Well, despite my better judgement I decided to go ahead and install
clamav-devel-20040110 on my OSX 10.1.5 machine. Seems to work well, as
far as I can tell. Tests run fine.
The only issues I've had are freshclam's -c flag seems broken:
[dina:/var/log/clamav] engineer% sudo freshclam -d -c 2
Hi,
Just let you know that I've written a clamav agent for qmail.
You can find more information here:
http://oss.mdamt.net/gadoyanvirus/
--
Mohammad DAMT <[EMAIL PROTECTED]>
http://www.bisnisweb.net/ Linux ASP.Net Web Hosting
---
The SF.Net
On Jan 23, 2004, at 10:28 AM, OpenMacNews wrote:
given the flurry of discussion re: clamav on OSX, i though i'd just
offer as an fyi, 0.65 builds/runs flawlessly for me
on OSX 10.2.x & 10.3.x on a variety of stock & upgraded boxes.
I can confirm that it builds find on 10.3.
i can't say i agree w
Not that I am aware of. Iinstalled sendmail from the src files not an RPM
- Original Message -
From: "Nigel Horne" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 27, 2004 4:52 PM
Subject: Re: [Clamav-users] RE: Clamav-milter not installing
> On Tuesday 27 Jan 2004 8
> As the reply to is spoofed, this makes no sense at all (and i am getting
> lots of bounces). How do we stop this happening?
if it's clamav-milter:
- do away with the smfi_setreply statement (at or near line 1524)
- set 'rc = SMFIS_DISCARD;' (instead of SMFID_REJECT) (at or near line
1522)
On Tue, 27 Jan 2004 [EMAIL PROTECTED] wrote:
> But why clamd dies then? If it's a damaged zip archive it should skip it, not
> die, isn't it?
I just got two of these today that caused clamd to die, too. Haven't been
able to debug since the offending messages seem to have diappeared. Just
upgrad
In the recent slashdot post about av software spamming with replies
(http://ask.slashdot.org/article.pl?sid=04/01/27/2145223), there was an idea
about av databases containing a boolean flag that would say 'this worm fakes
from:, dont bother with bounces' or 'this worm has a valid from, send
bounce
On Tuesday 27 Jan 2004 6:52 pm, Jason Holland wrote:
> I recently installed clamav-0.65 from the prebuilt binaries for fedora
> core 1.
I don't know where you got pre-built ones from - I didn't do it so I can't
vouch for what's in it.
Anyway 0.65 does not support quarantine - 0.66 will. For a pr
On 2004-01-27, Walgamotte, David wrote:
> Does anyone know how to use clamscan to scan http web uploads on and
>Apache/PHP server ?
Maybe this will help: http://software.othello.ch/mod_clamav/
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]:
Hello,
I was looking for a way to set up a cron job to, once per day, scan only
files that have changed in the last day. find works pretty well for that,
but the question is how to get the data to clamscan. My first thought was
xargs, but xargs isn't the most consistent when dealing with spaces/
Quoting Tomasz Kojm <[EMAIL PROTECTED]>:
> On Tue, 27 Jan 2004 12:18:11 -0700
> [EMAIL PROTECTED] wrote:
>
> > I also figured out that the cause for this error is damaged ZIP
> > archive.
>
> So there's no problem - clamd properly recognized and logged it.
>
But why clamd dies then? If it's a
I am running:
clamd / ClamAV version 0.65
ClamAV version 0.65, clamav-milter version 0.60p
on FreeBSD. I'm having a problem were "clamav-milter" often times
out:
Jan 27 13:53:06 net sm-mta[92538]: i0RKqYOj092538: Milter (clamav): timeout befo
re data read
Jan 27 13:53:06 net sm-mta[92538]: i0R
I've got a user who says yahoo groups is getting an error message when
trying to send an email to our email server.
Here's a part of the transcript from the customer:
*
Recent Bounced Messages
Most recent messages Response
Date Type of message sent Date Result
1/1/2004 A
On Tuesday 27 Jan 2004 8:15 pm, james nelson wrote:
> Which operating system? RedHat 9
Did you install the sendmail-devel RPM first?
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
---
On Tuesday 27 Jan 2004 7:36 pm, Mailing Lists wrote:
> Does clamav-milter delete these emails or move them to some quarantine
> directory. I am using a default rpm install from
> http://crash.fce.vutbr.cz/crash-hat/1/clamav/
That depends in whether or not you're using either of the flags --quaran
Jason Holland wrote:
Richard,
I had this very problem today on a fedora box. By default, with those
rpm's, it doesn't seem to do anything. The virus is detected, but the
email is allowed to pass through. I messed with this for a few hours and
could not get it to do anything with the email.
So,
Hi,
I found it. (probably).
On some different mailing-list I found, that it may be problem of
softlimit.
I change it to a bit higher value and it works now.
Are you using softlimit ?
I have it here: /var/qmail/supervise/qmail-smtpd/run
Actually I don't know how big it should be. I will play wit
On Tue, 27 Jan 2004 13:14:42 -0500
"Brian Bruns" <[EMAIL PROTECTED]> wrote:
> Hello,
>
> The --remove and --move options in clamscan and clamdscan do not
> appear to be working in the latest CVS build as of about 5 minutes
> ago.
They work only in clamscan and are not yet implemented in clamdsca
On Tue, 27 Jan 2004 20:29:29 +0100
Peter Jamriko <[EMAIL PROTECTED]> wrote:
> 27/01/2004 20:20:47:5486: run /usr/local/bin/clamscan -r
> --tempdir=/var/spool...
Try to run this (exactly the same) command from cmd line and see what
happens.
Best regards,
Tomasz Kojm
--
oo.
On Tue, 27 Jan 2004 11:28:03 -0700
[EMAIL PROTECTED] wrote:
> I'm using ClamAV + MD 2.39 at my Mail Server, and experiencing some
> problems with clamd here:
> in general it works fine, but sometimes it dies with this error in log
> file: Tue Jan 27 09:58:59 2004 -> /var/spool/MIMEDefang/mdefang-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello
(I sent a version of this a few days ago, but got messages back saying it
could not yet be delivered; I've not seen it reach the list, but apologies if
this is a repeat.)
I am finding that when freshclam updates the database and clamd reloads
Jason Holland wrote:
Richard,
I had this very problem today on a fedora box. By default, with those
rpm's, it doesn't seem to do anything. The virus is detected, but the
email is allowed to pass through. I messed with this for a few hours and
could not get it to do anything with the email.
So,
On Tue, 27 Jan 2004 12:18:11 -0700
[EMAIL PROTECTED] wrote:
> I also figured out that the cause for this error is damaged ZIP
> archive.
So there's no problem - clamd properly recognized and logged it.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED] www.ClamAV.net
Walgamotte, David wrote the following on 01/27/2004 09:20 PM :
Does anyone know how to use clamscan to scan http web uploads on and
Apache/PHP server ?
Many Thanks
David
Depends on what you want exactly.
The easiest way is to modify the php code handling file uploads, pass
the whole file on
Hi,
I found it. (probably).
On some different mailing-list I found, that it may be problem of
softlimit.
I change it to a bit higher value and it works now.
Are you using softlimit ?
I have it here: /var/qmail/supervise/qmail-smtpd/run
Actually I don't know how big it should be. I will play wit
On Tue, 27 Jan 2004 at 12:53:54 +, Brian Read wrote:
> I am getting lots of these, and clamav is detecting them fine, but it
> clearly is trying to email back the "sender" with a notification.
> As the reply to is spoofed, this makes no sense at all (and i am getting
Sure!
> lots of bounce
On Tue, 27 Jan 2004 10:48:10 -0500
Jean-Sébastien Guay-Leroux <[EMAIL PROTECTED]> wrote:
> Hi list,
>
> We are running clamav-0.54. This morning, we add an attack of the new
> virus Worm.SCO.A, and our mail server didn't catch up with the virus
> because freshclam failed at updating the databas
On Tue, 27 Jan 2004 11:38:34 -
"Matt Butt" <[EMAIL PROTECTED]> wrote:
> However, if I use clamdscan on a virus then the script runs and I get
> the e-mail. Can I assume that Clamuke doesn't use the VirusAlert
> system?
Feature implemented in CVS.
Best regards,
Tomasz Kojm
--
oo..
On Tue, Jan 27, 2004 at 09:06:18PM +0100, Peter Jamri?ko wrote:
> Hi,
>
> Today I upgraded from 0.60 to 0.65. I just deleted old databses and ran
> : ./configure; make; make install
> Then I restarted the computer.
> And now I send mail with "test1" file (this file comes with clamav) as
> attach
I'm using 0.65 + postfix and all the bounces passed thru clam.
Regards
Thiago
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Trent
Sent: Tuesday, January 27, 2004 5:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] SCO virus not
On Tue, Jan 27, 2004 at 08:29:29PM +0100, Peter Jamri?ko wrote:
> Today I upgraded from 0.60 to 0.65. I just deleted old databses and ran
> : ./configure; make; make install
> Then I restarted the computer.
> And now I send mail with "test1" file (this file comes with clamav) as
> attachment from
Hi
Is it normal that an output like "lsof |grep clamd" gives more and more
rows like this...
clamd 19624 _clamd 33r VDIR0,0512 150257
/usr/local/share/clamav
I have had "clamd" started since 12 of january. But every time I check the
"lsof |grep clamd" I have some more r
Trying to re-compile on FreeBSD 4.7 w/ milter
# ./configure --prefix=/usr/local --enable-milter
It fails with the error messages below.
Any help or suggestions would be great.
checking build system type... i386-unknown-freebsd4.7
checking host system type... i386-unknown-freebsd4.7
checking tar
Which operating system? RedHat 9
Which version of clamAV? 0.65
Which version of clamav-milter? Included with clamav 0.65
Sendmail version 8.12.11
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Develop
Title: http file uploads PHP Clamav
Does anyone know how to use clamscan to scan http web uploads on and Apache/PHP server ?
Many Thanks
David
Richard,
I had this very problem today on a fedora box. By default, with those
rpm's, it doesn't seem to do anything. The virus is detected, but the
email is allowed to pass through. I messed with this for a few hours and
could not get it to do anything with the email.
So, I just finished bui
Hi,
I'am using qmail 1.03, qmail-scanner 1.16 and spamassasin 2.60 on
mandrake 9.0.
Everything worked fine (It detected some viruses).
Today I upgraded from 0.60 to 0.65. I just deleted old databses and ran
: ./configure; make; make install
Then I restarted the computer.
And now I send mail with
On Tuesday 27 January 2004 11:12 am, Nigel Horne wrote:
> I don't want to labour the point, but let me make this clear.
>
> ClamAV DOES find SCO.a in attachments.
> ClamAV DOES NOT find viruses in bounce message bodies, all of the examples
> being posted are of bounces. Bounce messages do not have
Quoting [EMAIL PROTECTED]:
>
> Hi All,
>
> I'm using ClamAV + MD 2.39 at my Mail Server, and experiencing some
> problems with clamd here:
> in general it works fine, but sometimes it dies with this error in log file:
> Tue Jan 27 09:58:59 2004 -> /var/spool/MIMEDefang/mdefang-
> i0RGwwJX012136/
Hi,
I'am using qmail 1.03, qmail-scanner 1.16 and spamassasin 2.60 on
mandrake 9.0.
Everything worked fine (It detected some viruses).
Today I upgraded from 0.60 to 0.65. I just deleted old databses and ran
: ./configure; make; make install
Then I restarted the computer.
And now I send mail with
I got clamd+clamav-milter working on my Redhat 9 mail server and it is
blocking all of the latest worms. My question is this.
Does clamav-milter delete these emails or move them to some quarantine
directory. I am using a default rpm install from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/
So
I take that back -- one of my users just sent me a bounce with the full
virus in it.
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
---
On Tuesday 27 January 2004 10:38 am, Christopher X. Candreva wrote:
> On Tue, 27 Jan 2004, Matthew Trent wrote:
> > Since the SCO virus has a list of common first names it couples with
> > domains it finds, one of our employees, "[EMAIL PROTECTED]" got a bunch
> > of undeliverable bounces back (unk
Hi,
Don't you need the ScanMail option in your clamd.conf file to correctly
scan emails?
Regards,
Rick
Erik Bourget wrote:
I have no idea how this mail got so messed up, heh. I guess I'll try again.
Hey,
Clam does catch other viruses but is failing to catch this sco.a thing for
some reason
Try clamscan rather than clamdscan. I was having a similar problem and
it started working when I used clamscan rather than clamdscan. I
assumed it was a config issue on my part, but
On Tue, 2004-01-27 at 12:05, Erik Bourget wrote:
> I have no idea how this mail got so messed up, heh. I gues
I don't want to labour the point, but let me make this clear.
ClamAV DOES find SCO.a in attachments.
ClamAV DOES NOT find viruses in bounce message bodies, all of the examples being
posted are of bounces. Bounce messages do not have attachments, though they ofteb
look like they do. This is a issue
Hello,
I recently installed clamav-0.65 from the prebuilt binaries for fedora
core 1. The installation was smooth. I've integrated the clamav milter
into sendmail and it is definately checking email for virii. However, the
email is not quarantined or removed, even if it contains a virus. I'm
On Tuesday 27 Jan 2004 5:32 pm, james nelson wrote:
> Yet after a make, make install still now clamav-milter...
Which operating system?
Which version of clamAV?
Which version of clamav-milter?
> I am lost.
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20
On Tue, 27 Jan 2004, Matthew Trent wrote:
> Since the SCO virus has a list of common first names it couples with domains
> it finds, one of our employees, "[EMAIL PROTECTED]" got a bunch of
> undeliverable bounces back (unknown users, etc.). These bounces contain the
> full virus in the form of th
Brian Read wrote the following on 01/27/2004 01:53 PM :
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the "sender" with a notification.
As the reply to is spoofed, this makes no sense at all (and i am
getting lots of bounces). How do we s
Hi All,
I'm using ClamAV + MD 2.39 at my Mail Server, and experiencing some
problems with clamd here:
in general it works fine, but sometimes it dies with this error in log file:
Tue Jan 27 09:58:59 2004 -> /var/spool/MIMEDefang/mdefang-
i0RGwwJX012136/Work/msg-206-171.zip: Zip module failure.
E
Hello,
The --remove and --move options in clamscan and clamdscan do not appear to be
working in the latest CVS build as of about 5 minutes ago.
Any ideas?
--
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
The AHB
On Tuesday 27 January 2004 09:16 am, Nigel Horne wrote:
> On Tuesday 27 Jan 2004 4:14 pm, McKeever Chris wrote:
> > Nigel - thanks for the reply - I didnt have an original, because they do
> > get caught by the second filter... I will play around with it and see if
> > I can..however, I sent you an
Since the SCO virus has a list of common first names it couples with domains
it finds, one of our employees, "[EMAIL PROTECTED]" got a bunch of
undeliverable bounces back (unknown users, etc.). These bounces contain the
full virus in the form of the complete source of the original email dumped a
I have checked the archives and got a tip that sendmail may not have
installed libmilter even though I compiled and built it with the appropriate
flags. So I manually ran ./Build ./Build install in the libmilter src and
it is now installed. I checked the configure logs and the appropriat flags
ap
El mar, 27-01-2004 a las 11:21, McKeever Chris escribió:
> it finds it fine when it is still an attachment, or after the file has been
> extracted from the email?
>
When the file is still attached
Only last night i update virus dB with freshclam, an this morning
another update.
Grettings.
it finds it fine when it is still an attachment, or after the file has been extracted
from the email?
---
Chris McKeever
If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com
http://www.prupref.com
On Tue, 27 Jan 2004 09:24 ,
On Tuesday 27 Jan 2004 4:14 pm, McKeever Chris wrote:
> Nigel - thanks for the reply - I didnt have an original, because they do
> get caught by the second filter... I will play around with it and see if I
> can..however, I sent you an attached file witht the virus that does get
> through clam
I'd
Hi list,
We are running clamav-0.54. This morning, we add an attack of the new virus
Worm.SCO.A, and our mail server didn't catch up with the virus because
freshclam failed at updating the database.
Each day, we have a database update scheduled at 8:00AM, via crontab, like
this ->
0 8 * * *
At 14:57 27/01/2004, you wrote:
Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the "sender" with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop thi
El mar, 27-01-2004 a las 02:52, Nigel Horne escribió:
> On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
>
> > Any suggestions? It finds other virii fine when they are still encoded,
> > maybe the definitions need to be added for its MIME version?
>
> Please forward an *original* copy (hmm,
Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the "sender" with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this happening?
I'm using amavisd-
Nigel,
I have several examples of this. Even with older virii.
Would you be interested in them as well?
Shawn
On Tue, 27 Jan 2004 08:52:58 + Nigel Horne <[EMAIL PROTECTED]>
exclaimed:
> On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
>
> > Any suggestions? It finds other virii f
Hi,
I call spamc from amavisd-new. amavisd-new has an option to not send notification
based on a regexp.
How are you using clam ??
Regards
Mick Pollard ( lunix )
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|Bagle|yaha|braid|sobig|fizzer|palyh|peido|holar'i
,
qr'tanato
Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the "sender" with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this happening?
Cheers
Brian
Whic
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the "sender" with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this happening?
Cheers
Brian
--
Brian J Read
www.ab
Andy Fiddaman wrote the following on 01/27/2004 11:49 AM :
This new Mimail variant looks nasty - does anyone know if the following
information is true ? and, if so, presumably we need more than just a
pattern update to catch this one!
Thanks,
Andy
; The most important modification in Mimail.q ar
On Tue, 27 Jan 2004 at 10:49:45 +, Andy Fiddaman wrote:
>
> This new Mimail variant looks nasty - does anyone know if the following
> information is true ? and, if so, presumably we need more than just a
> pattern update to catch this one!
>
> Thanks,
>
> Andy
>
> ; The most important modif
Hi all,
I administer a Linux file server and have just installed Clam with
Clamuko to scan the file shares. If I drop a virus onto a share from a
remote computer, clamd.log successfully says that the virus has been
found.
However, I'm trying to get Clam to then e-mail me that the virus has
been
This new Mimail variant looks nasty - does anyone know if the following
information is true ? and, if so, presumably we need more than just a
pattern update to catch this one!
Thanks,
Andy
; The most important modification in Mimail.q are the polymorphic
; encryption keys inbuilt to fool anti-v
Quoting Jo Mills <[EMAIL PROTECTED]>:
> Dear All,
>
> I just (09:00 hrs GMT, Mon 26th Jan 2004) downloaded the latest
> tarball to try out the OLE2 / VBA stream stuff on our file server.
> /configure seemed to go OK, I then tried "make" and got:
>
> >
> > In file included from scanners.c:39:
>
Thank,
Os: Linux ReHat 9.0
MTA: Sendmail 8.12.10 ( with cyrus, inflex, spamassassin )
Clamav: 0.65 ( and 0.60 )
my english isn't good :( but "clamd.log" only say:
Mon Jan 26 10:52:24 2004 -> Accepted connection on port 32313, fd 5
Mon Jan 26 10:52:49 2004 -> Accepted connection on port
On Tuesday 27 Jan 2004 7:46 am, Jay wrote:
> I seem to be having some virii sneaking past my clamAV net. they
> all come as bounces from a remote qmail server that has it's own sender
> envelope with headers and a message containing a reason for the mail
> getting rejected with something lik
On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
> Any suggestions? It finds other virii fine when they are still encoded,
> maybe the definitions need to be added for its MIME version?
Please forward an *original* copy (hmm, that's a contradiction in terms)
of the e-mail to me at [EMAIL PR
> > given the flurry of discussion re: clamav on OSX, i though i'd just
> > offer as an fyi, 0.65 builds/runs flawlessly for me
> > on OSX 10.2.x & 10.3.x on a variety of stock & upgraded boxes.
>
> I can confirm that it builds fine on 10.3.
As I understand it, Apple fully supported pthreads as of
I got bizarre errors with my last two posts, so here goes again. Sorry
if this double-posts...
On Jan 23, 2004, at 10:28 AM, OpenMacNews wrote:
given the flurry of discussion re: clamav on OSX, i though i'd just
offer as an fyi, 0.65 builds/runs flawlessly for me
on OSX 10.2.x & 10.3.x on a va
Hi All,
I seem to be having some virii sneaking past my clamAV net. they
all come as bounces from a remote qmail server that has it's own sender
envelope with headers and a message containing a reason for the mail
getting rejected with something like:
Hi. This is the qmail-send program at
On Mon, 26 Jan 2004, Kevin Spicer wrote:
> On Mon, 2004-01-26 at 23:19, Rick Macdougall wrote:
> > McAfee has picked it up and is calling it MyDOOM.
> >
> Symantec are calling it [EMAIL PROTECTED]
And Kaspersky don't seem to have any name or even any kind of information
for it.
--
Tim Wilde
[
78 matches
Mail list logo
