Hi
I,ve install clamav 0.70rc vs milter support.
Clamav-milter detect viruses well, but I check all incoming mail via
procmail(clamscan) additionaly. And clamscan detect some viruses sometime
(SomeFool-Gen and others).
Why milter doesn't detect that viruses???
I've FreeBSD 5.2.1p1, Sendmail 8.1
Hi
On Wed, 17 Mar 2004 17:29:27 +0100
"Diego d'Ambra" <[EMAIL PROTECTED]> wrote:
> > Submission: 2021
> > Sender: Korchmenuk Nickolay
> > Submitted virus name: Win32.HLLM.MyDoom.32768
> > Notes: Triple bounced e-mail with Worm.SCO.A. If
> > Notes: attachment is extracted virus is detected.
> > Add
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Fajar A. Nugraha
> Sent: Tuesday, March 16, 2004 6:53 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Glibc and different versions of clam
>
> >
> The temporary solution is to make sure
On Wednesday 17 Mar 2004 10:47 pm, pi wrote:
> I want each mail detected as 'with a virus' to be forwarded in a special
> mailbox ([EMAIL PROTECTED])
Use the --quarantine=EMAILADDRESS option of clamav-milter.
For more information see 'man 8 clamav-milter'.
> Phil
-Nigel
--
Nigel Horne. Arrang
I am running devel snapshot 20040415 on FreeBSD 4.9.
I'm having a problem with clamd, the process randomly hanging on either
reloading the database and sometimes scanning mbox files. It's very
strange. When the processes hangs clamd is using 99.9% of the CPU (so says
top) until it eventually rel
Normal if you didn't configure any scheduled job, try to exec "freshclam"
(bin) and see what happen. For other options look into "freshclam.conf".
-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] nombre de Bit Fuzzy
Enviado el: miércoles, 17 de marzo de 2004 14:46
Para:
Edward W. Ray wrote:
Nope. /dev/urandom errors persist.
Did you use --disable-urandom during ./configure ? It should not read
/dev/urandom anymore with that option.
What linux version (or to be more specific : glibc version) are you using?
I might be able to provide a tested binary (which wor
Bit Fuzzy wrote:
First I'd like so say "GREAT PROGRAM!!!"
I notice in my logs that main.cvd isn't (or hasn't) been updating is this
Yes, it is. New viruses are added in daily.cvd. Once in a while those
signatures
are merged in daily.cvd.
normal?
Also, I'm currently using ClamAV 0.67 should
lamav 0.67 called by amavisd-new called by postfix on my Fedora
gateway, and it detected everything except Fragment and CLSID from
www.testvirus.org.
So that setup at least will decode BinHex attachments.
However, when I tested devel-20040317 built on my 10.3.3 client machine,
it failed to dete
First I'd like so say "GREAT PROGRAM!!!"
I notice in my logs that main.cvd isn't (or hasn't) been updating is this
normal?
Also, I'm currently using ClamAV 0.67 should I upgrade to 0.70 etc as they
become available?
or will the updated functionality be included in my update process?
Thanks in ad
On Wednesday 17 Mar 2004 9:54 pm, Jim Maul wrote:
> Is this enabled by default?
It is enabled when you enable 'ScanMail' in clamav.conf, or use the --mbox option to
clamscan.
> Jim
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED]
Hello everybody,
I'm not sure it's the right place to post, but I don't know where to post.
So, please, be patient.
I downloaded, installed and configured clamav (everything works great)
I also installed clamassassin to filter mails (just like spamassassin
for the spam).
Here's my problem:
I wa
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Thomas
> Lamy
> Sent: Wednesday, March 17, 2004 3:43 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV
> version devel-20040316 on OSX+CGPro
>
>
> Sorry,
-- On Wednesday, March 17, 2004 9:42 PM +0100 Thomas Lamy <[EMAIL PROTECTED]> wrote:
I agree here. It just comes down to:
- Have you enabled the ScanMail and ScanArchive options in your clamav.conf, or are
you using clamscan --mbox? If
not, this is the culprit.
just re-checked,
ScanMail & Sca
-- On Wednesday, March 17, 2004 8:28 PM + Nigel Horne <[EMAIL PROTECTED]> wrote:
Have you enabled 'ScanMail' in clamav.conf?
yes I have
fyi, ClamAV *is* regularly & successfully scanning/catching most of the viral traffic I see
every once in awhile one still sneaks by, altho i couldn't
On redhat 7.3 to continue my earlier statement I am using .68 (dag rpm)
but it has a problem with the daemon, so I am currently just running
clamscan, not clamdscan while I troubleshoot.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State Univ
I have had no problems running the following clamav versions.
clamav-0.67-6 on debian testing
clamav-0.68 from dag on redhat 7.3
These are both production mail servers.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Mo
Jim Maul schrieb:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
OpenMacNews
Sent: Wednesday, March 17, 2004 11:27 AM
To: ClamAV Users List
Subject: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV
version devel-20040316 on OSX+CGPro
hi,
ClamAV ve
Have you enabled 'ScanMail' in clamav.conf?
-Nigel
On Wednesday 17 Mar 2004 4:26 pm, OpenMacNews wrote:
> hi,
>
> ClamAV version devel-20040316, built on OSX 10.3.3, and integrated into
> CommunigatePro 4.1.8, is consistently failing to detect the following Eicar
> tests from www.testvirus.org:
>
On Monday 15 Mar 2004 5:43 pm, Stuart Mycock wrote:
> When I rip out the attachment manually it detects the virus fine.
>
> Shall I submit the sample anyway? I don't want to waste anyone's time if
> this is something that's already being dealt with?
Send me the e-mail and I'll look into it.
-Nig
ndering if there has been any resolution on this issue.
>
> I'm using 3.4, too.
>
>
I installed the latest csv and everything seems to work ok. I feed a
saved-infected message and amavisd-new reported in the log:
Mar 17 13:38:17 TECHGATE1 amavis[8104]: (08104-04) INFECTED
(Wo
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> OpenMacNews
> Sent: Wednesday, March 17, 2004 11:27 AM
> To: ClamAV Users List
> Subject: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV
> version devel-20040316 on OSX+CGPro
>
>
> hi,
>
> Cla
It seems that ScanMail is broken since 0.68 (it appears broken in 0.70-rc
as well). eicar standard test virus is no longer recognized when attached
in an email messages. The same setup works fine with clamav-0.67.
-Igor
On Wed, 17 Mar 2004, trustem dotcom wrote:
> Upgraded to clamd 0.70-rc on
Nope. /dev/urandom errors persist.
At this point I have multiple copies of different versions of ClamAV
scattered all over my mail server. I am running out of room for my mail
server to do its primary job, which is as a mail server. I think I will
take a step back, clean out my hard drive of al
Stephan,
On Wed, 2004-03-17 at 11:11, Stephan von Krawczynski wrote:
> is there a simple way to check if running clamd is still alive?
http://mikecathey.com/code/clamdwatch/
I believe it's in the $src/contrib directory as well.
Cheers,
Mike
--
I noticed that the DataDirectory directive in the clamav.conf has
changed in recent versions to DatabaseDirectory. Are both valid and
will they remain so? I don't see any notes in the docs or ChangeLog or
the list archives regarding this change.
Thanks.
--
Dennis Skinner
Systems Administrator
Stephan von Krawczynski wrote:
Hello all,
is there a simple way to check if running clamd is still alive? I lately
experienced hanging and therefore would like to check via cron...
I read something about a PING clamd command in the docs, but couldn't really
find out how that works.
Regards,
Stepha
david wrote:
I installed version clamav-0.67-1 as an rpm.
However upon trying to update I get this...
ClamAV update process started at Tue Mar 16 18:42:49 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./e456f6640da6112f to w
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Korchmenuk Nickolay
> Sent: 17. marts 2004 15:53
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] why don't detect
>
> Submission: 2021
> Sender: Korchmenuk Nickolay
> Submitted virus nam
David,
See below.
On Mar 17, 2004, at 8:00 AM, david wrote:
Hi
I am a new user of clam.
I installed version clamav-0.67-1 as an rpm.
However upon trying to update I get this...
ClamAV update process started at Tue Mar 16 18:42:49 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading
Tomasz Kojm wrote:
On Mon, 15 Mar 2004 10:01:00 -0600
Keith Murphy <[EMAIL PROTECTED]> wrote:
I'm suddenly seeing this:
clamscan Notepad.exe
Notepad.exe: W32.Ladmar.A FOUND
Fixed - please run freshclam.
That fixed it - thanks a heap.
(Due to a quirk in my mailreader, I was not seeing the upd
On Wed, 2004-03-17 at 15:05, Mark Novak wrote:
> Trog,
>
> Where do you want them posted? I have Mac Office on OSX Panther.
>
Email will be fine. Or any web/ftp server if email is a problem.
Thanks
-trog
signature.asc
Description: This is a digitally signed message part
hi,
ClamAV version devel-20040316, built on OSX 10.3.3, and integrated into CommunigatePro 4.1.8, is consistently failing
to detect the following Eicar tests from www.testvirus.org:
Test #5: Eicar virus sent using BinHex encoding
Test #8: Eicar virus sent using BinHex encoding wit
Hello all,
is there a simple way to check if running clamd is still alive? I lately
experienced hanging and therefore would like to check via cron...
I read something about a PING clamd command in the docs, but couldn't really
find out how that works.
Regards,
Stephan
--
On Wed, 2004-03-17 at 06:51, Tomasz Kojm wrote:
> On Wed, 17 Mar 2004 12:53:43 +0100
> "daniele" <[EMAIL PROTECTED]> wrote:
>
> > I've installed clamav-0.60 and also 0.65 , but when sendmail must send
> > a message with file .exe creates with winrar 3.x, it doesen't permite
> > the operation becau
I have a couple 'it would be nice if...' requests
regarding clamd's logging.
1) Log the version of clamd when it starts.
2) Log the version of databases when they are loaded
or reloaded.
THANKS!
Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC USA
__
Do you Yaho
Upgraded to clamd 0.70-rc on Solaris 9 sparc.
A few minor issues we have observed:
1) When trying to stop clamd (SIGTERM), clamd claims
to exit successfully (see log, below) but hangs
forever. Have to give it a SIGKILL to actually
terminate the process.
2) Have not had enough time to adequate
On Mar 16, 2004, at 10:13 PM, Steven P. Donegan wrote:
Fajar A. Nugraha wrote:
Steven P. Donegan wrote:
Hmmm, I just do a freshclam from chron rather than let it run as a
daemon - as a new user (I just downloaded, installed, integrated
with my anti-spam/anti-virus proxy - home built, today). I
After updating to v0.70-rc I've noticed, that the owner of the
database directories (/usr/local/share/clamav on my linux box) changes
to clamav but clamav runs on my box under user amavisd, so do
freshclam - this cause permission problems when a new database update
comes in.
Maybe you could change
On Wednesday 17 March 2004 13:21, you wrote:
> The file is signed by Tomasz Kojm. His PGP key is available at
> http://www.clamav.net/gpg/tkojm.gpg , among others.
Directions greatly appreciated. I fetched Kojm's key-file and verified the
signature on the downloaded software without problems. I'
Trog,
Where do you want them posted? I have Mac Office on OSX Panther.
Thanks,
Mark
On Mar 17, 2004, at 5:51 AM, Trog wrote:
I order to test the clam VBA decoder, I need some samples of MacOffice
documents.
** They MUST have VBA in them in order to be of any use. **
I don't care if they cont
Hi
I've question about my mbox-submission:
Submission: 2021
Sender: Korchmenuk Nickolay
Submitted virus name: Win32.HLLM.MyDoom.32768
Notes: Triple bounced e-mail with Worm.SCO.A. If
Notes: attachment is extracted virus is detected.
Added: No
Could you say why clamscan and clamdscan didn't d
Hi
I am a new user of clam.
I installed version clamav-0.67-1 as an rpm.
However upon trying to update I get this...
ClamAV update process started at Tue Mar 16 18:42:49 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./e456f
On Wed, 17 Mar 2004 12:53:43 +0100
"daniele" <[EMAIL PROTECTED]> wrote:
> I've installed clamav-0.60 and also 0.65 , but when sendmail must send
> a message with file .exe creates with winrar 3.x, it doesen't permite
> the operation because founds a trojan.orcamento virus in in the
> archive (not
On Wed, 17 Mar 2004 10:57:14 +0100
"Johnny Johansen" <[EMAIL PROTECTED]> wrote:
> Hi ,
>
> I'm considering using ClamAV, and I have downloaded the latest
> softwareversion including the digital signature file. I want to verify
>
> (GPG) the signature before trying to use the software, but I can
I have been running Clam since v0.65 and have found the product to be
excellent in our enviroment.
I recently upgraded to development version because of the dreaded Bagle
virus and adjusted my freshclam settings within clamav.conf to allow for
proxy and authentication. Everything has been working
* Johnny Johansen <[EMAIL PROTECTED]> [20040317 13:33]: wrote:
> Hi ,
>
> I'm considering using ClamAV, and I have downloaded the latest
> softwareversion including the digital signature file. I want to verify
> (GPG) the signature before trying to use the softwar
I order to test the clam VBA decoder, I need some samples of MacOffice
documents.
** They MUST have VBA in them in order to be of any use. **
I don't care if they contain viruses or just other VBA code (but if they
contain viruses, please zip with the password of 'virus').
If you have privacy co
I've installed clamav-0.60 and also 0.65 , but when sendmail must send a
message with file .exe creates with winrar 3.x, it doesen't permite the
operation because founds a trojan.orcamento virus in in the archive (not if
created with winrar 2.x)
why?
thanks
Doug Hardie erote:
> The problem I encountered has now been identified and I have
> a working
> clamd that does not hang. I compiled it two different ways and both
> worked. The problem was /dev/urandom returning either a -1 or a 0.
> Either of those will cause others.c to hang as it does
Alex S Moore wrote:
> On Mon, 15 Mar 2004 14:45:27 -0600
> Alex S Moore <[EMAIL PROTECTED]> wrote:
>
>
>>Been having problems lately. Using clamav-milter on Solaris 9 with
>>version 0.67-1 (whatever the latest release is). It has been working
>>brilliantly for months. Recently, I started getti
Hi, I had to disable a signature in the db file because we were having a
lot of false positives (or at least too many alerts).
I simply deleted the line in the db file, now I wonder whether the
signature will be put back in the db when running freshclam.
PS:
The signature was Trojan.URLspoof.gen
Le mar 16/03/2004 à 17:31, Chris Meadors a écrit :
> > Submission: 2005
> > Sender: Fisher
> > Submitted virus nam"ArchiveDetectEncrypted"e: Unknown Virus
> > Virus name: Worm.Bagle.Gen-rarpwd
> > Notes: Signature added through daily.cvd version 187 to
> > Notes: detect password protected RAR file
Hi ,
I'm considering using ClamAV, and I have downloaded the latest
softwareversion including the digital signature file. I want to verify
(GPG) the signature before trying to use the software, but I can't find
the public key matching the secret key used for signing. I tried to search
the mail
On Tue, 16 Mar 2004, Alex S Moore wrote:
> Are you using GNU compiler and make? I found that my problems started with
> clamav code changes somewhere this month. I have been using Sun's compiler
I'm using Gnu compiler but Solaris make
I've installed version 0.70 rc . No problems up to now
On Tue, 16 Mar 2004, Bugs wrote:
>
> I saw the same thing after I downloaded the new binaries for
> our Tru64 server.
>
> I did some testing and found that when I used the previous
> clamdscan binary, everything worked again. It even picks up
> viruses that were missed before, and caught by our "b
On Tue, 16 Mar 2004, Fajar A. Nugraha wrote:
> was your /tmp full ?
Sorry, my fault -but I've rebooted first, and
started thinking next :-) But no messages
about /tmp full in syslogs.
Krzysztof Snopek
---
This SF.Net email
Lynn Duerksen wrote:
>> Thats the point, if clamav would have detected the virus in
>> the original mail I wouldn't have posted here... :)
>
> I am experiencing similar problems on my OpenBSD 3.4 box and was
> wondering if there has been any resolution on this issue.
I'm using 3.4, too.
--
58 matches
Mail list logo
