On Sun, 18 Sep 2011 17:55:02 +0200 Radoan wrote:
> Hello I use linux debian lenny on my server. I put the adress deb
> http://volatile.debian.org/debian-volatile lenny/volatile main contrib
> non-free in my /etc/apt/sources.list
> After apt-get update and apt-get install clamav clamav-daemon i go
On Sat, 17 Sep 2011 10:25:50 -0400 Dan wrote:
> At 1:33 PM +0200 9/16/2011, Tomasz Kojm wrote:
>> On Thu, 15 Sep 2011 12:28:50 -0400 Dan wrote:
>> > At 10:43 AM +0200 9/15/2011, Tomasz Kojm wrote:
>> >> OK, now please post the output of 'freshclam --list-mirrors'
>> >
>> > Mirror #9
>>> IP:
Hi there,
On Mon, 19 Sep 2011 Michael Orlitzky wrote:
> On 09/16/11 11:53, G.W. Haywood wrote:
> >
> > Is this one for Mr. Basford, or does it have wider implications?
> > ...
>
> An IP address is a number between 0 and 2^32 (more or less).
> There are plenty of ways to represent them.
Unless it'
On Monday 19 September 2011 04:20:57 am Tomasz Kojm wrote:
> Please open a bug report at bugs.clamav.net
my clamav comes from debian volatile and it starts fine...
I guest its an error in clamav-daemon script..
--
Salu2
Ulinx
Administrador de redes
Ministerio de F
On Sunday 18 September 2011 11:55:02 am Radoan wrote:
> In my /var/log/clamav/clamav.log is :
>
> Sun Sep 18 17:47:31 2011 -> +++ Started at Sun Sep 18 17:47:31 2011
> Sun Sep 18 17:47:31 2011 -> clamd daemon 0.97.2 (OS: linux-gnu, ARCH:
> mips, CPU: mipsel)
> Sun Sep 18 17:47:31 2011 -> Log file s
>
> A hostname cannot be all digits and except when the IP is used there
> will be a TLD, so if you see a pattern such as
>
> http:// 123456789/ cgi-bin/innocent_code.pl
>
> (Ignore the spaces they are there to let this post slip by most antispam
> detection) then you can surmise it is an atte
On 09/19/11 08:18, G.W. Haywood wrote:
>
> Nah, after thirty-odd years I can do it in my head with dotted quads. :)
Yeah but I'll bet you imagine the bits still =)
> But the point remains, this is a pretty obvious and easy target for
> any scanner which is looking for malicious activity, so wou
On 9/19/2011 11:46 AM, Michael Orlitzky wrote:
>> A hostname cannot be all digits and except when the IP is used there
>> will be a TLD, so if you see a pattern such as
>>
>> http:// 123456789/ cgi-bin/innocent_code.pl
>>
>> (Ignore the spaces they are there to let this post slip by most antispam
On 09/19/11 12:04, Bowie Bailey wrote:
>
> He is not trying to match the IP address. He is trying to match an
> unusual way of presenting the IP address that seems to occur primarily
> in spam.
>
> Whether this is something that should be done in ClamAV or would be
> better done by something lik
On 9/19/2011 12:16 PM, Michael Orlitzky wrote:
> On 09/19/11 12:04, Bowie Bailey wrote:
>> He is not trying to match the IP address. He is trying to match an
>> unusual way of presenting the IP address that seems to occur primarily
>> in spam.
>>
>> Whether this is something that should be done in
On Sep 19, 2011, at 12:04 PM, Bowie Bailey wrote:
> On 9/19/2011 11:46 AM, Michael Orlitzky wrote:
>>> A hostname cannot be all digits and except when the IP is used there
>>> will be a TLD, so if you see a pattern such as
>>>
>>> http:// 123456789/ cgi-bin/innocent_code.pl
>>>
>>> (Ignore the
On Mon, 2011-09-19 at 12:40 -0400, Bowie Bailey wrote:
> On 9/19/2011 12:16 PM, Michael Orlitzky wrote:
> > On 09/19/11 12:04, Bowie Bailey wrote:
> >> He is not trying to match the IP address. He is trying to match an
> >> unusual way of presenting the IP address that seems to occur primarily
> >
On Mon, Sep 19, 2011 at 6:46 PM, Bernd Petrovitsch
wrote:
> That's the whole problem as both are legal and correct (as in
> RFC-compliant) form.
> And you want to flag it as "spam"?
Regardless of form I would call it spam since I've never seen legit
numeric links. I've had my own SA rule for the
On 9/19/2011 12:46 PM, Bernd Petrovitsch wrote:
> On Mon, 2011-09-19 at 12:40 -0400, Bowie Bailey wrote:
>> On 9/19/2011 12:16 PM, Michael Orlitzky wrote:
>>> On 09/19/11 12:04, Bowie Bailey wrote:
He is not trying to match the IP address. He is trying to match an
unusual way of presenti
On Sep 19, 2011, at 19:04, Bowie Bailey wrote:
> On 9/19/2011 11:46 AM, Michael Orlitzky wrote:
>>> A hostname cannot be all digits and except when the IP is used there
>>> will be a TLD, so if you see a pattern such as
>>>
>>> http:// 123456789/ cgi-bin/innocent_code.pl
>>>
>>> (Ignore th
On 9/19/11 8:46 AM, Michael Orlitzky wrote:
A hostname cannot be all digits and except when the IP is used there
will be a TLD, so if you see a pattern such as
http:// 123456789/ cgi-bin/innocent_code.pl
(Ignore the spaces they are there to let this post slip by most antispam
detection) the
On 9/19/2011 2:33 PM, Török Edwin wrote:
> Try adding this to a local.pdb file in your dbdir (untested):
> R:[0-9]{1,10}(\.[0-9]{1,10}){0,2}:.+
>
> Of course you can improve the regex to detect hexadecimal encoded numbers,
> etc.
>
My IP v4 & v6 regex from the CCEE patchset.
([.:[:xdigit:]]{2,4
17 matches
Mail list logo
