Re: [Clamav-users] Correct clamav-milter options to --postmaster-only

On Tuesday 02 Mar 2004 12:58 am, Stevens, John wrote: > >Please post an example of the bounce message, then I can see where it's > > coming from. > From: MAILER-DAEMON > To: [EMAIL PROTECTED] > CC: [EMAIL PROTECTED] > Subject: Virus intercepted > A message you sent to [EMAIL PROTECTED] contained a

Re: [Clamav-users] Re: debian-sid package broken

Derrick 'dman' Hudson schrieb: On Tue, Mar 02, 2004 at 12:00:28PM +0800, Me Its wrote: | I am using debian - sid, but I got error when I apt-get upgrade, when | it tries to install the new ClamAV | What should I do next ? Look for a related bug report on http://bugs.debian.org. If there is non

Re: [Clamav-users] How to disable notification

On Tuesday 02 Mar 2004 7:04 am, Janis wrote: > I'd like to know whether is it possible to disable sending of notification > to sender of incomming mail about the virus in the e-mail. "man clamav-milter" will tell you. > Janis -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, B

Re: [Clamav-users] password protected zip file

On Tue, Mar 02, 2004 at 03:07:31PM +0800, kengheng wrote: > Hi, Can clamav detected those virus that is protected by a password in a zipped file? No -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed.

RE: [Clamav-users] password protected zip file

> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Erik Corry > Sent: 2. marts 2004 09:10 > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] password protected zip file > > On Tue, Mar 02, 2004 at 03:07:31PM +0800, kengheng wrote: > > H

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

On Mon, 01 Mar 2004 at 21:04:55 -0500, Derrick 'dman' Hudson wrote: > > Is the zip file really encrypted, or is the password just an Really. > "advisory" flag that an unzip tool is supposed to honor? If its the > latter, then clamav could just ignore the password to unpack and scan > the archiv

Re: [Clamav-users] Clamd problem Solaris 8

On Tue, 2 Mar 2004 07:51:30 +0100 "Clamav" <[EMAIL PROTECTED]> wrote: > Tue Mar 2 02:56:35 2004 -> Session 0 stopped due to timeout. > Tue Mar 2 03:05:02 2004 -> +++ Started at Tue Mar 2 03:05:02 2004 > > Is this a known problem ? Yes, it is. Please update to the CVS version. -- oo..

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

On Tue, 2 Mar 2004, Tomasz Papszun wrote: > So please folks, stop submitting encrypted zip files (without a full > message) to us as it's quite impossible to create a signature for them. Does this mean you still want samples including the full message? Jeffrey Moskot System Administrator [EMAIL P

Re: [Clamav-users] FYI: clamav-devel-20040301 build error on Solaris

On Tue, 02 Mar 2004 12:58:57 +0700 "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote: > Sure enough, I found these files on source tarball: > ./clamd/dazukoio.o > ./clamd/dazukoio_compat12.o > > Deleted these files, and clamav compiles OK. Fixed, thanks. -- oo. Tomasz Kojm <[EMAI

Re: [Clamav-users] clamdscan: input via stdin

When I run clamdscan this way I get an OK-message and return value of 0 when there is no virus. I don't get any messages if the e-mail contains a virus, only a return value of 141. Is this OK? According to the man page I should get 0 1 or 2. Marc Adam Webb - Network Manager wrote: cat file

Re: [Clamav-users] password protected zip file

Erik Corry wrote: Hi, Can clamav detected those virus that is protected by a password in a zipped file? No Generally no, except in the case of Worm.Bagle.F-zippwd (Trend Micro identifies it as Worm.Bagle.F-1). There's another thread about it (password-protected Worm.Bagle.F). See archiv

Re: [Clamav-users] clamav 0.65 not detecting Worm.Bagle.F

On Tue, 02 Mar 2004 at 15:00:16 +0800, Joey Esquibal wrote: [...] > I have successfully configured MailScanner with ClamAV-0.65. Tested it [...] > Any help of pointers are greatly appreciated. Please upgrade. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED]

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

On Tue, 02 Mar 2004 at 3:38:32 -0500, jef moskot wrote: > On Tue, 2 Mar 2004, Tomasz Papszun wrote: > > So please folks, stop submitting encrypted zip files (without a full > > message) to us as it's quite impossible to create a signature for them. > > Does this mean you still want samples includ

Re: [Clamav-users] clamdscan: input via stdin

Adam Webb - Network Manager wrote: cat filename | clamdscan - Marc Cuypers [EMAIL PROTECTED] wrote: Hi, I'm running clamav 0.60 on Debian. Can I 'cat' a file to clamdscan, or must it be a physical file on the disk? Thanks for your time, --Marc When I run clamdscan this way (cat filename |

[Clamav-users] Re: How to disable notification

"Janis" <[EMAIL PROTECTED]> ???/ ? ?: news:[EMAIL PROTECTED] > Hi! > > I am using clamav/sendmail to scan mail for viruses. > > I'd like to know whether is it possible to disable sending of notification > to sender of incomming mail about the virus in the e-mail. > >

[Clamav-users] What is the problem?

clamscan -V clamscan / ClamAV version 0.67 freshclam -V freshclam / ClamAV version 0.67 ccabbccacaa.zip : D:\Attachments\ccabbccacaa.zip is infected with the [EMAIL PROTECTED] virus output from NAV/Symantec clamscan ccabbccacaa.zip Known viruses: 20742 Scanned directories: 0 Scanned files: 1 I

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

On Tue, 2 Mar 2004, Tomasz Papszun wrote: > As usually: only if ClamAV with an up-to-date database isn't detecting > an infection in a sample. In this particular case "a sample" = "a full > message sample". Roger that. Up until a few minutes ago, a few samples had gotten through, but things look

Re: [Clamav-users] What is the problem?

Adrian Gurbina (main) wrote: ccabbccacaa.zip : D:\Attachments\ccabbccacaa.zip is infected with the [EMAIL PROTECTED] virus output from NAV/Symantec so clamscan dont know any virus related to Beagle? i use the latest update related to the virus database how do we fix this problem? try out http://ww

Re: [Clamav-users] password-protected Worm.Bagle.F

About the password-encrypted zip file virusses, is there any information available on the web about this? I like to instruct my users about this new infection method. David Jansen --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Bu

Re: [Clamav-users] password-protected Worm.Bagle.F

David Jansen wrote: About the password-encrypted zip file virusses, is there any information available on the web about this? Try this http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.G Regards, Fajar --- SF.Net is s

Re: [Clamav-users] What is the problem?

On Tue, 2 Mar 2004, Adrian Gurbina (main) wrote: > clamscan -V > clamscan / ClamAV version 0.67 > > freshclam -V > freshclam / ClamAV version 0.67 > > ccabbccacaa.zip : D:\Attachments\ccabbccacaa.zip is infected with the > [EMAIL PROTECTED] virus output from NAV/Symantec > > clamscan ccabbccacaa.

[Clamav-users] clamav stops running

I frequently have to run clamav manually, what makes to stop? Is there a way to re-run it automatically! --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit fro

AW: [Clamav-users] clamav stops running

> > I frequently have to run clamav manually, what makes to stop? Is > there a way to re-run > it automatically! Read the ML-History , you will find some restartscripts for clamd. make a cronjob */1 * * * * for it. --- SF.Net is sponsored b

Re: AW: [Clamav-users] clamav stops running

Power-Netz (Schwarz) wrote: I frequently have to run clamav manually, what makes to stop? Is there a way to re-run it automatically! Read the ML-History , you will find some restartscripts for clamd. make a cronjob */1 * * * * for it. I personally run clamd under daemontools as I'm already runn

AW: AW: [Clamav-users] clamav stops running

> I personally run clamd under daemontools as I'm already running > daemontools for qmail. Works a treat. > > You can find daemontools at http://cr.yp.to/daemontools.html That will not help you, because clam will stop working, not crashing. ---

Re: AW: AW: [Clamav-users] clamav stops running

Power-Netz (Schwarz) wrote: I personally run clamd under daemontools as I'm already running daemontools for qmail. Works a treat. You can find daemontools at http://cr.yp.to/daemontools.html That will not help you, because clam will stop working, not crashing. Works just fine for me - my spam

Re: AW: AW: [Clamav-users] clamav stops running

> Power-Netz (Schwarz) wrote: > >>>I personally run clamd under daemontools as I'm already running >>>daemontools for qmail. Works a treat. >>> >>>You can find daemontools at http://cr.yp.to/daemontools.html >> >> >> That will not help you, because clam will stop working, not crashing. > > Works j

Re: [Clamav-users] password-protected Worm.Bagle.H

> Worm.Bagle.H found in unzipped file. It\'s impossible > to create signature of encrypted zip file. This new infection method is likely to drive us nuts. This is the password-less workaround I've come up with and your input is appreciated. The unix unzip output looks like so: $ uvscan -lv

AW: AW: AW: [Clamav-users] clamav stops running

>> That will not help you, because clam will stop working, not crashing. > > > > Works just fine for me - my spamd occasionally dies, but never hangs > > with the daemon still running. > > > > daemontools is said to work on unix only, what is the altenative in linux? supervise .. but , as said, i

Re: AW: AW: [Clamav-users] clamav stops running

Japhet Samson wrote: Power-Netz (Schwarz) wrote: I personally run clamd under daemontools as I'm already running daemontools for qmail. Works a treat. You can find daemontools at http://cr.yp.to/daemontools.html That will not help you, because clam will stop working, not crashing. Works just

Re: AW: AW: [Clamav-users] clamav stops running

On Tuesday 02 March 2004 12:17 pm, Japhet Samson wrote: > > Power-Netz (Schwarz) wrote: > >>>I personally run clamd under daemontools as I'm already running > >>>daemontools for qmail. Works a treat. > >>> > >>>You can find daemontools at http://cr.yp.to/daemontools.html > >> > >> That will not h

Re: AW: AW: AW: [Clamav-users] clamav stops running

Power-Netz (Schwarz) wrote: That will not help you, because clam will stop working, not crashing. Works just fine for me - my spamd occasionally dies, but never hangs with the daemon still running. daemontools is said to work on unix only, what is the altenative in linux? supervise .. but , as

Re: [Clamav-users] password-protected Worm.Bagle.H

On Tue, 02 Mar 2004 at 4:14:52 -0800, [EMAIL PROTECTED] wrote: > > > Worm.Bagle.H found in unzipped file. It\'s impossible > > to create signature of encrypted zip file. > > This new infection method is likely to drive us nuts. This is the > password-less workaround I've come up with and your i

RE: [Clamav-users] password-protected Worm.Bagle.H

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > > This new infection method is likely to drive us nuts. This > is the password-less workaround I've come up with and your > input is appreciated. > The unix unzip output looks like so: > >$ u

Re: AW: AW: AW: [Clamav-users] clamav stops running

Power-Netz (Schwarz) wrote: supervise .. but , as said, it won't help it the demon stops answering but does not crash at all. Try searching archive for posts on "clamd monitoring" A useful link http://mikecathey.com/code/clamdwatch/ This should check whether clamd is working or not (i.e hung, d

RE: [Clamav-users] password-protected Worm.Bagle.H

> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: 2. marts 2004 13:15 > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] password-protected Worm.Bagle.H > > Suggestions? There are really easy ways for the vir

AW: AW: AW: AW: [Clamav-users] clamav stops running

> > > supervise .. but , as said, it won't help it the demon stops > answering but > > does not > > crash at all. > > supervise is part of daemontools. good to know, i never installed / compilied or viewed daemontools :-)) ( multi admin server )

[Clamav-users] Errors - need some help

ClamAV users; I could use a bit of direction here. I've just installed clamd from RPM on a RH linux server running EXIM. with the exiscan-acl patch. When I enable an ACL for Scan at DATA time I get the following error in the log files 2004-02-27 08:59:04 1AwiW8-NF-Lk malware acl condition:

AW: [Clamav-users] Clamd problem Solaris 8

gcc -g -O2 -o .libs/clamd options.o cfgfile.o clamd.o tcpserver.o localserver.o session.o thrmgr.o Hi! I tried the latest snapshot with size > 1kB (20040301) and had a compilation problem on Solaris 8!! server-th.o scanner.o others.o clamuko.o dazukoio_compat12.o dazukoio.o tests.o ../clamscan

[Clamav-users] Wanted

Hello Community, We suspect that ClamAV is missing a signature against Welchia.B (Nachi.B). If someone has a sample please submit it through http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi Thanks in advance... Best regards, Diego d'Ambra smime.p7s Description: S/MIME cryptographic signatur

Re: [Clamav-users] Errors - need some help

On Tue, 2004-03-02 at 13:36, Kevin Barrett wrote: > ClamAV users; > > > I could use a bit of direction here. I've just installed clamd from RPM on > a RH linux server running EXIM. with the exiscan-acl patch. When I enable > an ACL for Scan at DATA time I get the following error in the log fil

Re: AW: [Clamav-users] clamav stops running

On Tuesday 02 Mar 2004 11:40 am, Darren Honeyball [ML] wrote: > Power-Netz (Schwarz) wrote: > >>I frequently have to run clamav manually, what makes to stop? Is > >>there a way to re-run > >>it automatically! > > > > Read the ML-History , you will find some restartscripts for clamd. > > make a cron

Re: [Clamav-users] Errors - need some help

ClamAV users; I could use a bit of direction here. I've just installed clamd from RPM on a RH linux server running EXIM. with the exiscan-acl patch. When I enable an ACL for Scan at DATA time I get the following error in the log files 2004-02-27 08:59:04 1AwiW8-NF-Lk malware acl condition:

Re: [Clamav-users] clamav stops running

On Tue, 2 Mar 2004 15:17:37 +0300 (EAT) "Japhet Samson" <[EMAIL PROTECTED]> wrote: > > Power-Netz (Schwarz) wrote: > > > >>>I personally run clamd under daemontools as I'm already running > >>>daemontools for qmail. Works a treat. > >>> > >>>You can find daemontools at http://cr.yp.to/daemontools

[Clamav-users] Re: password-protected Worm.Bagle.F

On Tue, Mar 02, 2004 at 09:37:48AM +0100, Tomasz Papszun wrote: | On Mon, 01 Mar 2004 at 21:04:55 -0500, Derrick 'dman' Hudson wrote: | > | > Is the zip file really encrypted, or is the password just an | | Really. Oh, ok. I guess zip files can be more secure than I assumed at first. -D -- I

[Clamav-users] database reloading (waiting)

Hi all I run clamd version 0.67 (which is super-stable!) + clam-milter + sendmail 8.12. Suddenly clamd is struggling to load the db and reports the "waiting" as listed below. Updates happen at 32 minutes past the hour. While clamd was waiting for the db, my smtp service chugged along so slowly t

[Clamav-users] German Language

Hi all,   i would like to have clamav send its messages in german. where can i edit these text? or anyone done this before?   Regards   Rudi

RE: [Clamav-users] password-protected Worm.Bagle.H

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Diego > d'Ambra > Sent: Tuesday, March 02, 2004 4:55 AM > To: [EMAIL PROTECTED] > Subject: RE: [Clamav-users] password-protected Worm.Bagle.H > > > > -Original Message- > > From: [EMAIL PROTECTED]

Re: [Clamav-users] password-protected Worm.Bagle.H

On Tue, Mar 02, 2004 at 07:38:59AM -0800, Mitch (WebCob) wrote: > > Seeing how quickly this could get out of hand, and how hard it would be to > write code to "read" the password from the mail - how about a simple option > that allows full rejection of password encrypted archives - or optional > (

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

At 10:04 AM 3/2/2004 +0100, Tomasz Papszun wrote: As usually: only if ClamAV with an up-to-date database isn't detecting an infection in a sample. In this particular case "a sample" = "a full message sample". OK - I am still receiving emails containing a PW-protected zip with this virus. Should I

[Clamav-users] clamav and netsky.d

hi Guys.. i there a update for netsky.d ? BYE --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_i

[Clamav-users] German Language HTML

sry for the html, outlook default :-) again, anyone having locales for clamav? german in special! Regards Rudi --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software

[Clamav-users] virus not detected one but detected on another machine

Hi, I have a strange problem. I have two email servers. Both are Redhat 7.3 and using qmail. I have installed clamav 0.65 from the source on Machine A. Then I installed clamav 0.67 On Machine B I have installed clamav 0.67 the first time. I am using gadoyanvirus 0.2 as the link between qmail a

[Clamav-users] virus not detected one but detected on another machine

Hi, I have a strange problem. I have two email servers. Both are Redhat 7.3 and using qmail. I have installed clamav 0.65 from the source on Machine A. Then I installed clamav 0.67 On Machine B I have installed clamav 0.67 the first time. I am using gadoyanvirus 0.2 as the link between qmail a

RE: [Clamav-users] password-protected Worm.Bagle.H

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Erik Corry > > The question is how much of a problem it really is. Are users > really that dumb? > > What I'm wondering is whether the encrypted version of the > virus can be created by the unencr

Re: [Clamav-users] Errors - need some help

On Tue, Mar 02, 2004 at 08:36:06AM -0500, Kevin Barrett said: > ClamAV users; > > > I could use a bit of direction here. I've just installed clamd from RPM on > a RH linux server running EXIM. with the exiscan-acl patch. When I enable > an ACL for Scan at DATA time I get the following error in

[Clamav-users] ClamAV 0.67 memory leak

Anyone seen this... 3843 ?S 0:00 clamd 3846 ?S 0:01 \_ clamd 3847 ?S 0:03 \_ clamd when i cat the /proc/3843/status file... Name: clamd State: S (sleeping) Tgid: 3843 Pid:3843 PPid: 1 TracerPid: 0 Uid:0 0 0 0 G

RE: [Clamav-users] Re: password-protected Worm.Bagle.F

> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of B.K. DeLong > Sent: 2. marts 2004 17:06 > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Re: password-protected Worm.Bagle.F > > OK - I am still receiving emails containing a PW-prot

Re: [Clamav-users] clamav and netsky.d

Vpopmail Mailinglist wrote: hi Guys.. i there a update for netsky.d ? Clamav detect it for 2 days! Just run freshclam. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD

Re: [Clamav-users] password-protected Worm.Bagle.H

The question is how much of a problem it really is. Are users really that dumb? What I'm wondering is whether the encrypted version of the virus can be created by the unencrypted version, or whether the encrypted versions of the virus we have seen have all been produced by actual encrypted-zip in

[Clamav-users] Archive Not Working?

The archive for the mailing list seems to have stopped around the 14th of January. Can the admins take a look at that and figure out why? Yay sourceforge! Tom Walsh Network Administrator http://www.ala.net/ --- SF.Net is sponsored by: Speed

[Clamav-users] For those using Procmail - a simple rule to hinder the Bagle-I virus

Maybe OT - but its a decent interim fix so people can continue sending large(r) Zips. SO - not sure if this is OT or what, but if you use procmail as the delivery agent on your system, this rule below will catch the ZIPs under 250k in size and having 'password:' somewhere in the body. Not pe

Re: [Clamav-users] Clamd problem Solaris 8

On Tue, 2 Mar 2004 14:50:43 +0100 "Clamav" <[EMAIL PROTECTED]> wrote: > gcc -g -O2 -o .libs/clamd options.o cfgfile.o clamd.o tcpserver.o > localserver.o session.o thrmgr.o Hi! > I tried the latest snapshot with size > 1kB (20040301) and had a > compilation problem on Solaris 8!! > > > Is this a

Re: [Clamav-users] Re: password-protected Worm.Bagle.F

On Tue, 02 Mar 2004 at 11:05:53 -0500, B.K. DeLong wrote: > At 10:04 AM 3/2/2004 +0100, Tomasz Papszun wrote: > >As usually: only if ClamAV with an up-to-date database isn't detecting > >an infection in a sample. In this particular case "a sample" = "a full > >message sample". > > OK - I am still

Re: [Clamav-users] virus not detected one but detected on another machine

On Tue, 2004-03-02 at 12:21, P.V.Anthony wrote: > The only diffrence I can see is that on machine A I installed clamav 0.65 > then installed 0.67. So what part of "0.67 works better and I should install it on machine A" are you missing? > > Is there anything else I can do or check? Check if it

[Clamav-users] Clamav on NetBSD

I have searched the archives and tried multiple versions but appear to be unable to compile Clamav on NetBSD. It fails in compiling freshclam with an undefined reference to 'parsecfg'. Can anyone give me a cluestick hit on what I am missing or reference to RTFM spot it would be greatly appreci

[Clamav-users] Some more evidence for my last mail ...

Hey there, in my last mail I told that clamscan founds the virus while clamd doesn't. Here's some more evidence for this: sh-2.04$ /usr/local/clamav-0.67/bin/clamscan ./your_archive.pif ./your_archive.pif: Worm.SomeFool.B-petite FOUND --- SCAN SUMMARY --- Known viruses: 20355 Scann

[Clamav-users] netsky-d found by clamscan but not by clamd?

hey folks, I'm running clam-av 0.67 in combination with amavisd-new. With nearly never a virus slipping through, thanks to the devs. But recently a lot of viruses started to slip through. Checking it on the same machine, extracting the attachment by hand it is detected by clamscan, so it must be c

Re: [Clamav-users] password-protected Worm.Bagle.H

On Tue, Mar 02, 2004 at 11:59:19AM -0600, John Jolet wrote: > >> The question is how much of a problem it really is. Are users >> really that dumb? > > yes, they are. i've gotten about 10 of those in the last 3 days. That doesn't actually prove that anyone typed in the password and got infected

Re: [Clamav-users] For those using Procmail - a simple rule to hinder the Bagle-I virus

On Tue, 02 Mar 2004 at 11:18:25 -0700, Support ePaxsys/FRWS wrote: > Maybe OT - but its a decent interim fix so people can continue sending > large(r) Zips. > > SO - not sure if this is OT or what, but if you use procmail as the > delivery agent on your system, this rule below will catch the ZIP

Re: [Clamav-users] Some more evidence for my last mail ...

Thomas, On Tue, 2004-03-02 at 14:09, Thomas Seifert wrote: > in my last mail I told that clamscan founds the virus while clamd doesn't. > Here's some more evidence for this: Reload clamd and see if that makes a difference. It sounds like freshclam may not be telling clamd to reload the virus dat

[Clamav-users] Can somebody help me with this error message?

Hi. Exim 4.2 with Exiscan clamav 0.66 on a separate server NetBSd 1.6.2 on both servers The sacans are happening but this is the messa ge I receive in my log files 2004-03-02 15:18:38 1AyGLe-mS-J3 H=h207-176-232-131.enertiatech.com (enertia1.enertiatech.com) [207.176.232.131] F=<[EMAIL PROTE

Re: [Clamav-users] Some more evidence for my last mail ...

On Tue, 02 Mar 2004 at 20:09:08 +0100, Thomas Seifert wrote: > > in my last mail I told that clamscan founds the virus while clamd doesn't. > Here's some more evidence for this: > > sh-2.04$ /usr/local/clamav-0.67/bin/clamscan ./your_archive.pif > ./your_archive.pif: Worm.SomeFool.B-petite FOUND

Re: [Clamav-users] ClamAV 0.67 memory leak

On Tue, 2 Mar 2004 19:39:23 +0200 Nigel Kukard <[EMAIL PROTECTED]> wrote: > Anyone seen this... > > 3843 ?S 0:00 clamd > 3846 ?S 0:01 \_ clamd > 3847 ?S 0:03 \_ clamd > > when i cat the /proc/3843/status file... Please post your clamav.conf. --

RE: [Clamav-users] Correct clamav-milter options to --postmaster-only

-Original Message- From: Nigel Horne [mailto:[EMAIL PROTECTED] Sent: Tuesday, 2 March 2004 6:46 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Correct clamav-milter options to --postmaster-only >>On Tuesday 02 Mar 2004 12:58 am, Stevens, John wrote: >> >Please post an example of the

Re: [Clamav-users] Can somebody help me with this error message?

On Tue, Mar 02, 2004 at 03:13:55PM -0500, Frank DeChellis said: > Hi. > > Exim 4.2 with Exiscan > clamav 0.66 on a separate server > NetBSd 1.6.2 on both servers > > The sacans are happening but this is the messa ge I receive in my log files > > 2004-03-02 15:18:38 1AyGLe-mS-J3 H=h207-176-23

[Clamav-users] Re: virus not detected one but detected on another machine

russ wrote: On Tue, 2004-03-02 at 12:21, P.V.Anthony wrote: The only diffrence I can see is that on machine A I installed clamav 0.65 then installed 0.67. So what part of "0.67 works better and I should install it on machine A" are you missing? Is there anything else I can do or check? Check

Re: [Clamav-users] Can somebody help me with this error message?

On Tue, 2 Mar 2004, Frank DeChellis wrote: > Hi. > > Exim 4.2 with Exiscan > clamav 0.66 on a separate server > NetBSd 1.6.2 on both servers > > The sacans are happening but this is the messa ge I receive in my log files > > 2004-03-02 15:18:38 1AyGLe-mS-J3 H=h207-176-232-131.enertiatech.com >

Re: [Clamav-users] For those using Procmail - a simple rule to hinder the Bagle-I virus

At 09:22 PM 3/2/04 +0100, Tomasz Papszun wrote: On Tue, 02 Mar 2004 at 11:18:25 -0700, Support ePaxsys/FRWS wrote: > Maybe OT - but its a decent interim fix so people can continue sending > large(r) Zips. > > SO - not sure if this is OT or what, but if you use procmail as the > delivery agent on yo

Re: [Clamav-users] Some more evidence for my last mail ... - SOLVED

On Tue, 02 Mar 2004 15:15:19 -0500 Mike Cathey <[EMAIL PROTECTED]> wrote: > Thomas, > > On Tue, 2004-03-02 at 14:09, Thomas Seifert wrote: > > in my last mail I told that clamscan founds the virus while clamd doesn't. > > Here's some more evidence for this: > > Reload clamd and see if that makes

Re: [Clamav-users] password-protected Worm.Bagle.H

on my qmail server qmail-scanner do this job for me. google for qmail-scanner - Original Message - From: "Erik Corry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 02, 2004 9:11 PM Subject: Re: [Clamav-users] password-protected Worm.Bagle.H > On Tue, Mar 02, 2004 at

Re: [Clamav-users] netsky-d found by clamscan but not by clamd?

On Tue, 02 Mar 2004 19:43:40 +0100 Thomas Seifert <[EMAIL PROTECTED]> wrote: > filenames or extension. is there a dependency on the name? No, there isn't. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._

Re: [Clamav-users] Some more evidence for my last mail ...

On Tue, 02 Mar 2004 20:09:08 +0100 Thomas Seifert <[EMAIL PROTECTED]> wrote: > Any ideas? Connect to clamd and send the RELOAD command. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5

[Clamav-users] Clam AV 0.67 e-smith RedHat 7.3 Packages

Hi, I downloaded the Red Hat package from http://crash.fce.vutbr.cz/crash-hat/1/clamav/. When I try installing it on e-smith 6.0 with Red Hat 7.3, I get the following error: [EMAIL PROTECTED] src]# rpm -Uvh clamav-0.67-1.i386.rpm error: failed dependencies: libc.so.6(GLIBC_2.3) is need

[Clamav-users] could pls someone send me a passwd protected zipped virus?

Hi all, I'm confused about passwd-zipped viruses/worms. Myself I did not got any of this viruses, and I did not got feedback from users not found some amavisd-new notices in the log. Is it possible, that someone is sending me one of this viruses, so I'm able to check my system? (I'm not vurner

Re: [Clamav-users] Some more evidence for my last mail ... - SOLVED

Thomas Seifert wrote: On Tue, 02 Mar 2004 15:15:19 -0500 Mike Cathey <[EMAIL PROTECTED]> wrote: Thomas, On Tue, 2004-03-02 at 14:09, Thomas Seifert wrote: in my last mail I told that clamscan founds the virus while clamd doesn't. Here's some more evidence for this: Reload clamd and see if tha

Re: [Clamav-users] Clam AV 0.67 e-smith RedHat 7.3 Packages

On Tue, Mar 02, 2004 at 02:49:48PM -0800, FreshClam wrote: > Hi, I downloaded the Red Hat package from > http://crash.fce.vutbr.cz/crash-hat/1/clamav/. When I try installing it on > e-smith 6.0 with Red Hat 7.3, I get the following error: > > [EMAIL PROTECTED] src]# rpm -Uvh clamav-0.67-1.i386.rp

Re: [Clamav-users] ClamAV 0.67 memory leak

Nigel Kukard schrieb: Anyone seen this... 3843 ?S 0:00 clamd 3846 ?S 0:01 \_ clamd 3847 ?S 0:03 \_ clamd when i cat the /proc/3843/status file... Name: clamd State: S (sleeping) Tgid: 3843 Pid:3843 PPid: 1 TracerPid: 0 Uid:0

RE: [Clamav-users] Clam AV 0.67 e-smith RedHat 7.3 Packages

What you might want to try is to download the source rpm and rebuild it. That just might solve all your dependency issues. FreshClam wrote: > Hi, I downloaded the Red Hat package from > http://crash.fce.vutbr.cz/crash-hat/1/clamav/. When I try installing > it on e-smith

Re: [Clamav-users] Can somebody help me with this error message?

They're on separate servers...does that matter? I run exim as "exim" and clam as clamav. On Tue, 2 Mar 2004, Stephen Gran wrote: > Date: Tue, 2 Mar 2004 16:32:30 -0500 > From: Stephen Gran <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Ca

[Clamav-users] Password-protected .zip file viruses

Clearly the virus DB maintainers are inundated with password-protected .zip files with viruses inside. I think I understand the technical impossibility of making a signature for these - the .zip header is the same, and then the filenames inside are randomized, as is the password, and thus the encr

[Clamav-users] some little questions

I've 3 little questions but at first I'm sorry couse I dosn't check the archives. :o) 1. Is it possible to improve the BSD-support? Like on-acces-scanning and co? 2. Are there any improvemts planed wich enable clamAV to clean files? Now it just delete them. 3. Please don't make a flamewar (

Re: [Clamav-users] some little questions

On Wed, 3 Mar 2004, Rembrandt wrote: [...] > 2. > Are there any improvemts planed wich enable clamAV to clean files? Now > it just delete them. > I can't speak for anyone but myself, but I don't think that is planned. First of all, some virii may be impossible to clean (some of them destroy the fi

Re: [Clamav-users] Password-protected .zip file viruses

On Tue, 2 Mar 2004, Charlie Watts wrote: > Clearly the virus DB maintainers are inundated with password-protected > .zip files with viruses inside. > > I think I understand the technical impossibility of making a signature for > these - the .zip header is the same, and then the filenames inside ar

Re: [Clamav-users] password-protected Worm.Bagle.H

> It gives nothing as copies of Worm.Bagle.H (and previous variants also) > vary in their contents and even sizes. So checksums are different. We have started to see this as well -- we only caught a few w/ the hard-coded crc hack. This is not perfect either and it falls in line with one gentlema

Re: [Clamav-users] Password-protected .zip file viruses

On Wed, 3 Mar 2004 02:54:35 +0100 (CET) [EMAIL PROTECTED] (Jesper Juhl) wrote: > On Tue, 2 Mar 2004, Charlie Watts wrote: > > > Clearly the virus DB maintainers are inundated with > > password-protected.zip files with viruses inside. > > > > I think I understand the technical impossibility of mak

Re: [Clamav-users] some little questions

On Wed, 3 Mar 2004 02:50:15 +0100 (CET) [EMAIL PROTECTED] (Jesper Juhl) wrote: > On Wed, 3 Mar 2004, Rembrandt wrote: > > [...] > > 2. > > Are there any improvemts planed wich enable clamAV to clean files? > > Now it just delete them. > > > I can't speak for anyone but myself, but I don't think t

Re: [Clamav-users] password-protected Worm.Bagle.H

On Tue, 2 Mar 2004 18:08:15 -0800 (PST) [EMAIL PROTECTED] wrote: > > > It gives nothing as copies of Worm.Bagle.H (and previous variants > > also) vary in their contents and even sizes. So checksums are > > different. > > We have started to see this as well -- we only caught a few w/ the > hard-

Re: [Clamav-users] Password-protected .zip file viruses

Jesper Juhl wrote: What I'm thinking is; Would it be feasible to add an option to attempt to brute-force-crack the passwords on zip files when scanning them? Yes, it would slow down scanning immensely, and there's *no* way it should ever be a default option, but zip file passwords are /resonably/

Re: [Clamav-users] Password-protected .zip file viruses

On Wed, 3 Mar 2004, Rembrandt wrote: > On Wed, 3 Mar 2004 02:54:35 +0100 (CET) > [EMAIL PROTECTED] (Jesper Juhl) wrote: > > > On Tue, 2 Mar 2004, Charlie Watts wrote: > > > > > Clearly the virus DB maintainers are inundated with > > > password-protected.zip files with viruses inside. > > > > > > I

  1   2   >