On Saturday 06 March 2004 02:08, Nigel Horne wrote:
> > For restore work I need to restart clamd and clamav-milter...
> > Have you any idea ?
>
> Not unless you let us know the version of clamav-milter (clamav-milter --version)
> and clamd and whether you can reproduce with the latest version fro
On Friday 05 March 2004 09:30 pm, Starbane wrote:
> Jim Maul wrote:
> > my apologies, it was almost 5pm on a friday and for some reason i asked
> > if sendmail supports maildirs. musta been a brain fart cause obviously
> > thats not the mta's job. Feel free to point and laugh.
> >
> > Thanks
> >
Jim Maul wrote:
my apologies, it was almost 5pm on a friday and for some reason i asked if
sendmail supports maildirs. musta been a brain fart cause obviously thats
not the mta's job. Feel free to point and laugh.
Thanks
Jim
Since we're sharing, I recently spent an hour trying to figure out why
To cheer everyone up (virus can be so depressing sometimes)
*points at Jim and laughs*
Carl
- Original Message -
From: "Jim Maul" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 05, 2004 4:44 PM
Subject: [Clamav-users] duh, ignore my last question
> my apologies, it was
Hello,
I'm looking at implementing clamav for a somewhat large userbase. Due to
that, I need to run multiple clamds on seperate machines so as not to eat
all the resources on the main mail server. Think "spamd/spamc"...
>From what I can tell, the client included with clamav does not allow for
t
>> Hi,
>>
>> Is clamav catching this latest worm that has a password
>> protected zip file?
> Yes, it is.
Thank you. Are there multiple versions of this worm? I have seen some come
into my mailbox and not be detected... but I no longer have the files in
order to test.
Ricardo
--
On Mar 5, 2004, at 02:41, Trog wrote:
On Fri, 2004-03-05 at 01:15, Doug Hardie wrote:
I just uncommented the thread timeout the last time I restarted clamd
a couple minutes ago so I don't know what effect that will have.
ThreadTimeout isn't used in the current CVS version.
Here is some more info
On Fri, 5 Mar 2004 14:37:18 -0800 (PST)
ricardo <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Is clamav catching this latest worm that has a password
> protected zip file?
Yes, it is.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
El vie, 05-03-2004 a las 12:20, Eric escribió:
> How do I tell if I have sendmail-devel installed. the clamav milter tells
> me to ensure that it is there. I know I am using sendmail 8.12.5 but how do
> I know if its devel? which sendmail and which sendmail-devel show nothing.
>
>
> Eric
Hello:
my apologies, it was almost 5pm on a friday and for some reason i asked if
sendmail supports maildirs. musta been a brain fart cause obviously thats
not the mta's job. Feel free to point and laugh.
Thanks
Jim
---
This SF.Net email is sponsore
> Some "pop3" services work of the system accounts (/etc/passwd) while
> others
> are database driven and use a "seperate" system. The only thing you need
> to
> make sure is that the pop3 system your using works on the same level that
> your MTA does. qpopper, courier, ipop all seem to work off
Hi,
Is clamav catching this latest worm that has a password
protected zip file?
I've seen a bunch of these come through and it doesn't seem
like clamdscan has caught it. I don't have one of these
messages around to manually test it.
Thanks
Ricardo
-
On Fri, 5 Mar 2004 13:31:35 -0800 (PST)
[EMAIL PROTECTED] wrote:
>
> uvscan is detecting zipped/passworded bagle zip's as
> Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this?
Please don't top post.
That's not your uvscan but ClamAV detecting the worm.
--
oo.
On Friday 05 Mar 2004 9:47 pm, Dominic Mazzoni wrote:
> >> Try running 'clamscan --mbox email'
>
> Actually I should note that this almost completely fixes my
> problem. Now it's catching 99% of my viruses. The only
> question now is why it still misses 1 or 2 of them when
> the virus is found wh
Some "pop3" services work of the system accounts (/etc/passwd) while others
are database driven and use a "seperate" system. The only thing you need to
make sure is that the pop3 system your using works on the same level that
your MTA does. qpopper, courier, ipop all seem to work off system user
On Friday 05 Mar 2004 6:18 pm, Sergey wrote:
> For restore work I need to restart clamd and clamav-milter...
> Have you any idea ?
Not unless you let us know the version of clamav-milter (clamav-milter --version)
and clamd and whether you can reproduce with the latest version from CVS.
-Nigel
-
Try running 'clamscan --mbox email'
Actually I should note that this almost completely fixes my
problem. Now it's catching 99% of my viruses. The only
question now is why it still misses 1 or 2 of them when
the virus is found when base64-decoding the attachment and
scanning that.
Thanks,
Dominic
On Fri, 2004-03-05 at 13:18, Sergey wrote:
> Hello.
>
> I run Clam AV on RedHat 6.2.
> Some time after (about one hour) running clamav-milter is stop scanning with error:
> For restore work I need to restart clamd and clamav-milter...
> Have you any idea ?
What is important is how many file desc
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Hanford,
> Seth
> Sent: Friday, March 05, 2004 3:57 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sendmail devel?
>
>
> > Why does multiple or single domains matter to the POP3 server?
>
> The
So I got the pop3 scanner installed.
redhat 9, clarkconnect firewall.
I did a cp p3scan.conf.sample to p3scan.conf and uncommented lines and
did light configuration.
But I get this error in "tail /var/log/messages"
Mar 5 13:33:25 compaq p3scan: p3scan[7004]: P3Scan Version 1.0
Mar 5 13:33:25
Hello.
I need to correct reply form clamav-milter. I make
some overpatching and... And I get inoperative programm.
I add some debug messages to different functions and I
see what clamfi_envfrom called in unexpected time:
Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: centurion
Mar 6 00:39:
uvscan is detecting zipped/passworded bagle zip's as
Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this?
-Eric
On Wed, 3 Mar 2004, Lucas Albers wrote:
> Tomasz Papszun said:
> >WE ASK USERS TO NOT SUBMIT naked zip files IF their contents is DETECTED
> >as infected by ClamAV A
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Jeff
> Ramsey
> Sent: Friday, March 05, 2004 3:47 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sendmail devel?
>
> And while we're digging up old hatchets that have been buried long ago,
> I u
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Antony
> Stone
> Sent: Friday, March 05, 2004 3:32 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sendmail devel?
>
>
> On Friday 05 March 2004 8:22 pm, redragon wrote:
>
> > This could end up b
On Fri, 05 Mar 2004 at 12:49:45 -0800, Dominic Mazzoni wrote:
> Ryan Moore wrote:
> >
> >Try running 'clamscan --mbox email'
>
> Oops, I didn't realize that.
>
> Same problem:
>
> >clamscan --mbox email
> email: OK
If it's with the current CVS version, you can submit a sample via our
submission
On Fri, 5 Mar 2004 16:54:12 -0300
Everton da Silva Marques <[EMAIL PROTECTED]> wrote:
> Is ScanMail known to be unstable?
Yes, it is. It's very hard to parse all that broken messages.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tk
Agreed, about 99% of it is preference and knowledge of what you use.
Postfix, exim (3 and 4), and sendmail all natively provide auth smtp and tls
as well as most any other feature the average admin uses.
Carl
- Original Message -
From: "John Jolet" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTE
I was missing some virus's until I upgraded from .65 to .67.
Bounce back zipped virus's were slipping by.
Dominic Mazzoni said:
> Ryan Moore wrote:
>> Dominic Mazzoni wrote:
>>
>>> I'm also having the problem that Ron Snyder reported yesterday,
>>> where clamscan will mark a file as OK, but if I ex
> Why does multiple or single domains matter to the POP3 server?
The only thing I can imagine off the top of my head is user accounts -- if
you have [EMAIL PROTECTED] and [EMAIL PROTECTED], you need to make sure that
your POP3 server doesn't think they both necessarily use the same mailbox
b/c the
> what pop3 is good for multiple domains? instead of qpopper
CourierPop3d and CourierImap are both good for multiple domains. (of course,
CourierIMAP is not Pop3, but they are often packaged together, and do not
require the Courier MTA).
--Seth
-
Ryan Moore wrote:
Dominic Mazzoni wrote:
I'm also having the problem that Ron Snyder reported yesterday,
where clamscan will mark a file as OK, but if I extract the
attachment (just by base64-decoding it, NOT by unzipping it too),
then clamscan properly recognizes the virus (in this case, SCO.A).
If you already have sendmail configured and working, why switch? I
agree that sendmail has had it's share of security holes, but in that
respect, it's like the Windows of MTAs: It was so widely used, it was
picked apart. I believe this made it stronger. I don't believe there is
any more securit
On Friday 05 March 2004 8:42 pm, Eric wrote:
> what pop3 is good for multiple domains? instead of qpopper
Why does multiple or single domains matter to the POP3 server?
Handling domains is up to the receiving MTA - POP3 just deals with local
mailboxes.
(Or am I missing something about how othe
Antony Stone wrote:
On Friday 05 March 2004 7:54 pm, Jim Maul wrote:
On the other hand, remove sendmail and install Postfix instead.
Or qmail. Both are more secure than sendmail.
Is this still true? I know sendmail had a bad history of security problems
in its early days (but
what pop3 is good for multiple domains? instead of qpopper
> >
> > > > On the other hand, remove sendmail and install Postfix
instead.
>
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbin
On Fri, 5 Mar 2004, Antony Stone wrote:
> On Friday 05 March 2004 7:54 pm, Jim Maul wrote:
>
> > > On the other hand, remove sendmail and install Postfix instead.
> >
> > Or qmail. Both are more secure than sendmail.
>
> Is this still true? I know sendmail had a bad history of security problem
On Friday 05 March 2004 8:22 pm, redragon wrote:
> This could end up being a long drawn out battle.
That is not what I intended to start when I posted my question, and I hope it
doesn't happen.
> I personally prefer
> sendmail to any other MTA and have no security issues with it. Like any
> ot
It really depends on your distro. I'm going to presume you have Redhat or
similar flavor installed. If so you can do rpm -qa|grep sendmail and see if
sendmail dev is installed.
Carl
- Original Message -
From: "Eric" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 05, 200
Hi,
I run clamav on some higher-volume mail servers (scanning
a couple hundred thousand emails a day.) Let me begin by
saying that I've been very impressed at the quality of clamav;
it's fast and integrates well with amavisd-new. Updates seem
to be done well, and it compares favorably with the oth
> On Fri, 05 Mar 2004 at 10:57:12 -0800, Dominic Mazzoni wrote:
> > I'm also having the problem that Ron Snyder reported yesterday,
>
> Ron's problem regarded milter if I saw correctly, so it may
> be something
> diferent. Anyway...
I thought it was milter related, but now I'm not sure. It may j
This could end up being a long drawn out battle. I personally prefer
sendmail to any other MTA and have no security issues with it. Like any
other piece of software you install it must be maintained.
Sendmail offers everything I need in the virtual hosting environment that I
offer customers. It
On Friday 05 March 2004 7:54 pm, Jim Maul wrote:
> > On the other hand, remove sendmail and install Postfix instead.
>
> Or qmail. Both are more secure than sendmail.
Is this still true? I know sendmail had a bad history of security problems
in its early days (but then again it has been arou
Hi,
I'm testing clamd from CVS as of 2004-03-04
under Solaris 7 on Sparc with the following
basic config:
# clamav.conf
LogFile /var/adm/clamav/clamd.log
LogFileMaxSize 10M
LogTime
PidFile /var/adm/clamav/clamd.pid
TCPSocket 3310
TCPAddr 127.0.0.1
StreamSaveToDisk
StreamMaxLength 30M
MaxThreads 1
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of John
> Vestrum
> Sent: Friday, March 05, 2004 2:05 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sendmail devel?
>
> On the other hand, remove sendmail and install Postfix instead.
> Forget
Tomasz Papszun wrote:
On Fri, 05 Mar 2004 at 9:26:31 -0800, Kevin BRown wrote:
jsut want to set clam to scan for
clients who use the gateway to access mail servers on pop or smtop
kevin
If by "gateway" you mean clients setting their gateway IP address to
your server/firewall, then
the
On Fri, 05 Mar 2004 at 10:57:12 -0800, Dominic Mazzoni wrote:
> I'm also having the problem that Ron Snyder reported yesterday,
Ron's problem regarded milter if I saw correctly, so it may be something
diferent. Anyway...
> where clamscan will mark a file as OK, but if I extract the
> attachment (
Dominic Mazzoni wrote:
I'm also having the problem that Ron Snyder reported yesterday,
where clamscan will mark a file as OK, but if I extract the
attachment (just by base64-decoding it, NOT by unzipping it too),
then clamscan properly recognizes the virus (in this case, SCO.A).
Actually clamscan
If you are on an rpm based system (Mandrake, Fedora, etc), use:
# rpm -qa | grep -i sendmail
and look for a sendmail-devel package. If it's not there, you need to find
one that matches your version of sendmail. If sendmail came with your linux
distribution (assuming you are using linux) then look
I'm also having the problem that Ron Snyder reported yesterday,
where clamscan will mark a file as OK, but if I extract the
attachment (just by base64-decoding it, NOT by unzipping it too),
then clamscan properly recognizes the virus (in this case, SCO.A).
Actually clamscan seems to be having this
On Fri, 05 Mar 2004 at 9:26:31 -0800, Kevin BRown wrote:
> Can I set clam to scan incoming mail messages?
> I use a clarkconnect 2.1 (redhat9) based firewall /gateway for a dsl modem.
> It is not a mail server, jsut want to set clam to scan for
> clients who use the gateway to access mail servers
How do I tell if I have sendmail-devel installed. the clamav milter tells
me to ensure that it is there. I know I am using sendmail 8.12.5 but how do
I know if its devel? which sendmail and which sendmail-devel show nothing.
Eric
---
This SF
Hello.
I run Clam AV on RedHat 6.2.
Some time after (about one hour) running clamav-milter is stop scanning with error:
2004-03-05 17:50:51 clamav-milter[24815]: clamfi_envfrom:
2004-03-05 17:50:51 clamav-milter[24812]: clamfi_envfrom:
2004-03-05 17:50:52 clamav-milter[24825]: clamfi_envfrom:
On Fri, Mar 05, 2004 at 08:38:48AM +, Trog wrote:
| On Fri, 2004-03-05 at 08:15, Virgo PÃrna wrote:
| > On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote:
| > > On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote:
| > >>
| > >> Does this mean that 0.67 will now detect the the encrypted ve
Can I set clam to scan incoming mail messages?
I use a clarkconnect 2.1 (redhat9) based firewall /gateway for a dsl modem.
It is not a mail server, jsut want to set clam to scan for
clients who use the gateway to access mail servers on pop or smtop
kevin
--
Henry Hartley wrote:
I'm trying to install ClamAV on my Fedora Core 1 server. I used yum to
install from the FC repository. It installed version 0.65. I noticed that
on the clamav site that the current release is 0.67 and I found reference to
Petr Kristof's repository (crash.fce.vutbr.cz) and I
We've been having some trouble with 0.67 crashing. I believe it has to
do with a mail loop created between hotmail and a forwarded local user
account.
Right before the crash all memory will be used. Before we started using
ulimits we would get:
Mar 4 14:34:33 minos kernel: Out of Memory: Killed
I'm trying to install ClamAV on my Fedora Core 1 server. I used yum to
install from the FC repository. It installed version 0.65. I noticed that
on the clamav site that the current release is 0.67 and I found reference to
Petr Kristof's repository (crash.fce.vutbr.cz) and I added that to my
yum
probably yes... but after restarting now it's working good
waiting for new "trouble"
Tomasz Kojm wrote:
On Fri, 05 Mar 2004 13:14:12 +0200
Michael Eglit <[EMAIL PROTECTED]> wrote:
There is problem with scanning attachment with milter
all message with attachment for clam
Trog wrote:
The message you just sent me got stopped:
VIRUS ALERT: Worm.Bagle.Gen-zippwd
Right. I'll be upgrading then :o)
Thanks for your time.
--
Regards
/Franck
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial
On Fri, 05 Mar 2004 09:34:55 +0100
Frank Elsner <[EMAIL PROTECTED]> wrote:
> ACK. So I repeat my request for syslog logging support for freshclam.
OK, request accepted :-)
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
On Fri, 05 Mar 2004 13:14:12 +0200
Michael Eglit <[EMAIL PROTECTED]> wrote:
> There is problem with scanning attachment with milter
>
> all message with attachment for clam are infected:
>
> contained a virus and has not been delivered.
> stream: (null) FOUND
>
> mails without attachm
There was a problem with latest version - memory allocation problem ...
and I install latest version from FreeBSD ports
Nigel Horne wrote:
On Friday 05 Mar 2004 11:14 am, Michael Eglit wrote:
There is problem with scanning attachment with milter
ClamAV ve
On Friday 05 Mar 2004 11:14 am, Michael Eglit wrote:
> There is problem with scanning attachment with milter
> ClamAV version 0.65', clamav-milter version '0.60p under FreeBSD 4.9-STABLE
0.60p is old, what happens when you try an up to date version of the software?
-Nigel
--
Nigel Horne. A
I tried to follow the instructions at
http://www.mail-archive.com/clamav-users%40lists.sourceforge.net/
msg04589.html to install ClamAV.
When trying to 'make' GMP, I get the following error.
libtool: unrecognized option `--tag=CC'
and GMP fails to install. I have a feeling this problem is cau
There is problem with scanning attachment with milter
all message with attachment for clam are infected:
contained a virus and has not been delivered.
stream: (null) FOUND
mails without attachmets are ok ... :(
ClamAV version 0.65', clamav-milter version '0.60p under FreeBSD 4.9-STAB
> Hi there,
>
> I'm trying to get the clamav-milter to work with sendmail. I've made all
> the required changes to the sendmail.cf file, but when I try to restart
> sendmail, I get the error:
> "sendmail: WARNING: Xclmilter'': local socket name
> /var/clamav/clmilter.sock' missing".
>
> I've verif
On Fri, 2004-03-05 at 01:15, Doug Hardie wrote:
> >
> > I just uncommented the thread timeout the last time I restarted clamd
> > a couple minutes ago so I don't know what effect that will have.
ThreadTimeout isn't used in the current CVS version.
> Here is some more information: After running
On Fri, 2004-03-05 at 09:34, Franck wrote:
> Does this mean you want submissions of encrypted zip archives if they
> aren't getting caught?
> 'Cause I'm getting hit by what Symantec identifies as Bagle.J in
> encrypted archives that have slipped by Clam even with the newest
> updates.
The message
On Fri, 2004-03-05 at 09:34, Franck wrote:
> Tomasz Kojm wrote:
>
> > Submission: n/a
> > Sender: Diego d'Ambra
> > Virus name: Worm.Bagle.Gen-zippwd
> > Notes: Generic signature to detect password-protected Bagle zip files
> > The signature matches encrypted zip files.
>
> Does this mean you wan
Tomasz Kojm wrote:
Submission: n/a
Sender: Diego d'Ambra
Virus name: Worm.Bagle.Gen-zippwd
Notes: Generic signature to detect password-protected Bagle zip files
The signature matches encrypted zip files.
Does this mean you want submissions of encrypted zip archives if they
aren't getting caught?
'
On Fri, 05 Mar 2004 08:38:48 +, Trog <[EMAIL PROTECTED]> wrote:
>
> No, it'll match with just the encrypted zip file.
>
Right, disable-archive seems to do the magic...:)
--
Virgo Pärna
[EMAIL PROTECTED]
---
This SF.Net email is s
On Fri, 2004-03-05 at 08:15, Virgo Pärna wrote:
> On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote:
> > On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote:
> >>
> >> Does this mean that 0.67 will now detect the the encrypted versions
> >> regardless of password?
> >
> > Yes.
> >
>
>
On Fri, 05 Mar 2004 08:40:25 +0100 Tomasz Kojm wrote:
> On Thu, 04 Mar 2004 22:00:14 +0100
> Frank Elsner <[EMAIL PROTECTED]> wrote:
>
> > > > > Are you using the same log file for clamd and freshclam ?!
> > > >
> > > > Yes.
> > >
> > > That's a very bad idea.
> >
> > Tell me why. Clamd and fr
On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote:
> On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote:
>>
>> Does this mean that 0.67 will now detect the the encrypted versions
>> regardless of password?
>
> Yes.
>
But it's still usable only with full message scan?
--
Virgo Pä
On Thu, 04 Mar 2004 22:00:14 +0100
Frank Elsner <[EMAIL PROTECTED]> wrote:
> > > > Are you using the same log file for clamd and freshclam ?!
> > >
> > > Yes.
> >
> > That's a very bad idea.
>
> Tell me why. Clamd and freshclam belong together so the logging of
> both
> should go
On Thu, 04 Mar 2004 16:53:01 -0700
Shawn Michael <[EMAIL PROTECTED]> wrote:
> I have looked far and wide for the answer to this (docs, comments in
> source, and the list archives.) and so far I cannot find an answer.
> The question is what kind of digital signature is used to verify the
That's
On Thu, 04 Mar 2004 19:42:36 -0500
Tim B <[EMAIL PROTECTED]> wrote:
> My most humble apologies. I accidentally sent a post I meant for
> clamav-users to clamav-virusdb.
Don't worry - the virsdb@ list only accepts mails from the developers.
--
oo. Tomasz Kojm <[EMAIL PROTECT
77 matches
Mail list logo
