[Clamav-users] Worm.Sober.U not being recognized

I'm running clamav-milter 0.87 from ClamAV 0.87.1 with sendmail 8.13.5, with a database that is fully up-to-date (main.cvd version 34, daily.cvd version 1182), but for some reason this setup is not catching Worm.Sober.U, and we're getting slammed pretty hard with it. I've tried submitting the offen

Re: [Clamav-users] Worm.Sober.U not being recognized

Pete 'Wolfy' Hanson wrote: Running clamscan --detect-broken finds the message, and generates no errors, but clamav-milter does not find the message when it comes in. clamd.logshows: Nov 21 14:08:18 paz clamav-milter[26450]: [ID 788897 local7.notice] jALM6n0R027652: clean message from <[EMAIL PRO

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: > > We've been detecting Worm.Sober.U here for a little over 2 hours (with > daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe > for some reason clamd didn't load the updated database? Try restarting > clamd and/or clamav-mitler (

Re: [Clamav-users] Worm.Sober.U not being recognized

Pete 'Wolfy' Hanson wrote: On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: We've been detecting Worm.Sober.U here for a little over 2 hours (with daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe for some reason clamd didn't load the updated database? Try restarting clam

RE: [Clamav-users] Worm.Sober.U not being recognized

Pete wrote: > On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: >> >> We've been detecting Worm.Sober.U here for a little over 2 hours >> (with daily.cvd 1182). If clamscan finds it, but clamav-milter >> doesn't, maybe for some reason clamd didn't load the updated >> database? Try restarting clamd an

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > What are your clamd and clamav-milter options? > /usr/local/sbin/clamav-milter --headers --pidfile=/var/clamav/clamav- milter.pid --quiet /var/clamav/clamav-milter.sock No clamd since we aren't running with --external. which has worke

Re: [Clamav-users] Worm.Sober.U not being recognized

Pete 'Wolfy' Hanson wrote: > On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: > >> We've been detecting Worm.Sober.U here for a little over 2 hours (with >> daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe >> for some reason clamd didn't load the updated database? Try restar

Re: [Clamav-users] Worm.Sober.U not being recognized

On Mon, 21 Nov 2005 14:04:43 -0900 Pete 'Wolfy' Hanson <[EMAIL PROTECTED]> wrote: > On 11/21/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> > wrote: > > > > What are your clamd and clamav-milter options? > > > > /usr/local/sbin/clamav-milter --headers --pidfile=/var/clamav/clamav- > milter.pid --quiet

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > Please post your clamd.conf file. > LogFileMaxSize 0 LogTime LogClean LogSyslog LogFacility LOG_LOCAL7 PidFile /var/clamav/clamd.pid TemporaryDirectory /tmp FixStaleSocket TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQue

[Clamav-users] Re: Worm.Sober.U not being recognized

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pete 'Wolfy' Hanson wrote: [snip] > Running clamscan --detect-broken finds the message, and generates no errors, > but clamav-milter does not find the message when it comes in. clamd.logshows: The key is that "clamscan --detect-broken" is not the defa

Re: [Clamav-users] Worm.Sober.U not being recognized

On Mon, 21 Nov 2005 14:10:07 -0900 Pete 'Wolfy' Hanson <[EMAIL PROTECTED]> wrote: > MaxDirectoryRecursion 1 You should be more careful when changing the config options. With the current MaxDirectoryRecursion setting in your setup clamd/clamav-milter will fail to detect a lot of malware. -- o

Re: [Clamav-users] Re: Worm.Sober.U not being recognized

On Mon, 21 Nov 2005 17:11:25 -0600 René Berber <[EMAIL PROTECTED]> wrote: > Fix it by editing /etc/clamd.conf, make sure that the following are set: > > DisableDefaultScanOptions Oh, no. Please do not enable this directive. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\.

Re: [Clamav-users] Worm.Sober.U not being recognized

>Pete 'Wolfy' Hanson wrote: > >>On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: >> >> >>>We've been detecting Worm.Sober.U here for a little over >>>2 hours (with daily.cvd 1182). If clamscan finds it, but >>>clamav-milter doesn't, maybe for some reason clamd didn't >>>load the updated database? T

Re: [Clamav-users] Re: Worm.Sober.U not being recognized

> > DisableDefaultScanOptions > DetectBrokenExecutables > No change in behavior with those opts -- Pete Hanson http://www.well.com/user/wolfy http://www.fotolog.net/wolfy ___ http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > MaxDirectoryRecursion 1 > > You should be more careful when changing the config options. With the > current MaxDirectoryRecursion setting in your setup clamd/clamav-milter > will fail to detect a lot of malware. Maybe, but it doesn't seem

Re: [Clamav-users] Worm.Sober.U not being recognized

> > I'm seeing the same thing here. My uvscan sees sober but > since I restarted the server this morning at 10am there have > been zero detections of anything from clamd at all. Only > seven detections from uvscan over the same time period. > FWIW, we're detecting other viruses and worms - but Wor

Re: [Clamav-users] Worm.Sober.U not being recognized

>> I'm seeing the same thing here. My uvscan sees sober but >> since I restarted the server this morning at 10am there >> have been zero detections of anything from clamd at all. >> Only seven detections from uvscan over the same time >>period. > >FWIW, we're detecting other viruses and worms - bu

Re: [Clamav-users] Worm.Sober.U not being recognized

Kevin W. Gagel wrote: >>Pete 'Wolfy' Hanson wrote: >> >> >>>On 11/21/05, Kelson <[EMAIL PROTECTED]> wrote: >>> >>> >>> We've been detecting Worm.Sober.U here for a little over 2 hours (with daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe for some reason clamd di

Re: [Clamav-users] Worm.Sober.U not being recognized

On Mon, 21 Nov 2005 14:39:58 -0900 Pete 'Wolfy' Hanson <[EMAIL PROTECTED]> wrote: > On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > > > > MaxDirectoryRecursion 1 > > > > You should be more careful when changing the config options. With the > > current MaxDirectoryRecursion setting in your

Re: [Clamav-users] Worm.Sober.U not being recognized

On 11/21/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > > I would suggest using the following config in your case (it's based on > the one you have sent here): > > LogFileMaxSize 0 > LogTime > LogClean > LogSyslog > LogFacility LOG_LOCAL7 > PidFile /var/clamav/clamd.pid > TemporaryDirectory /tmp > Fi