[Clamav-users] ClamAv

2005-11-28 Thread Markus Braun
Hello, I have installad ClamAV over apt.get on a debian sarge system. I have made this: apt-get install clamav clamav-freshclam clamav-daemon usermod -G Debian-exim clamav /etc/init.d/clamav-daemon restart So is that correct, how can i test it? Or must i configure more? How does freshclam u

RE: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Grant Basson
>Should you ever come back to visit this list you'll learn that everything >you need to know about this can be found in your clamd.conf file. That >leaves for you the challenge of finding that clamd.conf file. > >dp MM all. I feel like a twit, but here goes anyway. How the heck do you run cl

RE: [Clamav-users] what is the default port that clamav (clamd) r uns on

2005-11-28 Thread Kenneth Byrne
> -Original Message- > From: Grant Basson [mailto:[EMAIL PROTECTED] > Sent: 28 November 2005 11:08 > To: 'ClamAV users ML' > Subject: RE: [Clamav-users] what is the default port that > clamav (clamd) > runs on > > I feel like a twit, but here goes anyway. > > How the heck do you run clam

RE: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Grant Basson
>./configure --help > >By default, `make install' will install all the files in >`/usr/local/bin', `/usr/local/lib' etc. You can specify >an installation prefix other than `/usr/local' using `--prefix', >for instance `--prefix=$HOME'. > > --bindir=DIR user executables [EPREFIX/bin] > -

Re: [Clamav-users] ClamAv

2005-11-28 Thread Stephen Gran
On Mon, Nov 28, 2005 at 11:04:37AM +, Markus Braun said: > Hello, > > I have installad ClamAV over apt.get on a debian sarge system. > > I have made this: > > apt-get install clamav clamav-freshclam clamav-daemon > > usermod -G Debian-exim clamav > > /etc/init.d/clamav-daemon restart > >

Re: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Stephen Gran
On Mon, Nov 28, 2005 at 01:49:12PM +0200, Grant Basson said: > >./configure --help > > > >By default, `make install' will install all the files in > >`/usr/local/bin', `/usr/local/lib' etc. You can specify > >an installation prefix other than `/usr/local' using `--prefix', > >for instance `--prefi

RE: [Clamav-users] what is the default port that clamav (clamd) runson

2005-11-28 Thread Grant Basson
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Basson Sent: 28 November 2005 01:49 PM To: 'ClamAV users ML' Subject: RE: [Clamav-users] what is the default port that clamav (clamd) runson >./configure --help > >By default, `make install' will inst

Re: [Clamav-users] ClamAv

2005-11-28 Thread Markus Braun
dpkg-reconfigure clamav-freshclam dpkg-reconfigure clamav-base I have installed these packages: apt-get install clamav clamav-freshclam clamav-daemon but clamav is not active. How can i check this? The eicar testfile comes into my mailbox. :-( But in the exim4 reject.log, is some info tha

Re: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Krištof Petr
Grant Basson wrote: [..] I had to copy the man page for clamd, from the calmav website, but the others, (clamscan, clamdscan, clamd.conf.) but no clamd This is extremely confusing, any assistance would be GREATLY appreciated. By the way, I'm replying to this message, because clamd.conf man p

RE: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Dennis Peterson
Grant Basson said: >>./configure --help >> >>By default, `make install' will install all the files in >>`/usr/local/bin', `/usr/local/lib' etc. You can specify >>an installation prefix other than `/usr/local' using `--prefix', >>for instance `--prefix=$HOME'. >> >> --bindir=DIR user exe

Re: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Bob Hutchinson
On Monday 28 Nov 2005 11:08, Grant Basson wrote: > >Should you ever come back to visit this list you'll learn that everything > >you need to know about this can be found in your clamd.conf file. That > >leaves for you the challenge of finding that clamd.conf file. > > > >dp > > MM all. > > I feel l

RE: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Grant Basson
>Try looking in /usr/local/sbin and /usr/sbin. If you install from an rpm >anything is possible. Because the rpm creator did not use the ClamAV >defaults nor update the documentation to help you find the peices, I'd >suggest removing that rpm and then build from source. I'd also suggest you >write

Re: [Clamav-users] ClamAv

2005-11-28 Thread Stephen Gran
On Mon, Nov 28, 2005 at 12:00:25PM +, Markus Braun said: > I have installed these packages: > > apt-get install clamav clamav-freshclam clamav-daemon > > but clamav is not active. How can i check this? What does this mean? Not running, or not magically integrated with your MTA? ps -u cla

Re: [Clamav-users] ClamAv

2005-11-28 Thread Markus Braun
What does this mean? Not running, or not magically integrated with your MTA? ps -u clamav will tell you what processes are running as user clamav. If clamd and freshclam are not listed in the output, I will be very surprised. sorry for my bad english. So Clamd and freshclam is runnning as us

Re: [Clamav-users] ClamAv

2005-11-28 Thread Stephen Gran
On Mon, Nov 28, 2005 at 01:26:04PM +, Markus Braun said: > >What does this mean? Not running, or not magically integrated with your > >MTA? ps -u clamav will tell you what processes are running as user > >clamav. If clamd and freshclam are not listed in the output, I will be > >very surpris

Re: [Clamav-users] Worm.Mytob.CL

2005-11-28 Thread Tomasz Papszun
On Mon, 28 Nov 2005 at 11:36:58 +0900, [EMAIL PROTECTED] wrote: > > I receive a virus report from my SMTP Server like: > > Attention: [EMAIL PROTECTED] > > A virus was found in an Email message you sent. > > This Email scanner intercepted it and stopped the entire message reaching > its destin

[Clamav-users] W32.Sober.X

2005-11-28 Thread Steve Wakelin
Hello, Some of my users have been receiving this virus. http://www.sophos.com/virusinfo/analyses/w32soberx.html Is there an update for this? I have checked the database and this is not mentioned. Unfortunately I do not have a example as it was neutralised/deleted by other AntiVirus software.

Re: [Clamav-users] Information about Virus Sober.Y

2005-11-28 Thread Elizabeth Schwartz
On 11/25/05, Richard Pijnenburg <[EMAIL PROTECTED]> wrote: > > Okay, So if i understand you correctly, Sober.Y == Sober.U ? Viruses mutate frequently, and different vendors give different names to viruses as they get ahold of samples. And, there's no strict line between versions; one program migh

Re: [Clamav-users] Exploit IE CVE CAN-2005-1790

2005-11-28 Thread Elizabeth Schwartz
On 11/23/05, Cedric Foll <[EMAIL PROTECTED]> wrote: > > is it possible to have a clamav signature for the exploit ? > Proof of conecpt here: > http://www.computerterrorism.com/research/ie/poc.htm I dunno about anyone else here , but I haven't heard of this site and I really, REALLY don't want to

Re: [Clamav-users] Exploit IE CVE CAN-2005-1790

2005-11-28 Thread Rick Macdougall
Elizabeth Schwartz wrote: On 11/23/05, Cedric Foll <[EMAIL PROTECTED]> wrote: is it possible to have a clamav signature for the exploit ? Proof of conecpt here: http://www.computerterrorism.com/research/ie/poc.htm I dunno about anyone else here , but I haven't heard of this site and I really,

RE: [Clamav-users] Exploit IE CVE CAN-2005-1790

2005-11-28 Thread Matthew.van.Eerde
Elizabeth Schwartz wrote: > On 11/23/05, Cedric Foll <[EMAIL PROTECTED]> wrote: >> >> is it possible to have a clamav signature for the exploit ? Proof of >> conecpt here: http://www.computerterrorism.com/research/ie/poc.htm > > > I dunno about anyone else here , but I haven't heard of this site

Re: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Todd Lyons
Grant Basson wanted us to know: >>Should you ever come back to visit this list you'll learn that everything >>you need to know about this can be found in your clamd.conf file. That >>leaves for you the challenge of finding that clamd.conf file. >I feel like a twit, but here goes anyway. >How the h

Re: [Clamav-users] what is the default port that clamav (clamd) runs on

2005-11-28 Thread Jim Maul
Todd Lyons wrote: Grant Basson wanted us to know: Should you ever come back to visit this list you'll learn that everything you need to know about this can be found in your clamd.conf file. That leaves for you the challenge of finding that clamd.conf file. I feel like a twit, but here goes any

[Clamav-users] Mytob virus detected as Broken.Executable?

2005-11-28 Thread Panagiotis Christias
Hello, we got reports that several emails carrying the Mytob virus (W32/[EMAIL PROTECTED] as reported by F-Prot) slipped through our ClamAV installation (0.87.1, latest virus database 34/1197). We managed to get a copy of an infected message and submitted it to the ClamAV Virus Database where it w

Re: [Clamav-users] Mytob virus detected as Broken.Executable?

2005-11-28 Thread Kevin W. Gagel
>We are using the default values, more or less, for the >scanning options in our clamav-milter/clamd installation >and thus DetectBrokenExecutables was disabled by default. > >Any opinions regarding the DetectBrokenExecutables option? >Could we or should we enable it? And if so, why is it >disabled

RE: [Clamav-users] Text of email not scanned.

2005-11-28 Thread PBR
"Gary V" <[EMAIL PROTECTED]> writes: > The string must be absolutely the first thing > in the body of a message, no white space or > other characters can precede it. > "Any anti-virus product that supports the eicar > test file should detect it in any file providing > that the file STARTS with t

Re: [Clamav-users] ClamAv

2005-11-28 Thread Markus Braun
Take a look at /usr/share/doc/exim4-base/spec.txt.gz for details of what the various directives mean. It sounds at the moment like you are hoping for a different behavior than you have configured from your MTA, so I would start with making sure the MTA is properly configured. If you look through

Re: [Clamav-users] ClamAv

2005-11-28 Thread Dennis Peterson
Markus Braun said: [whackage happened] > > Hi, > i looked at the Readme.DEbian and found this here: > >To enable clamav in the Debian exim4 packages, add >av_scanner = clamd:/var/run/clamav/clamd.ctl >(or if you've chosen tcp sockets) >av_scanner = clamd:127.0.0.1 3310 >to the

Re: [Clamav-users] Text of email not scanned.

2005-11-28 Thread Rob MacGregor
On 29/11/05, PBR <[EMAIL PROTECTED]> wrote: > Done all this. Clamscan reports the eicar test string if I scan the eicar > file from the command line, finds it if the file is an attachment. But not > inside an email meeting all the above requirements. How are you integrating clamav with your mail s