g to e-mail. You should see below.
Hello chatsiri,
I didn't understand much in your email.
At any rate crtmgr is part of a digital signature verification scheme
which is available on master and whose main application is to avoid
false positives on digitally
On 1/22/12 6:40 AM, Chatsiri Ratana wrote:
> Hello All,
>
> After i built code of clamscan success, Visual Studio v.2010
Can you please update to latest master and try again?
--aCaB
___
http://lurker.clamav.net/list/clamav-devel.ht
.
Hope it's clear now.
Cheers,
--aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
ch on the top
of my mind, sorry.
> Just to make sure: what part of the code would need refactoring?
The unz() function.
Cheers,
--aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
values of max-XXXsize in a way that is memory efficient.
After all we're targeting malware which is on avg 2-300 KB in size.
> What is the purpose of fmap/fmap_need_ptr_once?
That's basically an alloc and read.
HtH,
--aCaB
___
http://lurk
r to seen on AC
> algorithms for scanning virus?
Hi,
In an ideal world, you'd run "make install" and then start gdb --args
/path/to/installed/clamscan ...
However, if you want really want to run it from within the build dir,
then you need to use ./libtool --mode=execute gdb --args
On 06/20/11 18:57, Renato Botelho wrote:
> [1] http://www.bayofrum.net/~crees/tinderlogs/clamav-0.97.1.log
Can you guys please attach unit_tests/test-suite.log to
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2923
Thanks,
-aCaB
___
h
working with both versions.
Renato,
We are regression testing the code right now.
If all is good, then it'll be a matter of days, or one week.
If bugs are found, then it might need a little bit more.
Cheers,
--acab
___
http://lurker.clamav.net/list/
Alexander N. Telegin wrote:
> Wrong. The first point is I'm asking for advice from experienced
[snip]
As per the rules of this mailing list, please do not top post.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your
orkaround (some would say skrew)
the GPL limitations without paying a penny to either the software
makers, nor to your poor lawyer.
Do you really expect any sort of help in here?
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
gianni zizzi wrote:
> Hi, I would to know where heuristic algorithm are defined and implemented in
> the source code...
> I have found something in libclamav/special.c, elf.c and blob.c
> ClamAV uses heuristics only for a phishing scan??
Hi Gianni,
Look at pe.c too :)
problem and how can I solve it?
Hi Federico,
this ML is not for bug reporting.
Please open a ticket at http://bugs.clamav.net/
If you do so make sure you follow the guidelines available at
http://www.clamav.net/bugs
-aCaB
___
http://lurker.cla
Ibraheem Khan wrote:
> Hello Edwin,
>
> Thank you for useful information. I have a question as well:
>
> 1) Is PE section MD5 signature created from a particular section like code
> or data or it can be any section.
Can be any section.
-acab
__
Renato Botelho wrote:
> Will be enough to update before 7.2.
Very nice to hear that!
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
sion testing completes successfully, 0.95.1 will be
released early next week (likely on tuesday).
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
ues that 0.95 addresses is API/ABI stability across revisions.
Please take a look at the new API and feel free to suggest anything
could help to limit the issue even more.
Cheers,
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit
ng it wrong.
Please provide a link to the full source code and, when time permits, i
can see what's wrong and possibly offer a complete patch.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
nicolas dumont wrote:
> Is there a way in my Makefile or elsewhere to have the libclamunrar
> directly called
> inside my binary without modifying the call to
> lt_dlopenext("libclamunrar_iface") ?
Your Makefile? Where is it?
-aCaB
__
terday, 0 feature requests.
See http://lurker.clamav.net/message/20081205.152347.a7d7c9ee.en.html
Cheers,
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
queue'.
> -> mailq: fatal: -qQ is not implemented
As a debian user and casual postfix admin I assumed procmail was the
default dropper anyway, but I see this is not the case. And yes, it's
unfortunate that postfix cannot yet handle the quarantine properly.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
achieved
with about 3 lines of code in a sitewide procmail recipe or in a cronned
shell/perl "mailq -qQ" parser, you would probably agree that doing it in
the milter is not the way to go.
Cheers,
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Renato Botelho wrote:
> I've waited over 40 minutes, sending a -TERM each 2 seconds and it
> didn't die
Please open a full bug report and detail the steps needed to reproduce
the issue.
Thanks,
aCaB
___
http://lurker.clamav.net/list/c
milter does no specific signal handling, in fact
libmilter does (and kills clamav-milter on TERM).
Please be aware that it may take a few seconds for the process to die.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
may be subject to some other _minor_ changes.
HtH,
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
an get the reconfigure script to run without --force you should
have no problems.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Vincent Régnard wrote:
> Hi all,
>
> Compiling 0.94.1 within the same environement as I did without trouble
> for 0.94, I encounter the following error that stops the compilation
> process:
>
> + make
> make all-recursive
> make[1]: Entering directory
> `/mnt/pitux_data/rpmbuild/RPM/BUILD/clamav
GMT with daily update 7388.
Apologies.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
ay.
Unfortunately these docs don't help much. A document regarding VBA
formats would have been more helpful but nothing was released yet. :(
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
> Any thoughts or ideas would be greatly appreciated. Thanks!
Hi Matt,
Check http://www.av-test.org/ for a wildlist-based comparison.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
delays :/
Anyway, thanks for pointing it out.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Sergey wrote:
> Is this the gcc 4.1.0 bug only ? What about 3.4.4 and 3.3.3 ?
Hi Sergey,
no other reports so far, besides 4.1.0 which is b0rked and will likely
be blacklisted starting from the next release.
It's unfortunate that some distro has got it installed by default
0 do yourself a favour and upgrade to at least
4.1.1.
Please see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613
If it's not the case, please provide us with a sample.
Thanks,
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Pl
message.
> Thank you.
This is a publicly accessible mailing list...
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
e top of nulsft.c to fix it
>
> Regatds
Fixed in 3094.
Thanks,
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
ted out by the end of this week.
In the meantime stick to stable, comment out the offending code or
provide me with a patch.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
to resolve namespace conflicts between
the real libs and the bastardized NSIS versions once for all.
This will help with your build as well (IIRC you include lzma
decompression for 7zip) which I s'pose may have similar problems.
aCaB
___
http://l
precise the provided fix is not correct, anyway that debug
stuff is going to disappear soon.
aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Gianluigi Tiesi wrote:
> There is a reason if we (clamwin) changed this, we still prefer to skip
> unknown files, and we don't need to care much about html and mail
> files, so I've made some tweaks (not only this one) to save some
> cpu cycles avoiding scan of unneeded files.
> I'm aware that for
Stephen Gran wrote:
> Hello all,
>
> Pretty straight forward stuff, really.
>
Applied, thanks!
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
g and
rebuilding à la procdump, right?
If you were old enough and if you knew what you were doing you'd
probably recall about someone else, back in the dos age, who was feeling
very smart. And you'd also remember about a virus which was only
spreading when scanned by th
Eugene Crosser wrote:
> Sorry if this is already found and/or fixed.
[...]
> Anyone interested to verify/investigate this?
Hi Eugene,
It's been already reported.
Just keep an eye to http://bugs.clamav.net if you want to know when it's
fixed.
Regards
___
happy to have a look at it, perform
regression testing and FP checking.
Regards,
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
information on this subject. Greetings
Heuristic is a very wide (and abused) term.
What do you have in mind? Any more details?
Cheers,
aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
sigmakers to get familiar with the new code and to perform a
huge regression test.
Official sigs will appear soon.
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
Ian Castle wrote:
> The attached patch is meant for discussion rather than inclusion.
Forgot something or was it stripped by mailman?
-aCaB
___
http://lurker.clamav.net/list/clamav-devel.html
James Courtier-Dutton wrote:
> Is this feature currently available in clamav, or will I have to add it
> myself?
Hi James,
it's a faq.
sigtool --md5 EVIL.EXE > /PATH/TO/YOUR/DB/my_own_database.hdb
-aCaB
___
http://lurker.clamav.n
y buffer in the same way it
> scans a file?
Hi James,
Not impossible. Just marginally useful, therefore not in our TODO.
If you're concerned about speed dump the buffer to a ramdisk, as someone
already suggested.
The clamav core is somewhat f(seek|read) centric. Therfore add
James Courtier-Dutton wrote:
>
> How else can I report this?
>
1) Point your browser to http://www.clamav.net/
2) Click on the "submit a sample" link
3) Hold on please...
4) Fill in the various fields
5) Hit the submit button
___
http://lurker.clamav
send a patch against latest cvs to tkojm at clamav.net and ask
him to consider integrating it.
Cheers,
acab
___
http://lurker.clamav.net/list/clamav-devel.html
On 08/18/04 10:17, asif musthafa wrote:
i downloaded the source of clamwin 0.35 and try to build it
but it is not building correctly
it is giving linking error saying unable to link
xGetMonitorInfo
xMonitorFromPoint
xGetSystemMetrics
initially the
Gabor FUNK ha scritto:
http://www.clamav.net/doc/0.72/signatures.pdf
That's the one
I thought I will also make a tutorial on how to get a proper signature
on a virus by using hiew/biew and other tools. Un(?)fortunately, I
started with "maltese" (http://vil.nai.com/vil/content/v_752.htm).
[no, the
My crappy english seems to get worse every day... sorry.
I really meant to ask how to handle virus submissions, not how to upload
new definitions. I.e. what to do when i get a mail saying "Virus
submission number XXX".
Also I was wondering if i need to tell other developers that i'm working
on a
Are you going to use pcre library, or implement certain subset of
regexes yourself?
Yes, we plan to use the pcre library.
Best regards,
Tomasz Kojm
Cool!!!
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Repor
I'd like to know how the upload files are handled and how to tell other
signatures' developers you're working on a particular sample.
TY
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Porta
irtualProtect and
similar api's; i know this can be very tricky and painful to implement
but would still be appreciated
Thanks,
acab
Tomasz Kojm ha scritto:
On Thu, 14 Aug 2003 13:12:20 -0400
Bennett Todd <[EMAIL PROTECTED]> wrote:
For funsies, I decided to play around with adding
Really sorry for possible double posting but i erroneously mailed this
message to the old ml address.
Win32.Alma.5319 (Clam)
Win32.Linda (Clam)
Win32.Pet_Tick.M (Clam)
Win32.Alcarys (Clam)
Win32.Alcarys.B (Clam)
Win32.HLLP.Alco (Clam)
Win32.HLLP.Eter.7168 (Clam)
Win32.HLLP.Eter.8704 (Clam)
Win32
submission sent via Hotmail is rejected
doesn't mean that the clamav db contains it.
On Fri, 27 Jun 2003, clamav wrote:
if its blocked, it means they're already in the db.
so why submit them?
otherwise zipping them with the password 'virus' is
the suggested method i believ
thanks
Daniel Wiberg ha scritto:
zip with password 'virus'
//daniel wiberg
aCaB wrote:
I've tried submitting some samples + definitions to
[EMAIL PROTECTED] but the mail is blocked by the av...
Any hints?
-
To
I've tried submitting some samples + definitions to
[EMAIL PROTECTED] but the mail is blocked by the av...
Any hints?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
e using different parts of code inside a regex,
which is cleaner but slower.
So... what are your suggestions?
Thanks again.
aCaB ha scritto:
Maybe OT, sorry but i'm new to this list.
I've got 55 virii (mostly vbs and Win32 exe's) still not detected. Is
there a way to submit them or mayb
Maybe OT, sorry but i'm new to this list.
I've got 55 virii (mostly vbs and Win32 exe's) still not detected. Is
there a way to submit them or maybe some info on how to generate
patterns to be added to the definition files?
I can do some reversing under win32 to avoid getting tricked by
polymorph
61 matches
Mail list logo
