Tomasz Kojm wrote:
b) VirusTotal's site has a more up to date version of ClamAV, using
the builds from here (now and again):
http://www.sosdg.org/clamav-win32/index.php
I don't think so, it seems they're using ClamWin.
Yes, all AV products in VirusTotal are Windows based, that is why we
u
On Sun, 17 Oct 2004, D Walsh wrote:
On Oct 17, 2004, at 22:49, Tomasz Kojm wrote:
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
For those running 0.80rc4 or 0.80 final, you can catch all jpeg
exploits with the following signature (add it to a local.ndb file in
(Regarding clam.exe not being detected as an attachment.)
Robert Haas wrote:
Hmmm... I don't understand why mail.clamzip is properly detected and
mail.clamexe isn't. Please double check it's a proper mail file.
Here is how I am testing this, perhaps there is a problem in how I am
doing so?
On Oct 17, 2004, at 22:49, Tomasz Kojm wrote:
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
For those running 0.80rc4 or 0.80 final, you can catch all jpeg
exploits with the following signature (add it to a local.ndb file in
your database directory):
Exploit.JP
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> For those running 0.80rc4 or 0.80 final, you can catch all jpeg
> exploits with the following signature (add it to a local.ndb file in
> your database directory):
>
> Exploit.JPEG.Comment.FalsePos:5:0:ffd8ff
Te
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Sun, 17 Oct 2004, Tomasz Kojm wrote:
> > On Sun, 17 Oct 2004 14:54:07 +0100 "Steve Basford"
> > <[EMAIL PROTECTED]> wrote:
> >
> > > Can someone test ClamAV with these files:
> > > http://www.hiddenbit.org/de
On Sun, 17 Oct 2004, Tomasz Kojm wrote:
On Sun, 17 Oct 2004 14:54:07 +0100 "Steve Basford" <[EMAIL PROTECTED]> wrote:
> Can someone test ClamAV with these files:
> http://www.hiddenbit.org/demo_files/jpeg.zip
ClamAV is technically prepared to catch those files but they require
more generic signatur
On Mon, 2004-10-18 at 03:27 +0200, Tomasz Kojm wrote:
> I'm almost sure you're still running the old instance of clamd.
> Restarting it should solve the problem.
Sheesh - do I feel STUPID :-)
Thanks. The two examples I had that caused this problem are now exit
status zero - so I'm happy.
Tha
> Hmmm... I don't understand why mail.clamzip is properly detected and
> mail.clamexe isn't. Please double check it's a proper mail file.
Here is how I am testing this, perhaps there is a problem in how I am
doing so?
-
-rw-r--r--1 rob-lists rob-lists 544 Oct 17 17:22 clam.exe
-rw-r-
On Mon, 18 Oct 2004 14:23:59 +1300
Jason Haar <[EMAIL PROTECTED]> wrote:
> On Mon, 2004-10-18 at 03:09 +0200, Tomasz Kojm wrote:
> >
> > Oh, no. It's working just fine:
> >
> > [EMAIL PROTECTED]:/tmp$ clamscan partial-1.eml
> > LibClamAV Warning: Partial message received from MUA/MTA - message
On Mon, 2004-10-18 at 03:09 +0200, Tomasz Kojm wrote:
>
> Oh, no. It's working just fine:
>
> [EMAIL PROTECTED]:/tmp$ clamscan partial-1.eml
> LibClamAV Warning: Partial message received from MUA/MTA - message
> cannot be scanned
> LibClamAV Warning: Descriptor[3]: Bad format or broken data
> pa
On Mon, 18 Oct 2004 03:07:13 +0200
Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Mon, 18 Oct 2004 10:25:37 +1300
> Jason Haar <[EMAIL PROTECTED]> wrote:
>
> > Whoops. Bad form, should have checked the code before sending.
> >
> > I'm afraid your patch is in 0.80 - but isn't working:
> >
> >
> >
On Mon, 18 Oct 2004 10:25:37 +1300
Jason Haar <[EMAIL PROTECTED]> wrote:
> Whoops. Bad form, should have checked the code before sending.
>
> I'm afraid your patch is in 0.80 - but isn't working:
>
>
> Find attached a partial that triggers the error.
Too late...
--
oo. Tom
On Sun, Oct 17, 2004 at 03:40:23PM -0400, D Walsh said:
>
> On Oct 17, 2004, at 11:36, Stephen Gran wrote:
>
> >On Sat, Oct 16, 2004 at 09:51:53AM -0400, D Walsh said:
> >>While I am very happy with clamav, I see room for expansion and
> >>potential in a limited global environment.
> >>
> >>Is it
On 17 Oct 2004 17:54:23 -0500
Robert Haas <[EMAIL PROTECTED]> wrote:
> Now testing an email with clam.exe attached.
>
> [EMAIL PROTECTED] rob-lists]$ clamscan mail.clamexe
> mail.clamexe: OK
>
>
> Same tests with clam.zip
>
> [EMAIL PROTECTED] rob-lists]$ clamscan clam.zip
> clam.zip: ClamAV-T
On Sun, 17 Oct 2004 17:32:44 -0500
Mark Reidenbach <[EMAIL PROTECTED]> wrote:
> After installing clamav 0.80, I was running some tests and came across
>
> something I found quite strange. If I run clamdscan or clamscan on
> the source directory, it finds the virii in the test directory, but if
>
Bingo. What an easy change. Thanks for the quick reply.
- Original Message -
From: "Mark Reidenbach" <[EMAIL PROTECTED]>
To: "ClamAV users ML" <[EMAIL PROTECTED]>
Sent: Sunday, October 17, 2004 7:05 PM
Subject: Re: [Clamav-users] Freshclam: Can't Open /[logfile] in append Mode
> Hi Mi
Hi Mike. I can recreate this problem if I don't have execute
permissions on /var/log. If you do a "chmod o+x /var/log" I bet the
problem will go away.
Regards,
Mark Reidenbach
Mike McCandless wrote:
I have clamav 0.75.1 on FC2. As root, when I run the command freshclam (no
options at all), I
>From the command line both clamscan and clamdscan recognize the
clamav-test-file signature when checking clam.exe. Yet, when sent as an
email attachment it is no longer being detected by either, although the
clam.zip archive containing the clam.exe executable is being properly
detected.
I apologi
I have clamav 0.75.1 on FC2. As root, when I run the command freshclam (no
options at all), I get:
ERROR: Can't open /var/log/clamav/freshclam.log in append mode.
ERROR: Problem with internal logger.
The permissions of what I would think is relevant are as follows:
drwxrwxr-x 2 clamav clamav 4
After installing clamav 0.80, I was running some tests and came across
something I found quite strange. If I run clamdscan or clamscan on the
source directory, it finds the virii in the test directory, but if I
scan the source tarball, it reports 0 of the test virii found. Even
stranger, if I
Whoops. Bad form, should have checked the code before sending.
I'm afraid your patch is in 0.80 - but isn't working:
Find attached a partial that triggers the error.
bash$ clamdscan -V
ClamAV 0.80/533/Sun Oct 17 14:09:44 2004
bash$ clamdscan Test_Emails//partial-1.eml
partial-1.eml: Bad forma
On Fri, Oct 15, 2004 at 02:06:54AM +0200, Tomasz Kojm wrote:
> On Fri, 15 Oct 2004 12:03:51 +1300
> Jason Haar <[EMAIL PROTECTED]> wrote:
>
> > I've got a message being unable to be delivered via Qmail-Scanner
> > because clamdscan is reporting "Bad format or broken data ERROR" when
> > processing
On 10/17/2004 10:14 PM +0200, Steve Basford wrote:
Thanks Jotti ! Really awesome site ! Good work!
It's a very useful site, along with VirusTotal's site.
Before I go anymore off-topic, just two points to note:
a) Jotii isn't running the very lastest CVS version, he will only
run the lastest STABL
On Sun, 17 Oct 2004 21:14:00 +0100
"Steve Basford" <[EMAIL PROTECTED]> wrote:
> b) VirusTotal's site has a more up to date version of ClamAV, using
> the builds from here (now and again):
> http://www.sosdg.org/clamav-win32/index.php
I don't think so, it seems they're using ClamWin.
--
oo
Thanks Jotti ! Really awesome site ! Good work!
It's a very useful site, along with VirusTotal's site.
Before I go anymore off-topic, just two points to note:
a) Jotii isn't running the very lastest CVS version, he will only
run the lastest STABLE version, so it won't cope too well with the .CAB/U
Steve Basford wrote:
Just use http://www.virustotal.com/ - excellent resource for scanning
suspicious files with multiple engines at once. As mentioned in the
Thanks all for the checking... as a extra site to bookmark, this site is
good too:
http://virusscan.jotti.dhs.org/ ( Jotti's malware sc
Just use http://www.virustotal.com/ - excellent resource for scanning
suspicious files with multiple engines at once. As mentioned in the
Thanks all for the checking... as a extra site to bookmark, this site is
good too:
http://virusscan.jotti.dhs.org/ ( Jotti's malware scan: samples are added
Hi,
Vernon A. Fort wrote:
Vernon A. Fort wrote:
Steve Basford wrote:
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
> Tested with McAfee uvscan, Avgscan, clamscan. Only uvscan detected a
> virus
>
>Found the Exploit-MS04-028 trojan !!!
>
> I also have sophos but not currently installed. I tested both on the
> uncompress zip and uncompressed. Again, only McAcee Uvscan detected
> anything.
>
> Vernon
Just
Vernon A. Fort wrote:
Steve Basford wrote:
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
http://lists.clam
Steve Basford wrote:
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
http://lists.clamav.net/cgi-bin/mailman
On Sun, 17 Oct 2004 14:54:07 +0100
"Steve Basford" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Can someone test ClamAV with these files:
>
> http://www.hiddenbit.org/demo_files/jpeg.zip
ClamAV is technically prepared to catch those files but they require
more generic signatures that can produce false
On Sat, Oct 16, 2004 at 09:51:53AM -0400, D Walsh said:
> While I am very happy with clamav, I see room for expansion and
> potential in a limited global environment.
>
> Is it possible to have clamd on other servers utilize the db files on a
> dedicated server in a local network?
>
> I think t
On Sun, 17 Oct 2004 02:12:13 -0500
Thomas Cameron <[EMAIL PROTECTED]> wrote:
> Howdy all -
>
> I am not a programmer so please bear with me.
>
> I just tried to build clamav-0.80rc4 (--sysconfdir=/etc --prefix=/usr
> -- enable-milter) on an Athlon64 (x86_64) and I end up with this:
>
> gcc -O2
On Sun, 17 Oct 2004, Steve Basford wrote:
> Hi,
>
> Can someone test ClamAV with these files:
>
> http://www.hiddenbit.org/demo_files/jpeg.zip
[westnet]:~$ clamdscan - http://www.westnet.com/
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav
Hi,
Can someone test ClamAV with these files:
http://www.hiddenbit.org/demo_files/jpeg.zip
Source:
http://lists.netsys.com/pipermail/full-disclosure/2004-October/027530.html
Cheers,
Steve
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-use
On Sun, 17 Oct 2004 03:18:11 -0500
Thomas Cameron <[EMAIL PROTECTED]> wrote:
> On Sun, 2004-10-17 at 02:12 -0500, Thomas Cameron wrote:
> > Howdy all -
> >
> > I am not a programmer so please bear with me.
> >
> > I just tried to build clamav-0.80rc4 (--sysconfdir=/etc
> > --prefix=/usr -- enabl
Thomas Cameron wrote:
On Sun, 2004-10-17 at 02:12 -0500, Thomas Cameron wrote:
Sorry should have mentioned - this is on a Fedora Core 2 box with all
updates applied as of today. RC3 builds just fine on this box.
It's an AMD64. uname -a gives:
Linux strongbox.example.com 2.6.8-1.521 #1 Mon Aug 16
On Sun, 2004-10-17 at 02:12 -0500, Thomas Cameron wrote:
> Howdy all -
>
> I am not a programmer so please bear with me.
>
> I just tried to build clamav-0.80rc4 (--sysconfdir=/etc --prefix=/usr --
> enable-milter) on an Athlon64 (x86_64) and I end up with this:
>
> gcc -O2 -g -o freshclam outpu
On Sun, 2004-10-17 at 17:41 +1000, Bill Maidment wrote:
> Thomas Cameron wrote:
> > All -
> >
> > Please bear with me, I am not a programmer so this might be something
> > silly I don't know about.
> >
>
> Programmers do silly things as well :-)
>
> Try rc4. It's working for me on a dual Optero
Thomas Cameron wrote:
All -
Please bear with me, I am not a programmer so this might be something
silly I don't know about.
Programmers do silly things as well :-)
Try rc4. It's working for me on a dual Opteron.
Cheers
--
_/_/_/_/ _/ _/
_/_/ _/ _/ _/
_/_/_/_/ _/
On Sun, 2004-10-17 at 02:24 -0500, Thomas Cameron wrote:
> All -
>
> Please bear with me, I am not a programmer so this might be something
> silly I don't know about.
>
> Compiling rc3 (--sysconfdir=/etc --prefix=/usr --enable-milter) and I
> get the following errors:
>
> *** Warning: linker pat
All -
Please bear with me, I am not a programmer so this might be something
silly I don't know about.
Compiling rc3 (--sysconfdir=/etc --prefix=/usr --enable-milter) and I
get the following errors:
*** Warning: linker path does not have real file for library -lbz2.
*** I have the capability to m
Howdy all -
I am not a programmer so please bear with me.
I just tried to build clamav-0.80rc4 (--sysconfdir=/etc --prefix=/usr --
enable-milter) on an Athlon64 (x86_64) and I end up with this:
gcc -O2 -g -o freshclam output.o cfgparser.o getopt.o memory.o misc.o
freshclam.o options.o manager.o
45 matches
Mail list logo
