Am 03.01.2008 um 01:20 schrieb Roflek of TK53:
> On Jan 3, 2008 12:48 AM, Christoph Cordes <[EMAIL PROTECTED]> wrote:
>> Let's leave the technical part out, since this is not a technical
>> issue as it seems. Tomasz did not deny anything, he just said that
>>
Am 03.01.2008 um 00:22 schrieb Roflek of TK53:
> On Jan 2, 2008 11:31 PM, Tomasz Kojm <[EMAIL PROTECTED]> wrote:
>> I don't negate your points about O_EXCL etc. I don't negate the
>> thesis in
>> the subject either :-) What I really negate is the FUD you're
>> making with your
>> disclosures,
Am 22.11.2007 um 01:54 schrieb David F. Skoll:
>
>> Just to make you feel better - ClamAV includes two special mechanisms
>> that in almost all cases allow us to remotely address such
>> vulnerabilities in
>> 5 minutes eliminating the need for urgent update of the entire
>> package. These
>>
Am 22.11.2007 um 00:45 schrieb Steve Wray:
> Christoph Cordes wrote:
>> Am 20.11.2007 um 11:06 schrieb Sean Doherty:
>>
>>> Anyone know if there is any substance to this vulnerability claim?
>>>
>>> http://wabisabilabi.blogspot.com/2007/11/focus-on-clama
Hello,
so in the end it boils down to this:
- after a new release ClamAV should mimic the behavior of the
preceding version by default unless it's a major release (.x0) or the
user enabled possible new features explicitly. furthermore the
default behavior should be as conservative as possib
Am 20.11.2007 um 11:06 schrieb Sean Doherty:
> Anyone know if there is any substance to this vulnerability claim?
>
> http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-
> code-execution.html
No.
--
Best regards,
Christoph
___
Help
Hello,
we thought a bit about this, and here's the solution that could
satisfy everyone (TM):
for clamd we could provide different configfiles, depending on the
needs the user can choose between 3 - or more templates, like:
failsafe - most reliable
standard - higher chance for a fp but also
Am 02.10.2007 um 19:24 schrieb Dennis Peterson:
> Can anyone offer a reason why the OP found a virus in the mbox file
> but not in the
> split out maildir messages? That kind of inconsistency is unsettling.
Just read my reply to one of your mails.
--
Best regards,
Christoph
_
Am 02.10.2007 um 05:05 schrieb Chinh Nguyen Tam:
> Dennis Peterson wrote:
>> Chinh Nguyen Tam wrote:
>>> Greetings,
>>>
>>> We've notice some strange behavior of clamav in our email server
>>> for.
>>> When we try to send some email (HTML format, Outlook 2003) with URL
>>> inside, clamav detect
Am 02.10.2007 um 00:17 schrieb Dennis Peterson:
> To be honest this is a pretty weak pattern to create a yea or nea
> decision with.
You're probably right, however, this mails didn't offer too much to
pick them up. And please be sure that i checked the signature against
90.000 mailfiles th
Am 29.08.2007 um 00:59 schrieb Dan Metcalf:
> I have a client that is having some trouble when forwarding some
> spamcop
> complaints to the appropriate parties. They keep getting
> Email.Webaccount-11 rejections.
>
> Looked all over, but haven't found the right place for a definition
> of w
Am 26.08.2007 um 17:53 schrieb BG Mahesh:
> Should I send it to you directly?
Yes, please.
--
Best regards,
Christoph
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Am 26.08.2007 um 17:48 schrieb BG Mahesh:
> But the emails don't have any faketube/youtube URLs
> They are plain text files but yes, few emails have URLs in their
> signatures.
> Are these false phising alarms?
>
Could you submit such a mail in a password protected zipfile? I'll
try to figur
Am 17.08.2007 um 17:59 schrieb David F. Skoll:
> (Public companies don't make acquisitions for the good of the
> community; they make them for the good of their shareholders.)
Do you believe that the first goal excepts the other? ClamAV and the
Community around it has some experience with doin
Am 17.08.2007 um 17:28 schrieb John Rudd:
> It's now just
> another AV product, instead of a community project. That's kind of
> sad.
Why do you think so?
As far as I'm concerned, i will still spend up to 18 hours a day on
ClamAV. I'll also continue to call Luca at 4 a.m. if i notice a
Am 13.08.2007 um 18:24 schrieb Roberto Ullfig:
> What determines a clean/small/fast database? Are these removals logged
> anywhere? I now notice that all Phishing "viruses" are gone and we're
> now getting Email.Ecard viruses. Was there a renaming?
The RB signatures are not generic and will usua
Am 10.08.2007 um 23:16 schrieb Marshall Dudley:
> I was running clamscan, and the var partition of the drive filled up.
> This partition had 300 Meg free on it, and clamscan created a huge
> number of files like mixedtextportion05GJ4k in the
> /tmp/clamav-ec6d3e4e4e253eaf directory and filled it
BG Mahesh schrieb:
> On 7/3/07, Christoph Cordes <[EMAIL PROTECTED]> wrote:
>>>
>>>
>> Could you please provide a copy of the mail that clam blocks? The
>> fact that i received your mail is a proof that ClamAV does not detect
>> anything in mails fro
Am 03.07.2007 um 07:30 schrieb BG Mahesh:
> On 6/28/07, Steve Basford <[EMAIL PROTECTED]> wrote:
>>
>>>
>>> 554 Failure Messagecontains an infected attachment (
>> Email.Phishing.RB-827)
>>>
>>> The laptop that is sending the message is not infected with any
>>> virus.
>>
>> RB-827 is a phishin
Am 02.07.2007 um 10:48 schrieb ClamAV List:
> Hi List,
>
> I had been monitor the mail server and notice that there are many
> error like
> the one below.
>
> @40004688b95a3983c334 CHKUSER accepted rcpt: from
> <[EMAIL PROTECTED]:[EMAIL PROTECTED]:> remote 202.142.86.69>
> rcpt <[EMAIL PRO
Am 22.05.2007 um 16:15 schrieb Morgan Smith:
> Wilson Kwok wrote:
>> Hello,
>>
>> My Linux mail server still using 0.88 version, the 0.88
>> version can update
>>
>> 0.9x version virus ? or must need upgrade clamav to 0.9x version ?
>
> The virus signatures will work in both versions, bu
James Bourne schrieb:
> On Wed, 25 Apr 2007, Christoph Cordes wrote:
>
>> Gary V schrieb:
>>> I received an email with a password protected .rar file that claims to
>>> contain an .exe file that I should run in ordrer to protect me from an
>>> undetected wor
Gary V schrieb:
> I received an email with a password protected .rar file that claims to
> contain an .exe file that I should run in ordrer to protect me from an
> undetected worm. I submitted it and it was recognized as
> Email.Phishing.RB-686. The only other anti virus vendor to recognize it
> at
Sai Bathina schrieb:
>
> So the output for 0.88.5 looks like this:
>
> Scanning through Win32.Alcaul.i
> Found virus: W32.Kruls.Gen
> Scanning through Win32.Alcaul.j
> Found virus: W32.Kruls.Gen
> Scanning through Win32.Bolzano.3100
> Found virus: W32.Bolzano.Gen
> Scanning through Win32.Bolzano.
Sai Bathina schrieb:
> Folks,
>
> I have about 16 viruses that are not being caught by the 0.90.1 version as
> opposed to 0.88.5. I think the problem looks to be in the cli_ac_scanbuff
> function.
Could you send the samples to [EMAIL PROTECTED] ? Please use a password
protected zip archive. Thank
Joe Evans schrieb:
> Can anyone shed some light on the log entries below?
>
> (1) "Can't calculate offset for signature Trojan.Mybot-5073"
> (2) "Broken PE file"
>
The file is broken. This happens very often with such samples
(SdBot/Mybot). With ClamAV .9x the recognition of broken executables
Joe Evans schrieb:
> After upgrading to the latest version of ClamAV, I've noticed some files
> not being detected with v0.90.2, which were detected with v0.88.7. Could
> there be a bug with the pattern scanning portion of libclamav, or am I
> missing something obvious?
>
> Both test cases are
Sebastian Deiszner wrote:
> Hello,
>
> i got 2 or 3 powerpoint-files every week.
>
> I have the problem, that the files are 'corrupted' - powerpoint is not
> able to open the documents.
>
> I use postfix, clamassassin and the newest clamav.
>
> The sender from the powerpoint files send the same
Larry Yuma wrote:
> Does clamav have any certificate of any labs like www.icsalabs.com?
No, nothing like that.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://
Mogens Kjaer wrote:
> I've tried to report this on http://cgi.clamav.net/sendvirus.cgi,
> however, only files < 2M are accepted.
Just submit the URL. I downloaded it and we will take care of it. Thank you.
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
Dennis Peterson wrote:
> I already know the question is difficult, but it isn't impossible to
> answer as there are other AV vendors who have a solution for this
> particular problem if the article is to be believed.
>
So you want to know if the ClamAV Team monitors an infected system to
get hand
[EMAIL PROTECTED] wrote:
> Hola Amigos:
>necesito actualizar la version de clamav de 0.83 a 0.88. Ya
> baje los archivos .gz y la pregunta es, que teng que hacer para
> actualizar??
> debo hacer backup de los archivos de configuracion y que mas?
> que otra medida tengo que tener en cuen
Carl Thompson wrote:
> I have followed the documentation i've found and created custom database
> files that identify files that stand alone without a problem using sigtool
> --md5 > /path/to/custom.db
Try:
sigtool --md5 > /path/to/custom.hdb
--
Best regards,
Christoph
Dennis Peterson wrote:
> How is this different/better than or preferable to systems already using
> SURBL technology?
>
SURBL is a blacklist and can only block abusive IP's/domains/URL's that
have been reported and added. ClamAV´s Phishphighter is able to
recognize phish even if the abusive host
Hello fchan,
Wednesday, July 19, 2006, 12:52:05 AM, you wrote:
> Is there that much new malware just for today to get this many
> updates to the daily.cvd? Correct me if I'm wrong but today started
> at 1601 and it is now 1607 for the Pacific Time zone and the day
> isn't over yet. The mirrors
Hello Nepenthes,
Friday, May 12, 2006, 4:34:58 PM, you wrote:
> We still *have* that good intention, and these stats were written as
> some advertising for nepenthes, not as a 100% reliable source for
> comparisions between different scanners.
You and I are aware of this - but as you can see @
Hello Didi,
Friday, May 12, 2006, 3:44:19 PM, you wrote:
> Maybe it is of interest:
> http://nepenthes.mwcollect.org/stats:scannertest
Not really. You have to take the results with a grain of salt for several
reasons:
The test is 6 months old (even if heise.de still sells it as "News")
Man
Hello Ollie,
Tuesday, April 18, 2006, 4:01:40 PM, you wrote:
> Hi I am getting the below error when trying to run Clamd. The .conf files
> are where they are supposed to be. Does anyone know what could be causing
> this?
>> $ clamd
> ERROR: Please edit the example config file /usr/local/etc/cla
BitFuzzy wrote:
Odhiambo Washington wrote:
* On 10/09/05 13:47 -0500, Pablo Chamorro C. wrote:
I managed to deploy squid + havp + clamav for antivirus control of
web pages/files, and for my surprise this morning I found:
10/09/2005 13:08:36
http://www.pandasoftware.com/activescan/as5free
Joanna Roman wrote:
Can anybody tell me how downloader viruses are
encountered ? Is it via http browsing and adware ??
Not only - sometimes they are spammed through mail or distributed
through P2P networks - you can find them almost everywhere in many
different flavours.
--
Best regards,
Christ
Battaglia Andrea wrote:
Hi,
I am trying to replace WebShield Antivirus with ClamAV, but there are some virus that clam is not able to capture.
These virus in WebShield are called : NEWUNIX and Bagle!elm.gen.
Could you give me some information about these virus ?
NEWUNIX sounds like a generic / he
Niek wrote:
On 4/19/2005 8:25 PM +0200, Tomasz Kojm wrote:
Does it send itself via e-mail?
No they didn't send themselves per e-mail.
So what you're saying is, only selfspreading e-mail viruses
qualify to make it through the submit process ?
No, but Email borne malware has the highest priority.I k
Gary Weinfurther wrote:
Sounds like the answer is "no"?
Christoph Cordes wrote:
Gary Weinfurther wrote:
Does ClamAv protect against W32.Spybot.IVQ, a worm with Denial of
Service and Back Door capabilities?
This is not easy to answer - this Spybots/Mybots/Gaobots/Wootbots/SdBots
co
Gary Weinfurther wrote:
Does ClamAv protect against W32.Spybot.IVQ, a worm with Denial of
Service and Back Door capabilities?
This is not easy to answer - this Spybots/Mybots/Gaobots/Wootbots/SdBots
come in many different flavours, packed and crypted with one or more
runtimepackers. ClamAV is abl
[EMAIL PROTECTED] wrote:
Hi.
Does anyone know a good description of the behavior of Worm.Somefool.Gen-3 ?
How do others AV call this worm?
thanks
--eduardoh
This message was sent using IMP, the Internet Messaging Program.
__
On Tuesday, October 12, 2004, 5:02:41 PM, marvin wrote:
m> Nigel Horne writes:
>> On Tuesday 12 Oct 2004 15:51, marvin wrote:
>> >
>> > Although it logs the virus to the /var/log/clamd.log, I would like it added
>> > to the header e.g.
>> >
>> > X-Virus-Flag: Yes - Worm.SomeFool.P
>> >
>> > An
On Monday, October 11, 2004, 7:32:53 PM, Jason Warren wrote:
JW> Had something that looks like a virus get through ClamAV today. I
JW> understand this is bound to happen. Not bitching about that. Question
JW> is where do i send this guy.
http://clamav.catt.com/cgi-bin/sendvirus.cgi
--
Best reg
On Monday, August 9, 2004, 7:58:52 PM, Michael Brennen wrote:
MB> Just in the last few minutes I've started getting hit with several
MB> copies of a a zip packaged exe file from widely varying sources. The
MB> names are of the form 'price.*\.zip'. I've submitted a copy online
MB> and it was acc
On Monday, June 14, 2004, 3:09:13 PM, Randal, Phil wrote:
RP> Last update details on clamav-virusdb is 349 (June 10th), current version is
RP> 354.
RP> Are the individual update summaries available elsewhere?
RP> Phil
RP>
RP> Phil Randal
RP> Network Engineer
RP> Herefordshire Council
RP> H
On Sunday, May 30, 2004, 4:07:32 AM, Jerry Chiu [Net Workshop] wrote:
JCNW> A email contain Bagle.AB pass thru my Amavisd-New+Clamd filter. The
JCNW> lastest clamav(0.71) and db file (333) is installed. I aslo try Clamwin
JCNW> and online scanner to scan the attachment file, all have negative
JCNW
On Tuesday, May 18, 2004, 9:48:01 PM, Harrell, Roger wrote:
HR> I've been trying to get clamdscan working for quite some time now. I have
HR> installed clamav. clamscan works. Clamdscan fails with:
HR> connect(): Connection refused
HR> ERROR: Can't connect to clamd.
HR> --- SCAN SUMMARY -
On Monday, May 17, 2004, 11:21:55 AM, net wrote:
n> Hello,
n> clamd is up, and I sent a message with "eicar.com" to my postfix, but Clamav
n> didn't see it :(
n> But when I run clamscan the file is matched with the database Signature...
n> Anyone could give me a reason of this failure ?
n> thx :)
On Saturday, May 15, 2004, 12:49:03 AM, Michael St. Laurent wrote:
MSL> I know that Clamav has signatures in the database for the various species of
MSL> the Sasser worm and when I check the sigtool database they are listed.
MSL> What's the problem then you ask? There is not a single instance in
On Wednesday, April 28, 2004, 4:09:57 PM, Ralf Guenthner wrote:
>> I guess that you use very old database - Win32.Mix isn't present in
>> the database since the end of February 2004.
RG> Tomasz,
RG> thanks a lot for replying. I'm afraid that's not the problem, though.
RG> Here's the result of a f
On Sunday, April 25, 2004, 4:40:01 PM, Lionel Bouton wrote:
LB> Christopher X. Candreva wrote the following on 04/25/2004 02:51 PM :
>>On Sun, 25 Apr 2004, John van Lit wrote:
>>
>>
>>
>>>Your ClamAV installation is OUTDATED - please update immediately !
>>>
>>>
>>
>>
>>
LB> This message
On Sunday, February 22, 2004, 8:19:13 PM, Rajkumar S wrote:
RS> Starbane wrote:
>> Considering the speed at which this was added to the database (and the
>> last three major mail worms that got treated similarly) I'm just
>> terribly impressed with the ClamAV devs.
RS> I run ClamAV for our local
Hello Lucas,
Wednesday, February 18, 2004, 5:32:06 PM, you wrote:
LA> I saw this virus show up today:Worm.SomeFool
LA> Updated here:
LA> Submission: 1235-web
LA> Sender: Tobias Oetiker
LA> Virus: Unknown Virus
LA> Added: Worm.SomeFool
LA> Notes: File uses the same icon as a word document,dou
Hello Carl,
Sunday, February 8, 2004, 3:05:56 PM, you wrote:
C> I have clamav .65 with milter .60 installed in a sendmail
C> system. clamav-milter seems to catch all the files except those in
C> .zip files.
C> I recieved mydoom in .zip files and it was scanned and tagged
C> as clean by clamav-m
Hello Micha,
Thursday, January 29, 2004, 10:13:41 AM, you wrote:
MS> Last night I made a small change to qmail-scanner.pl- I added 'worm.sco.a'
MS> to the array $silent_viruses_array. (To prevent sending Virus Found messages
MS> to innocent "sender" addresses)
did you edit it with something lik
Hello Dilip,
Tuesday, January 6, 2004, 3:44:43 PM, you wrote:
DM> Hi,
DM> I just got Clam-AV and Freshclam working :) Was little tough :(
DM> I'm running Qmail on Redhat7.3
DM> # more /var/log/clam-update.log
DM>
DM>
Hello Brian,
Thursday, December 4, 2003, 8:31:11 PM, you wrote:
BB> How much you want to bet that they either #1 didn't bother to update the
BB> definitions #2 aren't telling people that they have some sort of connection
BB> or agreement with one of the big vendors? This like FUD to the extreme.
Hello Brian,
Friday, November 28, 2003, 6:34:40 AM, you wrote:
BWA> We do run ClamAV at the ISP level and we've had one user ask that we
BWA> not filter their email. My response was to laugh, my boss offered to
BWA> mail the user one of the AOL CD's we've got laying around and to cancel
BWA>
Hello Brian,
Thursday, November 27, 2003, 9:25:01 PM, you wrote:
BWA> At 11:11 AM 11/27/03, you wrote:
>>Unfortunately not all our users are happy of the situation
>>when they cannot get e-mails with viruses in them.
BWA> You've got to be kidding. Did the user take the hint when you h
Hello Clamav-users,
I don´t know if anyone already came up with this or if it´s already on some ToDo i
didn´t read - if so: please have mercy :-)
while i was playing arround with KAV i noticed that they offer 3 different signature
sets (normal, advanced, paranoid). I think that´s a pretty smart
Hello Serge,
Wednesday, November 12, 2003, 9:53:28 AM, you wrote:
SS> Hello, clamav users.
SS> Can clamav detect Win32.HLLM.Foo virus? Currently, i must detect this virus by
DrWeb.
SS> WBR, ssp
Since Win32.HLLM.Foo seems to be another name for Mimail - yes
Hello Robin,
Monday, November 10, 2003, 8:52:50 PM, you wrote:
RC> Does clamav detect the W32.Swen worms?
RC> W32.Swen.A
yes, but it will be detected as Worm.Gibe.F
--
Best regards,
Christophmailto:[EMAIL PROTECTED]
Hello Mark,
> Yes OK!
> But where is the sense in a police which told you "Hey someone robs your
> house" when they do nothing at all?
> And the only option is to shoot the robber?!
> I know it's hard but I know also it's possible.
> Not from today to tomorrow or from nov to dec. But maybe in 6 o
Hello Mark,
M> Ok heremy 2 cents:
M> The sourcemashine is a LINUX which is infected and the target mashine is an
M> oBSD with compat_linux in the kernel.
M> So let's think about this situation..
yes, let´s start to think for a change
M> We will take the worst case: All copies of the file are i
68 matches
Mail list logo
