Hi there,
On Mon, 21 Mar 2022, Christopher Marczewski wrote:
Ideally, please submit the sample via the following form:
https://www.clamav.net/reports/malware
Or you can create a signature and submit it, but see
https://lists.clamav.net/pipermail/clamav-users/2022-March/012519.html
for extra
* Jorge Bastos:
> It's just the link :P
That matters little. Some mailing list subscriber might give in to
temptation and download the virus file while not in a properly isolated
environment, and trigger the payload due to incompetence or bad luck.
> How would you be able to test then? ;)
As wa
It's best to scrub links if they're going to be included on the mailer.
Helps prevent automatic hyperlinking by the client.
Ideally, please submit the sample via the following form:
https://www.clamav.net/reports/malware
On Mon, Mar 21, 2022 at 4:36 PM Jorge Bastos wrote:
> It's just the link :
The accepted way would be to supply a link to the VirusTotal scan that
didn't detect it.
--Maarten
On Mon, Mar 21, 2022 at 4:36 PM Jorge Bastos wrote:
> It's just the link :P
> How would you be able to test then? ;)
>
> ok won't send again.. but the default virus db doesn't seems to be
> enough
Jorge,
There are a lot of alternative signatures.
Sanesecurity: http://sanesecurity.com/
Malware Patrol: https://www.malwarepatrol.net/clamav-configuration-guide/
or you can use something like clamav-unofficial-sigs:
https://github.com/extremeshok/clamav-unofficial-sigs
> On Mar 21, 2022, at 4:
It's just the link :P
How would you be able to test then? ;)
ok won't send again.. but the default virus db doesn't seems to be
enought, is there other db's to include?
The windows defender detected the .rar as virus imediately so i guess
it's a known one no?
Jorge
On 2022-03-21 17:33, Ralph
* Jorge Bastos:
> I have a virus file that came on an email, and clamav doesn't detect
> [...]
> Here's the file.
Seriously? Do *NOT* send virus files to a public mailing list.
-Ralph
___
clamav-users mailing list
clamav-users@lists.clamav.net
https:
Still not recognised.
On Wed, Jun 29, 2011 at 4:00 PM, Mihamina Rakotomandimby
wrote:
>> On Wed, 29 Jun 2011 12:45:37 +0300
>> Henrik K wrote:
>> So your users receive lot of legimate exes?
>
> Nope, exes are zipped
>
> --
> RMA.
> ___
> Help us build
> On Wed, 29 Jun 2011 12:45:37 +0300
> Henrik K wrote:
> So your users receive lot of legimate exes?
Nope, exes are zipped
--
RMA.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
> Seriously! Why not have the user shut down his mail system entirely.
> That would pretty much ensure that no Virus or Malware is delivered via
> SMTP.
>
> Your suggest is only feasible if the user never wants to receive any
> executable or archived file formats. Assuming that they do, a better
>
On 2011 Jun 29, at 12:49 , Joel Esler wrote:
> If you have a sample of the file, submitting it through ClamAV's submission
> interface makes it "bubble up" so the rule writers can get to it faster.
Or if you're lucky and it's the exact same file every time, you can trivially
create your own sign
I think he should demand all his money back.
--
Michael Scheidell, CTO
SECNAP Network Security
-Original message-
From: Joel Esler
To: ClamAV users ML
Sent: Wed, Jun 29, 2011 10:50:25 GMT+00:00
Subject: Re: [clamav-users] Virus not detected by Clamav
If you have a sample of the file
On Jun 29, 2011, at 7:58 AM, polloxx wrote:
> On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler wrote:
>> If you have a sample of the file, submitting it through ClamAV's submission
>> interface makes it "bubble up" so the rule writers can get to it faster.
>>
>> (instead of waiting for it to come
On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler wrote:
> If you have a sample of the file, submitting it through ClamAV's submission
> interface makes it "bubble up" so the rule writers can get to it faster.
>
> (instead of waiting for it to come through Virustotal)
>
Joel,
I did that yesertday.
On Wed, 29 Jun 2011 13:12:30 +0300
Török Edwin articulated:
> On 2011-06-29 13:04, polloxx wrote:
> > On Wed, Jun 29, 2011 at 11:45 AM, Henrik K wrote:
> >> On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby
> >> wrote:
> On Wed, 29 Jun 2011 11:24:24 +0200
> polloxx wrot
If you have a sample of the file, submitting it through ClamAV's submission
interface makes it "bubble up" so the rule writers can get to it faster.
(instead of waiting for it to come through Virustotal)
J
On Jun 29, 2011, at 5:24 AM, polloxx wrote:
> Dear,
>
> One of our customers got a viru
On Jun 29, 2011, at 6:04 AM, polloxx wrote:
> On Wed, Jun 29, 2011 at 11:45 AM, Henrik K wrote:
>> On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx wrote:
>>>
Are there other user with the same problem? Any solut
On 2011-06-29 13:04, polloxx wrote:
> On Wed, Jun 29, 2011 at 11:45 AM, Henrik K wrote:
>> On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
On Wed, 29 Jun 2011 11:24:24 +0200
polloxx wrote:
>>>
Are there other user with the same problem? Any solution?
>>>
>>
On Wed, Jun 29, 2011 at 11:45 AM, Henrik K wrote:
> On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
>> > On Wed, 29 Jun 2011 11:24:24 +0200
>> > polloxx wrote:
>>
>> > Are there other user with the same problem? Any solution?
>>
>> I have the same problem.
>> I manage a m
On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote:
> > On Wed, 29 Jun 2011 11:24:24 +0200
> > polloxx wrote:
>
> > Are there other user with the same problem? Any solution?
>
> I have the same problem.
> I manage a mail server used by a vendor of DHL.
>
> Pretty annoying a
> On Wed, 29 Jun 2011 11:24:24 +0200
> polloxx wrote:
> Are there other user with the same problem? Any solution?
I have the same problem.
I manage a mail server used by a vendor of DHL.
Pretty annoying as far as all emails from DHL are sensible and
important for the suers :-)
Unfortunately, I
Dear,
One of our customers got a virus not detected by
Clamav:dhl-express-prtcopy-Delivery-Failure-Notification-HXZsVlN[...].exe
A fake DHL non-delivery report.
Other engines do detect it:
BitDefender 7.2 2011.06.27 Trojan.Zbot.1911
F-Secure 9.0.16440.0 2011.06.27 Trojan.Zbot.1911
Kaspersky
max-filesize to set to for my mail server.
Frank
--- Tilman Schmidt <[EMAIL PROTECTED]> schrieb am Fr, 26.9.2008:
Von: Tilman Schmidt <[EMAIL PROTECTED]>
Betreff: Re: [Clamav-users] Virus not detected on Linux/MacOSX
An: "ClamAV users ML"
Datum: Freitag, 26. September 2008,
--- Tilman Schmidt <[EMAIL PROTECTED]> schrieb am Fr, 26.9.2008:
Von: Tilman Schmidt <[EMAIL PROTECTED]>
Betreff: Re: [Clamav-users] Virus not detected on Linux/MacOSX
An: "ClamAV users ML"
Datum: Freitag, 26. September 2008, 13:37
Moray Henderson (ICT) schrieb:
&
Moray Henderson (ICT) schrieb:
> ./clamscan/.libs/clamscan file.exe
> Linux Wally 2.6.18-53.1.6.el5 #1 SMP Wed Jan 23 11:28:47 EST 2008
> x86_64 x86_64 x86_64 GNU/Linux
> MD5(file.exe)= e7e7dc7981a4089cdcb42d32247dc6e0
> ClamAV 0.94/8284/Thu Sep 18 18:54:57 2008
> file.exe: OK
>
> ---
The sytanx should be:
clamscan --max-filesiz=#n
Below is the exerpt from the man file:
--max-filesize=#n
Extract and scan at most #n kilobytes from each archive. You may
pass the value in megabyte in format xM or xm, where x is a number.
This option protects your system against DoS attac
On 9/22/08, Eric Rostetter <[EMAIL PROTECTED]> wrote:
> Quoting fchan <[EMAIL PROTECTED]>:
>
> > Remember not everyone that uses clamav is not an expert so for
>
>
> They don't have to be an expert, they just have to read and configure
> the configuration file for their needs.
>
>
> > someone th
Quoting fchan <[EMAIL PROTECTED]>:
> Remember not everyone that uses clamav is not an expert so for
They don't have to be an expert, they just have to read and configure
the configuration file for their needs.
> someone that is new to clamav thinks that every file that went
> through clamav woul
>> > ./clamscan/.libs/clamscan file.exe
>> > Linux Wally 2.6.18-53.1.6.el5 #1 SMP Wed Jan 23 11:28:47 EST 2008
>> > x86_64 x86_64 x86_64 GNU/Linux
>> > MD5(file.exe)= e7e7dc7981a4089cdcb42d32247dc6e0
>> > ClamAV 0.94/8284/Thu Sep 18 18:54:57 2008
>> > file.exe: OK
>> >
>> > --- SCAN
net
>> Subject: Re: [Clamav-users] Virus not detected on Linux/MacOSX
>>
>> fchan wrote:
>>
>>> I read your links and I understand possible DoS and other issues but
>>> to repeat Alexandre's idea, why is there no error message for file
>>>
PLEASE REMOVE ME FROM THIS LIST
THANKS
> Date: Fri, 19 Sep 2008 17:28:07 -0700
> From: [EMAIL PROTECTED]
> To: clamav-users@lists.clamav.net
> Subject: Re: [Clamav-users] Virus not detected on Linux/MacOSX
>
> fchan wrote:
> > I read your links and I understand possi
Original-Nachricht
> Datum: Fri, 19 Sep 2008 18:30:57 -0700
> Von: Dennis Peterson <[EMAIL PROTECTED]>
> An: ClamAV users ML
> Betreff: Re: [Clamav-users] Virus not detected on Linux/MacOSX
> Alexandre Biancalana wrote:
> > On 9/19/08, Dennis Peterso
.2008:
Von: fchan <[EMAIL PROTECTED]>
Betreff: Re: [Clamav-users] Virus not detected on Linux/MacOSX
An: "ClamAV users ML"
Datum: Samstag, 20. September 2008, 8:45
Remember not everyone that uses clamav is not an expert so for
someone that is new to clamav thinks that every file th
Remember not everyone that uses clamav is not an expert so for
someone that is new to clamav thinks that every file that went
through clamav would be scanned for malware would be incorrect and
they have a possibility of opening an infected file. I think a
message or warning that a file that was
On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote:
> Alexandre Biancalana wrote:
> > On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote:
> >> fchan wrote:
> >> > I read your links and I understand possible DoS and other issues but
> >> > to repeat Alexandre's idea, why is there no erro
Alexandre Biancalana wrote:
> On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote:
>> fchan wrote:
>> > I read your links and I understand possible DoS and other issues but
>> > to repeat Alexandre's idea, why is there no error message for file
>> > that are too large to notify the admin so th
On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote:
> fchan wrote:
> > I read your links and I understand possible DoS and other issues but
> > to repeat Alexandre's idea, why is there no error message for file
> > that are too large to notify the admin so they can adjust clamd.conf
> > or o
fchan wrote:
> I read your links and I understand possible DoS and other issues but
> to repeat Alexandre's idea, why is there no error message for file
> that are too large to notify the admin so they can adjust clamd.conf
> or other action. Right now this infected file passes through like if
I read your links and I understand possible DoS and other issues but
to repeat Alexandre's idea, why is there no error message for file
that are too large to notify the admin so they can adjust clamd.conf
or other action. Right now this infected file passes through like if
it was not infected w
On Fri, 19 Sep 2008 10:51:52 -0300
"Alexandre Biancalana" <[EMAIL PROTECTED]> wrote:
> Right ! This is detect now, but the correct behavior would not be
> display a error message like "File too big, not scanned!" ??
Some discussions on this topic:
http://lurker.clamav.net/message/20080129.163022
On 9/19/08, Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Fri, 19 Sep 2008 10:14:29 -0300
> "Alexandre Biancalana" <[EMAIL PROTECTED]> wrote:
>
> > Bug 1195 opened !
>
> Please see my comment, clamscan --max-filesize=50M detects the file
Right ! This is detect now, but the correct behavior would
On Fri, 19 Sep 2008 10:14:29 -0300
"Alexandre Biancalana" <[EMAIL PROTECTED]> wrote:
> Bug 1195 opened !
Please see my comment, clamscan --max-filesize=50M detects the file
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
On 9/19/08, Arnaud Jacques <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Le vendredi 19 septembre 2008 01:54, Alexandre Biancalana a écrit :
>
> > Hi list,
> >
> > I'm experiencing a very strange situation and need some help. I have
> > some files infected by W32.Parite.B in my linux file server, bu
On 9/19/08, Török Edwin <[EMAIL PROTECTED]> wrote:
> On 2008-09-19 02:54, Alexandre Biancalana wrote:
> > Hi list,
> >
> > I'm experiencing a very strange situation and need some help. I have
> > some files infected by W32.Parite.B in my linux file server, but the
> > clamav on the file serve
Hello,
Le vendredi 19 septembre 2008 01:54, Alexandre Biancalana a écrit :
> Hi list,
>
> I'm experiencing a very strange situation and need some help. I have
> some files infected by W32.Parite.B in my linux file server, but the
> clamav on the file server does not detect the virus, so I copied
On 2008-09-19 02:54, Alexandre Biancalana wrote:
> Hi list,
>
> I'm experiencing a very strange situation and need some help. I have
> some files infected by W32.Parite.B in my linux file server, but the
> clamav on the file server does not detect the virus, so I copied the
> file to my OS X 10, r
Hi list,
I'm experiencing a very strange situation and need some help. I have
some files infected by W32.Parite.B in my linux file server, but the
clamav on the file server does not detect the virus, so I copied the
file to my OS X 10, run clamav and the virus was not detected too. I
was perplex
Hi List,
I am testing out clamav on a qmail/vpopmail/simscan setup. Seems like the virus
is accepted. See below.
@400046c12173114f2124 simscan:[23879]:CLEAN (3.00/5.00):6.7643s:Emailing_
message.txt.exe:165.21.103.142:[EMAIL PROTECTED]:[EMAIL PROTECTED]
@400046c1217315e49764 tcpserver:
On 1/19/2006 1:13 PM +0100, Payal Rathod wrote:
But she was using her own dns server without any forwarder at all.
With warm regards,
-Payal
ok
regards,
Niek
___
http://lurker.clamav.net/list/clamav-users.html
On Wed, Jan 18, 2006 at 06:11:13PM +, Stephen Gran wrote:
> She doesn't have version 1245, as explained earlier. She probably has
> a
> DNS server returning the wrong version, and she should look into why
> that is. Maybe one of her forwarders caches too long or something.
But she was using
On Wed, Jan 18, 2006 at 12:34:08PM -0500, Payal Rathod said:
> On Wed, Jan 18, 2006 at 06:22:38PM +0100, Niek wrote:
> > The update was released a few minutes after you started this thread :)
>
> But on my friends amchine she still get,
> # freshclam
> ClamAV update process started at Wed Jan 18 2
On Wed, 18 Jan 2006 12:34:08 -0500 in
[EMAIL PROTECTED] Payal Rathod
<[EMAIL PROTECTED]> wrote:
> > The update was released a few minutes after you started this thread :)
>
> But on my friends amchine she still get,
> # freshclam
> ClamAV update process started at Wed Jan 18 22:59:58 2006
> SECUR
On 1/18/2006 6:34 PM +0100, Payal Rathod wrote:
On Wed, Jan 18, 2006 at 06:22:38PM +0100, Niek wrote:
The update was released a few minutes after you started this thread :)
But on my friends amchine she still get,
# freshclam
ClamAV update process started at Wed Jan 18 22:59:58 2006
SECURITY W
> -Original Message-
> From: Payal Rathod [mailto:[EMAIL PROTECTED]
> Sent: 18 January 2006 17:34
> To: ClamAV users ML
> Subject: Re: [Clamav-users] virus not detected
>
>
> On Wed, Jan 18, 2006 at 06:22:38PM +0100, Niek wrote:
> > The update was released a
On Wed, 18 Jan 2006, Payal Rathod wrote:
> daily.cvd is up to date (version: 1244, sigs: 840, f-level: 6, builder:
> sven)
FYI, I have three instances of WORM.VB-8 in my logs from yesterday, so even
1244 detects a non-zero number of these. Evidently just not the one you have
==
On Wed, Jan 18, 2006 at 06:22:38PM +0100, Niek wrote:
> The update was released a few minutes after you started this thread :)
But on my friends amchine she still get,
# freshclam
ClamAV update process started at Wed Jan 18 22:59:58 2006
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the
Payal Rathod wrote:
>On Wed, Jan 18, 2006 at 07:04:27PM +0200, Cevher wrote:
>
>
>>You can create a temporary signature...
>>
>>
>
>Please tell me how. I read signatures.pdf but ...
>$ sigtools --md5 virus_file > temp.hdb
>What do I do after that? I use clamd, so do I need to restart it?
>Wi
On 1/18/2006 6:18 PM +0200, Payal Rathod wrote:
On Wed, Jan 18, 2006 at 12:11:19PM -0500, Chris Conn wrote:
update your defs, version 1245 gets it.
I updated and it was found. But that is weird, I always update every 1
hour and just a few mins back I manually tried to update, but the virus
w
On Wed, Jan 18, 2006 at 12:11:19PM -0500, Chris Conn wrote:
> update your defs, version 1245 gets it.
I updated and it was found. But that is weird, I always update every 1
hour and just a few mins back I manually tried to update, but the virus
was not detected and now it is. I am interested in
update your defs, version 1245 gets it.
Payal Rathod wrote:
On Wed, Jan 18, 2006 at 07:04:27PM +0200, Cevher wrote:
You can create a temporary signature...
Please tell me how. I read signatures.pdf but ...
$ sigtools --md5 virus_file > temp.hdb
What do I do after that? I use clamd, so do I
On Wed, Jan 18, 2006 at 07:04:27PM +0200, Cevher wrote:
> You can create a temporary signature...
Please tell me how. I read signatures.pdf but ...
$ sigtools --md5 virus_file > temp.hdb
What do I do after that? I use clamd, so do I need to restart it?
With warm regards,
-Payal
___
On Wed, 18 Jan 2006, Payal Rathod wrote:
> Me and many friends here are troubled by a new virus which has
> attachments like Video_part.mim, Attachment.hqx etc. We are getting this
> since last 36 hours and a friend submitted a few samples to clamav
Make sure your virus sigs are up to date. If
Payal Rathod wrote:
>Hi,
>Me and many friends here are troubled by a new virus which has
>attachments like Video_part.mim, Attachment.hqx etc. We are getting this
>since last 36 hours and a friend submitted a few samples to clamav
>interface 7 hours back. Symantech detects it since today mornin
Hi,
Me and many friends here are troubled by a new virus which has
attachments like Video_part.mim, Attachment.hqx etc. We are getting this
since last 36 hours and a friend submitted a few samples to clamav
interface 7 hours back. Symantech detects it since today morning, but
clamav is still no
On Dec 20, 2005, at 04:40 , Luis Miguel R. wrote:
Not detected here too, oldest clamav versions detect it well.
Detection of viruses in a buffer scan isn't working well either, it
doesn't recognize most viruses including the ClamAV test viruses that
the older versions (pre 0.87) recognize
Not detected here too, oldest clamav versions detect it well.
Linux cubo 2.4.27-2-686 #1 Mon May 16 17:03:22 JST 2005 i686 GNU/Linux
ClamAV 0.87.1/1213/Mon Dec 19 15:48:34 2005
([EMAIL PROTECTED]:~)# clamscan attreg.zip
attreg.zip: OK
([EMAIL PROTECTED]:~)# f-prot -ver
Program version: 4.6.3
En
Rob Chanter said:
> On Mon, Dec 19, 2005 at 08:39:10AM -0800, Dennis Peterson wrote:
>>
>> In fact it would be nice to have a command line switch that generates a
>> listing of what is seen and understood by the applications after reading
>> the clamd.conf and freshclam.conf files, as well as where
On Mon, Dec 19, 2005 at 08:39:10AM -0800, Dennis Peterson wrote:
>
> In fact it would be nice to have a command line switch that generates a
> listing of what is seen and understood by the applications after reading
> the clamd.conf and freshclam.conf files, as well as where they were found.
Po
On Mon, 19 Dec 2005 16:39:17 + in [EMAIL PROTECTED]
Nigel Horne <[EMAIL PROTECTED]> wrote:
> Brian Morrison wrote:
>
> >On Mon, 19 Dec 2005 16:28:47 + in [EMAIL PROTECTED]
> >Nigel Horne <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >>>www.i2.com.br/~hamilton/reg_pass.zip
> >>>
> >
Hamilton Vera wrote:
Hi list,
Since November, I noticed that clamav 87.1 does not recognize the
following virus.
www.i2.com.br/~hamilton/reg_pass.zip
So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
NOD32 detects it as Win32/Sober.Y worm, I'd like to know if it
Brian Morrison wrote:
On Mon, 19 Dec 2005 16:28:47 + in [EMAIL PROTECTED]
Nigel Horne <[EMAIL PROTECTED]> wrote:
www.i2.com.br/~hamilton/reg_pass.zip
Try the development version:
[EMAIL PROTECTED] ~]$ clamscan reg_pass.zip
reg_pass.zip: Worm.Sober.U FOUND
So does that mean a new
Brian Morrison wrote:
On Mon, 19 Dec 2005 16:28:47 + in [EMAIL PROTECTED]
Nigel Horne <[EMAIL PROTECTED]> wrote:
www.i2.com.br/~hamilton/reg_pass.zip
Try the development version:
[EMAIL PROTECTED] ~]$ clamscan reg_pass.zip
reg_pass.zip: Worm.Sober.U FOUND
So does that
Nigel Horne said:
> Hamilton Vera wrote:
>
>> Hi list,
>>
>> Since November, I noticed that clamav 87.1 does not recognize the
>> following virus.
>>
>> www.i2.com.br/~hamilton/reg_pass.zip
>
>
> Try the development version:
>
It would be very nice if future releases of clamd and freshclam pri
On Mon, 19 Dec 2005 16:28:47 + in [EMAIL PROTECTED]
Nigel Horne <[EMAIL PROTECTED]> wrote:
> > www.i2.com.br/~hamilton/reg_pass.zip
>
>
> Try the development version:
>
> [EMAIL PROTECTED] ~]$ clamscan reg_pass.zip
> reg_pass.zip: Worm.Sober.U FOUND
So does that mean a new release is i
On Mon, 19 Dec 2005 13:34:00 -0200 (BRDT) in
[EMAIL PROTECTED] Hamilton Vera
<[EMAIL PROTECTED]> wrote:
> NOD32 detects it as Win32/Sober.Y worm, I'd like to know if it is an
> isolated case.
Don't assume that NOD32 has identified it correctly, other packages
have false positives you know.
--
Hamilton Vera wrote:
Hi list,
Since November, I noticed that clamav 87.1 does not recognize the
following virus.
www.i2.com.br/~hamilton/reg_pass.zip
Try the development version:
[EMAIL PROTECTED] ~]$ clamscan reg_pass.zip
reg_pass.zip: Worm.Sober.U FOUND
--- SCAN SUMMARY --
Hamilton Vera said:
> Hi Denis, thanks for answering.
>
> What version are you using? I am using and updated 87.1, and I think
> that this version is not working.
>
>
>
I'm running v 87.1. Examine your clamd.conf and freshclam.conf files and
ensure they agree on where the cvd files are being place
> What version are you using? I am using and updated 87.1, and I think
> that this version is not working.
my clamscan (87.1/1213) definitely finds it here (Worm.Sober.U).
--
___
http://lurker.clamav.net/list/clamav-users.html
Hi Denis, thanks for answering.
What version are you using? I am using and updated 87.1, and I think
that this version is not working.
clamd -V
ClamAV 0.87.1
Received signal: wake up
ClamAV update process started at Mon Dec 19 13:51:22 2005
main.cvd is up to date (version: 34, sigs: 39625, f-l
On Mon, 19 Dec 2005, Hamilton Vera wrote:
; Since November, I noticed that clamav 87.1 does not recognize the following
; virus.
;
; www.i2.com.br/~hamilton/reg_pass.zip
;
; So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
;
; NOD32 detects it as Win32/Sober.Y worm,
Hamilton Vera said:
> Hi list,
>
> Since November, I noticed that clamav 87.1 does not recognize the
> following virus.
>
> www.i2.com.br/~hamilton/reg_pass.zip
>
> So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
>
> NOD32 detects it as Win32/Sober.Y worm, I'd like
Hi list,
Since November, I noticed that clamav 87.1 does not recognize the
following virus.
www.i2.com.br/~hamilton/reg_pass.zip
So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
NOD32 detects it as Win32/Sober.Y worm, I'd like to know if it is an
isolated c
Diego d'Ambra wrote:
Steve Brown wrote:
I've noticed that today's (maybe also recent versions) development
version of clam no longer detects W32/Mytob-BP (Sophos).
I have several samples which are declared fine by ClamAV
(devel-20050721/985/Thu Jul 21 13:14:39 2005), but correctly flagged as
i
Steve Brown wrote:
I've noticed that today's (maybe also recent versions) development
version of clam no longer detects W32/Mytob-BP (Sophos).
I have several samples which are declared fine by ClamAV
(devel-20050721/985/Thu Jul 21 13:14:39 2005), but correctly flagged as
infected by both another
I've noticed that today's (maybe also recent versions) development
version of clam no longer detects W32/Mytob-BP (Sophos).
I have several samples which are declared fine by ClamAV
(devel-20050721/985/Thu Jul 21 13:14:39 2005), but correctly flagged as
infected by both another server not quite as
- Original Message -
>From: Kareem Mahgoub <[EMAIL PROTECTED]>
>
>Hello list,
>I am using clamav version 0.72
Upgrade to at least 0.75.1, update your signatures and try again.
--
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a m
Kareem Mahgoub wrote:
Hello list,
I am using clamav version 0.72
qmail 1.3
Qmail-scanner-queue1.21st
I have a problem and I think it is related to clamav.
The is a virus with name W32.Netsky.p.dam ( according to Norton
antivirus) not caught by clamav.
Is there is something wrong in my setup or
Hello list,
I am using clamav version 0.72
qmail 1.3
Qmail-scanner-queue 1.21st
I have a problem and I think it is related to
clamav.
The is a virus with name W32.Netsky.p.dam ( according to
Norton antivirus) not caught by clamav.
Is there is something wrong in my setup or it is not yet in
On Thu, 08 Apr 2004 at 14:30:34 -0700, Henry Harvey wrote:
> I received an email with a virus but wasn't
> detected by ClamAv. I am running postfix +
> amavisd-new and clamav. I am new to ClamAv
> and don't know what the procedures are to
> report viruses. I do freshclam everyday but
> it still doe
On Thursday 08 April 2004 10:30 pm, Henry Harvey wrote:
> I received an email with a virus but wasn't
> detected by ClamAv. I am running postfix +
> amavisd-new and clamav. I am new to ClamAv
> and don't know what the procedures are to
> report viruses.
Follow the "submit sample" link from the Cl
I received an email with a virus but wasn't
detected by ClamAv. I am running postfix +
amavisd-new and clamav. I am new to ClamAv
and don't know what the procedures are to
report viruses. I do freshclam everyday but
it still doesn't detect it as a virus. Thanks
__
D
> Hi,
>
> I have a strange problem.
>
> I have two email servers. Both are Redhat 7.3 and using qmail.
>
> I have installed clamav 0.65 from the source on Machine A. Then I
installed
> clamav 0.67
>
> On Machine B I have installed clamav 0.67 the first time.
>
> I am using gadoyanvirus 0.2 as the l
On Tue, 2004-03-02 at 12:21, P.V.Anthony wrote:
> The only diffrence I can see is that on machine A I installed clamav 0.65
> then installed 0.67.
So what part of "0.67 works better and I should install it on machine A"
are you missing?
>
> Is there anything else I can do or check?
Check if it
Hi,
I have a strange problem.
I have two email servers. Both are Redhat 7.3 and using qmail.
I have installed clamav 0.65 from the source on Machine A. Then I installed
clamav 0.67
On Machine B I have installed clamav 0.67 the first time.
I am using gadoyanvirus 0.2 as the link between qmail a
Hi,
I have a strange problem.
I have two email servers. Both are Redhat 7.3 and using qmail.
I have installed clamav 0.65 from the source on Machine A. Then I installed
clamav 0.67
On Machine B I have installed clamav 0.67 the first time.
I am using gadoyanvirus 0.2 as the link between qmail a
On Fri, 7 Nov 2003, [iso-8859-1] Mário Luis Ghoneim wrote:
> > --disable-archive --unzip
>
> But it doesn't work yet :(
I added this line to my clamscan call and it didn't work either. I can
provide a sample of the zip file that causes the problem, if that would
help. If I zip up other virus sam
> when you call clamscan from your email scanner add
>
> --disable-archive --unzip
>
> to the options.. It will find it then..
>
> -Keith
>
I edited /usr/bin/amavis
$output = `$clamscan --stdout -r -w --one-virus --disable-archive --unzip
$TEMPDIR/parts`;
But it doesn't work yet :(
More tips?
rsday, November 06, 2003 1:20 PM
Subject: Re: [Clamav-users] Virus not detected
> Mário Luis Ghoneim wrote:
>
> > Ok Tomasz,
> > I upgraded it clamav0.54 to 0.60
> >
> > /usr/local/bin/clamdscan -V
> > clamdscan / ClamAV version 0.60
> >
> > /usr/local/
Kunal Rupera wrote:
- Original Message -
From: "Kunal Rupera" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 06, 2003 8:10 PM
Subject: Re: [Clamav-users] Virus not detected
i have been running clamAV with Amavisd-new on a postfix mail serve
- Original Message -
From: "Kunal Rupera" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 06, 2003 8:10 PM
Subject: Re: [Clamav-users] Virus not detected
> i have been running clamAV with Amavisd-new on a postfix mail server and
> have
1 - 100 of 115 matches
Mail list logo
