eparately instead of using the
package that comes with Red Hat. Is that correct?
RHEL's package installs in /usr/lib and /usr/lib64, not in /usr/local/lib.
It's also simpler to install. Just run "yum install zlib zlib-devel"
and it'll download and install automatically, i
developing and stuff, instead
> of these "hip" services?
So blogs are okay now? I thought most techies still considered them to
be a newfangled self-important fad not worth the neologism. :-P
Besides, running a blog with, as you say, "actual content
code or tools that have legitimate uses, but might also be used to sneak
something unwanted onto a system. There was a thread a few weeks ago
where someone had a whole list of things like VNC clients, port
scanners, etc.
--
Kelson Vibber
SpeedGate Communications
1990s), the campus network was relatively
patchwork and tended to be low on network tools. Though I think even
Windows 98 had at least a command-line FTP client, so I'd think anything
with working email should at least be able to retrieve a file from an
FTP server.
--
Kelson Vibber
available in a clean form as well:
http://jquery.com/
The obfuscation, in this case, is a really annoying form of compression.
(95 KB for the source code vs. 29 KB for the packed script.)
--
Kelson Vibber
SpeedGate Communications
___
Help us build a
s
> called for.
I've missed the earlier posts in this thread, but this makes it sound a
lot like the problem encountered in this series of posts:
http://isc.sans.org/diary.html?storyid=3817
--
Kelson Vibber
SpeedGate Communications
___
Help
DHowTo
You can probably bundle in NTFS drivers from http://rpm.livna.org
--
Kelson Vibber
SpeedGate Communications
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
tently overwrite the target file.
4. Attacker can either enjoy the chaos, or attempt to manipulate just
what the privileged app will write.
--
Kelson Vibber
SpeedGate Communications
___
Help us build a comprehensive ClamAV guide: visit http://wiki
e configuration can change even
though the config *file* stays the same.
--
Kelson Vibber
SpeedGate Communications
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
uments*? It doesn't need
root access to modify the user's own files.
--
Kelson Vibber
SpeedGate Communications
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
categories; will eventually need to add categories.
--
Kelson Vibber
SpeedGate Communications
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
bunch" of files that
trigger false positives on that rule, then yes, they're going to see
"tons" of them -- regardless of the number of hits in anyone else's logs.
--
Kelson Vibber
SpeedGate Communications
___
http://lurker.clamav.net/list/clamav-users.html
sender -- but
it does the job here.
--
Kelson Vibber
SpeedGate Communications,
___
http://lurker.clamav.net/list/clamav-users.html
recipient and
choose a likely admin address for their domain, like
[EMAIL PROTECTED], [EMAIL PROTECTED], etc. -- and those often exist.
--
Kelson Vibber
SpeedGate Communications,
___
http://lurker.clamav.net/list/clamav-users.html
Harry Phillips wrote:
I was wondering if it is possible and if it is advisable to trigger freshclam
when I receive a message that the daily database has been updated.
I used to do this, but it's no longer necessary now that freshclam can
check for updates via a DNS query. You can run it as a
ve never used the milter, so I'm not sure
what's necessary) and see if that does it.
--
Kelson Vibber
SpeedGate Communications
___
http://lurker.clamav.net/list/clamav-users.html
going to do this a lot, you'll want to look up how to set up a tree in
your home directory so you can build as yourself.
--
Kelson Vibber
SpeedGate Communications
___
http://lurker.clamav.net/list/clamav-users.html
Kelson wrote:
> Isn't that the whole point of a package manager?
Never mind -- I should have read the original post and realized he was
upgrading from a manually-installed ClamAV to a pacakged version. Under
that circumstance, you *do* need to manually remove everything first
before in
dded crontab
entries, I would expect a package manager to take care of *all* of that
(and maybe even save a copy of my config files in case I wanted to
reinstall). I mean, that's what you get with RPM, and people are always
telling me that Debian has *better* package management.
-
rride this
behavior but being a neophyte I was only able to figure out and
recompile with:
You're probably better off removing the RPM entirely, rather than
writing over its files. It's cleaner that way, and easier to keep track
of what version is actually installed.
--
Kelson V
to be adding several signatures a day for variations of
this virus.
Presumably Sophos is looking for a more generic signature that catches
several variants instead of looking for lots of specific signatures.
--
Kelson Vibber
SpeedGate Communications
Niek wrote:
If you want protection from ad- spyware, get anti-spyware software.
I don't want to start up another flame war, but I really have to ask
this question:
Isn't email-borne spyware more in a virus scanner's domain than phishing is?
--
Kelson Vibber
SpeedGate
. Consired it as a ordinary binary
file.
To further clarify: Yes, ClamAV can scan DLL files, just as it can scan
EXE files. They're ordinary files, so no special process is needed to
scan them.
--
Kelson Vibber
SpeedGate Communications
___
messages are
replicated in all of the last three issues.
All I can say is, you have a strange definition of spam. It sounds to
me like a glitch in the digest feature. List admins?
--
Kelson Vibber
SpeedGate Communications
___
http
connections to the same
server (all to verify the same forged address), they just drop to the
next MX, use up those connections and drop to the next
Eventually they get down to our ultra-low priority decoy MX that we set
up to attract spammers, and they land in our tar pit.
--
Kelson V
simple MX check you suggest.
And even *those* solutions have problems.
--
Kelson Vibber
SpeedGate Communications
___
http://lurker.clamav.net/list/clamav-users.html
ludes ClamAV, and he usually updates
quickly: http://dag.wieers.com/home-made/apt/
--
Kelson Vibber
SpeedGate Communications
___
http://lurker.clamav.net/list/clamav-users.html
ed it -- or want it! -- if you just want to enable
additional features on top of the defaults.
--
Kelson Vibber
SpeedGate Communications
___
http://lurker.clamav.net/list/clamav-users.html
he CVE already lists advisories for Gentoo and Mandrake
(Jan. 31) and Trustix (Feb. 11).
--
Kelson Vibber
SpeedGate Communications
___
http://lurker.clamav.net/list/clamav-users.html
ly *are* in the database, and they're
the libraries you compiled, with your options, patches and
optimizations, built from the newer version your distro isn't willing to
package because they prefer backporting fixes to upgrading.
--
Kelson Vibber
would enable it.
In other words... "Does anyone know which trojan/virus/etc. does this,
and does ClamAV detect it?"
--
Kelson Vibber
SpeedGate Communications
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
module failure ERROR" messages over the last few days. (At first I
thought something had broken in 0.81, since they started the same day I
upgraded.)
--
Kelson Vibber
SpeedGate Communications
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
/clamav/clmilter.sock,F=,T=S:4m;R:4m’)dnl
define(‘confINPUT_MAIL_FILTERS’, ‘clmilter’)dnl
Looks to me as though you've used the wrong opening quote character.
And closing quote character. IIRC, it should open with an ASCII
backtick (`) and close with a (vertical) ASCII apostrophe (')
--
Kel
chemes), we check for @mm, Worm., and a few specific names to
decide how to handle the message. (FWIW, we use MIMEDefang to integrate
the scanners and discard/reject/disinfect messages.)
--
Kelson Vibber
SpeedGate Communications
___
http://lists.c
text converter.
This can probably be done using action_external_filter, but you still
need to figure out which parts to convert and which to discard, pick a
parser (as Matthew pointed out, there can be security concerns here),
change the mime type, etc.
--
Kelson Vibber
SpeedGate
uses or spam
tricks...dynamically rewriting all email to a "standard" format.
I believe you can do this with Can-It Pro. http://www.roaringpenguin.com/
They're the authors of MIMEDefang. Can-It is their commercial product,
and a much more thorough solution.
--
Kel
, clamav-milter, clamav-db,
clamd) instead of just the 2 (clamav and clamav-milter) in the default
RPM spec. Unfortunately, that means if you upgrade from DAG's package
to a home-grown one, you can't just use rpm -Uvh like you would in most
situations.
--
Kelson Vibber
SpeedGate Comm
*too* specific.
--
Kelson Vibber
SpeedGate Communications
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Simple solution to the question of whether to send a notice:
You know what virus was detected. You know whether it's a mass-mailer
or something else. (starts with Worm., ends with @mm, a few specific others)
Based on that, you can decide whether to reject it or discard it.
--
Kelson V
essage parts handed to it, so as long as
the signature is there, it should find it.
--
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE
access policy.
It says it's banned based on the filename, not based on a virus, so I'd
guess it's amavisd-new and not ClamAV.
By any chance does the string ".exe" show up in the middle of the
filename (something like Whatever.executives.blah)?
--
Kelson Vibber
[EMAIL PROTECTED] wrote:
I use RedHat9
I've just installed clamav and I've started clamd.
How can I chack if the daemon is really work?
Is there any test virus to send to my email?
See http://www.testvirus.org
--
Kelson Vibber
SpeedGate Comm
ll usually get
there in less than the 59-minute worst-case.
Kelson Vibber
SpeedGate Communications
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
gave up reading them.
Kelson Vibber
SpeedGate Communications
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner
one else seeing this?
Tons of 'em. Run freshclam -- update 444 picks it up as Trojan.JS.RunMe.
Kelson Vibber
SpeedGate Communications
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $
sage to an outside
consultant asking "Should we be concerned about this?" I forget whether it
had come in through another channel or just before freshclam picked up the
signature, but they ended up on our blacklist because of the forward. So
there are risks to anything.
that is calling freshclam.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at
e
packaging scheme and the same versions of everything, so third-party RPMs
built for RHEL 3 should also work on WBEL. I installed it on a test box,
and while I haven't done a whole lot with it, I haven't run into any
problems with wha
48 matches
Mail list logo
