I am also trying to "unsubscribe" to the clamav-users
list, but have not found a link or instructions on how to
do this. Thanx for pointing me to the email header! Jan
=>> Hi there,
=>>
=>> On Thu, 8 Sep 2022, Michael Piziak via clamav-users
wrote:
=>>
=>>
Thanx very much! I'll give it a try ASAP. Jan
=>> Jan,
=>>
=>> Look in clamd.conf for something like:
=>>
=>> LocalSocket /var/run/clamav/clamd.ctl
=>> FixStaleSocket true
=>> LocalSocketGroup clamav
=>> LocalSocketMode 666
=>>
lmost as bullet-proof as UNIX, so this
episode with these pop-ups has been an eye-opener, one
that I could have done without!!!
Again, thanx for your response, and, if you have any
further thoughts, I'd be interested in hearing from you
again. Jan
=>> Hi there,
=>>
=>> On Wed
ccessfully get the "clamd" command to work.
HELP, please!!! Thanx, Jan Elliott
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
ht
Am 04.08.2017 um 13:11 schrieb Kees Theunissen:
> On Fri, 4 Aug 2017, Jan-Peter Rühmann wrote:
>
>> But there is no such Package as libclamunrar6.
> On debian 8 or 9 (with clamav 0.99.2) the package is called:
> libclamunrar7.
>
> I guess that name is also used on Ubunto.
&
Am 04.08.2017 um 11:59 schrieb Reindl Harald:
>
>
> Am 04.08.2017 um 11:54 schrieb Jan-Peter Rühmann:
>> I´ve seen there is an plugin for ClamAv to scan RAR Archives.
>> To install it I shall enable the non-free repository but I can´t find
>> anything about how
&
,
--
-=== Jan-Peter Rühmann & Kuma
===-
Gubkower Str.7 [ Tel.: +49 (38205) 65484 (Privat) ] Mail:
jan-pe...@ruehmann.name
18195 Cammin [ Tel.: +49 (38205) 65215 (Firma) ] Web:
http://www.ruehmann.name
Deutschland [ FAX:
signature.asc
Description: OpenPGP digital signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam
,
--
-=== Jan-Peter Rühmann & Kuma
===-
Gubkower Str.7 [ Tel.: +49 (38205) 65484 ]
jan-pe...@ruehmann.name
18195 Prangendorf[ FAX: +49 (38205) 65212 ]
http://www.ruehmann.
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hJGS9qFqrqFPPsvR2Nh89bjXmVT1vvC1q
From: =?UTF-8?Q?Jan-Peter_R=c3=bchmann?=
Reply-To: jan-pe...@ruehmann.name,
ClamAV users ML
To: clamav-users@lists.clamav.net
Message-ID:
Subject: [clamav-users] clamd onaccess scan and virusEvent
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hJGS9qFqrqFPPsvR2Nh89bjXmVT1vvC1q
From: =?UTF-8?Q?Jan-Peter_R=c3=bchmann?=
Reply-To: jan-pe...@ruehmann.name,
ClamAV users ML
To: clamav-users@lists.clamav.net
Message-ID:
Subject: [clamav-users] clamd onaccess scan and virusEvent
,
--
-=== Jan-Peter Rühmann & Kuma
===-
Gubkower Str.7 [ Tel.: +49 (38205) 65484 ]
jan-pe...@ruehmann.name
18195 Prangendorf[ FAX: +49 (38205) 65212 ]
http://www.ruehmann.name
[ Tel.:
316-1.
This means that on our medium sized ISP, we got so many false positives from
ClamAV in a few hours, that it would take several weeks for ClamAV to even find
the same number of true positives in our e-mail stream.
Guess that's the end of ClamAV as an e-mail virus scanner here...
--
Hello,
try to use these signatures http://sanesecurity.com/foxhole-databases/
Jan
Dne 15.3.2016 v 04:03 Scott Galambos napsal(a):
I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it
still is not catching all these ZIP files with .js files inside them.
Is clamav suppo
u can read
the file from that descriptor. In case it is transferred trough the TCP
protocol via INSTREAM command, the value is 'stream'.
Is there any chance to read that file from stream?
Thank you
Jan
smime.p7s
Description: Elektronicky podpis S/MIME
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820 298
mobile: +49 171 865 962 2
fax: +49 2371 211 443
e-mail: j.hartm...@kirchhoff-automotive.com
KIRCHHOFF Witte GmbH
c/o KIRCHHOFF Automotive GmbH
Stefanstrasse 2
58638 Iserlohn
HI rajesh,
thanks for the rules, solved it for me
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820 298
fax: +49 2371 211 443
e-mail: j.hartm...@kirchhoff-automotive.com
KIRCHHOFF Witte GmbH
c/o KIRCHHOFF Automotive GmbH
The maleware is not known atm only 12 virusscanner on Virus total detect it.
The spam wave hit us yesterday and caused a massiv internal spamwave.
Gesendet von meinem BlackBerry 10
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820
policy work regulations.zip: OK
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820 298
mobile: +49 171 865 962 2
fax: +49 2371 211 443
e-mail: j.hartm...@kirchhoff-automotive.com
KIRCHHOFF Witte GmbH
c/o KIRCHHOFF Automotive GmbH
choose whatever he or she
likes. But ADSP doesn't appear to be getting a lot of leverage, and if dmarc
does take off, ADSP will be obsolete.
--
Jan-Pieter Cornet
SSL is only keeping your connection safe from hackers, crooks and three
letter agencies by the least secured, least like
there's a virus in range,
they just die :)
PS ;-)
--
Jan-Pieter Cornet
SSL is only keeping your connection safe from hackers, crooks and three
letter agencies by the least secured, least likely to refuse money from
strangers, and least bullying-proof of several hundred compani
On 2011 Jul 19, at 17:20 , Luca Gibelli wrote:
> http://www.clamav.net/support/ml
What? If websites are a requirement for ClamAV then this project is doomed. I
don't see our NOC surfin the interwebz as part of the job.
(Sarcasm alert).
--
Jan-Pieter Cornet
"People are
can trivially
create your own signature using an md5 hash and use that instantly.
That's one of the things I particularly like about clamav (and used a couple of
times in the past).
--
Jan-Pieter Cornet
"People are continuously reinventing the flat tyre".
PGP.sig
Descri
FYI: I've been working on getting clamav-0.97 available in EPEL, and
now it's available in EPEL-testing. I would appreciate if any clamav/EPEL
users can try out this release, and give karma in bodhi so that we can
get it pushed to EPEL proper. Upgrade using:
yum --enablerepo=epel-testing
On 2011 Feb 11, at 17:56 , Vincent Fox wrote:
> On 2/11/2011 8:31 AM, Jan-Pieter Cornet wrote:
>> On the other hand, since you haven't updated ClamAV in over a year, leading
>> to (significantly) decreased detection, maybe the scanning of email isn't
>> top p
On 2011-02-11, Jan-Pieter Cornet wrote:
> On 2011 Feb 11, at 13:54 , Jan-Frode Myklebust wrote:
>> For us it took down clamd on 15 servers at 00:03 today, and
>> we received the fix 3 hours later... but clamd wasn't restarter
>> before later this morning, leading to
On 2011 Feb 11, at 13:54 , Jan-Frode Myklebust wrote:
> For us it took down clamd on 15 servers at 00:03 today, and
> we received the fix 3 hours later... but clamd wasn't restarter
> before later this morning, leading to huge mailqueues.
>
> We should probably look into ver
Could someone please give some insight into what happened
the the v12663 daily.cld? How long did it take to notice the
problem, and how quickly was it fixed?
For us it took down clamd on 15 servers at 00:03 today, and
we received the fix 3 hours later... but clamd wasn't restarter
before later thi
rsion: 12660
Signatures: 37218
Functionality level: 58
Builder: edwin
MD5: 4518087caf519a9f0d28135aade4e2a8
Digital signature:
x34ZJRr8E4mKeTiDl+XotNCMI6BEdCnZHi8F9AyX3o9L8LFQEXUZLXi2y6B4A7NyUtSbfj4e8+bOWFlB9dTw3aQBBRr0sfc4C5G/B1zOoIDggfBBe7ZqCqD4pzMCZDnOW4QCvh1BH/44GZft6xnVPpPxqfy2OsHkhorvOPAsZXh
Ve
On 2011 Jan 3, at 1:46 , TR Shaw wrote:
> On Jan 2, 2011, at 7:12 PM, Bob Traktman wrote:
>> Is there any reason not to keep ClamAv and Sophos Anti-Virus -- both active?
>
> None whatsoever. Defense in depth is a good thing.
Probably not. However, a contemplation...
It's
lem is new in Clamav 0.96,
clamav-0.95.3 does compile an run with these settings.
Thanks for your help.
Jan Kratochvil
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
time isn't free either, ClamAV is definately worse than
commercial AV products, even if you consider performance/price ratio.
Be aware that YMMV.
--
Jan-Pieter Cornet
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and d
rules, then bye bye, unsubscribe *.uk and go and have fun on
clamav-uk-us...@lists.1984.gov.uk. Or at least, that's what I'd say if I
were the list operator, which I'm not (I do administrate other email
lists, though)
Capice?
--
Jan-Pieter Cornet
!! Disclamer: The addressee o
n trust the signature file?
Because it's PGP signed. It's not just an md5 hash.
> Anyone in a position to compromise one would almost definitely be able
> to compromise the other.
Sure. But it would be suspect if gpg/pgp says:
Good Signature by Snake Oil <[EMAIL PROTECTED]&
ase files. You could just run
> freshclam --submit-stats=/path/to/clamd.conf
> on the hosts that get real traffic. Would that work for you? (if so, we will
> activate this option in 0.94.1-final).
That would certainly work for us. We have the same setup: two freshclam
"config master&
tely big ISP, there's always something coming in.
The graphs are at: http://www.xs4all.nl/en/veiligheid/statistieken.php
(The URL itself is partly in Dutch, but don't let that scare you, the
page itself is in English)
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee
h really such a big deal now that people usually toss
DVD images around?)
Also note - every other virus scanner I'm aware of also comes with a
database "out of the box" (that sophos update I just downloaded
was also 24Meg). Of course, outdated as soon as you hit "Download&quo
st, some do, it seems.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow ver
f the already insignificant amount of email viruses (we don't
count phishes as a virus, they add to the score in SA).
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and d
this on our mirror, there are no connections stuck
in FIN_WAIT_1 at all.
Could it be that all stuck connections you see, are the result of some
popular DSL-router/NAT box in your area, that behaves badly?
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email
On Mon, Apr 21, 2008 at 11:45:39PM +0200, Jan-Pieter Cornet wrote:
> One of my customers is reporting that a file is being blocked as
> "Suspect.Zip". I haven't got a copy of the file itself, however,
> I started looking for the virus signature (as it is definately a
>
again unpleasantly surprised
by this. It is *NOT* the task of clamav to detect broken archives,
if you cannot extract the archive, give up, or AT MOST have a
configuration option on how to proceed (like ArchiveBlockEncrypted).
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addres
;ll have to google it.
(how far away from viruses are we yet?)
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message ind
re
are tons of readily exploitable php out there? These exploited unix
servers aren't sending out viruses just because the spammer/botherder
has better use for them at this moment, not because it's impossible.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of t
gram does not auto-respond to
mailinglist mails, especially not to the list itself. On some
mailinglists, it is grounds for immediate removal.
さよなら
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test
one who actually cares about delivering valid email to their
users, should switch this off.
> What I would like to know is why is this considered Phishing?
>
> What characterizes Phishing.Heuristics.Email.SpoofedDomain classification?
>
> What can I do to avoid such classification?
-
> Clamav version is 0.90.1.
...
> So when I restart clamd, clamd scan
> email first, it took more than 20 minutes before it recreated pid and
> socket file.
I had similar problem with clamav 0.90 (OS Etch stable), after upgrade
to 0.91 problem disappeared.
H.
--
I have a Mac. Where do I find support for ClamxAV?
--Jan
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
reproduce
> the problem, so I'd like to know if the 0.92 changes have helped.
It looks better after upgrade from 0.91 (etch-backports) to 0.92
(etch/volatile) - after running it a few days there's no error in the
log. Thank you!
H.
--
Jan Hrdonka
e from Clamav 0.90 (stable) to Clamav
0.91 (testing). I tried to upgrade Postfix as well (from 2.3.8 to 2.4.6)
but it didn't help.
Any idea what's wrong or how to fix it? Thank you very much in
advance.
H.
--
Jan Hrdonka
___
Help us build
On Mon, Jan 21, 2008 at 11:07:11PM -0600, Robert wrote:
> I'm running into the situation, quite regularly lately, where I have to do a
> virus scan of a machine that has either out-dated or no anti-virus software.
> Obviously, just installing some anti-virus software and ho
On Tue, Jan 08, 2008 at 10:47:28PM +, Bob Hutchinson wrote:
> On Tuesday 08 January 2008 18:05, Charles Mckee wrote:
[how to update on multiple clients]
> > Cool thank you !! I must install a webserver !!
>
> or use rsync
And don't forget to "clamdctl reload".
hink that article pretty much gives every suggestion
that also went to this mailinglist in the past few days (regarding
the random generation, at least).
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of
virusscanner, at some point,
to keep the users secure. And at the moment the NSA (or your local
favorite TLA secret agency) hears that that is possible, ISPs will get a
request for some more functionality in the transparent proxy, and your
privacy will be completely hosed.
--
Jan-Pieter Cornet <
alse positives (or you'd need a pretty
huge test set). Since we're "reasonably" protected from FPs anyway, we
decided to put it in production, but found out we were tempfailing
legitimate paypal mails soon after, so we disabled the URL scanning.
--
Jan-Pieter Cornet <[EMAIL P
mails in a special folder.
>
> Why does this make you wanting to drop the use of ClamAV?
> You can filter based on "virus found name", and those containing
> 'Heuristics' can go to
> your special folder.
> Or you can turn the feature entirely off.
If we do sto
t is in
practice no problem to flat-out reject or discard mails that are flagged
as a virus.
However, spam and phishing detection has a much higher false positive
rate, so it's very unwise to discard the mails, and it's usually bad
to reject them (because of automatic bounce handling by leg
it isn't
excessive so it can skip beyond the next header into the next message
body.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive
comes without perl if you do a bare bones install. Then again,
FreeBSD date groks %s).
So, TIMTOTDI squared (look ma', no perl!). This does the same as
date +%s too:
echo|awk '{print systime()}'
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of
On Tue, Sep 25, 2007 at 03:17:35PM -0700, Bill Landry wrote:
> > Epoch time:
> > perl -e 'print time() . "\n";'
Golfed:
perl -le print+time
You can even leave the -l switch if used in ``, because the trailing
newline doesn't matter there.
--
Jan-Pieter Co
such atrocities. Good luck. Really. May I
suggest Mail::SpamAssassin::Plugin::DonQuixote ?
But please, in any case, stay away from virus scanning, because it
has nothing to do with that.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended rec
ing 5-10 million mails a day, could be that we're seeing
more false positives due to the high volume)
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Ple
till only just beginning to upgrade our several clusters
of FreeBSD 4 machines.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message i
artup time appears to be fixed in 0.91rc1.
Kudos to the delopers for recognising one of the roots of all evil).
So I don't think it's mimedefang that should label the clamscan
method as "not for production use".
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclame
you ever send
a notification "an email was addressed to you but it contained a virus",
that you will NOT send such notifications outside of your own
organisation, EVER. Not even in the form of an out-of-office reply to
such a message.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
On Sat, Mar 10, 2007 at 11:26:10AM +0100, Marc Haber wrote:
> On Sat, Mar 10, 2007 at 11:11:39AM +0100, Jan-Pieter Cornet wrote:
> > Just put this in your freshclam.conf:
> >
> > ScriptedUpdates no
> >
> > It will make sure only .cvd files are downloaded.
>
now puts in the virus
database directory.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinite
since I used to compare "cat $databasedir/* | md5" from before
and after the upgrade to know whether to notify clamd or not. Since
$databasedir now contains subdirs, I needed to modify that somewhat.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email
;t open/parse the config file /usr/local/etc/clamd.conf
> [FALLITO]
>
> Where is my error ?
You forgot to look at the UPGRADE file.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the eche
(... and you'r living inside the tardis and really did send this from
the future. It isn't Tue 20 Feb 2007 22:28 yet, not even for kiwis).
(ObClam: while you're there, submit some very fresh virus samples to the
clam team, and clamav might be able to start blocking the virus
befor
On Sun, Feb 18, 2007 at 01:38:56AM +0100, Jan-Pieter Cornet wrote:
> I've just compiled a clamav 0.90 --enable-experimental, and installed
> that on another bunch of servers, I'll have statistics on its speed
> tomorrow. Preliminary results over 2000 samples aren't show
ot;. I'm not good at regex's, I
> suppose its a simple fix, would someone be kind enough to show me how to make
> the change? I think this is the line that needs editing:
>
> } elsif (/(\w+)\s(\w+)\s{1,2}(\d{1,2})\s(\d+:\d+:\d+)\s(\d+).+stream:\s(.
> +)\sFOUND/ ) {
Quick f
0.90 --enable-experimental, and installed
that on another bunch of servers, I'll have statistics on its speed
tomorrow. Preliminary results over 2000 samples aren't showing a huge
improvement either.
For comparison:
sophos (via sophie): 27 ms/mail,
f-prot (via fprotd): 40 ms/mail
(again
ts
to clamscan:
clamscan --mbox --stdout --disable-summary --infected $FILE
If you remove (in the mimedefang.pl source) all options except
"--stdout", it should work.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended
t could also
be done by spamassassin is not to my benefit, CPU-wise...
I was hoping that this would change with 0.90, but I haven't tried
it on our production platforms yet.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recip
GUSR2, according to the documentation.
kill -USR2 `cat /path/to/clamd.pid`
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indef
ut usually something like 20%.
Don't worry too much about taskswitching.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention system
rror:
>
> /usr/bin/clamscan: Argument list too long
Try: clamscan --recursive /tmp/clamscan/
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!
eces of malware can be considered
legitimate.
Practicing safe software-exchange is about the only true remedy against
viruses. Well, right after thinking rationally about the actions you
take that put you at risk.
If your management truly cares about virus protection, they would take
appropriate actions li
is, we say "200 OK" and
junk the mail into the black hole).
This prevents most false positives (which are rare, but not
non-existent), and keeps the amount of "bounced" viruses to
a minimum (even if it is bounced by the sending mail server).
--
Jan-Pieter Cornet <
ause of spam, by the way, viruses are down to a staggering
low of around 300milliviruses per second now :) It spiked to
around 30 viruses/sec at the beginning of this year.
See http://www.xs4all.nl/uk/veiligheid/statistieken.php if you're
interested in numbers of viruses detected.
--
Jan
ne wouldn't want to use
clamav, even if you already have another virus scanner: it also makes a
good companion to a commercial virus scanner, since not every scanner
detects every virus (or virus fragment, like a truncated bounce or a
badly disinfected mail, which is more common).
Hope this he
hitelist the domain and/or filetype from scanning.
You wouldn't want the next excel macro virus to spread through your
mail server, and having the rest of the world point to you saying:
"He's the one! He disabled the virus filters, allowing the stuff
to spread!"
--
Jan-Pieter Cor
atabase updates. It's likely however your customer
won't hit the same FP twice in short succession (at least - in my
experience. FPs are still quite rare).
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disc lamer: The addressee of this email is not the intended recipient. !!
!! This is
On Tue, May 23, 2006 at 12:49:50PM -0700, Kelson wrote:
> Jan Pieter Cornet wrote:
> >Maybe "tons" is slightly exaggerated? Out of approximately 10 million
> >emails today, our logs show one hit for XF.Sic.L, and then another hit
> >when that email was bounce
ntaining "XF.Sic.L" and remove
that, and point your virus scanner to the extracted files (which have
to be in another directory than the .cvd files).
Or provide a non-virus-scanned email address, or non-virus-scanned
outgoing mail server (usable with specific SMTP AUTH only), or something.
--
On Mon, Mar 06, 2006 at 02:23:51PM -0800, Alex Gottschalk wrote:
> Jan Pieter Cornet wrote:
> >On Mon, Mar 06, 2006 at 12:20:11PM -0800, Alex Gottschalk wrote:
> >>Replacing the CRLF with a bare LF in these headers causes Clamav to no
> >>longer quarantine these mail me
ction 2.3.7: "SMTP client implementations MUST NOT
transmit ["bare" "CR" or "LF" characters] except when they are intended
as line terminators and then MUST, as indicated above, transmit them
only as a sequence."
So it looks like the fault is in your mime-enc
On Fri, Jan 06, 2006 at 12:37:02PM -0500, Chuck Swiger wrote:
> Anyway, amavisd-new lists a dozen or so examples:
>
> # Treat envelope sender address as unreliable and don't send sender
> # notification / bounces if name(s) of detected virus(es) match the list.
> # Note
On Fri, Jan 06, 2006 at 05:20:37PM -0500, Jenn wrote:
> So, to be sure I understand, clamav 0.9
> is what I would need if I wanted to turn off
> the detection of "Phishing" by ignoring the currently
> existing 500 (or so) "Phishing" signatures?
No, you can also
.Lupii
Exploit.Linux.Lupii-2
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.e
m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
z/Art/Bart-Google.gif
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;
p;)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
27;',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
/,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
only hope the clamd daemon
is stable.
Regards,
Jan
- Original Message -
From: "Jan Alphenaar" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 31, 2005 12:29 PM
Subject: [Clamav-users] Clamscan slow on large attachements
All,
I was strugling with clamav this weekend for a f
nks in advance !
Regards,
Jan
___
http://lurker.clamav.net/list/clamav-users.html
p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
1 - 100 of 117 matches
Mail list logo
