On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
<[EMAIL PROTECTED]> wrote:
>
> ClamAV is rejecting messages where the recipient address contains a | (pipe
> character)..
>
> Why is this? Is | a virus now?
>
> Can this behaviour be disabled?
>
> Are you planning on blocking other random chara
ClamAV is rejecting messages where the recipient address contains a | (pipe
character)..
Why is this? Is | a virus now?
Can this behaviour be disabled?
Are you planning on blocking other random characters from appearing in the
recipient adres?
thanks,
bvr.
__
Rob MacGregor wrote:
> On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
> <[EMAIL PROTECTED]> wrote:
>> ClamAV is rejecting messages where the recipient address contains a | (pipe
>> character)..
>>
>> Why is this? Is | a virus now?
>>
>> Can this behaviour be disabled?
>>
>> Are you planning
* Bas van Rooijen <[EMAIL PROTECTED]>:
> Yes. I'm certain ClamAV is behind it; we're using postfix with ClamAV-milter,
>
> - the message immediately rejected with the same error message,
> - the message is also written to the clamav.log,
> - if you google for the error a short discussion will co
On Mon, Apr 14, 2008 at 11:55:08AM +0100, Rob MacGregor wrote:
> On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
> <[EMAIL PROTECTED]> wrote:
> >
> > ClamAV is rejecting messages where the recipient address contains a |
> > (pipe character)..
> >
> > Why is this? Is | a virus now?
> >
> > Can
Mon Apr 14 13:07:57 2008 -> WARNING: Suspicious recipient address blocked:
'test|[EMAIL PROTECTED]'
Ralf Hildebrandt wrote:
> * Bas van Rooijen <[EMAIL PROTECTED]>:
>
>> Yes. I'm certain ClamAV is behind it; we're using postfix with ClamAV-milter,
>>
>> - the message immediately rejected with t
German Trejo wrote:
> [EMAIL PROTECTED] ~]$ clamscan
> I got
> --- SCAN SUMMARY ---
> Known viruses: 80498
> Engine version: 0.88.7
>
This is so old!
> Scanned directories: 1
> Scanned files: 195
> Infected files: 1
> Data scanned: 419.63 MB
> Time: 351.800 sec (5 m 51 s)
>
> B
I am using FC6 seems like I have a virus in my thunderbird email client, what
it's doing it replaces attachments with another file to any file I receive or
some case replaces for another the text, always the same. I installed CalmAV
0.88 with rpm file
[EMAIL PROTECTED] ~]$ clamscan --no-archive
But nothing on "VirusName FOUND" message. Any other way to run clamAV and find
the virus name and clean it?
German
Quoting Török Edwin <[EMAIL PROTECTED]>:
> German Trejo wrote:
> > [EMAIL PROTECTED] ~]$ clamscan
> > I got
> > --- SCAN SUMMARY ---
> > Known viruses: 80498
> > Eng
German Trejo wrote:
> But nothing on "VirusName FOUND" message. Any other way to run clamAV and find
> the virus name and clean it?
>
First upgrade to 0.92.1, 0.88.7 is too old to find some viruses.
Then use clamscan -ri .
--Edwin
___
Help us build a
> On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
> <[EMAIL PROTECTED]> wrote:
>> ClamAV is rejecting messages where the recipient address contains a | (pipe
>> character)..
>>
>> Why is this? Is | a virus now?
>>
>> Can this behaviour be disabled?
>>
>> Are you planning on blocking other ra
Bas van Rooijen wrote:
> Thanks for the replies so far;
>
> however please note I already know the problem is ClamAV (hence i'm writing
> to this list..)
>
> Is there anyone who can answer my actual questions?
>
Comment out the check in the source and recompile?
___
[EMAIL PROTECTED] wrote:
> Bas van Rooijen wrote:
>
>> Thanks for the replies so far;
>>
>> however please note I already know the problem is ClamAV (hence i'm writing
>> to this list..)
>>
>> Is there anyone who can answer my actual questions?
>>
>>
>
> Comment out the check in the source
Török Edwin wrote:
> [EMAIL PROTECTED] wrote:
>> Bas van Rooijen wrote:
>>
>>> Thanks for the replies so far;
>>>
>>> however please note I already know the problem is ClamAV (hence i'm writing
>>> to this list..)
>>>
>>> Is there anyone who can answer my actual questions?
>>>
>>>
>> Comme
John Rudd wrote:
> Török Edwin wrote:
>
>> [EMAIL PROTECTED] wrote:
>>
>>> Bas van Rooijen wrote:
>>>
>>>
Thanks for the replies so far;
however please note I already know the problem is ClamAV (hence i'm
writing to this list..)
Is there anyone who c
John Rudd wrote:
> Török Edwin wrote:
>> [EMAIL PROTECTED] wrote:
>>> Bas van Rooijen wrote:
>>>
Thanks for the replies so far;
however please note I already know the problem is ClamAV (hence i'm
writing to this list..)
Is there anyone who can answer my actual ques
Hi,
Current Known Viruses Count is.
Known viruses: 254858
Engine version: 0.92.1
Which Dropped on 2008-04-07 from "Known viruses:413852" is this normal?
--
Regards,
Noor Ahmed Afridi
___
Help us build a comprehensive ClamAV guide: visit http://wik
Noor Ahmed Afridi wrote:
> Hi,
>
> Current Known Viruses Count is.
>
> Known viruses: 254858
> Engine version: 0.92.1
>
> Which Dropped on 2008-04-07 from "Known viruses:413852" is this normal?
>
>
>
Looks like you might have been loading one of the tables twice.
dp
> It took 2 seconds to grep ClamAV sources..
>
> clamav-milter.c
>
> if(strchr("|;", *ptr) != NULL) {
> smfi_setreply(ctx, "554", "5.7.1", _("Suspicious recipient address blocked"));
>
> Yes it seems | and ; are blocked.
The "|" character might be used to expolit SMTP servers. It has no valid plac
The | character is not allowed in any e-mail address because it's a Unix
shell reserved character.
Here's a list right off the top of my head that are usually
blocked/disabled by just about every MTA out there.
1. Control Characters
2. Space
3. !
4. "
5. #
6. $
7. %
8. &
On Mon, 14 Apr 2008, Michael Brown wrote:
> The | character is not allowed in any e-mail address because it's a Unix
> shell reserved character.
>
> Here's a list right off the top of my head that are usually
> blocked/disabled by just about every MTA out there.
>
>1. Control Characters
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 14, 2008, at 10:30 AM, Michael Brown wrote:
> The | character is not allowed in any e-mail address because it's a
> Unix
> shell reserved character.
>
> Here's a list right off the top of my head that are usually
> blocked/disabled by just ab
Alan Stern wrote:
> There's certainly something wrong here. The open and close bracket
> characters ('[' and ']', items 19 and 21) can indeed be part of a valid
> email address. For example: [EMAIL PROTECTED]
>
There's a difference between "[EMAIL PROTECTED]" which would
be invalid and [E
Bit Fuzzy wrote:
> Alan Stern wrote:
>> There's certainly something wrong here. The open and close bracket
>> characters ('[' and ']', items 19 and 21) can indeed be part of a valid
>> email address. For example: [EMAIL PROTECTED]
>>
>
> There's a difference between "[EMAIL PROTECTED]" whi
On Mon, Apr 14, 2008 at 05:22:56PM +0200, Bas van Rooijen said:
> postfix would accept all three forms even
> and why not ??
I assume you haven't looked at sendmail's security record. This has
been a pretty standard thing to do for a long time, and with even more
characters than the milter curren
Stephen Gran wrote:
> I assume you haven't looked at sendmail's security record. This has
> been a pretty standard thing to do for a long time, and with even more
> characters than the milter currently uses.
That may be true, but filtering suspicious recipient addresses is beyond
the scope of a
On Mon, Apr 14, 2008 at 12:05:05PM -0400, David F. Skoll said:
> Stephen Gran wrote:
>
> > I assume you haven't looked at sendmail's security record. This has
> > been a pretty standard thing to do for a long time, and with even more
> > characters than the milter currently uses.
>
> That may be
I've just built and installed 0.93, when the new versions try and start
I get this error:
/usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
symbol: rarvm_free
A grep through the source doesn't appear to show anything obvious to me
anyway, the system in use is RH9 BTW, patched u
Brian Morrison wrote:
> I've just built and installed 0.93, when the new versions try and start
> I get this error:
>
> /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
> symbol: rarvm_free
>
> A grep through the source doesn't appear to show anything obvious to me
> anyway, the
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Török Edwin wrote:
> Brian Morrison wrote:
>> I've just built and installed 0.93, when the new versions try and start
>> I get this error:
>>
>> /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
>> symbol: rarvm_free
>>
>> A grep through the source doesn't appear to show anything
Dennis Peterson wrote:
> Is the http://clamav.com/download/sources page reporting the wrong
> version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
that page.
--
Brian
___
Help us build a comprehensive
Brian Morrison wrote:
> Dennis Peterson wrote:
>> Is the http://clamav.com/download/sources page reporting the wrong
>> version or is my cache hosed?
>
> If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
> that page.
>
That changed a minute after I posted, 0.93 is now ther
Brian Morrison wrote:
> Dennis Peterson wrote:
>
>> Is the http://clamav.com/download/sources page reporting the wrong
>> version or is my cache hosed?
>>
>
> If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
> that page.
>
>
http://sourceforge.net/project/showfile
Brian Morrison wrote:
> Dennis Peterson wrote:
>> Is the http://clamav.com/download/sources page reporting the wrong
>> version or is my cache hosed?
>
> If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
> that page.
>
The front page said 0.93 was the current version - loo
Dennis Peterson wrote:
> Brian Morrison wrote:
>> Dennis Peterson wrote:
>>> Is the http://clamav.com/download/sources page reporting the wrong
>>> version or is my cache hosed?
>> If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
>> that page.
>>
>
> The front page said 0.9
Brian Morrison wrote:
> Dennis Peterson wrote:
>> Brian Morrison wrote:
>>> Dennis Peterson wrote:
Is the http://clamav.com/download/sources page reporting the wrong
version or is my cache hosed?
>>> If you're expecting 0.93 then it hasn't got there yet, I see 0.92.1 on
>>> that page.
>
Brian Morrison wrote:
> Török Edwin wrote:
>
>> Brian Morrison wrote:
>>
>>> I've just built and installed 0.93, when the new versions try and start
>>> I get this error:
>>>
>>> /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
>>> symbol: rarvm_free
>>>
>>> A grep throug
I just received an alert from US-CERT regarding ClamAV. The full report
is available here:
http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability
--
Gerard
[EMAIL PROTECTED]
A real friend isn't someone you use once and then throw away.
A real friend is someone you can use ov
Any links to the real full report, all I found was "don't scan PE files" ?
Gerard wrote:
> I just received an alert from US-CERT regarding ClamAV. The full report
> is available here:
>
> http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability
>
>
> --
Török Edwin wrote:
> Brian Morrison wrote:
>> Török Edwin wrote:
>>
>>> Brian Morrison wrote:
>>>
I've just built and installed 0.93, when the new versions try and start
I get this error:
/usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
symbol: ra
Gerard wrote:
> http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability
Does ClamAV 0.93 fix this vulnerability? (When I saw the 0.93 release
announcement, I wondered what security problems were fixed this time...)
CERT, though, has to win the shoot-yourself-in-the-foot idioc
Hi,
I just download clamav 0.93 and attempted to compiled this on my
Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo.
Here is my error message I got:
Extracting
/Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a
(cd .libs/libclamav.lax/liblzma.a && ar x
/Applicat
fchan wrote:
> Hi,
> I just download clamav 0.93 and attempted to compiled this on my
> Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo.
> Here is my error message I got:
>
> Extracting
> /Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a
> (cd .libs/libclamav.lax/
Dennis Peterson wrote:
> Brian Morrison wrote:
>> Dennis Peterson wrote:
>>> Brian Morrison wrote:
Dennis Peterson wrote:
> Is the http://clamav.com/download/sources page reporting the wrong
> version or is my cache hosed?
If you're expecting 0.93 then it hasn't got there yet, I
Hallo
i just tried to run clamav-0.93 on my FreeBSD 4.8 Server and Procmail
<->clamassassin hangs
with clamav-0.92.1 = no Problem
**
cd clamav-0.92.1
make uninstall
cd ..
cd clamav-0.93
./configure
make
make install
freshclam
= all OK
reboot
i use Procmail and clamassassin 1.2.3 with clamd on l
On Mon, 14 Apr 2008 14:01:10 -0400
"David F. Skoll" <[EMAIL PROTECTED]> wrote:
> Gerard wrote:
>
> > http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability
>
> Does ClamAV 0.93 fix this vulnerability? (When I saw the 0.93 release
> announcement, I wondered what security prob
On Mon, 14 Apr 2008, Matthias Häker wrote:
> is there any change in the conf ? ort anything else i should look for ?
Uhm, yes:
* clamd:
- NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion,
MaxFiles
- ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
I'm getting this error message:
cdiff.o(.text+0x190a): In function `cdiff_apply':
../shared/cdiff.c:984: undefined reference to `gzdopen'
cdiff.o(.text+0x1950):../shared/cdiff.c:994: undefined reference to `gzgets'
cdiff.o(.text+0x19a5):../shared/cdiff.c:1016: undefined reference to `gzclose'
cdi
Joey McKnight wrote:
> I'm getting this error message:
>
>
>
You removed the most important output from the build: the last command
executed (the arguments to the linker), please post that one too.
> cdiff.o(.text+0x190a): In function `cdiff_apply':
> ../shared/cdiff.c:984: undefined reference
Joey McKnight said the following, On 04/14/2008 01:44 PM:
> I'm getting this error message:
> manager.o(.text+0x189d):/root/clamav-0.93/freshclam/manager.c:913: undefined
> reference to `gzclose'
> manager.o(.text+0x19cd):/root/clamav-0.93/freshclam/manager.c:932: undefined
> reference to `gzclos
I have been assigned to manage a Postfix email server running Clamav on
a RHEL 4 ES server. I am running 0.90.3-1.el4.rf on the machine in
question & for some reason my definitions are failing to update and
flooding my logs:
[EMAIL PROTECTED] ~]# cat /var/log/messages | grep "freshclam"
Apr 14
Carlos Williams wrote:
> I have been assigned to manage a Postfix email server running Clamav on
> a RHEL 4 ES server. I am running 0.90.3-1.el4.rf on the machine in
> question & for some reason my definitions are failing to update and
> flooding my logs:
>
> [EMAIL PROTECTED] ~]# cat /var/log/m
To"ro"k Edwin wrote:
>
> You got version 6700, which is too old to update from directly to 6755.
> That is why freshclam downloaded the entire daily.cvd again.
>
>
>
> It updated successfully, but didn't use incremental updates.
>
So what exactly can I do to clean this up a little? Are you
Carlos Williams wrote:
> To"ro"k Edwin wrote:
>
>> You got version 6700, which is too old to update from directly to 6755.
>> That is why freshclam downloaded the entire daily.cvd again.
>>
>>
>>
>> It updated successfully, but didn't use incremental updates.
>>
>>
>
> So what exactly ca
Joey McKnight wrote:
> here is what nm -D /usr/lib/libz.so|grep gz displayed:
>
> 00d674c0 T gzclearerr
> 00d67320 T gzclose
> 00d66380 T gzdopen
> 00d67240 T gzeof
> 00d67390 T gzerror
> 00d66ec0 T gzflush
> 00d66aa0 T gzgetc
> 00d66b40 T gzgets
> 00d66350 T gzopen
> 00d66ca0 T gzprintf
> 00d66d20
To"ro"k Edwin wrote:
> Carlos Williams wrote:
>> To"ro"k Edwin wrote:
>>
>>> You got version 6700, which is too old to update from directly to 6755.
>>> That is why freshclam downloaded the entire daily.cvd again.
>>>
>>>
>>>
>>> It updated successfully, but didn't use incremental updates.
>>
On Apr 14, 2008, at 1:06 PM, Carlos Williams wrote:
>> It is not fine, in the sense that you didn't update since a long time
>> (55 DB versions got released in the mean time!)
>>
>
> So does this freshclam run every night to update or how does this
> exactly work? I want to kind have this automated
Carlos Williams wrote:
>>
> So does this freshclam run every night to update or how does this
> exactly work? I want to kind have this automated and keep from flooding
> my logs? I am guessing that there is a cron.daily script that runs but I
> don't know why its not running correctly if I was
On Mon, 14 Apr 2008 16:15:29 -0400
Carlos Williams <[EMAIL PROTECTED]> wrote:
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.90.3 Recommended version: 0.93
> Ignoring mirror 209.8.40.140 (too often connections with outdated version)
>
> What am I doing wrong?
>
Wh
here is what nm -D /usr/lib/libz.so|grep gz displayed:
00d674c0 T gzclearerr
00d67320 T gzclose
00d66380 T gzdopen
00d67240 T gzeof
00d67390 T gzerror
00d66ec0 T gzflush
00d66aa0 T gzgetc
00d66b40 T gzgets
00d66350 T gzopen
00d66ca0 T gzprintf
00d66d20 T gzputc
00d66d70 T gzputs
00d667d0 T gzread
Chuck Swiger wrote:
> On Apr 14, 2008, at 1:06 PM, Carlos Williams wrote:
>>> It is not fine, in the sense that you didn't update since a long time
>>> (55 DB versions got released in the mean time!)
>>>
>> So does this freshclam run every night to update or how does this
>> exactly work? I want to
Carlos Williams wrote:
> I am just guessing the automated process would not be essential until I
> can manually run freshclam and see it connecting to valid hosts and then
> update itself w/o any errors.
>
> What am I doing wrong?
>
It gives you a link in the log message that you should proba
On Mon, Apr 14, 2008 at 05:51:22PM +0100, Brian Morrison wrote:
[...]
> /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
> symbol: rarvm_free
[...]
ldconfig?
--
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.
On Mon, 14 Apr 2008 16:15:29 -0400
Carlos Williams <[EMAIL PROTECTED]> wrote:
[snip]
> [EMAIL PROTECTED] bin]# freshclam
> ClamAV update process started at Mon Apr 14 16:07:03 2008
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.90.3 Recommended version: 0.93
> DON'T
On Mon, 14 Apr 2008 20:38:21 +0300
Török Edwin <[EMAIL PROTECTED]> wrote:
> Brian Morrison wrote:
> > Török Edwin wrote:
> >
> >> Brian Morrison wrote:
> >>
> >>> I've just built and installed 0.93, when the new versions try and start
> >>> I get this error:
> >>>
> >>> /usr/sbin/clamd: r
A vulnerability was identified by Secunia in 0.92.1 relating to the PE module.
We immediately disabled this module about a month ago. Since then we have been
working on, and produced, a fix which is included in 0.93. 0.93 is due for
release
very soon, and all users are advised to update to this r
Michael Brown wrote:
> The | character is not allowed in any e-mail address because it's a Unix
> shell reserved character.
>
> Here's a list right off the top of my head that are usually
> blocked/disabled by just about every MTA out there.
>
>1. Control Characters
>2. Space
>3. !
>
Thank you Edwin! That worked.
Frank
>fchan wrote:
>> Hi,
>> I just download clamav 0.93 and attempted to compiled this on my
>> Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo.
>> Here is my error message I got:
>>
>> Extracting
>> /Applications/Utilities/clamav/clamav-0.93/libclam
Nigel Horne wrote:
A vulnerability was identified by Secunia in 0.92.1 relating to the PE
module.
We immediately disabled this module about a month ago. Since then we
have been
working on, and produced, a fix which is included in 0.93. 0.93 is due
for release
very soon, and all users are advise
This is the output after the upgrade:
[EMAIL PROTECTED] ~]$ ~/clamav/bin/clamscan -ri
LibClamAV Warning: **
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible.***
Li
David F. Skoll wrote:
> Stephen Gran wrote:
>
>> I assume you haven't looked at sendmail's security record. This has
>> been a pretty standard thing to do for a long time, and with even more
>> characters than the milter currently uses.
>
> That may be true, but filtering suspicious recipient ad
Hello,
ClamAV 0.92.1 (debian volatile) can't scan pdf (around 3MB) files.
I get the following error: "Files number limit exceeded".
My clam.conf contains the following strings:
ArchiveMaxRecursion 0
ArchiveMaxFiles 0
ArchiveMaxFileSize 30M
ArchiveMaxCompressionRatio 500
ArchiveLimitMemoryUsage
73 matches
Mail list logo
