> I just started using ClamAV and it is performing great so far. :)
>
> As I prefer to call ClamAV from procmail (actually, I used YAVR before,
> a procmail only based virus signature scanner) my current setup is
> procmail / clamassassin / clamdscan.
>
>
> Rather than dumping all Virii to a si
> On a related note: I am using clamassassin [1], but shortly after I
> installed it the website and mailing list seems to be down. Does anyone
> know anything about it?
FYI only, up and working again.
...guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0;
Depending on your tool set:
sigtool -l |sort |uniq -c |sort -rn |less will show you the details. I
think it's not a big deal - unique names are not necessarily needed. A
virus with 1000 variants means a lot of -xxx's and that makes for a pretty
messy report.
I'd sure hate to see the genus, phyla, s
Damian Menscher said:
> On Sun, 10 Apr 2005, Jose Celestino wrote:
>> Words by Damian Menscher [Sun, Apr 10, 2005 at 09:34:58AM -0500]:
>>>
>>> Actually, it's worse than you think. Try piping through sort before
>>
>> Worse? How come worse?
>>
>>> sending it through uniq, and you'll find another 4
On Sun, 10 Apr 2005, Jose Celestino wrote:
> Words by Damian Menscher [Sun, Apr 10, 2005 at 09:34:58AM -0500]:
>>
>> Actually, it's worse than you think. Try piping through sort before
>
> Worse? How come worse?
>
>> sending it through uniq, and you'll find another 400 duplicates (you
Words by Damian Menscher [Sun, Apr 10, 2005 at 09:34:58AM -0500]:
> On Sun, 10 Apr 2005, [iso-8859-2] Róth Tamás wrote:
>
> >sigtool -l | wc -l
> >32207
> >
> >sigtool -l | uniq | wc -l
> >31912
>
> Actually, it's worse than you think. Try piping through sort before
Worse? How come worse?
> s
On Sun, 10 Apr 2005 10:44:57 +0200
Róth Tamás <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> i have a small question on the virus naming, if i run the following
> two lines on Linux i get different result, any reason for this?
>
> sigtool -l | wc -l
> 32207
>
> sigtool -l | uniq | wc -l
> 31912
>
>
On Sun, 10 Apr 2005, [iso-8859-2] Róth Tamás wrote:
sigtool -l | wc -l
32207
sigtool -l | uniq | wc -l
31912
Actually, it's worse than you think. Try piping through sort before
sending it through uniq, and you'll find another 400 duplicates (you
only saw 300, but there are actually 700).
Damian
On Sat, 18 Dec 2004, Nigel Horne wrote:
> What tests do you have for false positives with RTBL?
The good lists allow you to manually de-list yourself in a few seconds, so
even if you take no other precautions, there should never be a case where
a user can't send legit mail (unless their machine is
On Fri, 2004-12-17 at 13:20 -0700, Philip Ershler wrote:
> Does your e-mail system have the means of using RTBL (Real Time Black List)
> servers? If so you might want to try that. Our spam load decreased
> remarkably after we implemented our RTBL.
What tests do you have for false positives with R
on 12/17/04 2:31 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
>
>>>
>>> on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED]
> wrote:
>>>
>>> Does your e-mail system have the means of using RTBL (Real Time Black
> List)
>>> servers? If so you might want to try that. Our spam load decr
>>
>> on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED]
wrote:
>>
>> Does your e-mail system have the means of using RTBL (Real Time Black
List)
>> servers? If so you might want to try that. Our spam load decreased
>> remarkably after we implemented our RTBL.
>>
>> My 2 cents,
>>
>> P
on 12/17/04 1:26 PM, Dennis Peterson at [EMAIL PROTECTED] wrote:
>>
>> on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
>>
>> Does your e-mail system have the means of using RTBL (Real Time Black List)
>> servers? If so you might want to try that. Our spam load decreased
>> rema
>
> on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
>
> Does your e-mail system have the means of using RTBL (Real Time Black List)
> servers? If so you might want to try that. Our spam load decreased
> remarkably after we implemented our RTBL.
>
> My 2 cents,
>
> Phil
If you
on 12/17/04 1:09 PM, Carnegie, Martin at [EMAIL PROTECTED] wrote:
>
>> Pardon, I didnt mean to imply that clamav doesnt provide the name of
> the
>> virus as well. The point i was trying to make was that clamav itself
>> doesnt know or care about what is actually done after the virus is
>> dete
On Fri, 17 Dec 2004 13:09:31 -0700
"Carnegie, Martin" <[EMAIL PROTECTED]> wrote:
> Again thanks for the feedback. Looks like I can drop Symantec :)
It's always good to have two or more independent scanners.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http
>Pardon, I didnt mean to imply that clamav doesnt provide the name of
the
>virus as well. The point i was trying to make was that clamav itself
>doesnt know or care about what is actually done after the virus is
>detected. That part is left up to something else (qmail-scanner in my
>case).
Jason Haar wrote:
Jim Maul wrote:
This is not really a function of the av scanner, but rather a function
of the program which is used to call the av scanner. clamav just says
YES or NO it is a virus or isnt. Just as an example, im using qmail
with qmail-scanner and clamav. qmail-scanner has t
Jim Maul wrote:
This is not really a function of the av scanner, but rather a function
of the program which is used to call the av scanner. clamav just says
YES or NO it is a virus or isnt. Just as an example, im using qmail
with qmail-scanner and clamav. qmail-scanner has the ability to
def
Carnegie, Martin wrote:
This is the ability to identify
mass-mailing viruses based on the name of the virus detected. For
example the W32.Beagle (or Bagle) from Symantec shows up as
[EMAIL PROTECTED] This means that can then drop any messages with the
@mm instead of just removing the attachment a
On Fri, 2004-12-17 at 10:56 -0700, Carnegie, Martin wrote:
> Hello all,
>
> Yep another newbie question.
>
> We are currently looking at switching to Clamav from Symantec SMTP and
> there is one feature that I really like from Symantec that I cannot find
> in Clamav (at least I cannot find). Thi
Carnegie, Martin wrote:
Hello all,
Yep another newbie question.
We are currently looking at switching to Clamav from Symantec SMTP and
there is one feature that I really like from Symantec that I cannot find
in Clamav (at least I cannot find). This is the ability to identify
mass-mailing viruses b
22 matches
Mail list logo
