Re: [Clamav-users] Spam/Virus stats using mrtg

Hi On Fri, 02 Apr 2004 20:47:34 -0500 Rick Macdougall <[EMAIL PROTECTED]> wrote: > Or see http://mail.limelyte.net/admin/qsla/ Is it your script? Can I download this script? -- Korchmenuk Nickolay 07 Apr 2004 10:11:55 --- This SF.Net email is

Re: [Clamav-users] compiling clamav 0.68

Pad Hosmane schrieb: Hi, I am compiling clamav 0.68 on HP-UX 11.00. I am getting following error during make. I am using GCC 3.0.1. ++ gcc -g -O2 -o clamscan clamscan.o options.o getopt.o others.o manager.o t

Re: [Clamav-users] Virus Names

I'm behind the Clam team in that they focus on getting sigs out before worrying about the name. I don't know if this is a technical limitation of the virus db's (and not sure if this has been mentioned previously, sorry) but what's to stop the name of the virus being changed in the virus db onc

Re: [Clamav-users] Virus Names

At 22:12 06-04-2004 +0200, you wrote: Diego d'Ambra wrote: And that is what we'll (try to) do in the future (if a common name has been established). But that would break statistics. I don't mind if the name is different as long as it can be cross-referenced. Someone was working on a web site with

RE: [Clamav-users] Supervised Clamd

> -Original Message- > From: Jeff Bilder [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 06, 2004 9:42 PM > To: [EMAIL PROTECTED] > Subject: [Clamav-users] Supervised Clamd > > > > Has anyone gotten Clamd to run with daemontools? I have a > clamd running supervised, but the log fil

Re: [Clamav-users] rarlib question

On Tue, 30 Mar 2004 21:28:18 +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Tue, 30 Mar 2004 15:00:50 +0300 > Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote: > > > On Tue, 30 Mar 2004 15:43:24 +0500 > > Sergey <[EMAIL PROTECTED]> wrote: > > > > > And more: > > > "Due to security reasons clamd

Re: [Clamav-users] Virus Names

On Apr 6, 2004, at 3:23 PM, Diego d'Ambra wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:clamav-users- [EMAIL PROTECTED] On Behalf Of jef moskot Sent: 6. april 2004 19:08 To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Virus Names On Tue, 6 Apr 2004, Eric Rostetter wrote: If n

Re: [Clamav-users] Virus Names

On Apr 6, 2004, at 4:31 PM, Eric Rostetter wrote: Quoting jef moskot <[EMAIL PROTECTED]>: On Tue, 6 Apr 2004, Eric Rostetter wrote: But changing the name after the fact would just confuse people more. I completely disagree. Hardcore Clam users are more likely to understand the reality of the si

Re: [Clamav-users] Virus Names

Eric Rostetter at 2004-04-06 15:37 from [EMAIL PROTECTED] wrote: >But changing the name after the fact would just confuse people >more. We can't go merrily along for a week or so until the AV people or >the media -- and often it is the media who decide -- come up with the most >popular name, and

RE: [Clamav-users] compiling clamav 0.68

> Hi, > I am compiling clamav 0.68 on HP-UX 11.00. I am getting following > error during make. > I am using GCC 3.0.1. > > > ++ > gcc -g -O2 -o clamscan clamscan.o options.o getopt.o others.o manager.o > treew

RE: [Clamav-users] Virus Names

Stuart Mycock Sent: Wednesday, April 07, 2004 4:24 AM > I'd prefer to adopt the approach of letting the Clam team get a def out > with any name they want and have a non-developer publish basic virus > info on an area of the Clam site, and on that page you'd just have the > blurb on "SomeFool.Q"

Re: [Clamav-users] Question on SomeFool Virus

On Tue, Apr 06, 2004 at 11:15:15AM +0100, Antony Stone wrote : > Sound like it's working then :) > > > Should I submit this? or just be thankful or both? > > No point submitting a virus which ClamAV already detects :) Be thankful the > team did a better job than Sophos & McAfee again. > > Reg

RE: [Clamav-users] compiling clamav 0.68

> Hi, > I am compiling clamav 0.68 on HP-UX 11.00. I am getting following > error during make. > I am using GCC 3.0.1. > > > ++ > gcc -g -O2 -o clamscan clamscan.o options.o getopt.o others.o manager.o > treew

[Clamav-users] Re: Some viruses go through

Here is a mail going through ClamAV undetected: http://www.geocities.com/viggiani/av-inet1.txt If I scan it also using www.antivirus.com (Trend) online scan, it is detected as WORM.NETSKY.P (Layer2 message.scr) Mimmus "Antony Stone" <[EMAIL PROTECTED]> ha scritto nel messaggio news:[EMAIL PROT

RE: [Clamav-users] Virus Names

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of B. van > Ouwerkerk > Sent: Wednesday, April 07, 2004 2:00 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Virus Names > > > I don't fancy the idea of doing the same job someone else does > but I co

Re: [Clamav-users] Re: Some viruses go through

On Wed, 07 Apr 2004 at 18:25:25 +0200, Mimmus wrote: > Here is a mail going through ClamAV undetected: > http://www.geocities.com/viggiani/... > > If I scan it also using www.antivirus.com (Trend) online scan, it is > detected as WORM.NETSKY.P (Layer2 message.scr) > $ clamscan -m av-inet1.txt

RE: [Clamav-users] Supervised Clamd

>As you can see the multilog file is there, with zero size. The service is >running, but not doing a thing! >[EMAIL PROTECTED] init.d]# service clamdctl stat >/service/clamd: up (pid 1258) 265702 seconds >/service/clamd/log: up (pid 1259) 265702 seconds > >in your case, your clamdctl script must be

[Clamav-users] Behaviour of "StreamMaxLength"

I am not sure I understand "StreamMaxLength".   I am using clamav-milter (sendmail) and I've set "StreamMaxLength 10M".   My understanding is that It causes a disconnect to clamav-milter when the stream to be scanned gets larger that 10M. The trouble is apparently sendmail keeps retrying to

Re: [Clamav-users] Spam/Virus stats using mrtg

I, too, would like these scripts if at all possible. thx, Howie. >From: Korchmenuk Nickolay <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Re: [Clamav-users] Spam/Virus stats using mrtg >Date: Wed, 7 Apr 2004 10:13:10 +0300 >MIME-Version: 1.0 >Received: f

[Clamav-users] Netsky P not being blocked, using 0.70-rc

Do I have to use a CVS version to get this one to be detected? Sophos detects it fine on this machine. -Jeff --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenT

[Clamav-users] Anyone know where I can find deb's of .70rc

I am using debian testing and althought clam is apt-get able it is .67 and I really want to use .70rc with the OLE option but I before to not have to compile. Has anyone made a build yet? Thanks Robert

[Clamav-users] False positives

How/Where do I report false positives? Kevin W. Gagel Network Administrator (250) 561-5848 local 448 (250) 562-2131 local 448 -- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done o

Re: [Clamav-users] Netsky P not being blocked, using 0.70-rc

On Wednesday 07 April 2004 7:59 pm, Jeff Ramsey wrote: > Do I have to use a CVS version to get this one to be detected? Sophos > detects it fine on this machine. No. I'm picking up Worm.SomeFool.P (aka Worm/NetSky.P according to Antivir, W32/[EMAIL PROTECTED] according to F-Prot, W32/[EMAIL PRO

Re: [Clamav-users] Re: Some viruses go through

tem. i had installed devel-20040320, it didn't detect it. I installed latest snapshot (20040407). Now it does detect it, but i'm having problems with a few emails that were correctly detected in the past... I'll send a couple of them to

Re: [Clamav-users] Question on SomeFool Virus

On Wed, 7 Apr 2004, Denis De Messemacker wrote: > > However, i do not agree completely with you. I think that every variant > of a virus should have a signature in the database, even if it is > already detected by some generic signature. > > Why ? Because if we have to remove the generic signature

Re: [Clamav-users] False positives

On Wed, 7 Apr 2004, Kevin W. Gagel wrote: > How/Where do I report false positives? Same place you submit uncaught viruses: http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi Be sure to check the "false positive" box. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urban

Re: [Clamav-users] False positives

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Kevin W. Gagel. On 07.04.2004 23:12 you said the following: | How/Where do I report false positives? | | | Kevin W. Gagel | Network Administrator | (250) 561-5848 local 448 | (250) 562-2131 local 448 http://www.nervous.it

Re: [Clamav-users] False positives

- Original Message Follows - From: Damian Menscher <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] False positives Date: Wed, 7 Apr 2004 14:53:47 -0500 (CDT) > > On Wed, 7 Apr 2004, Kevin W. Gagel wrote: > > > How/Where do I report false positives? > > Same place yo

Re: [Clamav-users] False positives

On Wed, 07 Apr 2004 at 12:12:25 -0700, Kevin W. Gagel wrote: > How/Where do I report false positives? > Like other samples - at http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi Don't forget to select the "A false positive" option. Give as many details as possible. -- Tomasz Papszun SysAd

Re: [Clamav-users] Anyone know where I can find deb's of .70rc

robert wrote: I am using debian testing and althought clam is apt-get able it is .67 and I really want to use .70rc with the OLE option but I before to not have to compile. Has anyone made a build yet? Binary build of latest daily CVS snapshot is usually available on http://clamav.or.id. It's

Re: [Clamav-users] False positives

Kevin W. Gagel wrote: How/Where do I report false positives? The usual http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi or follow the link from www.clamav.net. There's a flag for false-positive there. Regards, Fajar -- Don't use GIF. Use PNG instead http://www.gnu.org/philosophy/gif.html

[Clamav-users] Clamd protocol

Hi! I'm about to include clamavis support in our very simple mail scanner. My first idea was to use libclamav for that, however my filter will be integrated with our mail server in the way that it will be spawned for each mail. For obvious performance reason I'd like to use clamd, but I've fo

Re: [Clamav-users] Behaviour of "StreamMaxLength"

On Wednesday 07 Apr 2004 7:41 pm, Andrew Chan wrote: > I am not sure I understand "StreamMaxLength". > > I am using clamav-milter (sendmail) and I've set "StreamMaxLength 10M". 1) What version of clamd (clamscan -V) 2) What version of clamav-milter (clamav-milter --version) 3) Do you have LogSysLo

Re: [Clamav-users] False positives

> > > How/Where do I report false positives? it's a faq :) > > Same place you submit uncaught viruses: > I tried this and got this error message: > File is valid, and was successfully uploaded. You uploaded more than 500 kbytes. > This looks wrong. Exiting. Send it to virus _at_ clamav.net (e

[Clamav-users] Just installed

I have just installed Clamav with exiscan. How do I know when Clamav has found (or rejected) a virus? Ian Armstrong // /-/ [EMAIL PROTECTED] / /http://www.expressmail.dk / / Brøndshøj 14, Rønne, 3700, B

Re: [Clamav-users] Just installed

On Thursday 08 April 2004 4:16 am, Ian Armstrong wrote: > I have just installed Clamav with exiscan. How do I know when Clamav has > found (or rejected) a virus? You could try sending yourself a test virus and see what happens? http://www.eicar.org/anti_virus_test_file.htm Regards, Antony. --

Re: [Clamav-users] Just installed

you can check  your  clamd.log where ever you put that :P or you can use something like warn log_message = {VIRUS?} Found, logged and discarding. discard message = something to say..    malware = * discard is better than deny i think since deny bounces it.. and who wants even mo

Re: [Clamav-users] Clamd protocol

On Wed, 7 Apr 2004 01:57:23 +0200 Przemyslaw Wegrzyn <[EMAIL PROTECTED]> wrote: > Hi! > > I'm about to include clamavis support in our very simple mail scanner. > My first idea was to use libclamav for that, however my filter will be > > integrated with our mail server in the way that it will be

Re: [Clamav-users] Anyone know where I can find deb's of .70rc

On Wed, Apr 07, 2004 at 01:59:41PM -0500, robert said: > I am using debian testing and althought clam is apt-get able it is .67 > and I really want to use .70rc with the OLE option but I before to not > have to compile. Has anyone made a build yet? http://www.lobefin.net/~steve/debian.html is a w

Re: [Clamav-users] Behaviour of "StreamMaxLength"

1, 2) Both clamd and clamav-milter are built from 0.70RC (stock built from Petr Kristof's RedHat SPEC file). 3) No I don't, I will. I am seeing the following in clamd.log: WARNING: ScanStream: Size exceeded (stopped at 10461493, max: 10485760) and this in /var/log/messages: clamav-milter: Clam

[Clamav-users] Violation of the GPL ?

Hello to all members of this list. I was wondering if a company has the right to distribute a scanner they probably coded, which uses the ClamAV virus signatures database, and provide this package for free - as in free beer - but not under the GPL, without source code, and even more, with a home-m

Re: [Clamav-users] Re: Some viruses go through

; > > >So it _is_ detected. > > > >I'd bet: you've got old version or misconfigured system. > > > > > > > i had installed devel-20040320, it didn't detect it. I installed latest > snapshot (20040407). Now it does detect it, but i

[Clamav-users] Re: Virus Names

Hanford, Seth wrote: [...] > Our search really only needs to be one-way, to keep it in scope. There's > no > need to support searching everyone else's names, only Clam's. Everyone's > talking about NetSky? If you're not receiving SomeFool, then why do you > care? If you are, look up SomeFool.

Re: [Clamav-users] Re: Some viruses go through

"451 - try again later" i use clamav-milter with --dont-scan-on-error --- maybe here is the problem. I've upgraded our ClamAV installation to "clamd / ClamAV version devel-20040407, clamav-milter version 0.70g" and we no longer get the 451 error. I did have some issu

[Clamav-users] Trouble compiling clamav-latest..

Hi there - I seem to have much trouble compiling last night's snapshot. I checked, and I have automake 1.8 installed, and yet I get this complaint during make : (...) creating sigtool make[2]: Leaving directory `/export/home/turgut/sunos/clamav-devel-20040407/sigtool' Making all i

Re: [Clamav-users] Violation of the GPL ?

On Wednesday, April 07, 2004 10:34 PM [EST], Guillermito <[EMAIL PROTECTED]> wrote: > Hello to all members of this list. > > I was wondering if a company has the right to distribute a scanner > they probably coded, which uses the ClamAV virus signatures database, > and provide this package for fre