Please update your database immediately !
TK
--
oo. [EMAIL PROTECTED]
(\/)\. http://www.konarski.edu.pl/~zolw
\..._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensiswww.pajacyk.pl
--
First, is there a searchable version of the mailing
list?
Presently I use mailscanner with sendmail, and have
configured it to use sophos. This works very nice, but not free. Can clamav be
incorporated to work in mailscanner, or is there another way to scan all user
mailboxes? Almost all
Changes:
Thu Jun 5 14:38:20 CEST 2003
-
* clamd: new directive - AllowSupplementaryGroups (feature requested by
exiscan users)
* freshclam: new options --on-error-execute, --on-update-execute (suggested
by Douglas J Hunley <[EMAIL PROTECTE
Original Message
> From Tomasz Kojm <[EMAIL PROTECTED]>
> Date: Thursday, 05 Jun 2003, 16:22
>
> Please update your database immediately !
Out of interest how does clamav cope with the polymorphic nature of this
virus. At least according to the descriptions I've read it's
polymorphic
There are many versions of FortNight (IFrame exploits). The one you
mention is version JS.FortNight.E - this was added to the signature
database yesterday (04-june-2003 20:45).
Best regards,
Diego d'Ambra
-Original Message-
From: Fajar Arief Nugraha [mailto:[EMAIL PROTECTED]
Sent: 5. jun
With my database updated Wedensday, Jun 4th at 1800 hours, this
fortnight.eml doesn't get tripped by clamdscan.
clamdscan fortnight.eml
/home/admin/fortnight.eml: OK
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.024 sec (0 m 0 s)
> -Original Message-
> From: Fajar Arief
Looks like a new variant. I can't get Trend, Kaspersky or NAI to detect
it.
This is the difference:
Your mail:
http://www001.upp.so-net.ne.jp:[EMAIL PROTECTED]/m
.=
htm"=20
width=3D0>
My mail:
http://www001.upp.so-net.ne.jp:[EMAIL PROTECTED]/m
.=
htm"=20
width=3D0 height=3D0>
If you alrea
On Saturday 31 May 2003 10:14 pm, Flinn Mueller wrote:
> I'm working on it...
>
> - Original Message -
> From: "marrandy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, May 31, 2003 10:11 PM
> Subject: [clamav-users] OpenBSD v3.3 - tgz install (no port)
>
>
> > Hello.
>
Hi,
I know clamav supposed to know FortNight
(http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=27893) virus already :
bash-2.03# cat viruses.db|grep -i fortnight
Exploit.FortNight
(Clam)=3c4449563e3c494652414d45207372633d334422687474703a2f2f772e70726f73746f6c2e636f6d2f6d2e68746d6c222077
I sent it to [EMAIL PROTECTED]
You could also see it here :
http://antispam.or.id/fortnight.eml
Diego d'Ambra wrote:
Could you drop me a mail sample - I will then take a look at it. Please
upload the sample to a web-site to prevent other scanners from stopping
your mail.
Best regards,
Diego d'A
Could you drop me a mail sample - I will then take a look at it. Please
upload the sample to a web-site to prevent other scanners from stopping
your mail.
Best regards,
Diego d'Ambra ([EMAIL PROTECTED])
-Original Message-
From: Fajar Arief Nugraha [mailto:[EMAIL PROTECTED]
Sent: 5. juni
Quick introduction:
http://clamav.elektrapro.com/doc/signatures.pdf
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED]
(\/)\. http://www.konarski.edu.pl/~zolw
\..._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinen
Nope. Email still gets thru. Database was updated. Sent sample to
[EMAIL PROTECTED]
bash-2.03# grep -i fortnight viruses.db
Exploit.FortNight
(Clam)=3c4449563e3c494652414d45207372633d334422687474703a2f2f772e70726f73746f6c2e636f6d2f6d2e68746d6c222077696474683d3344303d3230
JS.FortNight.E
(Cla
Well, I have the same problem too.
Symantec Email Proxy deleted the following email message:
From: "Diego d'Ambra" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: [clamav-users] FortNight virus
I got this reply from norton after i enable email scanning immediately after
Fajar wrote his
Please update your database as soon as possible. The worm spreads extremely
fast, it's also able to infect windows (Portable Executable) files.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED]
(\/)\. http://www.konarski.edu.pl/~zolw
\..._ I
> Hello,
>
> I often receiving this virus, today and my viruses.db
> is updated.
No, your database isn't up to date.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED]
(\/)\. http://www.konarski.edu.pl/~zolw
\..._ I nie zapomnij kliknac w
Maybe you have an old version of MailScanner but they fully support
ClamAV now together with 14 other scanners.
http://www.sng.ecs.soton.ac.uk/mailscanner/readme.shtml
You just have to change this line in MailScanner.conf from sophos to
clamav:
Virus Scanners = clamav
/Peter Bonivart
--Unix l
Tomasz,
I'm sorry. Please, forget the previous message.
I don't know how the virus passed throught the
anti-virus, but, when I tryed to send you, the
anti-virus blocked the message.
May by it was in the mail queue before I update
the database.
Ronan
On Thu, 5 Jun 2003 18:11:32 -0300
Ronan Luci
As far as stable (.54) goes that last time I checked I think it(my port)
worked. All my notes are here:
http://www.activeintra.net/openbsd/article.php?id=5
I'd love to say real soon, but I am running into a small issue that maybe
someone who is more fluent can help with. The problem is that whe
I'm using exim+exiscan-acl+clamav, with demime on, which would feed Clam
with a directory containing orignal mail, decoded message (I think), and
all attachments.
Could it be that different FortNight variants connects to different
URLS? That would make the pattern different too, right?
Diego d'
Hmm, here Clam has detected several JS.FortNight.E, the mentioned IFRAME
tag looks same as mine.
Are you sure you let Clam have "a go" on the e-mail? JS.FortNight.E is
not an attachment, just an IFRAME HTML tag.
Best regards,
Diego d'Ambra
-Original Message-
From: Fajar Arief Nugraha [ma
[EMAIL PROTECTED]
undisclosed-recipients:
--
Warning: Message delivery wasn't performed.
Reason: Our virus scanner detected very suspicious code in
the attachment of a mail addressed to a user of our system.
The following messag
Tomasz,
On Thu, 5 Jun 2003 17:16:46 +0200 (CEST)
Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > I often receiving this virus, today and my viruses.db
> > is updated.
>
> No, your database isn't up to date.
Thank you very much, after I update the viruses database,
it started detecti
23 matches
Mail list logo
