Pablo Chamorro C. wrote:
> > Try submitting the infected file to http://virusscan.jotti.org and
> > http://www.virustotal.com and see if any of their scanners
> detect it.
>
> Thank for all the answers, I found that only clamav on July
> 12th included that signature, but now, where can I find
Well, the advice I gave above still applies. Those two online virus
scanners would reveal the name other vendors call that virus by, and the
Yeah, I did that, thanks, but only clamav identified it as virus.
There's no point in us spoon feeding you the answers or you'll be asking
the same ques
Pablo Chamorro C. wrote:
> What I know is clamav doesn't have a 'Virus Information Library' or
> similar, that is the reason why I'm asking.
If you search the archives, there have been links to comparison lists
posted in the past.
Matt
___
http://l
Hi,
with this header:
Return-Path:
Delivered-To: xxx
Received: (qmail 21525 invoked by uid 89); 25 Jul 2005 20:50:41 -
Received: by simscan 1.1.0 ppid: 21403, pid: 21408, t: 5.7753s
Received: from unknown (HELO 127.0.0.1) (xxx)
by x
Hi All,
I try to upgrade my clamav 0.85.1 to 0.86.2 with milter enable.
but I have this error.
Making all in clamav-milter
make[2]: Entering directory `/usr/local/clamav-0.86.2/clamav-milter'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../clamd -I../libclamav -I../shared
-I/usr/local/include -g -O2 -
> Hi All,
> /usr/local/clamav-0.86.2/clamav-milter/clamav-milter.c:1578: undefined
> reference to `smfi_opensocket'
Read .../clamav-milter/INSTALL. It is discussed in there.
___
http://lurker.clamav.net/list/clamav-users.html
On Wed, Jul 27, 2005 at 10:47:14PM +0800, Bonar said:
> Hi All,
>
> I try to upgrade my clamav 0.85.1 to 0.86.2 with milter enable.
> but I have this error.
>
> have somebody out there have a same problem?
> need help coz our organization receive about 40% ++ email with viruses
> everyday.
Yes,
"Daniel J McDonald" wrote:
> Ditto. The complete steps are:
> 1. Install a recent version source package:
> rpm -ivh clamav-0.86.1.src.rpm
..now I have already installed clamav 0.86.1, therefore I must however to
install a clamav version 0.86.1 with source package 0.86.1 ??
still thanks.
On 7/27/05, Salvatore Basso <[EMAIL PROTECTED]> wrote:
> ..now I have already installed clamav 0.86.1, therefore I must however to
> install a clamav version 0.86.1 with source package 0.86.1 ??
> still thanks.
I can put my RPMs up on the web if anyone's interested..
> Salvatore.
--
J
"Jason Frisvold" wrote:
>I can put my RPMs up on the web if anyone's interested..
.. I think this is a good idea !! :-)
Salvatore.
---
[This E-mail scanned for viruses by Declude Virus]
___
http://lurker.clamav.net/list/clamav-users.html
Is there currently a work around to avoid this situation? Is anyone just
rejecting messages with a zip that has a zip header that says the file
size is Zero when uncompressed?
Thanks
Zach
Zachary Buckholz - Linux Administrator - GoDaddy.com
14455 North Hayden Road, Suite 226, Scottsdale, AZ 852
On Wed, Jul 27, 2005 at 10:46:42AM -0700, [EMAIL PROTECTED] wrote:
> Is there currently a work around to avoid this situation? Is anyone just
> rejecting messages with a zip that has a zip header that says the file
> size is Zero when uncompressed?
Could you be more specific, I don't understand wh
q# wrote:
On Wed, Jul 27, 2005 at 10:46:42AM -0700, [EMAIL PROTECTED] wrote:
Is there currently a work around to avoid this situation? Is anyone just
rejecting messages with a zip that has a zip header that says the file
size is Zero when uncompressed?
Could you be more specific, I don't und
p/empty.zip: OK
--- SCAN SUMMARY ---
Known viruses: 37224
Engine version: devel-20050727
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 1.536 sec (0 m 1 s)
Can I say it's a bug?
--
best regards
q#
___
q# wrote:
> On Wed, Jul 27, 2005 at 02:26:06PM -0400, Jim Maul wrote:
>> I believe the OP is referring to a new technique being used by virus
>> writers where the email has a zip attachment which APPEARS to be 0
>> bytes (in the zip header) but when uncompressed, the file is in fact
>> not 0 bytes.
On Wed, Jul 27, 2005 at 11:54:05AM -0700, [EMAIL PROTECTED] wrote:
> > So, It could be nice if clamav can block those files, but on my
> > -devel it
> > dosn't work:
> >
> > Can I say it's a bug?
>
> If I may suggest, corrupt .zip files (with unreasonable zip header values)
> should NOT be cons
q# wrote:
> Of course, but as you can see, I've created my own signature for empty
> file in zip-file and it doesn't work.
One might surmise, then, that you have not created it correctly?
Matt
___
http://lurker.clamav.net/list/clamav-users.html
Hi,
I get this error, and i googled but found nought but source code.
What is the meaning of this error ?
Cheers,
ace
--
Onderteken de Europese petitie tegen kernenergie:
http://www.atomstopp.com/1million/petition.asp?c=nl
Ace Suares' Internet Consultancy
mail: PObox 2599, 4800 CN Breda, Th
q# wrote:
> $ echo 'Zip.Empty:0:*:0:0::0:1:1' > ./local/empty.zmd
Checking the documentation:
http://www.clamav.net/doc/latest/signatures.pdf
This is the "Extended signature format"
Zip.Empty - name of malware
0 - target type: 0 = any file
* - offset: * = any
0 - ?
0 - ?
- ?
0 -
>
> Hi,
>
> I get this error, and i googled but found nought but source code.
>
> What is the meaning of this error ?
>
>
man clamd.conf
There are several limits that have to be configured according your needs.
These limits are imposed to avoid scanning files that can overload your
clamd server.
On 7/27/05, Salvatore Basso <[EMAIL PROTECTED]> wrote:
> .. I think this is a good idea !! :-)
Ok, they're up there.. http://www.godshell.com/toaster
Click on the toaster link and they're in the clamav section.
> Salvatore.
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
On Wed, Jul 27, 2005 at 08:13:15PM +0100, Matt Fretwell wrote:
> q# wrote:
>
> > Of course, but as you can see, I've created my own signature for empty
> > file in zip-file and it doesn't work.
>
> One might surmise, then, that you have not created it correctly?
Don't ask me, check it. If you f
On Wed, Jul 27, 2005 at 12:31:45PM -0700, [EMAIL PROTECTED] wrote:
> q# wrote:
> > $ echo 'Zip.Empty:0:*:0:0::0:1:1' > ./local/empty.zmd
>
> Checking the documentation:
> http://www.clamav.net/doc/latest/signatures.pdf
>
> This is the "Extended signature format"
>
> Zip.Empty - name of m
q# wrote:
> Wrong signature format: zmd != ndb
Alright - where's the documentation of the zmd database format?
Does sigtool --list-sigs | grep "Zip.Empty" have any output? That should at
least verify whether the sig is being loaded.
--
Matthew.van.Eerde (at) hbinc.com 805.964.
At 02:54 PM 7/27/2005, [EMAIL PROTECTED] wrote:
q# wrote:
> Wrong signature format: zmd != ndb
Alright - where's the documentation of the zmd database format?
Does sigtool --list-sigs | grep "Zip.Empty" have any output? That should
at least verify whether the sig is being loaded.
Recent cla
On Wed, Jul 27, 2005 at 12:54:30PM -0700, [EMAIL PROTECTED] wrote:
> q# wrote:
> > Wrong signature format: zmd != ndb
>
> Alright - where's the documentation of the zmd database format?
>
> Does sigtool --list-sigs | grep "Zip.Empty" have any output? That should at
> least verify whether the si
26 matches
Mail list logo
