just fine at the time of the 0.104.2 release (and all
the time prior to that). Is there any reason behind making the source
(not talking about the database files) inaccessible like that?
Regards,
Christoph
--
Spare Space
___
clamav-users mailing list
c
.99.2 in the wild. Heise reports
on that (in german, can't find an english source right now):
https://heise.de/-3951801
> I can't yet update to 0.99.3 (as we use FreeBSD's pkg system - and it's not
> available yet).
If possible, update from HEAD
enabled; clamconf says:
TCPSocket
disabled
TCPAddr disabled
Regards
Christoph
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV gui
clamd version is 0.99.2.
Regards
Christoph
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
ted on the DNS:
ClamAV update process started at Thu Sep 19 22:03:17 2013
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98 Recommended version: 0.97.8
$ host -t txt current.cvd.clamav.net
current.cvd.clamav.net descriptive text
"0.97.8:55:17872:1379618940:1:63:
16495) and the signature was fixed/removed in cvd
16505, but with daily 16586 it's back again.
Thanks,
Christoph
--
Spare Space
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Am 24.11.2012 um 17:57 schrieb Dan McDaniel:
> Here it is: 66dcf678d8ee29a91156f2baa95d531d vozacka.exe
This should be detected now (daily.cvd 15637). Sorry for the delay.
--
Christoph
___
Help us build a comprehensive ClamAV guide: visit h
Am 25.11.2012 um 17:10 schrieb Jari Fredriksson:
> These rules must have a common signature? Old downloads suddenly trigger
> positives.
It looks like you are using some 3rd party signatures. Please contact the
author of this signature(s).
--
Chr
Hi David,
thanks for the response. With todays antivirus definitions it isn't detected
anymore.
Regards,
Christoph
- Ursprüngliche Mail -
> Von: "David Raynor"
> An: "ClamAV users ML"
> Gesendet: Montag, 22. Oktober 2012 17:56:21
> Betreff: Re: [
canned: 25.85 MB
Data read: 1.31 MB (ratio 19.70:1)
Time: 6.309 sec (0 m 6 s)
What do you recommend?
Thank you,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
CE x.c -o xtest
and test again?
I think configure sets _LARGEFILE_SOURCE, but forgets about
_FILE_OFFSET_BITS.
Regards,
Christoph
--
Spare Space
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
, but then again I've just done some quite-to-simple
tests with 0.97 (nothing older at hand).
Regards & HTH,
Christoph
--
Spare Space
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Am 15.04.2008 um 15:28 schrieb John Rudd:
> So, are 0.92.1 users temporarily safe due to the [freshclam?] update
> which turned off the module? Or not?
Yes, you are safe from this vulnerability if you run 0.92.1
--
Best regards,
Chr
can't blame them
for that, they are simply not that deep into it, since they have a lot
of reports to review. Also - for many news sites it wouldn't be worth
reporting. I mean, no one wants to read about a vulnerability that has
been defused before it became public.
--
Best
Am 07.04.2008 um 09:31 schrieb Andre Hübner:
> What to do now? My users want to use wordpress... ;)
Update your database, the problem should be solved with update daily
6646.
Thank you.
--
Best regards,
Christoph
___
Help us buil
Am 03.01.2008 um 01:20 schrieb Roflek of TK53:
> On Jan 3, 2008 12:48 AM, Christoph Cordes <[EMAIL PROTECTED]> wrote:
>> Let's leave the technical part out, since this is not a technical
>> issue as it seems. Tomasz did not deny anything, he just said that
>>
7;s what kids do. The
security groups we worked together till now usually have a clue about
responsible disclosure and things like that. If you really would give
a sh*t about security and/or if you would believe that the
"vulnerabilities" you found are that severe, you would f
t we have the chance to fix the glitch, test it and ship it
without leaving the users in danger.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Am 22.11.2007 um 00:45 schrieb Steve Wray:
> Christoph Cordes wrote:
>> Am 20.11.2007 um 11:06 schrieb Sean Doherty:
>>
>>> Anyone know if there is any substance to this vulnerability claim?
>>>
>>> http://wabisabilabi.blogspot.com/2007/11/focus-on-clama
ve as possible. Did i get
this right?
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Am 20.11.2007 um 11:06 schrieb Sean Doherty:
> Anyone know if there is any substance to this vulnerability claim?
>
> http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-
> code-execution.html
No.
--
Best regards,
al to know about
it - but that's not bad at all.
So, what do you think - is this a solution that would work for the
majority ? It would also be helpful - if this is a solution you could
agree one - if you make suggestions what to include in the different
files.
--
Best regards,
Am 02.10.2007 um 19:24 schrieb Dennis Peterson:
> Can anyone offer a reason why the OP found a virus in the mbox file
> but not in the
> split out maildir messages? That kind of inconsistency is unsettling.
Just read my reply to one of your mails.
--
Best regards,
filter.
>>
>> dp
>
> Yes, our emails contain urls with IP. We must change it so something
> like hxxp://123.123.123.123 to pass the filter. But you know, It's
> a bit
>noisy for the users. It'd be ok if there's a tip to disable this
> kind
&
90.000 mailfiles that i believe to be clean without a detection.
Since the flood of this mails seems to be over, i'll drop them for now.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
htt
found nothing obvious
(I'm still trying to get a sample, I can't post my users personal
mail here).
Regards
Christoph
--
Spare Space
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
ease download this plugin/software/
update" to display the site properly.
It's possible that the mails that your customer wants to send belongs
to this family. I'd recommend to defuse the mails by modifying the
URL in it - it's safer for the customer anyway and
Am 26.08.2007 um 17:53 schrieb BG Mahesh:
> Should I send it to you directly?
Yes, please.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
pfile? I'll
try to figure out what's wrong.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
rience with doing the "impossible" -
let's try the next impossible thing.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
can stay the community product you know - if you and i
keep up the support.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
nd the new signature was out 30 minutes
after receiving the sample yesterday. If there are still mails
getting through (Ecard, phishing) please submit the samples. I can't
make it without your help - it's a community approach.
--
Best regards,
Christoph
__
space - or avoid
to scan mbox files. If it was an mbox file that caused the problem.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
BG Mahesh schrieb:
> On 7/3/07, Christoph Cordes <[EMAIL PROTECTED]> wrote:
>>>
>>>
>> Could you please provide a copy of the mail that clam blocks? The
>> fact that i received your mail is a proof that ClamAV does not detect
>> anything in mails fro
ontains something different OR your installation is fubar OR
you're using some signature file that is not part of the official
ClamAV database.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
snippet
from a logfile does not really help. Thank you.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
e virus signatures will work in both versions, but I would recommend
> upgrading to .90.2. Outside of a slight change in config file format,
> it's a fairly easy upgrade.
That's not right. With the 0.88 you can't make use of a new signature
format we added. 0.8x will work but
James Bourne schrieb:
> On Wed, 25 Apr 2007, Christoph Cordes wrote:
>
>> Gary V schrieb:
>>> I received an email with a password protected .rar file that claims to
>>> contain an .exe file that I should run in ordrer to protect me from an
>>> undetected wor
e received a lot of reports.
Phishing is for sure not the right term to decribe it, i just used it
for practical reasons.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV
root/test/TrojanDropper.JS.Cobase: Exploit.HTML.MHTRedir-6 FOUND
/root/test/Win32.Wide.b: W32.Wide.Gen FOUND
--- SCAN SUMMARY ---
Known viruses: 110973
Engine version: 0.90.1
Scanned directories: 1
Scanned files: 16
Infected files: 15
Data scanned: 0.15 MB
Time: 14.343 sec (
ted zip archive. Thank you.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
9x the recognition of broken executables was
greatly improved. While 0.8x doesn't care too much about it, 0.9x is
more strict and refuses to start offset calculations on broken files.
It's not a big deal since such files usualy wont run.
--
Best regards,
Christoph
FOUND
> sdbototr-W32SdbotOTR.exe: Trojan.Mybot-5073 FOUND
>
>
> # ./clamscan -V
> ClamAV 0.90.2
> # clamscan mybot* sdb*
> mybot5073-TrojanMybot-5073.exe: OK
> mybot7502-TrojanMybot-7502.exe: OK
> sdbototr-W32SdbotOTR.exe: OK
Could you put them into a password protec
ould try to
fetch your mail with another MUA and see if you're able to open it
correctly.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Larry Yuma wrote:
> Does clamav have any certificate of any labs like www.icsalabs.com?
No, nothing like that.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit h
Mogens Kjaer wrote:
> I've tried to report this on http://cgi.clamav.net/sendvirus.cgi,
> however, only files < 2M are accepted.
Just submit the URL. I downloaded it and we will take care of it. Thank you.
--
Best regards,
Christophmailto:[E
ted system to
get hands on the files in case the malware is updated by the maintainer
- right?
If this is the question, the answer is: No, we don´t.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http://lurker.clama
tengo que tener en cuenta?
> gracias
>
with ketchup please!
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html
Carl Thompson wrote:
> I have followed the documentation i've found and created custom database
> files that identify files that stand alone without a problem using sigtool
> --md5 > /path/to/custom.db
Try:
sigtool --md5 > /path/to/custom.hdb
--
Best
even if the abusive host/IP is unknown - it only needs
to know the "good" host.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html
n't over yet. The mirrors are having a hard time keeping up.
That´s right, at the moment someone sends out variants of a trojan.downloader,
we publish as they come in. Sorry for all the traffic.
--
Best regards,
Christophm
u can see @ heise - not everyone is
(just follow the discussion there). So no offense intended here - it was just
ment to make things a bit more clear, before yet another percent war starts ;-)
--
Best regards,
Christophmailto:[EMAIL
sed to make any statement about the overall quality of a
product.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html
ile /usr/local/etc/clamd.
So - did you read the message and edited the config file?
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html
o report the problem to Panda too - imho it´s a problem
that can be solved by them - and be sure they know about it already - if
they read the mails that people send to their support.
--
Best regards,
Christoph mailto:[EMAIL PROTECTED]
_
,
Christoph mailto:[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html
added it
,to detect bagle mails with broken or missing attachment.
--
Best regards,
Christoph mailto:[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html
d even more time on it. Tomasz is the best example
- if i send a mail to our team-list at 3 in the morning, it´s almost
sure that Tomasz will answer 5 Minutes later.
Don´t get me wrong, i´m not crying about it, but please understand that
we work pretty much at the limit - but we wont give up. :-
Gary Weinfurther wrote:
Sounds like the answer is "no"?
Christoph Cordes wrote:
Gary Weinfurther wrote:
Does ClamAv protect against W32.Spybot.IVQ, a worm with Denial of
Service and Back Door capabilities?
This is not easy to answer - this Spybots/Mybots/Gaobots/Wootbots/SdBots
co
able to detect more than thousand variants -
if it detects this one can only be told if we have a sample to test it.
--
Best regards,
Christoph mailto:[EMAIL PROTECTED]
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav
.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
I-Worm.Netsky.b, Worm/NetSky.AD(2) for example
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http
ostfix? exim? with qmailscanner? amavis?
There are many ways to use ClamAV. Please give some more info. ;-)
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
rceforge.net/lists/listinfo/clamav-users
Please run freshclam asap.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITMana
rom manager.c into client.c.
Regards,
Christoph
--
Spare Space
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at th
Herefordshire Council
RP> Hereford, UK
I had some problems with the sf-mailserver yesterday, the mails are
all out now.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.Net email is spons
i remember right, ClamWin can be configured to scan mailfiles too.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit t
ly appreciated.
HR> Roger
Did you make sure that clamd is running? are there any entries in the
logfile? Some more info please! :-)
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.Net e
eason of this failure ?
n> thx :)
could you provide some more information please? what version of ClamAV
do you use, how do you scan mails (amavis maybe?).
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
the fact that there isn't a problem. ;-D
Sasser is not a Mail worm - so a mailscanner wont see too much of
them. :-)
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.Net email is sponsored
date (version: 291, sigs: 1072, f-level: 2, builder:
RG> ccordes)
RG> What now?
Please check your database directory - are there any .db(2) files ?
If yes, remove them and restart clamd.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
n
LB> support, we can live without it for now. Is there something else I missed ?
LB> Best regards,
With the 0.70 release Clam is able to extract VBA-Code from Word and Excel
files. We started to add signatures for this and you can´t use them
with the 0.68 release. This d
ow many updates were released, just take a look at
http://sourceforge.net/mailarchive/forum.php?forum=clamav-virusdb
hth
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
SF.Net is sponsored by: Speed Star
nature none of my scanners was
able to detect it and i named it Worm.SomeFool cause i didn´t want to
waste time on a name research while the worm starts to spread. I´ll
rename it with the next update.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
-
something in it, please submit the
samples at http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi .
There are many damaged mydoom/SCO.A arround at the moment. To add a
proper signature we need some more samples.
--
Best regards,
Christoph
id you edit it with something like pico? Some editors add nasty
breaks without further notice. This can screw up almost every script.
Maybe you should try to rebuild it with the Q-S install script.
hth
--
Best regards,
Christoph
D ? so that i come to know that my clam-av in up2date and
DM> working fine:)
try http://www.testvirus.org/
hth
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.net email is sponsored by: IBM Li
m?
Thanks very much for any help!
---
Christoph Barlag
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the ba
er of time....
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutor
usual that you get rude within a
smtp-session?) Did you notice that a mail sent to you was filtered? Do your users know
that? What about false positives? Just laugh - or think - a bit about this. ;-)
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
-
it
(KAV,McAfee,H+B EDV for example). And if you run Clam as an ISP it can be a real
problem, if you have a user that demands this messages to be delivered you have a lot
of work while sort them out.
--
Best regards,
Christoph
why don´t you code it?
A: Cause C is first of all a vitamin to me an i only heard of people that do
programmes with it. :-)
--
Best regards,
Christoph mailto:[EMAIL PROTECTED]
---
This SF.Net email sponsored by:
ail - yes it can.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl,
Hello Robin,
Monday, November 10, 2003, 8:52:50 PM, you wrote:
RC> Does clamav detect the W32.Swen worms?
RC> W32.Swen.A
yes, but it will be detected as Worm.Gibe.F
--
Best regards,
Christophmailto:[EMAIL PRO
here have an extensive knowledge about "virii". I
guess most of them just want to stop them in a effective way - it realy doesn´t matter
how a virus works - i just want to stop it before it can cause any damage. And this is
what clam did for more th
e if ClamAV is able to clean
M> anything...
do you have any idea how complex this is?
M> But so I wanna trade (only) with the developers and I think it's fair.
M> But it seams that they wont even if they could.
M> Old school virus-coding rocks couse the old "school boys
new updates with freshclam...
Thanks in advance for any help.
Bye,
Christoph
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
mav.
Thanks in advance,
Christoph
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
with such a system? What about hardware
requirement (memory, cpu-power)? I have to use a softlimit for qmail >
10M (actually 20M), so probably a huge amount of memory is required?
Thanks for any hint.
Best regards,
Christoph Bar
89 matches
Mail list logo
