Re: [clamav-users] ign2 whitelist don't work

On Jul 19, 2016, at 10:39 AM, Kris Deugau wrote: > Charles Swiger wrote: >> The milter approach is less flexible. With a scoring mechanism, you can >> rate actual viruses sufficiently negative that the scoring algorithm will >> always reject them. > > That depends

Re: [clamav-users] ign2 whitelist don't work

On Jul 19, 2016, at 1:09 PM, Reindl Harald wrote: >> False. Assuming that there is only one correct mail architecture is a major >> fallacy. > > bla - yes there are more ways but your whole stuff about SPF was entirely > wrong from the very begin in case of the messages in question You manage

Re: [clamav-users] ign2 whitelist don't work

On Jul 19, 2016, at 10:28 AM, Reindl Harald wrote: [ ... ] >> 2) In the absence of MX records stating otherwise, I expect that any >> mailserver which sends outbound email should be willing to accept inbound >> mail for the same domains it terminates or relays email on behalf of. > > that is no

Re: [clamav-users] ign2 whitelist don't work

On Jul 18, 2016, at 1:03 PM, Reindl Harald wrote: >> For that specific case, check that OLE2BlockMacros is set to no. > > the point is this should be independent Well, it currently isn't. >>> it makes no sense that you can't disable specific heuristics >> >> This is a reasonable point. One sh

Re: [clamav-users] ign2 whitelist don't work

On Jul 16, 2016, at 7:40 AM, Reindl Harald wrote: >> You must disable Heuristics using clamd.conf and clamscan options. > > that's not a useful answer since the only option is "HeuristicScanPrecedence" > which don't disable anything and so "you must do this" without saying how is > pointless >

Re: [clamav-users] Signature update schedule, and requirements for adding Signatures

On May 17, 2016, at 5:02 AM, Michael D. L. wrote: > Hi, > > Hope it's the right list I'm posting to :) > > Why is the Signature Database only updated every 4 hours? Every 15 minutes > would make more sense, since Spammers move very fast pushing out new version > of Trojans and alike. Over the

Re: [clamav-users] Strange problem with custom Yara rule

Hi, kionez-- On Apr 13, 2016, at 8:11 AM, kionez wrote: > I'm using it on my antispam server with Debian Jessie (with clamav > 0.99+dfsg-0+deb8u2 and libpcre3 8.35-3.3+deb8u4 ) and also testing on my > laptop with Arch linux (clamav 0.99.1-2 and pcre 8.38-3). I try to > recompile clamav on my lap

Re: [clamav-users] making clamdscan noisier when it has found something

On Feb 12, 2016, at 8:22 AM, Gene Heskett wrote: > So this is a feature request: > > When clamdscan is used to filter an incoming email, it will find the > From: or Reply To: lines, possibly before it finds a reason to cause > that mail to be dumped. > > So, how much trouble would it be to cle

Re: [clamav-users] Trying to track down bug using lsof & clamscan/clamdscan.. odd behavior

On Aug 27, 2015, at 1:13 PM, Alexander Urcioli wrote: > We were running into an issue where larger files were not able to be moved > after scanning with ClamAV. Our hypothesis was that perhaps the process has > not released access to the file and we were experiencing a race condition. > > Upon in

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

On Aug 25, 2015, at 9:41 AM, Alex wrote: > Thanks very much. I've submitted an fp, but it appears to be the result of > this: > > LibClamAV debug: Looking up hash > 5E5978396FC0F81B1032CDA256B95D0D65EA0605DBE0643E89231C049A337640 for > urldefense. > proofpoint.com/ > (26

Re: [clamav-users] clamd conf questions

On Jul 23, 2015, at 3:07 PM, Michael Peter wrote: > Hi, > > I have the following questions for clamd.conf configuration > > #LogRotate yes > > how many logs clamd will keep ? because there is no option in the conf > file on how many logs files clamd should keep after rotations ? How much disk

Re: [clamav-users] offline updates

On Jul 23, 2015, at 7:48 AM, Phil Dumont wrote: [ ... ] > All I'm saying is that, for the admittedly unusual but definitely simpler > situation of an entirely stand-alone, completely non-networked machine, it > would be nice if there were a solution that was correspondingly simpler. > One that use

Re: [clamav-users] ClamAv not detecting virus when Uploaded as file

On Jul 16, 2015, at 8:28 AM, P K wrote: > 2. *When i send same with file -> it doesn't detect virus.* [ ... ] > Any suggestions what i am missing? See RFC 2388; curl -F is using multipart/form-data, whereas curl -X POST just sends the raw data. Regards, -- -Chuck _

Re: [clamav-users] Why are the ClamAV team so slow at creating signatures ?

On Oct 3, 2014, at 1:54 PM, Leonardo Rodrigues wrote: > On 03/10/14 08:19, Tim Smith wrote: >> All of the commercial vendors I submitted the samples to had analysed >> and created samples in timeframes ranging from hours to one day. >> >> At this rate I'm going to be dumping ClamAV from my system

Re: [clamav-users] [OT] Priority problem

On Jul 24, 2014, at 11:23 AM, Bernard Thédié wrote: [ ... ] > Silly reason... my computer has a very, very noisy fan. At 90% it's > unbearable ! So it's OK for a short burst, but scanning my USB key takes > about 40 mn... few programs (that I use) need resources for such a long time. If it's a

Re: [clamav-users] Bitcoin : Chainstate : Virii [SEC=UNOFFICIAL]

On Jun 10, 2014, at 3:57 PM, Alan Langley wrote: > UNOFFICIAL > Hi Joel, > > I've tried a couple of times to unsubscribe from the clamav-users list as it > is no longer required - I'm still receiving the emails - I thought you might > have the power to remove my address from the list. [ ... ]

Re: [clamav-users] ClamAV®: ClamAV 0.98.4rc1 is now available!

On May 30, 2014, at 2:06 PM, Andreas Schulze wrote: > Am 30.05.2014 10:02 schrieb Charles Swiger: >>> Is there a chance the codepath could be disabled? >> >> Of course. Source code is available; and anyone is welcome to create a >> patch. > > Charle

Re: [clamav-users] ClamAV®: ClamAV 0.98.4rc1 is now available!

Hi-- On May 30, 2014, at 6:37 AM, Andreas Schulze wrote: > Am 16.05.2014 16:08 schrieb Martin Preen: >> The compilation with Solaris OpenSSL 0.9.7 stops with >> >> "crypto.c", line 834: undefined symbol: X509_VERIFY_PARAM >> "crypto.c", line 834: undefined symbol: param >> "crypto.c", line 834:

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

Hi-- On May 12, 2014, at 4:20 PM, Gary wrote: > ./configure --with-openssl=/usr/local/ssl > > Well that got me a little bit further - still having issues... > > I have already upgraded to the most recent version of SSL (openssl-1.0.1g). OK, where was that installed? If I install 1.0.1g to /us

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

Hi, Gary-- On May 12, 2014, at 12:08 PM, Gary wrote: > I have been using ClamAV for years and never had any issues!! > > Oh well... - a good run indeed. > > Mac OSX 10.5.8 > clamav-0.98.3 > > It will configure - the make file exits with the following error: > > crypto.c: In function 'cl_valid

Re: [clamav-users] Generating a positive?

Hi-- On Apr 21, 2014, at 12:12 PM, Dave Shevett wrote: > Hi everyone - we have clamav now running happily via cron job and > integrated with puppet. Problem is I want to have it successfully find > something so I can test our notification mechanism. > > "Infect one of my servers" seems a big gr

Re: [clamav-users] request for feature

Hi-- On Jan 31, 2014, at 11:59 AM, Gene Heskett wrote: [ ... ] > Come on folks, if I am a subscriber to the mailing list, why is that not > credentials for posting to your bugzilla? Boggles what little mind I have > left. You should be able to change your password to Mailman or Bugzilla to ma

Re: [clamav-users] 2 more with regard to using procmail to launch clamdscan

Hi-- On Jan 30, 2014, at 9:31 AM, Gene Heskett wrote: > Is stuff like this in the clamav man pages? I haven't found it if it is, > hence the question. No. ClamAV documents what it does; one normally consults the documentation for amavisd, or postfix, or whatever one is using as to how to call

Re: [clamav-users] Heuristics.Safebrowsing.Suspected false-positive help

On Jan 21, 2014, at 10:40 AM, Alex wrote: > I received a number of messages on the 17th that were tagged incorrectly with: > > X-Amavis-Alert: INFECTED, message contains virus: >Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net > > I tried to figure out what the pattern

Re: [clamav-users] File exclusion

Hi-- On Jan 20, 2014, at 1:14 PM, Anthony Magrone wrote: > ClamAV is tagging a legitimate email stored on a file server as containing a > phishing address. Can this file be excluded from scans, or tagged as > legitimate? Yes; one can setup paths (or extensions) via ExcludePath directive in c

Re: [clamav-users] how to reduce memory

On Dec 13, 2013, at 6:12 AM, 黄海涛 wrote: > when virus database(main.cvd & daily.cvd) is loader which consumers 206M > memory, > is there any way to reduce memory, such as by using simplified version of > virus database (Does small virus database exist?) > or by filtering some lowerly-graded sig

Re: [clamav-users] help with 0.98_2 compile

Hi-- On Nov 4, 2013, at 2:27 PM, lcon...@go2france.com wrote: >> PS: Note that FreeBSD 7.2 went EOL around May 2009. >> Consider upgrading to something newer listed in >> http://www.freebsd.org/security/security.html#sup > > yeah, I know, but 7.2 is working great. Well, FreeBSD is remarkably st

Re: [clamav-users] help with 0.98_2 compile

Hi-- On Nov 4, 2013, at 1:55 PM, lcon...@go2france.com wrote: > uname -a > FreeBSD mx1.hctc.net 7.2-RELEASE FreeBSD 7.2-RELEASE #0 FreeBSD 7 doesn't and shouldn't have a /usr/include/spawn.h. Perhaps see this thread here: http://forums.freebsd.org/showthread.php?t=15775 ...around #8: ">>>

Re: [clamav-users] AntiVirus Solution

Hi-- On Oct 30, 2013, at 3:27 AM, eleni.math...@ecb.europa.eu wrote: > I would be interested in an antivirus solution for an enterprise in > order to reduce the likelihood of delivering infected documents to the > system. The requirements include that the scan shall be initiated by > the system w

Re: [clamav-users] Freshclam updates through a firewall

On Oct 11, 2013, at 12:33 PM, Michael Mather wrote: > I want freshclam to get its updates through a firewall, and I want just > a few specific IP addresses open for this purpose. OK. Best way is probably to run freshclam on a DMZ host with limited but functional network access, and then have y

Re: [clamav-users] Investigating false positive

Hi-- On May 13, 2013, at 9:47 AM, Lee Graber wrote: > I am investigating a document which seems to be getting flagged by clamav > as having a virus but I am not sure this is accurate. It is actually a > document about a virus and I am wondering if there is something in it that > perhaps describes

Re: [Clamav-users] Clam and Malware/Trojans etc...

On Aug 31, 2006, at 12:29 PM, mcd wrote: Could someone direct me to some good reading on Clam's ability to detect Malware/adware/Trojans etc. Maybe this is simple semantics, but I always see Clam advertised for Viruses, but not for Malware detection. ClamAV originally targetted email-bourne

Re: [Clamav-users] runaway clamav-milter

On Jul 28, 2006, at 5:14 PM, Michael Grant wrote: Every few weeks, I have to totally kill and restart clamd and clamav-milter because it gets into a state where it just keeps starting clamav-milter processes until the machine is unusable. # clamd -V ClamAV 0.88.3/1624/Thu Jul 27 13:11:25 2006

Re: [Clamav-users] (no subject)

On Jul 26, 2006, at 1:29 PM, Tim Jordan wrote: Is this really a virus? HTML.Phishing.Pay-157 I think its junk mail but CLAMAV reports it as a virus. It's a phishing scam carried via email which is about as malicious as a virus is -- -Chuck

Re: [Clamav-users] Disable Specific Document Scanning

On Jul 12, 2006, at 4:33 PM, Noel Jones wrote: At 02:37 PM 7/12/2006, Nathan Tullis wrote: I am new to ClamAV and am just trying to get my head straight! The business I work for currently uses a Postfix mail server, and we are running ClamSMTP using ClamAV of course. My problem is that we r

Re: [Clamav-users] Error in Delivering Notifications

On May 18, 2006, at 3:04 PM, Kaplan, Andrew H. wrote: < hadron.mgh.harvard.edu.mgh.harvard.edu #4.4.7 SMTP; 450 <[EMAIL PROTECTED]>: Sender address rejected: Domain not found> The extended domain name is incorrect, and I wanted to know what file(s) I should modify to correct th

Re: [Clamav-users] Question about FOLLOWURLS

On Mar 13, 2006, at 5:56 PM, .rp wrote: How does this work? I'm wondering if it is really a good idea to let some nefarious person know your ip information is alive. Umm, are you not publishing the IP information of your mailserver to the entire world already by having an MX record in the D

Re: [Clamav-users] Virus Database update Documentation

On Feb 17, 2006, at 9:56 AM, Robert Setterlund wrote: I have reviewed the documentation and found some of the information that I am looking for. But I need documentation on the exact process and the steps that freshclam performs when it updates a pattern file. Something link, freshclam che