[clamav-users] Clam 0.97.8 not scanning rar

2013-07-07 Thread Nicholas Chua 
Hi,

I had recently upgrade to 0.97.8 and having problem scanning a virus within rar

clamscan test.rar
test.rar: OK

If i uncompress it.

clamscan Label_test.exe
test.exe: Win.Trojan.PSW-13 FOUND

I have enabled the below in clamd.conf
ScanArchive yes
ScanPE yes


Did i missed out anything?

regards
nic
  
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clam 0.97.8 not scanning rar

2013-07-07 Thread Nicholas Chua 
> > > Did i missed out anything?
> > 
> > clamconf output ?
> > 
> > search for libunrar

Don't seem to have that library
  
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clam 0.97.8 not scanning rar

2013-07-07 Thread Nicholas Chua 
> > Don't seem to have that library
> 
> compiled from source ?
> 
> its part of clamav this lib
> 
> maybe just have an old lib that is not working with 0.97.8 installed ?
> 
> clamconf shows imho compile options, cant remember if it can be 
> disabled, since i use gentoo where it works

installed from epel repo and clamconf shows --disable-unrar

So i uninstall it and installed 0.97.7 from rpmforge

clamscan test.rar
test.rar: Win.Trojan.PSW-13 FOUND

Will be sticking to this version until someone build it with rar support for 
0.97.8.

Thanks


  
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clam 0.97.8 not scanning rar

2013-07-07 Thread Nicholas Chua 
> > It is not built in the Fedora RPMBuild process as a result. I build
> > my own RPM files and don't include it either.

Would you share your rpm or src with me?
 
> unrar is free, rar is paid, why the heck rpm have precompiled problems 
> is beyong me

I wonder why epol Packager does not enabled it since it is good to have it.

Thanks
nic
  
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clam 0.97.8 not scanning rar

2013-07-08 Thread Nicholas Chua 
Dear all,

Please take note that the requirement is unrar and it is free. Rar is non free


Regards
Nic


On 8 Jul, 2013, at 11:36 PM, "Shawn Webb"  wrote:

> Attempting to find out who the maintainer is resulted in this IRC
> conversation:
> 
> 11:24 < lattera> anyone know where I can go to find out who the maintainer
> is for the clamav package?
> http://dl.fedoraproject.org/pub/epel/6/x86_64/repoview/clamav.html
> 11:24 < lattera> I think it's this guy, but the link he gives that says
> "these are the packages I maintain" doesn't reference clamav:
> https://fedoraproject.org/wiki/User:Orion
> 11:25 < nirik> lattera: why does it matter? did you find a bug?
> 11:25 < lattera> he's set clamav to not support rar files
> 11:25 < lattera> we need him to add rar file support
> 11:25 < lattera> (we being the core clamav development team)
> 11:26 < nirik> please file a bug.
> 11:26 < nirik> sadly rar is a horrible non free format, so not sure it can
> be supported.
> 11:31 < lattera> it was supported for 0.97.7 but the support for it was
> removed by the package maintainer (even though support for rar is still
> included in the clamav code) after we released 0.97.8 and the package
> maintainer updated the package
> 11:32 < nirik> until recently there was no rar support in fedora or epel.
> 
> 
> On Mon, Jul 8, 2013 at 11:15 AM, Joel Esler  wrote:
> 
>> On Jul 7, 2013, at 11:51 AM, Nicholas Chua 
>> wrote:
>>>>> Don't seem to have that library
>>>> 
>>>> compiled from source ?
>>>> 
>>>> its part of clamav this lib
>>>> 
>>>> maybe just have an old lib that is not working with 0.97.8 installed ?
>>>> 
>>>> clamconf shows imho compile options, cant remember if it can be
>>>> disabled, since i use gentoo where it works
>>> 
>>> installed from epel repo and clamconf shows --disable-unrar
>>> 
>>> So i uninstall it and installed 0.97.7 from rpmforge
>>> 
>>> clamscan test.rar
>>> test.rar: Win.Trojan.PSW-13 FOUND
>>> 
>>> Will be sticking to this version until someone build it with rar support
>> for 0.97.8.
>> 
>> Instead of me having the scour the internet, can someone pass me the email
>> address for the package maintainer here, and I’ll try and coordinate with
>> them to fix this problem in their build?
>> 
>> Thanks.
>> 
>> --
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> Sourcefire
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clam 0.97.8 not scanning rar

2013-07-08 Thread Nicholas Chua 
Hi,

Just putting across that rar is not a requirement and it is not supported. Only 
unrar is, and it is not incorporated in the 0.97.8 epel build.

Thanks
Nic


Regards
Nic


On 8 Jul, 2013, at 11:49 PM, "Dennis Peterson"  wrote:

> On 7/8/13 8:39 AM, Nicholas Chua wrote:
>> Dear all,
>> 
>> Please take note that the requirement is unrar and it is free. Rar is non 
>> free
>> 
>> 
>> Regards
>> Nic
> 
> Is unrar also unencumbered? That does not appear to be the case according to 
> the
> license.
> 
> dp
> 
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clam 0.97.8 not scanning rar

2013-07-09 Thread Nicholas Chua 
Hmmm. Isn't there a libunrar? 


Regards
Nic


On 9 Jul, 2013, at 11:34 PM, "Joel Esler"  wrote:

> We're just going to have to recommend that you build from source on Fedora.
> We'll have to put something on the website about it.  The maintainers for
> Fedora will not build unrar into Fedora as it is "unfree".
> 
> 
> 
> 
> On Tue, Jul 9, 2013 at 9:07 AM, Benny Pedersen  wrote:
> 
>> Dennis Peterson skrev den 2013-07-08 17:47:
>> 
>> 
>> Spec File (salient parts):
>>> %changelog
>>> * Tue Apr 23 2013 Orion Poplawski  - 0.97.8-1
>>> - Upgrade to 0.97.8
>>> - Updated daily.cvd
>> 
>> get rid of cvd files in rpm updates
>> 
>> issue a initial freshclam instaed
>> 
>> 
>> --
>> senders that put my email into body content will deliver it to my own
>> trashcan, so if you like to get reply, dont do it
>> __**_
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/**ml 
> 
> 
> 
> -- 
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clam 0.97.8 not scanning rar

2013-07-09 Thread Nicholas Chua 

> 
> http://www.rarlab.com/rar/unrarsrc-5.0.7.tar.gz
> 
> ignorants

Calling yourself?
  
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Sig missing

2018-03-25 Thread Nicholas Chua 
Hi,

I noticed that signatures are missing. Is this normal?

 

An example.

Purchase Order123.iso: Win.Trojan.Agent-6480597-0 FOUND

 

Regards

nic

 

 

 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Sig missing

2018-03-25 Thread Nicholas Chua 
> What do you mean by missing? It's still in my database...
>
> $ sigtool -fWin.Trojan.Agent-6480597-0
> [daily.hsb]
4c26f2d46400405f253c26e85ceadd51:507904:Win.Trojan.Agent-6480597-0:73
> 
> Added by daily 24409 on or about 21 March.

This is the file which is being detected before. Now it is not recognized

[root@fantastic Test]# clamscan ../Virus/Purchase\ Order123.iso
../Virus/Purchase Order123.iso: Purchase Order123.com.UNOFFICIAL FOUND



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Sig missing

2018-03-25 Thread Nicholas Chua 


>> [root@fantastic Test]# clamscan ../Virus/Purchase\ Order123.iso 
>> ../Virus/Purchase Order123.iso: Purchase Order123.com.UNOFFICIAL FOUND
>
> You are using some unofficial signatures, and this one has already
detected that file as infected, so no additional signatures will be checked.
If you disabled that unofficial database, it should show up again 
> with the original detection signature.

I was the one submitted the virus. Before the official signature is being
generated, I used sigtool to create a temporary one. Also, if an official
signature is in the database, the file should be detected officially and not
my unofficial signature. 

It was detected official some days ago and suddenly it got only detected by
my unofficial sig. How come? 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-users] Nude links on www.clamav.org

2003-12-10 Thread Nicholas Chua 
The domain clamav.org is not registered anymore. I did not mantain the
domain since a few months back after I was posted to Malaysia 2 months ago.

regards



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Nude links on www.clamav.org

2003-12-10 Thread Nicholas Chua 
> At 08:47 AM 12/10/2003, Nicholas Chua wrote:
> >The domain clamav.org is not registered anymore. I did not mantain the
> >domain since a few months back after I was posted to Malaysia 2 months
ago.
>
> well, clearly the domain *is* registered, as it's reachable and the roots
> are delegating it. or did you mean not registered to _you_ anymore?

Oh yes, I went to netsol.com todo a whois and i saw that is registered. I
did a whois on my machine, it was not known as registered.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Nude links on www.clamav.org

2003-12-10 Thread Nicholas Chua 


> On Thu, 11 Dec 2003 at  0:47:57 +0800, Nicholas Chua wrote:
> > The domain clamav.org is not registered anymore. I did not mantain the
> > domain since a few months back after I was posted to Malaysia 2 months
ago.
> >
>
> It's a pity that you didn't inform us about your intention of dropping
> clamav.org :-(( .  We could register it for ClamAV.

As I moved here, I could not get an internet connection. My mailed are
checked by my collegues, printed out and courier to me. Only at times, i can
get connected via internet cafes. As there are too many mails, i could only
reply and response to certain emails.

Very sorry for not holding on to the domain.

regards



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Nude links on www.clamav.org

2003-12-10 Thread Nicholas Chua 
>I'm sorry to hear that you totally ignored that really important thing
>to us, Nicholas. I have the last question to you: Why did you buy
>www.clamav.org and what was your intention in doing it ?

I am not kidding. Certain parts of  Malaysia are still in thick jungles. The
place i am in has electricity and water supply, the only thing, no telephone
lines. ncmbox.net is my personnel email, most of emails are from newgroups,
I couldnt get my collegue to print out my personnel emails. And also, I had
set 7 days to del mails from the mailserver. Therefore i had missed out alot
of mails altogether.

ClamAV was the only solution i had when i wanted to integrate an antivirus
to a mailserver. The database was small that time. Most of my friends
laughed at me, ask me what kind of virus i can block. I did not give it up,
instead i when round looking for virii, and help up with the database. If i
am not wrong, i had submitted and created a few thousands signitures.
Finally, I ran out of virus to submit, so i thought i could register
clamav.org to help distribute the software. After sometime, I had even
thought of creating the signitures and upload them into the main database.
But my knowledge is limited, i do not know how to, and before i can, i was
posted over here.

I am still very sorry for not holding up the domain. If there is a need for
me to do anything, in my means i will. Just let me compensate to the ClamAV
team.

regards



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [users] Suddenly increased memory appetite

2002-10-11 Thread Nicholas Chua 
Tomasz Kojm wrote:
>> can anyone tell if the 0.51 works with qmail-scanner 1.14?
>
> Yes, it works. The softlimit should be about 10 Mb.

I realised as the database gets bigger it requires more. I am using 16mb now
with about "Known viruses: 2146"


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[users] freshclam error

2002-10-11 Thread Nicholas Chua 


any idea? 
 
[EMAIL PROTECTED] root]# freshclamChecking for a new 
database - started at Fri Oct 11 19:00:42 2002Current working dir is 
/usr/local/share/clamavConnected to clamav.elektrapro.com.Reading md5 
sum (viruses.md5): ERROR: Malformed md5 checksum detected.ERROR: Can't get 
viruses.md5 sum from clamav.elektrapro.com
Attachment:
smime.p7s


bin0.bin
Description: "Description: application/pkcs7-signature"

Re: [clamav-users] Which is the latest snapshop?

2003-06-10 Thread Nicholas Chua 
> It's a bit confused here, from the http://www.clamav.org/snapshot/
> the most recent seem to be clamav-20030317.tar.gz, but I have here a
> snapshot clamav-20030331.tar.gz.
>

Please use the snapshot clamav-20030605.tar.gz  from
http://clamav.elektrapro.com. I am in the mist of updating clamav.org


regards


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] More False Positives

2003-06-16 Thread Nicholas Chua 
> I appear to be getting a large number of false reports of
> Exploit.IFRAME.Generic in old Mozilla and Netscape cache files after the
> db update on Friday.

That means you are hit by the JS.FORTNIGHT virus. Norton Antivirus picked
them up on my emails when that sig was not added into the db.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Catching W32.Sobig.E@mm ?

2003-06-29 Thread Nicholas Chua 
> I caught it in my Antivirus/File blocking procmail filters, which is how I
> know it got through.

Have you updated your virus def/sig using freshclam? The sig was added some
days back.

> Since I have NO idea how to write an effective signature rule, any chance
> one of you more knowledgeable types could give it a shot?
> I have MANY MANY copies from blocked mails...

Please visit http://clamav.elektrapro.com/doc/signatures.pdf


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Upgrade question

2003-06-18 Thread Nicholas Chua 

> If I already have clamav installed and want to install a new snapshot, do
> i just install it like normal and it will overwrite old files? Thanks.
> 

That will be alright.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] FortNight virus

2003-06-05 Thread Nicholas Chua 
Well, I have the same problem too.

Symantec Email Proxy deleted the following email message:

From: "Diego d'Ambra" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: [clamav-users] FortNight virus

I got this reply from norton after i enable email scanning immediately after
Fajar wrote his 1st email.

Btw, the 1st email, which Fajar sent has the virus too. Norton picked it up
and deleted it automatically.

regards

- Original Message - 
From: "Fajar Arief Nugraha" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 05, 2003 4:00 PM
Subject: Re: [clamav-users] FortNight virus


> Nope. Email still gets thru. Database was updated. Sent sample to
> [EMAIL PROTECTED]
>
> bash-2.03# grep -i fortnight viruses.db
> Exploit.FortNight
>
(Clam)=3c4449563e3c494652414d45207372633d334422687474703a2f2f772e70726f7
3746f6c2e636f6d2f6d2e68746d6c222077696474683d3344303d3230
> JS.FortNight.E
>
(Clam)=3c4449563e3c494652414d453d32300a7372633d334422687474703a2f2f77303
0312e7570702e736f2d6e65742e6e652e6a703a3331323840253631253732253638253635253
6462532452536332536462536442f6d2e3d
>
>
> Diego d'Ambra wrote:
>
> >There are many versions of FortNight (IFrame exploits). The one you
> >mention is version JS.FortNight.E - this was added to the signature
> >database yesterday (04-june-2003 20:45).
> >
> >Best regards,
> >Diego d'Ambra
> >
> >
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] mirrors.txt

2003-06-10 Thread Nicholas Chua 
use the lastest snapshot. 0.54 and below do not have the mirror.txt

- Original Message - 
From: "Ed Greenberg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 11, 2003 12:35 AM
Subject: Re: [clamav-users] mirrors.txt


> My /usr/local/share/clamav contains only viruses.db and viruses.db2. Is
the
> mirrors file optional? If so, what is it's file format?
>
> 
>
> --On Tuesday, June 10, 2003 6:13 PM +0200 Tomasz Kojm
<[EMAIL PROTECTED]>
> wrote:
>
> >> Where does mirrors.txt live? It's not in /usr/local/etc, along with
> >> clamav.conf.
> >
> > Check /usr/local/share/clamav (the database directory). BTW,
> > clamav.ozforces.com is down.
> >
> > Best regards,
> > Tomasz Kojm
> > --
> >   oo.  [EMAIL PROTECTED]
> >  (\/)\.http://www.konarski.edu.pl/~zolw
> > \..._  I nie zapomnij kliknac w brzuszek...
> >   //\   /\\ <- C. Amboinensiswww.pajacyk.pl
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] More False Positives

2003-06-17 Thread Nicholas Chua 
> I'm not totally convinced.
> 
> The files reporting the Exploit.IFRAME.Generic virus are Mozilla cache
> files from Dec 2001 (archived data) and were "OK" last week.
> Now I have over a dozen of them.
> Norton does not find a virus in the same files.

I still do have the files. If you want, i can email to you.

regards


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[clamav-users] Re: More False Positives

2003-06-17 Thread Nicholas Chua 
The files which i submitted to the virus ml. These files are detected by 
norton as Js.Fortnight. 

regards 

Steven J. Reilly writes: 

What files?? 

Steve 

On Tue, 2003-06-17 at 10:32, Nicholas Chua wrote:
> I'm not totally convinced.
> 
> The files reporting the Exploit.IFRAME.Generic virus are Mozilla cache
> files from Dec 2001 (archived data) and were "OK" last week.
> Now I have over a dozen of them.
> Norton does not find a virus in the same files. 

I still do have the files. If you want, i can email to you. 

regards 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Steven J. Reilly, EDA Engineer
Allegro Microsystems Europe Ltd
Stuart House, Eskmills Park,
Musselburgh, EH21 7PB, Scotland.
Tel:   +44 (0)131 273 4306
Fax:  +44 (0)131 273 4301
e-mail: [EMAIL PROTECTED] 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] zip files nto being scanned

2003-06-27 Thread Nicholas Chua 

> Looks like it is catching it today!
> Thanks

If you like, sign up [EMAIL PROTECTED]  maillist. Whenever a new
sig is added, you will be informed.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] clamav stop responding

2003-06-23 Thread Nicholas Chua 
>   my qmail just went down this morning
>   and it leave this error msgs at smtp log:
>
> @40003ef654c7299bb1fc
X-Qmail-Scanner-1.16:[ns.ck-pttuntex.com10563309394263276] clam_scanner:
corrupt or unknown ClamAV scanner error or memory/resource/perms problem -
exit status 50
>
> and in the client said 451_qq_temporary_problem_(#4.3.0)
> suidperl already +s
> everything just went smoothly for 2 weeks...
> hope anyone could help me with these probs

increase the softlimit in the /var/qmail/supervise/qmail-smtpd/run file ie.

exec /usr/local/bin/softlimit -m 1500 \


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[clamav-users] error compiling 0.54

2003-06-03 Thread Nicholas Chua 



Hi list
 
 had tried to make version 0.54 and encountered the following error.
 
In file included from 
zziplib/zzip-dir.c:15:zziplib/zzip-file.h:20:18: zlib.h: No such file or 
directorymake[1]: *** [zzip-dir.lo] Error 1make[1]: Leaving directory 
`/var/src/clamav-0.54/libclamav'make: *** [all-recursive] Error 
1
I am running Redhat 7.3 with qmail. As i was unable 
to install 0.54, i had installed 0.53 instead. But i will really like to upgrade 
it to 0.54
 
Please help
 
regards

Re: [clamav-users] Strange viruses.db2 file problem

2003-06-30 Thread Nicholas Chua 

> What is your clamav version ? Do you know the exact date when that
happened ?

I think its 23rd June .

Checking for a new database - started at Mon Jun 23 10:16:21 2003
viruses.db is up to date.
ERROR: The checksum of viruses.db2 database isn't ok. Please check it
yourself o
r try again.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[clamav-users] error compiling 0.54

2003-06-03 Thread Nicholas Chua 



Please ignore the previous email. i found the 
solution in the archives. sorry.
 
regards
 
 

Re: [clamav-users] Strange viruses.db2 file problem

2003-06-30 Thread Nicholas Chua 
> Jun 30 10:13:14 mail X-Qmail-Scanner-1.16:
[mail.mydomain.com10569823944261775] clam_scanner: corrupt or unknown ClamAV
scanner error or
> memory/resource/perms problem - exit status 50

If  i am not wrong, this question should be asked in the qmail maillist.
Anyway, increase your softlimit to a higher value in the
/var/qmail/supervise/qmail-smtpd/run file.  ie. exec
/usr/local/bin/softlimit -m 1500 \

> Checking for a new database - started at Mon Jun 23 10:16:21 2003
> viruses.db is up to date.
> ERROR: The checksum of viruses.db2 database isn't ok. Please check it
yourself o
> r try again.

Try deleting away viruses.db2  and freshclam manually.

regards


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Problem with signature for Worm.Nicehello.A

2003-07-03 Thread Nicholas Chua 
> deferral: 1.2.3.4_failed_after_I_sent_the_message./Remote_host_said:_451
> _qq_temporary_problem_(#4.3.0)/
> I am using clamscan 0.54 with qmail and qmailscanner:
> X-Qmail-Scanner-1.15:[] clam_scanner: corrupt or unknown ClamAV
> scanner/resource problems - exit status 50

The solution for this has been repeated so many times, and this is a
qmail-scanner question. Anyway, just increase the softlimit in the run file.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] CAN DETECT THIS VIRUS???

2003-07-14 Thread Nicholas Chua 
>Anybody can detect this virus using clamscan command >line?

This virus is Worm.Sobig.C which is already detected by ClamAV. You might be
interested in amavisd-new.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[clamav-users] false detect on JS.FORTNIGHT.E-2

2003-07-10 Thread Nicholas Chua 
Hi List, 

I am having some problem on the detection of this particulat virus 
JS.FORTNIGHT.E-2. Whenever my user attach a html signature to his email, the 
email will be rejected by clam stating that it is infected by the above. So 
i asked him to reject his signature and all went swell. Can someone help me 
to verify it? 

thanks & regards
nicholas chua
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Problem with signature for Worm.Nicehello.A

2003-07-03 Thread Nicholas Chua 
Hi Jason,

> > After removing the signature for Worm.Nicehello.A everthing works again
> > as before.
>
> I don't know why that might happen, but try this one instead:
>
> Worm/NiceHello
(Clam)=c142d43b0b6f6c612cd3200d51df54126f20656c20b667d1d7ba6f096675656e16710
61d70ad8af606816574692925dededeba61226d10696d69303b20790e736162aabcb9d716193
f07736f6cdbff5b23f717766f7321212e2053616c752973ff02460013612e65786560cb26671
30d759fd2b561cd735499a684695bfb

Its not the sig. But its his qmail.

regards


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] qmail-scanner

2003-07-04 Thread Nicholas Chua 
> I actually use spamassasin. This is the shell script in
> qmail-queue:
> #!/bin/sh
> /opt/spamassassin/bin/spamc -f | /var/qmail/bin/qmail-queue.orig
>
> It works like a charm. But now, I want to use clamav. It´s installed
> and the daemon is running.
>

What i did was to install clamav and spammassassin. After that
qmail-scanner. Qmail-scanner will detect them both. Modify the qmail-smtp
run file with qmail-queue and increase the softlimit.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Clamav-users] MSBlast

2003-08-14 Thread Nicholas Chua 
W.D. McKinney wrote:
> Is the MSBlast worm in clamav db2 yet ?
> http://clamav.elektrapro.com/cgi-bin/sendvirus.cgi does not show it ?

If i am not wrong, it is been detected as Worm.Blaster.A 



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users