John Madden wrote:
Several times now, we've been burned by virii that are picked up by other
virus scanners when ClamAV doesn't yet have the signature. Within a
couple of hours, when the bulk of the threat has already passed, Clam then
catches up. Mydoom.M-2 was the virus of the day today.
What i
> Thanks, it's 2:50 a.m. here. The whole team is working hard in its free
> time and sometimes I must take that unrewarding position and protect
> our cave ;-) even if I may sound harsh and boorish.
No one's attacking your cave.
Fact of the matter is, for whatever reason, we had GB's of this viru
On Wed, 16 Feb 2005 20:37:23 -0500
Rick Macdougall <[EMAIL PROTECTED]> wrote:
> Have a good day/night Tomasz, you are doing incredible work.
Thanks, it's 2:50 a.m. here. The whole team is working hard in its free
time and sometimes I must take that unrewarding position and protect
our cave ;-) ev
Tomasz Kojm wrote:
On Wed, 16 Feb 2005 20:27:27 -0500
Rick Macdougall <[EMAIL PROTECTED]> wrote:
Two of them have been published, one (some trojan, i.e. low priority) is
still waiting for its turn:
Page(s): << 1 >>
Found 3 submissions - Total results (1 pages)
Cool, I'm a hero :)
But I nev
On Wed, 16 Feb 2005 20:27:27 -0500
Rick Macdougall <[EMAIL PROTECTED]> wrote:
>
>
> Tomasz Kojm wrote:
> > On Wed, 16 Feb 2005 20:04:55 -0500 (EST)
> > "John Madden" <[EMAIL PROTECTED]> wrote:
> >
> >
> >>>Found 0 submissions - Total results (0 pages)
> >>>
> >>>(on both your name and "ivytech
Tomasz Kojm wrote:
On Wed, 16 Feb 2005 20:04:55 -0500 (EST)
"John Madden" <[EMAIL PROTECTED]> wrote:
Found 0 submissions - Total results (0 pages)
(on both your name and "ivytech")
Uh. 'Guess I can't explain that, unless submissions for
already-submitted virii don't count.
They count so this is
On Wed, 16 Feb 2005 20:04:55 -0500 (EST)
"John Madden" <[EMAIL PROTECTED]> wrote:
> > Found 0 submissions - Total results (0 pages)
> >
> > (on both your name and "ivytech")
>
> Uh. 'Guess I can't explain that, unless submissions for
> already-submitted virii don't count.
They count so this is
> Found 0 submissions - Total results (0 pages)
>
> (on both your name and "ivytech")
Uh. 'Guess I can't explain that, unless submissions for already-submitted
virii don't count.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech State College
[EMAIL PROTECTED]
___
On Wed, 16 Feb 2005 19:04:25 -0500 (EST)
"John Madden" <[EMAIL PROTECTED]> wrote:
> managers want to buy AV licenses.
Is that bad?
It's always good to have two or more e-mail virus scanners if
resources & funds allow that.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\..
On Wed, 16 Feb 2005 18:56:32 -0500 (EST)
"John Madden" <[EMAIL PROTECTED]> wrote:
> > Have you submitted any sample for the last two years?
>
> Yes, when appropriate, which I believe has been thrice. (We haven't
> been on Clam for that long, though.)
Found 0 submissions - Total results (0 pages)
John Madden wrote:
> "well, something must be wrong with *your* virus scanner, because the
> one over *here* in *Exchange* caught it."
I think it's inherently a good thing to run multiple virus scanners from
different vendors. Sometimes ClamAV will update first, sometimes other vendors
will upd
> I agree with Christopher that this has been the exact opposite experience
> that
> I have had.
Hmm.
Are there factors that can affect freshclam's performance? I got the
Mydoom.M-2 sig at 17:10EST today. When was it available? (The mailing
list archive doesn't appear to yet reflect today's up
On Wednesday 16 February 2005 05:08 pm, John Madden wrote:
> Several times now, we've been burned by virii that are picked up by other
> virus scanners when ClamAV doesn't yet have the signature. Within a
> couple of hours, when the bulk of the threat has already passed, Clam then
> catches up. M
> In any case, Clam is a user supported project. ALL viruses are submitted
> by
> end users. So, the only way response will get any better is if you submit
> new viruses you receive that get by clam.
>
> It's not going to 'improve' any other way.
Well, that'd be my assumption as well. What I'm po
> Have you submitted any sample for the last two years?
Yes, when appropriate, which I believe has been thrice. (We haven't been
on Clam for that long, though.)
John
--
John Madden
UNIX Systems Engineer
Ivy Tech State College
[EMAIL PROTECTED]
___
On Wed, 16 Feb 2005, John Madden wrote:
> Hmm. For example, Clam was about 2 hours behind McAfee's "update" of the
> 2/16/05 MyDoom variant.
Odd.
In any case, Clam is a user supported project. ALL viruses are submitted by
end users. So, the only way response will get any better is if you submi
On Wed, 16 Feb 2005 18:38:38 -0500 (EST)
"John Madden" <[EMAIL PROTECTED]> wrote:
> > You haven't submitted anything on our site.
>
> I would've today, had I not been off-site at a conference. Trouble
> is, by the time I receive a copy, it's too late. I suppose it's a
> perception problem with
> You haven't submitted anything on our site.
I would've today, had I not been off-site at a conference. Trouble is, by
the time I receive a copy, it's too late. I suppose it's a perception
problem with our users more than anything.
> Actually you're an egoist.
How so?
John
--
John Madden
>> Several times now, we've been burned by virii that are picked up by
>> other
>> virus scanners when ClamAV doesn't yet have the signature. Within a
>
> This is the exact opposite of our experience.
Hmm. For example, Clam was about 2 hours behind McAfee's "update" of the
2/16/05 MyDoom variant
On Wed, 16 Feb 2005 18:08:01 -0500 (EST)
"John Madden" <[EMAIL PROTECTED]> wrote:
> Several times now, we've been burned by virii that are picked up by
> other virus scanners when ClamAV doesn't yet have the signature.
> Within a couple of hours, when the bulk of the threat has already
> passed,
On Wed, 16 Feb 2005, John Madden wrote:
> Several times now, we've been burned by virii that are picked up by other
> virus scanners when ClamAV doesn't yet have the signature. Within a
This is the exact opposite of our experience.
How often do you run freshclam ?
Several times now, we've been burned by virii that are picked up by other
virus scanners when ClamAV doesn't yet have the signature. Within a
couple of hours, when the bulk of the threat has already passed, Clam then
catches up. Mydoom.M-2 was the virus of the day today.
What is being done to ge
vaida bogdan wrote:
Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:
WIN-
WIN- GW1- -MAIL SERVER- -GW2
On Wed, 16 Feb 2005 15:02:57 -0700
Hal Goldfarb <[EMAIL PROTECTED]> wrote:
> alert packagers to get a jump? Maybe 2 or 3 days before the support
> for the previously supported code is abandoned. Maybe won't work,
You're still missing the point here. Please read my yesterday's posts.
--
o
On Wednesday 16 February 2005 09:30, John Gallagher wrote:
> Your right 99.% of the people using computers are not Unix Admins. But
> they sure have an impact on the amount of traffic generated by infected
> systems sending email.
>
> While I agree that you should not hold up any code just so
On February 16, 2005 12:13 pm, vaida bogdan wrote:
> Hy, I use postfix+mailscanner on my mail server to block a lot of
> virii comming from my internal network. I would like to implement a
> solution to block virii traffic on the internal gateway. The network
> looks like this:
> WIN-
> WIN- ---
On Feb 16, 2005, at 3:13 PM, vaida bogdan wrote:
Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:
WIN-
WIN- GW1- ---
Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:
WIN-
WIN- GW1- -MAIL SERVER- -GW2
WIN-
One WIN
On Wed, 16 Feb 2005 19:05:22 +0200
Scott Ryan <[EMAIL PROTECTED]> wrote:
> What is that limit?
libclamav/scanners.c:
#define MAX_MAIL_RECURSION 15
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
\..._
On Wed, Feb 16, 2005 at 02:21:40PM -0300, Gabriel Carini said:
> Hello everybody !
>
> I get mail from a remote pop server with fetchmail.
> How can I have user´s mail scanned with clam antivirus before mails are
> appended to /var/spool/mail/user
> If possible without using procmail
> Can anybody
Hello everybody !
I get mail from a remote pop server with fetchmail.
How can I have user´s mail scanned with clam antivirus before mails are
appended to /var/spool/mail/user
If possible without using procmail
Can anybody help ?
Thanks !!
PD: I´m using Fedora Core
On Wednesday 16 February 2005 18:43, Tomasz Kojm shaped the electrons to say:
> On Wed, 16 Feb 2005 17:51:28 +0200
>
> Scott Ryan <[EMAIL PROTECTED]> wrote:
> > I will just have to allow these types of mails to go unscanned. Four
> > minutes to scan 1 will cause a DOS.
>
> So increase the number o
On Wed, 16 Feb 2005 17:51:28 +0200
Scott Ryan <[EMAIL PROTECTED]> wrote:
> I will just have to allow these types of mails to go unscanned. Four
> minutes to scan 1 will cause a DOS.
So increase the number of MaxThreads...
> Would it be possible to request that some kind of recursion limit be
>
On Wed, 16 Feb 2005 18:23:51 +0200 in
[EMAIL PROTECTED] Peter Hubbard
<[EMAIL PROTECTED]> wrote:
> > That would be bad idea since it would be v. easy for a virus writer
> > to get around.
>
> Okay. How about an option to dump an email - or flag it as a
> *possible* virus - if a specified recu
On Wed, 16 Feb 2005 14:57:16 +0100
Tarjei Knapstad <[EMAIL PROTECTED]> wrote:
> Nobody is whining here Dennis.
>
> I was asking a question about what the zlib warning was all about. The
www.zlib.net:
"October 3rd, 2004
Version 1.2.2 eliminates a potential security vulnerability in zlib
1.2.1,
On Wed, 16 Feb 2005 15:02:59 +0100
Tarjei Knapstad <[EMAIL PROTECTED]> wrote:
> On Tue, 2005-02-15 at 17:15, Trog wrote:
> > On Tue, 2005-02-15 at 17:07 +0100, Tarjei Knapstad wrote:
> > > I've got a mail server here running RH8 (yes, yes I know... :)),
> > > and when trying to build clamav 0.83 R
On Tue, 15 Feb 2005 22:00:57 -0500
Dale Walsh <[EMAIL PROTECTED]> wrote:
> I've noticed the use of libbz2 in building ClamAV, this limits the
> scan to zipped files, would libz not allow tar and gz files to be
> scanned and make a better choice?
libbz2 and libz are two different things.
--
Your right 99.% of the people using computers are not Unix Admins. But
they sure have an impact on the amount of traffic generated by infected
systems sending email.
While I agree that you should not hold up any code just so you can do a
release across the board. In the long run we all ben
On Wed, 2005-02-16 at 16:00 +, Nigel Horne wrote:
> On Wednesday 16 Feb 2005 15:51, Scott Ryan wrote:
>
> > Would it be possible to request that some kind of recursion limit be added
> > here like there currently is on zip files?
>
> That would be bad idea since it would be v. easy for a vir
Tarjei Knapstad wrote:
On Wed, 2005-02-16 at 15:11, Trog wrote:
On Wed, 2005-02-16 at 14:57 +0100, Tarjei Knapstad wrote:
On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
A simple search in the archive for "zlib 1.2.2" turns this up:
http://lurker.clamav.net/message/20041103.143255.97fa22ec.en
On Wednesday 16 Feb 2005 15:51, Scott Ryan wrote:
> Would it be possible to request that some kind of recursion limit be added
> here like there currently is on zip files?
That would be bad idea since it would be v. easy for a virus writer to get
around.
--
Nigel Horne. Arranger, Composer, Ty
On Wednesday 16 February 2005 17:34, Nigel Horne shaped the electrons to say:
> On Wednesday 16 Feb 2005 15:15, Scott Ryan wrote:
> > On Wednesday 16 February 2005 16:26, Nigel Horne shaped the electrons to
say:
> > > On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
> > > > FOUR MINUTES, 13 SECOND
On Wed, 2005-02-16 at 15:11, Trog wrote:
> On Wed, 2005-02-16 at 14:57 +0100, Tarjei Knapstad wrote:
> > On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
>
> A simple search in the archive for "zlib 1.2.2" turns this up:
>
> http://lurker.clamav.net/message/20041103.143255.97fa22ec.en.html
On Wednesday 16 Feb 2005 15:15, Scott Ryan wrote:
> On Wednesday 16 February 2005 16:26, Nigel Horne shaped the electrons to say:
> > On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
> > > FOUR MINUTES, 13 SECONDS for an 800k email.
> >
> > Look at the file again. It is NOT an 800k mail. It is over
On Wednesday 16 February 2005 16:26, Nigel Horne shaped the electrons to say:
> On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
> > FOUR MINUTES, 13 SECONDS for an 800k email.
>
> Look at the file again. It is NOT an 800k mail. It is over 200 emails
> embedded within each other. By definition the
On Wednesday 16 Feb 2005 14:58, Bogusław Brandys wrote:
> Oversized.Mail ? Do we need such new detection or is better solution ?
I need to finish the work on the new scanner that is already underway (see
mbox.c) which removes the parser.
> Boguslaw Brandys
--
Nigel Horne. Arranger, Composer, T
> -Original Message-
> From: Hal Goldfarb [mailto:[EMAIL PROTECTED]
> Subject: [Clamav-users] No announcement of 0.83 on clamav-announce ML
>
> I am trying to play by the rules, honest. Can you instruct
> me on how to
> properly be informed of clamav code updates? I also think
> RPM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nigel Horne wrote:
> On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
>
>
>>FOUR MINUTES, 13 SECONDS for an 800k email.
>
>
> Look at the file again. It is NOT an 800k mail. It is over 200 emails embedded
> within each other. By definition the larg
Piggy-backing:
Maybe they could stick a broom up their bum and sweep the floor at the
same time, too. Dayum, guy - this stuff is free. Get off your butt and
build your own binaries - hell, it takes maybe 10 minutes, is repeatable,
and you get all the credit.
Don't even suggest they put my Solaris s
* Ted Fines <[EMAIL PROTECTED]> [20050216 17:20]: wrote:
> --On Wednesday, February 16, 2005 2:52 PM +0200 Scott Ryan
> <[EMAIL PROTECTED]> wrote:
>
> >On Wednesday 16 February 2005 14:50, Ted Fines shaped the electrons to
> >say:
> >>Would y
On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
> FOUR MINUTES, 13 SECONDS for an 800k email.
Look at the file again. It is NOT an 800k mail. It is over 200 emails embedded
within each other. By definition the largest message is about 800K and the
smallest
is about 1K give or take, giving an av
--On Wednesday, February 16, 2005 2:52 PM +0200 Scott Ryan
<[EMAIL PROTECTED]> wrote:
On Wednesday 16 February 2005 14:50, Ted Fines shaped the electrons to
say:
Would you please send me this attachment off-list.
Please zip it and password protect it (password='password') so it comes
through.
Tha
On Wed, 2005-02-16 at 14:57 +0100, Tarjei Knapstad wrote:
> On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
> > Dörfler Andreas said:
> > > the versioncheck for zlib isnt the best.
> > > suse for example fixes the security hole
> > > in 1.2.1 with patches and not with a installation
> > > from
On Tue, 2005-02-15 at 17:15, Trog wrote:
> On Tue, 2005-02-15 at 17:07 +0100, Tarjei Knapstad wrote:
> > I've got a mail server here running RH8 (yes, yes I know... :)), and
> > when trying to build clamav 0.83 RPMs it required zlib 1.2.1.2.
> >
>
> No, it requires 1.2.2
>
May I ask why? There
On Wed, 2005-02-16 at 08:49, Dennis Peterson wrote:
> Dörfler Andreas said:
> > the versioncheck for zlib isnt the best.
> > suse for example fixes the security hole
> > in 1.2.1 with patches and not with a installation
> > from a new version.
> > forget the warning.
> >
>
> Sounds like suse has i
Hi list, I have posted before about an issue with clamd hanging and yesterday
we finally managed to find out what the underlying problem was. We came
across an 800k mail that we initially thought was causing clamd to hang. The
truth infact was that once we turned on debugging, we noticed that cl
On Wednesday 16 Feb 2005 06:07, Joseph Filla wrote:
> I'm running openBSD 3.6 and cannot for the life of me
> install clamav. I've tried the ports (via cvsup) but
> run into gmp install errors (I can't figure that out)
> so I've moved to compiling from source. I've tried to
> compile .82 and .83 an
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Hal Goldfarb
> Sent: Tuesday, February 15, 2005 9:41 PM
>
> I am trying to play by the rules, honest. Can you instruct me on how to
> properly be informed of clamav code updates? I also think RPM binarie
On Wed, 16 Feb 2005 03:16:25 -0700 in [EMAIL PROTECTED]
Hal Goldfarb <[EMAIL PROTECTED]> wrote:
> The issue started out -- and then I went overboard because I felt
> frustrated -- that all of a sudden I discover that freshclam is not
> running, and only because I happened to be looking at it
On Wed, 16 Feb 2005 at 3:16:25 -0700, Hal Goldfarb wrote:
> [...]
> The issue started out -- and then I went overboard because I felt frustrated
> -- that all of a sudden I discover that freshclam is not running, and only
> because I happened to be looking at it at that moment. Why it stops run
Okay, okay.
I guess the RPM business went too far. And you are right this is free
software. But the thing that actually gets me is that when a new release of
Clam comes out, it seems like there is all sorts of catching up to do.
Believe it or not, I actually know how to use rpm tools. And I
Hi
> I also think RPM binaries
> should be made available before an official release.
This is not possible and even if it were, it shouldn't.
However, I agree to the point, that dns clam software version information
used by freshclam should be updated about 24 to 48 hours AFTER releasing a
new
[EMAIL PROTECTED] wrote:
I have mail folder name VIR that containts 43 mail attach with Netsky and
2 mail attach with Bagle.
My FC1 has 0.83 and i do this :
clamscan VIR
clamdscan VIR
cat VIR | clamscan -
but it says no viruses.
Can anybody tell me why clam cannot found the viruses ?
Why? Because y
On Wednesday 16 Feb 2005 08:44, Trog wrote:
> > >No, it requires 1.2.2
> >
> > To be specific, does it absolutely require 1.2.2, or does a
> > lower-but-not-buggy version work?
> > e.g. will 1.2.0.7 work ?
>
> How on earth am I supposed to answer that? Sorry, my crystal ball has
> failed on this oc
On Tuesday 15 Feb 2005 11:19, abac wrote:
> hi,
> I installed the clamav-0.82.tar.gz and the webmin module for clamav,the
> installation was successful,but now when i want to open the clamav in
> webmin this is theerror:
> WARNING: Please fill in the location of the clamav daemon startup file
> in
On Feb 16, 2005, at 02:44, Dennis Peterson wrote:
christian laubscher said:
On Tue, Feb 15, 2005 at 06:40:42PM -0700, Hal Goldfarb wrote:
[...] I also think RPM binaries
should be made available before an official release. [...]
please not!
Piggy-backing:
Maybe they could stick a broom up their
On Wed, 2005-02-16 at 12:28 +0700, Fajar A. Nugraha wrote:
> Trog wrote:
>
> >No, it requires 1.2.2
> >
> >
> >
> To be specific, does it absolutely require 1.2.2, or does a
> lower-but-not-buggy version work?
> e.g. will 1.2.0.7 work ?
How on earth am I supposed to answer that? Sorry, my crys
67 matches
Mail list logo
