Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-22 Thread Richard Pijnenburg
We also use Clamd with amavisd-new ClamAV 0.87.1/1183/Tue Nov 22 10:19:57 2005 Got the first message with it at 21:26 / 21/11/2005 localtime ( netherlands ) Ralph Angenendt wrote: Kevin W. Gagel wrote: I'm seeing the same thing here. My uvscan sees sober but since I restarted the server this

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-22 Thread Ralph Angenendt
Kevin W. Gagel wrote: > I'm seeing the same thing here. My uvscan sees sober but > since I restarted the server this morning at 10am there have > been zero detections of anything from clamd at all. Only > seven detections from uvscan over the same time period. Strange. No problem here - we're usin

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Pete 'Wolfy' Hanson
On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > I would suggest using the following config in your case (it's based on > the one you have sent here): > > LogFileMaxSize 0 > LogTime > LogClean > LogSyslog > LogFacility LOG_LOCAL7 > PidFile /var/clamav/clamd.pid > TemporaryDirectory /tmp > Fi

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Tomasz Kojm
On Mon, 21 Nov 2005 14:39:58 -0900 Pete 'Wolfy' Hanson <[EMAIL PROTECTED]> wrote: > On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > > > MaxDirectoryRecursion 1 > > > > You should be more careful when changing the config options. With the > > current MaxDirectoryRecursion setting in your

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread JT Justman
Kevin W. Gagel wrote: >>Pete 'Wolfy' Hanson wrote: >> >> >>>On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: >>> >>> >>> We've been detecting Worm.Sober.U here for a little over 2 hours (with daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe for some reason clamd di

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Kevin W. Gagel
>> I'm seeing the same thing here. My uvscan sees sober but >> since I restarted the server this morning at 10am there >> have been zero detections of anything from clamd at all. >> Only seven detections from uvscan over the same time >>period. > >FWIW, we're detecting other viruses and worms - bu

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Pete 'Wolfy' Hanson
> > I'm seeing the same thing here. My uvscan sees sober but > since I restarted the server this morning at 10am there have > been zero detections of anything from clamd at all. Only > seven detections from uvscan over the same time period. > FWIW, we're detecting other viruses and worms - but Wor

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Pete 'Wolfy' Hanson
On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > MaxDirectoryRecursion 1 > > You should be more careful when changing the config options. With the > current MaxDirectoryRecursion setting in your setup clamd/clamav-milter > will fail to detect a lot of malware. Maybe, but it doesn't seem

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Kevin W. Gagel
>Pete 'Wolfy' Hanson wrote: > >>On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: >> >> >>>We've been detecting Worm.Sober.U here for a little over >>>2 hours (with daily.cvd 1182). If clamscan finds it, but >>>clamav-milter doesn't, maybe for some reason clamd didn't >>>load the updated database? T

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Tomasz Kojm
On Mon, 21 Nov 2005 14:10:07 -0900 Pete 'Wolfy' Hanson <[EMAIL PROTECTED]> wrote: > MaxDirectoryRecursion 1 You should be more careful when changing the config options. With the current MaxDirectoryRecursion setting in your setup clamd/clamav-milter will fail to detect a lot of malware. -- o

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Pete 'Wolfy' Hanson
On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > Please post your clamd.conf file. > LogFileMaxSize 0 LogTime LogClean LogSyslog LogFacility LOG_LOCAL7 PidFile /var/clamav/clamd.pid TemporaryDirectory /tmp FixStaleSocket TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQue

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Tomasz Kojm
On Mon, 21 Nov 2005 14:04:43 -0900 Pete 'Wolfy' Hanson <[EMAIL PROTECTED]> wrote: > On 11/21/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> > wrote: > > > > What are your clamd and clamav-milter options? > > > > /usr/local/sbin/clamav-milter --headers --pidfile=/var/clamav/clamav- > milter.pid --quiet

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Jason Haar
Pete 'Wolfy' Hanson wrote: > On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: > >> We've been detecting Worm.Sober.U here for a little over 2 hours (with >> daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe >> for some reason clamd didn't load the updated database? Try restar

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Pete 'Wolfy' Hanson
On 11/21/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > What are your clamd and clamav-milter options? > /usr/local/sbin/clamav-milter --headers --pidfile=/var/clamav/clamav- milter.pid --quiet /var/clamav/clamav-milter.sock No clamd since we aren't running with --external. which has worke

RE: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Matthew.van.Eerde
Pete wrote: > On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: >> >> We've been detecting Worm.Sober.U here for a little over 2 hours >> (with daily.cvd 1182). If clamscan finds it, but clamav-milter >> doesn't, maybe for some reason clamd didn't load the updated >> database? Try restarting clamd an

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Bryan Vest
Pete 'Wolfy' Hanson wrote: On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: We've been detecting Worm.Sober.U here for a little over 2 hours (with daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe for some reason clamd didn't load the updated database? Try restarting clam

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Pete 'Wolfy' Hanson
On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: > > We've been detecting Worm.Sober.U here for a little over 2 hours (with > daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe > for some reason clamd didn't load the updated database? Try restarting > clamd and/or clamav-mitler (

Re: [Clamav-users] Worm.Sober.U not being recognized

2005-11-21 Thread Kelson
Pete 'Wolfy' Hanson wrote: Running clamscan --detect-broken finds the message, and generates no errors, but clamav-milter does not find the message when it comes in. clamd.logshows: Nov 21 14:08:18 paz clamav-milter[26450]: [ID 788897 local7.notice] jALM6n0R027652: clean message from <[EMAIL PRO