Paul Boven wrote:
How about only trying every word in the mail-body as a key to try,
instead of brute-forcing? The virus(-writer) cannot afford to fudge the
password in the mail-body: One would hope that the subset of users that
is clever enough to reconstruct the password, yet stupid enough to
David Uzzell said:
> Ok I have a qmail mail server which upto a couple of days ago was
> working 100% and doing very well.
>
> Then a couple of days ago it just started with this error,
>
> clamuko: corrupt or unknown clamd scanner error or
> memory/resource/perms problem - exit status 2
>
> Syste
On Tue, 2 Mar 2004, jef moskot wrote:
> For some reason, my system is allowing Worm.Bagle.F-zippwd files
> through...
For what it's worth, this seems to be an issue with amavis. By default,
it doesn't scan the body of the message. If/when I get I fix, I'll post
it here so all other dinosaurs can
I tried to install clamav + clamav-milter for sendmail with following
command:
# ./configure --enable-milter
# make
but i get following error...
In file included from clamav-milter.c:376:
/usr/include/malloc.h:3:2: #error " has been replaced by
"
*** Error code 1
Stop in /home/sho/clamav-0.67/
(please don't top-post!)
Nigel Kukard schrieb:
On Wed, Mar 03, 2004 at 12:42:48AM +0100, Thomas Lamy wrote:
Nigel Kukard schrieb:
Anyone seen this...
3843 ?S 0:00 clamd
3846 ?S 0:01 \_ clamd
3847 ?S 0:03 \_ clamd
when i cat the /proc/3843/status fil
Andrew Keuhs schrieb:
Clamd will not start now.. i am using version .67
It was working fine last week... we had a power outage... now when I run /usr/sbin/clamd as root... it goes to next line but nothing is started... Where would I look for errors? I see it has no verbose setting... So i have no
On Tue, Mar 02, 2004 at 09:38:11PM -0800, Shawn Tayler wrote:
> On Tue, 2 Mar 2004 17:07:53 +0100 Erik Corry <[EMAIL PROTECTED]> exclaimed:
>
> > The question is how much of a problem it really is. Are users
> > really that dumb?
> >
> > What I'm wondering is whether the encrypted version of the
That's got my vote - can the core team give some indication of options being
considered and what general direction we'll go here?
Thanks.
m/
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Andy Dills
> Sent: Tuesday, March 02, 2004 11:05 PM
> To: [EMA
But...
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Chris
> Meadors
> Sent: Tuesday, March 02, 2004 11:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Password-protected .zip file viruses
>
>
> Paul Boven wrote:
>
> > How about only tryin
Jesper Juhl wrote:
What I'm thinking is; Would it be feasible to add an option to attempt to
brute-force-crack the passwords on zip files when scanning them?
Yes, it would slow down scanning immensely, and there's *no* way it should
ever be a default option, but zip file passwords are /resonably/
On Wed, 03 Mar 2004 at 2:47:50 -0500, jef moskot wrote:
> On Tue, 2 Mar 2004, jef moskot wrote:
> > For some reason, my system is allowing Worm.Bagle.F-zippwd files
> > through...
>
> For what it's worth, this seems to be an issue with amavis. By default,
> it doesn't scan the body of the messag
- Original Message -
From: "Thomas Lamy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 03, 2004 3:18 AM
Subject: Re: [Clamav-users] Clamd will NOT start
> Andrew Keuhs schrieb:
>
> > Clamd will not start now.. i am using version .67
> >
> > It was working fine last w
Andrew Keuhs schrieb:
- Original Message -
From: "Thomas Lamy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 03, 2004 3:18 AM
Subject: Re: [Clamav-users] Clamd will NOT start
Andrew Keuhs schrieb:
Clamd will not start now.. i am using version .67
It was working fi
Galactic wrote:
Ok, just upgraded my web server and all to RHE and Plesk 7 using qmail
from my RH9 box. I had clam on the old box and it was working great,
so I go to install it on my RHE box and I don’t see it listed as a
supported install.
Will ClamAV be available for RHE and if so, where
Hi,
I'm using clamav 0.67 on Debian Woody.
When I run 'clamdscan file1'. I get the message it contains the virus
Worm.Gibe.F FOUND.
When I run 'clamdscan file1'. I get the file is OK.
What could be wrong?
-- Marc
---
SF.Net is sponsored
FreshClam wrote:
Hi, I downloaded the Red Hat package from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/. When I try installing it on
e-smith 6.0 with Red Hat 7.3, I get the following error:
[EMAIL PROTECTED] src]# rpm -Uvh clamav-0.67-1.i386.rpm
error: failed dependencies:
libc.so.6(GLI
On Wed, 03 Mar 2004 at 11:18:15 +0100, Marc Cuypers wrote:
> Hi,
>
> I'm using clamav 0.67 on Debian Woody.
>
> When I run 'clamdscan file1'. I get the message it contains the virus
> Worm.Gibe.F FOUND.
> When I run 'clamdscan file1'. I get the file is OK.
>
> What could be wrong?
?! The com
On Tue, 02 Mar 2004 at 18:24:27 -0700, Charlie Watts wrote:
> Clearly the virus DB maintainers are inundated with password-protected
> .zip files with viruses inside.
Indeed :-( .
> I think I understand the technical impossibility of making a signature for
> these - the .zip header is the same, a
On Wed, 2004-03-03 at 10:18, Marc Cuypers wrote:
> Hi,
>
> I'm using clamav 0.67 on Debian Woody.
>
> When I run 'clamdscan file1'. I get the message it contains the virus
> Worm.Gibe.F FOUND.
> When I run 'clamdscan file1'. I get the file is OK.
When you run the same command twice? Or you've
On Wed, 03 Mar 2004 10:45:34 +0700
"Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote:
> Thomas Seifert wrote:
>
> >clamscan used the new dir (its default directory) and didn't use
> >the path given in clamav.conf!?
> >
> >
> >
> I believe clamscan don't read clamav.conf at all; It uses hard-coded
On Wed, 3 Mar 2004 02:10:44 +0100
Rembrandt <[EMAIL PROTECTED]> wrote:
> I've 3 little questions but at first I'm sorry couse I dosn't check
> the archives. :o)
>
> 1.
> Is it possible to improve the BSD-support? Like on-acces-scanning and
> co?
The CVS version supports on-access scanning under
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Jesper Juhl
> Sent: 3. marts 2004 02:55
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Password-protected .zip file viruses
>
> What I'm thinking is; Would it be feasible to add an
Tomasz Papszun wrote:
On Wed, 03 Mar 2004 at 11:18:15 +0100, Marc Cuypers wrote:
Hi,
I'm using clamav 0.67 on Debian Woody.
When I run 'clamdscan file1'. I get the message it contains the virus
Worm.Gibe.F FOUND.
When I run 'clamdscan file1'. I get the file is OK.
What could be wrong?
?!
> >>Nigel Kukard schrieb:
> >>
> >>
> >>>Anyone seen this...
> >>>
> >>>3843 ?S 0:00 clamd
> >>>3846 ?S 0:01 \_ clamd
> >>>3847 ?S 0:03 \_ clamd
> >>>
> >>>when i cat the /proc/3843/status file...
> >>>
> >>>Name: clamd
> >>>State: S (sleeping)
> >>>T
when using clamav as milter for sendmail I cannot query the returncode of
clamav. So a password-protected zipfile is passing the milter and from the header
"X-Virus-Scanned: clamd / ClamAV version 0.67, clamav-milter version 0.66n" it
looks like the file is clean, while in fact it just could not
Hi all,
I wrote a shell script to determine a signature from a file that
contains the virus itself or from a file that contains the virus in
attachement (mime-encoded).
I have tested (on debian linux and clamav 0.67-1 release) with two
virus and it's seems to be work but if more than one peopl
On Wednesday 03 Mar 2004 7:55 am, Seve Ho wrote:
> I tried to install clamav + clamav-milter for sendmail with following
> command:
>
> # ./configure --enable-milter
> # make
>
> but i get following error...
>
> In file included from clamav-milter.c:376:
> /usr/include/malloc.h:3:2: #error " has be
[EMAIL PROTECTED] etc]# freshclam
ClamAV update process started at Wed Mar 3 11:56:30 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder:
tkojm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 158,
On Wednesday 03 Mar 2004 11:08 am, peter pilsl wrote:
> Is there any way to persuade the milter to block password-protected
> zip-files ?
I do not feel that is the job of anti-virus software.
> peter
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL
On Wed, 2004-03-03 at 11:29, Andrzej Zawadzki wrote:
> #NotifyClamd [/optional/config/file/path]
> NotifyClamd /etc/rc.d/init.d/clamd reload
Whats this rubbish?
------
-trog
signature.asc
Description: This is a digitally signed message part
Nigel Horne wrote:
> > Is there any way to persuade the milter to block password-protected
> > zip-files ?
>
> I do not feel that is the job of anti-virus software.
It should be implementation dependant, a security policy may want to
allow only datas parsed by the anti-virus with a "no virus here
Trog wrote:
On Wed, 2004-03-03 at 11:29, Andrzej Zawadzki wrote:
#NotifyClamd [/optional/config/file/path]
NotifyClamd /etc/rc.d/init.d/clamd reload
Whats this rubbish?
------
? Isn't this needed?
Clamd knows about new bases from freshclam anyway?
--
Andrzej
On Wednesday 03 March 2004 11:26 am, Nigel Horne wrote:
> On Wednesday 03 Mar 2004 11:08 am, peter pilsl wrote:
> > Is there any way to persuade the milter to block password-protected
> > zip-files ?
>
> I do not feel that is the job of anti-virus software.
Indeed. Password-protected zip files
On Wed, 2004-03-03 at 02:28, Rembrandt wrote:
> I know guys wich are working as administrators at a newspaper.
> They make backups.. yes..
> But they make it only for 1 week (couse there's too much data).
> So they're able to restore all files wich changed since date X.
> But what's about a virii
On Wed, 2004-03-03 at 11:57, Andrzej Zawadzki wrote:
> Trog wrote:
> > On Wed, 2004-03-03 at 11:29, Andrzej Zawadzki wrote:
> >
> >
> >>#NotifyClamd [/optional/config/file/path]
> >>NotifyClamd /etc/rc.d/init.d/clamd reload
> >
> >
> > Whats this rubbish?
> > ---
Hello Nagy,
I'm reasonably sure that is is something to do with my
configuration. As the eicar.zip test file also slips
through.
to rehash,
My config
Clamav 0.67, mimedefang 2.39, sendmail 8.12.10,
the problem is always base64 encoded zip files, get
through.
Any help, will result in my life
Trog wrote:
[cut]
Question: In what way does the arguments supplied to the configuration
option NotifyClamd (i.e. "/etc/rc.d/init.d/clamd reload") relate to the
specification of the argument to the configuration option NofityClamd
(i.e. /optional/config/file/path).
Answer: They don't.
something
On Wed, 3 Mar 2004, Tomasz Papszun wrote:
> Our signatures Worm.Bagle.F-zippwd* are based on the "real" contents of
> mail messages (stream of characters as they are), while amavisd-new (and
> probably amavis) "divide" messages to parts and decode them separately,
> hence ClamAV doesn't get the ori
Hi all,
I'm running clamav 0.67-1 release on debian.
I'm using clamscan with --mbox option in way to catch signature
mime-encoded,
but I will prefer to use clamdscan (much faster of course).
Is it planned to develop a --mbox option for clamdscan ?
Best regards,
José.
---
On Wed, 3 Mar 2004, Antony Stone wrote:
> I agree that anti-virus software should look for viruses and either reply
> "virus found" or "virus not found". The latter is not, of course, the same
> as saying "no virus present".
Yes, but in the same way you might get a "Can't open file, no permissi
Hello all ClamAv users,
first time on the list so please excuse any dumb questions ;-)
I'm running Exim with a call to a script that runs all emails through 2 AV
scanners, the ClamAv part of the script is:
/usr/bin/clamdscan --stdout $1 > /tmp/antivir$$.log
ERR=$?
if [ $ERR > 0 ] ; then
.
.
I
On Wed, 2004-03-03 at 13:18, José THOMAS wrote:
> Hi all,
>
> I'm running clamav 0.67-1 release on debian.
> I'm using clamscan with --mbox option in way to catch signature
> mime-encoded,
> but I will prefer to use clamdscan (much faster of course).
>
> Is it planned to develop a --mbox option
There used to be a utility, way back in my OS/2 days, I think it was called
Stripper or something like that. It removed the HTML crap from files
leaving only the plain text...
Shawn
On Wed, 03 Mar 2004 07:43:35 + Chris Meadors <[EMAIL PROTECTED]>
exclaimed:
> Good point. That should take
Thanks a lot.
José
Le 3 mars 04, à 14:40, Trog a écrit :
On Wed, 2004-03-03 at 13:18, José THOMAS wrote:
Hi all,
I'm running clamav 0.67-1 release on debian.
I'm using clamscan with --mbox option in way to catch signature
mime-encoded,
but I will prefer to use clamdscan (much faster of course).
I
On 03 Mar 2004 07:55:00 +
[EMAIL PROTECTED] (Kevin Spicer) wrote:
> On Wed, 2004-03-03 at 02:28, Rembrandt wrote:
> > I know guys wich are working as administrators at a newspaper.
> > They make backups.. yes..
> > But they make it only for 1 week (couse there's too much data).
> > So they're
On Wed, 03 Mar 2004 at 7:50:34 -0500, jef moskot wrote:
> On Wed, 3 Mar 2004, Tomasz Papszun wrote:
> > Our signatures Worm.Bagle.F-zippwd* are based on the "real" contents of
> > mail messages (stream of characters as they are), while amavisd-new (and
> > probably amavis) "divide" messages to par
[I received a message saying that my previous post was not acceptable, so I
will try again.]
I've seen this error both on the latest build and on the stable .67 version
System is running Solaris 8. Sendmail has been compiled to use milters and
is currently running with vbs-filter.
I ran config
Hey There!
I've got a problem with viri on *.zip attachments in e-mails!
when I scan file.zip by hand clamscan find virus, but e-mail with this infected files
in atachment can go (IT IS NOT STOPED!)
Why? What have I wrog configured?
[EMAIL PROTECTED] ~]$/usr/local/bin/clamscan freaky.zip
frea
Tomasz Kojm wrote:
I believe clamscan don't read clamav.conf at all; It uses hard-coded
compiled settings.
I might be wrong :)
You're right - it doesn't depend on clamav.conf at all.
May I suggest a change then please?
Either name it clamd.conf to describe for what its used
or please use the c
Hi again :-) ,
anybody out there knowing how to implement german language notfication
emails?
Thx
Regards
Rudi
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD softwa
Christopher X. Candreva wrote:
>> I agree that anti-virus software should look for viruses and either reply
>> "virus found" or "virus not found". The latter is not, of course, the same
>> as saying "no virus present".
>
> Yes, but in the same way you might get a "Can't open file, no permission
Hi All,
We are getting hammered by Worm.Bagle.F-zippwd-3 and clamav isn't
picking it up.
I understand that qmail-scanner breaks apart the message so that clamav
can not pick up the signature (and I'll look into fixing that) but the
zip file itself is NOT password protected. Winzip and unzip o
On Wed, 3 Mar 2004 14:18:44 +0100
José THOMAS <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I'm running clamav 0.67-1 release on debian.
> I'm using clamscan with --mbox option in way to catch signature
> mime-encoded,
> but I will prefer to use clamdscan (much faster of course).
>
> Is it planned t
my virus signatures dropped from 20831 to 20346, is there only one server
I should be pointing to for updates? Are the db servers always going to
be this much out of date?
thanks,
- Nick
ClamAV update process started at Sun Feb 29 00:00:01 2004
main.cvd is up to date (version: 19, sigs
I just received a few e-mails which were detected as Worm.Bagle.F-zippwd-5
but when I extracted the files, some of them were identified as
Worm.Bagle.I instead of Worm.Bagle.F.
Is this a problem with the signature or a double infected file (or can
you tell me how to find out for myself?) ?
I know
I have been reading on the archives about the various forms of Bagle
that have been going around. My users have been getting pounded by it.
We use MailScanner + SpamAssassin + ClamAv to do our scanning, but
MailScanner only passes the attachment to clamav to get scanned. I have
seen that there
ng clamd caught 4 messages that amavisd
quarantined and identified as (Worm.Bagle.F-zippwd-3)
Virus scanner output:
/var/amavisd/tmp/amavis-20040303T081020-01279/parts/email.txt:
Worm.Bagle.F-zippwd-3 FOUND
The message has been quarantined as:
/var/amavisd/quarantine/virus-20040303-082055-012
[EMAIL PROTECTED] schrieb:
my virus signatures dropped from 20831 to 20346, is there only one server
I should be pointing to for updates? Are the db servers always going to
be this much out of date?
thanks,
- Nick
They're not out of date (as one can see from the db versions or the
output
Rick Macdougall schrieb:
Hi All,
We are getting hammered by Worm.Bagle.F-zippwd-3 and clamav isn't
picking it up.
I understand that qmail-scanner breaks apart the message so that clamav
can not pick up the signature (and I'll look into fixing that) but the
zip file itself is NOT password prot
Thomas Seifert schrieb:
Tomasz Kojm wrote:
I believe clamscan don't read clamav.conf at all; It uses hard-coded
compiled settings.
I might be wrong :)
You're right - it doesn't depend on clamav.conf at all.
May I suggest a change then please?
Either name it clamd.conf to describe for what its
Grzegorz Staleńczyk schrieb:
Hey There!
I've got a problem with viri on *.zip attachments in e-mails!
when I scan file.zip by hand clamscan find virus, but e-mail with this infected files
in atachment can go (IT IS NOT STOPED!)
Why? What have I wrog configured?
[EMAIL PROTECTED] ~]$/usr/local/
On Wednesday 03 March 2004 2:45 pm, [EMAIL PROTECTED] wrote:
> my virus signatures dropped from 20831 to 20346, is there only one server
> I should be pointing to for updates? Are the db servers always going to
> be this much out of date?
They're not out of date - a lot of duplicates were droppe
Hello,
I apologies for creating more work for the clamav virus listers. It is
encrypted but I can see the archive with unzip -l and winzip, I just
can't unzip it without the password.
Sigh... So how does Trend's pc-cillian detect it in the password
protected zip file?
Rick
Trog wrote:
On W
I second this. The amount of mail I'm getting from the list has
gotten to the point where I want to use the web interface to look
at things (like I do with the Linux-390 list - lots of traffic there
too).
And this is with me getting the digests... Ta muchly...
Rod
On Wed, 03 Mar 2004 at 15:59:12 +0100, Thomas Lamy wrote:
> Rick Macdougall schrieb:
>
> >I have the full email message, the actual zip and the unzipped .exe if
> >needed.
> >
> submit them with some notes on
> http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi ???
The full email message itse
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Andy Fiddaman
> Sent: 3. marts 2004 15:51
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Worm.Bagle.F-zippwd-5..
>
>
> I just received a few e-mails which were detected as
Worm.Bagle.F
On Wed, 03 Mar 2004 at 8:45:07 -0600, [EMAIL PROTECTED] wrote:
[...]
> ClamAV update process started at Sun Feb 29 00:00:01 2004
^
> ClamAV update process started at Mon Mar 1 00:00:01 2004
^
Again
Clam did not seem to pick up (Win32/Bagle.gen.zip) (W32/Bagle.h!pwdzip)
([EMAIL PROTECTED]). I'm guessing an update for this has not been
established?
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web ser
On Tuesday 02 March 2004 09:29 pm, Jim Gifford wrote:
> Here is what I see on my system, maybe it's something in the kernel your
> using. I'm using 2.6.3
>
> Name: clamd
> State: S (sleeping)
> SleepAVG: 0%
> Tgid: 751
> Pid:751
> PPid: 1
> TracerPid: 0
> Uid:0 0
Dear all
What does it mean when one gets this message in your clamd.log file,
repeatedly:
Main thread: database reloading (waiting).
When clamd goes in this state, I see multiple processes open for the milter,
and sendmail grinds to a near-halt.
Please help.
Jaap Scholten
---
Outgoing mail i
Hi
A non-technical colleague of mine has been testing ClamAV. Using clam 0.67
and current signature files, he has been using this page to try clam out:
http://www.declude.com/tools/mailsend.html
From all of the tests listed there, the following are not picked up by clam:
eicarspacegap, eicarb
On Wed, 03 Mar 2004 09:12:45 -0500
Betsy Schwartz <[EMAIL PROTECTED]> wrote:
> [I received a message saying that my previous post was not acceptable, so
> I will try again.]
>
> I've seen this error both on the latest build and on the stable .67
> version
>
> >/usr/local/lib/libgmp.so -L/usr/lib
MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which
can block password-protected .zip files.
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
On Wednesday 03 March 2004 3:47 pm, Martin A. Brooks wrote:
> Hi
>
> A non-technical colleague of mine has been testing ClamAV. Using clam 0.67
> and current signature files, he has been using this page to try clam out:
>
> http://www.declude.com/tools/mailsend.html
>
> From all of the tests lis
I'm using ClamAV 0.67-1, currently using Unix sockets.
I'm not too familiar with UNIX sockets, but I'm comfortable with TCP sockets
and communication. Is clamd any more/less reliable when running over TCP?
I started clamd briefly using TCP and was able to connect and PING it, but I
can't get it
Rudolf Kliemstein wrote:
anybody out there knowing how to implement german language notfication
emails?
Clamav scanner (e.g clamscan, clamd, and clamdscan) by itself does not
implement notification emails.
Mail integrator (MailScanner, Amavis, exiscan, clamav-milter, etc.) does
that for you.
Thomas Lamy wrote:
May I suggest a change then please?
Either name it clamd.conf to describe for what its used
It's already called clamd.conf, and the documentation and manpages are
up-to-date.
Eh? Really? Which version is that?
The latest CVS snapshot still calls it clamav.conf.
Although the to
On Mar 3, 2004, at 11:06 AM, Antony Stone wrote:
As far as I'm aware, all of these tests do not actually involve
viruses (or
even the Eicar test virus) - therefore you wouldn't expect an
Anti-Virus
program to be triggered by them. They are tests of other things to
do with
email which a mail se
does the clamav db pickup on Netsky or any of the variants? I've had
acouple emails that are auto replies from other AV software forwarding
infected emails back to the spoofed address which is us that make it threw
clamav but get picked up by amavis.
-
Jesper Juhl <[EMAIL PROTECTED]> wrote:
> What I'm thinking is; Would it be feasible to add an option to
> attempt to brute-force-crack the passwords on zip files when scanning
> them?
It shouldn't be necessary to go through a brute force crack. Every
instance of this virus has the password in the
I know this was a topic of discussion, but searching the archives I did
not find a final resolution.
Can clamscan/clamd be configured to produce an error when it cannot
successfully uncompress a file?
I am using Clamav and qmail-scanner to analyze email. The email-gateway
is allowing many infecte
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthew Trent schrieb:
| On Tuesday 02 March 2004 09:29 pm, Jim Gifford wrote:
|
|>Here is what I see on my system, maybe it's something in the kernel your
|>using. I'm using 2.6.3
|>
|>Name: clamd
|>State: S (sleeping)
|>SleepAVG: 0%
|>Tgid:
Hanford, Seth schrieb:
I'm using ClamAV 0.67-1, currently using Unix sockets.
I'm not too familiar with UNIX sockets, but I'm comfortable with TCP sockets
and communication. Is clamd any more/less reliable when running over TCP?
I started clamd briefly using TCP and was able to connect and PING
At 03:34 AM 3/3/04, Tomasz Papszun wrote:
On Wed, 03 Mar 2004 at 2:47:50 -0500, jef moskot wrote:
> On Tue, 2 Mar 2004, jef moskot wrote:
> > For some reason, my system is allowing Worm.Bagle.F-zippwd files
> > through...
>
> For what it's worth, this seems to be an issue with amavis. By default,
On Wednesday 03 March 2004 4:29 pm, [EMAIL PROTECTED] wrote:
> does the clamav db pickup on Netsky or any of the variants?
ClamAV calls it Worm.SomeFool.
I think we're up to variant F at present.
Antony.
--
I want to build a machine that will be proud of me.
- Danny Hillis, creator of The C
Less than an hour after our users started getting a new virus pretending to
be from their mail administrator, Clam started picking it up as
Worm.Bagle.Gen-1 Congrats !
However, there seems to be a password protected zip version of virus too.
Since this is a new virus, does it come under the "do
> You have to configure clamd with
> #LocalSocket /var/run/clamav/clamd.ctl
> TCPSocket 3310
> TCPAddr 127.0.0.1
> and restart it to make it listen to a TCP socket. Clamd uses a UNIX _or_
> a TCP socket, not both at the same time.
Right, I should've been more clear. I set the TCPAddr and TCPSocke
On Wed, 03 Mar 2004 at 12:36:56 -0500, Christopher X. Candreva wrote:
>
> Less than an hour after our users started getting a new virus pretending to
> be from their mail administrator, Clam started picking it up as
> Worm.Bagle.Gen-1 Congrats !
>
> However, there seems to be a password protecte
I'm not sure on the status of clamav and its ability to block the new
encrypted-zip-bagle variant(s?), but through the grapevine, we've heard of
a fairly simple way of stopping all of these. I don't have all the
details, but it seems the archives are actually flagged as "zip 1.0,"
whereas most sof
Fajar A. Nugraha schrieb:
Thomas Lamy wrote:
May I suggest a change then please?
Either name it clamd.conf to describe for what its used
It's already called clamd.conf, and the documentation and manpages are
up-to-date.
Eh? Really? Which version is that?
The latest CVS snapshot still calls it c
Tomasz Papszun said:
>WE ASK USERS TO NOT SUBMIT naked zip files IF their contents is DETECTED
>as infected by ClamAV AFTER UNZIPPING. It's a utter waste of our time,
>which results in delays in processing really significant samples!
Why not add this on the web submittal nag screen?
Luke Compute
On Wed, Mar 03, 2004 at 11:11:19AM -0500, Derek J. Balling wrote:
>
> On Mar 3, 2004, at 11:06 AM, Antony Stone wrote:
> > As far as I'm aware, all of these tests do not actually involve
> > viruses (or
> > even the Eicar test virus) - therefore you wouldn't expect an
> > Anti-Virus
> > program
Hi,
I assume you mean upgrading ClamAV to ClamAV-0.67-1?
Your answer is ambigious, you could be referring to MailScanner.
--
CU, Nick
*Draft beer, not people*
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial pre
Like many clamav users, I have found clamav to not be effective against
the latest crop of password zip viruses.
I have made a rudimentary patch (clean patch) against clamav 0.67 to
mark all zip files containing password-protected (and hence unscannable)
files as a virus type "SuspectEncrypted.Zip
I'm running clamAV 0.67 - amavis new with this config:
LogFileMaxSize 100M
LogTime
PidFile /var/run/clamd.pid
LocalSocket /tmp/clamd
FixStaleSocket
MaxConnectionQueueLength 30
StreamSaveToDisk
StreamMaxLength 10M
MaxThreads 10
MaxDirectoryRecursion 15
User amavis
AllowSupplementaryGroups
ScanMail
S
20:52:59 dask-xp MailScanner[16052]: Filetype Checks: Allowing
i23Jqixu016730 msg-16052-4.txt
Mar 3 20:52:59 dask-xp MailScanner[16052]: Virus Scanning completed at 2663
bytes per second
Mar 3 20:52:59 dask-xp MailScanner[16052]: Saved entire message to
/var/spool/quarantine/20040303/i23Jqixu01673
At 02:37 PM 3/3/04, DamDam wrote:
I'm running clamAV 0.67 - amavis new with this config:
BUT when I send (to me) this mail with no modification it isn't
detected, and just this virus (SomeFool,Bagle etc are successfully
deleted) pass! (I receive the mail with the virus). I really don't
see if this
On Wed, 3 Mar 2004 11:28:03 +0100
[EMAIL PROTECTED] (Tomasz Kojm) wrote:
> On Wed, 3 Mar 2004 02:10:44 +0100
> Rembrandt <[EMAIL PROTECTED]> wrote:
>
> > I've 3 little questions but at first I'm sorry couse I dosn't check
> > the archives. :o)
> >
> > 1.
> > Is it possible to improve the BSD-su
Hi,
Just discussed a bit here and usually this virus will send the zip
password in clear text inside the e-mail. Woudn't be a way to try every word
in the e-mail to try to crack the zip, then unzip it and virus-scan the
content ?
Just my 2 cents...
Andre Courchesne - Consultant
http://www.ne
Hi,
Quick question. By default, clamav sends an email to the sender, receiver
and the postmaster. How do i change the [EMAIL PROTECTED] to
another address?
Thanks
-=Raul=-
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Lin
1 - 100 of 140 matches
Mail list logo
