On Mon, 19 Jan 2004 08:46:36 -0600
Jim Ramsay <[EMAIL PROTECTED]> wrote:
> I was a bit confused when I first tried writing a script to connect to
>
> clamd 0.65 on a remote server and do scanning via the STREAM command:
>
> 1 - I expected to be able to do multiple commands per TCP session...
> f
On Mon, 19 Jan 2004 17:02:44 +0100
Laurent Wacrenier <[EMAIL PROTECTED]> wrote:
> IMHO, the main misfit of the STREAM command is the random TCP
> port. You have to open your firewall to allow any connection to any
> port from clamd clients to servers.
Today night, I will add an option that will a
On Mon, 19 Jan 2004 10:56:48 -0600
Jim Ramsay <[EMAIL PROTECTED]> wrote:
> > PING/PONG is useless. It could have been better if the server had
> > send a banner at connection startup.
>
> Good point - that's much better for determining server state upon
> connection. This banner should also inc
On Mon, 19 Jan 2004 23:32:07 -0700
Tommy McNeely <[EMAIL PROTECTED]> wrote:
> Ouch... ok, so does anyone know if I installed gcc and used that if
> the problem goes away (I am not using 64bit mode on the Sun
Yeah, that should help.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PRO
Kevin Spicer wrote:
I guess it depends on how much mail you handle! To put mine in
perspective I'm talking a daily load of only about 7000 messages of
which only about 3-4000 will be incoming. So probably about 1% of
incoming mail is Bagle (thats pretty much in line with the figures
message lab
On Tue, 2004-01-20 at 11:12, Fajar A. Nugraha wrote:
> Kevin Spicer wrote:
>
> >I guess it depends on how much mail you handle! To put mine in
> >perspective I'm talking a daily load of only about 7000 messages of
> >which only about 3-4000 will be incoming. So probably about 1% of
> >incoming m
Le Mar 20 jan 11:27:27 2004, Tomasz Kojm écrit:
> > > PING/PONG is useless. It could have been better if the server had
> > > send a banner at connection startup.
> >
> > Good point - that's much better for determining server state upon
> > connection. This banner should also include the clamd v
Le Mar 20 jan 11:23:35 2004, Tomasz Kojm écrit:
> > IMHO, the main misfit of the STREAM command is the random TCP
> > port. You have to open your firewall to allow any connection to any
> > port from clamd clients to servers.
>
> Today night, I will add an option that will allow to limit the port
Tomasz Kojm wrote:
On Mon, 19 Jan 2004 08:46:36 -0600
Jim Ramsay <[EMAIL PROTECTED]> wrote:
1 - I expected to be able to do multiple commands per TCP session...
for example:
Done (grab the latest version from CVS) - you can start a clamd session
with SESSION and finish it with END:
Excellent! I'l
Jim Ramsay wrote:
I like that, it's probably less ambiguous than SHUTDOWN.
Um... I think I meant that SHUTDOWN is less ambiguous than QUIT.
"What, me fail English? That's unpossible!"
--
Jim Ramsay
---
The SF.Net email is sponsored by Eclips
Le Mar 20 jan 09:01:29 2004, Jim Ramsay écrit:
> >I like that, it's probably less ambiguous than SHUTDOWN.
>
> Um... I think I meant that SHUTDOWN is less ambiguous than QUIT.
Probably true if you don't know the shutdown(2) system call who
half-close a socket :-)
> "What, me fail English? That
Hi,
Just to let you know, I am receiving these errors:
ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from database.clamav.net (209.204.175.217)
ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from database.clamav.net (195.70.36.141)
ERROR: Malform
Title: Message
With the release of
thei Bagle/Beagle/whatever worm, I was asked to check if our scanner (clamav)
was updated to catch it. In previous versions of ClamAV, when the virus
definition file was plaintext, that was easy for me as I would just grep the
virus file and see if the vir
On Tue, 20 Jan 2004 12:52:25 +0100
Laurent Wacrenier <[EMAIL PROTECTED]> wrote:
> > > Without saying 'stream: VIRUSNAME FOUND'? That's bad.
> >
> > No, it won't do that !
>
> As far I guess "stream:" is the "file name". What if the file name
> containts ": " or if the virus string contraints "F
Kevin Hanser wrote:
With the release of thei Bagle/Beagle/whatever worm, I was asked to
check if our scanner (clamav) was updated to catch it. In previous
versions of ClamAV, when the virus definition file was plaintext, that
was easy for me as I would just grep the virus file and see if the
i think you can also transform the CVD file into a human readable thing?
i'm not sure, but if you do: sigtool --unpack-current daily.cvd
you get a human readable viruses.db, i'm not sure where this is actually
generated from? (your system or the online database?)
does anyone know where?
cheers
jonathan soong wrote:
i think you can also transform the CVD file into a human readable thing?
i'm not sure, but if you do: sigtool --unpack-current daily.cvd
you get a human readable viruses.db, i'm not sure where this is
actually generated from? (your system or the online database?)
does anyon
Has anyone noticed that enabling the LogSyslog option causes everything
to be logged twice? Or is it just something odd on my machine (sample
below)?
Jan 20 00:11:02 gateway clamd[19226]: Reading databases from
/var/lib/clamav
Jan 20 00:11:02 gateway clamd[19226]: Reading databases from
/var/l
hmm
yes clamav does detect Bagle now, but when we first got hit with Bagle
it was undetected for about 2 hours...
(i.e. clamav virus db was about 2 hours behind our first sighting of
it). I was just wondering how to
add virus signatures to our own database immediately (the signatures.pdf
file sa
Build of clamav-0.65 on OSX 10.1.4 dies in the following manner:
/usr/bin/ld: warning unused multiple definitions of symbol _optarg
"link editor" definition of _optarg in section (__DATA,__common)
/usr/lib/libSystem.dylib(getopt.o) unused definition of _optarg
/usr/bin/ld: warning unused multiple
Hi Guys,
I spent some time in the list archives looking for an answer on this and I
may of missed it. Has the issue of Clamav missing known and detected (when
in binary form anyway) virii when they are attached to an email (mime
encoded), mbox or Maildir, been solved?
Just curious.
Shawn
--
Hi,
I am using clamdscan with qmail in conjuction with dot-qmail files.
I have in .qmail
| /usr/local/bin/clamdscan -; [ $? != 1 ] || exit 99
./Maildir/
# ps aux | grep clamd
root 7967 0.0 4.2 29396 10776 ? S20:54 0:00 clamd
When I send a eicar test vrus it was caught properly
On Tue, 20 Jan 2004 09:01:40 +0100, Tomasz Kojm wrote:
> On Mon, 19 Jan 2004 23:32:07 -0700
> Tommy McNeely <[EMAIL PROTECTED]> wrote:
>
>> Ouch... ok, so does anyone know if I installed gcc and used that if the
>> problem goes away (I am not using 64bit mode on the Sun
>
> Yeah, that should help
23 matches
Mail list logo
