Philip Mak wrote:
On Tue, Sep 23, 2003 at 12:34:41AM -0400, Flinn Mueller wrote:
On Tuesday, September 23, 2003, at 12:13 AM, Philip Mak wrote:
When I scan a MIME message using ClamAV, can I just feed the raw
message into ClamAV, or do I have to use ripmime first to extract the
individual attach
René Bellora wrote:
hi!
live virus sample in: http://rana.dyndns.org/mbox.txt
i'm using clamscan version 20030829, and when i do 'clamscan --mbox'
on the aforementioned, i get:
clamscan: message.c:739: decodeLine: Assertion `strlen(line) <= 76' failed.
Aborted
it seems that the encoding h
Is this a safe way to use /tmp? Or is it vulnerable to the local
symlink attack where another user on the system predicts the filename
I am going to create, and makes a symlink using that name and does
nasty things?
TIME=$(/bin/date "+%s")
FILE="/tmp/clamscan.$TIME.$PPID.orig"
DIR="/tmp/clamscan.$
On Tue, Sep 23, 2003 at 12:34:41AM -0400, Flinn Mueller wrote:
> On Tuesday, September 23, 2003, at 12:13 AM, Philip Mak wrote:
>
> >When I scan a MIME message using ClamAV, can I just feed the raw
> >message into ClamAV, or do I have to use ripmime first to extract the
> >individual attachments i
* Jim B <[EMAIL PROTECTED]> [20030922 23:37]: wrote:
> Hi folks,
>
> I've got clamd (from clamav-0.60) running fine on a FreeBSD 4.8 system.
> It's set up to log to a clamd.log file, which works fine.
>
> However, after uncommenting LogSyslog in clamav.conf and
On Tuesday, September 23, 2003, at 12:13 AM, Philip Mak wrote:
When I scan a MIME message using ClamAV, can I just feed the raw
message into ClamAV, or do I have to use ripmime first to extract the
individual attachments into files first?
No you don't have to use ripmime.
I've tested a virus mess
When I scan a MIME message using ClamAV, can I just feed the raw
message into ClamAV, or do I have to use ripmime first to extract the
individual attachments into files first?
I've tested a virus message I received, by scanning first the whole
MIME message, then just the attachment. ClamAV detecte
On Mon, Sep 22, 2003 at 03:26:02PM -0500, Tom Walsh wrote:
>
> I have written a shell script wrapper for clamscan (more specifically
> clamdscan/clamd) that I call from maildrop... If you want to see the
> maildrop script message me offline as it isn't 100% relevant to this list.
I will check the
Hello
_
Get MSN 8 Dial-up Internet Service FREE for one month. Limited time offer--
sign up now! http://join.msn.com/?page=dept/dialup
---
This sf.net email is sponsored by:Th
Under RedHat 9, after
./configure --sysconfdir=/etc --enable-milter
make clean all
I got:
...
Making all in clamav-milter
make[1]: Entering directory `/usr/local/clamav-0.60/clamav-milter'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/usr/local/clamav-0.60/clamav-milter'
...
::I get a permission denied error why I try to download from:
::
::http://mail.ala.net/spam/clamscan.sh
::
Sorry about that... I copied over the latest version, and of course, didn't
alter the permissions...
Should be all set.
Tom Walsh
---
Switched to uudeview, lets see how that goes :) Its funny if I forward
the virus to another account clamav gets it... so I hope uudeview is
the answer.
Ray
On Monday, September 22, 2003, at 04:48 PM, Tomasz Papszun wrote:
On Mon, 22 Sep 2003 at 16:28:51 -0400, Ray Slakinski wrote:
I have an up
On Mon, 22 Sep 2003 at 16:28:51 -0400, Ray Slakinski wrote:
>
> I have an updated database, however trashscan failed to detect an exe
> as the Worm.Gibe.F (which I verified clamav could see it using
> http://www.gietl.com/test-clamav/ (see below results)
>
[...]
Trashscan's config could be the
On Mon, 22 Sep 2003 15:26:02 -0500 Tom Walsh wrote:
Hi Tom
[cut]
> I have written a shell script wrapper for clamscan (more specifically
> clamdscan/clamd) that I call from maildrop... If you want to see the
> maildrop script message me offline as it isn't 100% relevant to this
> list.
>
> The
In my next port I will release with variables (CLAMUSER and CLAMGROUP )
sepcifically for users to set. The reason you have to chown a few
things is because the install script has _clamd hardcoded into it.
This will also change to CLAMUSER and CLAMGROUP.
Regards,
Flinn
On Tuesday, September 16
I had issues today using (20030921) on 3.3 i386. Clamd became
unresponsive, and I had to kill the process. I also had issues with
freshclam crashing, which led to me patching freshclam so that it will
run under daemontools. We are promised a a stable release by the end
of September, so hopef
Hi Tom,
When I type clamd, I get the error below:
LibClamAV Error: cl_loaddbdir(): Can't open directory /var/lib/clamav
Any ideas as to what went wrong would be appreciated.
It's looking for the virus signature databases (viruses.db and viruses.db2)
- does /var/lib/clamav exist? If so, is it acce
Yes, the clamd is running, but something like this:
clamav 11691 11689 0 Sep17 ?00:00:00 [clamd ]
--
Tommi Rintalapuhelin: 044-767 7770
WasaLab Oy web: http://www.wasalab.fi/
PL 365 käyntios: Wolffintie 36 F2
65101 VAASA 65200 VA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have an updated database, however trashscan failed to detect an exe
as the Worm.Gibe.F (which I verified clamav could see it using
http://www.gietl.com/test-clamav/ (see below results)
"File is valid, and was successfully uploaded.
clamav scans the
More information about the problem. When I run the clamd with Debug
options (and LogTime), I get this output to logfile. From the timestamps
you can see, why I think this is a problem.
Mon Sep 22 10:23:08 2003 -> +++ Started at Mon Sep 22 10:23:08 2003
Mon Sep 22 10:23:08 2003 -> Log file size li
Hi folks,
I've got clamd (from clamav-0.60) running fine on a FreeBSD 4.8 system.
It's set up to log to a clamd.log file, which works fine.
However, after uncommenting LogSyslog in clamav.conf and restarting clamd,
I still am not seeing any log messages go to syslog.
Any ideas on why this wouldn
::Hi,
::Does anyone have an idea if it is possible to use clamav directly from
::a dot-qmail file or maybe with maildrop (i.e. without using any
::virus handler)?
::
::Can someone hint on this? I have user level access to the system.
::
::With warm regards,
::-Payal
Clamscan has no delivery mechan
Just installed clamav-devel-20030922 myself. Lets hope it's stable at my
OpenBSD box as well :)
Wouter
Marc Balmer wrote:
FYI: I am running clamav-devel on our mail gateway for more than three
days without a single problem. It finally seems to become a more stable
piece of software.
SCAN SUMMARY ---
Known viruses: 9641
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.12 MB
I/O buffer size: 131072 bytes
Time: 0.200 sec (0 m 0 s)
$ clamscan -m mbox.txt
clamscan: message.c:739: decodeLine: Assertion `strlen(line) <= 76'
failed.
Aborted
but
FYI: I am running clamav-devel on our mail gateway for more than three
days without a single problem. It finally seems to become a more stable
piece of software. I run it on OpenBSD 3.3 sparc64.
- mb
---
This sf.net email is sponsored by:Thi
On Mon, 22 Sep 2003 at 15:13:27 -0300, Ronan Lucio wrote:
> Tomasz,
>
> > Just to make sure: please zip it with password "virus" and send it to my
> > address in the sig below.
>
> Sorry, it was my mistake.
> As Antony said. The files had 0 Kb of size.
>
> So, it's supposed to not contain virus.
hi!
live virus sample in: http://rana.dyndns.org/mbox.txt
i'm using clamscan version 20030829, and when i do 'clamscan --mbox'
on the aforementioned, i get:
clamscan: message.c:739: decodeLine: Assertion `strlen(line) <= 76' failed.
Aborted
it seems that the encoding has one corrupt line
I also could detect that ClamAV is catching Gibe
virus since Sep/19:
2003-09-18 (Exploit.IFrame.Gen) = 17
2003-09-18 (JS.FortNight.2) = 3
2003-09-18 (Joke.Schmilz) = 2
2003-09-18 (Trojan.Dropper.C) = 48
2003-09-18 (W32/Magistr.A) = 1
2003-09-18 (W97M/[EMAIL PROTECTED]) = 1
2003-09-18 (Worm.BugBear
Tomasz,
> Just to make sure: please zip it with password "virus" and send it to my
> address in the sig below.
Sorry, it was my mistake.
As Antony said. The files had 0 Kb of size.
So, it's supposed to not contain virus.
BTW, I don't know why do these files have size 0 Kb, since
ClamAV don't re
On Mon, 22 Sep 2003 at 14:43:24 -0300, Ronan Lucio wrote:
> Tomasz,
>
> > Oh, no, please don't do it.
> >
> > ClamAV has the signature for Swen (it's alias of Gibe.F) for a couple of
> > days yet.
>
> So, I think it should not be working properly because I received
> some viruses today morning a
On Monday 22 September 2003 5:50 pm, Ronan Lucio wrote:
> Hello,
>
> I'm receiving many messages with a attached file saying
> that is from Microsoft Corporation.
>
> I think it should be the Swen virus.
> Should I send these files to someone to analyse it and
> make the vaccine?
These also appea
Tomasz,
> Oh, no, please don't do it.
>
> ClamAV has the signature for Swen (it's alias of Gibe.F) for a couple of
> days yet.
So, I think it should not be working properly because I received
some viruses today morning and the viruses database is updated
2 times a day.
Ronan
Why clam and clamav-milter with newest base don't detect gibe-f virus?
Jacol
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 21 Sep 2003 8:50 pm, Flinn Mueller wrote:
> LibClamAV Warning: Unsupported multipart format `appledouble'
Appledouble is covered by RFC1740. I understand it to be used to transport
BinHex files.
> Any plan on supporting this type of forma
Hi,
Does anyone have an idea if it is possible to use clamav directly from
a dot-qmail file or maybe with maildrop (i.e. without using any virus handler)?
Can someone hint on this? I have user level access to the system.
With warm regards,
-Payal
--
For GNU/Linux Success Stories and Articles vi
On Mon, 22 Sep 2003 at 13:50:57 -0300, Ronan Lucio wrote:
> Hello,
>
> I'm receiving many messages with a attached file saying
> that is from Microsoft Corporation.
>
> I think it should be the Swen virus.
> Should I send these files to someone to analyse it and
> make the vaccine?
>
> Ronan
Oh
Tomasz Kojm wrote:
Clamd doesnt handle SIGHUP signal to reopen log file, so cooperation
with logrotate is poor.
This should be easy to fix it, ask Tomasz about it.
Oh Kristof, I completely forgot about it. Will fix it on Friday.
Done. I'm updating CVS right now.
On CVS-20030918 it
Hello,
I'm receiving many messages with a attached file saying
that is from Microsoft Corporation.
I think it should be the Swen virus.
Should I send these files to someone to analyse it and
make the vaccine?
Ronan
---
This sf.net email is sp
is it just a directory that the clamd daemon writes to? or is it a file?
-Original Message-
From: Joel Sing [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2003 9:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] Permissions denied
At 08:52 22/09/2003 -0500, you wrote:
>E
Hmmm, I think you are right. I didn't notice the 0 length file
originally, as outlook had blocked the attachment. I can't remember how
to make outlook show me these files, so I forwarded the message to
another account. Outlook warned me that the attachment might be unsafe
and blah blah and I sai
At 08:52 22/09/2003 -0500, you wrote:
ERROR: bind() error: Permission denied
This permission denied error is a result of an attempt to bind to a local
or TCP socket. If you're using a Unix Domain Socket, check the LocalSocket
entry in your clamav.conf file. You'll need to ensure that the location
Why is it that clamav-devel-20030922 does not install if there is no
viruses.db in /path/to/clamav ? Isn't it just supposed to create some
defaults???
-Wash
--
Odhiambo Washington <[EMAIL PROTECTED]> "The box said 'Requires
Wananchi Online Ltd. www.wananchi.com
Bastiaan van der Put wrote:
> Hi,
>
> I tried it...
>
> doesnt it : defunct?
>
> [clamd ]
>
> also svc -d doesnt stop clamd?
Please read this thread:
http://news.gmane.org/onethread.php?group=gmane.comp.security.virus.clamav.user&root=%3C689CD4F4-E482-11D7-9771-000393DC8E02%40oakley.nyi.net%
When starting clamd, I am getting errors in my /var/log/clamav.log.
+++ Started at Mon Sep 22 07:11:48 2003
Log file size limited to 1048576 bytes.
Running as user qmailq (UID 1006, GID 1003)
Reading databases from /usr/local/share/clamav
Protecting against 7846 viruses.
ERROR: bind() error: Per
Hi list.
I am using Redhat 8, exim-4.22, SA-2.55 & clamav-0.60.
I have performed configure, make & make install.
When I type clamd, I get the error below:
LibClamAV Error: cl_loaddbdir(): Can't open directory /var/lib/clamav
Any ideas as to what went wrong would be appreciated.
Regards,
Tom
45 matches
Mail list logo
