr 2004 11:16:42 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Your ClamAV installation is OUTDATED
On Thu, 29 Apr 2004 09:17:55 -0400 "Jeff Lanzarotta" <[EMAIL PROTECTED]> wrote: > I'm getting the following error message in my /var/log/freshclam.log file on my > Mandrake 9.2 system: > > WARNING: Your ClamAV installation is OUTDATED - please update immediately ! > WARNING: Current functionality level = 1, required = 2 > > Can someone tell me what this means or where I could find out why I am getting this? > > I have versions: > > clamscan / ClamAV version 0.70-rc > freshclam / ClamAV version 0.70-rc Update to ClamAV version 0.70 -- Korchmenuk Nickolay 29 Apr 2004 16:22:50 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] public key
Hi Where can I find public gpg-key for clamav sources? -- Korchmenuk Nickolay 20 May 2004 11:17:06 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] milter question. -a FROM
Hi man clamav-milter gives --from=EMAIL option, but when I try to start milter it says "unknown option". What's wrong? -- Korchmenuk Nickolay 20 May 2004 12:51:08 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] procmail.
Hi On Sun, 06 Jun 2004 16:05:37 +0200 kitten <[EMAIL PROTECTED]> wrote: > Trashscan is for single users only.. I want a MTA scanner. Trashscan will check all incoming e-mail, if you put .procmailrc from trashscan to /etc/procmailrc(for linix) or to /usr/local/etc/procmailrc (for FreeBSD) -- Korchmenuk Nickolay 07 Jun 2004 08:50:38 --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] can't compile clamav 0.80
Hi I'v got next errors and warnings whe try configure clamav 0.80: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## checking for resolv.h... yes checking whether setpgrp takes no argument... no checking for __gmpz_init in -lgmp... yes checking for curl >= 7.10.0... FAILED configure: WARNING: curl-config was not found checking for mi_stop in -lmilter... no checking for library containing strlcpy... no checking for mi_stop in -lmilter... no configure: error: Cannot find libmilter OS: FreeBSD 5.2.1-RELEASE-p1 Sendmail 8.13.1 clamav 0.80 'configure' options: --disable-clamuko --enable-milter --disable-pthreads --sysconfdir=/usr/local/etc --with-dbdir=/var/clamav/db How can I solve this problems? -- Korchmenuk Nickolay 19 Oct 2004 10:06:33 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] can't compile clamav 0.80
On Tue, 19 Oct 2004 03:16:53 -0400 Dale Walsh <[EMAIL PROTECTED]> wrote: > > OS: FreeBSD 5.2.1-RELEASE-p1 -- Korchmenuk Nickolay 19 Oct 2004 10:23:50 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
