[clamav-users] ClamAV 0.97 - configure wants zlib/zlib-devel packages, not in repository

n the FAQ and list archive] ANDY - Salt Lake, UT US ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

[Clamav-users] 7zip detection broken in 0.94?

OIT: On Is 7z not supported any longer or could I not have installed it correctly? I ran ldconfig and I've installed everything I could think of. Thanks! -Andy- -Xinn.org- Security, and Sanity Solutions The makers of ClearSite NMS. ___ Help us b

Re: [Clamav-users] 7zip detection broken in 0.94?

build now. Anyway, I guess I agree with the feature request, 7z support similar to NetFamr's in their windows port would be awesome! On Fri, Oct 24, 2008 at 2:40 AM, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Fri, 24 Oct 2008 00:31:39 -0400 > Andy <[EMAIL PROTECTED]> wrot

Re: [Clamav-users] How to test ClamAV?

EICAR http://www.eicar.org/anti_virus_test_file.htm VX heavens http://vx.netlux.org/vl.php On Fri, Dec 5, 2008 at 6:14 PM, Brandon Perry <[EMAIL PROTECTED]> wrote: > When you compile ClamAV, use --enable-check (iirc) and make sure you have > check installed. Then, when it is done compiling, you

Re: [Clamav-users] How to test ClamAV

You'll need to find a nastie that your local/server AV don't detect, but ClamAV does. Or make an exception for a file extention... rename eicar.txt to eicar.z43 (something random) and make sure your server and local av will ignore that file extention. On Fri, Feb 6, 2009 at 10:45 AM, Alex Davidson

Re: [Clamav-users] Using clamav on internet gateway

Another is SafeSquid, which now does not require Squid itself to be installed and or running if it is installed. http://www.howtoforge.com/gateway-level-virus-security-clamav-safesquid-proxySafeSquid has windows and *nix support. I believe Snort can even use ClamAV http://en.wikipedia.org/wiki/Snor

Re: [Clamav-users] please remove - 27 emails and counting

I believe (and this email is probably no exception) but Gmail and others default to top posting. This mail is me just hitting reply, and typing where the cursor defaults to. Won't happen again, but just FYI. On Fri, Feb 20, 2009 at 4:25 PM, Tomasz Papszun < tomek-clam-us...@lodz.tpsa.pl> wrote: >

[Clamav-users] Compiling on one machine to run on another...

figure --target=i586-pc-linux-gnuoldld, and that also failed. I'm sure the answer is simple, but I'm not too hot on Makefiles, etc., is there a solution to this ? Thanks Andy --- This SF.Net email sponsored by: Free pre-built ASP.NET sit

[Clamav-users] Compiling on one machine to run on another...

figure --target=i586-pc-linux-gnuoldld, and that also failed. I'm sure the answer is simple, but I'm not too hot on Makefiles, etc., is there a solution to this ? Thanks Andy --- This SF.Net email sponsored by: Free pre-built ASP.NET sit

Re: [Clamav-users] Compiling on one machine to run on another...

CONFDIR=\"/usr/local/etc\" -DC_URANDOM=1 -DC_LINUX=1 -DCL_THREAD_SAFE=1 -DCLAMUKO=1 -DWORDS_LITTLEENDIAN=1 -I. -I. -I.. -Izziplib -g -O2 -c matcher.c -MT matcher.lo -MD -MP -MF .deps/matcher.TPlo -o matcher.o ../libtool: gcc: command not found make[1]: *** [matcher.lo] Error 1 make[1]: Leaving

[Clamav-users] Packages for Solaris 10 64-bit available.

the ClamAV team! Andy PS: Could a member of the ClamAV team update the Binary Packages page on clamav.net to include Solaris 10 in the link to this site? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http

[Clamav-users] libclamav saying DB is old, can't detect virus

n. I'm worried now other virii might be getting through :( Have I missed something blatently obvious? Thanks, Andy. mx tmp # clamscan --debug postcard.exe LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: Loading /var/lib/clamav/daily.cvd LibClamAV debug: in cli

Re: [Clamav-users] libclamav saying DB is old, can't detect virus

Andy ([EMAIL PROTECTED]) wrote: > Hey, > > I'm having some trouble with a virus that got past clamav. > > Log is pasted below, but I seem to have two problems: > > 1) libclamav is saying my database is old when it isn't update... I didn't want to stop

Re: [Clamav-users] libclamav saying DB is old, can't detect virus

> scanning them for viruses. They are summarily rejected with prejudice. Oh I agree and that is actually in place (via simscan). The .exe was removed from a .zip file for debugging my problem. So the .exe file never changed from one scan to the next, yet changing the definitions somehow m

[clamav-users] Why has clam started updating itself every 3 hours?

This is new behavior, as far as I know. We’ve not seen this sort of thing before. I’m noticing (via OSSEC) that our ClamAV deployments are updating themselves every 3 hours. This is far in excess of the cron we set up to run Freshclam. Any idea what could be causing this? ___

[clamav-users] Suggestion: Need option to "Block Skipped Files" and Scan Summary to indicate "Skipped files"

e the file more carefully. b)An appropriate line in the SCAN SUMMARY, e.g.: --- SCAN SUMMARY --- Infected files: 0 Skipped files: 1 Time: 1.610 sec (0 m 1 s) Thank for giving this suggestion your consideration. Best Regards Andy Schmidt ___

[clamav-users] Java.Malware.Agent-1756221 false positive still detected

We’ve got the netty-all.jar that is the subject of a recent false positive and subsequent fix: https://www.clamxav.com/BB/viewtopic.php?f=1&t=4761&sid=b5e35899ad6c2e6a132aa87031dc504c However, despite updating our definitions via freshclam, this is still hitting on that file. Has anyone else ex

Re: [clamav-users] Java.Malware.Agent-1756221 false positive still detected

Will do, thanks. Sorry for the clutter. -- Andy Keller Cloud Security Manager | CISSP, CCSK, Security+ | Decision Lens <http://www.decisionlens.com/>andykel...@decisionlens.com o: (703) 399-3186 c: (419) 356-3419 On 10/12/16, 11:33 AM, "clamav-users on behalf of Mark Allan"

[clamav-users] No Signature updates for 30 hours?

Hi, I noticed that the list archive had no more messages since 4/28. And according to the FreshClam log, the last signature update is 30 hours old (times below are EDT). Did they finally arrest the last malware author? Sun Apr 30 02:01:06 2017 -> Downloading daily-23343.cdiff [100%] Sun Apr 30

[clamav-users] Incorporate Sanesecurity's feed

>> We already distribute some third party feeds into the official database, we have a program for that which can be found on our website. We would love to incorporate Sanesecurity's feed, all they have to do is give us the okay to do it. << Gosh that would be marvelous! I'm quite interested i

[clamav-users] DNS Caching Problem AGAIN with current.cvd.clamav.net?

The same problem had been "fixed" a few weeks ago: http://network-tools.com/nslook/Default.asp?domain=current.cvd.clamav.net &type=16&server=67.222

Re: [clamav-users] DNS Caching Problem AGAIN with current.cvd.clamav.net?

Hi Al, >> I am not understanding your point here. Where are you seeing an indication that the database had been updated at the time you wrote? The first indication of an update was an email announcing daily 23390 at 8:30am PDT << Good point. I may have incorrectly assumed that no updates for >24h

Re: [clamav-users] Apparently legitimate Paypal email disguises domain name in links - thus identified as likely phishing

>> The text shown to the user is www.paypal.com but the actual URL being used is https://epl.paypal-communication.com << Agreed - if any email displays a DIFFERENT domain name to the user than the domain name used in the link, then this IS solid reason to unconditionally block an email. It is

Re: [clamav-users] Using paypal-communication.com for link tracking purposes

>> The domain https://epl.paypal-communication.com is used by Paypal for link tracking purposes in their emails. << There is nothing wrong with PayPal using the domain (or subdomains of) paypal-communication.com as links in their emails. Their HTML emails cannot disguise that link by showing a TE

Re: [clamav-users] clamav-0.99.2 Installation

ads#otherversions Best Regards Andy ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http

[clamav-users] "ERROR: Malformed database" for local.ign2 with Windows Newlines

I just confirmed that the Windows builds of ClamAV 0.99.2 will fail to start ClamD if a "local.ign2" file exists in the database folder that (naturally) was created under Windows, using the standard Notepad applet. The default newline sequence for Windows is CR+LF. The default newline sequence for

[clamav-users] FreshClam Mirrors - daily.cld stuck at version: 24010, safebrowsing cdiff missing.

Daily.cld is > 24 hours old (11/2 @ 8:19 AM EDT), Safebrowsing.cld is almost a day old (11/2 @ 1:50 PM EDT). Since then, Freshclam claims that daily.cld is "up to date" (sample log from an hour ago), and neither the US nor the DE mirrors can get to download safebrowsing-46607.cdiff Fri Nov 03 10:

Re: [Clamav-users] ClamAV 0.96, Solaris 10, and max open fds

On Tue, 13 Apr 2010, scott.larn...@ed.ac.uk wrote: ; Hello, ; ; I tested ClamAV 0.96 on a relatively recent Solaris 10 / i86pc machine and all ; was well. Bringing it up on a production machine running a somewhat older ; version of Solaris 10 (also i86pc), clamd gives the warning: ; ; WARNING: So

Re: [Clamav-users] YUM Clama

currently stuck on 0.95.3. Andy ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] YUM Clama

On 19/04/2010 21:34, Jim Preston wrote: On Apr 19, 2010, at 12:26 PM, Andy Loates wrote: [Snip] From previous experiences going back to FC3 the Clamav package is only updated by the Fedora Team when there is a new release ie FC13. The FC12 package is currently stuck on 0.95.3. Andy And

[clamav-users] Some questions about setting up ClamAV

great day! -- Andy Newby a...@ultranerds.co.uk ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [clamav-users] [FWD: Re: Some questions about setting up ClamAV]

for all the help! > Original Message > Subject: Re: [clamav-users] Some questions about setting up ClamAV > From: Simon Hobson > Date: Wed, January 25, 2012 10:35 am > To: ClamAV users ML > > Andy Newby wrote: > > >We're using ClamAV on

Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9

setup? Andy ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9

On Thu, 8 Mar 2007, Alex Moore wrote: ; On Thu, 8 Mar 2007 16:02:40 + (GMT) ; Andy Fiddaman <[EMAIL PROTECTED]> wrote: ; ; > ; > On Thu, 8 Mar 2007, Didi Rieder wrote: ; > ; Lucky you, maybe to low message volume ; > ; > We have a several Solaris 10 servers

Re: [Clamav-users] What's broken?

socket for each connect attempt (bb#413), patch from Andy Fiddaman ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] speeding up clamav

; Res wrote: ; > On Sun, 9 Sep 2007, Dennis Peterson wrote: ; > ; >> F-PROT Antivirus for Solaris Mail Servers ; >>Number of Users Annual license fee ; >>1-10US$ 130 ; >>11-24 US$ 250 ; >>25-49 US$ 399 ; >>50-99 US$ 499 ; >>1

Re: [Clamav-users] signature names

On Wed, 12 Sep 2007, Karsten Bräckelmann wrote: ; On Wed, 2007-09-12 at 07:28 -0700, John Rudd wrote: ; > (to the developers, not in answer to Burnie) ; > ; > See, the current name scheme needs to be fixed. And no one responded at ; > all to my proposed scheme from a month or two ago. ; ; Coinci

[Clamav-users] Sanesecurity mirror hosed

http://mirror.kozstyle.org is serving up "This Account Has Been Suspended". Perhaps we could change clamd to gracefully ignore malformed DBs with an error message, rather than exiting and filling up mail queues? Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 30

Re: [Clamav-users] Sanesecurity mirror hosed

On second thought, it turns out I have an old updating script which doesn't verify the DB validity before installing. Mea culpa. Andy On Thu, 20 Dec 2007, Andy Dills wrote: > > http://mirror.kozstyle.org is serving up "This Account Has Been Suspended". > > Perha

[Clamav-users] freshclam GMP3 vs GMP4

nd I didnt have the option of installing V3 from ports. I re-built clamav from source and installed, but still the same error. Does anyone know if freshclam can work with GMP4 or not and if so how? thanks for any info, cheers Andy. ___ Help us build a com

Re: [Clamav-users] clamavd hangs frequently

Hi Joern, I cant help u with the clam prob, but I can save u writing ur own script to restart clamd. Do a search on sourceforge for psmon, its pretty handy (tho I modified it a little to make it more useful for what I needed), cheers Andy. ___ Help

Re: [Clamav-users] freshclam GMP3 vs GMP4

>Have you tried installing ClamAV from ports, so that it handles this for you? Erm, actually no! :P It had originally been installed from source, so thats how I did the upgrade. But just tried installing via ports instead and no more freshclam error, so thanks! cheers A

[Clamav-users] List

Is this list still alive? Last post received on 7/4/08. No monthly email reminder today. Checked website, my user options for this list all seems ok. Hope to hear from someone! Andy Loates ___ Help us build a comprehensive ClamAV guide: visit http

[Clamav-users] Freshclam permissions error

clamav/freshclam.log). $ ps -Af | grep clamd amavis 30448 1 0 16:00 ? 00:00:04 clamd andy 31044 26453 0 16:12 pts/100:00:00 grep clamd $ ls -l /var/log/clamav total 20 -rw-r--r-- 1 amavis clamav 1951 Apr 7 16:11 clamd.log -rw-r- 1 amavis clamav 9529 Apr 7 04:02 clamd.log.1

Re: [Clamav-users] Freshclam permissions error

That makes perfect sense, but for some reason isn't helping. I changed DatabaseOwner to "amavis" in /etc/freshclam.conf and I'm still getting the same error. I tried restarting the clamd service and that didn't make any difference either. On Tue, Apr 7, 2009 at 4:20 PM, B

[clamav-users] Daily.cld is >25h old (15 NOV 2017 16:51 EST)

Is 24047 truly the latest - no updates in more than a day? Thu Nov 16 18:29:11 2017 -> freshclam daemon 0.99.2 (OS: win32, ARCH: x86_64, CPU: x86_64) Thu Nov 16 18:29:11 2017 -> ClamAV update process started at Thu Nov 16 18:29:11 2017 Thu Nov 16 18:29:12 2017 -> main.cld is up to date (versi

Re: [clamav-users] ClamAVR blog: ClamAV 0.99.4 has been released!

Nah, Brian, in this case it's actually a bug, albeit a "cosmetic" one. I have been getting the same misleading error message on every system ever since I upgraded to 0.99.4 - so I suspect many, if not all others, have too: Thu Mar 08 11:46:31 2018 -> WARNING: Local version: clamav-0.99.4 R

Re: [clamav-users] Official Windows Buld of ClamAV 0.99.4 issues bogus version warning

mention of a misbehavior by the original reporter, while I had been sitting back and let someone else take the heat for daring to suggest that this message clearly was not "as intended". Best Regards Andy -Original Message- From: Kees Theunissen Sent: Friday, March 9, 2018 9:44

Re: [clamav-users] Official Windows Build of ClamAV 0.99.4 issues bogus version warning

of ClamAV 0.99.4 issues bogus version warning Kees, Andy, You're correct that it is legitimate mis-behavior. This is my fault. I just sent an explanation as a response to the 0.99.4 blog announcement thread explaining the source of the issue. Sorry for the

[clamav-users] Signatures once again 2 days old

This has become a regular occurrence - but since no one else has mentioned it... according to the automated alerts I am receiving for MY server, the signature updating seems to be stuck again. The "up to date daily.cld" is now 40 hours old. Sun Mar 18 11:42:02 2018 -> ClamAV update process start

[clamav-users] Html.Malware.Agent-7380889-0 false positive on Apache files?

internet), but haven’t seen any traffic on this listserv and Google hasn’t helped much. Anybody have any similar hits? -- Andy Keller Director, Information Security and Compliance | CISSP, CCSK, Security+ | Decision Lens <http://www.decisionlens.com/>andykel...@decisionlens.com<mailt

[Clamav-users] Mimail.q - polymorphic virus

This new Mimail variant looks nasty - does anyone know if the following information is true ? and, if so, presumably we need more than just a pattern update to catch this one! Thanks, Andy ; The most important modification in Mimail.q are the polymorphic ; encryption keys inbuilt to fool anti

[Clamav-users] SCO.A name

av-scanners start to detect this. The currently used name was suggested by Tomasz Kojm due to its content. Any thoughts ? Andy --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integrat

Re: [Clamav-users] Re: making clamav on solaris {Scanned}

versions available yet) so it may be better to stick to the standard (/usr/bin) utilities. Probably worth mentioning at this point that the 'whoami' utility isn't standard in core solaris either, that needs the SUNWscpu (SunOS 4.x compatibility utilities)

Re: [Clamav-users] 0.66

find a different way of doing this check that will work on all systems? IP Filter does it like: @if [ `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` != root ] ; then \ which is nasty, but /probably/ portable. Andy --- SF.Net is sponsor

Re: [Clamav-users] Error Message

k in clamfi_envfrom. It mallocs the private data structure then can return without freeing it or assigning it to the session context, so it will never be cleaned up. It just needs a few free(privdata) calls before the 'return cl_error' lines.) Andy -

[Clamav-users] Doomjuice.B Signature

me know how I can send them to you. Thanks, Andy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=

Re: [Clamav-users] Solaris 9 & clamav

On Tue, 17 Feb 2004, Ed Phillips wrote: ; Configure libgmp to build in 32-bit mode... it automatically builds in ; 64-bit mode by default on Solaris (unfortunately). ClamAV builds in ; 32-bit mode... they have to match. Both gmp & Clam build in 64-bit mode here by default and work fine (which is

Re: [Clamav-users] Couple of questions regarding ClamAV

leaks in clamd and it has only ever died once (SEGV with 0.66). We run several virus scanners in sequence and it is rare that a virus gets past ClamAV to be detected by secondary or tertiary scanner, and then the Clam virus database team right on the ball with addi

[Clamav-users] Re: 5 from testvirus.com came through

Well, your message didn't get through Clam here ;) A Virus has been detected in a mail message. Scanner:Clam Quarantine ID: i1SA7ST7012100 Remote IP: 66.35.250.206 (lists.sourceforge.net) From: <[EMAIL PROTECTED]> To: <[E

Re: [Clamav-users] password-protected Worm.Bagle.H

zips are allowed through. This is a reasonable thing for clamav to do regardless, if you think about it; isn't that essentially an error condition ("can't scan zipfile")? It would seem a simple fix for somebody familiar with the code. Developers, any comments? Thanks, Andy --

[Clamav-users] Worm.Bagle.F-zippwd-5..

I just received a few e-mails which were detected as Worm.Bagle.F-zippwd-5 but when I extracted the files, some of them were identified as Worm.Bagle.I instead of Worm.Bagle.F. Is this a problem with the signature or a double infected file (or can you tell me how to find out for myself?) ? I know

Re: [Clamav-users] ArchiveDetectEncrypted and --detect-encrypted

t on top of the recent virus updates - much better than the other scanners I have here! Andy --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies.

Re: [Clamav-users] network scanning questions

like ClamAV by itself isn't an e-mail scanner). WebWasher is probably the best developed ICAP server I've seen to date (it's also resold by Network Appliance which might account for it) - http://www.webwasher.com/ Andy --- This

Re: [Clamav-users] Embedded EICAR handling

he following 68 characters, and is exactly 68 bytes long:" I don't know whether the limitation is in Clam's current database format or in the current signature. Andy --- This SF.Net email is sponsored by: IBM Linux Tutorials Fr

Re: [Clamav-users] Error during MAKE..

facilities aren't available on that platform - presumably they're Linux extensions ? If you remove the lines in options.c which contain LOG_AUTHPRIV and LOG_FTP then it should compile. Andy --- This SF.Net email is sponsored by Sleepyc

Re: [Clamav-users] [PATCH] clamav-milter --max-child-w

ronisation completely within the eom() callback, so fixing the problem with some threads exiting without decrementing the current counter. It also makes it difficult to mount a DoS attack because the clamd scan should return within a determinable amount of time. As always, any thoughts apprecia

Re: [Clamav-users] [PATCH] clamav-milter --max-child-w

On Fri, 30 Apr 2004, Joe Maimon wrote: ; Andy Fiddaman wrote: ; >How about implementing this as a semaphore in the eom callback, i.e. ; > ; >decrement semaphore; ; >scan using clamd ; >increment semaphore; ; > ; >That would limit the number of simultaneous scans and keep t

[Clamav-users] Scanning file takes a long time.

I received an email today with a 14MB attachment which takes over two minutes to scan. The other scanners I have here take less than 5 seconds so I wondered if this is a problem with Clam ? Unfortunately I can't send the file to anyone due to its content, but if there's anything I can do to help d

Re: [Clamav-users] minor clamav-milter patch

254.0.0/16 (Microsoft default DHCP) which I've seen used on private networks. Regards, Andy --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? No

Re: [Clamav-users] Working template (was: Template still broken in clamav-devel-20040806)

efinitions. Regards, Andy --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group

Re: [Clamav-users] Clamav+amavisd-new+postfix in FreeBSD 4.10-STABLE

ed to 2097152 bytes. > > > I don't know what is it's problem, but it's not working properly. > > Can somebody help me? Sounds like you need to mkdir /var/amavis/db Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ---

Re: [Clamav-users] Ignoring option -r

flag to it which isn't recognised. This message isn't related to the arguments you're giving to clamd itself. Andy --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Soni

RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}

On Sun, 15 Aug 2004, Mitch (WebCob) wrote: ; > > Please always try to _avoid_ to have cron based internet ; > services run by the ; > > hour. Please consider another value than 0. What about 17 or 41 ; > as the value ; > > for the minute? ; > ; > As per discussions on this list on awhile ago; I u

Re: [Clamav-users] Downloading clam virus definition files automatically

On Tue, 24 Aug 2004, Dennis Peterson wrote: ; Fajar A. Nugraha wrote: ; > Dennis Peterson wrote: ; > ; > > The ClamAV ; > > vendor can offer a push of the AV patterns to paying customers with ; > > special needs. That way you will receive the updates as quickly as do the ; > > mirrors and the ven

RE: [Clamav-users] Downloading clam virus definition files automatically

On Wed, 25 Aug 2004, Shayne Lebrun wrote: ; > Any reason why that percentage should be less than 100? ; > ; Cost of bandwidth, cost of equipment, and cost of administrating the ; purchase/access system? That about covers it. To be worth anything, the mirror farm would have to be able to support

[Clamav-users] MD5 crashes... (fwd)

Since the latest daily update, ClamAV has been crashing here with every email it scans, has anyone else seen this ? It appears to be related to the new .hdb file containing an EICAR signature. ClamAV version devel-20040819 Initial backtrace is (more details when I've investigated a bit more): P

Re: [Clamav-users] Re: MD5 crashes... (fwd)

On Tue, 31 Aug 2004, David Champion wrote: ; * On 2004.08.31, in <[EMAIL PROTECTED]>, ; * "Andy Fiddaman" <[EMAIL PROTECTED]> wrote: ; > ; > Since the latest daily update, ClamAV has been crashing here with every ; > email it scans, has anyone else seen this

Re: [Clamav-users] MD5 crashes... (fwd)

On Wed, 1 Sep 2004, Tomasz Kojm wrote: ; On Tue, 31 Aug 2004 21:03:22 + (GMT) ; Andy Fiddaman <[EMAIL PROTECTED]> wrote: ; ; > ; > Since the latest daily update, ClamAV has been crashing here with ; > every email it scans, has anyone else seen this ? ; > It appears to be

Re: [Clamav-users] Re: MD5 crashes... (fwd)

On Wed, 1 Sep 2004, David Champion wrote: ; * On 2004.09.01, in <[EMAIL PROTECTED]>, ; * "Christopher X. Candreva" <[EMAIL PROTECTED]> wrote: ; > ; > Me too -- Solaris 8 on Sparc, gcc 3.4.0, was running 20040805 ; ; Heh. Sounds like the tighter memory access protection (~ "it's better ; to b

Re: [Clamav-users] MD5 crashes... (fwd)

On Wed, 1 Sep 2004, Tomasz Kojm wrote: ; On Tue, 31 Aug 2004 21:03:22 + (GMT) ; Andy Fiddaman <[EMAIL PROTECTED]> wrote: ; ; > ; > Since the latest daily update, ClamAV has been crashing here with ; > every email it scans, has anyone else seen this ? ; > It appears to be

[Clamav-users] EICAR Test File

I've been re-running some tests on an EICAR file here with mixed results. According to the eicar web page: "The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters." If I scan

Re: [Clamav-users] MD5 crashes...

* libclamav: replace current MD5 implementation with another one In tests here, the new implementation is about 15% faster than the old one! Andy --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE

Re: [Clamav-users] test windows exploit sigs

e for this exploit (particularly now that an exploit toolkit exists) ? All of my commercial scanners here now detect it - F-Prot even released a new version yesterday to specifically catch it. Thanks, Andy --- This SF.Net email is sponsored by:

Re: [Clamav-users] Unable to open file or directory ERROR

number" of entry */ off_t d_off; /* offset of disk directory entry */ unsigned short d_reclen; /* length of this record */ chard_name[1]; /* name of file */ } dirent_t; ) Otherwise the following command should give enough:

Re: [Clamav-users] Unable to open file or directory ERROR

On Thu, 21 Oct 2004, Grant Supp wrote: ; Andy Fiddaman wrote: ; I'm not a developer but this looks similar to what I'm seeing on Solaris. ; Is readdir_r in use here ? (grep READDIR_R clamav-config.h) ; Can you post the dirent struct from your /usr/include/sys/dirent.h file ? ; Oth

Re: [Clamav-users] 0.80 - FreeBSD Port Error

On Fri, 22 Oct 2004, Scott Rothgaber wrote: ; Has anyone seen this? It built OK on the test machine but the production ; machine produces these errors. Both are 4.10-RELEASE with the same packages ; installed. ; ; Thanks! ; Scott ; ; ; output.o: In function `logg_close': ; output.o(.text+0x53): un

Re: [Clamav-users] clamd performance on Solaris vs Linux

On Fri, 29 Oct 2004, Fajar A. Nugraha wrote: ; James Lick wrote: ; ; > Fajar A. Nugraha wrote: ; > ; > > I have several mail relays on Sun Sparcs with Solaris 8 and 9 ; > > running exim, exiscan, and clamav. All the same version. ; > > top shows clamd uses 5%-40% CPU time (it was always ; > > amon

Re: [Clamav-users] clamd performance on Solaris vs Linux

; What is your hardware spec anyway? and what do you run on it? ; I use v120, 512M, with exim+exiscan+clamd. v210, 2048MB, twin CPU, with sendmail + milter + clamd ; > Mind you, the Solaris ; > installation is extensively tuned for this application which may ; > contribute to some of the differen

Re: [Clamav-users] Comment on TCP option in clamd

On Wed, 3 Nov 2004, Jason Haar wrote: ; Hi there ; ; I think the TCP option needs some more explicit documentation, as I have ; begun seeing RPMs of clamav where the Socket option is *disabled* and the ; TCP option is *enabled* as the defaults. ; ; As far as I'm aware, that is *not* a good idea.

[Clamav-users] Solaris 9 64-bit packages

I've set up a web page containing binary packages of ClamAV for 64-bit Solaris 9 on SPARC at http://clamav.citrus-it.net/ for anyone who wants an easy way of getting it up and running on this platform. The only package there at present is of 0.80 with the readdir_r patch backported from the devel

Re: [Clamav-users] Mime

On Wed, 16 Feb 2005, [ISO-8859-2] Bogusław Brandys wrote: ; -BEGIN PGP SIGNED MESSAGE- ; Hash: SHA1 ; ; Nigel Horne wrote: ; > On Wednesday 16 Feb 2005 14:18, Ted Fines wrote: ; > ; > ; >>FOUR MINUTES, 13 SECONDS for an 800k email. ... ; > 0.80 didn't scan it properly and would have let a

Re: [Clamav-users] Mime

s invoked, (such as for a message with zip containing message containing zip containing message...), but not for mime recursion.. i.e. parseEmailBody recurses through embedded MIME parts with no recursion checking. Both limits would be useful with option

Re: [Clamav-users] virus incident response?

gt; can. Have you considered John Hardin's e-mail Sanitizer? http://www.impsec.org/email-tools/procmail-security.html This can be another useful piece of "defense in depth"... --- Andy Feldt Senior System Support Programmer Affiliate Assistant Professor Department of

Re: [Clamav-users] Mime

On Thu, 17 Feb 2005, Nigel Horne wrote: ; On Thursday 17 Feb 2005 15:07, Tomasz Kojm wrote: ; > On Thu, 17 Feb 2005 11:50:11 + (GMT) ; > Andy Fiddaman <[EMAIL PROTECTED]> wrote: ; > ; > > Kind of.. there's a limit for how many times the mail scanner is ; > >

Re: [Clamav-users] Mime

; [EMAIL PROTECTED] Nigel Horne <[EMAIL PROTECTED]> ; wrote: ; ; > On Thursday 17 Feb 2005 16:07, Andy Fiddaman wrote: ; > ; > > The problem with the old limit was that it was hard coded and so was ; > > the behaviour when it was exceeded (IIRC it used to just not scan ; &

[Clamav-users] clamav-milter 0.83 on AIX 5.2

) && (errno != EEXIST)) { - #endif perror(newname); if(use_syslog) syslog(LOG_ERR, _("mkdir %s failed"), newname); --- 4426,4432 --- Andy Feldt Senior System Support Programmer Affiliate Assistant Professor Department of Physics an

Re: [Clamav-users] clamd on Solaris ceases functioning after a while

On Thu, 17 Feb 2005, David Blank-Edelman wrote: ; Hi- ; Thanks for such a great program and all of the work being put into it. We're ; having a nasty problem with clamd 0.8x (even with 0.83 which we just installed ; yesterday). After running for a while, it will decide to just stop functioning ;

Re: [Clamav-users] clamd on Solaris ceases functioning after a while

patch: ; ; Hi Trog and Andy- ; ; Thanks for your responses. I've just patched my sources as instructed. I don't ; know the clamav code anywhere nearly as well as you folks do, so please take ; this with a grain of salt, but my intuition tells me patch won't illuminate ; the primary pro

Re: [Clamav-users] clamd on Solaris ceases functioning after a while

On Fri, 18 Feb 2005, David Blank-Edelman wrote: ; ; Thanks for taking the time to look into this with me. You could try the attached patch, which makes clamd increase its file descriptor limit to the OS's maximum or the maximum safe value if you're using select(). A.diff -r -u clamav-devel/clamd

  1   2   >