I know this has been asked a long time ago, but with all the new mirrors
up and the recent barrage of new worms, I've been wondering what the
ClamAV team suggests for a reasonable update rate?
One of my users has suggested once every 5 minutes, but that sounds
excessive and would probably be a bad
OK but I am running freebsd 4.7.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Lucas
Albers
Sent: Friday, February 27, 2004 4:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] Re: 5 from testvirus.com came through
Just wait for .67 to hit testing
Just wait for .67 to hit testing from unstable on debian.
2 more days and it will be in testing.
Then it will take 10 seconds to upgrade.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
---
> Nigel Horne wrote:
>
>>On Friday 27 February 2004 10:27 pm, Bryce wrote:
>>
>>
>>>Test # 17, 8, 5, 4, and 2 are making it through. I am using version .65.
>>>What can I do to prevent this?
>>>
>>>
>>
>>Binhex was added in 0.67, so all binhex encoded e-mails will get through
>>unless you upgrade.
Is the upgrade an easy one?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John Jolet
Sent: Friday, February 27, 2004 3:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Re: 5 from testvirus.com came through
Nigel Horne wrote:
>On Friday 27 Februa
Hi!
I've put up a web page that connects ClamAV virus names to more popular
ones until an official solution comes.
http://www.nfllab.com/projects/cvnr/
Nagy Ferenc László
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and
Nigel Horne wrote:
On Friday 27 February 2004 10:27 pm, Bryce wrote:
Test # 17, 8, 5, 4, and 2 are making it through. I am using version .65.
What can I do to prevent this?
Binhex was added in 0.67, so all binhex encoded e-mails will get through
unless you upgrade.
-Nigel
I guess that
On Friday 27 February 2004 10:27 pm, Bryce wrote:
> Test # 17, 8, 5, 4, and 2 are making it through. I am using version .65.
> What can I do to prevent this?
Binhex was added in 0.67, so all binhex encoded e-mails will get through
unless you upgrade.
-Nigel
Test # 17, 8, 5, 4, and 2 are making it through. I am using version .65.
What can I do to prevent this?
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit fro
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Everton da
> Silva Marques
> Sent: Friday, February 27, 2004 3:21 PM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] www.testvirus.org Test #17
>
>
> Hi,
>
> Can anyone provide hints on how to make
> cl
Hmmm, test #8 got through. what have i misconfigured? "Test #8: Eicar
virus sent using BinHex encoding within a MIME segment "
Jesper Juhl wrote:
On Fri, 27 Feb 2004, John Jolet wrote:
my bad. Turns out it's not clamd leaking. It's kde :)
Got clamd working with postfix via amavisd. works
I just tried it, this is the content of the eicar.com file:
YeYeYeYeYeYeYeYeYeYeYeYeYeYeYeYeYeYeYeYeYeYeH*
Obviously not the eicar string...
- Original Message Follows -
From: Noel Jones <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] www.testvi
At 02:20 PM 2/27/04, Everton da Silva Marques wrote:
Hi,
Can anyone provide hints on how to make
clamd to catch test #17 [1] from
www.testvirus.org?
I'm running 0.67-1 with ScanMail enabled.
Thanks,
Everton
[1] http://www.testvirus.org/
Test #17: Outlook 'Space Gap' vulnerability
(includes Eicar
Hi,
Can anyone provide hints on how to make
clamd to catch test #17 [1] from
www.testvirus.org?
I'm running 0.67-1 with ScanMail enabled.
Thanks,
Everton
[1] http://www.testvirus.org/
Test #17: Outlook 'Space Gap' vulnerability
(includes Eicar virus as hidden attachment)
On Fri, 27 Feb 2004, John Jolet wrote:
> my bad. Turns out it's not clamd leaking. It's kde :)
> Got clamd working with postfix via amavisd. works great (i think,
> haven't been sent a virus yet).
>
The EICAR test virus is good for the purpose of testing an AV solution.
Grab it from here: htt
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Marc
> Brooks
> Sent: Friday, February 27, 2004 1:37 PM
> To: '[EMAIL PROTECTED]'
> Subject: [Clamav-users] ClamAV 0.67 upgrade from.065 doesn't work
>
>
> After upgrading from 0.65 to 0.67 on FreeBSD cla
On Fri, 27 Feb 2004 at 10:36:34 -0800, Marc Brooks wrote:
> After upgrading from 0.65 to 0.67 on FreeBSD clamav went from finding 100+
> viruses a day to 0 a day..
>
> Any suggestions? The daemon and milter are running.
>
Is a database present?
What does 'sigtool -l | wc' return?
Or: what number
This has been solved..
The sendmail.mc for some strange reason needed to be rebuilt.
-Original Message-
From: Marc Brooks [mailto:[EMAIL PROTECTED]
Sent: Friday, February 27, 2004 10:37 AM
To: '[EMAIL PROTECTED]'
Subject: [Clamav-users] ClamAV 0.67 upgrade from.065 doesn't work
After up
After upgrading from 0.65 to 0.67 on FreeBSD clamav went from finding 100+
viruses a day to 0 a day..
Any suggestions? The daemon and milter are running.
Marc S. Brooks
Programmer/Systems Admin
975 Andreasen
Escondido, CA 92029
760-740-2625 ph
760-740-2643 fx
---
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of John Jolet
> Sent: Friday, February 27, 2004 11:55 AM
> To: clamav list
> Subject: [Clamav-users] clamd leaking
>
>
> my bad. Turns out it's not clamd leaking. It's kde :)
> Got clamd working with pos
my bad. Turns out it's not clamd leaking. It's kde :)
Got clamd working with postfix via amavisd. works great (i think,
haven't been sent a virus yet).
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web s
On Fri, Feb 27, 2004 at 12:41:29PM +, Mike Brodbelt said:
> I actually grabbed the debian package of 0.67, and updated the source
> tree with yesterday's CVS. Looking at it, the debian build script as
> distributed does indeed have --enable-debug as a configure option. I'll
> rebuild mine, but
Peter, as to your question about headers:
> A message you sent to
> <[EMAIL PROTECTED]>
> contained a virus and has not been delivered.
> /data/mail/clamav-quarantine/msg.2K5skR: Worm.SCO.A-dam FOUND
> The message in question has been quarantined as
> /data/mail/clamav-quarantine/msg.2K5sk
Derek J. Balling wrote:
I was originally going to ask "how come this virus is getting through
([EMAIL PROTECTED])", but decided "let's update the virus definitions and see
if it's been added already".
Except that freshclam segfaults.
Anyone know of any known problems on that front?
[strace ou
On Friday 27 Feb 2004 12:40 pm, peter pilsl wrote:
> According to the docs this should be achieved using the -bNP options.
[snip]
> A message you sent to
> <[EMAIL PROTECTED]>
Turn off the -b (--bounce) option.
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.
On Fri, 2004-02-27 at 13:32, Philipp Grosswiler wrote:
> Hello Trog.
>
> > In order to track this problem down, we would need you to do the
> > following:
> >
> > 1. Run clamd in debug mode:
> > /usr/local/sbin/clamd --debug
> >
> > 2. Attach gdb to the running clamd process
> > gdb /us
I was originally going to ask "how come this virus is getting through
([EMAIL PROTECTED])", but decided "let's update the virus definitions and see
if it's been added already".
Except that freshclam segfaults.
Anyone know of any known problems on that front?
[strace output below]
D
execve(
Hello Trog.
> In order to track this problem down, we would need you to do the
> following:
>
> 1. Run clamd in debug mode:
> /usr/local/sbin/clamd --debug
>
> 2. Attach gdb to the running clamd process
> gdb /usr/local/sbin/clamd
>then in gdb, issue the command
> continu
I installed the clamav-milter and it works fine, beside the fact how it reacts
to found viri.
I'd like the milter to send out a short report to the local postmaster only and
not sent a report to the sender or to the recipient.
According to the docs this should be achieved using the -bNP options
Nigel Horne wrote:
> On Friday 27 February 2004 10:25 am, Mike Brodbelt wrote:
>
>
>>ClamAV version devel-20040226, clamav-milter version 0.67h
>>
>>Started ClamAV & clamav-milter at 12:27 yesterday, and it died due to a
>>SIGABRT at 8:45 this morning.
>
>
> In that case you have run configure
Hello All,
I'm still pulling my hair out over my Zip file
problem.
I'm fairly sure my calmav.conf settings are correct,
however i have noticed it only seems to affect base64
encoded files. Could the problem lie there.
Any help/pointers gratefully received.
Many thanks in advance,
Peter
___
On Friday 27 February 2004 10:25 am, Mike Brodbelt wrote:
> ClamAV version devel-20040226, clamav-milter version 0.67h
>
> Started ClamAV & clamav-milter at 12:27 yesterday, and it died due to a
> SIGABRT at 8:45 this morning.
In that case you have run configure with --enable-debug. Please rerun
Running a CVS snapshot of clamav downloaded yesterday, version info:-
ClamAV version devel-20040226, clamav-milter version 0.67h
Started ClamAV & clamav-milter at 12:27 yesterday, and it died due to a
SIGABRT at 8:45 this morning. To have it running for 20 hours without a
problem is one of the b
On Thu, 2004-02-26 at 20:30, Bastiaan van der Put wrote:
> Hi,
>
> When using latest snapshots compiled with :
>
> ./configure --disable-clamuko --sysconfdir=/etc
>
> I get the following error msg when starting clamd
>
> ERROR: Clamuko is not available
>
> 0.67 and before never had it...
>
T
On Fri, 2004-02-27 at 07:59, Philipp Grosswiler wrote:
> OK, this is the last time I will post about the occurance of this problem:
>
> Thu Feb 26 23:57:01 2004 -> stream: Worm.SomeFool FOUND
> Thu Feb 26 23:57:12 2004 -> Segmentation fault :-( Bye..
> Fri Feb 27 00:23:42 2004 -> SelfCheck: Databa
amavisd-new-20030616-p7 (Debian)
clamav 0.67-1 (from Debian stable -- I think)
One interesting discovery I've made setting up amavisd-new and
clamav. Amavisd-new seems to expect to find the clamd.ctl socket at
/var/run/clamd.ctl and the default on the version of clamav I have
seemed to be /va
OK, this is the last time I will post about the occurance of this problem:
Thu Feb 26 23:57:01 2004 -> stream: Worm.SomeFool FOUND
Thu Feb 26 23:57:12 2004 -> Segmentation fault :-( Bye..
Fri Feb 27 00:23:42 2004 -> SelfCheck: Database status OK.
Fri Feb 27 00:37:08 2004 -> ERROR: accept() failed
37 matches
Mail list logo
