Re: [clamav-users] Help with clamscan 0.97.7 and mbox files

2013-04-10 Thread A K Varnell
On Apr 10, 2013, at 4:59 PM, A K Varnell wrote: > On Apr 10, 2013, at 4:41 PM, Scott Ehrlich wrote: > >> You may be correct, though recalling my command-line options, including >> verbose mode, the mbox file is very large, yet the scan took just a few >> seconds. > > Then you'll need to c

Re: [clamav-users] Help with clamscan 0.97.7 and mbox files

2013-04-10 Thread A K Varnell
On Apr 10, 2013, at 4:41 PM, Scott Ehrlich wrote: > You may be correct, though recalling my command-line options, including > verbose mode, the mbox file is very large, yet the scan took just a few > seconds. Then you'll need to change: --max-filesize=#n Extract and scan at mo

Re: [clamav-users] Help with clamscan 0.97.7 and mbox files

2013-04-10 Thread Scott Ehrlich
You may be correct, though recalling my command-line options, including verbose mode, the mbox file is very large, yet the scan took just a few seconds.There is no indication that the mbox file is being properly scanned, and knowing the base64 attachments that appear via xxd and grep, I have st

[clamav-users] Mirror Issues

2013-04-10 Thread A K Varnell
In the past I've addressed most of my ClamAV® Database mirror issues directly with luca. Is there someone else I should be working with or post to the list? And speaking of Luca, he's still listed as administrator at the bottom of all the ClamAV Mailing Lists

Re: [clamav-users] Help with clamscan 0.97.7 and mbox files

2013-04-10 Thread Steven Morgan
Scott, Looking at the code, I think the option is 'scan-mail'. It defaults as yes, so you shouldn't need to do anything special, just clamscan /path/to/mbox/. Let us know if that is not working. Steve On Wed, Apr 10, 2013 at 4:46 PM, Scott Ehrlich wrote: > I just compiled clamav 0.97.7 on SANS

[clamav-users] Help with clamscan 0.97.7 and mbox files

2013-04-10 Thread Scott Ehrlich
I just compiled clamav 0.97.7 on SANS SIFT Linux. Reviewing the README file and google, it appears that clamscan should be able to review/scan mbox files, but any attempt at using --mbox, such as clamscan --mbox or clamscan -d /tmp/virdir --mbox /path/to/mboxfile, reports an error with the --mbox

Re: [clamav-users] freshclam checks database every time

2013-04-10 Thread Al Varnell
On 4/10/13 6:05 AM, "Andreas Schulze" wrote: > I configured freshclam to not lookup the dns for existance of a new > patternversion. Instead freshclam contacts the > clamav-server and fire up HTTP Head queries. That way I could let run > freshclam once a minute. > I thought the limit was four ti

[clamav-users] freshclam checks database every time

2013-04-10 Thread Andreas Schulze
Hello, I configured freshclam to not lookup the dns for existance of a new patternversion. Instead freshclam contacts the clamav-server and fire up HTTP Head queries. That way I could let run freshclam once a minute. Because I run a clamav-mirror in my local network, that's not a problem. But I

Re: [clamav-users] GTUBE message detection

2013-04-10 Thread Benny Pedersen
Peter Bonivart skrev den 2013-04-10 10:10: It seems to be very controversial if ClamAV should include signatures for other things than classic malware. Why not have some kind of classification of the signatures and let us control what we download via Freshclam? PUA categories ? well i like to

Re: [clamav-users] GTUBE message detection

2013-04-10 Thread Steve Basford
>> Given that a large proportion of the Sanesecurity sigs detect spam, >> phishing, and other junk >> mail (and folks use them as such), wouldn't it be useful to include a >> standard spam test >> signature by default? > > It seems to be very controversial if ClamAV should include signatures > fo

Re: [clamav-users] GTUBE message detection

2013-04-10 Thread Peter Bonivart
On Wed, Apr 10, 2013 at 9:54 AM, Paul Whelan wrote: > > On 9 Apr 2013 at 11:12, Steve Basford wrote: > >> Hi All, >> >> Couple of updates.. >> >> I've just check end the Sanesecurity.TestSig.GTUBE signature name had >> accidentally been renamed to Sanesecurity.TestSig.10616 >> >> I have, however,

Re: [clamav-users] GTUBE message detection

2013-04-10 Thread Paul Whelan
On 9 Apr 2013 at 11:12, Steve Basford wrote: > Hi All, > > Couple of updates.. > > I've just check end the Sanesecurity.TestSig.GTUBE signature name had > accidentally been renamed to Sanesecurity.TestSig.10616 > > I have, however, removed the checks for GTUBE, so at least ClamAV and > Third-P