[Clamav-users] SubmitDetectionStats fails frequently

tries to submit them, it reports: ERROR: SubmitDetectionStats: Permanent failure Any idea how to debug and fix this? Or shouldn't we worry? -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512

Re: [Clamav-users] Handling of unknown configuration lines (was Re: Stop it!)

tch/ did save me frequently when I was running mail with clamdscan on a server having not enough memory (and while the 0.8* clamav releases still used lots of memory). -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGI

Re: [Clamav-users] bzip2 1.0.5 for CentOS

On 2008-09-17 16:34, Clayton Keller wrote: > Roberto Ullfig wrote: >> Paul Bijnens wrote: >>> On 2008-09-05 17:11, SM wrote: >>> >>>> At 01:11 05-09-2008, Tilman Schmidt wrote: >>>> >>>>> But even a manual "yu

Re: [Clamav-users] bzip2 1.0.5 for CentOS

security bug, then the machinery for backporting the fix will be started, I guess, resulting in a fixed bzip2 for the RHEL series (or is this wishful thinking?). -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax

Re: [Clamav-users] Virus Caught that is a false positive

otection against DoS attacks). And, moreover, the current version is even 0.93.1. Time to upgrade anyway. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ emai

Re: [Clamav-users] my mail server could not ricieve any email from outside

uot;clamdscan" instead. Then make sure you are using the latest version as well. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512

Re: [Clamav-users] Virus Detection Messages - False positive or real?

might be a false positive. [...] When in doubt, I submit the files to www.virustotal.com and see what other AV-programs think about the file. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http:/

Re: [Clamav-users] eicar not detected

TIVIRUS-TEST-FILE!$H+H* >
Boundary_(ID_FlUaFePoptV3h07KbhxMAQ) When extracting the lines between the "\x01\x02Boundary" and saving it in a file, that file is flagged with EICAR. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 3

Re: [Clamav-users] clamav question

aid to set "Maximum Archive Depth = 0". (The above url is a more restrictive way to implement this, taking into account the from and/or to.) -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2

Re: [Clamav-users] Viruses caught

On 2007-03-07 02:16, Dennis Peterson wrote: > Paul Bijnens wrote: >> On 2007-03-05 20:07, Dennis Peterson wrote: >>> Paul Bijnens wrote: >>> >>>> Be careful about using clamav with the MSRBL image-spams database!! >>>> >>>> It se

Re: [Clamav-users] Viruses caught

On 2007-03-05 20:07, Dennis Peterson wrote: > Paul Bijnens wrote: > >> >> Be careful about using clamav with the MSRBL image-spams database!! >> >> It seems to me like detecting the image spams with clamav signatures >> are not really an improvement. In fact,

Re: AW: AW: [Clamav-users] Virus Encrypted.Zip

ile (usual remedy for a lot of weird problems), and I'm me again now (unless the headers of the mail indicate otherwise). Sorry. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplana

Re: AW: [Clamav-users] Virus Encrypted.Zip

crypted" parameter is commented out, because it *is* disabled by default. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *

Re: AW: [Clamav-users] Virus Encrypted.Zip

On 2007-03-05 13:09, Weber, Dominik wrote: > Sorry but i don't top-posted. > I've replyed to the last message from Trog. Top-posting != thread hijacking http://en.wikipedia.org/wiki/Top-post -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologie

Re: [Clamav-users] Virus Encrypted.Zip

: (actually the default!) ArchiveBlockEncrypted no If it is clamav that is blocking the message of course. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/

Re: [Clamav-users] Viruses caught

msrbl.com/0-Ihq > 10 Html.Img.Gen034.Sanesecurity.07010302 I removed the msrbl-image database from my system, reducing the number signatures clamav has to watch to 1/3th. And no more false positives either as benefit. Now trying to get fuzzy-OCR working instead... (neverth

Re: [Clamav-users] Scanning Zip Files

t would be most appreciated. AFAIK, clamAV *does* look inside a zip file, unless you disable that explicitly in the clamd.conf file. See "ScanArchive". -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM

Re: [Clamav-users] LibclamAV - Very Slow

On 2006-09-27 14:27, Alexander Hagenah wrote: But they are as different speedy, I never expected. You're loading and unpacking the virus database each time. You see the same difference between "clamscan" and "clamdscan". -- Paul Bijnens, xplanation Technology Se

Re: [Clamav-users] LibClamAV Error: Can't create temporary file : No such file or directory

rary file : No such file or directory logout ... -l logs\/clamav_`date +%y%m%d`.log /" Does that directory already exist? Try giving the full path. -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, B

Re: [Clamav-users] Re: ClamAV on Exchange 200x

[EMAIL PROTECTED] wrote: I will be away from the office until Monday, June 27. If you need an immediate response, please send your email to [EMAIL PROTECTED] How about a virussignature matching OoO replies? ___ http://lurker.clamav.net/list/clama

Re: [Clamav-users] "ScanStream: read poll failed" error occurs with 0.81 release

Paul Bijnens wrote: Trog wrote: I guess it's a bug in the perl script you two are using, it doesn't handle high port numbers correctly. That could well be the case, because that system runs perl 5.6.1 (why upgrade production systems when all works fine). A quick check shows 65235 as hi

Re: [Clamav-users] "ScanStream: read poll failed" error occurs with 0.81 release

.conf, and restarted clamd. Hopefully this will correct (work around?) the problem! What do these settings mean (I haven't dug that far into the source yet)? -ed On Thu, 27 Jan 2005 22:17:26 +0100, Paul Bijnens <[EMAIL PROTECTED]> wrote: exo dia wrote: I am piping e-mail via procmail,

Re: [Clamav-users] "ScanStream: read poll failed" error occurs with 0.81 release

. I added, as trog suggested the following lines to clamd.conf StreamMinPort 1024 StreamMaxPort 2048 And since then (about 5 hours ago) not seen any error anymore. Before I saw the error 5-10 per hour. -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21

Re: [Clamav-users] v0.81 suddenly says "ScanStream: accept() failed

Trog wrote: What software are you using to pass requests/data to clamd? clamscan-procfilter.pl, a little perlprog to be used in procmail essential boiling down to "cat themsg | clamdscan --stdout - > $tempfile", and examining $tempfile for results. -- Paul Bijnen

Re: [Clamav-users] Phishing Questions

ot of those "one-time events" that clamav blocks. On my installation, I see about the same number of phishing-mails being block by clamav than the somefool-virus. It certainly helps my users. -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2

[Clamav-users] v0.81 suddenly says "ScanStream: accept() failed

(save some incoming mail in backup folder, and let it scan again -- all works fine then). Anyone seen something similar? -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com

Re: [Clamav-users] Research on ClamAV

Thomas Cameron wrote: On Fri, 2004-12-10 at 08:26 +0100, Paul Bijnens wrote: Thomas Cameron wrote: Aw, heck, I finished it. It only took a few minutes and I wouldn't mind a gift certificate to Amazon! Yes, I did too. Funny thing is that, within a hour I received a Worm.Sober.I virus, which

Re: [Clamav-users] EROR : "/var/run/clamd.sock: No such file or directory"

e to run too many programs with root priviledges to lessen damage in case of vulnerabilities in such programs. Thanks for support. 0.02$ please. -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 2

Re: [Clamav-users] Research on ClamAV

7.170, with a forged sender "[EMAIL PROTECTED]", which amazon refuses because of the virus content, and sends it back to me!). Does that mean I missed the $25 gif certificate, and this is the second prize? :-) -- Paul Bijnens, XplanationTel +32 16 397.511 Technol

Re: [Clamav-users] How to report viruses (or false positives) larger than 1M?

y already since april! Not all false positives are completely false... -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/

Re: [Clamav-users] Suspected Zip?

Trog wrote: It means the zip contains either a file with zero length name, or a file thats zero bytes in length, or possibly that the unzip failed. A file of zero bytes in length, that's completely normal to me. False positive? -- Paul Bijnens, XplanationTel +

Re: [Clamav-users] Clamav and pictures

Jeremy Kitchen wrote: On a side note, a buddy of mine once showed me a company that "guaranteed" that when a user opened an email from them, it was tracked, when in actuality it was no new fangled technology, it was the same old 1x1 transparent gif image cgi script bullshit :) See: www.confirm

Re: [Clamav-users] Some Mydoom.M found, not all

piece of the virus. That variant is dead, and not harmful. Is it one of those? -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED

Re: [Clamav-users] Ok now wha?

A.R.S. KA9QLQ Alvin Koffman wrote: Hay Paul would you mind terribly to answer a couple questions about your perl script off list? If so email me at [EMAIL PROTECTED] if not no prob. Did you receive my answer? Or is everything solved? -- Paul Bijnens, XplanationTel

Re: [Clamav-users] Calling clamd form an email client

phen reads standard input: cat file | clamdscan - You probably need to adjust some other settings in clamav.conf to enable parsing raw mail messages too; I don't know Evolution enough. -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001

Re: [Clamav-users] Procmailrc settings (for bounce, notify etc)

to then be told that, "actually, this *particular* virus does *not* fake the headers and your system really *does* have a virus ..." :-) That's why subscribing to lists like this is useful. You learn something new everyday, like the plural of "virus"... Next time someone te

Re: [Clamav-users] My.Doom.o

checked sigtool which identifies My.Doom.m, but not My.Doom.o - You could identify it, but it cannot do any harm anymore. My question is, how do i get clamav to identify these files as a virus? -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus

Re: [Clamav-users] Procmailrc settings (for bounce, notify etc)

-A"X-Loop: virusnotification" ; \ cat /your/friendly/message ) | $SENDMAIL -oi -t # -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus

Re: [Clamav-users] Ok now wha?

_ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMF

Re: [Clamav-users] Bug in clamdscan/client.c 0.75

ed virus catching of certain viruses. Rob M. That's what I did, and it works fine. (Actually commenting out the last line is enough.) -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://ww

[Clamav-users] Bug in clamdscan/client.c 0.75

addr field... Symptoms, clamdscan just waits until timeout on the (hopefully) not answering host. -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED