Re: [Clamav-users] ClamAV and VirusTotal

2009-03-19 Thread Julio Canto
releases the whole set to the cluster, but I can't do it until I get that binaries. -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | jca...@hispasec.com __

Re: [Clamav-users] ClamAV and VirusTotal

2009-03-19 Thread Julio Canto
Sarocet escribió: > Julio Canto wrote: >> Paul Whelan escribió: >> >>> must be the clamwin version then <http://www.clamwin.com/> which is a >>> strange 'official >>> channel'. >>> >> Hi again, >> You&

Re: [Clamav-users] ClamAV and VirusTotal

2009-03-17 Thread Julio Canto
Paul Whelan escribió: > On 17 Mar 2009 at 13:28, Julio Canto wrote: > >> Steve Basford escribió: >>>> Any particular reason why they are using 0.94.1 (and it appears with >>>> the most non aggressive settings)? You are not showing off your best >>&g

Re: [Clamav-users] ClamAV and VirusTotal

2009-03-17 Thread Julio Canto
emember. > > Having said that... 0.94.2 is available for windows: Hi there, We use the versions that we're provided with via official channels. -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | P

Re: [Clamav-users] Twitter

2008-12-04 Thread Julio Canto
at you'd like us to put on that channel. Cool :) -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guid

Re: [Clamav-users] send virus problem

2008-09-01 Thread Julio Canto
ermediate point is filtering your messages. -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Problem with big mails

2007-03-29 Thread Julio Canto
us email was 116KB (it > contained Worm.Bagle.pwd-eml). It is an interesting matter anyway :) I'll see if I can get some statistics about it. -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key I

Re: [Clamav-users] Problem with big mails

2007-03-29 Thread Julio Canto
Per Jessen wrote: > Virus-scanning anything bigger than 1-2Mb makes little sense. ANything > as big as 20Mb, I would just skip without further consideration. > Nowadays it is not unusual to find malware samples exceeding that 2MB size limit. -- Regards, Julio Canto | Virus

Re: [Clamav-users] Virustotal Clamav Engine Problem!!!

2007-03-14 Thread Julio Canto
Julio Canto wrote: mr.dan.watson wrote: Hello There seems to be a problem with virustotal.com clamav scan engine. The engine we're using now is very old. The versions that theoretically could fix that problem doesn't fit well in the VirusTotal framework (for instance, it need

Re: [Clamav-users] Virustotal Clamav Engine Problem!!!

2007-03-13 Thread Julio Canto
f we don't find something suitable in the next weeks, we'll disable that engine of the service. -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | [EMAIL PROTECTED] ___

Re: [Clamav-users] libclamav saying DB is old, can't detect virus

2007-01-23 Thread Julio Canto
t is, not needing to be installed in a fixed location and so on). The version we're using now is extremelly old, and I guess that if the matter continues this way, we'll stop using that engine. -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | F

[Clamav-users] Re: virus incident response?

2005-02-16 Thread Julio Canto
oday. What is being done to get signatures out more quickly, if anything? Or can anything be done? I'm monitoring 19 antivirus solutions in the company I work for, and I can tell you Clam is usually one of the fastest on new malware detection. -- Regards, Julio Canto Hispasec

[Clamav-users] Signatures

2004-12-15 Thread Julio Canto
Hello, I'm seeing from yesterday that the windows version (devel-20041205) of the clam scanner doesn't like very much the last daily.cvd file. I don't read any report, I just see it not responding :? Any clue about this? -- Regards, Julio Canto Hispasec Sistemas http://www.his

[Clamav-users] Sending new samples

2004-11-25 Thread Julio Canto
Sorry to ask this again, but, what's the email adress to send samples to the Clam team? I've tried to contact a couple of members some weeks ago for sending them new ones, but I was unsuccessful. -- Regards, Julio Canto Hispasec Sistemas http://www.hispasec.com (+34) 902 161 0

Re: [Clamav-users] Zip file with a long filename inside

2004-11-24 Thread Julio Canto
am -v) but ClamAV still doesn't detect it :-S Thank you very much for your help :-) Regards, Alvaro Uría. From VirusTotal (the file you said): ClamWin devel-20041018/20041124 found [Worm.Sober.I] -- Regards, Julio Canto Hispasec Sistemas http://www.hispasec.com (+34) 902 161 025 Parque

Re: [Clamav-users] Virus report

2004-11-23 Thread Julio Canto
d to send a sample by email, wich address should I sent it to? Greetings. -- Regards, Julio Canto Hispasec Sistemas http://www.hispasec.com (+34) 902 161 025 Parque Tecnologico de Andalucia Avda Juan Lopez Peñalver, 21 Málaga, España ___ http://lis

Re: [Clamav-users] Independent Testing

2004-10-20 Thread Julio Canto
sam wun wrote: Hi, how do you make ClamAV update virus database as soon as possible when the signature becomes ready? Sam. Polling frequently the online versions. This subject were allready discussed in the list some months ago. -- Regards, Julio Canto Hispasec Sistemas http

Re: [Clamav-users] Independent Testing

2004-10-20 Thread Julio Canto
multiengine file scanner) we've seen that ClamAV is usually in the top 3 of updating their databases for virus outbreaks, usually with hours of difference against other commercial products. -- Regards, Julio Canto Hispasec Sistemas http://www.hispasec.com (+34) 902 161 025 Parque Tecnologi

Re: [Clamav-users] non detection problem

2004-10-18 Thread Julio Canto
seen that problem of not detecting different 'mutations' of the MS04-028 vulnerability with other AV products, not only with the version of Clam we're using on VirusTotal (in my humble opinion I think it is basically a matter of how signature files are made). -- Regards, J

Re: [Clamav-users] GDI+ bug exploit Mutations

2004-10-17 Thread Julio Canto
that is why we used ClamWin. -- Regards, Julio Canto Hispasec Sistemas http://www.hispasec.com (+34) 902 161 025 Parque Tecnologico de Andalucia Avda Juan Lopez Peñalver, 21 Málaga, España ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Worm.Somefool.Gen-3 description

2004-10-16 Thread Julio Canto
[EMAIL PROTECTED] wrote: Hi. Does anyone know a good description of the behavior of Worm.Somefool.Gen-3 ? How do others AV call this worm? thanks --eduardoh You can take a look on AVGrep, or if you have a sample, you can send it to www.virustotal.com for seeing different names on scan. Re

Re: [Clamav-users] old database format no longer available

2004-09-02 Thread Julio Canto
Lucca already annouced dropped support for old-style viruses.db* (used by clamav <= 0.60). Newer versions (with *.cvd) don't need the /database directory, since *.cvd is located on root dir. As such, the /database was removed from all mirrors. Regards, Fajar Forget my last question :) Thanks! J

Re: [Clamav-users] old database format no longer available

2004-09-02 Thread Julio Canto
Hi there, Formerly, one could consult one of the mirrors with an URL like this, and you could see the signature files: http://clamav.crysys.hu/database/ Now it gives a 'not found' message... what's up with it, did it changed the policy? Greetings, JC

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-25 Thread Julio Canto
al AVs if it would be neccesary to pay for that kind of checks? Greetings, Julio Canto --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Ret

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-24 Thread Julio Canto
viruses (in the field of the ones who doesn't have heuristic features). Of course I'm open to any suggestion of how to keep that signatures fully updated using as less resources as neccesary, and trying to understand this AV as good as I can is the reason why I joined and follow

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-23 Thread Julio Canto
mirror. Yes, I got it now... I didn't really thought the Clam park of users were so big. Thank you for the explanation (looks like sometines it is difficult to find a normal one without being called stupid or something). Greetings, Julio

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-23 Thread Julio Canto
er the world? Excuse me if you don't mean that, English is not my native tongue. Greetings, Julio Canto --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-20 Thread Julio Canto
ing to 'touch' the files themselves. Probably it ain't the most elegant way to do so, but I bet it is has a quite low comsumption rate of resources of Clam av servers online :) Greetings, Julio Canto Hispasec Sistemas --- SF.Ne

Re: [Clamav-users] Downloading clam virus definition files automatically

2004-08-19 Thread Julio Canto
indow', every 10 minutes is a good time. It takes a little resources to check for new signatures (basically a GET to an HTTP site should not make croack one of the mirrors)... Anyway, I'm not using freshclam but a python script. Greetings, Julio Canto Hi

Re: [Clamav-users] My.Doom.o

2004-07-28 Thread Julio Canto
There's exception to that rule like datum - data, man - men, mouse - mice. Greetings, JC Why you tend to complicate things? Isn't it just 'viruses'? Regards, Andrzej Kukula I'm not trying to complicate anything. I just say that there's exceptions in the English rule you said. I've see

Re: [Clamav-users] My.Doom.o

2004-07-28 Thread Julio Canto
> Neither Miriam-Webster nor Cambridge list plural form of 'virus'. But > there's simple rule to make plurals in English: append 's' to a noun, and if > the noun ends in 's', then append 'es'. Or I'm missing something. There's exception to that rule like datum - data, man - men, mouse - mice. Gre

[Clamav-users] Updating ClamWin

2004-07-06 Thread Julio Canto
Hi there, I'm using ClamWin devel-20040517 and I would like to know if there's a way to keep that executable updated in an appropiate manner (an URL to download more recent versions, etc). Thank you in advance, JC --- This SF.Net email spons

Re: [Clamav-users] Reducing CPU consumption?

2004-07-04 Thread Julio Canto
Michael D. Crawford wrote: Recall that I was asking the list recently how to deal with getting 400 MB a day of the zafi.b virus in my mailbox. I can filter out my mailbox with a procmail script, followed by using clamscan and procmail, but my hosting service isn't yet able to do it for me. It turn