Tomasz Papszun wrote:
> On Mon, 26 Jul 2004 at 17:28:21 +0100, Mike Brodbelt wrote:
> The update was on its way. Then:
> $ clamscan -m 11582.
> 11582.: Worm.Mydoom.M FOUND
> (11582. is the file submitted by you).
>
> We got very many samples of this and - working in the hurry - we
> had no time t
On Tue, 2004-07-27 at 10:05, Mike Brodbelt wrote:
> I'm glad to hear it's sorted - I thought that was likely, but the tone
> of the message was worrying. Can I be a pedant and suggest you change
> the auto-response systems to give a reject reason like duplicate
> submission or something.
>
The s
I found an already older virusmail (February this year) which was
recognised by inocucmd
and tried to feed it to clamav (0.75. main.cvd 24, daily.cvd 423). It
didn't recognise it (I used the --mbox option).
However when I tried to submit it, the page came back saying that it
already is recogni
Hi,
I have successfully got ClamAV working after configuring/tweaking everything
necessary and it works fine (so far).
However, I've changed my mind regarding some settings for virus interception
in e-mails and would like some help on the settings in
/usr/local/etc/procmailrc. At the moment, all
On Mon, 2004-07-26 at 21:59, John Madden wrote:
> > Could we perhaps stop adding features for a few days and get a stable
> > release out? It would really help.
>
> I'd like to second that. Those of us depending on clamav to catch stuff
> can't afford to upgrade in the middle of the day for new
< # clamscan --mbox virus-20030403-121256-27560
Forward a copy of the email to me and I'll look into it.
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday, 27.07.2004 at 11:32 +0100, Suril Patel wrote:
> [...] I presume the detection is in the logs but I'd like the message
> not to be delivered to me, while the sender gets a message saying
> "your message was failed due to virus etc. etc." O
Suril Patel wrote:
I have successfully got ClamAV working after configuring/tweaking everything
necessary and it works fine (so far).
However, I've changed my mind regarding some settings for virus interception
in e-mails and would like some help on the settings in
/usr/local/etc/procmailrc. At the
Dave Ewart wrote the following on 07/27/2004 02:47 PM :
Don't notify the sender.
You'll just be generating unnecessary mail. In the case of most
virus-generated emails, which are the ones you are going to be
detecting, the sender address will be faked. Therefore, any
notification would go to the
I have not submitted any virii (correct word?) before, so please bear with me.
I always run latest stable, currently 0.75 and have not had any virus issues
up until now. I am seeing a high number of mails in the below format hitting
our mail servers.
>Dear user <[EMAIL PROTECTED]>,
>Your e-mail
Rob W wrote:
> Hi
>
> I have a couple of question that I hope you can help me with.
>
> Are there going to be released official patches or a new release to
> correct the issues that have been mentioned on this list? I wanted to
> update but this issue have kept me back. I don't want to use the
>
Albert,
On Tue, 2004-07-27 at 06:15, Albert Pauw wrote:
> However when I tried to submit it, the page came back
> saying that it already is recognised.
We had to move the submission interface to another server (one of mine)
and in the process, the interface was broken. This was resolved
yesterda
On Mon, 26 Jul 2004 15:28:07 -0700 (PDT), "Âhris" mckeever
<[EMAIL PROTECTED]> wrote:
> --- ïhris mckeever <[EMAIL PROTECTED]> wrote:
> > I get this when running qmail-scanner 1.22 and
> > clamscan .75 -
> > command line clamscan works fine, same cl
> > arguements...
> >
> > I have upgraded to .75,
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
> with a zip file attached containing a pif file.
>
> I submitted the zip file only to have the message returned to me advising that
> it is not a virus, but "Binary fragment. Harmless."
>
If you unpack it and look at the actual content of the att
Hi.
Before you do, I've been told by Tomasz Papszun that there are signatures
that won't work for anything other than CVS... so you'd have to try building
a CVS version to make it work.
I suggested changes to allow us users to know this info when we do an upload
to the webform, but haven't had re
--- Steve Lenti <[EMAIL PROTECTED]> wrote:
> On Mon, 26 Jul 2004 15:28:07 -0700 (PDT), "©hris"
> mckeever
> <[EMAIL PROTECTED]> wrote:
> > --- �hris mckeever <[EMAIL PROTECTED]> wrote:
> > > I get this when running qmail-scanner 1.22 and
> > > clamscan .75 -
> > > command line clamscan works fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Trog wanted us to know:
>> > Could we perhaps stop adding features for a few days and get a stable
>> > release out? It would really help.
>> I'd like to second that. Those of us depending on clamav to catch stuff
>> can't afford to upgrade in the m
Scott Ryan wrote:
I have not submitted any virii (correct word?) before, so please bear with me.
I always run latest stable, currently 0.75 and have not had any virus issues
up until now. I am seeing a high number of mails in the below format hitting
our mail servers.
Dear user <[EMAIL PROTECTE
On Monday 26 July 2004 05:28 pm, ©hris mckeever wrote:
> > 08a702a225a402a3/viruses.db).
> > LibClamAV Error: cli_calloc(): Can't allocate memory
> > (8 bytes).
> 1 - anyone have an idea why clamscan itself would
> die??
It can't allocate memory. Please refer to the qmail-scanner FAQ as this is
Mitch (WebCob) wrote:
> Hi.
>
> Before you do, I've been told by Tomasz Papszun that there are signatures
> that won't work for anything other than CVS... so you'd have to try building
> a CVS version to make it work.
I've updated my install to the latest CVS snapshot after finding that it
wasn't
I'd be willing to hack the code to add the information mentioned the other
day - care to share the base script (off list is fine by me).
I'd like to make it a little more informative what was found and how it was
found etc.
thanks
m/
> -Original Message-
> From: [EMAIL PROTECTED]
> [mai
> >
> > I'd like to second that. Those of us depending on clamav to catch
> > stuff can't afford to upgrade in the middle of the day for new
> > signatures to work.
>
> Why not? If you say "because it's a production system and it needs to be
> tested", then that is a business decision to accept
On Tue, 27 Jul 2004 15:26:30 +, Scott Ryan <[EMAIL PROTECTED]>
wrote:
>I have not submitted any virii (correct word?) before, so please bear with me.
>I always run latest stable, currently 0.75 and have not had any virus issues
>up until now. I am seeing a high number of mails in the below fo
On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
> I have not submitted any virii (correct word?)
viruses
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin root# clamscan --version
clamscan / ClamAV versio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Todd Lyons wrote:
| Perhaps a daily CVS snapshot (or whatever
| frequency you deem useful but not overloading) made by you would be a
| good solution. Then we could establish functionality based on date and
| it would be quite easy to move forward or b
On July 27, 2004 10:54 am, Jona Tallieu wrote:
> Just upgraded to 0.75 on OSX 10.3.
> When checking CLAMAV version to be sure the upgrade was ok I get:
> mail:/usr/local/bin root# ./clamscan --version
> clamscan / ClamAV version 0.75
> But when I forgot the ./, I get this:
> mail:/usr/local/bin r
Quoting Mike Brodbelt <[EMAIL PROTECTED]>:
Mitch (WebCob) wrote:
Hi.
Before you do, I've been told by Tomasz Papszun that there are signatures
that won't work for anything other than CVS... so you'd have to try building
a CVS version to make it work.
I've updated my install to the latest CVS snapsh
Jona Tallieu wrote:
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin root# clamscan --version
clamscan
On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
> On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
> > I have not submitted any virii (correct word?)
>
> viruses
Yup.
http://www.topology.org/lang/virus.html
Cheers,
Mike
---
This SF.Net
On Tue, 27 Jul 2004, Jona Tallieu wrote:
> Hi All,
>
> Just upgraded to 0.75 on OSX 10.3.
>
> When checking CLAMAV version to be sure the upgrade was ok I get:
>
> mail:/usr/local/bin root# ./clamscan --version
> clamscan / ClamAV version 0.75
>
> But when I forgot the ./, I get this:
>
> mail:/us
> Hi.
>
> Before you do, I've been told by Tomasz Papszun that there are signatures
> that won't work for anything other than CVS... so you'd have to
> try building
> a CVS version to make it work.
>
> I suggested changes to allow us users to know this info when we
> do an upload
> to the webform,
Quoting Jona Tallieu <[EMAIL PROTECTED]>:
Hi All,
Just upgraded to 0.75 on OSX 10.3.
When checking CLAMAV version to be sure the upgrade was ok I get:
mail:/usr/local/bin root# ./clamscan --version
clamscan / ClamAV version 0.75
But when I forgot the ./, I get this:
mail:/usr/local/bin root# clamsc
On Tue, 2004-07-27 at 14:06 -0400, Jim Maul wrote:
> Am I the only one here whos existing installation is catching MyDoom.M?
>
> [EMAIL PROTECTED] clamav]# grep -i mydoom /var/log/clamav/clamd.log
> Tue Jul 27 13:32:23 2004 ->
> /var/spool/qmailscan/tmp/external.elih.org109094954247931544/attachm
I have an email attachment that uvscan is detecting as:
(When zipped)
Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text)
Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as:
(When unzipped using password in email text)
gyad
>Quoting Jona Tallieu <[EMAIL PROTECTED]>:
>
>> Hi All,
>>
>> Just upgraded to 0.75 on OSX 10.3.
>>
>> When checking CLAMAV version to be sure the upgrade was ok I get:
>>
>> mail:/usr/local/bin root# ./clamscan --version
>> clamscan / ClamAV version 0.75
>>
>> But when I forgot the ./, I get this:
zbuckholz wrote:
I have an email attachment that uvscan is detecting as:
(When zipped)
Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text)
Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as:
(When unzipped using password in email text)
gyadu.exe: Wor
On Tuesday 27 July 2004 6:54 pm, Jona Tallieu wrote:
> Hi All,
>
> Just upgraded to 0.75 on OSX 10.3.
>
> When checking CLAMAV version to be sure the upgrade was ok I get:
>
> mail:/usr/local/bin root# ./clamscan --version
> clamscan / ClamAV version 0.75
>
> But when I forgot the ./, I get this:
Quoting [EMAIL PROTECTED]:
On Tue, 27 Jul 2004 14:06:14 -0400
Jim Maul <[EMAIL PROTECTED]> wrote:
Am I the only one here whos existing installation is catching MyDoom.M?
[EMAIL PROTECTED] clamav]# grep -i mydoom /var/log/clamav/clamd.log
Tue Jul 27 13:32:23 2004 ->
/var/spool/qmailscan/tmp/external
On Tue, 27 Jul 2004 14:06:14 -0400
Jim Maul <[EMAIL PROTECTED]> wrote:
Am I the only one here whos existing installation is
catching MyDoom.M?
[EMAIL PROTECTED] clamav]# grep -i mydoom
/var/log/clamav/clamd.log
Tue Jul 27 13:32:23 2004 ->
/var/spool/qmailscan/tmp/external.elih.org1090949542479315
On Tue, 27 Jul 2004 12:48:55 -0700
"zbuckholz" <[EMAIL PROTECTED]> wrote:
> My basic question is why will clamscan not detect this Bagle , and if
I'm sure your version is older than 0.70.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gp
On Tue, 2004-07-27 at 21:17 +0100, Antony Stone wrote:
> On Tuesday 27 July 2004 6:54 pm, Jona Tallieu wrote:
>
> > Hi All,
> >
> > Just upgraded to 0.75 on OSX 10.3.
> >
> > When checking CLAMAV version to be sure the upgrade was ok I get:
> >
> > mail:/usr/local/bin root# ./clamscan --version
>
On Tue, 2004-07-27 at 12:54, Jona Tallieu wrote:
> Just upgraded to 0.75 on OSX 10.3.
> But when I forgot the ./, I get this:
> mail:/usr/local/bin root# clamscan --version
> clamscan / ClamAV version 0.70
You probably have 0.70 installed in /usr/local/bin and 0.75 in /usr/bin
Yo need to remove a
I just took your suggestion and tried it and it still does not detect the
virus. I have the original text email that I scan like follows:
./clamscan sample.txt
This is a copy of the atomic-time-stamp type file in the Maildir
I do not know the format of the cvd files, I assume I would need to find
The new [EMAIL PROTECTED] zipped versions are getting through my
clamav/amavisd-new/spamassassin box.
It is stopping and dropping zipped versions of Bagle, but no luck with
zipped versions of mydoom.M
Any one else expereincing this?
Also does anyone know when the .75 release will be avialable
zbuckholz wrote:
I just took your suggestion and tried it and it still does not detect the
virus. I have the original text email that I scan like follows:
./clamscan sample.txt
This is a copy of the atomic-time-stamp type file in the Maildir
I do not know the format of the cvd files, I assume I w
On Tue, 27 Jul 2004 16:18:54 -0400
Ryan Moore <[EMAIL PROTECTED]> wrote:
> Clamav needs the original rfc822 message text to detect it as a
> password protected virus I think. If you're trying to scan the
No, it doesn't. The Worm.Bagle.Gen-zippwd signature should catch the raw
zip file.
--
oo
Thank you - I have an old install that's being picked up in my path.
$ clamscan --version
clamscan / ClamAV version 0.60
$ /home/clamav/bin/clamscan --version
clamscan / ClamAV version 0.74
$ /home/clamav/bin/clamscan /tmp/cur/MoreInfo.zip
/tmp/cur/MoreInfo.zip: Worm.Bagle.Gen-zippwd FOUND
Hi,
On Tue, Jul 27, 2004 at 02:35:56PM -0700, zbuckholz wrote:
> I just took your suggestion and tried it and it still does not detect the
> virus. I have the original text email that I scan like follows:
> ./clamscan sample.txt
> This is a copy of the atomic-time-stamp type file in the Maildir
> Hi,
>
> Good question, ok at the moment my firewall is also acting as router
> where we share internet access.
>
> At the moment I had set up my mail server with clamav and it's working
> fine.
>
> Now the big problem that I have is that some of my users are downloading
> some stuff from inter
> On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
> > On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
> > > I have not submitted any virii (correct word?)
> >
> > viruses
>
> Yup.
>
> http://www.topology.org/lang/virus.html
>
> Cheers,
>
> Mike
I know this is going wildly off topic, but
On Tue, Jul 27, 2004 at 02:48:21PM -0700, Jim said:
> The new [EMAIL PROTECTED] zipped versions are getting through my
> clamav/amavisd-new/spamassassin box.
>
> It is stopping and dropping zipped versions of Bagle, but no luck with
> zipped versions of mydoom.M
>
> Any one else expereincing th
- Original Message -
From: "Matt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 5:52 PM
Subject: Re: [Clamav-users] My.Doom.o
> > On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
> > > On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
> > > > I have not submitted
Before I download clamAV, could someone tell me if it is possible to
call clamd from an email client using a "pipe to shell command" filter?
I want to us it in conjunction with the Ximian Evolution email client in
conjunction with spamassassin.
Lee
--
L. Parker
chief cook, bottle washer and some
Hello List,
Is it normal for clamd mem usage to grow? I'm using 0.75 on this box.
29238 qscand15 0 50452 45M 436 S 0.4 2.2 83:55 1 clamd
There are occasions where it grows more than 100mb - so I had to install
monit to make sure it'll trigger a restart once it exceeds 100mb.
I ha
Running clamav-0.75 on FreeBSD 5.2.1, compiled from source. Everything runs
fine, except when I try "clamd stop/start" or "clamd restart". I get the
error:
Wed Jul 28 00:56:48 2004 -> +++ Started at Wed Jul 28 00:56:48 2004
Wed Jul 28 00:56:48 2004 -> clamd daemon 0.75 (OS: freebsd5.2.1, ARCH:
when you specify the "./" it means "here"
when you leave it off, you're selecting the one in the default path ... and it looks
like you've got an older version lying around.
try:
% which clamscan
odds are the result is NOT in /usr/local/bin
richard
-- On Tuesday, July 27, 2004 7:54 PM +0200 Jona
is clamd running as a user that has permission for the /var/run?
if not, rather than messing /var/run up, try pointing at a 'dedicated' /tmp/clamd
instead, with permissions for that user/group ...
richard
-- On Wednesday, July 28, 2004 1:31 AM -0400 Darton Williams <[EMAIL PROTECTED]>
wrote:
Ru
On Tue, 27 Jul 2004 19:54:44 +0200 in [EMAIL PROTECTED]
"Jona Tallieu" <[EMAIL PROTECTED]> wrote:
> Is this normal (difference in version)?
No, it seems you have an old clamscan in your path. You'll need to
replace the old files with the new.
--
Brian Morrison
bdm at fenrir dot org dot uk
G
On Tue, 27 Jul 2004, Matt wrote:
> > On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote:
> > > On Tue, 2004-07-27 at 16:26, Scott Ryan wrote:
> > > > I have not submitted any virii (correct word?)
> > >
> > > viruses
> >
> > Yup.
> >
> > http://www.topology.org/lang/virus.html
> >
> > Cheers,
> >
> >
I had to install a similar monitor with 0.74 this past weekend. I had
several episodes of clamd eating all memory, and dying on its own
once. I then upgraded to 0.75, and the process has held steady
between 30 and 40 MB (Solaris) since. I still have the memory monitor
running.
On Wed, 28 Jul
61 matches
Mail list logo
