* I am hosting the ClamAV DB files on S3.
* I have a lambda routinely running as a cron job that downloads the latest
DB files from S3 to a local dir and runs freshclam against said dir as its
database directory.
* freshclam is correctly identifying the daily.cvd as out of date
*
ble?
>
> Best regards,
> Toshiyuki Honda
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://
y into Linux
with an attempt at a non-standard Debian installation then you likely bit off
more than you could chew and you're making things a lot more difficult than
necessary.
Do you have SELinux or AppArmor installed? You haven't mounted the
partition read-only have you? We'd bette
file system to keep private data away from the root partition.
I use ClamAV for general malware scanning.
name=Matthew%20Campbell&email=trenix25%40pm.me
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listin
ClamAV for general malware scanning.
Unfortunately my email app insists on quoting previous replies. Sorry about
that.
name=Matthew%20Campbell&email=trenix25%40pm.me
Original Message
On Oct 3, 2020, 4:42 PM, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Sa
eshclam.log are 0660 owned by
clamav:clamav.
I get my copies of ClamAV as a Debian package. I used apt install clamav. I
just upgraded everything to Debian 10.6 two days ago.
I can't seem to get the malware database started. How do I fix this?
name=Matthew%20Campbell&am
We have a private subnet. So, we manually sync definitions. But clamscan
doesn't see them. It declared definitions out of date. Why is this happening?
Thanks much.
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/
'bytecode' DB version
Excerpt from freshclam log:
daily.cld updated (version: 25703, sigs: 2155716, f-level: 63, builder:
raynman)
main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60,
builder: sigmgr)
query_remote_database_version: bytecode.cvd version from DNS: 331
I'm wanting to understand all components of the current.cvd.clamav.net DNS
record. I know only one:
dig +short -t txt current.cvd.clamav.net | sed 's/"//g' | tr ':' '\n'
0.102.1 => Recommended version?5925703157971054016349191331
Thanks much for your help.
My best guess is that it is false-positive, as this filesystem is
> totally isolated from any interactive user access.
> >
> > But where can i find the details behind this alert ?
> >
> > Google has no match on this.
>
> ___
>
> clamav-users mai
; +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> bo
> * SUBSIG ID 4
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> blake
>
>
> -Al-
> --
> Al Varnell
> ClamXAV user
>
>
>
>
> ______
AR string, and the message certainly wasn't 68 bytes
> long.
>
> For reference, clamscan does not detect EICAR in these messages, and
> rightly so.
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http:/
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
--
Matthew Molyett
Malware Researcher
riteInfoCom
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> h
> > >>
> > >> http://www.clamav.net/contact.html#ml
> > >>
> > > ___
> > > clamav-users mailing list
> > > clamav-users@lists.clamav.net
> > > http://lists.clamav.net/cgi-bin/mailman/listin
pes
> you should read signatures.pdf
> <https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf
> >.
>
> -Al-
PS: Sharp eyed readers may have noticed the Unicode homoglyphs being used
in the decoded signature and discussion. That was done to prevent the text
of these
27;ve got it then just drop it
into ClamAV's signature database directory and you should be good
to go.
Cheers,
Matthew
--
Matthew Newton, Ph.D.
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help
Debian's policy is to ensure that stable means stable - so they
only generally apply security patches. There was a "volatile"
repository once as they realised that software like ClamAV needs
updating more but conflicted with normal policy; it looks like
it's been replaced,
We'll look into it, thanks Sinton.
Sent from my iPhone
> On Sep 26, 2013, at 8:27 AM, Sinton wrote:
>
> Greetings everyone.
>
> I confess that I am a newbie here, so if I am about to ask something
> blindingly obvious, I apologise.
>
> I have downloaded the prebuilt installation of ClamAV 0.9
If you have the requirements of certain rules, you should probably use a
traditional signature format like .ndb or .ldb. If you need to do regular
expressions, look at writing bytecode signatures, these are slightly more
involved, though.
Alain might have some additional commentary.
Matt
On
David,
Your best course of action is to have your legal department review the
licensing details in the ClamAV package and give you guidance on your rights
and obligations.
Matt
On Jun 11, 2013, at 7:32 PM, david oberti wrote:
> I everyone I just want to know if it's free to use in a company
Hello,
Does anyone know if ClamAV supports the UFS File system?
Thanks,
Matt
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Apparently, the answer to this is on the wiki, but it is having issues.
Sent from my iPhone
On Jun 27, 2012, at 7:38 AM, Joel Esler wrote:
>
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
>
> Begin forwarded message:
>
>> From: Ilyas Doskhozhayev
>> Date
On 24 Oct 2011, at 13:53, Matthew Slowe wrote:
> On 24 Oct 2011, at 13:48, Pierre Dehaen wrote:
>>
>> It looks good ! clamdscan --reload gives:
>> Mon Oct 24 14:47:42 2011 -> Reading databases from /opt/clamav/share/clamav
>> Mon Oct 24 14:48:04 2011 -> Dat
!
Forced --reload works for me too... now waiting for the unprovoked selftest ;-)
Thanks again!
--
Matthew Slowe | Tel: +44 (0)1227 824265
Server Infrastructure Team, IS | Fax: +44 (0)1227 824078
University of Kent, Canterbury, Kent| We
On 24 Oct 2011, at 11:13, Matthew Slowe wrote:
> Hi,
>
> I'm seeing a problem on a bunch of Solaris 10 SPARC servers running 0.97.x
> since about 00:55 BST this morning. Our 0.96 hosts seem to be ok (and I've
> downgraded the important 0.97 ones so that clamd can ru
4 10:05:13 2011 -> MaxQueue set to: 100
Mon Oct 24 10:14:08 2011 -> Waiting for all threads to finish
Mon Oct 24 10:14:11 2011 -> Shutting down the main socket.
Mon Oct 24 10:14:11 2011 -> Pid file removed.
Mon Oct 24 10:14:11 2011 -> --- Stopped at Mon Oct 24 10:14:11 2011
Mon O
On 2/10/2011 4:29 PM, Kelsey Cummings wrote:
So very not cool!
Yikes. Nothing like an unplanned and untested upgrade. At least I am now
running the latest! I had about 900 emails queued up since clamd failed.
All looks good now.
-Matthew
___
Help
On 10/28/2010 1:06 PM, Hook wrote:
Unsuscribe
From: Hook
To: ClamAV users ML
In-Reply-To:<4cc83169.9050...@cmpublishers.com>
MIME-Version: 1.0
Subject: [Clamav-users] Unsuscribe
X-BeenThere: clamav-users@lists.clamav.net
X-Mailman-Version: 2.1.11
Precedence: list
Reply-To: ClamAV users ML
List
On 8/5/2010 3:42 PM, Noel Jones wrote:
But it would be easy enough to bypass by changing the cASE of the name
or using J. Doe etc. (you might be able to use wildcards to ignore
case in the sig)
Can anyone help me figure out how to ignore case so I can catch JoHn
SmItH any other variant with
On 8/5/2010 3:42 PM, Noel Jones wrote:
Creating "banned word" signatures is pretty straightforward. Convert
the names to hex, add the clamav stuff and save it in a foo.ndb file
in the clamav directory. A sig for "John Doe" would look something
like (completely untested):
Client.Data.John.D
ed to do.
Any tips would be greatly appreciated.
Thanks,
Matthew
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
fication detected.
Forcing reload.
Thu Dec 18 13:45:51 2008 -> Reading databases from /var/clamav
Thu Dec 18 13:45:53 2008 -> Database correctly reloaded (567680 signatures)
Thu Dec 18 13:46:01 CST 2008
clamav 29310 0.0 25.3 392932 271900 ? Ssl 11:00 0:07 clamd
Matthew
er yet usage:
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
1795 clamav25 0 464m 414m 992 S 0.0 2.6 28:36.21 clamd
Matthew
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On Fri, Oct 17, 2008 at 05:23:06PM +0200, Tomasz Kojm wrote:
> On Fri, 17 Oct 2008 15:53:08 +0100
> Matthew Newton <[EMAIL PROTECTED]> wrote:
>
> > That's great, thanks - all test files I have now scan OK.
> >
> > Does the above alter much else in the sca
handled (in your case we just don't want to handle them as
> CL_TYPE_BINARY_DATA). Also, we now have a bug entry for this problem:
That's great, thanks - all test files I have now scan OK.
Does the above alter much else in the scanning?
Many thanks,
Matthew
--
Matthew Newton, Ph
he files do not detect as malware in any other scanners (checked
with a couple of on-line "multi-scanner" sites - only ClamAV hits.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <[EMAIL PROTECTED]>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, Universit
Any recomendations for sucessfully compiling 0.90 using FreeBSD 4.11 with GCC
3.4.6?
So far I tried the following:
First Attempt
$ make clean;./configure CC=gcc34 CFLAGS="-pthread -O3"; make
/usr/libexec/elf/ld: cannot find -lpthread
collect2: ld returned 1 exit status
*** Error code 1
Stop in
On 9/8/06, tBB <[EMAIL PROTECTED]> wrote:
> The problem is that clamscan wants the files or directories passed to
> it via the command line, not via stdin-- besides which, Windows has a
> fairly limited max length for the command line.
Actually it's not that limited (but still too limited for t
ssin as well? I have a few custom rules for
Spamassassin that has been catching 100% of these things. Contact me off
list (as this is OT) and I can forward you the rules...
--
Matthew Daubenspeck
http://www.oddprocess.org
Gentoo Linux 2.6.14-gentoo-r2 x86_64 AMD Athlon(tm) 64 Processor 2800+
18:19:12 up 11 days, 5:32, 2 users, load average: 0.18, 0.14, 0.09
___
http://lurker.clamav.net/list/clamav-users.html
-Original Message-
From: Fast Johnny [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 01, 2005 3:27 PM
To: ClamAV users ML
Subject: Re: [Clamav-users] handle_user: unable to find user
> >
>
> Umm..this is clamav, not spamassassin ML.
>
> -Jim
>
Kelson wrote:
> Niek wrote:
>
>> If you want protection from ad- spyware, get anti-spyware software.
>
>
> I don't want to start up another flame war, but I really have to ask
> this question:
>
> Isn't email-borne spyware more in a virus scanner's domain than phishing
> is?
>
IMHO, anything
Damian Menscher wrote:
On Fri, 28 Jan 2005, Nigel Horne wrote:
It's a great idea to have clamav-milter do it's own thing. BUT,
what is its
relationship with freshclam? In the clamav-milter -> clamd, you
could be
assured that clamd would always be aware of updates installed by
freshclam.
How does
The subject says it all, according to the freshclam man page it sends
updates to clamd via the socket:
"--daemon-notify=/path/to/clamd.conf Notify the daemon about the new
database. By default it reads a hardcoded config file but you can use
an another one. Both local and TCP sockets are su
Why should clamav-milter be picky about this? Suppose I am using a tcp
socket and the sendmail server is not local? This error checking can
cause problems for people that have the sendmail package installed, but
are not using for clamav.
While one could argue that it isn't reasonable to have
Tomasz Kojm wrote:
On Fri, 31 Dec 2004 08:40:11 -0900
Matthew Schumacher <[EMAIL PROTECTED]> wrote:
List,
I just got a password protected rar file with a virus. Since there is
very little use of password protected rar archives in legitimate email
I would like to detect these as a virus.
List,
I just got a password protected rar file with a virus. Since there is
very little use of password protected rar archives in legitimate email I
would like to detect these as a virus.
I got the unrar tool installed and enabled ScanRAR and
ArchiveBlockEncrypted but it's not detecting the fi
t a stable release?
Thanks for the quick response.
--
Matthew Daubenspeck
http://www.oddprocess.org
11:55:39 up 30 days, 17:49, 1 user, load average: 0.07, 0.03, 0.01
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project
av_scanner section... copy/paste/save and restart
> amavisd
>
> This appears to be filtering out potentially dangerous JPG Images.
Sorry, Kaspersy picks it up as "Exploit.Win32.MS04-028.gen"
I will try your code. Thanks.
--
Matthew Daubenspeck
http://www.oddproces
Will there be an updated signature for the new jpeg "virus" for the 0.75
series of ClamAV?
--
Matthew Daubenspeck
http://www.oddprocess.org
23:05:09 up 30 days, 4:58, 1 user, load average: 0.03, 0.06, 0.02
---
This SF.Ne
Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
> ___
> Clamav-users mailing list
> [EMAI
___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
--
Matthew Keller
signat-url: http://mattwork.potsdam.edu/signat-url/
"No one ever says, 'I can't read that ASCII E-mail you sent me.'"
--
Matth
r month,
> we'd get more volunteers (I'd volunteer 2).
We could/would mirror at 10GB/month.
--
Matthew Keller
signat-url: http://mattwork.potsdam.edu/signat-url/
"No one ever says, 'I can't read that ASCII E-mail you sent me.'"
---
I was wondering how many clamav users came across this article:
http://www.eweek.com/article2/0,1759,1633536,00.asp
The author says, among other things: "Clearly the biggest need these days in
an anti-virus system is for scanning e-mail, and here's where ClamAntiVirus
scares me. According to the m
On Thursday 05 August 2004 08:33 pm, Damian Menscher wrote:
> Personally I think this is an excellent place for bug reports, and they
> are pretty much the only reason I read the list. It's important for
> users to know the limitations of software they use (especially when the
> different versions
> So, with that in mind, is there a document, or a group of
> documents
> out there that I can read (gimme RFCs, non-official
> standards, ANYTHING)
> that describe the plethora of standards ClamAV uses or
> plans to use
> in the future? Or maybe just a general list of what's
>
Just upgraded to the latest CVS and getting this in the clamd log:
Jun 7 15:38:32 mail1 clamd[32058]: Command parser: read() failed.
Jun 7 15:38:47 mail1 clamd[32058]: Command parser: read() failed.
But it appears to still be working...:
Jun 7 15:38:52 mail1
clamd[32058]: /var/spool/exim/scan
> From: Crucificator [mailto:[EMAIL PROTECTED]
> ...
>
> I am really annoyed.
http://www.therainiervalley.com/queen_anne_news.html
In my experience on mailing lists one can only expect a helpful answer if
the question is (a) short and (b) contains all pertinent info on your
particular setup (wha
Is it even possible for ClamAV on an MTA to block WALLON-style virii that
only include a link to themselves?
http://secunia.com/virus_information/9323/
[EMAIL PROTECTED]805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"print join er,reverse',',
Reconfiguring without --enable-debug appears to have corrected the issue.
Thanks to all who replied!!
Matthew
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent us
become an issue
again. Any help you can provide to resolve this matter is
appreciated.
Thanks,
Matthew
lamAV version devel-20040411
--
Matthew Daubenspeck
http://www.oddprocess.org
21:41:56 up 7 days, 2:35, 1 user, load average: 0.00, 0.01, 0.00
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Ro
mail1:/usr/src# cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav
co clamav-devel
cvs server: Updating clamav-devel
...
cvs server: Updating clamav-devel/docs/Polish
cvs server: [15:34:49] waiting for nigelhorne's lock
in /cvsroot/clamav/clamav-devel/docs/Polish
cvs server: [15:35:19] waiting for
> From: Mimmus [mailto:[EMAIL PROTECTED]
> I will retry when current flood of Worm.SomeFool.Y slows...
How can I see a description of this virus?
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel
On Thursday 15 April 2004 10:42 am, you wrote:
> Seeing my /tmp dir fill up with dirs like this:
>
> 026251faf5824335 524fa5519a2a80ec 886646df92b22d11 ca6373c9c8b8125b
> 0bc72b3200f8b20b 5a33fe0c19c39274 8a60e06e76f68fee cc2c4ef08a8061d7
>
> I just upgraded clamav to latest CVS yesterday. Ha
Seeing my /tmp dir fill up with dirs like this:
026251faf5824335 524fa5519a2a80ec 886646df92b22d11 ca6373c9c8b8125b
0bc72b3200f8b20b 5a33fe0c19c39274 8a60e06e76f68fee cc2c4ef08a8061d7
I just upgraded clamav to latest CVS yesterday. Had been running CVS from a
few weeks ago previously. Didn
On Wednesday 07 April 2004 07:34 pm, Guillermito wrote:
> [DISCLAIMER]
>
> There is a conflict of interest here. I am currently sued by this
> company because I published an analysis of their anti-virus product,
> showed a few flaws, and debunked their claim of stopping "100% of
> known and unknown
if-I-get-a-virus-it's-my-own-fault-an
d-I-promise-not-to-blame-the-email-system
This particular extension could be exempted from executable/zip magic
detection. :)
Matthew van Eerde
Software Engineer
Hispanic Business Inc.
HireDiversity.com
805.964.4554 x902
[EMAIL PROT
On Thursday 04 March 2004 10:25 am, you wrote:
> Looks good, but I've seen clamd temporarily allocate ~2x-3x a mail's
> size, so be sure to not set the memory limit too low.
Yeah, I figure it's reasonable to spike some times. I'm just real squeamish
because clamd managed to hard lock both of my l
ng it.
> I think it was mentioned that the virus is encrypted in ZIP
> format with a
> randomized password as it is being propagated.
Is it possible to create Encrypted.Tar, Encrypted.Sit, Encrypted.(etc...)?
The built-in Zip-decompresser in XP supports all kinds of formats besides
.ZIP, so I
On Tuesday 02 March 2004 09:29 pm, Jim Gifford wrote:
> Here is what I see on my system, maybe it's something in the kernel your
> using. I'm using 2.6.3
>
> Name: clamd
> State: S (sleeping)
> SleepAVG: 0%
> Tgid: 751
> Pid:751
> PPid: 1
> TracerPid: 0
> Uid:0 0
mav/freshclam.conf, it had :
MaxAttempts true
And when manually running this, I got an error that it needed a number
of max tries, not "true". I changed it to 5 and the system updated. It
then found the virus.
--
Matthew Daubenspeck
http://www.oddprocess.org
there is no
reason to resubmit it.
But my local copy is not working. I checked the syslog and it says
nothing other then the message is clean. Any ideas where to start
checking?
--
Matthew Daubenspeck
http://www.oddprocess.org
10:28:39 up 55 days, 1:39, 1 user, load average: 0.00, 0.00, 0.00
In message <[EMAIL PROTECTED]>
"Eric Zager" <[EMAIL PROTECTED]> wrote:
> My build of clamav-0.67-1 on OpenBSD produced an incredible CPU hog.
> clamd soaks up all the CPU it can, and I can't tell what's going on.
> freshclam also soaks up amazing amounts of CPU, but given enough time,
>
It's actually a well-established idea - using viruses to patch vulnerable
machines.
It's not done to help you. Sorry. It's done to protect the Internet from
your machine. If your machine is vulnerable, it can be used by anyone to
send spam or viruses around the internet.
"Patching" viruses are
In message <[EMAIL PROTECTED]>
Bjorn Ketelaars <[EMAIL PROTECTED]> wrote:
> Are there any success stories involving OpenBSD 3.4 and ClamAV 0.66? Is
> there someone who wants to share a package?
I have ClamAV 0.67 working under OpenBSD 3.4. I just compiled it from
source so there is no
Gareth,
Best bet to remove .65 first
Caused me no end of problems - libclamav.* in library path used before one in
compile hierarchy!
Regards
Matthew
Gareth wrote:
> What is the best way to upgrade from ClamAV 0.65 to 0.66, should I just
> install on top of the current installation, or
On Tuesday 10 February 2004 11:15 am, Michael St. Laurent wrote:
> [snip]
>
> Let me add my agreement as well. The Clamav team is doing a fantastic job!
>
> An earlier message that I posted may have communicated my frustration with
> clamav-milter, which we've had a great deal of trouble with. Ju
On Saturday 07 February 2004 06:31 pm, Erik Bourget wrote:
> Hello;
>
> I've got clamd processing a ton of mail, it does a good job not crashing
> these days (cvs as of a week or so ago), but the new problem is as bad or
> worse - the hanging. At least when it crashed, supervise (I'm running it
>
On Wednesday 04 February 2004 12:14 pm, Ola Thoresen wrote:
> I have now tested the latest tar.gz from
> http://www.clamav.net/snapshot/clamav-devel-20040204.tar.gz and can
> verify that the problem with memory allocations on special binhex-files
> has been fixed.
> I have about 10 different files
On Tuesday 03 February 2004 03:09 pm, Nigel Horne wrote:
> 4) Yes I am working on a solution and yes I am aware of it!
>
> I have just disabled binhex decoding in CVS while I further investigate
> this.
>
> -Nigel
Doh, I must have misinterpreted comments in the Changelog to mean it's been
f
On Tuesday 03 February 2004 07:18 am, Cedric Foll wrote:
> Hi,
>
> I wonder if i have to wait for the next stable version or use the last
> cvs.
> I've download the last cvs of clamav and i'm reading the changelog and
> found very interesting things there.
> Is the current CVS is stable for an use
On Tuesday 03 February 2004 03:22 am, Stefan Kaltenbrunner wrote:
> Ola Thoresen wrote:
> > I have captured several messages, and sent them to Thomas and Nigel.
> > This seems to be an issue with some messages with attachments of
> > "Content-type: application/mac-binhex40;"
>
> I can confirm this
On Sunday 01 February 2004 12:35 pm, Tomasz Kojm wrote:
> On Sun, 1 Feb 2004 07:15:50 -0800
>
> Matthew Trent <[EMAIL PROTECTED]> wrote:
> > (sent with the wrong From the first time)
> >
> > On Sunday 01 February 2004 12:44 am, Tomasz Kojm wrote:
> > > A
(sent with the wrong From the first time)
On Sunday 01 February 2004 12:44 am, Tomasz Kojm wrote:
> Are you running clamav-milter ? Do you have enabled ScanMail in
> clamav.conf ?
>
> Best regards,
> Tomasz Kojm
No milter; I'm running Exim+Exiscan, and ScanMail is enabled.
Feb 1 07:05:44 mail2
(sent with the wrong From the first time again...)
On Sunday 01 February 2004 2:44 am, Thomas Lamy wrote:
> Could you check clamd's memory consumption before and after the check,
> and quarantine mails which cause more than 10% memory increase? Would be
> _really_ helpful.
>
> Thomas
It's been a
On Sunday 01 February 2004 4:06 am, Ola Thoresen wrote:
> Sun, 01 Feb 2004 at 10:54 GMT Thomas Lamy <[EMAIL PROTECTED]> wrote
>
> > Could you check clamd's memory consumption before and after the check,
> > and quarantine mails which cause more than 10% memory increase? Would be
> > _really_ helpfu
On Saturday 31 January 2004 3:32 pm, Matthew Trent wrote:
> A hearty "me too" on this. I was just going to report it as well since both
> my mail servers simultaneously died due to clamd eating all available
> memory. I saw the OOM killer had been at work, but both systems
On Saturday 31 January 2004 02:16 pm, Ola Thoresen wrote:
>
>
> > typically our mailrelays do run out of memory(1GB physical and 2Gb swap)
> > after a few (maybe 10 to 15) minutes with the snapshots 20040113 and
> > 20040119 under load
>
> We see this problem as well.
> On a couple of servers (Fed
On Tuesday 27 January 2004 11:12 am, Nigel Horne wrote:
> I don't want to labour the point, but let me make this clear.
>
> ClamAV DOES find SCO.a in attachments.
> ClamAV DOES NOT find viruses in bounce message bodies, all of the examples
> being posted are of bounces. Bounce messages do not have
On Tuesday 27 January 2004 10:38 am, Christopher X. Candreva wrote:
> On Tue, 27 Jan 2004, Matthew Trent wrote:
> > Since the SCO virus has a list of common first names it couples with
> > domains it finds, one of our employees, "[EMAIL PROTECTED]" got a bunch
> >
On Tuesday 27 January 2004 09:16 am, Nigel Horne wrote:
> On Tuesday 27 Jan 2004 4:14 pm, McKeever Chris wrote:
> > Nigel - thanks for the reply - I didnt have an original, because they do
> > get caught by the second filter... I will play around with it and see if
> > I can..however, I sent you an
Since the SCO virus has a list of common first names it couples with domains
it finds, one of our employees, "[EMAIL PROTECTED]" got a bunch of
undeliverable bounces back (unknown users, etc.). These bounces contain the
full virus in the form of the complete source of the original email dumped a
On Monday 29 December 2003 02:34 pm, Brian Bruns wrote:
> Mon Dec 29 17:30:25 2003 ->
> /var/spool/exim/scan/1Ab5u4-00064B-VQ/1Ab5u4-00064B-VQ-0.zip: Zip
> module failure. ERROR
> Mon Dec 29 17:30:33 2003 ->
> /var/spool/exim/scan/1Ab5uB-00045R-RJ/1Ab5uB-00045R-RJ-0.zip: Zip
> module failur
On Wednesday 10 December 2003 06:27 am, Tomasz Kojm wrote:
> Please remember that we take no responsibility for the www.clamav.org
> page. The only official ClamAV homepage is www.clamav.net.
>
> Best regards,
> Tomasz Kojm
Weird... that's a strange name for a porn site...
--
Matt
Systems Adminis
On Tuesday 09 December 2003 09:42 am, Mike Brodbelt wrote:
> Just a quick note to point out that the problem with clamd blocking and
> then clamav-milter spawning a ridiculous number of chils processes is
> still not fixed in the CVS snapshot from today. I see this in the logs:-
>
>
> Dec 9 16:08:
On Tuesday 02 December 2003 02:39 pm, Tomasz Kojm wrote:
> > Ok, when the ArchiveMaxFileSize is set higher, the file goes through.
> > I also see the new ArchiveMaxCompressionRatio option; I assume that's
>
> Oh, sorry for my last posts - your problem is not connected with the
> ratio limit - you m
On Tuesday 02 December 2003 02:49 pm, Jason Haar wrote:
> Indeed - the commercial AV products do that. If you set a max level of
> checking, they simply stop processing after their internal limits have
> been reached.
>
> If clamav exits with an error status under such conditions (I don't know
> if
On Tuesday 02 December 2003 12:29 pm, you wrote:
> Dec 2 12:21:07 mail1 clamd[5980]: /var/spool/exim/
> scan/1ARH14-0001YJ-Q8/1ARH14-0001YJ-Q8-0.zip: File size limit exceeded.
> ERROR
>
> Same thing with the latest CVS. Same 3.1mb .zip as last time.
Ok, when the ArchiveMaxFileSize is set high
On Tuesday 02 December 2003 11:00 am, Tomasz Kojm wrote:
> Matthew Trent <[EMAIL PROTECTED]> wrote:
> > I'm using the 20031124 snapshot, and the above-mentioned change is
> > already in there. Yet I still get:
>
> Update to the latest CVS version.
>
> Best
1 - 100 of 102 matches
Mail list logo
