> Probably we should all start using ISO-8601 -MM-DD format since
> otherwise half the dates in the year are ambiguous. Call it a friendly
> compromise.
Actually, DD-MM-YY is standard in the U.S. military, as is 24-hr time.
But I like JT's suggestion - It makes it OH SO EASY to sort-by-date.
I use MD with clamd, on my gateways.
A cursory glance at some numbers from yesterday's logs on one of my servers
shows more messages were rejected by MIMEDefang at points EARLIER in the
SMTP dialog than were rejected AFTER the body, when viruses were detected...
MIMEDEFANG "MILTER" TALLIES
Tests
-Original Message-
From: Fred Jakobza [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 31, 2005 3:17 AM
To: ClamAV users ML
Subject: Re: [Clamav-users] Linux virus found in the /.journal file
::snip::
> The root was remounted after reboot and after creation of ext3.
> the ctime of the .jo
-Original Message-
From: Fred Jakobza [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 30, 2005 3:57 AM
To: ClamAV users ML
Subject: Re: [Clamav-users] Linux virus found in the /.journal file
::snip::
> remount for root (/*) is not possible. Only with reboot and from cdrom.
Then it begs
> > Chris,
> >
> > You are correct about a converted, but not yet remounted filesystem. I
was
> > basing my response on an assumption that the system had been originally
> > created with EXT3 (not upgraded from EXT2), and/or that the system had
been
> > rebooted at least once since the journallin
> If an ext2 fs is converted to an ext3 while it is mounted the .journal
> inode cannot be properly hidden. This actually goes for any mounted
> ext2 fs, but the ext3 driver will hide the inode on next mount. The
> problem comes up with the / mount point because it is mounted read only
> at boot,
> The .journal file is 32 MB big. May be, the virus that was found, is not
> a real virus, because of the Structur of the file.
Fred,
What filesystem "type" are you using, that the .journal file is visible, in
the first place?
I'm assuming you're using the EXT3 filesystem type? If so, those
fil
-Original Message-
Dave Goodrich wrote:
> We use MailScanner because it offers additional tools, delivery options,
> routing, and filtering above clamav. We also do not have issues with the
> clam daemon that some have had. Julian is exceedingly responsive to his
> community, the level
> The way I look at it, if you need something in cron to periodically check
> that the freshclam daemon hasn't died, you might as well just configure
> the updates exactly as you'd like them with cron itself.
If you "need" something to run constantly, why then check for it only
periodically, with
> I can't understand why everyone runs this through cron when it doesn't
> eat much memory or cpu cycles when run as a daemon?
Because with cron, one can vary the minutes-after-the-hour, to have finer
control over when it runs. Or to have it run more frequently on certain
days than on others...
not available"
On Wed, 9 Feb 2005 10:22:00 -0500
"Cormack, Ken" <[EMAIL PROTECTED]> wrote:
> Tomasz,
>
> The Configure script does appear to be broken. In the clamav-config.h
> file, I manually added a "#define CLAMUKO 1&qu
Tomasz,
I just confirmed that clamd/clamzuko is now working. Attempting to "cat" an
EICAR test file, I got an "EICAR: operation not permitted" error on my
screen, and the clamd.log shows the following:
Wed Feb 9 10:22:43 2005 -> Clamuko: /home/hc43/EICAR: Eicar-Test-Signature
FOUND
So it looks
Tomasz,
The Configure script does appear to be broken. In the clamav-config.h file,
I manually added a "#define CLAMUKO 1", and then recompiled.
Now, after loading clamd, I see the following:
Wed Feb 9 10:17:29 2005 -> Clamuko: Correctly registered with Dazuko.
Wed Feb 9 10:17:29 2005 -> Clam
Yes, Tomasz. I built it myself, from the tarball, downloaded from the
clamav.net web site. The clamd binary that I am hard-pathing to, is
correctly reporting it's version as 0.82. No clam rpms are installed.
Ken Cormack
Red Hat Certified Engineer
On Wed, 9 Feb 2005 08:47:56 -0500
&qu
Tomasz,
I first tried without any flags, and got the same result Which is why I
then tried the "--enable-clamuko" flag. :/
Ken
-Original Message-
From: Tomasz Kojm [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 09, 2005 7:59 AM
To: ClamAV users ML
Subject: Re: [Clamav-users]
Group,
I am trying to get CLAMD 0.82 to recognize and utilize Dazuko 2.0.5, on a RH
ES3.0 Linux system with kernel 2.4.21-27.0.1.EL installed.
In my /etc/rc.d/init.d/clamd start/stop script for clamd, I load the dazuko
module without error before calling clamd. (lsmod confirms that the module
do
16 matches
Mail list logo
