Chris Lopeman wrote:
Hi All,
I have seen the opposite question posed but not this one. I get the
error about not being able to connect to clamd. But I am not running
clamd. I don't want to. I am also not using the --daemon-notify
option. Yet it appears to always try to notify. Is there
On Thursday 11 March 2004 2:21 am, Ed Kasky wrote:
> Mar 10 17:57:11 clam-milter[5623]: recv failed from clamd getting PORT
> Mar 10 17:57:11 Milter: from=<[EMAIL PROTECTED]>, reject=451 4.7.1
> Please try again later
>
> I assume it's rejecting because clamd can't get port?
Is clamd running?
>
Ed Kasky wrote:
#ls -al /var/run/clamav
drwxr-xr-x2 clamav clamav 4096 Mar 10 17:52 .
drwxr-xr-x6 root root 4096 Mar 10 17:57 ..
srwxr-xr-x1 clamav clamav 0 Mar 10 17:52 clamav.sock
-rw-rw1 clamav clamav 4 Mar 10 17:52 clamd.pid
Looks O
On Thu, 11 Mar 2004 12:49:36 +1100
Jonathan Trott <[EMAIL PROTECTED]> wrote:
> At the moment, if you put any virus inside an encrypted zip file,
> clamav reports that there isn't a virus in there, which is a false
> negative. Better to report that it couldn't be scanned than there
> wasn't a vi
On Wed, 10 Mar 2004 20:33:52 -0600
Chris Lopeman <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I have seen the opposite question posed but not this one. I get the
> error about not being able to connect to clamd. But I am not running
> clamd. I don't want to. I am also not using the --daemon-n
On Wed, 10 Mar 2004 17:35:57 -0700
"Brad Morgan" <[EMAIL PROTECTED]> wrote:
> > I believe the code that should be changed is in the checkfile( )
> > function in the manager.c file, where there are two references to
> > "%s: %s FOUND\n", which could be changed to "%s: infected with %s\n"
> > or "%s
Hello,
(I am new to the list, but have scanned the archives and have been
unable to find a complete answer to this, although it has been brought
up once or twice ...)
I'd like to be able to see the alias names for detected viruses. The
clamav-virusdb announcements include aliases, but searching
No idea how easy this would be to implement but here goes:
As well as the virus signature databases, how about having an alias
database which would contain a record for each virus, indicating its
ClamAV name along with those used by the more mainstream AV software
like Sophos, McAfee etc. Then hav
Tomasz Kojm wrote:
BTW: What is "Declude Virus" ?
Something like Amavis which only works on Imail
http://www.declude.com/Virus/index.html
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Rob
Clam Users/Developers:
First of all, I'd like to thank for all your great work with clam AV.
I currently have a mail server with the following specs:
Mandrake 9.2
clamav version 0.66 (installed from mandrake RPM)
spamassassin
amavis
It runs okay, but I found something strange.
Got an email with s
Karis Matik wrote:
less viruses.db
And I looked for Worm.Bagle.Gen-zippwd, I can't get one.
You're looking in the wrong place
bash-2.03# grep Worm.Bagle.Gen-zippwd viruses*
viruses.db2:Worm.Bagle.Gen-zippwd
(Clam)=504b03040a000100*504b010214000a000100*504b050601000100
Any one c
Thanks for your reply.
Several questions:
1. which virus database amavis 0.66 uses? viruses.db or viruses.db2 or both?
2. When I do a restart on clamd service, I can't find: Database correctly reloaded
message.
Thu Mar 11 23:11:01 2004 -> Signal 15 caught -> exiting.
Thu Mar 11 23:11:01 2004 -> F
On Thu, 11 Mar 2004 17:38:43 +0700
"Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote:
> Tomasz Kojm wrote:
>
> >BTW: What is "Declude Virus" ?
> >
> >
> >
> Something like Amavis which only works on Imail
> http://www.declude.com/Virus/index.html
It's very expensive...
--
oo. T
On Thu, 11 Mar 2004 10:15:50 +
Dave Ewart <[EMAIL PROTECTED]> wrote:
> 2. Can the alias details be extracted from the .cvd files? If not
> currently, is there any way to add this detail?
Virus aliases will be supported in signatures in the near future.
--
oo. Tomasz Kojm
On Thursday 11 March 2004 12:47 pm, Karis Matik wrote:
> Thanks for your reply.
> Several questions:
> 1. which virus database amavis 0.66 uses? viruses.db or viruses.db2 or
> both?
Both. In fact ClamAV will use any/all files which end in .db or .db?
(wildcard) in the appropriate directory.
Since this option was mentioned, I have done checked out the cvs version
but ./configure refuses to accept that option.
Even from a cvs checkout I did today ;)
cheers
- wash
+--+-+
Odhiambo Washington
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday, 11.03.2004 at 13:52 +0100, Tomasz Kojm wrote:
> On Thu, 11 Mar 2004 10:15:50 + Dave Ewart
> <[EMAIL PROTECTED]> wrote:
>
> > 2. Can the alias details be extracted from the .cvd files? If not
> > currently, is there any way to add th
On Wed, 2004-03-10 at 22:15, Fajar A. Nugraha wrote:
> Jon Fraley wrote:
>
> >I am installing clamav-0.67 on HPUX-11.0. After ironing out issues with
> >./configure, I now have a problem with make. After running a while I
> >get the following: Any ideas on solving this?
> >
> >/zzip-zip.c' ||
Karis Matik wrote:
Thanks for your reply.
Several questions:
1. which virus database amavis 0.66 uses? viruses.db or viruses.db2 or both?
Not amavis 0.66. Clamav 0.66.
Antoni's reply is correct : ClamAV will use any/all files which end in
.db or .db?
But since you use 0.66, you don't need to h
Odhiambo Washington wrote:
Since this option was mentioned, I have done checked out the cvs version
but ./configure refuses to accept that option.
Even from a cvs checkout I did today ;)
It's not ./configure option. It's clamscan option.
With clamd, it's
ArchiveDetectEncrypted
in clamav.conf.
On Thu, 11 Mar 2004, [windows-1252] Kritof Petr wrote:
> > When I start clamd, it loads just fine and I can use clamdscan just
> > fine. However, running clamav-milter through sendmail results in the
> > following from the maillog:
>
>
> Did you started clamav-milter daemon? If yes, does it
On Thu, 11 Mar 2004, Nigel Horne wrote:
> > Mar 10 17:57:11 clam-milter[5623]: recv failed from clamd getting PORT
> > Mar 10 17:57:11 Milter: from=<[EMAIL PROTECTED]>, reject=451 4.7.1
> > Please try again later
> >
> > I assume it's rejecting because clamd can't get port?
>
> Is clamd running?
Jon Fraley wrote:
How do I tell it to compile with gcc?
Step 1 : get gcc package for HPUX (if any exist)
Step 2 : execute
CC=gcc ./configure
instead of just ./configure
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux t
* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040311 17:49]: wrote:
> Odhiambo Washington wrote:
>
> >Since this option was mentioned, I have done checked out the cvs version
> >but ./configure refuses to accept that option.
> >Even from a cvs checkout I did to
Just a quick thank you to all of you who help with clamav! I use clamav on
my mailserver via MailScanner. (I'm using MailScanner with F-Secure and
ClamAV) Several times ClamAV is the only antivirus that will see viruses via
email. KEEP UP THE GOOD WORK!
--
> No idea how easy this would be to implement but here goes:
>
> As well as the virus signature databases, how about having an alias
> database which would contain a record for each virus, indicating its
> ClamAV name along with those used by the more mainstream AV software
> like Sophos, McAfee et
Odhiambo Washington wrote:
hehee, I noticed that and added 2 days ago, but just today Tomas
(Kojm) wrote to the list with that option again ;)
You mean the one with
"
But anyway you should check the
--detect-encrypted option (CVS).
"
I assume he meant it as an option for clamscan (as stated in
> -Original Message-
> From: Tomasz Kojm
>
> On Thu, 11 Mar 2004 10:15:50 +
> Dave Ewart <[EMAIL PROTECTED]> wrote:
>
> > 2. Can the alias details be extracted from the .cvd files? If not
> > currently, is there any way to add this detail?
>
> Virus aliases will be supported in signa
Odhiambo Washington wrote:
> * Rick Weinbender <[EMAIL PROTECTED]> [20040311 05:11]: wrote:
> > After installing clamav I get the following errors on boot.
> >
> > Configuring network interfaces: run-parts: failed to exec
> > /etc/network/if-up.d/clamav-fresh
>
> You can look for the last colon...
>
> > the begining of the -l output. Can the change Scott suggested be made
> > to the ClamAV source?
> > Does it have to have an option added because the old format is being
> > parsed by
> > other programs?
>
> The output format won't change. Please check t
On Thursday 11 March 2004 4:18 pm, Brad Morgan wrote:
> > The output format won't change. Please check the 3-rd party software (on
> > www.clamav.net) for parsing details.
>
> Sorry to hear that the output format is frozen in time.
There are too many existing packages which call ClamAV and expect
What virus is Worm.SomeFool.Gen-1 is it a Netsky virus?
Jim
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamen
On Thursday 11 March 2004 4:40 pm, [EMAIL PROTECTED] wrote:
> What virus is Worm.SomeFool.Gen-1 is it a Netsky virus?
Yes, but there isn't a one-to-one correspondence between what the different
A-V vendors are picking up from different binaries:
ClamAV: all_document.pif contains Worm.SomeFool.G
Hi,
I am very happy with clamav, and would like everyone's opinion to the
following feature request:
clamd logs to a file and you can control the size, but when this limit is
reached, logging stops. When this happens, an entry in the file says it has
reached the file size limit. Since the progr
> On Thursday 11 March 2004 4:18 pm, Brad Morgan wrote:
>
> > > The output format won't change. Please check the 3-rd party software
(on
> > > www.clamav.net) for parsing details.
> >
> > Sorry to hear that the output format is frozen in time.
>
> There are too many existing packages which call Cla
At 06:20 AM Thursday, 3/11/2004, Kritof Petr wrote -=>
Is this the correct switch to use when loading the daemon?
local:/var/run/clamav/clamav.sock
(This is also set in clamav.conf)
Beware! In /etc/clamav.conf you are setting socket for communication
between clamd <-> clamav-milter what if differ
Jorge Valdes wrote:
Hi,
I am very happy with clamav, and would like everyone's opinion to the
following feature request:
clamd logs to a file and you can control the size, but when this limit
is reached, logging stops. When this happens, an entry in the file
says it has reached the file size l
Ed Kasky wrote:
In what instance would one enable the following?
# TCP port address.
#TCPSocket 3310
When you have windows clients for example.
Petr
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by D
At 12:41 PM 3/11/2004, John Jolet wrote:
why not just run logrotate and have done with it?
It would help if clamd took a "kill -HUP" and started a new logfile.
Betsy Schwartzemail:
[EMAIL PROTECTED]
Unix Systems Administrator,CRG
On Thu, 11 Mar 2004 10:57:43 -0600
Jorge Valdes <[EMAIL PROTECTED]> wrote:
> Hi,
> I am very happy with clamav, and would like everyone's opinion to the
> following feature request:
>
> clamd logs to a file and you can control the size, but when this limit
> is reached, logging stops. When this
On Thu, 11 Mar 2004 09:18:00 -0700
"Brad Morgan" <[EMAIL PROTECTED]> wrote:
> So as you can see, I'd like Declude to parse the output and capture
> the virus name. Declude support tells me there's a "standard" format
> for the report output and ClamAV doesn't adhere to the "standard".
> AVG, F-P
On Thu, 11 Mar 2004 07:52:44 -0800
"Mitch (WebCob)" <[EMAIL PROTECTED]> wrote:
> Maybe I spoke to soon... if you guys are already working on this great
> - how will aliases be identified and submissions be processed?
>
> I've heard that the bigger manufacturers often copy the first known
> name
Betsy Schwartz wrote:
At 12:41 PM 3/11/2004, John Jolet wrote:
why not just run logrotate and have done with it?
It would help if clamd took a "kill -HUP" and started a new logfile.
Betsy Schwartz
email: [EMAIL PROTECTED]
Unix Systems Admin
I have a HPUX 11.00 machine with GCC, I tried to compile the latest
sendmail with milter, and use the clamav-milter with it. I was never able
to get the milter library compiled for sendmail, and thus clamav-milter to
work. Did you have any success with that? My issue is I only have the
base c
I didn't get any responses on this, so I'm trying a repost of this:
Using clamd devel-20040304 on FreeBSD 4.9
On several occasions now we've noticed that when clamd checks and reloads
the virus database current clamdscan's hang and then time out.
This causes some real problems on a process that
I tried using gcc, but it still failed during "make". I will try
something else.
Jon
On Thu, 2004-03-11 at 14:14, Richard Nairn wrote:
> I have a HPUX 11.00 machine with GCC, I tried to compile the latest
> sendmail with milter, and use the clamav-milter with it. I was never able
> to get the
>At 12:41 PM 3/11/2004, John Jolet wrote:
>>why not just run logrotate and have done with it?
>
>It would help if clamd took a "kill -HUP" and started a new logfile.
>
>Betsy Schwartz
Depending on traffic, and logging options selected, this can grow fairly
quickly. If log entries are lost, debuggi
On Thu, 2004-03-11 at 20:18, Robert Blayzor wrote:
> I didn't get any responses on this, so I'm trying a repost of this:
>
> Using clamd devel-20040304 on FreeBSD 4.9
>
> On several occasions now we've noticed that when clamd checks and reloads
> the virus database current clamdscan's hang and th
Thanks to Fajar and Antoni.
One thing I still don't understand is about the viruses.db or viruses.db2.
What are the *.db* files? What are the *.cvd files? Is the *.db* file just a list
which will be compiled into binary file (namely the .cvd files)?
Fajar mentioned the virus database used is the
This is my installed amavis and clamd:
amavisd-new-0.20030616-10mdk
clamav-db-0.66-0.20031204.1mdk
libclamav1-0.66-0.20031204.1mdk
clamav-0.66-0.20031204.1mdk
clamdmail-0.15-1mdk
clamd-0.66-0.20031204.1mdk
I applied the patch from Mark Martinec (reference:
http://marc.theaimsgroup.com/?l=amavis-
On Thu, Mar 11, 2004 at 10:59:40PM +, Karis Matik wrote:
> This is my installed amavis and clamd:
>
> amavisd-new-0.20030616-10mdk
> clamav-db-0.66-0.20031204.1mdk
> libclamav1-0.66-0.20031204.1mdk
> clamav-0.66-0.20031204.1mdk
> clamdmail-0.15-1mdk
> clamd-0.66-0.20031204.1mdk
>
> I applied
>> Got an attachment contain Bagle-F zippwd with the name: Info.zip. When I test the
>> attachment, clam still allows the mail to get through. Anyone has similar problem
>> and solution?
>>
>
>This patch worked fine for me.
>(I've since upgraded to the -p8 release, which also works fine)
>Did you
Karis Matik wrote:
What are the *.db* files? What are the *.cvd files? Is the *.db* file just a list which will be compiled into binary file (namely the .cvd files)?
Simply put, the *.cvd is the new format vor viruses.db and viruses.db2.
As the name implied, main.cvd is the main virus signatu
On Thu, 11 Mar 2004, Dave Ewart wrote:
> ClamAV is a fabulous project - wish I could find some way to contribute.
Well, there's always: http://clamav.net/donate.php#pagestart
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
---
This SF.Ne
I just downloaded the version 0.67 and I followed the step-by-step
config in http://linux-sxs.org/administration/clamav.html
In the step 9 of the above link what does it mean signature? Does it
means the file with an extension name of .sig ???
seems like a success but how to update the virus def
When you say clamAV works with logrotate, what command are you issuing to
get clamav to start using the new file? What I'm seeing is that it doesn't
respond to SIGHUP but has to be killed and restarted to get it to let go of
the old filehandle
Betsy Schwartz
At 10:04 PM 3/11/2004, kent e. wrote:
In the step 9 of the above link what does it mean signature? Does it
means the file with an extension name of .sig ???
seems like a success but how to update the virus definition or the db of
The "signature" is the signature of the virus, or the virus definitio
On Fri, Mar 12, 2004 at 12:59:17AM +, Karis Matik wrote:
>
> Hi Noel,
> Yes, I've put the MAIL$ line in the amavisd.conf. Still, it missed the Info.zip
> attachment.
> Have you tested with a zipped password protected?
> My initial thinking is (probably) the database isn't read properly. But a
* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040311 19:30]: wrote:
> Odhiambo Washington wrote:
>
> >hehee, I noticed that and added 2 days ago, but just today Tomas
> >(Kojm) wrote to the list with that option again ;)
> >
> >
> >
> You mean the one
* Betsy Schwartz <[EMAIL PROTECTED]> [20040311 22:44]: wrote:
> At 12:41 PM 3/11/2004, John Jolet wrote:
> >why not just run logrotate and have done with it?
>
> It would help if clamd took a "kill -HUP" and started a new logfile.
>
I support the original poster
Fajar:
>PS : Has your problem solved yet?
Unfortunately nope. The problem might be relevant to amavisd-new where it incorrectly
passes the mail attachment to clamd.
Is there any way to view the content of the vcd file to see if the virus is within the
definition.
I posted another thread in reg
Hi,
We're evaluating clamav to use with our mail server. So far I'm very
enthousiastic, espec cause clamav detects the encrypted zip files and
the speed new signatures come available but unfortunately I'm not the
only one who decides if we're going to use it anyway we're running:
clamd / ClamAV ve
62 matches
Mail list logo
