Jan Pieter Cornet wrote:
> "create" your own signature database, by taking the official clamav
> signature database and removing the phishing signatures from it.
>
> We're currently doing this, and I'm willing to share the scripts and
> configs to do it, if there is interest.
Good wiki food?
http
> -Original Message-
> From: Jan Pieter Cornet
> Sent: Friday, January 06, 2006 5:56 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] Phishing - ClamAV and version 0.9
>
> No, you can also do that with the current version. You'll just have to
> "create" your own signature database, by
On Fri, Jan 06, 2006 at 05:20:37PM -0500, Jenn wrote:
> So, to be sure I understand, clamav 0.9
> is what I would need if I wanted to turn off
> the detection of "Phishing" by ignoring the currently
> existing 500 (or so) "Phishing" signatures?
No, you can also do that with the current version.
At 04:20 PM 1/6/2006, Jenn wrote:
So, to be sure I understand, clamav 0.9
is what I would need if I wanted to turn off
the detection of "Phishing" by ignoring the currently
existing 500 (or so) "Phishing" signatures?
Right, 0.9 has this feature, 0.9 isn't released yet. I
think the feature ex
On Fri, 6 Jan 2006 16:53:11 -0500
"Jenn" <[EMAIL PROTECTED]> wrote:
> Can anyone help me to better understand the details regarding anti-phishing
> support.
The option to control the phishing detection is currently available in
the CVS version only (DetectPhishing yes/no).
--
oo.
> The clamav virus database currently has about 500
> "Phishing" signatures to detect this type of
> mail. Whenever clamav 0.9 is released, it will have the
> ability to ignore admin-specified signatures. I don't
> believe a timeline has been released of when to expect 0.9.
> The archive con
At 03:53 PM 1/6/2006, Jenn wrote:
This is # 13 taken from the FAQ:
Q - Can phishing be considered one kind of spam? ClamAV
should not detect it
as some kind of malware.
A - Starting from release 0.90, ClamAV allows you to
choose whether to
detect phish as some kind of malware or not. This sh
This is # 13 taken from the FAQ:
Q - Can phishing be considered one kind of spam? ClamAV should not detect it
as some kind of malware.
A - Starting from release 0.90, ClamAV allows you to choose whether to
detect phish as some kind of malware or not. This should put an end to the
endless threads
On 1/6/06 11:40 AM, "Chuck Swiger" <[EMAIL PROTECTED]> wrote:
> I agree with this almost entirely. You should absolutely try to 5xx refuse
> known-malicious email traffic, or if you have to accept it, silently file it
> away in a quarantine area for a knowledgeable human to review questionable
>
Jeremy Kitchen wrote:
On Friday 06 January 2006 02:24, Michael wrote:
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
no
you should NEVER notify th
Jeremy Kitchen wrote:
Well, rejecting a message does alert the user if the user is sitting behind
their mail client that sent it. Most viruses have their own engines to
send out copies of itself. While the 5xx response message is still sent
back it never makes it to the person using the compute
Dennis Peterson wrote:
Chuck Swiger said:
[ ... ]
More specificly, I've found viral messages in the quarantine which were
not recognized by ClamAV when the email went by, although a day or two later
they generally will be.
My virus volumes are so great (thousands daily) I'd have to hire someo
I did configure dspam the way I liked it but next step for me to try was
to
get ClamAV installed. So I did that and I tested it and it works when I
use
clamscan or clamdscan but it does not seem to work with dspam... I get:
Fri Jan 6 13:49:28 2006 -> ERROR: ScanStream: accept timeout.
Any ideas
Steven Spence wrote:
Jeremy Kitchen wrote:
I wouldn't say never. If you had authenticated SMTP set up you could
always send the notification back to the sender using the username
supplied during the SMTP authentication process. After authentication
has succedeed of course. :)
rejecting th
On Friday 06 January 2006 10:35, Steven Spence wrote:
> Jeremy Kitchen wrote:
> >>I wouldn't say never. If you had authenticated SMTP set up you could
> >>always send the notification back to the sender using the username
> >>supplied during the SMTP authentication process. After authentication
>
Jeremy Kitchen wrote:
I wouldn't say never. If you had authenticated SMTP set up you could
always send the notification back to the sender using the username
supplied during the SMTP authentication process. After authentication
has succedeed of course. :)
rejecting the message should alert t
On Friday 06 January 2006 09:55, Steven Spence wrote:
> Jeremy Kitchen wrote:
> > On Friday 06 January 2006 02:24, Michael wrote:
> >>Ok,
> >>your massages convinced me only to report the sender.
> >>I don't want only blackhole the message and nothing else, because i think
> >>one of the both, the
Randal, Phil said:
> Dennis Peterson said:
>
>> I guess I don't understand the need to submit a detected and
>> quarantined virus to anti-virus vendors.
>
> It's called being socially responsible.
>
> Just because ClamAV (or Bitdefender or McAfee or whatever) detected it
> doesn't mean that everybo
Chuck Swiger said:
> Dennis Peterson wrote:
>> Randal, Phil said:
> [ ... ]
>>>I have. It's very useful when a new virus variant arrives and is
>>>detected by only one of our three virus scanners (or is blocked by
>>>filetype alone). If it is quarantined I can pull out the quarantined
>>>copy and
On Jan 6, 2006, at 11:46 AM, Chuck Swiger wrote:
Dennis Peterson wrote:
Randal, Phil said:
[ ... ]
I have. It's very useful when a new virus variant arrives and is
detected by only one of our three virus scanners (or is blocked by
filetype alone). If it is quarantined I can pull out the
Chuck Swiger wrote:
> I require my users to zip or tarball attachments before they send them.
Heh. I quarantine incoming zip attachments. :)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
__
Jeremy Kitchen wrote:
On Friday 06 January 2006 02:24, Michael wrote:
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
no
you should NEVER not
Dennis Peterson wrote:
Randal, Phil said:
[ ... ]
I have. It's very useful when a new virus variant arrives and is
detected by only one of our three virus scanners (or is blocked by
filetype alone). If it is quarantined I can pull out the quarantined
copy and submit it to virusscan.jotti.org,
Dennis Peterson said:
> I guess I don't understand the need to submit a detected and
> quarantined virus to anti-virus vendors.
It's called being socially responsible.
Just because ClamAV (or Bitdefender or McAfee or whatever) detected it
doesn't mean that everybody else does or have even seen
Randal, Phil said:
> Dennis Peterson said:
>
>> Regardless, anything you need to know about the message can
>> be found in the logs. I've never seen a need to keep a virus
>> around - even in the postmaster account or quarantine directory.
>
> I have. It's very useful when a new virus variant arri
Michael wrote:
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many virussender
who specify a fake REAL EXIST mail address?
I infer that you've never had
On Friday 06 January 2006 08:48, [EMAIL PROTECTED] wrote:
> Leif Neland wrote:
> >>> Ok, i see you must have experience. Are there really so many
> >>> virussender who specify a fake REAL EXIST mail address?
> >>>
> >>> Michael Neurohr
> >>
> >> Many viruses harvest email addresses from the infecte
Christopher X. Candreva said:
> On Fri, 6 Jan 2006, Dennis Peterson wrote:
>
>> If you cannot reject it before the final .crlfcrlf then you keep it.
>> It's
>> dead. Pinin' for the fjords, bleeding demised, an ex-message, shuffled
>> off
>> it's mortal coil, lovely plumage and all.
>
> I will submi
On Friday 06 January 2006 03:13, Michael wrote:
> > But you do not know the sender. You only know an address that the
> > virus presents as the sender address. And you trust the virus...
>
> Ok, i see you must have experience. Are there really so many
> virussender who specify a fake REAL EXIST mai
On Friday 06 January 2006 02:24, Michael wrote:
> Ok,
> your massages convinced me only to report the sender.
> I don't want only blackhole the message and nothing else, because i think
> one of the both, the sender or the recipient should get informed.
no
you should NEVER notify the sender.
the
Stephen Gran said:
> On Fri, Jan 06, 2006 at 12:14:19PM +0100, M.S. Lucas said:
>> Hello,
>>
>> If somebody knows a better list to discuss this please set a follow up
>> because this is way off topic for the clamav list
>>
>> I know there isn't something as a uniform error message for a 5xx error
>
Dennis Peterson said:
> Regardless, anything you need to know about the message can
> be found in the logs. I've never seen a need to keep a virus
> around - even in the postmaster account or quarantine directory.
I have. It's very useful when a new virus variant arrives and is
detected by onl
On Fri, 6 Jan 2006, Brian McDonald wrote:
> Chris this sounds like an excellent solution can you share how you did this?
Calling it a hack is an insult to hacks. :-) I'll try to take some time and
make a version I can put out (remove our IP addresses, SQL passwords, etc)
Michael wrote:
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many virussender
who specify a fake REAL EXIST mail address?
YES! All major email viruses
[EMAIL PROTECTED] said:
> Why? As far as I understood -b option sends a message to the postmaster...
> Did I miss anything?
>
Do you filter mail sent to Postmaster? If so how can the postmaster get it
if it doesn't pass the filter?
Regardless, anything you need to know about the message can be fo
Michael said:
>> But you do not know the sender. You only know an address that the
>> virus presents as the sender address. And you trust the virus...
>
> Ok, i see you must have experience. Are there really so many
> virussender who specify a fake REAL EXIST mail address?
There are few that do no
Brian McDonald wrote:
>> I will submit one other possibility: I use --postmaster-only to send
>> the notices to a specific address, then have procmail pipe those to
>> a script that parses it and adds specific information to an SQL
>> database -- (From To Subject Date/Time and what Virus).
>
>> Th
>I will submit one other possibility: I use --postmaster-only to send the
>notices to a specific address, then have procmail pipe those to a script
>that parses it and adds specific information to an SQL database --
>(From To Subject Date/Time and what Virus).
>This way my users' mailboxes aren't
On Fri, 6 Jan 2006 08:27:05 -0800, Matthew.van.Eerde wrote
> Robert Isaac wrote:
> > I used ... find / -name "*clam*" -print and removed everything
> > associated with ClamAV that did not get removed after removing
> > all the rpms.
> >
> > I then reinstalled all the rpms and looked forward to to
Leif Neland wrote:
>>> Ok, i see you must have experience. Are there really so many
>>> virussender who specify a fake REAL EXIST mail address?
>>>
>>> Michael Neurohr
>>
>> Many viruses harvest email addresses from the infected PC user's
>> address book and inbox etc and use these as the "From:"
On Fri, 6 Jan 2006, Dennis Peterson wrote:
> If you cannot reject it before the final .crlfcrlf then you keep it. It's
> dead. Pinin' for the fjords, bleeding demised, an ex-message, shuffled off
> it's mortal coil, lovely plumage and all.
I will submit one other possibility: I use --postmaster-o
Michael said:
> Ok,
> your massages convinced me only to report the sender.
> I don't want only blackhole the message and nothing else, because i think
> one of the both, the sender or the recipient should get informed.
Since there is no way to know who the sender is, and since the recipient
is no
Robert Isaac wrote:
> I used ... find / -name "*clam*" -print and removed everything
> associated with ClamAV that did not get removed after removing
> all the rpms.
>
> I then reinstalled all the rpms and looked forward to todays LogWatch
> report. When it came there was nothing at all about Cla
John Hinton wrote:
Robert Isaac wrote:
After many attempts at getting the LogWatch report to *not* tell me
my ClamAV was out of date when I knew I was running 0.87.1 I used
some advice from this list and ran find / -name "*clam*" -print and
removed everything associated with ClamAV that did
Robert Isaac wrote:
After many attempts at getting the LogWatch report to *not* tell me my ClamAV was out
of date when I knew I was running 0.87.1 I used some advice from this list and ran
find / -name "*clam*" -print and removed everything associated with ClamAV that did
not get removed after
After many attempts at getting the LogWatch report to *not* tell me my ClamAV
was out
of date when I knew I was running 0.87.1 I used some advice from this list and
ran
find / -name "*clam*" -print and removed everything associated with ClamAV that
did
not get removed after removing all the r
[EMAIL PROTECTED] wrote:
>Why? As far as I understood -b option sends a message to the postmaster...
>Did I miss anything?
>
>Thanks
>Mykhaylo
>
>
>
You're right, but with -b option message is also sent to sender.
You should use -P (--postmaster-only) to send the notification only to
postmaster
On Fri, Jan 06, 2006 at 12:14:19PM +0100, M.S. Lucas said:
> Hello,
>
> If somebody knows a better list to discuss this please set a follow up
> because this is way off topic for the clamav list
>
> I know there isn't something as a uniform error message for a 5xx error at
> smtp time for somet
Original Message
From: "Randal, Phil" <[EMAIL PROTECTED]>
To: "ClamAV users ML"
Sent: Friday, January 06, 2006 12:23 PM
Subject: RE: [Clamav-users] RE: Report infected mail to the user
But you do not know the sender. You only know an address that the
virus presents as the sender addre
Why? As far as I understood -b option sends a message to the postmaster...
Did I miss anything?
Thanks
Mykhaylo
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nigel Horne
Sent: Friday, January 06, 2006 1:31 PM
To: ClamAV users ML
Subject: RE: [Clamav-use
[EMAIL PROTECTED] log]# cat maillog | grep k069MXPR007370
Jan 6 11:22:33 kernel sendmail[7370]: k069MXPR007370: from=root, size=352,
class=0, nrcpts=3, msgid=<[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Jan 6 11:22:33 kernel sendmail[7370]: k069MXPR007370:
to=<[EMAIL PROTECTED]>, delay=00:00:00,
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mykhaylo
> Khodorev
> Hi, all!
> I'm struggling with virus notification on sendmail &
> clamav-milter. I've
> started clamav-milter like this:
> clamav-milter -Dfb /var/run/clamav/clmilter.sock
> > But you do not know the sender. You only know an address that the
> > virus presents as the sender address. And you trust the virus...
>
> Ok, i see you must have experience. Are there really so many
> virussender who specify a fake REAL EXIST mail address?
>
> Michael Neurohr
Many viruses
From: "Michael" <[EMAIL PROTECTED]>
If you do that please only inform your local users and *non* of the
internet users.
I only want to send a message back to the sender, that he knows about the
rejected mail.
Why do you mean that there may come about so many mails?
Because a lot of virusses
Hi, all!
I'm struggling with virus notification on sendmail & clamav-milter. I've
started clamav-milter like this:
clamav-milter -Dfb /var/run/clamav/clmilter.sock
So, according to manual the mail should be sent to sender, recipient and
postmaster. When any virus cames I see in clamd.log
Le Fri 6/01/2006, Michael disait
> >But you do not know the sender. You only know an address that the
> >virus presents as the sender address. And you trust the virus...
>
> Ok, i see you must have experience. Are there really so many
> virussender who specify a fake REAL EXIST mail address?
To
Hello,
If somebody knows a better list to discuss this please set a follow up
because this is way off topic for the clamav list
I know there isn't something as a uniform error message for a 5xx error at
smtp time for something like a virus/spam notification. But wouldn''t it be
nice to have
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
Michael Neurohr
_
If you do that please only inform your local users and *non* of the
internet users.
I only want to send a message back to the sender, that he knows about
the rejected mail.
Why do you mean that there may come about so many mails?
Michael Neurohr
___
Le Fri 6/01/2006, Michael disait
> Ok,
> your massages convinced me only to report the sender.
> I don't want only blackhole the message and nothing else, because i think
> one of the both, the sender or the recipient should get informed.
But you do not know the sender. You only know an address t
From: "Michael" <[EMAIL PROTECTED]>
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
If you do that please only inform your local users and *non* o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael wrote:
| Ok,
| your massages convinced me only to report the sender.
| I don't want only blackhole the message and nothing else, because i think
| one of the both, the sender or the recipient should get informed.
|
It doesn't make sens...
Get
Ok,
your massages convinced me only to report the sender.
I don't want only blackhole the message and nothing else, because i think
one of the both, the sender or the recipient should get informed.
Thanks to all,
Michael Neurohr
___
http://lurker.clama
63 matches
Mail list logo
