[Clamav-users] milter in error state

I installed clamav on redhat 9 and also the clamav milter so that it will scan all mail coming in and out, and i also run the clamscan, it will detect virus. now my problem is milter is not communicating with sendmail (its not scanning mails). in the sendmail log file this message will came

[Clamav-users] Re: not scanning incoming mails

Pete Sherwin S. Villanueva wrote: > i've set up clamav in my redhat 9 and i'm using clamav-0.83. i attach the > test file for my mails but it didnt scan. please help me how to. Clamav by itself doesn't scan the mail, you have to install whatever is necesary on your mail setup. If your mail serv

[Clamav-users] not scanning incoming mails

i've set up clamav in my redhat 9 and i'm using clamav-0.83. i attach the test file for my mails but it didnt scan. please help me how to. thanks choi ___ http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] total memory consumption of main.cvd and daily.cvd

What is the total memory consumption of mail.cvd and daily.cvd after they are loaded into the memory ? __ Do you Yahoo!? Plan great trips with Yahoo! Travel: Now over 17,000 guides! http://travel.yahoo.com/p-travelguide __

Re: [Clamav-users] Can't parse configuration file

Well it seems to be using the older /etc/clamav.conf and those permissions are: -rwxr--r-- 1 root root 7285 Apr 19 13:16 /etc/clamav.conf Although i did try just making 777 and this did not seem to help. But thanks for the suggestions. :)  On Tue, 2005-04-19 at 16:01 -0400, Jim Maul wrote: >

Re: [Clamav-users] Can't parse configuration file

Mike Partyka wrote: Hello Jim, Thanks for the response. Um..clamav 0.83 uses clamd.conf, not clamav.conf. This also confused me, when i looked at the man page it indicated that since 0.80 the config file name was changed to clamd.conf, but this does not seem to be the problem as i sym-linked the e

Re: [Clamav-users] Can't parse configuration file

On Tue, 19 Apr 2005 14:37:03 -0500 Mike Partyka <[EMAIL PROTECTED]> wrote: > >Um..clamav 0.83 uses clamd.conf, not clamav.conf. > This also confused me, when i looked at the man page it indicated that > since 0.80 the config file name was changed to clamd.conf, but this > does not seem to be the p

Re: [Clamav-users] Can't parse configuration file

Hello Jim, Thanks for the response. >Um..clamav 0.83 uses clamd.conf, not clamav.conf. This also confused me, when i looked at the man page it indicated that since 0.80 the config file name was changed to clamd.conf, but this does not seem to be the problem as i sym-linked the existing /etc/clama

Re: [Clamav-users] Submitting a virus file

Niek wrote: On 4/19/2005 8:25 PM +0200, Tomasz Kojm wrote: Does it send itself via e-mail? No they didn't send themselves per e-mail. So what you're saying is, only selfspreading e-mail viruses qualify to make it through the submit process ? No, but Email borne malware has the highest priority.I k

Re: [Clamav-users] Can't parse configuration file

On Tue, 19 Apr 2005 14:44:41 -0400 Jim Maul <[EMAIL PROTECTED]> wrote: > Mike Partyka wrote: > > Hello, i only just started working on ClamAV version 0.83 this > > morning, with a mail server product based on HP's Open Mail, running > > on a SuSE Ent. Server 9. > > > > I am a little confused abou

Re: [Clamav-users] Can't parse configuration file

Mike Partyka wrote: Hello, i only just started working on ClamAV version 0.83 this morning, with a mail server product based on HP's Open Mail, running on a SuSE Ent. Server 9. I am a little confused about the two configuration files /etc/freshclam.conf and /etc/clamav.conf, they seem to overlap an

[Clamav-users] Can't parse configuration file

Hello, i only just started working on ClamAV version 0.83 this morning, with a mail server product based on HP's Open Mail, running on a SuSE Ent. Server 9. I am a little confused about the two configuration files /etc/freshclam.conf and /etc/clamav.conf, they seem to overlap and contain many of t

Re: [Clamav-users] Submitting a virus file

On Tue, 2005-04-19 at 20:29 +0200, Niek wrote: > On 4/19/2005 8:25 PM +0200, Tomasz Kojm wrote: > > Does it send itself via e-mail? > > No they didn't send themselves per e-mail. > So what you're saying is, only selfspreading e-mail viruses > qualify to make it through the submit process ? No, se

Re: [Clamav-users] Submitting a virus file

On 4/19/2005 8:25 PM +0200, Tomasz Kojm wrote: Does it send itself via e-mail? No they didn't send themselves per e-mail. So what you're saying is, only selfspreading e-mail viruses qualify to make it through the submit process ? Niek ___ http://lurker.cl

Re: [Clamav-users] possible new virus?

On Apr 19, 2005, at 2:24 PM, Kelson wrote: Bart Silverstrim wrote: Do I want to remove the hash before DisableDefaultScanOptions in order to get the sections to work? No. This was discussed yesterday. There are options that are enabled by default, and DisableDefaultOptions wipes those and give

Re: [Clamav-users] Submitting a virus file

On Tue, 19 Apr 2005 20:17:04 +0200 Niek <[EMAIL PROTECTED]> wrote: > On 4/19/2005 2:13 PM +0200, Albert Pauw wrote: > > I have submitted two executables more than a week ago. > > They were found by the AVG virusscanner (amongst others) as > > Downloader.Small.21.AY and Downloader.Small.22.K, but i

Re: [Clamav-users] possible new virus?

Bart Silverstrim wrote: Do I want to remove the hash before DisableDefaultScanOptions in order to get the sections to work? No. This was discussed yesterday. There are options that are enabled by default, and DisableDefaultOptions wipes those and gives you a clean slate. You don't need it --

Re: [Clamav-users] Submitting a virus file

On 4/19/2005 2:13 PM +0200, Albert Pauw wrote: I have submitted two executables more than a week ago. They were found by the AVG virusscanner (amongst others) as Downloader.Small.21.AY and Downloader.Small.22.K, but it seems they are not incorporated into updates. How long does it usually take fo

Re: [Clamav-users] possible new virus?

On Apr 19, 2005, at 1:56 PM, Daniel J McDonald wrote: On Tue, 2005-04-19 at 11:52 -0600, lists wrote: How should I submit this to see if it is a virus? Make certain detectbrokenexecutable is enabled. Stupid question but I thought I might as well ask anyway...going in on my own system to enable thi

Re: [Clamav-users] possible new virus?

On Tue, 2005-04-19 at 11:52 -0600, lists wrote: > Hello, > > I am getting a bunch of emails to random addresses at one of > my domains with the following text: worm.sober.n > > --- > Hello, > First, Very Sorry for my bad English. > > How should I submit this to see if it is a virus? Make cert

[Clamav-users] possible new virus?

Hello, I am getting a bunch of emails to random addresses at one of my domains with the following text: --- Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address. It's probably an e-mail provider error! At time, I've got over 10 mails on my account, b

[Clamav-users] document update?

In the current docs on clamav-milter (http://clamav.net/doc/latest/html/node19.html) the example uses INPUT_MAIL_FILTER followed by define('confINPUT_MAIL_FILTERS', ... According to the sendmail docs the second entry will invalidate the first. (http://www.sendmail.org/m4/adding_mailfilters.ht

Re: [Clamav-users] how to setup clamav so that ?

> > Now, as to whether or not it can be used with that specific socks > proxy - why not talk to the developer of the proxy You would be very pleased to know that I have done that. And I got an answer from the developer himself and here is the gist "can delegate socks proxy be configured to useht

Re: [Clamav-users] Re: 0.83 potentially not catching some NetSky/SomeFool virus

On Tue, 19 Apr 2005 08:44:45 +0200 (CEST) Arnaud Huret <[EMAIL PROTECTED]> wrote: > > > Back to the original problem. Is Simon's answer the cause (only > > > broken PE headers are detected not broken somewhere else > > > executables)? > > > > Hopefully Arnaud will be able to catch one soon so we

[Clamav-users] Submitting a virus file

I have submitted two executables more than a week ago. They were found by the AVG virusscanner (amongst others) as Downloader.Small.21.AY and Downloader.Small.22.K, but it seems they are not incorporated into updates. How long does it usually take for a submission to enter the updates? Thanks,

Re: [Clamav-users] how to setup clamav so that ?

On 4/19/05, torrent man <[EMAIL PROTECTED]> wrote: > but couldn't find any reference to clamAV being used with delegate > http://www.delegate.org/delegate/ socks proxy ? > > did you post the wrong urls ? Given how vague your first post was - no. All you asked was whether or not you could use cl

Re: [Clamav-users] Re: 0.83 potentially not catching some NetSky/SomeFool virus

Arnaud Huret <[EMAIL PROTECTED]> wrote: > Here you are. > > Many thanks, > Arnaud Thanks for the samples Arnaud, they are both viable and run on my test kit - and they are both detected using ClamAV devel-20050413/840/Tue Apr 19 02:42:09 2005. mail.document.Datex-packed.exe: Worm.Sober.N FOUND W

Re: [Clamav-users] CVS and snapshot-20050417

On Tue, 2005-04-19 at 09:20 +, Andy Fiddaman wrote: > > Fair enough, but it's a recent change which is why I wondered if it was > intentional. It's not a recent change, we just don't change the build that often. -trog signature.asc Description: This is a digitally signed message part ___

Re: [Clamav-users] Virus-bounce emails

On Tuesday 19 Apr 2005 10:44, Chris Masters wrote: > > --- Nigel Horne <[EMAIL PROTECTED]> wrote: > > On Tuesday 19 Apr 2005 09:23, Chris Masters wrote: > > > > > > > 3) Should clam detect the virus when given the > > > > entire > > > > > bounce message? > > > > > > > > Yes, if you have a sample

Re: [Clamav-users] Virus-bounce emails

--- Nigel Horne <[EMAIL PROTECTED]> wrote: > On Tuesday 19 Apr 2005 09:23, Chris Masters wrote: > > > > > 3) Should clam detect the virus when given the > > > entire > > > > bounce message? > > > > > > Yes, if you have a sample which is not found, > please > > > email it to me. > > > > We curre

Re: [Clamav-users] CVS and snapshot-20050417

On Tue, 19 Apr 2005, Trog wrote: ; On Mon, 2005-04-18 at 18:22 +, Andy Fiddaman wrote: ; > On Mon, 18 Apr 2005, Trog wrote: ; > ; ; > ; Run autoreconf ; > ; > Is this something that has changed and will stay this way ? I don't ; > currently have the auto utilities on my Sun servers and don't r

Re: [Clamav-users] Virus-bounce emails

On Tuesday 19 Apr 2005 09:23, Chris Masters wrote: > > > 3) Should clam detect the virus when given the > > entire > > > bounce message? > > > > Yes, if you have a sample which is not found, please > > email it to me. > > We currently don't ask clamav to scan the entire raw > message - just each

Re: [Clamav-users] CVS and snapshot-20050417

On Mon, 2005-04-18 at 18:22 +, Andy Fiddaman wrote: > On Mon, 18 Apr 2005, Trog wrote: > ; > ; Run autoreconf > > Is this something that has changed and will stay this way ? I don't > currently have the auto utilities on my Sun servers and don't really want > to add and have to maintain them.

Re: [Clamav-users] Re: 0.83 potentially not catching some NetSky/SomeFool virus

Arnaud Huret <[EMAIL PROTECTED]> wrote: > I catched two diffrent samples (NetSky.Y and Sober.gen) not catched > by ClamAV but well by TrendMicro VirusWall. I submitted them through > the site but I get a message saying 'already recognized'. > > What should I do to submit them to the team for fur

Re: [Clamav-users] Virus-bounce emails

Thanks for your comments Nigel. > > > > So, some questions: > > > > 1) How dangerous are these virus-bounces? > > In theory not at all, but I don't trust MUAs not to > be broken > so clamAV does look for and find them. Exactly! > > > 2) Should clam detect the virus when given the > > text/plai

Re: [Clamav-users] how to setup clamav so that ?

Went through the mentioned urls http://www.catb.org/~esr/jargon/html/T/top-post.html http://www.xs4all.nl/~hanb/documents/quotingguide.html http://www.netmeister.org/news/learn2quote.html but couldn't find any reference to clamAV being used with delegate http://www.delegate.org/delegate/ socks

Re: [Clamav-users] Virus-bounce emails

On Tuesday 19 Apr 2005 00:08, Chris Masters wrote: > Hi All, > > We've had some problems with ligitimate bounces coming > from qmail that contain one text/plain mime part. This > single mime part contains some error information and > then the original raw infected mail in MIME format. > > We scan e