[Clamav-users] LibClamAV Errors: TNEF
clamd daemon 0.91.2 Hi, Just wondering if I should be worried about seeing a ton of the following messages in the clamav log file: /var/log/clamd/current: 2007-11-01 09:40:43.870951500 LibClamAV Error: TNEF: Incorrect length field in tnef_message 2007-11-01 09:40:43.870985500 LibClamAV Error: Error reading TNEF message I did notice that an older version of clamav was vulnerable to malformed tnef message (see http://secunia.com/advisories/16180/ ) but I'm not sure if this is some new vulnerability attack on clamav. Also, based on the above log entries, what happens to these messages when clamav encounters these errors? thx, SW ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Errors: TNEF
Hi Nigel, Thanks for the relpy! Just wondering if you or anyone else can respond to my other question based on the log entries, what happens to these messages when clamav encounters the TNEF errors? Are the email messages not scanned, skipped or classified as viruses and deleted? thx again, SW Nigel Horne wrote: > Steve West wrote: >> clamd daemon 0.91.2 >> >> Hi, >> >> Just wondering if I should be worried about seeing a ton of the >> following messages in the clamav log file: > > No you should not be worried. Quite the opposite, it demonstrates that > ClamAV is doing its job and blocking attempted DOS's from breaking into > your network. > >> SW > > > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Errors: TNEF
Nigel Horne wrote: > That depends on what you have configured ClamAV to do, and whether the > message has other attachments. I have clamav to delete any message that is found to contain a virus. But I'm not sure how do I check what clamav does with a message that encounters this TNEF error. I've looked at my clamav.conf file but didn't see anything there, so I appreciate if you can elaborate on what clamav does with an email message when it encounters this error. thx again for all the help! SW > >> >> thx again, >> >> SW >> >> Nigel Horne wrote: >>> Steve West wrote: >>>> clamd daemon 0.91.2 >>>> >>>> Hi, >>>> >>>> Just wondering if I should be worried about seeing a ton of the >>>> following messages in the clamav log file: >>> No you should not be worried. Quite the opposite, it demonstrates that >>> ClamAV is doing its job and blocking attempted DOS's from breaking into >>> your network. >>> >>>> SW > > > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Errors: TNEF
Milton Calnek wrote: > That depends on your mailer/helper apps. > So what is your mta? > mta: qmail > How does it invoke clamav? > clamdmail: http://clamdmail.sourceforge.net > > Steve West wrote: > >> Hi Nigel, >> >> Thanks for the relpy! Just wondering if you or anyone else can respond >> to my other question based on the log entries, what happens to these >> messages when clamav encounters the TNEF errors? Are the email messages >> not scanned, skipped or classified as viruses and deleted? >> >> thx again, >> >> SW >> >> Nigel Horne wrote: >> >>> Steve West wrote: >>> >>>> clamd daemon 0.91.2 >>>> >>>> Hi, >>>> >>>> Just wondering if I should be worried about seeing a ton of the >>>> following messages in the clamav log file: >>>> >>> No you should not be worried. Quite the opposite, it demonstrates that >>> ClamAV is doing its job and blocking attempted DOS's from breaking into >>> your network. >>> >>> >>>> SW >>>> >>> >>> >>> ___ >>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >>> http://lurker.clamav.net/list/clamav-users.html >>> >>> >> ___ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://lurker.clamav.net/list/clamav-users.html >> >> > > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV claiming Trojan.JS.Downloader Found
ClamAV 0.93
Hi,
Just wondering why clamav reports the attached files as being a virus:
Trojan.JS.Downloader-1. I'm not sure what the compressed code translates
to and wasn't sure if there are any online tools which would safely
unpack it to try to see if the code does contain any malicious content.
mouseover.js: Trojan.JS.Downloader-1 FOUND
smooth.js: Trojan.JS.Downloader-1 FOUND
ie2.js: Trojan.JS.Downloader-1 FOUND
Here is the code from one of the files (ie2.js) just in case the mailing
list blocks the attached files:
eval(function(p,a,c,k,e,r){e=function(c){return
c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return
r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new
RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('b.2("a",1(){$$("#6
4").9(1(0){0.2("7",1(){0.8("3")});0.2("5",1(){0.c("3")})})});',13,13,'el|function|addEvent|sfHover|li|mouseleave|navigacija|mouseenter|addClass|each|load|window|removeClass'.split('|'),0,{}))
thx,
SW
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Freshclam Can't Connect for past several days
Hi, For the past couple of days our CA installations all have been having issues when running freshclam for updates w/ something like the following: ERROR: getpatch: Can't download daily-816X.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net So, I tried running freshclam manually and several DNS tests based on the info at http://www.clamav.net/support/mirror-problem and here is what I see: [EMAIL PROTECTED] ~]# host -t txt current.cvd.clamav.net current.cvd.clamav.net descriptive text "0.94:48:8175:1220743741:1:35" [EMAIL PROTECTED] ~]# host database.clamav.net. database.clamav.net is an alias for db.local.clamav.net. db.local.clamav.net is an alias for db.us.rr.clamav.net. db.us.rr.clamav.net has address 64.246.134.219 db.us.rr.clamav.net has address 168.143.19.95 db.us.rr.clamav.net has address 207.57.106.31 db.us.rr.clamav.net has address 209.170.150.7 [EMAIL PROTECTED] ~]# dig @ns1.clamav.net db.us.big.clamav.net ; <<>> DiG 9.4.2 <<>> @ns1.clamav.net db.us.big.clamav.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11745 ;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 7, ADDITIONAL: 7 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;db.us.big.clamav.net. IN A ;; ANSWER SECTION: db.us.big.clamav.net. 60 IN A 64.246.134.219 db.us.big.clamav.net. 60 IN A 65.120.238.2 db.us.big.clamav.net. 60 IN A 65.120.238.5 db.us.big.clamav.net. 60 IN A 138.123.96.134 db.us.big.clamav.net. 60 IN A 155.98.64.86 db.us.big.clamav.net. 60 IN A 168.143.19.95 db.us.big.clamav.net. 60 IN A 194.47.250.218 db.us.big.clamav.net. 60 IN A 199.184.215.2 db.us.big.clamav.net. 60 IN A 207.57.106.31 db.us.big.clamav.net. 60 IN A 208.67.80.27 db.us.big.clamav.net. 60 IN A 208.72.56.53 db.us.big.clamav.net. 60 IN A 209.8.40.140 db.us.big.clamav.net. 60 IN A 209.170.150.7 db.us.big.clamav.net. 60 IN A 64.142.100.50 ;; AUTHORITY SECTION: clamav.net. 1200IN NS ns3.clamav.net. clamav.net. 1200IN NS ns4.clamav.net. clamav.net. 1200IN NS ns5.clamav.net. clamav.net. 1200IN NS ns6.clamav.net. clamav.net. 1200IN NS ns7.clamav.net. clamav.net. 1200IN NS ns1.clamav.net. clamav.net. 1200IN NS ns2.clamav.net. ;; ADDITIONAL SECTION: ns1.clamav.net. 86400 IN A 216.15.159.94 ns2.clamav.net. 86400 IN A 209.9.232.3 ns3.clamav.net. 86400 IN A 195.70.36.141 ns4.clamav.net. 86400 IN A 209.9.232.3 ns5.clamav.net. 86400 IN A 213.92.8.2 ns5.clamav.net. 86400 IN 2001:1418:13:1::1 ns6.clamav.net. 86400 IN A 208.201.249.238 ;; Query time: 44 msec ;; SERVER: 216.15.159.94#53(216.15.159.94) ;; WHEN: Sat Sep 6 19:27:10 2008 ;; MSG SIZE rcvd: 512 # freshclam -v Current working dir is /hsphere/local/config/mail/clamav/dbs Max retries == 5 ClamAV update process started at Sat Sep 6 19:17:26 2008 Querying current.cvd.clamav.net TTL: 900 Software version from DNS: 0.94 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.93.3 Recommended version: 0.94 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd version from DNS: 48 main.cld is up to date (version: 48, sigs: 399264, f-level: 35, builder: sven) daily.cvd version from DNS: 8175 Retrieving http://database.clamav.net/daily-8165.cdiff Ignoring mirror 64.246.134.219 (due to previous errors) Ignoring mirror 168.143.19.95 (due to previous errors) Ignoring mirror 207.57.106.31 (due to previous errors) Trying host database.clamav.net (209.170.150.7)... connect_error: getsockopt(SO_ERROR): fd=4 error=110: Connection timed out Can't connect to port 80 of host database.clamav.net (IP: 209.170.150.7) WARNING: getpatch: Can't download daily-8165.cdiff from database.clamav.net Retrieving http://database.clamav.net/daily-8165.cdiff Ignoring mirror 64.246.134.219 (due to previous errors) Ignoring mirror 168.143.19.95 (due to previous errors) Ignoring mirror 207.57.106.31 (due to previous errors) Trying host database.clamav.net (209.170.150.7)... connect_error: getsockopt(SO_ERROR): fd=4 error=110: Connection timed out Can't connect to port 80 of host database.clamav.net (IP: 209.170.150.7) WARNING: getpatch: Can't download daily-8165.cdiff from database.clamav.net Retrieving http://database.clamav.net/daily-8165.cdiff Ignoring mirror 64.246.134.219 (due to previous errors) Ignoring mirror 168.143.19.95 (due to previous errors) Ignoring mirror 207.57.106.31 (due to pr
[Clamav-users] unresolved:libclamav.a
Why do iI get these unresolved? I am linking with libclamav.a. Steve /home/Steve/src/smtpd.c:2372: undefined reference to `cl_load' /home/Steve/src/smtpd.c:2379: undefined reference to `cl_build' /home/Steve/src/smtpd.c:2382: undefined reference to `cl_strerror' /home/Steve/src/smtpd.c:2383: undefined reference to `cl_free' smtpd.o: In function `saveMsg': /home/Steve/src/smtpd.c:3550: undefined reference to `cl_scanfile' /home/Steve/src/smtpd.c:3556: undefined reference to `cl_strerror' collect2: ld returned 1 exit status ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
