On Monday 13 September 2004 23:13, Adam Bernstein wrote:
> Howdy. We have a strange problem: We're running the latest
> stable, 0.75.1, with virus definitions updated via freshclam
> every hour (the latest log entry shows "version 488". We have
> a virus that keeps getting through, but it is rec
Howdy. We have a strange problem: We're running the latest
stable, 0.75.1, with virus definitions updated via freshclam
every hour (the latest log entry shows "version 488". We have
a virus that keeps getting through, but it is recognized by
your online virus submission scanner as MyDoom.M, so c
On Friday 03 September 2004 07:13, Scott Ryan wrote:
> I had an issue with this a while back which was fixed by upgrading to
> latest devel and then eventually 0.75-1.
> I run qmail-scanner which in turn calls clamdscan. If i cat the message and
> pipe through clamdscan manually, clam reports that
On Monday 06 Sep 2004 09:44, Scott Ryan wrote:
> Would it be possible for someone to check that this mail is trapped by clamav
> through a mail scanner? I can send it as an email file passwd zipped if it
> helps
password zipped e-mail to me will be fine.
> Much appreciated.
-Nigel
--
Nigel
On Friday 03 September 2004 16:42, Chris Meadors wrote:
> On Fri, 2004-09-03 at 11:47 +0200, Scott Ryan wrote:
> > Maybe you want to read the mail i sent again.
> > I use clamdscan not clamscan
> >
> > # man clamdscan
>
> Then do you have the "ScanMail" option set in the clamav.conf file set?
Yes -
Nigel Horne wrote:
> > I once had a problem where the virus wouldn't be detected by Clam in
> > certain emails if any attachments had been extracted first, but would
> > find the virus fine if fed the email intact.
>
> This problem was fixed a long time ago.
>
> > Matt
>
> -Nigel
>
Sorry. I
> I once had a problem where the virus wouldn't be detected by Clam in
> certain emails if any attachments had been extracted first, but would find
> the virus fine if fed the email intact.
This problem was fixed a long time ago.
> Matt
-Nigel
Scott Ryan wrote:
> stream: Worm.Mydoom.M FOUND
>
> --- SCAN SUMMARY ---
> Infected files: 1
> Time: 0.023 sec (0 m 0 s)
> [EMAIL PROTECTED] root]# cat testmail.eml | clamdscan -
> stream: Worm.Mydoom.M FOUND
>
> --- SCAN SUMMARY ---
> Infected files: 1
> Time: 0.
On Fri, 2004-09-03 at 11:47 +0200, Scott Ryan wrote:
> Maybe you want to read the mail i sent again.
> I use clamdscan not clamscan
>
> # man clamdscan
Then do you have the "ScanMail" option set in the clamav.conf file set?
--
Chris
---
Thi
On Friday 03 September 2004 11:18, Rob MacGregor wrote:
> On Fri, 3 Sep 2004 10:26:49 +0200, Scott Ryan <[EMAIL PROTECTED]>
wrote:
> > No because I dont use mbox format. I cat the email message and pipe it
> > through clamdscan. It picks up that it has to scan scanning mail messages
> > from my /e
On Fri, 3 Sep 2004 10:26:49 +0200, Scott Ryan <[EMAIL PROTECTED]> wrote:
> No because I dont use mbox format. I cat the email message and pipe it through
> clamdscan. It picks up that it has to scan scanning mail messages from
> my /etc/clamav.conf
You may want to RTFM:
--mbox Enable scanning of
On Friday 03 September 2004 07:50, ralf bosz wrote:
> Are you using the "--mbox" option when manually scanning the mailfiles?
>
No because I dont use mbox format. I cat the email message and pipe it through
clamdscan. It picks up that it has to scan scanning mail messages from
my /etc/clamav.conf
Are you using the "--mbox" option when manually scanning the mailfiles?
On Fri, 3 Sep 2004 07:13:53 +0200, Scott Ryan <[EMAIL PROTECTED]> wrote:
> I had an issue with this a while back which was fixed by upgrading to latest
> devel and then eventually 0.75-1.
> I run qmail-scanner which in turn ca
I had an issue with this a while back which was fixed by upgrading to latest
devel and then eventually 0.75-1.
I run qmail-scanner which in turn calls clamdscan. If i cat the message and
pipe through clamdscan manually, clam reports that the message contains the
virus myDoom.m, but it is not bei
On Sat, 31 Jul 2004 19:17:55 +0400 (MSD)
Roman Suzi <[EMAIL PROTECTED]> wrote:
>
> Hi all,
>
> I was pretty happy with clamav 0.51 + some script which decoded
You shouldn't use it - there's a bug in the pattern matching algorithm
of ClamAV <= 0.53 and some viruses may be missed randomly.
--
Hi all,
I was pretty happy with clamav 0.51 + some script which decoded
base64 (I was feeding data to stdin) until Mydoom.M.
I was very surprised that ald db format is no longer available
from September (IIRC), so update was a must anyway.
New clamav runs much faster, but I wonder how much trus
Daniel J McDonald wrote:
On Fri, 2004-07-30 at 14:27, Arthur Kerpician wrote:
Hi,
1. I'm running ClamAV-0.73 on RH9 machine (qmail) and made all the
updates,
0.73 doesn't support mangled MIME encoding. That was added in 0.75.
You probably want to upgrade to 0.75.1 at this point.
I di
On Fri, 2004-07-30 at 14:27, Arthur Kerpician wrote:
> Hi,
> 1. I'm running ClamAV-0.73 on RH9 machine (qmail) and made all the
> updates,
0.73 doesn't support mangled MIME encoding. That was added in 0.75.
You probably want to upgrade to 0.75.1 at this point.
--
Daniel J McDonald <[EMAIL PRO
Hi,
1. I'm running ClamAV-0.73 on RH9 machine (qmail) and made all the
updates, including daily 429. Anyway, it seems that mydoom.m is
bypassing ClamAV since 2 of my servers (same config) didn't send any
notification to the admin e-mail regarding the worm. After one of the
servers i have NAV fo
On Wed, 2004-07-28 at 14:47, Scott Ryan wrote:
> I have upgraded to latest snapshot, but I am still seeing zipped My.Doom.m
> viruses coming through.
> When I run clamdscan on the zip file that get's through, clamav identifies it
> as My.Doom.m
>
> Is there something i am missing here?
>
Poss
I have upgraded to latest snapshot, but I am still seeing zipped My.Doom.m
viruses coming through.
When I run clamdscan on the zip file that get's through, clamav identifies it
as My.Doom.m
Is there something i am missing here?
On Wednesday 28 July 2004 09:18, Mike Brodbelt wrote:
> Trog wrote
I am seeing MyDoom.m coming through, but when i run clamscan or clamdscan on
the directory where i save the zip, clamav identifies it as MyDoom.m
If I unzip it there is a message.cmd file which is executable and not broken
binary rubbish.
The worrying thing is, my mail server has identified 450
Trog wrote:
> On Tue, 2004-07-27 at 22:48, Jim wrote:
>
>>The new [EMAIL PROTECTED] zipped versions are getting through my
>>clamav/amavisd-new/spamassassin box.
>>
>>It is stopping and dropping zipped versions of Bagle, but no luck with
>>zipped versions of mydoom.M
>>
>>Any one else expereinci
On Tue, 2004-07-27 at 22:48, Jim wrote:
> The new [EMAIL PROTECTED] zipped versions are getting through my
> clamav/amavisd-new/spamassassin box.
>
> It is stopping and dropping zipped versions of Bagle, but no luck with
> zipped versions of mydoom.M
>
> Any one else expereincing this?
The onl
On Tue, Jul 27, 2004 at 02:48:21PM -0700, Jim said:
> The new [EMAIL PROTECTED] zipped versions are getting through my
> clamav/amavisd-new/spamassassin box.
>
> It is stopping and dropping zipped versions of Bagle, but no luck with
> zipped versions of mydoom.M
>
> Any one else expereincing th
The new [EMAIL PROTECTED] zipped versions are getting through my
clamav/amavisd-new/spamassassin box.
It is stopping and dropping zipped versions of Bagle, but no luck with
zipped versions of mydoom.M
Any one else expereincing this?
Also does anyone know when the .75 release will be avialable
26 matches
Mail list logo
