PATCH for Re: [Clamav-users] clamav-milter and netzero

On Sun, 5 Jun 2005, Damian Menscher wrote: Assuming the problem really is due to not using a FQDN, this might still be worth fixing in clamav-milter, since it can affect others (even those with proper setups) as well. Here is the offending code: ptr = strstr(privdata->from, me); if(pt

Re: [Clamav-users] Re: undetected malwares

On Jun 6, 2005, at 10:34 AM, Michel Arboi wrote: On 06/06/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: You're distributing malware, so you're bad. Clamav does not even catch half of the worms that are currently in the wild. Most of them are dangerous IRC bots. I was about to ask how I can hel

Re: [Clamav-users] Re: undetected malwares

On Jun 6, 2005, at 11:22 AM, Matt Fretwell wrote: Michel Arboi wrote: You're distributing malware, so you're bad. Clamav does not even catch half of the worms that are currently in the wild. Most of them are dangerous IRC bots. I was about to ask how I can help the project. I will not. I th

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

On Jun 6, 2005, at 11:56 AM, Niek wrote: On 6/6/2005 5:54 PM +0200, Kevin W. Gagel wrote: Tomasz, The best defence against such childish behaviour is to consider the source and not bother to respond. You're above such childish behaviour, the child is not. Don't bother responding to it... I

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

On Jun 6, 2005, at 12:10 PM, Kevin W. Gagel wrote: On 6/6/2005 5:54 PM +0200, Kevin W. Gagel wrote: Tomasz, The best defence against such childish behaviour is to consider the source and not bother to respond. You're above such childish behaviour, the child is not. Don't bother responding to

Re: [Clamav-users] Re: undetected malwares

Bart Silverstrim wrote: > > The devel's time is not infinite. I am sure most of them do have > > other jobs and things to do also. Do stop trolling and just ask them > > how to submit the virii :) ( No use being of a subtle disposition on > > this list :) > I also would disagree that he was t

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

Bart Silverstrim wrote: > If he already did and hadn't gotten feedback, maybe there could be some > people who would coordinate some form of feedback system on whether a > sample is in the works or in the queue or something like that or an > automated sig-maker system could be worked on as a proje

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

On Jun 6, 2005, at 12:26 PM, Tomasz Kojm wrote: On Mon, 6 Jun 2005 17:51:35 +0200 Julian Mehnle <[EMAIL PROTECTED]> wrote: Tomasz Kojm wrote: Michel Arboi wrote: I was about to ask how I can help the project. I will not. I think that you don't need "bad" people. Good bye. You're a troll.

Re: [Clamav-users] clamav-milter and netzero

On Mon, 6 Jun 2005, Damian Menscher wrote: I won't say what's correct or incorrect, because what's correct in Slack Let me just re-state this part :-) Here is code for that. Mind checking it on Slackware? Assuming it works It works Jason -- Jason Englander <[EMAIL PROTECTED]> 394F 7E

Re: [Clamav-users] Arrogance toward well-meaning participants

On Jun 6, 2005, at 1:23 PM, Matt Fretwell wrote: Timo Schoeler wrote: What can certainly be observed on this mailing list is a tendency to attack and reproach the developers. IMHO this is misunderstood then. most of the cases some people ask why this or that is managed in this or that way a

Re: [Clamav-users] Re: undetected malwares

Dear subscribers, the policy of the mailing list has been updated to: - - - DO NOT SEND VIRUS SAMPLES HERE!!! NOT EVEN LINKS TO VIRUSES!!! Send them through our web interface at http://www.clamav.net/sendvirus.html Rules: - Read the FAQ (http://www.clamav.net/faq.html) before posting - Search

Re: [Clamav-users] 0.85.1 milter crashing alot

On Jun 6, 2005, at 9:49 PM, Carl Thompson wrote: I've had lots of problems with clamav-milter (running inet or .sock) crashing. I know that .82 didn't have issues like this and I would like to track them down and post any results I can find to possibly help the developers. Is there any spe

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

Hello Bart Silverstrim, > to be taken seriously. If there's another way to get things submitted, > tell him. If he already did and hadn't gotten feedback, maybe there > could be some people who would coordinate some form of feedback system > on whether a sample is in the works or in the que

Re: [Clamav-users] Arrogance toward well-meaning participants

Bart Silverstrim wrote: It was. It was an insult. I think it is understandable given that to me it was provoked, and not necessarily aimed personally at you but instead to all on the list that were giving a virtual flick-off. As an observer the response he got wasn't really well deserved

Re: [Clamav-users] Submissions (was Arrogance toward well-meaning participants (was: undetected malwares))

On Tue, 2005-06-07 at 15:28 +0200, Luca Gibelli wrote: > > Just for the records, last week we received 3484 samples and last month > we received +13k. Holy crap! Out of the +13k, how many (roughly) were legit, worthy, and/or contained usable data? On avergage are you getting good data to work w

Re: [Clamav-users] Re: undetected malwares

On Jun 7, 2005, at 8:56 AM, Matt Fretwell wrote: Bart Silverstrim wrote: The devel's time is not infinite. I am sure most of them do have other jobs and things to do also. Do stop trolling and just ask them how to submit the virii :) ( No use being of a subtle disposition on this list :)

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

> that or an automated sig-maker system could be worked on as a project. cool. -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg _

Re: [Clamav-users] Re: undetected malwares

Bart Silverstrim wrote: > My wife and I just had a newborn baby boy. The first and foremost > thing to learn...tolerance. He cries because it's the only way he can > communicate, it's frustrating because we have to interpret what he > means. But he's a baby and that's what they do! It's the

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

On Jun 7, 2005, at 9:00 AM, Matt Fretwell wrote: Bart Silverstrim wrote: If he already did and hadn't gotten feedback, maybe there could be some people who would coordinate some form of feedback system on whether a sample is in the works or in the queue or something like that or an automated

Re: [Clamav-users] Re: undetected malwares

Bart Silverstrim wrote: > Don't take out frustrations towards persistent idiots on this guy that > made, as you put it, an honest mistake. It makes the entire list and > the developers look rather poor. Just had to say, before I abide to Luca's request and shut up, my first response was actuall

Re: [Clamav-users] Submissions (was Arrogance toward well-meaning participants (was: undetected malwares))

Hello Jim Popovitch, > > Just for the records, last week we received 3484 samples and last month > > we received +13k. > Holy crap! Out of the +13k, how many (roughly) were legit, worthy, > and/or contained usable data? On avergage are you getting good data to > work with? Just curious. we a

Re: [Clamav-users] Re: undetected malwares

On Jun 7, 2005, at 9:46 AM, Matt Fretwell wrote: Bart Silverstrim wrote: My wife and I just had a newborn baby boy. The first and foremost thing to learn...tolerance. He cries because it's the only way he can communicate, it's frustrating because we have to interpret what he means. But he'

Re: [Clamav-users] Submissions (

On Tue, 2005-06-07 at 09:38 -0400, Jim Popovitch wrote: > On Tue, 2005-06-07 at 15:28 +0200, Luca Gibelli wrote: > > > > Just for the records, last week we received 3484 samples and last month > > we received +13k. > > Holy crap! Out of the +13k, how many (roughly) were legit, worthy, > and/or co

Re: [Clamav-users] Re: undetected malwares

Dear subscribers, Please stay in topic, or I'll have to activate emergency moderation. (that's what mailman calls it, it seems appropriate :P) Last warning (and please do not reply with silly messages like "I'm sorry" or "OK"). Best regards -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL

Re: [Clamav-users] Submissions

Daniel J McDonald wrote: > Near the end of April, there were 32936 signatures. There are currently > 34720 signatures, or an increase of 1784. Sounds like it is about 10% > signal / 90% noise. No. A single signature can match multiple instances of malware. In fact, the more instances a signat

Re: [Clamav-users] Easiest setup for ClamAV and procmail

While there is no RPM, Clamassassin was so simple I used it. Thanks for the info. Kelly Marco van den Bovenkamp wrote: Kelly Corbin wrote: I did a lot of searching around but didn't see anything that simple. Is it possible? If not, what's the lightest weight RPMified app to add to do thi

[Clamav-users] Question about clamd commands

Hello everyone. My apologies if this is the gazillionth time that you read this question. In the documentation, it says that clamd accepts commands such as PING, VERSION, etc. Every time I start clamd, it just starts the daemon in the background. If I do "clamd PING", I get a daemon namedcla

Re: [Clamav-users] Question about clamd commands

On Tue, 7 Jun 2005, Ronny Nussbaum wrote: > In the documentation, it says that clamd accepts commands such as PING, > VERSION, etc. > Every time I start clamd, it just starts the daemon in the background. > If I do "clamd PING", I get a daemon namedclamd PING. You send these commands to th

Re: [Clamav-users] Question about clamd commands

Thanks, but I was wondering if there's an easier way to communicate with the already-running process. I'm looking for something that I could do from a shell prompt rather than a script. Thanks -RoNNY On 6/7/05, Christopher X. Candreva <[EMAIL PROTECTED]> wrote: > > On Tue, 7 Jun 2005, Ronny

Re: [Clamav-users] Question about clamd commands

On Tue, 7 Jun 2005, Ronny Nussbaum wrote: > Thanks, but I was wondering if there's an easier way to communicate with the > already-running process. > I'm looking for something that I could do from a shell prompt rather than a > script. Change the program to send whatever command you give it on

Re: [Clamav-users] Question about clamd commands

Chris, I appreciate your help, but I have no idea how to do what you suggested. What do you mean by "Change the program to send whatever command you give it on the command line"? How is it done exactly. Step by step please. Thanks -RoNNY On 6/7/05, Christopher X. Candreva <[EMAIL PROTECTED]>

[Clamav-users] Clamdwatch equiv for clamav-milter?

We're running clamav in the clamav-milter only configuration - is there an equvalent script to clamdwatch out there for the straight milter version? Hm, or maybe we should switch back to using clamd? I switched to the milter several versions back because we were getting bit by the clamd-hanging b

Re: [Clamav-users] Clamdwatch equiv for clamav-milter?

On Tue, 7 Jun 2005, Betsy Schwartz wrote: We're running clamav in the clamav-milter only configuration - is there an equvalent script to clamdwatch out there for the straight milter version? Yes, I wrote clmilter_watch for just that purpose: http://www.itg.uiuc.edu/itg_software/clmilter_wat

Re: [Clamav-users] Question about clamd commands

On Tuesday 07 June 2005 20:11, Ronny Nussbaum wrote: > Chris, > I appreciate your help, but I have no idea how to do what you suggested. > What do you mean by "Change the program to send whatever command you give it > on the command line"? > > How is it done exactly. Step by step please. > Thank

Re: [Clamav-users] Question about clamd commands

Robert Hogan wrote: I don't think it's possible to telnet to a unix socket from the command line... Actually, i believe that with the telnet that comes with freebsd, this is entirely possible. However ive never used any bsd so im really just going on what someone else said. I imagine i

Re: [Clamav-users] Question about clamd commands

At 03:18 PM 6/7/2005, Robert Hogan wrote: by default clamd uses a unix socket, if you edit clamd.conf (man clamd.conf) you can get it to listen on a tcp port. you can then telnet to this port: telnet localhost 1234 and issue your commands... I don't think it's possible to telnet to a unix so

Re: [Clamav-users] Question about clamd commands

Thanks guys. I tried to do this on Fedora (telneting the socket as Noel suggested), and it doesn't work. I simply changed my clamd.conf so that clamd now works as a TCP socket instead. By default is port 3310 on 127.0.0.1 , and then I simply Telnet it, and issued a PING: # tel

Re: [Clamav-users] Question about clamd commands

Ronny Nussbaum top posted and said: > Thanks guys. > I tried to do this on Fedora (telneting the socket as Noel suggested), and > it doesn't work. > I simply changed my clamd.conf so that clamd now works as a TCP socket > instead. > By default is port 3310 on 127.0.0.1 , and then

RE: [Clamav-users] Question about clamd commands

RoNNY wrote: > I simply changed my clamd.conf so that clamd now works as a TCP socket > instead. Be aware there are security benefits to running as a Unix socket. For example, if (God forbid!) a buffer overflow were ever found in clamd, it would be much harder for a hacker to push through clamd

[Clamav-users] Congratulations to 0.85

Hello, in short, i want to gratulate the whole development team, the sigmakers, the packers, all the people submitting and fixing bugs, writing docs, and the ones providing support how to use (lib)clam(d|scan|-milter). why? clamav is great, today clamav beatup my bitdefender by miles. we, the ne

Re: [Clamav-users] Question about clamd commands

Dennis Peterson wrote: > The ClamAV source distribution includes a contrib tree that contains > some perl code that allows you to connect to a Unix socket (or a tcp > socket). With a little bit of coding it would be easy to re-use that to > create an interactive CLI for your daemon. My testing in S

Re: [Clamav-users] Question about clamd commands

Guys. Thank you all. Great help! -RoNNY On 6/7/05, Julian Mehnle <[EMAIL PROTECTED]> wrote: > > Dennis Peterson wrote: > > The ClamAV source distribution includes a contrib tree that contains > > some perl code that allows you to connect to a Unix socket (or a tcp > > socket). With a little bi

Re: [Clamav-users] Question about clamd commands

Julian, Forgive my ignorance, but I only know how to install Perl modules with "perl -MCPAN -e shell", then typing install wrote: > > Guys. Thank you all. Great help! > -RoNNY > > On 6/7/05, Julian Mehnle <[EMAIL PROTECTED]> wrote: > > > Dennis Peterson wrote: > > > The ClamAV source distr

RE: [Clamav-users] Question about clamd commands

[EMAIL PROTECTED] said: > RoNNY wrote: >> I simply changed my clamd.conf so that clamd now works as a TCP socket >> instead. > > Be aware there are security benefits to running as a Unix socket. For > example, if (God forbid!) a buffer overflow were ever found in clamd, it > would be much harder f

Re: [Clamav-users] Question about clamd commands

Ronny Nussbaum said: > Julian, > Forgive my ignorance, but I only know how to install Perl modules with > "perl > -MCPAN -e shell", then typing install Once I do that, how can I use the module that you wrote? > Should they be accessible from a script? or are they themselves already > scripts? >

[Clamav-users] Error while starting sendmail

Hi, I installed ClamAV and integrated with Sendmail. But when I start the sendmail service I received the following error. Starting sendmail: 554 5.0.0 /etc/mail/sendmail.cf: line 1657: Xclmilter: `=' expected 451 4.0.0 InputFilter clmilter not defined: No such file or directory ^[[60G[^[[0;3

Re: [Clamav-users] Error while starting sendmail

On 08/06/05, ladha <[EMAIL PROTECTED]> wrote: > Hi, > > I installed ClamAV and integrated with Sendmail. But when I start the > sendmail service I received the following error. > > Starting sendmail: 554 5.0.0 /etc/mail/sendmail.cf: line 1657: Xclmilter: `=' > expected > 451 4.0.0 InputFilter

[Clamav-users] Upload did not work ... sorry

Hello, Seems something is wrong with online scanner. I tried to upload samle .zip attachment invected with Trojan.Spy.Goldun.ah and got the following error: Upload did not work ... sorry Best Regards, -- George Chelidze ___ http://lurker.clamav.ne