It worked,
Thanks
-Messaggio originale-
Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di Török Edwin
Inviato: giovedì 17 aprile 2008 17:21
A: ClamAV users ML
Oggetto: Re: [Clamav-users] Clamdwatch.pl doesn't work after update from 0.92.1
to 0.93
Artini Alessio wrote
On Thu, Apr 17, 2008 at 09:10:45PM -0400, David F. Skoll wrote:
> Eric Rostetter wrote:
>
> > For all I know, from what _little_ I know, the problem is in the
> > popen() call in the milter,
>
> Yikes popen()
>
> In a piece of SECURITY software???
>
> I'm very glad I've never used Clam'
Quoting "David F. Skoll" <[EMAIL PROTECTED]>:
> Sendmail doesn't allow remote exploit due to recipient addresses with
> funny characters in them. It certainly hasn't since Milter has been
> around, so "fixing" the problem in a milter is dumb.
Not if the problem is in the milter, or in the shell
Quoting "David F. Skoll" <[EMAIL PROTECTED]>:
> Unless the behaviour with weird recipient addresses was prominently
> advertised,
> then it's surprising behaviour, and surprising behaviour is the enemy of
> security.
As I said in almost every message so far, yes, it should have been
documented.
Eric Rostetter wrote:
> Well, we disagree on that point. It is a security tool, and as such
> has an even greater burden to try to be as secure as possible.
In order for a security tool to be "as secure as possible", it first of
all needs to adhere to this basic principle:
The tool behaves
Eric Rostetter wrote:
> For all I know, from what _little_ I know, the problem is in the
> popen() call in the milter,
Yikes popen()
In a piece of SECURITY software???
I'm very glad I've never used Clam's milter.
Regards,
David.
___
Help us
Eric Rostetter wrote:
> In general, don't distribute code that allows remote root exploit of
> systems.
Sendmail doesn't allow remote exploit due to recipient addresses with
funny characters in them. It certainly hasn't since Milter has been
around, so "fixing" the problem in a milter is dumb.
Gomes, Rich wrote:
> It seems like this is rejecting the mail with a 'reject=553 5.3.0
> QUARANTINE' error instead of quarantining it to a folder.
Yes, older versions of sendmail cannot quarantine the mail. "QUARANTINE" option
appears in sendmail
since V8.13
And some precise for access file
-
Robert Johnston
Datajockeys, LLC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Quoting SM <[EMAIL PROTECTED]>:
> At 14:42 17-04-2008, Eric Rostetter wrote:
>> I don't know the history of this expliot, etc.
>
> Do you know which version of sendmail can be used with the
> milter? If the exploit is prior to that, then the fix may not be applicable.
I never argued otherwise.
When clamd is listening via TCPsocket it seems to be possible
for any user to shut it down by sending SHUTDOWN using e.g.
telnet clamdhost 3310
SHUTDOWN
Can this behaviour be disabled or restricted?
It would appear that this could be abused for a DOS attack
against a clamav server.
_
At 14:42 17-04-2008, Eric Rostetter wrote:
>I don't know the history of this expliot, etc. So I can't comment on
>whether the fix should stay or not. It would depend on the default
>settings for sendmail, how long the fix has been in sendmail, how widely
>available the patched sendmail is today,
Eric Rostetter wrote:
> Quoting "David F. Skoll" <[EMAIL PROTECTED]>:
>
>
>> In general:
>>
>> DO NOT HARDCODE POLICY
>>
>> Otherwise, your tool becomes irritating or possibly even harmful.
>>
>
> In general, don't distribute code that allows remote root exploit of systems.
>
>
I tried building and running clamav 0.93 on a handful of BSD systems,
running clamd on TCP port 3310 and seeing if I can get it to do respond
to STREAM commands (and do the correct thing with a few samples).
Mostly I had success, but with one exception:
FreeBSD 7.0 - builds and runs fine
FreeBSD 6
Quoting "David F. Skoll" <[EMAIL PROTECTED]>:
> In general:
>
> DO NOT HARDCODE POLICY
>
> Otherwise, your tool becomes irritating or possibly even harmful.
In general, don't distribute code that allows remote root exploit of systems.
Otherwise, your tool becomes irritating or poss
Quoting Tilman Schmidt <[EMAIL PROTECTED]>:
> That distinction is immaterial. The milter comes as part of the ClamAV
> package. s/ClamAV/clamav-milter/ throughout my posting if you want, it
> doesn't change my argument in any way.
I think it completely changes your argument. Had you done that
in
Quoting John Rudd <[EMAIL PROTECTED]>:
>> And ClamAV does not. The milter is. And the milter is designed to
>> work with sendmail. And if leaving this enabled by default produces
>> an exploitable sendmail, then it is wrong.
>
> It does not. What leaves an exploitable sendmail is a poorly
>
At 12:41 17-04-2008, Jerry Ferguson wrote:
> no, I downloaded and compiled from source which I have done since v 0.85
>pkgsrc is version 92.1 which I will use for now.
pkgsrc contains version 0.93.
Regards,
-sm
___
Help us build a comprehensive Clam
Naomi Hospodarsky wrote:
> hmm. well.
>
> grepping for just mpz_init on libgmp.a also returns nothing.
>
> grepping for mpz_init in gmp.h returns:
>
> gmp.h: 0654-203 Specify an XCOFF object module.
That string doesn't contain mpz_init, are you sure you used grep on
gmp.h and not nm?
This is wei
hmm. well.
grepping for just mpz_init on libgmp.a also returns nothing.
grepping for mpz_init in gmp.h returns:
gmp.h: 0654-203 Specify an XCOFF object module.
On Thu, Apr 17, 2008 at 2:40 PM, Török Edwin <[EMAIL PROTECTED]> wrote:
> Naomi Hospodarsky wrote:
> > This is version 4.2.2 of GMP,
At 09:03 17-04-2008, Jerry Ferguson wrote:
>>I have a Clamav-milter problem. Can anyone help?
>>
>>Problem: clamav-milter loads and immediately terminates
>>
>>Hardware: Computer processor is AMD, sata raid 1
>>
>>software: NetBSD 4.0 (I386 platform)
[snip]
>>_res is not supported for multi-thre
Naomi Hospodarsky wrote:
> This is version 4.2.2 of GMP, and it SEEMS to compile just fine; I can
> run make check with no errors.
>
> running
> nm /usr/local/lib/libgmp.a |grep __gmpz_init
>
Try grepping for just mpz_init. Also grep for mpz_init in gmp.h
Best regards,
--Edwin
This is version 4.2.2 of GMP, and it SEEMS to compile just fine; I can
run make check with no errors.
running
nm /usr/local/lib/libgmp.a |grep __gmpz_init
returns nothing;
and then configuring clamav with either:
LDFLAGS="-R/usr/local/lib -L/usr/local/lib -L/usr/lib -L/usr/local/ssl"
./config
At 09:03 17-04-2008, Jerry Ferguson wrote:
>I have a Clamav-milter problem. Can anyone help?
>
>Problem: clamav-milter loads and immediately terminates
>
>Hardware: Computer processor is AMD, sata raid 1
>
>software: NetBSD 4.0 (I386 platform)
[snip]
>_res is not supported for multi-threaded pro
>>Problem: clamav-milter loads and immediately terminates
>You gave lots of good build information, but didn't say how you were
>calling the milter itself. To give you something to compare to, here's
>how I call it on mine:
># ps aux | grep clamav-milter | grep -v grep
>clamav 686 0.0 0.
It seems like this is rejecting the mail with a 'reject=553 5.3.0 QUARANTINE'
error instead of quarantining it to a folder.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gomes, Rich
Sent: Thursday, April 17, 2008 9:03 AM
To: ClamAV users ML
Subject:
On Thu, Apr 17, 2008 at 06:52:12PM +0300, T?r?k Edwin wrote:
...
In case other people missed it.
From: "jordi garcia" <[EMAIL PROTECTED]>
To:"ClamAV users ML"
Subject: Re: [Clamav-users] phising whitelist
Date: Thu, 17 Apr 2008 17:44:25 +0200
Contained: Email.Phishing.RB-2924
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Apr 17, 2008 at 12:03:42PM -0400, Jerry Ferguson wrote:
>Problem: clamav-milter loads and immediately terminates
You gave lots of good build information, but didn't say how you were
calling the milter itself. To give you something to compare
I have a Clamav-milter problem. Can anyone help?
Problem: clamav-milter loads and immediately terminates
Hardware: Computer processor is AMD, sata raid 1
software: NetBSD 4.0 (I386 platform)
NetBSD mail 4.0 NetBSD 4.0 (GENERIC) #0: Sun Dec 16 00:20:10 PST 2007
[EMAIL
PROTECTED]:/home/builds/ab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Apr 16, 2008 at 07:33:20PM +0100, Nigel Frankcom wrote:
>Similar problems here on CentOS 4.6/64 bit. I did find some info on
>...
> I'll probably give it a couple of days and if it doesn't
>resolve I'll do a manual build.
DAG rebuilt the pack
jordi garcia wrote:
> Hello Edwin,
>
> how Can I add the entry to daily.fp
See signatures.pdf "2.5 Whitelist databases".
You can either put the md5 into a .fp file, or add an entry to local.ign.
> or submit the sample?
> I read clamav man and didn't found any information about that.
Submit it h
Hello Edwin,
how Can I add the entry to daily.fp or submit the sample?
I read clamav man and didn't found any information about that.
Kind regards
Jordi
2008/4/17, Török Edwin <[EMAIL PROTECTED]>:
>
> jordi garcia wrote:
> > Hello,
> >
> > I'm trying to add some values to whitelist following p
Török Edwin wrote:
> Replace RAWSCAN with SCAN.
It would be nice if the removal of RAWSCAN (1) were mentioned more
prominently than a one-liner in Changelog, and (2) were removed from
the docs at docs/html/node23.html
Regards,
David.
___
Help us build
Some time ago (after 0.90.3) clamav changed its license, downgrading it from
"GPLv2 or later" to "GPLv2 only", thus making it incompatible with programs
linking to libclamav and released under the "GPLv3 or later", which are now
being common.
The first application to drop clamav support is the
Artini Alessio wrote:
>> Hi,
>>
>> Today I've updated my clamav from 0.92.1 to 0.93 (compiled in a redhat
>> 5.1 server)
>> Now my clamdwatch.pl script doesn't work.
>> If I run it I get the following message:
>>
>> Clamd is in an unknown state.
>> It returned: UNKNOWN COMMAND
>>
>> Any idea
jordi garcia wrote:
> Hello,
>
> I'm trying to add some values to whitelist following phishsigs_howto.pdf
> doc. It's a simple conf, but it doesn't work.
>
> With 'clamscan --debug email.file' command capture:
>
> LibClamAV debug: Phishcheck:Checking url
> http://ad.doubleclick.net/clk;77451406;613
> Hi,
>
> Today I've updated my clamav from 0.92.1 to 0.93 (compiled in a redhat
> 5.1 server)
> Now my clamdwatch.pl script doesn't work.
> If I run it I get the following message:
>
> Clamd is in an unknown state.
> It returned: UNKNOWN COMMAND
>
> Any idea?
>
> I also attach my clamdw
Hello,
I'm trying to add some values to whitelist following phishsigs_howto.pdf
doc. It's a simple conf, but it doesn't work.
With 'clamscan --debug email.file' command capture:
LibClamAV debug: Phishcheck:Checking url
http://ad.doubleclick.net/clk;77451406;6134080;d?http://www.correo.movistar.e
Hello,
I'm trying to add some values to whitelist following phishsigs_howto.pdf
doc. It's a simple conf, but it doesn't work.
With 'clamscan --debug email.file' command capture:
LibClamAV debug: Phishcheck:Checking url
http://ad.doubleclick.net/clk;77451406;6134080;d?http://www.correo.movistar.e
Thanks, Michael. I didn't see QUARANTINE as a access file option in the man
pages.
I will try that.
Thanks again!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Isaev
Sent: Wednesday, April 16, 2008 11:30 PM
To: ClamAV users ML
Subject: Re: [C
John Rudd wrote:
> It is never good to be "the wrong tool for the job", nor "fixing
> something that isn't broken". And, therefore, it is doubly bad to be both.
In general:
DO NOT HARDCODE POLICY
Otherwise, your tool becomes irritating or possibly even harmful.
Regards,
Davi
Thanks for solving out mystery for me :)
> Looks like you might have been loading one of the tables twice.
>
> dp
--
Regards,
Noor Ahmed Afridi
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/lis
Eric Rostetter schrieb:
Quoting John Rudd <[EMAIL PROTECTED]>:
It is not ClamAV's place to make policy decisions for
me.
And ClamAV does not. The milter is.
That distinction is immaterial. The milter comes as part of the ClamAV
package. s/ClamAV/clamav-milter/ throughout my posting if you
James Brown wrote:
>
> On 16/04/2008, at 4:33 AM, fchan wrote:
>
>> This part of clamav-0.92 and new fix of a bug.
>> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613
>>
>> And in short we need to get gcc4.1.1 or newer to get this work on
>> Macintosh 10.4.11 and xcode 2.5 which only has an
Eric Rostetter wrote:
> Quoting John Rudd <[EMAIL PROTECTED]>:
>
>> Tilman Schmidt wrote:
>>
>>> So why am I dissecting that list like this? Just to show that blocking
>>> or not blocking certain unusal characters in mail addresses is indeed a
>>> policy decision which should not be forced by a pi
45 matches
Mail list logo
