In libclamav/scanners.c around line 424 add between the "free(buff);"
and the "return ret;":
if(files == 1) {
cli_dbgmsg("Zip -> empty zip file!\n");
*virname = "Empty.Zip";
ret = CL_VIRUS;
}
That section of code will now look like this:
free(buff);
if(files =
On Wed, 2004-03-03 at 20:57, Grzesiek Staleńczyk wrote:
> > MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which
> > can block password-protected .zip files.
> RP> MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which
> RP> can block password-protected .zip
Hi,
Because of my silliness earlier on, I've been scouring the net in hopes
I could find something that might help catch the new nasties inside the
zip files.
Don't know if this is of any help but here it is anyways.
Regards,
Rick
FYI - this is from the NANOG list. It may help some with crea
On Wed, 2004-03-03 at 14:07, Rembrandt wrote:
> Ok...
> Wich parts are GPLed?
> Could you give me a list?
> If I've a list I'm sure I'm able to find coders to replace the GPLed
> source with BSDed source. :)
I know that the ZZIP library is LPGLed.
What's wrong with GPL? (Specifically why is thi
On Wed, 2004-03-03 at 16:13, Raul Elizondo wrote:
> Hi,
>
> Quick question. By default, clamav sends an email to the sender, receiver
> and the postmaster. How do i change the [EMAIL PROTECTED] to
> another address?
You will have to check the ClamAV docs in your world. For the rest of
us, Clam
On Wed, 2004-03-03 at 14:21, Courchesne, Andre wrote:
> Hi,
>
> Just discussed a bit here and usually this virus will send the zip
> password in clear text inside the e-mail. Woudn't be a way to try every word
> in the e-mail to try to crack the zip, then unzip it and virus-scan the
> content ?
> Thus
> I've come to the conclusion that ultimately nothing short of
> quarantining all password zip files will work for very long.
I agree. I can think of no legitimate need for password-protecting zip
files and sending them through email that can't be accomplished through
other means (i.e., PG
>clamav sends an email to...
Nobody. That's the job of your MTA and filter package. I'm using postfix and
amavis-new, what are you using?
You can likely just change the line for postmaster in /etc/aliases, and run
"newaliases".
JohnV
-Original Message-
From: Raul Elizondo [mailto:[EMA
On Wed, 2004-03-03 at 15:24, John Madden wrote:
> > Thus
> > I've come to the conclusion that ultimately nothing short of
> > quarantining all password zip files will work for very long.
>
> I agree. I can think of no legitimate need for password-protecting zip
> files and sending them through em
On Wed, 3 Mar 2004, Raul Elizondo wrote:
> Hi,
>
> Quick question. By default, clamav sends an email to the sender, receiver
> and the postmaster. How do i change the [EMAIL PROTECTED] to
> another address?
>
Clam does not send any emails. It only scans files and detects virii.
What is sending
Noel Jones wrote:
At 02:37 PM 3/3/04, DamDam wrote:
I'm running clamAV 0.67 - amavis new with this config:
BUT when I send (to me) this mail with no modification it isn't
detected, and just this virus (SomeFool,Bagle etc are successfully
deleted) pass! (I receive the mail with the virus). I reall
Sorry, when i said "clamav sends an email to", well, you know what i
meant. But the thing here is.. where do i change all these notify options?
I am new on this clamav thing, and works great! But i cant find any
documentation about how to handle these messages (...yet).
Any hint or help woul
Actually, that notification to the sender, receiver and postmaster came by
default. I got clamav-0.67.tar.gz from http://www.clamav.net.
- Original Message -
From: "Dennis Skinner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 03, 2004 3:15 PM
Subject: Re: [Clamav-us
Hi,
I am using just the clamav, and it does its job not letting viruses pass
thru. I tryed to install some amavis version, but couldnt make it work on
redhat 9. Once i saw that just the clamav stops the viruses, i just left it
without any other program.
Regards,
-=Raul=-
- Original Message
On Wed, 03 Mar 2004 15:06:19 -0700
[EMAIL PROTECTED] (Michael L Torrie) wrote:
> On Wed, 2004-03-03 at 14:07, Rembrandt wrote:
>
> > Ok...
> > Wich parts are GPLed?
> > Could you give me a list?
> > If I've a list I'm sure I'm able to find coders to replace the GPLed
> > source with BSDed source.
Fantastic Michael!
I think that will be a good interrum until there is an official method of
dealing with the problem.
Thanks.
m/
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Michael L
> Torrie
> Sent: Wednesday, March 03, 2004 12:38 PM
> To: [EMA
> > Quick question. By default, clamav sends an email to the sender,
> > receiver and the postmaster. How do i change the
> > [EMAIL PROTECTED] to another address?
With the --postmaster option of clamav-milter. See "man clamav-milter".
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJ
On Wednesday 03 March 2004 05:01 pm, Raul Elizondo wrote:
> Hi,
>
> I am using just the clamav, and it does its job not letting viruses pass
> thru. I tryed to install some amavis version, but couldnt make it work on
> redhat 9. Once i saw that just the clamav stops the viruses, i just left
> it
On Wed, 2004-03-03 at 23:05, Rembrandt wrote:
> I think zzip-lib could be replaced with the info-zip
> http://www.info-zip.org/ is under BSD-like license! :)
> And info-zip is in use on nBSD.
>
> Are there other parts of clamAV witch are GPLed?
>
> And Michael I dislike the GPL couse it dosn't se
On Wed, 03 Mar 2004 20:07:29 +0100
Thomas Lamy <[EMAIL PROTECTED]> wrote:
> Oops - I'm sorry.
> Renaming the config file is not a small issue given the current user
> base :-(.
Freshclam also reads clamav.conf - you can even merge freshclam.conf
with it, so clamd.conf is not necessarily a very g
> > > Quick question. By default, clamav sends an email to the sender,
> > > receiver and the postmaster. How do i change the
> > > [EMAIL PROTECTED] to another address?
>
> With the --postmaster option of clamav-milter. See "man clamav-milter".
>
> -Nigel
I am using the clamav-milter as a M
On Wed, 3 Mar 2004 22:07:33 +0100
Rembrandt <[EMAIL PROTECTED]> wrote:
> Ok...
> Wich parts are GPLed?
> Could you give me a list?
> If I've a list I'm sure I'm able to find coders to replace the GPLed
> source with BSDed source. :)
Yeah, sure.
> Give me a list *cry* :)
Sorry but this is a
> Hi,
>
> I have a strange problem.
>
> I have two email servers. Both are Redhat 7.3 and using qmail.
>
> I have installed clamav 0.65 from the source on Machine A. Then I
installed
> clamav 0.67
>
> On Machine B I have installed clamav 0.67 the first time.
>
> I am using gadoyanvirus 0.2 as the l
Hi guys,
A user recently received the mail attached below. Is this legitimate? My
clamav didn't pick up a virus in the attachment, but it looks awful like
a fake notice.??
>X-Original-To: [EMAIL PROTECTED]
>Delivered-To: [EMAIL PROTECTED]
>Date: Wed, 03 Mar 2004 10:07:52 -0500
>To: [EMAIL PROTE
Virus. See the latest virus notices on AV web sites. If you uncompress
the zip file (with the provided password), clamav will detect it. The
current discussion on the list has been how to handle this at the
server, since clamav cannot scan password zip contents at present.
Michael
On Wed, 200
I've had amavisd-new and clamav talking over TCP for several weeks now
without any issues at all.
Hanford, Seth wrote:
I'm using ClamAV 0.67-1, currently using Unix sockets.
I'm not too familiar with UNIX sockets, but I'm comfortable with TCP sockets
and communication. Is clamd any more/less r
Hello,
due to many requests ClamAV is now able to detect and mark password
protected archives as a virus type "Encrypted.Zip" (big thanks to
Michael L Torrie). You have to enable this feature manually with
ArchiveDetectEncrypted in clamav.conf and --detect-encrypted in
clamscan. Please be careful
On Wednesday 03 March 2004 08:00 pm, Michael Torrie wrote:
> Virus. See the latest virus notices on AV web sites. If you uncompress
> the zip file (with the provided password), clamav will detect it. The
> current discussion on the list has been how to handle this at the
> server, since clamav c
I think I speak for everyone when I say, You rock, Tomasz.
--On Thursday, March 04, 2004 3:26 AM +0100 Tomasz Kojm <[EMAIL PROTECTED]>
wrote:
Hello,
due to many requests ClamAV is now able to detect and mark password
protected archives as a virus type "Encrypted.Zip" (big thanks to
Michael L To
Tomasz Kojm wrote:
Hello,
due to many requests ClamAV is now able to detect and mark password
protected archives as a virus type "Encrypted.Zip" (big thanks to
Michael L Torrie). You have to enable this feature manually with
ArchiveDetectEncrypted in clamav.conf and --detect-encrypted in
clamsca
excellent, what version is this going to be a included with?
Ted Fines wrote:
I think I speak for everyone when I say, You rock, Tomasz.
--On Thursday, March 04, 2004 3:26 AM +0100 Tomasz Kojm
<[EMAIL PROTECTED]> wrote:
Hello,
due to many requests ClamAV is now able to detect and mark passwor
On Wed, 2004-03-03 at 20:40, Ted Fines wrote:
> > [Tomasz adding support to mark encrypted zip files as virii to clam]
> I think I speak for everyone when I say, You rock, Tomasz.
I second that.
-Jeremy
--
Jeremy Kitchen
Systems Administrator
[EMAIL PROTECTED]
Kitchen @ #qmail on EFNet - Join
On Thu, Mar 04, 2004 at 03:26:09AM +0100, Tomasz Kojm wrote:
> due to many requests ClamAV is now able to detect and mark password
> protected archives as a virus type "Encrypted.Zip" (big thanks to
> Michael L Torrie). You have to enable this feature manually with
> ArchiveDetectEncrypted in clama
Nigel Horne wrote:
On Wednesday 03 Mar 2004 7:55 am, Seve Ho wrote:
I tried to install clamav + clamav-milter for sendmail with following
command:
# ./configure --enable-milter
# make
but i get following error...
In file included from clamav-milter.c:376:
/usr/include/malloc.h:3:2: #error " ha
Seve Ho wrote:
Nigel Horne wrote:
On Wednesday 03 Mar 2004 7:55 am, Seve Ho wrote:
I tried to install clamav + clamav-milter for sendmail with following
command:
# ./configure --enable-milter
# make
but i get following error...
In file included from clamav-milter.c:376:
/usr/include/malloc.h:
This does not appear to be available in CVS.
Am I missing something?
Thanks,
-Igor
On Thu, 4 Mar 2004, Tomasz Kojm wrote:
> Hello,
>
> due to many requests ClamAV is now able to detect and mark password
> protected archives as a virus type "Encrypted.Zip" (big thanks to
> Michael L Torrie). Yo
On Wed, 3 Mar 2004 16:19:02 +0100 "Diego d'Ambra" <[EMAIL PROTECTED]>
exclaimed:
> The Worm.Bagle.F-zippwd-x detects e-mails infected with password
> protected zip files and it also detects some of the later variants.
>
> Best regards,
> Diego d'Ambra
I find it interesting that the msgs with the
I have 2 Intel boxes running OpenBSD 3.4 with clamav-0.65 (from port) with
exact the same setup and configuration for ClamAV, Sendmail and smtp-vilter
One box always fills up /tmp even I increased the size of /tmp to 2, 4, 6
times.
The other box never has that problem. /tmp is almost empty.
Stran
Hi List
Was this added to the stable or the CVS.
Many thanks for the great work.
Regards
Tom
-Original Message-
From: Jim Mercer [mailto:[EMAIL PROTECTED]
Sent: 04 March 2004 05:03
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] ArchiveDetectEncrypted and
--dete
Dear developers,
here's my wishlist item:
Please use the same format for log lines for both clamd and freshclam.
The current logging (to file, not syslog which seems unsupported by freshclam)
looks ugly ans is unpasable, see this example:
| ClamAV update process started at Wed
101 - 140 of 140 matches
Mail list logo
