Tom D`Asto wrote:
I'm following the instructions in clamav-0.80/clamav-milter/INSTALL.
My first problem is that the following file does not exist so I can't
add the variable CLAMAV_FLAGS:
Add to /etc/sysconfig/clamav-milter
CLAMAV_FLAGS="local:/var/run/clamav/clmilter.sock"
vim /etc/
I'm following the instructions in clamav-0.80/clamav-milter/INSTALL.
My first problem is that the following file does not exist so I can't
add the variable CLAMAV_FLAGS:
Add to /etc/sysconfig/clamav-milter
CLAMAV_FLAGS="local:/var/run/clamav/clmilter.sock"
The next problem is th
Tom, you've probably tried using Stuffit to extract the archive.
Try tar -xzf sendmail.8.13.1.tar.gz
This should extract it properly.
-- Dale
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Wed, 3 Nov 2004, Tomasz Kojm wrote:
> > > You can probably all see the problem already. IfRaMe is not cought
> > > by our sig. Does this mean 6! (factorial) additional signatures are
>
> Just for the record: the above calculation is also incorrect. There are
> 2^6 (= 64) possibilities (and no
On Wed, 3 Nov 2004, Tomasz Kojm wrote:
> > Matches a case-sensitive regex of: IFRAME={256,}
> > Exploit.IFRAME.foo:*:494652414d453d??{256-}
>
> Bad format.
Thank you for pointing that out, I greatly appreciate your help. Perhaps
I misunderstood what the format meant when I posted the message the
On Wed, 3 Nov 2004 01:35:39 +0100
Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Tue, 2 Nov 2004 16:11:30 -0800 (PST)
> [EMAIL PROTECTED] wrote:
>
> > Matches a case-sensitive regex of: IFRAME={256,}
> >
> > Exploit.IFRAME.foo:*:494652414d453d??{256-}
>
> Bad format.
>
> > You can probably all se
On Tue, 2 Nov 2004 16:11:30 -0800 (PST)
[EMAIL PROTECTED] wrote:
> Matches a case-sensitive regex of: IFRAME={256,}
>
> Exploit.IFRAME.foo:*:494652414d453d??{256-}
Bad format.
> You can probably all see the problem already. IfRaMe is not cought by
> our sig. Does this mean 6! (factorial) addi
und (http://www.k-otik.com/exploits/20041102.InternetExploiter.htm.php),
the following signature should work if I understand correctly. This isn't
perfect and there are many javascripty ways arround it so please add your
thoughts.
Matches a case-sensitive regex of: IFRAME={256
Looks like there is proof of concept code here:
http://felinemenace.org/~nd/crash_ie/ file 2446.html
http://www.securityfocus.com/bid/11515/exploit/
Nelson Minica
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
This just came across the wire and if anyone can find a working exploit to
make a signature for this latest iframe we can jump ahead of new exploits
which are fast coming. I will continue to look for a working exploit and
post a sig when available. We are on the edge of a big outbreak and
exampl
Cali Federico wrote:
Hi all,
analyzing the same e-mail with two different antivirus software I have different
results:
-- ClamAv detects Worm.SomeFool.p virus
-- McAfee WebShield detects both W32/[EMAIL PROTECTED] and Exploit-MIME.gen.c
I know that Worm.SomeFool.p and W32/[EMAIL PROTECTED] are
Hello Trog,
Tuesday, November 2, 2004, 8:47:26 PM, you wrote:
> On Tue, 2004-11-02 at 19:39, Henri van Riel wrote:
> I'm just wondering why there are two processes...
> They aren't processes, they are threads. Clamd spawns new threads to do
> the actual work, and when a worker thread has been id
On Tue, 2004-11-02 at 19:39, Henri van Riel wrote:
> Hello all,
>
> I'm new to ClamAV and this list and I have the following `problem`.
>
> I use clamav together with p3scan but that is irrelevant to my
> question. I first start the clamd deamon and then the p3scan deamon.
> Everything starts jus
Hello all,
I'm new to ClamAV and this list and I have the following `problem`.
I use clamav together with p3scan but that is irrelevant to my
question. I first start the clamd deamon and then the p3scan deamon.
Everything starts just fine. But when I use clamdscan to scan a
directory for instance
Hi all,
analyzing the same e-mail with two different antivirus software I have different
results:
-- ClamAv detects Worm.SomeFool.p virus
-- McAfee WebShield detects both W32/[EMAIL PROTECTED] and Exploit-MIME.gen.c
I know that Worm.SomeFool.p and W32/[EMAIL PROTECTED] are the same but what a
Hello [EMAIL PROTECTED],
> Here is the output from mine run a few minutes ago.
>
> Current working dir is /var/www/html/clamav
> Max retries == 3
> ClamAV update process started at Mon Nov 1 14:21:33 2004
> TTL: 880
> main.cvd version from DNS: 27
> Software version from DNS: 0.80
> Connecting
Hello,
> I got this instead. Meaning i do not have DNSDatabaseInfo?
if you are running ClamAV 0.80 please edit freshclam.conf (usually
installed under /etc/clamav/ or /usr/local/etc/clamav/) and add the
following line:
DNSDatabaseInfo current.cvd.clamav.net
Then run
# freshclam -v
from the
Hello Steven Stern,
> >1) if you run freshclam from crontab, check that you have an entry like
> >the following:
> >
> >N * * * * /usr/local/bin/freshclam --quiet
[snip]
> Are you OK with this?
>
> 12 */2 * * * sleep `expr $RANDOM \% 1800` && /usr/bin/freshclam --quiet
>
> Every other hou
On Fri, 29 Oct 2004 at 11:51:50 +0200, Bogusław Brandys wrote:
> David Nicol wrote:
> >I decided to test cygwin clamscan and it hung after a few hundred files
> >
> >Going to see if winclam has the same difficulties
> >
>
[...]
> What is it "winclam" ? I didn't hear about it.
Most probably David
Le Ven 29 oct 15:46:44 2004, René Berber écrit:
> I found this by accident, trying to run TrippLite's PowerAlert the program
> reported that the port was in use, I checked and clamd was using that TCP
> port. So I checked some more, with Sysinternals' tcpvcon to see what ports
> was the clamd proc
* Roman Suzi <[EMAIL PROTECTED]> [20041102 12:37]: wrote:
>
> Hi,
>
> >From clamd man it is not clear how to disable options which are
> "enabled" by default. Can somebody tell me how to do it?
>
> I want to disable ScanOLE2. What I need
Hi,
>From clamd man it is not clear how to disable options which are
"enabled" by default. Can somebody tell me how to do it?
I want to disable ScanOLE2. What I need to put into config _exactly_?
Thank you!
Sincerely yours, Roman A.Suzi
--
- Petrozavodsk - Karelia - Russia - mailto:[EMAIL PR
22 matches
Mail list logo
