RE: [Clamav-users] ClamAV should not try to detect phishing and other social engineering attacks

2004-11-17 Thread B. van Ouwerkerk
Anouncing a NEW phishing threat ... this is an excerpt from winXP news ... how to disable the Windows Scripting Host (WSH) to prevent an insidious new "phishing" technique that uses a script to redirect you to a fraudulent Web site when you log on to do online banking. So some of the phishing atta

Re: [Clamav-users] Notification E-mail

2004-09-22 Thread B. van Ouwerkerk
As a riposte: I'm not alone in this, far from it, actually. A similar request was recently issued by virusalert.nl, a dutch organisation on virus prevention. See http://www.virusalert.nl/?show=nieuws&id=559 I attempted to use the Fish to translate, and looked at their little picture of the situat

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-26 Thread B. van Ouwerkerk
> If you want to be able to sue someone then why don't you use a product > like > Symantec Corporate edition, or from any other large vendor? I don't want to sue someone - I just like being protected against those who do, and there are a lot of them out there. That's why you pay so much for insura

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-26 Thread B. van Ouwerkerk
All parties are willing and agreeable, and the vendor stands to make some money. I can't imagine that would be a bad thing. I wouldn't underestimate the importance of liability, tho. Uhhh... but then what do you think someone providing such service would be liable for then? Unable to download

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-25 Thread B. van Ouwerkerk
Or, how about a subscription only (i.e. pay for) mirror which people can query every five minutes if they like ? Note that although you shouldn't, you CAN query any official mirror every minute if you want :) No mirror that I know of is able to prevent that. Yet. iptables/netfilter :-) So I would

Re: [Clamav-users] How to disinfect an mbox file?

2004-06-16 Thread B. van Ouwerkerk
Clamav is not the same as clamav-milter :) so if someone prefers not to use milter or whatever to get viri before they hit the users mailbox they get the mail into the mailbox. I'm running clamav-milter and find it s cool.. Ah...im running qmail so there is no milter. All this milter talk is

Re: [Clamav-users] How to disinfect an mbox file?

2004-06-16 Thread B. van Ouwerkerk
The viruses seem to be addressed to all the permutations of the alphabet in the username, with the domain always being goingware.com. Perhaps this was meant to deliver the virus all to different people, instead my personal email is being DOSed by this virus. Ask your hosting provider (or do it yo

Re: [Clamav-users] How to disinfect an mbox file?

2004-06-16 Thread B. van Ouwerkerk
FWIW, I would go for a solution with procmail :-) Just curious, if clamav was running on the server, how did the infected message get into the mbox in the first place? Jim Clamav is not the same as clamav-milter :) so if someone prefers not to use milter or whatever to get viri before they hit

Re: [Clamav-users] How to disinfect an mbox file?

2004-06-16 Thread B. van Ouwerkerk
This is a good reason to use maildirs. Jim Oh, come on! This is just shortcoming of ClamAV. Why have a --mbox option if you can't identify the infected email?! RAV did this better. Bert So? Last time I checked RAV wasn't exactly free. If it's not done in CVS yet then I suppose it might get done

Re: [Clamav-users] Clamav 0.73 archive.

2004-06-14 Thread B. van Ouwerkerk
Hello Just a question about lastest clamav version. I just downloaded clamav 0.73 and I found CVS directory in each directory. It is normal ? If a .tgz is created from CVS without any modifications then it's normal. Not much to worry about really.. B. ---

RE: [Clamav-users] Re: Virus Alias Database

2004-05-11 Thread B. van Ouwerkerk
At 08:01 11-05-2004 +0100, you wrote: On Tue, 2004-05-11 at 00:58, Mitch (WebCob) wrote: > I'm sure there are many (including myself) that could be convinced to host > mirrors once the concept stabilizes... I'm certainly willing to open the front end, but I need to find out how easy it is to mirror

Re: [Clamav-users] /temp directory

2004-05-05 Thread B. van Ouwerkerk
My questions are, how are these temp files created? do they have a reason to be there? is it safe to delete them? how do I avoid this issue? On thing, all folders/files are from two days only (May 3rd and 4th), something else, I don't have a quarantine option on my conf file. I'll appreciate any i

Re: [Clamav-users] Easiest/best sendmail integration

2004-05-05 Thread B. van Ouwerkerk
What is the simplest and best solution for providing virus detection of incoming email using Clamav with sendmail both assuming I don't have milter and that I do? Read the docs and pick your poisen. Easy: recompile Sendmail to have Milter && compile Clamav with milter. If you don't have somethin

Re: [Clamav-users] no bounce notice

2004-05-04 Thread B. van Ouwerkerk
How could I stop clamav-milter from responding with a bounce notice while still rejecting infected messages from the incoming queue? The recipient of the infected message should still receive a notification from clamav. Someone suggested an option "-p" but it's not in the manpage or `clamav-mi

Re: [Clamav-users] Clam assigns wrong virus name??

2004-04-28 Thread B. van Ouwerkerk
Wed Apr 28 12:28:30 2004 -> /var/spool/qmailscan/tmp/mx2108314810947010970/data.rtf .scr: Win32.Mix FOUND I am sure that is rather a sample of the Netsky worm, which other systems running clam identify as "Worm.Somefool.xx" What could be the cause of the wrong name? Clamav is having it's own

RE: [Clamav-users] Re: clam-av/milter, segmentation fault

2004-04-23 Thread B. van Ouwerkerk
> If I could make just one suggestion to the clam developers, it would > be to consolidate all of the conf files into one. Well, it looks like there are actually two projects here: clam-av, and the one that enables this as a milter. Consolidation would be nice, as separate sections in the same fi

RE: [Clamav-users] Re: clam-av/milter, segmentation fault

2004-04-23 Thread B. van Ouwerkerk
Well, so here might be part of the problem: [EMAIL PROTECTED] clamav]# ls -la /var/run/clamav/ total 8 drwxr-xr-x2 clamav clamav 4096 Apr 22 21:45 . drwxr-xr-x 11 root root 4096 Apr 22 21:21 .. srwx--1 clamav clamav 0 Apr 22 21:45 clamd.sock A search o

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread B. van Ouwerkerk
Doubtful. There will always be diversity in computing, and as long as users don't care one way or the other, Windows will always exist and probably will hold the desktop for a LNG time. Which is fine. The user only asks if he/she can do whatever needed on the OS that runs on the deskt

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread B. van Ouwerkerk
At 02:24 22-04-2004 -0500, you wrote: B. van Ouwerkerk wrote: I've seen a message to this list about a GUI to maintain Clamav. What I'm calling for is not just a GUI to set up and maintain clamav, but a more comprehensive setup/maintenance utility for the complete package of MUA (

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread B. van Ouwerkerk
At 14:49 21-04-2004 -0500, you wrote: FYI. This is my last submission to the Mozilla Bugzilla that partially addresses the needs of newbies who want a user-friendly gui or wizard to set up and configure everything, requiring the user only to make choices among easily-understood menu options. I'v

Re: [Clamav-users] Why sometimes my clamav dosen't filter virus

2004-04-21 Thread B. van Ouwerkerk
The clamav dosen't work at the time 19:44-19:45 , on this time I received 5 virus email. why? You're using milter? If so then you might have configured sendmail to let through if milter is unavailable. B. --- This SF.Net email is sponso

Re: [Clamav-users] System scan...

2004-04-16 Thread B. van Ouwerkerk
Now how to find the infected ones ??? I have Bin looking for logfiles but canot find it Why do you assume you should be spoonfed here? Type man clamscan in your shell and it will give you all information you need. B. Slackware rocks. -

Re: [Clamav-users] Complete system scan...

2004-04-15 Thread B. van Ouwerkerk
At 17:23 15-04-2004 +0200, you wrote: Hi, What command can I use to scan my compleet system ??? For all those questions just type: man clamav And you'll find out more then you ever wanted to know about the commandline. B. --- This SF.Net e

RE: [Clamav-users] My installation of ClamAV doesn't detect zipped virus

2004-04-14 Thread B. van Ouwerkerk
> If you do not have the same, then either freshclam is not working correctly > (or not running at all) or freshclam is downloading the virus database to > one location and clamav is looking for it in another location. I have seen > this problem more and more lately on this list. Thank you for yo

Re: [Clamav-users] clamav and milter - dedicated mailing list.

2004-04-14 Thread B. van Ouwerkerk
If we had two lists then the subscribers to the standard clamav list would see far fewer (note: not zero, I grant you) postings about milter, because even if the question gets cross-posted, I would like to think that responders will reply to the appropriate list and not the inappropriate one. T

Re: [Clamav-users] My installation of ClamAV doesn't detect zipped virus

2004-04-14 Thread B. van Ouwerkerk
At 13:08 14-04-2004 -0600, you wrote: I just installed ClamAV, but Worm.SomeFool.P (in a zip file) is getting through, although the online scanner at http://www.gietl.com/test-clamav/ detects it. Am I missing something in my configuration? If you are using milter, is it really running and is Sendma

Re: [Clamav-users] pass mails with virus to spec. acount

2004-04-14 Thread B. van Ouwerkerk
At 20:48 14-04-2004 +0400, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use sendmail,clamd and clamav-milter. 1.Is it possible to pass mails with virus to special acount? man clamav-milter :) -Q, --quarantine=EMAILADDRESS If this e-mail address is given, messages containing a virus or

Re: [Clamav-users] clamav and milter - dedicated mailing list.

2004-04-14 Thread B. van Ouwerkerk
> I have seen lists split up in the past.. like the PHP lists. The results of > this: > - cross posting > - questions send to the wrong list I think both of these examples are things which would be improved by having two lists. Ofcourse not. Do we have cross postings right now? No. At the momen

Re: [Clamav-users] clamav and milter - dedicated mailing list.

2004-04-14 Thread B. van Ouwerkerk
At 17:01 14-04-2004 +0300, you wrote: May I propose a separate mailing list for milter users? There seems to be alot of discussions about milter (now I even know it's some form of sendmail plugin) that warrants this. Some of us use Exiscan and we find milter quite a 'strange' idea ;-)) The list cou

Re: [Clamav-users] virus names (any reference?)

2004-04-14 Thread B. van Ouwerkerk
> A central repository of cross-references would probably be the best and > most resilient solution. I definitely agree, but that's a lot of work. I partially disagree. It would be possible to fill a database with the announcements on the virusdb list without user intervention.. procmail and PHP

Re: [Clamav-users] Scanning outgoing mail....

2004-04-13 Thread B. van Ouwerkerk
At 18:02 13-04-2004 +0200, you wrote: Is there a way to tell Clamav to scan outgoing pop3 mail??? I am using Mandrake 10 with evolution. $ more /etc/mandrake-release ; rpm -qa|grep -i kernel Mandrake Linux release 10.0 (RC1) for i586 kernel-2.6.2.3mdk-1-1mdk http://www.clamav.net/3rdparty.html Look

Re: [Clamav-users] "Session 1 stopped due to timeout"?

2004-04-13 Thread B. van Ouwerkerk
For the record, I'm using clamav-0.67-1 with the stock RH9 sendmail (8.12.8). Clamav-milter is version 0.67a. I'm not feeling up to trying 0.68 or 0.70rc since reports are they're not particularly stable. I'm using 0.70rc one on a testbox for almost one month and about 2 weeks on a production b

Re: [Clamav-users] Schedule?

2004-04-13 Thread B. van Ouwerkerk
I have been using ClamWin more and more lately, really like it, fee scanner, etc... now running on my kids systems even! I thought you had mentioned that there were docs on SF about how to use the Windows Scheduler to schedule scans? For the life of me I cannot find them? I have tried to creat

RE: [Clamav-users] sendmail

2004-04-11 Thread B. van Ouwerkerk
> thanks all for ur good advises.. i managed to install > and get clamd and clamav-milter running: > > clamav36624 0.0 8.5 22572 21136 ?? Ss4:24PM > 0:00.01 clamd > clamav85905 0.0 0.5 2608 1272 ?? Ss5:01PM 0:00.01 > /usr/local/sbin/clamav-milter --max-children=2 -olb

RE: [Clamav-users] sendmail

2004-04-11 Thread B. van Ouwerkerk
> -Oorspronkelijk bericht- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Namens Spades > Verzonden: Sunday, April 11, 2004 12:55 AM > Aan: [EMAIL PROTECTED] > Onderwerp: [Clamav-users] sendmail > > > any idea, how can i get clam to work with sendmail? http://www.clamav.net/doc/0.

Re: [Clamav-users] x-reference list

2004-04-08 Thread B. van Ouwerkerk
At 10:22 08-04-2004 -0400, you wrote: Recent discussions on other names...what about an improved version of http://www.nfllab.com/projects/cvnr/ Maybe adding an encyclopedia of virus information to each name? I was more thinking along the line of a database filled with the announcements on the cla

Re: [Clamav-users] Virus Names

2004-04-07 Thread B. van Ouwerkerk
At 22:12 06-04-2004 +0200, you wrote: Diego d'Ambra wrote: And that is what we'll (try to) do in the future (if a common name has been established). But that would break statistics. I don't mind if the name is different as long as it can be cross-referenced. Someone was working on a web site with

Re: [Clamav-users] Virus Names

2004-04-06 Thread B. van Ouwerkerk
At 23:38 05-04-2004 -0500, you wrote: Question: If Worm.SomeFool is Netsky, then why is not labeled as netsky? Also, is there a way to make an alias in the virus database so my users can see netsky instead of Worm.Somefool? Basically that's because the users keep complaning about the virus names th

Re: [Clamav-users] Re: Don't Understand

2004-04-05 Thread B. van Ouwerkerk
At 11:09 05-04-2004 +0200, you wrote: Thanks i had a look in my clam.log and i've got this line : ERROR: Socket file /usr/local/sbin/clamd exists. Either remove it, or configure a different one. if i remove this file /usr/local/sbin/clamd and i try to launch again clamd i've got this :

Re: [Clamav-users] sendmail, clamav-milter error

2004-04-01 Thread B. van Ouwerkerk
I am trying to setup sendmail, clamd, and clamav-milter. Here are the software packages: (btw, I am also running procmail and spamassassain) #Software version redhat v8 sendmail-cf-8.12.5-7 sendmail-devel-8.12.5-7 sendmail-8.12.5-7 sendmail-doc-8.12.5-7 clamd-0.68-1.rh80.dag clamav-devel-0.68-1.rh

Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT

2004-03-22 Thread B. van Ouwerkerk
You probably want the -b option to reject the DATA phase of the SMTP session if the milter detects a virus. No you dont need '-b option'. I'm new to Clamav but from the manpage it looks like -N would be more appropriate. If I understand everything correctly then -b will bounce the message with