ssl.
Any ideas?
Thank you
Brandon Henderson
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
Make sure clamd has permission to read the file :-)
On Thu, Mar 5, 2009 at 8:32 PM, Chris wrote:
> Another probably easy question. When running
>
> [ch...@localhost ~]$ clamdscan spam1.txt
> /home/chris/spam1.txt: Access denied. ERROR
>
> Where should clamdscan be and who should own it? It was
>
, 2009 at 5:11 PM, Karlheinz Schmidthaus wrote:
> Brandon Perry wrote:
> > When did you submit it? It can take a while depending on the severity of
> the
> > trojan and the amount of submissions made...
> >
>
> The last time I send it was 2 days ago (2009-02-21).
>
&
When did you submit it? It can take a while depending on the severity of the
trojan and the amount of submissions made...
On Mon, Feb 23, 2009 at 3:38 PM, Karlheinz Schmidthaus wrote:
> I received the following answer after submission, but the trojan is not
> detected:
>
> The notice is:
> Result
There is a major bug in the version you are running. If you enable the
volatile repo and upgrade clamav, you should be fine.
On Thu, Feb 5, 2009 at 4:07 PM, Alex Davidson wrote:
> I am fairly new to Linux but have a Debian 4 Desktop installation with
> clamav and clamd running on it.
> On top of
I believe you can enable compression in freshclam.conf.
On Mon, Jan 19, 2009 at 6:25 PM, Henry Choi wrote:
> Hi all, I am wondering if I can keep the size of the ClamAV DB to perhaps a
> few MB or so...
>
> After more than a month of running both clamd and freshclam in daemon mode,
> I see the d
Submit it as a false positive. http://www.clamav.net/sendvirus/
On Tue, Jan 6, 2009 at 5:15 PM, Mister Johnson wrote:
> Hi.
>
> I'm new to clamav and installed the clamxav osx-version (which uses
> the clamav engine v 0.94.2) yesterday on my laptop.
>
> While scanning my mail clamav detects a vir
You can build your own definitions and it is quite easy, actually.
http://www.clamav.net/doc/latest/signatures.pdf
On Wed, Dec 24, 2008 at 7:15 AM, Plamen Vassilev
wrote:
> Hello list,
>
> Although I've been subscribed to this list from Nov 2006, I have not seen a
> clear explanation about the p
What would be useful is a command line argument (or configuration in
clamd.conf) to add custom regex stuffs.
On Wed, Dec 17, 2008 at 9:55 AM, Tim Maletic wrote:
> On Wed, Dec 17, 2008 at 10:47 AM, Matt Watchinski <
> mwatchin...@sourcefire.com> wrote:
>
> > What other use cases would you like to
When you compile ClamAV, use --enable-check (iirc) and make sure you have
check installed. Then, when it is done compiling, you can run `make check`
and it will check itself :-).
On Fri, Dec 5, 2008 at 5:06 PM, Aleksey Tsalolikhin <[EMAIL PROTECTED]
> wrote:
> Ok, so how do I test ClamAV?
>
> The
You may also upload a sample of the virus to VirusTotal and see what they
say.
On Thu, Dec 4, 2008 at 4:10 PM, Brandon Perry <[EMAIL PROTECTED]>wrote:
> Check out sigtool. (man sigtool)
>
>
> On Thu, Dec 4, 2008 at 3:05 PM, Derek Currie <[EMAIL PROTECTED]> wrote:
>
>
Check out sigtool. (man sigtool)
On Thu, Dec 4, 2008 at 3:05 PM, Derek Currie <[EMAIL PROTECTED]> wrote:
> Hi folks,
>
> This has to be the newbie question of the century for Clamav, but...
>
> How can I view the list of malware detectable by Clamav? I'd like to
> be able to know what new malware
This is interesting. I will need to change the logo for the ClamAV live cd
then :-(.
On Wed, Dec 3, 2008 at 3:03 PM, Nigel Horne <[EMAIL PROTECTED]> wrote:
> Sven,
>
> I am sorry it has taken so long for me to reply to this.
>
> > I'm going to write a clamav-related article in my blog and I want
His definition mirrors just haven't caught up with the main mirror yet, it
happens. Just wait a day or so.
On Wed, Nov 26, 2008 at 9:40 AM, Dennis Peterson <[EMAIL PROTECTED]>wrote:
> Rick Macdougall wrote:
> > Dennis Peterson wrote:
> >> Jason Bertoch wrote:
> >>> I understand this is harmless,
It means avira found one of our definitions and thought it was a virus? This
isn't uncommon...
On Wed, Oct 15, 2008 at 2:41 PM, Markus Egg <[EMAIL PROTECTED]> wrote:
> I am using clamav 0.94.
>
> I copied
> /usr/local/share/clamav
> to
> /usr/local/share/clamav15102008
> because there were proble
On Wed, Oct 8, 2008 at 9:43 AM, Török Edwin <[EMAIL PROTECTED]> wrote:
> On 2008-10-08 17:36, Brandon Perry wrote:
> > Is 4294967294 bytes (~40 GB) larger than your maximum file size set in
> your
> > config?
> >
>
> That is -2, so it is a bug in the code, o
lamav-0.94-1.2mdv2007.1
> libclamav3-0.92-1.2mdv2007.1
> clamav-db-0.94-1.2mdv2007.1
>
>
> Thank you all in advance.
> Best Regards
> --
> []'s
> Thiago Henrique
> Network Administration
> Digirati Networks
> K8 Networks
>
>
>
> On Ter, 2008-10-07 at 1
What version are you running? What OS? We need more info...
On Tue, Oct 7, 2008 at 11:18 AM, Thiago Henrique <[EMAIL PROTECTED]>wrote:
> Hi,
>
> I have a problem:
>
> When I run
> "/usr/bin/clamscan -i -r --max-recursion=15 --no-summary $DIRECTORY"
>
> I get the following error:
>
> "UNRAR: rar_m
You need the check package installed (sudo apt-get install check on
debian/ubuntu).
On Mon, Oct 6, 2008 at 1:57 PM, James Kosin <[EMAIL PROTECTED]>wrote:
> Chandra wrote:
> > Hi,
> > When I run the command "make check" while trying to install
> clamav-0.94, i get the following error:
> >
> >
I am sure 99% of package managers have a blocklist of some kind.
On Fri, Oct 3, 2008 at 5:05 PM, Jerry <[EMAIL PROTECTED]> wrote:
> On Fri, 3 Oct 2008 10:13:22 -0400 (EDT)
> "Christopher X. Candreva" <[EMAIL PROTECTED]> wrote:
>
> >> GESBBB wrote:
> >> > Is there any reason you cannot read the do
What version of freshclam do you have?
On Sat, 2008-09-27 at 08:51 +, Roger MARTINEZ wrote:
> it seems that with freshclam -v command I get virus list out of date ;
>
> this is output freshclam :
> azerty:~$freshclam -v
> Current working dir is /usr/local/share/clamav max retries==3
> ClamAV
Is it counting PUA's?
On Thu, Sep 25, 2008 at 9:57 AM, pupusse <[EMAIL PROTECTED]> wrote:
>
> Hello ,
>
> I use the latest clamav 0.94 on my debian , with latest main and daily.cvd
> (48/8315):
>
> "clamscan --version
> ClamAV 0.94/8315/Tue Sep 23 08:59:00 2008 "
>
> the scan shows :
>
> "
>
try taking amavis out of the picture and see what happens.
On Mon, Sep 22, 2008 at 12:33 PM, Carlos Williams <[EMAIL PROTECTED]>wrote:
> On Mon, Sep 22, 2008 at 1:24 PM, Brandon Perry
> <[EMAIL PROTECTED]> wrote:
> > What might be happening is two different apps with two
What might be happening is two different apps with two different permissions
are writing to the files. when the second app writes to the files, its
permissions keep the first app (freshclam) from writing to the logs.
On Mon, Sep 22, 2008 at 12:16 PM, Carlos Williams <[EMAIL PROTECTED]>wrote:
> Hmm
n <[EMAIL PROTECTED]>
> wrote:
> > Brandon Perry wrote:
> >> your logs are owned by amavis?
>
> I followed this guide for how to configure permissions on Debian for
> Clamav.
>
> http://www200.pair.com/mecham/spam/clamav-amavisd-new.html
>
> Did I do something
your logs are owned by amavis?
On Mon, Sep 22, 2008 at 10:08 AM, Carlos Williams <[EMAIL PROTECTED]>wrote:
> I am still unable to run /usr/bin/freshclam. This happened to me
> before and then it eventually started working again for a little but
> now has come back for some reason. I really want t
The last one I have is from:
ClamAV database updated (15 Sep 2008 16-31 +): daily.cvd
On Mon, Sep 15, 2008 at 12:26 PM, .rp <[EMAIL PROTECTED]> wrote:
> our email server has not been hit with [clamav-virusdb]Update
> message since September 01. Are the database update notifications still
> go
>
>
> $clamscan -r /home --remove
>
This is correct.
>
>
> --
> Carlos Williams <[EMAIL PROTECTED]>
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
--
http://www.volatileminds.net
Because you are removing the file, not just the virus. ClamAV can't
disinfect as there is no need to.
On Wed, Sep 10, 2008 at 11:41 AM, Carlos Williams
<[EMAIL PROTECTED]>wrote:
> Brandon Perry wrote:
> > Read the documentation or the man page, I am sure it has all t
Read the documentation or the man page, I am sure it has all the info you
need :-).
On Wed, Sep 10, 2008 at 10:13 AM, Carlos Williams
<[EMAIL PROTECTED]>wrote:
> I used clamscan for the 1st time manually yesterday and it took some
> time to recursively scan my users home directory where email is
Yeah, I was the one that started that thread, but I don't remember there
being an answer. This answers my question though. Thanks!
On Tue, Sep 9, 2008 at 10:22 AM, Dennis Peterson <[EMAIL PROTECTED]>wrote:
> Brandon Perry wrote:
> > What do you make of this?
> >
What do you make of this?
With --enable-experimental:
[EMAIL PROTECTED]:~/tmp/clamav-0.94/freshclam$ ./freshclam -V
ClamAV 0.94-exp/8190/Mon Sep 8 08:45:44 2008
[EMAIL PROTECTED]:~/tmp/clamav-0.94/freshclam$
Without:
[EMAIL PROTECTED]:~/tmp/clamav-0.94/freshclam$ ./freshclam -V
ClamAV 0.94/8190
you shouldn't have to specify the repo (apt is pretty good about stuff like
that). just apt-get update ; apt-get upgrade.
On Mon, Sep 8, 2008 at 2:52 PM, Carlos Williams <[EMAIL PROTECTED]>wrote:
> Stephen Gran wrote:
> > On Mon, Sep 08, 2008 at 12:37:31PM -0400, Carlos Williams said:
> >> I am i
clamav-daemon is clamd. This is sgran's area, you may want to contact him in
IRC.
On Mon, Sep 8, 2008 at 11:37 AM, Carlos Williams
<[EMAIL PROTECTED]>wrote:
> I am installing clamav on Debian "Etch" and noticed that when it
> resolves the dependencies for required packages, there appears to be a
That is up to the MOTU guys (iirc, the latest version is in Intrepid). Talk
to them...
#ubuntu-motu on irc.freenode.net
On Sat, Sep 6, 2008 at 9:26 PM, Aron <[EMAIL PROTECTED]> wrote:
> I see that the clamav package in ubuntu hardy source is still version
> 0.92,could anyone update the code in
008 at 4:22 PM, Brandon Perry <[EMAIL PROTECTED]>wrote:
> IIRC, the announcement said that POSIX breakage would happen if you tried
> to compile 0.94 on cygwin...
>
>
> On Tue, Sep 2, 2008 at 4:16 PM, René Berber <[EMAIL PROTECTED]>wrote:
>
>> Hi,
>>
>>
IIRC, the announcement said that POSIX breakage would happen if you tried to
compile 0.94 on cygwin...
On Tue, Sep 2, 2008 at 4:16 PM, René Berber <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Something changed in configure which results on a wrong setting for the
> existence of gethostbyname_r, it worked
You need to check to run 'make check' as per above.
On Tue, Sep 2, 2008 at 1:44 PM, Jason Bertoch <[EMAIL PROTECTED]> wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:clamav-users-
> > [EMAIL PROTECTED] On Behalf Of Brandon Perry
> &
Ok, make check works. valgrind check fails, but that is't an issue to me.
On Tue, Sep 2, 2008 at 11:11 AM, Brandon Perry <[EMAIL PROTECTED]>wrote:
>
>
>
>
>>
>> Run apt-get install check.
>>
>> > Compiles fine obviously. After doing make unins
>
> Run apt-get install check.
>
> > Compiles fine obviously. After doing make uninstall and make install,
> > running freshclam says that I am still running 0.94-exp, not 0.94.
> Running
> > freshclam from the source dir says the same thing:
> >
> >
>
> Did you configure with --enable-experimental
On Ubuntu 8.04, make check fails with:
gcc -DSRCDIR=\"/root/clamav-0.94/unit_tests\" -g -O2 -o .libs/check_clamav
check_clamav-check_clamav.o check_clamav-check_jsnorm.o
check_clamav-check_str.o check_clamav-check_regex.o
check_clamav-check_disasm.o check_clamav-check_uniq.o
check_clamav-check_mat
Best way to find out is to just scan it. But, just a forewarning, ClamAV is
for viruses, not spyware (while there are some spyware defs). If you want,
you can grab an MD5 of the installer and make your own definitions.
On Wed, Aug 27, 2008 at 11:41 AM, Sain, David J. <[EMAIL PROTECTED]>wrote:
> I
Can you dissect the email to find what exactly it is in the email causing
this?
On Fri, Aug 22, 2008 at 12:48 PM, Noel Jones <[EMAIL PROTECTED]> wrote:
> ClamAV 0.94rc1-exp-exp/8073/Fri Aug 22 07:48:21 2008
>
> Running on FreeBSD 7.0-RELEASE-p2 amd64
> duplicated on FreeBSD 5.3-SECURITY i386
>
>
Uh, we are _trying_ to help you. We have told you what you need to do.
On Fri, Aug 22, 2008 at 11:09 AM, Aron <[EMAIL PROTECTED]> wrote:
> Hi there,
> I have uploaded one file to virustotal and 27 of 34 antivirus detected out
> the virus,but not clamav.Please have a look at the page below from
>
That is for sending one virus at a time. I would email Tomasz and ask him if
there is a better way (or just as a common sourtesy of sending many samples
at once).
On Wed, Aug 20, 2008 at 6:54 AM, Robert Schetterer <[EMAIL PROTECTED]>wrote:
> Aron schrieb:
> > Hi there,
> > I would like to commit
why not just use the --log argument?
On Tue, Aug 19, 2008 at 4:41 AM, Tilman Schmidt <
[EMAIL PROTECTED]> wrote:
> Veselin Kantsev schrieb:
>
>> I have a script that finds files that have been modified in the last
>> N days from a folder and then passes the list to clamscan.
>>
>> I'm using "cat
Awesome, thanks!
On Mon, Aug 18, 2008 at 10:46 AM, Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Mon, 18 Aug 2008 10:43:25 -0500
> "Brandon Perry" <[EMAIL PROTECTED]> wrote:
>
> > Does ClamAV have support for compressed definitions? (main.cld.gz) If
> not,
&
Does ClamAV have support for compressed definitions? (main.cld.gz) If not,
is there somewhere that I can request this feature?
--
http://www.volatileminds.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav
if the text is the same every time, you can just use an MD5 sum of the text
file in qeustion.
On Thu, Aug 7, 2008 at 10:46 AM, Sujit Acharyya-Choudhury <
[EMAIL PROTECTED]> wrote:
> Dear All,
> How do I create clam signatures from text? Went through the document
> and it was clear about .exe fil
I am not sure what your question is, but if you want to enable support for
digital signatures, you will want to install libgmp...
On Tue, Aug 5, 2008 at 2:15 PM, Parveen Malik <[EMAIL PROTECTED]> wrote:
> Hi ,
>
>
>
> Can someone please let me know what is the problem with this
>
>
>
> [EMAIL PRO
You need libgmp-dev installed.
On Wed, Jul 23, 2008 at 11:46 AM, <[EMAIL PROTECTED]> wrote:
> I have clamav 93.3 installed on my Mac G4 with Tiger (10.4.11 - Build
> 8S165).
>
> Every component is working fine - freshclam,clamscan, clamd,and clamdscan.
>
> But when I update the db with freshclam
Upload the exe to http://www.clamav.net/sendvirus if you think it is a FP.
On Fri, Jul 11, 2008 at 5:33 AM, Pascal Duchatelle <[EMAIL PROTECTED]>
wrote:
> Hello,
>
> I run a dual boot fedora 9 and windows XP. After having worked with windows
> apps, I usually run a clamscan from my linux environm
0.93.2 had a pretty serious bug dealing with older definitions I believe.
>From the log, it looks like that is what your problem is. Try upgrading to
0.93.3.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.ne
I believe it follows links in HTML to see if they are phishing scams or not.
On Tue, Jul 8, 2008 at 11:36 AM, Roberto Ullfig <[EMAIL PROTECTED]> wrote:
> I've been reviewing our clamav configuration and noticed that we have:
>
> PhishingScanURLs no
>
> while the default in 0.93.1 is yes
>
> What
I didn't have a problem on my Debian (lenny) box before, and it is still
working with the update.
On Mon, Jul 7, 2008 at 3:30 PM, Noel Jones <[EMAIL PROTECTED]> wrote:
> Clamav 0.93.3 appears to be working fine here on FreeBSD 5.3.
>
> Thanks for the quick fix.
>
> --
> Noel Jones
> _
Yeah, I guess I just updated the definitions before the changes propogated
through the mirrors.
On Mon, Jul 7, 2008 at 12:08 PM, Brian Morrison <[EMAIL PROTECTED]> wrote:
> Brandon Perry wrote:
> > Just installed 0.93.2 (might have been too early, not all pushes are
> &g
Just installed 0.93.2 (might have been too early, not all pushes are
finished). Running freshclam gave me a warning saying that 0.93.1 is the
recommended version and that 0.93.2 is outdated.
___
Help us build a comprehensive ClamAV guide: visit http://wik
There must be something wrong with your installation... Running clamscan
(0.93.1) on the EICAR files:
VolatileMinds:~# clamscan -i ./
./eicar_com.zip: Eicar-Test-Signature FOUND
./eicarcom2.zip: Eicar-Test-Signature FOUND
./eicar.com: Eicar-Test-Signature FOUND
./eicar.com.txt: Eicar-Test-Signatur
There are PHP bindings for ClamAV on the Third-Party Tools page.
http://www.clamav.org/download/third-party-tools/3rdparty-library
On Mon, Jun 9, 2008 at 10:01 AM, Ram Shrestha <[EMAIL PROTECTED]> wrote:
> Hi
>How can we scan the files that are being uploaded via web by clamav ?
> Are there
Hi, doing a scan of my webserver today (with --detect-pua turned on for
grins). I have the Wordpress latest.zip on it, and ClamAV flagged it as
PUA.JS.Packed, as well as the
wp-includes/js/jquery/interface.js: file being flagged as the same (probably
what flagged the zip).
_
I am pretty sure there are php bindings for ClamAV.
http://www.clamav.net/download/third-party-tools/3rdparty-library/
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
If you want to see whether a sample you have is considered malware, upload
it to VirusTotal or Jotti.
www.*virus**total*.com
virusscan.*jotti*.org/
On Sun, Jun 1, 2008 at 3:58 PM, alex liveti <[EMAIL PROTECTED]> wrote:
> HI there? please can I send you a test that I alreday filed to see where
>
Why are the times so distorted? Possibly a clock-sync problem?
On Tue, May 27, 2008 at 12:24 PM, Dennis Peterson <[EMAIL PROTECTED]>
wrote:
> Why do you suppose this is happening?
>
>
> May 26 11:31:47 Downloading daily-7250.cdiff [100%]
> May 26 17:34:15 Downloading daily-7251.cdiff [100%]
> M
The reason I said upload it is because I have a copy of it on my testing
box. It is detected by kaspersky and avira antivir.
On Thu, May 15, 2008 at 3:46 PM, Sarocet <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > Hello,
> >
> > This is the virus that is found by ClamXav on Vista VM. Mc
Upload it to virustotal or something, see what comes up.
On Wed, May 14, 2008 at 7:13 PM, <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is the virus that is found by ClamXav on Vista VM. McAfee does not
> find
> it. It is only found by ClamXav. When I search the web for the string
> nothing turns
Yeah, I have been getting many emails from the list.
On Thu, May 1, 2008 at 3:50 PM, Andy Loates <[EMAIL PROTECTED]> wrote:
> Is this list still alive?
>
> Last post received on 7/4/08.
>
> No monthly email reminder today.
>
> Checked website, my user options for this list all seems ok.
>
> Hope
Do you mean what are Hits?
On Wed, Apr 9, 2008 at 3:35 PM, Angel Camacho Villan <
[EMAIL PROTECTED]> wrote:
> hello, that means "Hits: -" in amavis.log
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clam
That is a pretty old version, the current stable is 0.92.1.
http://www.clamav.org/download/packages/packages-linux
If that doesn't fix it, check back.
On Fri, 2008-03-28 at 16:34 +0530, shiv wrote:
>
>
> Hello,
>
> I want to install clamav for redhat EL5 ppc64.can anyone suggest a suitable
On Fri, 2008-03-28 at 11:57 +, G.W. Haywood wrote:
> Hi there,
>
> On Fri, 28 Mar 2008 Mike Guiterman wrote:
>
> > ... Please provide your opinions on the three questions below.
> >
> > Would you attend an online ClamAV training course?
>
> Not if it cost money, and probably not even if it
Vasiliy is Russian :-P
On Wed, 2008-03-26 at 13:00 -0400, Marshall Dudley wrote:
> [EMAIL PROTECTED] wrote:
> > ? ? ?? ?? ??? ? 26.03.2008 ? ?? ??? ??
> > 03.04.2008.
> >
> > ?? .
> > ?? ??? ? ?? ?? ?.
> >
This is what gets me:
Can't connect to port 80 of host db.us.clamav.net (IP:
206.154.202.13)
Trying host db.us.clamav.net (206.154.203.213)...
Downloading daily-6363.cdiff [100%]
Downloading daily-6364.cdiff [100%]
Downloading daily-6365.cdiff [100%]
nonblock_connect: conn
Stephen Gran wrote:
> Did he
> accidentally link against an old version?
>
He said he fixed it by purging the old one and installing the RC.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/cla
> That doesn't help... However, I am going to try re-compiling it w/out
> ANY clamav installed. Maybe it used an old library file that was still
> on the system (0.92.1).
>
Are you sure? I had that same problem and running ldconfig as root fixed
it. (sudo ldconfig)
I think --exclude(-dir) is more of what he is looking for. man clamscan
will tell you all you need to know.
On Fri, 2008-03-07 at 12:48 -0800, Dennis Peterson wrote:
> On Fri, March 7, 2008 11:52 am, Jay Becker wrote:
> > Is there a way to force clamdscan to ignore network mounts (AFS, NFS,
> > SM
Group is on Google Groups...
http://groups.google.com/group/clamav-live-cd
On Mon, 2008-02-25 at 18:59 -0800, Dennis Peterson wrote:
> Brandon Perry wrote:
> > So far, I have had a lot of good feedback from people using the ClamAV
> > Live CD. It looks like it might break 100 downl
Heh, good idea.
On Mon, 2008-02-25 at 18:59 -0800, Dennis Peterson wrote:
> Brandon Perry wrote:
> > So far, I have had a lot of good feedback from people using the ClamAV
> > Live CD. It looks like it might break 100 downloads this month. This
> > being said, I have had so
o try and get internet (ie dial-up or something). Starting
March 1st, I will start uploading a daily ISO updated with the latest
virus defs.
Thanks for the feedback!
http://projects.volatileminds.net/clamav.html
--
Thanks, Brandon
Home Page: http://www.volatilemind
Thanks.
On Mon, 2008-02-25 at 17:16 +0100, Arnaud Jacques wrote:
> Hello,
>
> Le lundi 25 février 2008 16:57, Brandon Perry a écrit :
> > After updating today, I am getting many legit-looking executables
> > (Yahoo!, HP, SmartBridge, etc...) being marked as Trojan.Zonebac
ite...
"Trojan.Zonebac is a Trojan horse that lowers Microsoft Internet
Explorer security zone settings."
The executables being marked are all internet-browser related except
one, and that was from Adobe (Reader_sl.exe).
Any thoughts?
--
Thanks, Brandon
Home Page: http://www.vola
If sigtool --hex-dump [EMAIL PROTECTED] > mycustomsignature.db
doesn't work, try
sigtool --hex-dump [EMAIL PROTECTED] | tee ~/mycustomsignature.db
On Tue, 2008-02-19 at 14:30 -0500, jef moskot wrote:
> On Tue, 19 Feb 2008, Gomes, Rich wrote:
> > So if I am going to trigger on one address (i.e. [
s the tool doesn't push the CD too large. I have been thinking JtR, any
thoughts? (total size right now is about 137 MB)
http://projects.volatileminds.net/clamav.html
--
Thanks, Brandon
Home Page: http://www.volatileminds.net
___
Help
> > Gerard
> > [EMAIL PROTECTED]
>
> -Nigel
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
--
Thanks, Brandon
Home Page: http://www.volatileminds.net
_
The oversized zip setting can get very annoying, especially if you are
using KlamAV or some other GUI. To the second, I do not use it, though I
do know what it is.
On Tue, 2008-01-29 at 17:30 +0100, aCaB wrote:
> Hi list.
> I'm in the process of redesigning the logic of limits in ClamAV.
> The rew
runs on extremely low-end machines (~140 MB).
It fits on a business-card CD. If you have any troubles with it, please
email me as I would like this to be a solid as possible.
Thanks, Brandon
___
Help us build a comprehensive ClamAV guide: visit http
I use both ghex and khexedit. On Ubuntu, both are apt-gettable.
On Tue, 2008-01-22 at 22:09 -0500, David F. Skoll wrote:
> [EMAIL PROTECTED] wrote:
>
> > In macintosh there are two programs, Hxedit and Resedit, which let you see
> > the contents of a file without opening it,
>
> Well *that's*
The link I included has the 0.92 scan engine...
On Tue, 2008-01-22 at 13:56 -0800, Kelson wrote:
> Robert wrote:
> > So, does anyone know of a live CD with an up-to-date version of the scan
> > engine?
>
> I don't think Clam is included directly on the Fedora 8 LiveCDs, but
> Fedora now has a t
I don't know if it is truly clean or not. That is why I wanted to see
the description before I uploaded them.
On Tue, 2008-01-22 at 18:39 +0100, aCaB wrote:
> Brandon Perry wrote:
> > Hi, I am just wondering if anyone knows where I can get a description
> > for Trojan.Jesta? It
Hi, I am just wondering if anyone knows where I can get a description
for Trojan.Jesta? It has been found in a customer's computer in C:
\Program Files\Sony\Welcome to VAIO life\ and I am wondering if this is
known or if this is just a coincidence that the Trojans are there.
__
lamAV, time is just a bugger to get right now.
Thanks, Brandon.
PS: If you want to start X on it (fluxbox), you need to sudo apt-get
install xserver-xorg, then startx.
On Tue, 2008-01-22 at 14:41 +0100, Jan-Pieter Cornet wrote:
> On Mon, Jan 21, 2008 at 11:07:11PM -0600, Robert wrote:
> > I&
That still seems a bit "over-the-top". Sure, better safe than sorry, but
I wouldn't just blindly delete any exe that I come into contact with
(via email or otherwise). Especially on Linux, you can get archives
zipped into an exe format that are unzipped via unzip -a. That is quite
a common format i
anaging the list at
> >[EMAIL PROTECTED]
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of clamav-users digest..."
> >
> >
> > Today's Topics:
> >
> > 1. What's this? I
Also, what version are you using? Do you have all the definitions?
On Sun, 2008-01-20 at 10:35 +0800, umarzuki mochlis wrote:
> I tried to scan my pendrive and got this.
>
> [EMAIL PROTECTED]:~$ sudo clamscan /media/UM4R
> [sudo] password for umarzuki:
> /media/UM4R/g2p3s.exe: OK
> /media/UM4R/t.
DOes Norton/AVG/McAfee detect them? What makes you think they are
trojans?
On Sun, 2008-01-20 at 10:35 +0800, umarzuki mochlis wrote:
> I tried to scan my pendrive and got this.
>
> [EMAIL PROTECTED]:~$ sudo clamscan /media/UM4R
> [sudo] password for umarzuki:
> /media/UM4R/g2p3s.exe: OK
> /medi
Yeah, generally speaking, I can up to 300-400 GB a day.
On Fri, 2008-01-18 at 14:30 +, Rob MacGregor wrote:
> On Jan 18, 2008 1:42 PM, Brandon Perry <[EMAIL PROTECTED]> wrote:
> > Hrm, why is clamdscan faster than clamscan?
>
> Lack of startup time overhead (as cla
Hrm, why is clamdscan faster than clamscan?
On Fri, 2008-01-18 at 15:35 +0800, zamri wrote:
> On Jan 15, 2008 6:20 AM, Brandon Perry <[EMAIL PROTECTED]> wrote:
>
> > I use ClamAV to scan computers in the shop I work in and have compared
> > it with Norton (not using th
I use ClamAV to scan computers in the shop I work in and have compared
it with Norton (not using the --remove argument) and in most cases it
has had a much higher detection rate, but much slower than Norton (about
3x longer).
On Mon, 2008-01-14 at 15:27 -0600, Matt Forbis wrote:
> Hello all,
>
>
is:
clamd[23097]: SelfCheck: Database modification detected. Forcing reload.
I have to kill the clam daemon and restart it. It then works fine. Any
ideas what could be causing the clamd to hang?
Thanks,
Brandon
___
http://lists.clamav.net/cgi-bin
jecting a virus as many of the
other thumbnails I make do not with the same exact binary report no virus.
I was unaware of the submit feature. I just sent it in at the submit site as a
false positive! :)
Thanks,
--
-bk
Quoting Kevin Spicer <[EMAIL PROTECTED]>:
> On Wed, 2004-09-29
I have a few images that seem to be flagged as virii, when they are not. I'm
taking an image that is considered fine (no virus), then when I process it
through convert (ImageMagick) it thinks it's has the virus. I have over 4000
images I've processed this way, and only 232 of them clamscan think
Good Morning!
Has anyone on this list had any luck running clamav with CommuniGate Pro?
Our mail volume is approximately 40,000 messages per hour across two front
end servers. Does anyone have any statistics they would like to share
about CGPRO/ClamAV?
-
100 matches
Mail list logo
