Fajar A. Nugraha said:
> Did you add the script to kill clamd and start it when clamdwatch says
> clamd dead/hung?
What is clamdwatch, I have never heard of it?
Where do you get it?
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State Univers
Kelson Vibber said:
> As for what to put on new servers, we haven't decided yet here. I've had
> good experiences with Fedora Core 1 on workstations, but we'll probably
> avoid using it on servers for now. If you're interested, it's at
> http://fedora.redhat.com/ . FC1 really is Red Hat 10 renam
Just trying to file as many bugs against clamav as possible.
Make you earn your pay!...
Stephen Gran said:
>
> Ah, my second guess was right then - ignore completely my previous post.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State Univers
I am detecting a new netsky variant that is detected by mcafee as a netsky
variant but is not yet detected by name yet.
It is NOT detected by:
clamav, or f-prot.
I am receiving upwards of 10-20 an hour so far.
I have submitted it to the f-prot/mcafee/clamav online virus submittal
page for inclus
I would like to state for the record:
I'm dumb sometimes.
I was not running freshclam in daemon form, so I did not have new dat files.
problem solved.
Lucas Albers said:
> I'm running debian clamav-daemon 0.69-0.70-rc-1
>
> Does not detect netsky.x variant.
> I submitted t
I'm running debian clamav-daemon 0.69-0.70-rc-1
Does not detect netsky.x variant.
I submitted the virus to the clamav webpage and they detected it, but my
current install does not detect it with these scan switches:
clamscan -r --mbox --stdout --disable-summary --infected
Download the message fro
I'm a bit hesitant of upgrading to .68 or .70-rc if it appears to have a
memory leak. At what point can the developers say:
"this x release does not have a memory leak."
Pubs said:
>> On Sun, Mar 21, 2004 at 01:14:53PM -0600, John Jolet wrote:
>> > If anything, i'd say it leaked less...course, i j
You won't detect some bagle rar virus unless you are using .68-1.
.67 does not detect some virus's and core dumps.
I filed this bug against the debian package last week and the maintainers
(for debian) are releasing a .68-x package shortly.
You need to upgrade to detect some bagle virus's.
Jim sa
On redhat 7.3 to continue my earlier statement I am using .68 (dag rpm)
but it has a problem with the daemon, so I am currently just running
clamscan, not clamdscan while I troubleshoot.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State Univ
I have had no problems running the following clamav versions.
clamav-0.67-6 on debian testing
clamav-0.68 from dag on redhat 7.3
These are both production mail servers.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Mo
This is a hack, but I run monit on my servers to restart failed services.
Works well, it's a hack but it sure jacks my perceived uptime.
Tomasz Kojm said:
>> And that was it. There hasnt been another entry since and freshclam
>> quit after it. I supposed it is acceptable that due to network
>> i
Fajar A. Nugraha said:
> An interesting fact on ChangeLog:
>
> Thu Mar 11 21:50:32 CET 2004 (tk)
> -
> * libclamav: rar: added support for encrypted archive (Encrypted.RAR)
> detection
>
To make an obvious statement.
Clamav should add encrypted compre
use something like:
acidlab to detect scans,
or nessus/sara to activelly scan your network for particular vulnerabilities.
Michael St. Laurent said:
> I was reading about the String module for iptables in Linux Journal over
> the
> weekend and it occured to me that this could be used for scanning
Antony Stone said:
I can't justify running ANY cvs/beta version on this production system,
though.
> How are you passing your emails to clamav?
I am using mimedefang, I have complete copies off all the virus's that
were missed, and I am trying to determine what is similar between the
messages.
Not
The current production version is .67 correct?
I'm using .67 and some virus's are slipping by on teh initial scan,
perhaps 1%.
I catch them with fprot and mcafee, which then notifies me.
When I run a manual command line scan afterwards I catch the virus.
clamscan --no-summary --mbox -r qdir-2004-
There are two virus's that clamscan detects, and clamdscan does not.
using clamav .67-6 via the debian package.
clamscan -r --stdout --disable-summary --mbox --infected ./
ENTIRE_MESSAGE: Worm.Mydoom.F FOUND
LibClamAV Warning: Multipart MIME message contains no boundary lines
ENTIRE_MESSAGE: Worm.
I was missing some virus's until I upgraded from .65 to .67.
Bounce back zipped virus's were slipping by.
Dominic Mazzoni said:
> Ryan Moore wrote:
>> Dominic Mazzoni wrote:
>>
>>> I'm also having the problem that Ron Snyder reported yesterday,
>>> where clamscan will mark a file as OK, but if I ex
Tomasz Papszun said:
>WE ASK USERS TO NOT SUBMIT naked zip files IF their contents is DETECTED
>as infected by ClamAV AFTER UNZIPPING. It's a utter waste of our time,
>which results in delays in processing really significant samples!
Why not add this on the web submittal nag screen?
Luke Compute
Erik Corry said:
> I use procmail to put mails from the clamav-virusdb list in the folder
> above.
>
> This way I update within one hour if there is an update, otherwise
> nothing happens. You could up this to once every half hour without
> overloading the servers I think.
>
The most efficient u
Just wait for .67 to hit testing from unstable on debian.
2 more days and it will be in testing.
Then it will take 10 seconds to upgrade.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
---
When I'm wondering if clamav detects a new virus.
I contemplate going through the clamav-virusdb archive and looking for the
keyword.
But
I'm
Lazy.
You should be lazy too.
So I go here, and search term it.
http://marc.theaimsgroup.com/?l=clamav-virusdb&w=2&r=1&s=&q=b
--
Luke Computer Science S
Thought of a great idea.
Make it so the virus submittal page will scan the virus with clamscan.
If it already detects it teh virus, it will reject it.
Unless the user explicitly tell web page to accept it a virus that has
been detected with clamscan.
That should reduce the number of redundant subm
I saw this virus show up today:Worm.SomeFool
Updated here:
Submission: 1235-web
Sender: Tobias Oetiker
Virus: Unknown Virus
Added: Worm.SomeFool
Notes: File uses the same icon as a word document,double extension
(.rtf.pif i.e.),starts
to massmail with a own smtp engine, drops a 'services.exe'
Tomasz Papszun said:
> Are these set in clamav.conf?
>
> ScanArchive
> StreamSaveToDisk
No.
Strange, when using debconf to configure and explicitly telling it to enable
ScanArchive it still leaves these commented out.
Fixed.
--
Luke Computer Science System Administrator
Security Administrator,Col
Luke Scharf said:
> This does seem more polite than hitting it hard, right on the hour.
>
> -Luke
>
> --
> Luke Scharf, Systems Administrator
> Virginia Tech Aerospace and Ocean Engineering
If you use freshclam as a daemon, you don't have to worry about this as it
randomizes it?
--
Luke Comput
I've encounted this problem:
clamscan will scan zip files and detect a virus.
clamdscan will not.
clamdscan part.1.body.zip
/tmp/part.1.body.zip: OK
--- SCAN SUMMARY ---
Infected files: 0
clamscan part.1.body.zip
--- SCAN SUMMARY ---
part.1.body.zip: Worm.Gibe.F F
26 matches
Mail list logo
