> Im running a smtp server with f-secure and clamav. I have a problem with
> the f-secure server because it cant find the bagle virus in password
> protected zip files but clamav does. I e-mailed f-secure support about
> and they said to me it isnt any virus scanner today that can find virus
> in p
Simon Gate wrote:
Im running a smtp server with f-secure and clamav. I have a problem with
the f-secure server because it cant find the bagle virus in password
protected zip files but clamav does. I e-mailed f-secure support about
and they said to me it isnt any virus scanner today that ca
(BExiscan is a patch for the source program of Exim,
(Bso Exim should be compiled.
(BHowever, I am using cPanel also.
(BMy admin thinks Amavisd-new is better than Exiscan.
(BIs there any way to use amavisd-new for realizing the combinaion
(B with spamassasin?
(BMany thanks.
How do I get ClamAV do search thru password protected files?
Im using ClamAV-devel-20030318
//Regards Jonas
- Original Message -
From: "Simon Gate" <[EMAIL PROTECTED]>
Sent: Friday, March 26, 2004 8:04 AM
Subject: [Clamav-users] Find bagle in Zip files.
How do I get ClamAV to generate this repport?
//Regards Jonas
- Original Message -
Sent: Thursday, March 25, 2004 7:35 AM
Subject: [Clamav-users] Application to generate CLAMAV report
Dear all,
I have created a small application
On Fri, 2004-03-26 at 07:31, Tomasz Klim wrote:
> > Im running a smtp server with f-secure and clamav. I have a problem with
> > the f-secure server because it cant find the bagle virus in password
> > protected zip files but clamav does. I e-mailed f-secure support about
> > and they said to me it
> -Ursprungligt meddelande-
> Från: Fajar A. Nugraha [mailto:[EMAIL PROTECTED]
> Skickat: den 26 mars 2004 09:09
> Ämne: Re: [Clamav-users] Find bagle in Zip files.
> Simon Gate wrote:
> >Hello.
> >
> >Im running a smtp server with f-secure and clamav. I
On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote:
> Is there any way to make clamd log the structure of
> a message and it's attachments? BinHex, MIME, plain-text,
> ZIP, RAR, BZIP, GZIP, OLE2, etc...?
I don't consider that to be the job of a virus scanner.
Nigel Horne. Arrang
Just downloaded the src RPM "clamav-0.70rc-1.src.rpm "
I wanted to build RPM without milter support ?
What i need to change in SPEC file...
Sorry i know very very little abt SPEC file .
The brain is a wonderful organ. It gets automounted the moment you get Up
Dilip M wrote:
Just downloaded the src RPM "clamav-0.70rc-1.src.rpm "
I wanted to build RPM without milter support ?
What i need to change in SPEC file...
Sorry i know very very little abt SPEC file .
'rpmbuild -ba clamav.spec --without milter'
Bryce wrote:
The startup script “clamav-milter.sh” Makes a few calls to init.d. I
am on a Virtual Private Server so I do not have init.d available to
me. All I have is rc.d. How can I then get clamav-milter to start when
I reboot my server?
Write your own simple script and put them to
On Fri, 26 Mar 2004 14:33:46 +0530, Dilip M <[EMAIL PROTECTED]> wrote:
Just downloaded the src RPM "clamav-0.70rc-1.src.rpm "
I wanted to build RPM without milter support ?
%define _without_milter 1
its getting built :)
Joe's Web Hosting $B!!(B-- $B;3EDHi.
(B>Exiscan is a patch for the source program of Exim,
(B>so Exim should be compiled.
(B>However, I am using cPanel also.
(B>My admin thinks Amavisd-new is better than Exiscan.
(BNo way.
(BThe recommended
On Wed, 24 Mar 2004 10:19:26 -0300, Everton da Silva Marques
On Wed, Mar 24, 2004 at 02:33:09PM +0530, Dilip M wrote:
I'm running "clamav-0.67-1",
with Exim 4.30/exiscan-acl patch revision 14.
I got these viruses skipped while testing tro testvirus.org
Test # 12,19,21,
Jesse Guardiani
uname -na
Linux korn 2.4.23 #2 Fri Dec 26 13:44:13 BRST 2003 i686 unknown
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies.
Test # 12,19,21,23,25
Is this normal or i need to upgrade ?
Get latest clamav, 0.70rc or even CVS, then enable ScanMail.
Just now i got this CLAMAV installed...
# rpm -qa|grep clam
ClamAV update process started at Fri Mar 26 15:45:25 2004
On Fri, 26 Mar 2004 07:31:58 GMT
Tomasz Klim <[EMAIL PROTECTED]> wrote:
> > clamav to find a virus in a password protected file when f-secure
> > support claims it isnt possible?
> Clamav doesn't find viruses in passworded zip archives. Clamav just
> have in its virus database 2 special signatu
> -Original Message-
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Thursday, March 25, 2004 5:37 PM
> Subject: Re: [Clamav-users] clam not fresh
> I did exactly that, deleted the cvd files and re-ran freshclam. I am
> on
On Mar 26, 2004, at 8:43 AM, Jim Maul wrote:
I did exactly that, deleted the cvd files and re-ran freshclam. I am
only showing through SomeFool.M, no O, P or P-dll.
Any ideas or tips appreciated.
Well, being that this makes no sense, the only thing i can suggest is
to t
> I do still have the old style signatures located in
> /usr/share/clamav from clam-0.65. Tomasz mentioned
> in an earlier post that this could be the problem.
> I am wondering if I should change the freshclam.conf
> database line from /var/lib/clamav to /usr/share/clamav?
> It seems to me t
I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3.
The other day, the following worm slipped through my clamav scanner:
At first, I thought it was a new rar file, and tried to submit it. This
variant had already been input into the database. Figuring t
> -Original Message-
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Friday, March 26, 2004 10:14 AM
> Subject: Re: [Clamav-users] clam not fresh
> My number of signatures is exactly the same as yours. When I grep for
> somefoo
Nigel Horne wrote:
> On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote:
>> Is there any way to make clamd log the structure of
>> a message and it's attachments? BinHex, MIME, plain-text,
>> ZIP, RAR, BZIP, GZIP, OLE2, etc...?
> I don't consider that to be the job of a virus scanner.
The evidence points to incoming connections taking a long time (minutes) to send the
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes between an SMTP connection being established and
the conversation
> -Original Message-
> [mailto:[EMAIL PROTECTED] Behalf Of Ethan P
> Sent: Friday, March 26, 2004 10:32 AM
> Subject: [Clamav-users] Segfault on password protected rar?
> I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.
Dilip M wrote:
>> Only improvement is Test # 12 was detected ?
>> Where as all other Viruses,ie
>> Test # 19,21,23,25
>> came through :(
That is exactly what I'm getting with qmail-scanner-1.21 and clamav0.70-rc
(and the CVS version from 2004/03/25).
I think there was a discussion abou
Mark Novak Sent: Friday, March 26, 2004 10:14 AM
> It seems to me that I am updated, as I have the same number of
> signatures as you do, but when I grep it for somefool, maybe it is
> going to the old set in the other directory?
This, apparently, is my problem. Read my post from yesterday about
Ralph Angenendt wrote:
> grep FOUND /var/log/messages \
> | cut -d ":" -f 5 \
> | sed -e "s/\ FOUND//" \
> | sort \
> | uniq -c \
> | sort -r
> This gives us the following output (yes, no percentages, one might hack
> that into it):
>9353 Worm.SomeFool.Gen
On Fri, 2004-03-26 at 10:46, Jesse Guardiani wrote:
> :) Why not if it can already performing actions on the above
> items?
Clamav is a virus scanner. Features like that belong in whatever rips
apart messages for Clamav to scan (amavisd-new in my case). However, it
sounds like something
* Ethan P <[EMAIL PROTECTED]> [20040326 19:15]: wrote:
> I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3.
Does it still behave the same if you upgrade to higher version?
I think it is time for you to erase ALL of your clamAV
files, wherever you have them scattered, and reinstall
and reconfigure, so you only have one set of .conf files
and one set of .cvd files, and then reboot.
At least then you'll know where to look and/or get
meaningful error messages.
I s
> -Original Message-
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Jesse Guardiani
> :) Why not if it can already performing actions on the above
> items?
Code bloat is a Bad Thing. I'd rather have my virus scanner doing
exactly what it's supposed to do - no mo
On Fri, 26 Mar 2004 09:14:08 -0600, Mark Novak <[EMAIL PROTECTED]> wrote:
>> Jim
>My number of signatures is exactly the same as yours. When I grep for
>somefool, I stop at M.
>I do still have the old style signatures located in /usr/share/clamav
>from clam-0.65. Tomasz mentioned in an
I've check the archive at length but I don't think any of the other posts
are the same problem.
the error is freshclam wont, error in log is:
ClamAV update process started at Fri Mar 26 15:01:37 2004
ERROR: Maximal time (1200 seconds) reached.
I've installed clam from the latest RPMs on a ma
Jesse Guardiani wrote:
> I see similar symptoms when my clamd (0.70-rc) process chokes on a
> message it doesn't like. The clamd process starts eating between 50%
> and 100% CPU and gobbling up RAM.
Quick note: The CVS version from 2004/03/26 fixes this problem for me.
Jesse Guardiani
On Thu, 25 Mar 2004 13:36:00 -0300 (ART)
Claudio Alonso <[EMAIL PROTECTED]> wrote:
> I'm using Clamuko with Dazuko 2.0. only on /home and /tmp
> I know Clamuko support isn't very tested, but is it possible for
> Clamuko to generate a clamd segm. fault? Or may it be a different
> problem?
It's a g
On Fri, 26 Mar 2004 15:27:23 -
"Randal, Phil" <[EMAIL PROTECTED]> wrote:
> I think it is time for you to erase ALL of your clamAV
> files, wherever you have them scattered, and reinstall
> and reconfigure, so you only have one set of .conf files
> and one set of .cvd files, and then reboot.
Qmail-Scanner 1.21 has a new option:
--block-password-protected [yes|no] Defaults to "no". Setting this to "yes"
you to quarantine any incoming zip files that are
protected. This is primarily to stop viruses such
On Fri, 2004-03-26 at 15:44, Nigel Horne wrote:
> The evidence points to incoming connections taking a long time (minutes) to send the
> first
> line of header after establishing a connection.so clamd gives up waiting. Increasing
> clamd's timeout
> will help. I have seen 4-5 minutes between an S
Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send the
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes between an SMTP connection being established and
On Fri, 2004-03-26 at 13:48, Tomasz Kojm wrote:
> > But AFAIK, Kaspersky AntiVirus can crack a password on zip archive
> > in some special circumstances. I have a program, that can do the
> > same, but Tomasz Kojm is not interested in it.
> Right. ClamAV must be transparent in its licensing.
Trog wrote:
On Fri, 2004-03-26 at 15:44, Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send the
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes betw
Mike Cathey wrote:
> Jesse,
> On Fri, 2004-03-26 at 10:46, Jesse Guardiani wrote:
>> :) Why not if it can already performing actions on the above
>> items?
> Clamav is a virus scanner. Features like that belong in whatever rips
> apart messages for Clamav to scan (amavisd-new in my case).
I think I figured it out. Just read the release notes for .66 (the fix for
this issue). I'm on .70RC and it's working like a champ now.
-Ethan P
Ethan P writes:
I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3.
The other day, the following worm slipped through my clam
Let me preface this by stating that I am a newbie with using the
commands below, I have only ever used grep to locate simple things, I
have not used any of the others...
So how come when I enter the commands below, I get an error that
says: "grep: unknown directories method"?
Ralph Angenendt w
GMX released a paper where they were comparing the four biggest e-mail
provider in Germany and how successful the most known viruses are caught by
the e-mail software.
They were testing the following providers and virus software:
www.1und1.de (Symantec)
www.gmx.de (Sophos Anti-Virus)
On Fri, 2004-03-26 at 17:03, Joe Maimon wrote:
> # Thread (scanner - single task) will be stopped after this time (seconds).
> # Default is 180. Value of 0 disables the timeout. SECURITY HINT:
> Increase the
> # timeout instead of disabling it.
> ThreadTimeout 600
> Still happening.
> Beside
What os are you using?
- Original Message Follows -
From: Craig Daters <[EMAIL PROTECTED]>
Subject: [Clamav-users] Re: Application to generate CLAMAV report
Date: Fri, 26 Mar 2004 10:39:24 -0700
> Let me preface this by stating that I am a newbie with using the
On Mar 26, 2004, at 11:10 AM, Jesse Guardiani wrote:
Dilip M wrote:
Only improvement is Test # 12 was detected ?
Where as all other Viruses,ie
Test # 19,21,23,25
came through :(
That is exactly what I'm getting with qmail-scanner-1.21 and
(and the CVS version from 2004/03/2
Many thanks Fajar!
I had ScanMail enabled! I thought we needed that.. Darn; I just
disabled it now.
thanks a lot, -turgut
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President an
Fri, 26 Mar 2004 at 17:47 GMT Jesse Guardiani <[EMAIL PROTECTED]> wrote
> Here's a sample output:
And if you mix this output with a cronjob, some sql and jpgraph
(http://www.aditus.nu/jpgraph/), you might end up with something like
I'm running ClamAV 0.68-1 on a OpenBSD-machine (i386, snapshot 190304).
When I set 'User _clamd' in clamav.conf and start clamd as root I'm not
able to use clamdscan (not able to open file...most probably due to
file-restrictions). When I replace _clamd with root everything works
What's the trick to building and installing milter on 0.70-rc?
I've got 0.65 running on this system with milter, so the milter libs
for sendmail should be OK.
I get a .o file but clamav-milter is the temporary wrapper script, and
an install doesn't seem to build a linked executable anywhere.
Björn Ketelaars wrote:
I'm running ClamAV 0.68-1 on a OpenBSD-machine (i386, snapshot 190304).
When I set 'User _clamd' in clamav.conf and start clamd as root I'm not
able to use clamdscan (not able to open file...most probably due to
file-restrictions). When I replace _clamd with root e
Craig Daters wrote:
> Let me preface this by stating that I am a newbie with using the
> commands below, I have only ever used grep to locate simple things, I
> have not used any of the others...
> So how come when I enter the commands below, I get an error that
> says: "grep: unknown directori
--- Tomasz Kojm <[EMAIL PROTECTED]> escribió:
> It's a good idea to disable archive/mail support when using on-access
> scanner.
Hello Tomasz,
Disabling archive support means that compressed files will be managed using external
Los mejores usados y las más tentadora
On Friday 26 March 2004 5:39 pm, Craig Daters wrote:
> Let me preface this by stating that I am a newbie with using the
> commands below, I have only ever used grep to locate simple things, I
> have not used any of the others...
> So how come when I enter the commands below, I get an error that
RH9 with Sendmail
What os are you using?
- Original Message Follows -
From: Craig Daters <[EMAIL PROTECTED]>
Subject: [Clamav-users] Re: Application to generate CLAMAV report
Date: Fri, 26 Mar 2004 10:39:24 -0700
Let me preface this by stating that I am a newbie wit
On Fri, 2004-03-26 at 18:35, Bart Silverstrim wrote:
> Hmm...when I just tested it (postfix, clamav, amavisd-new) tests 8, 12,
> 24, and 25 got through. Am I missing something in my config?
> How worried should I be about those viruses getting through? :-/
#8 was blocked with current CVS (di
Been there, done that. The man page offers no clues...
Craig Daters wrote:
Let me preface this by stating that I am a newbie with using the
commands below, I have only ever used grep to locate simple things, I
have not used any of the others...
So how come when I enter the commands below, I g
Okay, I discovered that all of the logging is being done in
/var/log/maillog as opposed to /var/log/messages, and once I pointed
grep to the right file, then all has become well in the universe.
Thanks again.
Try starting with the simple grep command, then add each command with its pipe
On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote:
> I just ran freshclam again and instead of downloading viruses.db and
> then giving me a checksum error it now claims:
> Connected to clamav.elektrapro.com.
> Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote se
On Friday 26 March 2004 8:44 pm, Craig Daters wrote:
> >Craig Daters wrote:
> >> Let me preface this by stating that I am a newbie with using the
> >> commands below, I have only ever used grep to locate simple things, I
> >> have not used any of the others...
> >>
> >> So how come when I ente
Looks like my previous posting on this topic didn't make it to the list...
-- Forwarded Message --
Subject: Re: [Clamav-users] Re: Application to generate CLAMAV report
Date: Fri, 26 Mar 2004 19:28:14 +
From: Antony Stone <[EMAIL PROTECTED]>
On Friday
Trog wrote:
On Fri, 2004-03-26 at 17:03, Joe Maimon wrote:
# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT:
Increase the
# timeout instead of disabling it.
ThreadTimeout 600
Still happening.
On Fri, 26 Mar 2004, Joe Maimon wrote:
> Nigel Horne wrote:
> >The evidence points to incoming connections taking a long time (minutes) to send
> >the first
> >line of header after establishing a connection.so clamd gives up waiting.
> >Increasing clamd's timeout
> >will help. I have seen
On Fri, 26 Mar 2004 at 16:21:10 +, Roger Fishwick wrote:
> I've check the archive at length but I don't think any of the other posts
> are the same problem.
> the error is freshclam wont, error in log is:
> ClamAV update process started at Fri Mar 26 15:01:37 2004
> ERROR: Maximal time (
Craig Daters wrote:
Okay, I discovered that all of the logging is being done in
/var/log/maillog as opposed to /var/log/messages, and once I pointed
grep to the right file, then all has become well in the universe.
I wouldn't have dared posting about that. ;-)
/Peter Bonivart
--Unix lovers do
At 01:11 PM 3/26/2004, you wrote:
On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote:
> I just ran freshclam again and instead of downloading viruses.db and
> then giving me a checksum error it now claims:
> Connected to clamav.elektrapro.com.
> Reading md5 sum (viruses.md5): ERROR
I am getting messages rejected. I've been getting a few notifications that
messages are not arriving. I get the following messages in my mail log.
Note: "sender", "recipient", "myserver" and "mydomain.com.au" are
Mar 26 22:59:40 myserver sm-mta[9106]: i2QBvPA0009106:
from=<[EMAIL PR
On Mar 26, 2004, at 2:35 PM, Trog wrote:
On Fri, 2004-03-26 at 18:35, Bart Silverstrim wrote:
Hmm...when I just tested it (postfix, clamav, amavisd-new) tests 8,
24, and 25 got through. Am I missing something in my config?
How worried should I be about those viruses getting through? :-/
Some people complained that ClamAV is not a 'vulnerability/exploit'
but a virus scanner. This makes sense (and helps to avoid code bloat),
but if
After blocking 'com' extension i absorved that many of viruses from
testvirus.org had 'com' extension!!
Better i block the 'com'
72 matches
Mail list logo