Erik Corry wrote:
The question is how much of a problem it really is. Are users
really that dumb?
The sad answer to this question has so far been a resounding "Yes" in
every scenario so far. :(
---
This SF.Net email is sponsored by: IBM Linux
This has probably been covered somewhere, so for those who already know
this, forgive the reiteration.
If you are running Debian with Amavisd-new and Clamav, you will need to
upgrade (for example, apt-get install -t unstable amavisd-new) to the
newest version of amavisd-new (20030616p7-3 as of
On Thursday 04 Mar 2004 3:13 am, Seve Ho wrote:
> >>In file included from clamav-milter.c:376:
> >>/usr/include/malloc.h:3:2: #error " has been replaced by
> >>"
> >>*** Error code 1
> I am working on FreeBSD 5.1 and using clamav-milter 0.67.
I fixed that sometime ago, please update to the lates
Hi..
I was use solaris 9, perl 5.8.0, qmail-scanner-1.20 and clamav-0.67
I'm not sure this is qmail-scanner problem or clamav problem.
When I test qmail-scanner I got these errors :
bash-2.05# ./contrib/test_installation.sh -doit
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for thi
On Thu, 04 Mar 2004 at 0:53:42 -0700, Starbane wrote:
> Erik Corry wrote:
> >The question is how much of a problem it really is. Are users
> >really that dumb?
>
> The sad answer to this question has so far been a resounding "Yes" in
> every scenario so far. :(
>
Unfortunately, it's even wors
please ignore
--
___
System & Network
H323ID 62889162273086012
http://atelier.2.pacific.net.id
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, Presiden
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Shawn Tayler
> Sent: 4. marts 2004 05:59
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Worm.Bagle.F-zippwd-5..
>
> > The Worm.Bagle.F-zippwd-x detects e-mails infected with passwor
Nigel Horne wrote:
On Thursday 04 Mar 2004 3:13 am, Seve Ho wrote:
In file included from clamav-milter.c:376:
/usr/include/malloc.h:3:2: #error " has been replaced by
"
*** Error code 1
I am working on FreeBSD 5.1 and using clamav-milter 0.67.
I fixed that sometime ago, please
Tomasz Papszun wrote:
> Despite adding to the submission page (in BIG fontsize!) this request:
>
> "DO NOT SUBMIT naked zip files IF their contents is DETECTED as infected
> by ClamAV AFTER UNZIPPING"
>
> they keep submitting these idiotic samples.
You may change the virus submission CGI to make
Tomasz Kojm wrote:
>due to many requests ClamAV is now able to detect and mark password
>protected archives as a virus type "Encrypted.Zip" (big thanks to
>Michael L Torrie). You have to enable this feature manually with
>ArchiveDetectEncrypted in clamav.conf and --detect-encrypted in
>clamscan. Pl
On Wed, 03 Mar 2004 20:40:09 -0600
Ted Fines <[EMAIL PROTECTED]> wrote:
> I think I speak for everyone when I say, You rock, Tomasz.
Thank you, but the credit for the patch goes to Michael Torrie.
Also I think, the real ClamAV hero is Diego d'Ambra who spent
the whole day yesterday providing an
On Thu, 04 Mar 2004 at 12:08:57 +0100, Laurent Wacrenier wrote:
> Tomasz Papszun wrote:
> > Despite adding to the submission page (in BIG fontsize!) this request:
> >
> > "DO NOT SUBMIT naked zip files IF their contents is DETECTED as infected
> > by ClamAV AFTER UNZIPPING"
> >
> > they keep subm
On Thu, Mar 04, 2004 at 12:35:55PM +0100, Tomasz Papszun wrote:
> On Thu, 04 Mar 2004 at 12:08:57 +0100, Laurent Wacrenier wrote:
> > Tomasz Papszun wrote:
> > > Despite adding to the submission page (in BIG fontsize!) this request:
> > >
> > > "DO NOT SUBMIT naked zip files IF their contents is D
On Thu, 4 Mar 2004, Tomasz Kojm wrote:
; due to many requests ClamAV is now able to detect and mark password
; protected archives as a virus type "Encrypted.Zip" (big thanks to
Excellent thank you!
I don't know what the long term plans are for the clamd interface (i.e. is
it planned to move to I
Tomasz Papszun wrote:
On Thu, 04 Mar 2004 at 0:53:42 -0700, Starbane wrote:
Erik Corry wrote:
The question is how much of a problem it really is. Are users
really that dumb?
The sad answer to this question has so far been a resounding "Yes" in
every scenario so far. :(
Unfortunately, it's e
Tomasz Papszun wrote:
> Detecting that a zip file is encrypted and rejecting it
> (available only
> since a very recent CVS version) isn't a good solution either as a
> submitter can have a valid reason to encrypt some sample
> intentionally.
At least one antivirus company requires you to submi
On Thu, 04 Mar 2004 at 12:58:36 +0100, Andrzej Zawadzki wrote:
>
> Yes, I'm sorry but I did that today and after that I read this BIG
> SIGN... :-(
> Again - I'm sorry
Well, "you're not alone" ;-)
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://w
On Thu, 4 Mar 2004 11:53:32 + (GMT), Andy Fiddaman wrote:
>
> handling application to make a decision about what it lets through.
>
> 0Not scanned, unable to handle the object.
> 1Not scanned due to an I/O error.
> 2Not scanned, as the scanner ran out of memory.
>
* Tomasz Kojm <[EMAIL PROTECTED]> [20040304 14:48]: wrote:
> On Wed, 03 Mar 2004 20:40:09 -0600
> Ted Fines <[EMAIL PROTECTED]> wrote:
>
> > I think I speak for everyone when I say, You rock, Tomasz.
>
> Thank you, but the credit for the patch goes to Michael To
On Thu, 2004-03-04 at 13:38, Odhiambo Washington wrote:
>
> Two checkouts today, morning and now() but still the feature seems not
> to have been commited to cvs ;)
It's in the CVS, but sourceforge has probably yet to sync it into their
anonymous CVS system. They can be a bit slow.
-trog
sig
Hi all,
New to group, tried to search previous postings for this, read everything in the docs group. I've got freshclam updating every two hours, and it seems to work fine, with one small exception. After it successfully downloads an update, I get a line in the config file that says this:
'Error"
extension has
a .zip.
I have also saved the attachment and ran clamscan --unzip Messages.txt and it picks up
the virus so I know it's not getting corrupted.
Is this a bug?
I'm using clamscan / ClamAV version devel-20040304.
Brett
--
On Wed, 03 Mar 2004 18:51:05 +0100
Frank Elsner <[EMAIL PROTECTED]> wrote:
>
> Dear developers,
> here's my wishlist item:
>
> Please use the same format for log lines for both clamd and freshclam.
>
> The current logging (to file, not syslog which seems unsupported by
> freshc
On Thu, 4 Mar 2004 06:52:27 -0800
Jeff Ramsey <[EMAIL PROTECTED]> wrote:
> # Send the RELOAD command to clamd.
> NotifyClamd [/etc/clamav.conf]
Fix that.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
\..._
On Thu, 4 Mar 2004 11:53:32 + (GMT)
Andy Fiddaman <[EMAIL PROTECTED]> wrote:
>
> On Thu, 4 Mar 2004, Tomasz Kojm wrote:
> ; due to many requests ClamAV is now able to detect and mark password
> ; protected archives as a virus type "Encrypted.Zip" (big thanks to
>
> Excellent thank you!
>
>
Take out the square brackets on NotifyClamd [/etc/clamav.conf]. The square
brackets signify that the filename is an optional argument, so if your
clamav.conf is in the default location, you could just leave the arguement
out entirely:
# Send the RELOAD command to clamd.
NotifyClamd
JohnV
On T
On Thu, 04 Mar 2004 15:21:26 +0100 Tomasz Kojm wrote:
> On Wed, 03 Mar 2004 18:51:05 +0100
> Frank Elsner <[EMAIL PROTECTED]> wrote:
>
> >
> > Dear developers,
> > here's my wishlist item:
> >
> > Please use the same format for log lines for both clamd and freshclam.
> >
> > Th
On Thu, 4 Mar 2004, Tomasz Kojm wrote:
> Also I think, the real ClamAV hero is Diego d'Ambra who spent the whole
> day yesterday providing an instant protection against the latest
> threats.
Indeed. Diego, thank you very much.
--
Charlie Watts
Brainstorm Internet
970 247-1442 x113
[EMAIL PROTEC
I have an internal Gentoo rsync mirror, and I'd like to do the same
thing with ClamAV due to draconian firewall policies. I'm looking at
the PDF file for the ClamAV mirror, but it seems much more involved
(focused on public mirrors). Is there a quick simple way to do this?
---
On Thursday 04 March 2004 3:43 pm, Jason Qualkenbush wrote:
> I have an internal Gentoo rsync mirror, and I'd like to do the same
> thing with ClamAV due to draconian firewall policies. I'm looking at
> the PDF file for the ClamAV mirror, but it seems much more involved
> (focused on public mirro
When I try to run freshclam on a Solaris 8 SPARC I get the following errors.
nemo# freshclam
ClamAV update process started at Thu Mar 4 10:37:56 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./fe2c2591272a5315 to write
open:
You need the GNU MP library
Install and enjoy...
Carl
Steve Plemmons wrote:
When I try to run freshclam on a Solaris 8 SPARC I get the following errors.
nemo# freshclam
ClamAV update process started at Thu Mar 4 10:37:56 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD
Thanks. Seems to have worked fine.
On Mar 4, 2004, at 7:13 AM, John Vestrum wrote:
Take out the square brackets on NotifyClamd [/etc/clamav.conf]. The
square
brackets signify that the filename is an optional argument, so if your
clamav.conf is in the default location, you could just leave the
a
Michael L Torrie <[EMAIL PROTECTED]> wrote:
> I have made a rudimentary patch (clean patch) against clamav 0.67 to
> mark all zip files containing password-protected (and hence
> unscannable) files as a virus type "SuspectEncrypted.Zip."
Good job. Come to think of it, I can't think of a good reas
On Thu, 04 Mar 2004 16:26:35 +0100
Frank Elsner <[EMAIL PROTECTED]> wrote:
> > Are you using the same log file for clamd and freshclam ?!
>
> Yes.
That's a very bad idea.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Charlie Watts
> Sent: 4. marts 2004 16:31
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] ArchiveDetectEncrypted and
--detect-encrypted
>
> On Thu, 4 Mar 2004, Tomasz Kojm wrote:
>
On Thu, 4 Mar 2004, Tomasz Kojm wrote:
> Hello,
>
> due to many requests ClamAV is now able to detect and mark password
> protected archives as a virus type "Encrypted.Zip" (big thanks to
> Michael L Torrie). You have to enable this feature manually with
> ArchiveDetectEncrypted in clamav.conf an
On Thu, 4 Mar 2004, Igor Brezac wrote:
> On Thu, 4 Mar 2004, Tomasz Kojm wrote:
>
> > Hello,
> >
> > due to many requests ClamAV is now able to detect and mark password
> > protected archives as a virus type "Encrypted.Zip" (big thanks to
> > Michael L Torrie). You have to enable this feature manu
I've noticed that occasionally clamav-milter (from my perspective) misses
some viruses, although subsequently decoding (base64) the file and then
running clamscan on the .zip does successfully find the virus. My
understanding of the clamav package is that clamav-milter passes the
information to cla
On Thu, 4 Mar 2004 10:56:22 -0500
"Steve Plemmons" <[EMAIL PROTECTED]> wrote:
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
> What did I miss?
>
The gmp library, which is available for Solaris 8 and 9 from CSW at
www.blastwave.org.
Alex Moore
--
Title: Message
Hi
there,
I'm trying to get
the clamav-milter to work with sendmail. I've made all the required
changes to the sendmail.cf file, but when I try to restart sendmail, I get the
error:
"sendmail: WARNING:
Xclmilter'': local socket name /var/clamav/clmilter.sock'
missing".
Even though you are running as root, freshclam drops privileges to user
"clamav". Therefore, user "clamav" must be able able to write to Clam's data
directory, which is at $PREFIX/share/clamav. It should look something like
this:
# ls -l /opt/clamav/share/clamav
-rw-r--r-- 1 clamav clamav
On Thu, 4 Mar 2004 11:41:48 -0500 (EST)
Ed Phillips <[EMAIL PROTECTED]> wrote:
> > I may have missed something in this discussion, but why isn't it
> > possible to treat this zip file as a regular file (non archive) and
> > check it against virus patterns? This is how trendmicro engine is
> > abl
Quoting Tomasz Kojm <[EMAIL PROTECTED]>:
> Hello,
>
> due to many requests ClamAV is now able to detect and mark password
> protected archives as a virus type "Encrypted.Zip" (big thanks to
> Michael L Torrie). You have to enable this feature manually with
> ArchiveDetectEncrypted in clamav.conf
> From: Ed Phillips [mailto:[EMAIL PROTECTED]
> On Thu, 4 Mar 2004, Igor Brezac wrote:
> > On Thu, 4 Mar 2004, Tomasz Kojm wrote:
> > > Hello,
> > >
> > > due to many requests ClamAV is now able to detect and mark password
> > > protected archives as a virus type "Encrypted.Zip" (big thanks to
> >
Hello Tomasz.
> ClamAV databases updated (04-mar-2004 13:11 GMT): daily.cvd,
> viruses.db2
> version: 165
>
> Submission: n/a
> Sender: Diego d'Ambra
> Virus name: Worm.Bagle.Gen-zippwd
> Notes: Generic signature to detect password-protected Bagle zip files
> Notes: Signature by Trog
> Added: Y
On Thursday 04 March 2004 10:25 am, you wrote:
> Looks good, but I've seen clamd temporarily allocate ~2x-3x a mail's
> size, so be sure to not set the memory limit too low.
Yeah, I figure it's reasonable to spike some times. I'm just real squeamish
because clamd managed to hard lock both of my l
On Thu, 4 Mar 2004, Chris Barnes wrote:
> Michael L Torrie <[EMAIL PROTECTED]> wrote:
> > I have made a rudimentary patch (clean patch) against clamav 0.67 to
> > mark all zip files containing password-protected (and hence
> > unscannable) files as a virus type "SuspectEncrypted.Zip."
>
> Good job
On Thu, 4 Mar 2004 12:19:16 -0500
"James Barber" <[EMAIL PROTECTED]> wrote:
> Hi there,
>
> I'm trying to get the clamav-milter to work with sendmail. I've made all
> the required changes to the sendmail.cf file, but when I try to restart
> sendmail, I get the error:
> "sendmail: WARNING: Xclmi
Matthew Trent wrote:
On Thursday 04 March 2004 10:25 am, you wrote:
Looks good, but I've seen clamd temporarily allocate ~2x-3x a mail's
size, so be sure to not set the memory limit too low.
Yeah, I figure it's reasonable to spike some times. I'm just real squeamish
because clamd managed to har
Can I set clam to scan incoming mail messages?
I use a clarkconnect 2.1 (redhat9) based firewall /gateway for a dsl modem.
It is not a mail server, jsut want to set clam to scan for
clients who use the gateway to access mail servers on pop or smtop
kevin
--
On Thu, 2004-03-04 at 10:40, [EMAIL PROTECTED] wrote:
> Quoting Tomasz Kojm <[EMAIL PROTECTED]>:
>
> Can you make an option to mark encrypted zip file as a virus
> type "Encrypted.Zip" only when there is MS Windows executable(s) file(s) found
> inside the archive (based on file(s) extension. Her
On Thu, Mar 04, 2004 at 07:52:35PM +0100, Jesper Juhl wrote:
> Our mailserver is setup to reject certain file types as attachments (.com,
> .exe, .pif etc etc). Sometimes users have a legitimate need to get such
> files through, and the way they do it is to compress them and add a
> password to the
James Barber wrote:
Hi there,
I'm trying to get the clamav-milter to work with sendmail. I've made
all the required changes to the sendmail.cf file, but when I try to
restart sendmail, I get the error:
"sendmail: WARNING: Xclmilter'': local socket name
/var/clamav/clmilter.sock' missing".
I am using clamav .65 and was wondering how to get cmilter going. Also, when
the machine is rebooted clamav does not start. How do I get this going
properly with sendmail and procmail?
Bryce
---
This SF.Net email is sponsored by: IBM Linux Tu
I don't think it needs write access to the socket file itself, but it
does need read+exec privs to the directory containing the socket at
least afaik.
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
John Jolet wrote:
James Barber wrote:
H
On Thu, 4 Mar 2004 19:31:32 +0100
"Philipp Grosswiler" <[EMAIL PROTECTED]> wrote:
> Does this mean that we can disable the ArchiveDetectEncrypted option?
Yes, you can.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
\..
On Thu, 04 Mar 2004 17:23:31 +0100 Tomasz Kojm wrote:
> On Thu, 04 Mar 2004 16:26:35 +0100
> Frank Elsner <[EMAIL PROTECTED]> wrote:
>
> > > Are you using the same log file for clamd and freshclam ?!
> >
> > Yes.
>
> That's a very bad idea.
Tell me why. Clamd and freshclam belong together so t
On Thursday 04 March 2004 9:00 pm, Frank Elsner wrote:
> On Thu, 04 Mar 2004 17:23:31 +0100 Tomasz Kojm wrote:
> > On Thu, 04 Mar 2004 16:26:35 +0100
> >
> > Frank Elsner <[EMAIL PROTECTED]> wrote:
> > > > Are you using the same log file for clamd and freshclam ?!
> > >
> > > Yes.
> >
> > That's a
Rembrandt wrote:
On 03 Mar 2004 07:55:00 +
[EMAIL PROTECTED] (Kevin Spicer) wrote:
I don't angree couse a virus could also infect backups if the virus keep
itself secret.
And after 14 or 16 months it could destroy all data.
Don't say "Admins have to". They do their work but they can't fight wh
Rod Furey wrote:
I second this. The amount of mail I'm getting from the list has
gotten to the point where I want to use the web interface to look
at things (like I do with the Linux-390 list - lots of traffic there too).
And this is with me getting the digests... Ta muchly...
Rod
This was reaso
Hi All
This is the first time I am using clamd. I just installed it with
gmp-4.1.2
I am getting this error message when trying to start clamd
LibClamAV debug: Loading databases from /usr/local/share/clamav
LibClamAV debug: Loading /usr/local/share/clamav/main.cvd
LibClamAV debug: /usr/local/shar
> From: Jim Mercer [mailto:[EMAIL PROTECTED]
...
> > .exe, .pif etc etc). Sometimes users have a legitimate need
> to get such
> > files through, and the way they do it is to compress them and add a
> > password to the zip archive so the content filter can't look inside.
>
> alternately, the send
On Thu, 4 Mar 2004, Jim Mercer wrote:
> On Thu, Mar 04, 2004 at 07:52:35PM +0100, Jesper Juhl wrote:
> > Our mailserver is setup to reject certain file types as attachments (.com,
> > .exe, .pif etc etc). Sometimes users have a legitimate need to get such
> > files through, and the way they do it
On Mar 4, 2004, at 2:16 PM, [EMAIL PROTECTED] wrote:
From: Jim Mercer [mailto:[EMAIL PROTECTED]
...
.exe, .pif etc etc). Sometimes users have a legitimate need
to get such
files through, and the way they do it is to compress them and add a
password to the zip archive so the content filter can't lo
On Thu, 4 Mar 2004, Bryce wrote:
> I am using clamav .65 and was wondering how to get cmilter going. Also, when
> the machine is rebooted clamav does not start. How do I get this going
> properly with sendmail and procmail?
>
How to start programs at boot depends on your operating systems. System
server before dying. Everything since then can't last
over an hour. I am trying clamav-devel-20040304 right now and it has
managed to last an hour twice and 44 minutes once. What happens is
that clamd runs using less than 3% of the cpu until it nears the end.
Then it takes over al
On Thu, 04 Mar 2004 at 14:42:01 -0800, Jeff Ramsey wrote:
>
> Where can I get the patch that started this thread?
>
Go to http://www.mail-archive.com/clamav-users%40lists.sourceforge.net/
and search for the message from Michael L Torrie with subject
[Clamav-users] Simple patch for dealing with p
I have looked far and wide for the answer to this (docs, comments in
source, and the list archives.) and so far I cannot find an answer. The
question is what kind of digital signature is used to verify the
integrity of the databases we download from database.clamav.net.
The source in dsig.c is
On Thu, 04 Mar 2004 at 12:31:00 -0800, Bryce wrote:
> I am using clamav .65 and was wondering how to get cmilter going. Also, when
^^^
The question is not "how", but "if". The answer is "not" ;-) .
I mean: why use an outdated version of ClamAV? Please upgrade.
> the machine is
Diego d'Ambra wrote:
ClamAV databases updated (04-mar-2004 13:11 GMT): daily.cvd, viruses.db2
version: 165
Submission: n/a
Sender: Diego d'Ambra
Virus name: Worm.Bagle.Gen-zippwd
Notes: Generic signature to detect password-protected Bagle zip files
Notes: Signature by Trog
Added: Yes
Does this mea
My most humble apologies. I accidentally sent a post I meant for
clamav-users to clamav-virusdb.
This was purely by accident.
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, Presi
On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote:
> Diego d'Ambra wrote:
>
> >ClamAV databases updated (04-mar-2004 13:11 GMT): daily.cvd, viruses.db2
> >version: 165
> >
> >Submission: n/a
> >Sender: Diego d'Ambra
> >Virus name: Worm.Bagle.Gen-zippwd
> >Notes: Generic signature to detect passwo
runs for 4 to 5 days on my
production mail server before dying. Everything since then can't
last over an hour. I am trying clamav-devel-20040304 right now and it
has managed to last an hour twice and 44 minutes once. What happens
is that clamd runs using less than 3% of the cpu unt
Tomasz Kojm wrote:
On Sun, 29 Feb 2004 14:43:36 +0100
"Wouter" <[EMAIL PROTECTED]> wrote:
Hi,
I think i have a stupid qeustion. I could not find how i kan reload or
stop clamav.
I have read http://www.clamav.net/doc/0.67/html/node16.html
But when i do clamd QUIT there nothing happen clamd dont st
75 matches
Mail list logo
