Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Roberto Mazzini
Giolli coop
--
Giolli Società Cooperativa Sociale
Centro permanente di ricerca e sperimentazione teatrale
sui metodi Boal e Freire
Via Chiesa, 12
43022 Monte
Salve
sto usando ClamTK su Linux Mint.
Trova sempre dei PUA.
Li analizzo e metto alcuni in quarantena o mando a esaminare.
1) quando e dove ricevo l'analisi dei file inviati?
2) tengo quelli in quarantena sempre lì o è consigliabile fare qualcosa?
e cosa?
grazie
Roberto Mazzini
G
I did not get any answer about my problem; maybe I ask to the wrong mailling
list or I ask a woring question;
please could someone point me in the right place ?
thanks in advance
Roberto
On Sab, Ottobre 17, 2009 14:03, Roberto wrote:
>
> Hi
> I discover the following issue: after i
he reason of not reporting the error to the caller ?
thank in advance,
Roberto
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
ment suffixes to .txt but this causes some problems with some
applications. We'd like to rename the attachments with another suffix,
one that will never be used for an application (present or future). Does
anyone know if a standard suffix has been created for just this purpose?
--
Roberto
ted, I guess, resulting in a fixed
> bzip2 for the RHEL series (or is this wishful thinking?).
>
>
>
Rhetorical question: Why does it have to be a _security_ bug in order
for redhat to fix it?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
redhat didn't patch it. Their latest version appears to be from 2005 -
per the date on the file.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
Yes it links now without error. Thanks.
Roberto
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
L/usr/local/lib -lbz2
#
Also, there is no problem when linking with the redhat libs in /usr/lib:
# gcc -o conftest -g -O2 -lz -lbz2 test.c
#
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin wrote:
> On 2008-09-02 22:49, Roberto Ullfig wrote:
>
>> Running redhat and have installed bzip2 1.0.5 in /usr/local/. How can I
>> tell clamav's Configure to look in /usr/local/ just for bzip2?
>>
>
> Try this:
> ./configure -
o not report stability problems to
the ClamAV developers!
[EMAIL PROTECTED] lib]# /usr/local/bin/bzip2 --help
bzip2, a block-sorting file compressor. Version 1.0.5, 10-Dec-2007.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive C
I've been reviewing our clamav configuration and noticed that we have:
PhishingScanURLs no
while the default in 0.93.1 is yes
What exactly does this test do? How many of you have it turned on and off?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
on of /usr/local/lib/libz.a
>> and got the same error. In /usr/lib we have the old rhel 4 version (I
>> don't think that matters for this issue). I added the shared version of
>> v1.2.3 (run configure -s if you have zlib source) to /usr/local/lib and
>> all
x 1 root root13 Apr 15 08:38 /usr/local/lib/libz.so.1 ->
libz.so.1.2.3
-rwxr-xr-x 1 root root 75778 Apr 15 08:22 /usr/local/lib/libz.so.1.2.3
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
John Rudd wrote:
> Nigel Horne wrote:
>
>> Roberto Ullfig wrote:
>>
>>> Nigel Horne wrote:
>>>
>>>> A vulnerability was identified by Secunia in 0.92.1 relating to the
>>>> PE module.
>>>> We immediate
Roberto Ullfig wrote:
> Joey McKnight wrote:
>
>> here is what nm -D /usr/lib/libz.so|grep gz displayed:
>>
>> 00d674c0 T gzclearerr
>> 00d67320 T gzclose
>> 00d66380 T gzdopen
>> 00d67240 T gzeof
>> 00d67390 T gzerror
>> 00d66ec0 T gzflush
27;
>
>> collect2: ld returned 1 exit status
>> make[2]: *** [freshclam] Error 1
>> make[2]: Leaving directory `/root/clamav-0.93/freshclam'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory `/root/clamav-0.93'
>> make: ***
t; very soon, and all users are advised to update to this release with
> immediate effect.
> 0.93RC1 does not include the fix.
>
> Regards,
>
By disabling the module do you mean to say that 0.92.1 is not
vulnerable? Why does CERT say otherwise?
-
in such a situation - though of course it would do nothing. This
becomes relevant when the server you're working on is not connected to
the network (can't access the sig files), with newly built servers,
servers that are rebooted, etc...
--
Roberto Ullfi
Roberto Ullfig wrote:
> Török Edwin wrote:
>
>> Roberto Ullfig wrote:
>>
>>
>>> This won't work for us. This creates a usr hierarchy starting under DESTDIR.
>>>
>>> The installation needs to go into directories like this:
>>&
Török Edwin wrote:
> Roberto Ullfig wrote:
>
>> This won't work for us. This creates a usr hierarchy starting under DESTDIR.
>>
>> The installation needs to go into directories like this:
>>
>> /mnt/aaa/bbb/local/ccc/ddd/bin
>> /mnt/aaa/bbb/local/
r one installation to complete before starting the next one.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Török Edwin wrote:
> Roberto Ullfig wrote:
>
>> We use a binary repository in blah/local/blah. In the past I would set
>> prefix and install to this location. This is no longer possible with
>> 0.92.1 (maybe 0.92 also).
>>
>> export prefi
to a
directory not ending in /usr/local/lib
Is there a way to get around this restriction?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
We've recently been getting these messages in mimedefang:
Clamd returned error: Files number limit exceeded
What would the problem be? Thanks!
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit
the author of the one you are using and inform him of the problem.
>
>
>
I installed the latest script but it looks like behavior may have
changed. When I ran the script, the sigs were downloaded fine but they
weren't detected by clamav un
SIGNATURE-
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHh3gWkNLDmnu1kSkRAvImAJ9d+4QxiQkBp2MebMN18JLfJCSzlwCfWN3v
> JuRHZcyn4MsxgpQmhVoOwgs=
> =4o5C
> -END PGP SIGNATURE-
>
>
I have the same
ompressed data--format violated
clamd would fail to start because of the bad data.
Quick fix is to delete all files in /var/lib/clamav and restart clamd
and reload all databases, etc...
If you're using scamp.sh to download sanesecurity sigs, modify it to
test for the return code of gunzip.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
00% when PDF scanning (new feature
introduced recently) large files. We've disabled PDF scanning for now.
We will need to put in our own check to prevent PDF scanning of files
over a certain size.
--
Roberto Ullfig - [EMAIL PROTECTED]
_
Roberto Ullfig wrote:
> Rob MacGregor wrote:
>
>> On 9/19/07, Roberto Ullfig <[EMAIL PROTECTED]> wrote:
>>
>>
>>> We restart sendmail/clamd every morning. This morning this restart
>>> failed on several servers. The startup hung when clamd
Rob MacGregor wrote:
> On 9/19/07, Roberto Ullfig <[EMAIL PROTECTED]> wrote:
>
>> We restart sendmail/clamd every morning. This morning this restart
>> failed on several servers. The startup hung when clamd was trying to
>> startup. I deleted everything in /var/l
We restart sendmail/clamd every morning. This morning this restart
failed on several servers. The startup hung when clamd was trying to
startup. I deleted everything in /var/lib/clamav (database files) and
everything started up just fine.
--
Roberto Ullfig - [EMAIL PROTECTED
Dennis Peterson wrote:
> Roberto Ullfig wrote:
>
>> I had to disable PDF scanning on our servers. We were receiving 9 MB PDF
>> files and clamd started consuming 100% CPU and not completing the scan.
>> Anyone else have issues with PDF scanning?
>>
>&g
I had to disable PDF scanning on our servers. We were receiving 9 MB PDF
files and clamd started consuming 100% CPU and not completing the scan.
Anyone else have issues with PDF scanning?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a
Sven Strickroth wrote:
> Am 10.08.2007 19:00 schrieb Roberto Ullfig:
>
>> On 2007-08-10 12:42, Roberto Ullfig wrote:
>> Actually, what we see is that nearly all viruses of the form:
>>
>> Email.Phishing.RB-12...
>>
>> stopped being detected on Au
On 2007-08-10 18:51, Roberto Ullfig wrote:
> On 2007-08-10 17:00, Roberto Ullfig wrote:
> > On 2007-08-10 12:42, Roberto Ullfig wrote:
> > > The number of virus we are detecting went down drastically at around
> > > 3:30 pm yesterday. Anything going on?
> > >
On 2007-08-10 17:00, Roberto Ullfig wrote:
> On 2007-08-10 12:42, Roberto Ullfig wrote:
> > The number of virus we are detecting went down drastically at around
> > 3:30 pm yesterday. Anything going on?
> >
> >
> >
> >
>
> Actually, what
On 2007-08-10 12:42, Roberto Ullfig wrote:
> The number of virus we are detecting went down drastically at around
> 3:30 pm yesterday. Anything going on?
>
>
>
>
Actually, what we see is that nearly all viruses of the form:
Email.Phishing.RB-12...
stopped being detected
The number of virus we are detecting went down drastically at around
3:30 pm yesterday. Anything going on?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net
alled from same directory, etc Are they perhaps
contacting different db servers?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
add the followings lines to sendmail.mc and run again m4
define(_FFR_MILTER)dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl
Roberto
- Original Message -
From:
Hi
I test adding the followings lines to sendmail.mc
define(_FFR_MILTER)dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamav.sock,
F=,T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl
Now see the changes in sendmail.cf
Roberto
--
add the followings lines to sendmail.mc and run again m4
define(_FFR_MILTER)dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl
Roberto
- Original Message -
From: &q
e-1);
dst[dstsize-1] = '\0';
}
return strlen(src);
}
Roberto
- Original Message -
From: "Raul Elizondo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 03, 2004 1:27 PM
Subject: [Clamav-users] problems compiling on rh7.3
> Hi,
>
>
ize-1);
dst[dstsize-1] = '\0';
}
return strlen(src);
}
Roberto
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, a
generate a new one?
>
> Thanks,
> Patrik
>
> - Original Message -
> From: "Richard G. Roberto" <[EMAIL PROTECTED]>
> Newsgroups: gmane.comp.security.virus.clamav.user
> Sent: Monday, December 01, 2003 12:55 AM
> Subject: Re: Problems with clamav-milt
:00,
mailer=esmtp, pri=30434, relay=x.xx. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (Ok: queued as E996C4095)
>
> Well xxx...xxx is ofcourse something else, but it doesnt look like
anything went wrong.
> What might be the problem?
>
> Thanks,
> Patrik
>
>
--
Richar
good to add an option to do exactly that, then we can
work on fixing -o (which is probably non-trivial as it really requires
parsing the header).
I also knocked off one of the TODO items listed and removed -m in favour of
the MaxThreads config file parameter.
I hope this is OK.
Thanks
rgr
--
On Fri, 18 Jul 2003 03:40:08 +0200, Tomasz Kojm wrote
> On Thu, 17 Jul 2003 20:02:10 -0500
> "Richard G. Roberto" <[EMAIL PROTECTED]> wrote:
>
> > >
> > > What is your command line for clamav-milter ?
> >
> >
> > Sorry, I forgo
contacts
clamd (I've been trussing clamd for days and not a single accept() call).
Your help is greatly appreciated!
Thanks
rgr
--
Richard G. Roberto
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For addi
= 5 (0x5)
poll(0x806a400,0x1,0x0) = 1 (0x1)
>>>read(0x6,0xbfadcdf0,0x5) = 5 (0x5)
>>>fstat(6,0xbfadcf20) = 0 (0x0)
>>>close(6) = 0 (0x0)
clock_gettime(0x0,0xbfaedfa8)
51 matches
Mail list logo
