* Dennis Peterson wrote:
>
> I think they've only said what they won't do, and I'm 100% certain it comes
> from SourceFire legal. I'd do the same thing.
Understood, I tend to get too hot, too fast, with these guys.
Apologies Dev Team.
> It is only annoying to me because I'd built a lot of back
On 4/17/11 1:28 PM, Nathan Gibbs wrote:
* aCaB wrote:
On 04/17/11 05:05, Dennis Peterson wrote:
Adding the hard-coded UNOFFICIAL reduces some liability from the Clamav
team.
Which is why it shouldn't be changed in the underlying libclamav.
That! And lots of daily annoyances with FP report
On 4/17/11 1:35 PM, Nathan Gibbs wrote:
* Steve Basford wrote:
I receive .UNOFFICIAL reports too, which aren't produced by Sanesecurity,
so instead I forward them on and/or whitelist.
This page shows FP contact details for all the .UNOFFICIAL ones
http://www.sanesecurity.com/clamav/fps.ht
* Steve Basford wrote:
>
> I receive .UNOFFICIAL reports too, which aren't produced by Sanesecurity,
> so instead I forward them on and/or whitelist.
>
> This page shows FP contact details for all the .UNOFFICIAL ones
>
> http://www.sanesecurity.com/clamav/fps.htm
>
> A small suggestion
* aCaB wrote:
> On 04/17/11 05:05, Dennis Peterson wrote:
>> Adding the hard-coded UNOFFICIAL reduces some liability from the Clamav
>> team.
>
Which is why it shouldn't be changed in the underlying libclamav.
> That! And lots of daily annoyances with FP reports too.
>
> Which is why the suffix
* aCaB wrote:
> On 04/16/11 16:48, Nathan Gibbs wrote:
>> Do you mean something like.
>>
>> cat daily.cvd | sigtool -mdb > daily.mdb
>
> That won't work. If you want to use an official db you should you
> "sigtool --unpack".
>
> Alternatively you can forge your own custom db. E.g.:
> acab@1337nes
> On 04/17/11 05:05, Dennis Peterson wrote:
>> Adding the hard-coded
>> UNOFFICIAL reduces some liability from the Clamav team.
>
> That!
> And lots of daily annoyances with FP reports too.
>
> Which is why the suffix won't go away nor an option will be available to
> get rid of it.
I receive .UNO
On 04/17/11 05:05, Dennis Peterson wrote:
> Adding the hard-coded
> UNOFFICIAL reduces some liability from the Clamav team.
That!
And lots of daily annoyances with FP reports too.
Which is why the suffix won't go away nor an option will be available to
get rid of it.
Cheers,
-aCaB
__
On 4/16/11 1:50 PM, Nathan Gibbs wrote:
Which is right along the lines of what the OP wants.
The OP wanted ( Re: *.UNOFFICIAL Virus Names ):
"It is a non-optional logging feature of ClamAV. I'd like to see a config
option in there to turn it on or off. As it is I edit the source code at
each bu
On 04/16/11 16:48, Nathan Gibbs wrote:
> Do you mean something like.
>
> cat daily.cvd | sigtool -mdb > daily.mdb
That won't work. If you want to use an official db you should you
"sigtool --unpack".
Alternatively you can forge your own custom db. E.g.:
acab@1337ness:/tmp$ echo "this is an examp
* Török Edwin wrote:
> On 2011-04-16 17:06, Nathan Gibbs wrote:
>>
>> I'm guessing that clcb_post_scan can be used to ambush the virus name
>> soon after it escapes from libclamav.
>
> It allows you to get a callback
Whatever that is.
:-)
> for every file we scan (including archive members), a
On 2011-04-16 17:06, Nathan Gibbs wrote:
> * aCaB wrote:
>>
>> FYI you can use callbacks, in particular clcb_post_scan.
>> See clamav.h for details.
>>
>> -aCaB
>>
>>
>
> Alas, my c-fu is not adequate.
> :-(
>
> What did you just say!
> LOL :-)
>
> I'm guessing that clcb_post_scan can be used to
* aCaB wrote:
> On 04/16/11 06:14, Nathan Gibbs wrote:
>> Is there some test data that will cause clamd to to emit the .UNOFFICIAL
>> output without loading any 3rd party DB's
>
> Just load any db file in non cvd/cld format.
>
> -aCaB
>
>
Do you mean something like.
cat daily.cvd | sigtool -m
* aCaB wrote:
>
> FYI you can use callbacks, in particular clcb_post_scan.
> See clamav.h for details.
>
> -aCaB
>
>
Alas, my c-fu is not adequate.
:-(
What did you just say!
LOL :-)
I'm guessing that clcb_post_scan can be used to ambush the virus name soon
after it escapes from libclamav.
I
On 04/16/11 03:56, Nathan Gibbs wrote:
> I don't think passing conf options all the way down into the library is going
> to work out too well. I'll try ambushing the virus name on its way back up.
>
>> As it is I edit the source code at each build and turn it off.
>>
>
> As it is I edit the sour
On 04/16/11 06:14, Nathan Gibbs wrote:
> Is there some test data that will cause clamd to to emit the .UNOFFICIAL
> output without loading any 3rd party DB's
Just load any db file in non cvd/cld format.
-aCaB
___
Help us build a comprehensive ClamAV gu
* Steve Basford wrote:
>
> Just to clarify, don't add the .UNOFFICIAL to *any* signature names that
> you wish to whitelist (add to the .ign2 file)
>
> It confused me at first too, why sigs didn't whitelist.. but once you know ;)
>
Is there some test data that will cause clamd to to emit the .UN
* Dennis Peterson wrote:
>
> It is a non-optional logging feature of ClamAV.
WOW!, that non-optional logging code is buried in libclamav.
> I'd like to see a config option in there to turn it on or off.
I've got the option, it just doesn't do anything yet.
:-)
I don't think passing conf options
On 4/14/11 7:21 AM, Nathan Gibbs wrote:
* Dennis Peterson wrote:
It is a non-optional logging feature of ClamAV. I'd like to see a config
option in there to turn it on or off. As it is I edit the source code at
each build and turn it off.
Could you send me your code for that? I'll consider p
* Dennis Peterson wrote:
>
> It is a non-optional logging feature of ClamAV. I'd like to see a config
> option in there to turn it on or off. As it is I edit the source code at
> each build and turn it off.
>
Could you send me your code for that? I'll consider putting it into the next
CCEE patch
On 4/14/11 7:00 AM, Bowie Bailey wrote:
On 4/14/2011 9:49 AM, Antonio Pereira wrote:
Thanks
I ad put in
MBL_200562.UNOFFICIAL
instead of
MBL_200562
I reloaded clamav and now it works.
I would have done the same thing if I hadn't looked at the Sanesecurity
file first. I think "UNOFFICIAL" i
On 4/14/2011 9:49 AM, Antonio Pereira wrote:
> Thanks
>
> I ad put in
> MBL_200562.UNOFFICIAL
>
> instead of
> MBL_200562
>
> I reloaded clamav and now it works.
I would have done the same thing if I hadn't looked at the Sanesecurity
file first. I think "UNOFFICIAL" is just a tag that is added on
> Thanks
>
> I ad put in
> MBL_200562.UNOFFICIAL
>
> instead of
> MBL_200562
>
> I reloaded clamav and now it works.
>
Glad you got it sorted.
Just to clarify, don't add the .UNOFFICIAL to *any* signature names that
you wish to whitelist (add to the .ign2 file)
It confused me at first too, why s
@lists.clamav.net
Subject: Re: [clamav-users] Access has been denied page
On 4/14/2011 9:31 AM, Antonio Pereira wrote:
> Hello,
>
> I have tried this again today and am getting this message still. Do I need
> to do something on my system so it does not filter this?
>
> ---
gt; [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Steve Basford
> Sent: April-13-11 3:46 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] Access has been denied page
>
>> Hello,
>>
>> I have a user that receives an email from a legitimate online newspape
: April-13-11 3:46 PM
To: ClamAV users ML
Subject: Re: [clamav-users] Access has been denied page
> Hello,
>
> I have a user that receives an email from a legitimate online newspaper
> site and since Monday they click on links in that email address and DG
> blocks the page with the fo
> Hello,
>
> I have a user that receives an email from a legitimate online newspaper
> site and since Monday they click on links in that email address and DG
> blocks the page with the following message
>
> Virus MBL_200562.UNOFFICIAL found
>
Hi,
Although it's a not a Sanesecurity signature but
On 2011-04-13 22:31, Antonio Pereira wrote:
> I use a Smoothwall firewall. and clamav in added on.
>
> if I look at the location of the database directory. I do not see a
> local.ign2. Do I create one and will it work with this Smoothwall firewall?
>
Yes, create a local.ign2 in the same place t
...@lists.clamav.net] On Behalf Of Török Edwin
Sent: April-13-11 3:20 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] Access has been denied page
On 2011-04-13 22:10, Antonio Pereira wrote:
> Hello,
>
> I have a user that receives an email from a legitimate online newsp
On 2011-04-13 22:10, Antonio Pereira wrote:
> Hello,
>
> I have a user that receives an email from a legitimate online newspaper site
> and since Monday they click on links in that email address and DG blocks the
> page with the following message
>
> Virus MBL_200562.UNOFFICIAL found
>
> Is th
30 matches
Mail list logo
