On Tue, 13 Apr 2010, scott.larn...@ed.ac.uk wrote:
; Hello,
;
; I tested ClamAV 0.96 on a relatively recent Solaris 10 / i86pc machine and all
; was well. Bringing it up on a production machine running a somewhat older
; version of Solaris 10 (also i86pc), clamd gives the warning:
;
; WARNING: So
On Thu, 8 Mar 2007, Didi Rieder wrote:
; Lucky you, maybe to low message volume
We have a several Solaris 10 servers running 0.90.1, each processing over
250K messages a day and have seen absolutely no problems. Experimental
code isn't enabled. I wonder what the difference is with your setup?
On Thu, 8 Mar 2007, Alex Moore wrote:
; On Thu, 8 Mar 2007 16:02:40 + (GMT)
; Andy Fiddaman <[EMAIL PROTECTED]> wrote:
;
; >
; > On Thu, 8 Mar 2007, Didi Rieder wrote:
; > ; Lucky you, maybe to low message volume
; >
; > We have a several Solaris 10 servers
socket for each connect
attempt (bb#413), patch from Andy Fiddaman
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
; Res wrote:
; > On Sun, 9 Sep 2007, Dennis Peterson wrote:
; >
; >> F-PROT Antivirus for Solaris Mail Servers
; >>Number of Users Annual license fee
; >>1-10US$ 130
; >>11-24 US$ 250
; >>25-49 US$ 399
; >>50-99 US$ 499
; >>1
On Wed, 12 Sep 2007, Karsten Bräckelmann wrote:
; On Wed, 2007-09-12 at 07:28 -0700, John Rudd wrote:
; > (to the developers, not in answer to Burnie)
; >
; > See, the current name scheme needs to be fixed. And no one responded at
; > all to my proposed scheme from a month or two ago.
;
; Coinci
This new Mimail variant looks nasty - does anyone know if the following
information is true ? and, if so, presumably we need more than just a
pattern update to catch this one!
Thanks,
Andy
; The most important modification in Mimail.q are the polymorphic
; encryption keys inbuilt to fool anti-v
I wouldn't normally suggest changing the signature name for a virus
because it is very common for different virus scanners to call the same
virus by different names, and sometimes it's nice just to be diferent ;);
however with SCO.A/MyDoom I think there would be some merit in changing
the name rep
On Sun, 8 Feb 2004, Nikolaj Wicker wrote:
; i 've got to reply to myself ...
; i found my mistake: under sunos 5.9 per default /usr/bin/id is being
; used which doesn't understand -u (-a will be the choice). another
; option is to use /usr/xpg4/bin/id which can deal with "-u".
(This is from databa
On Fri, 13 Feb 2004, Peter Bonivart wrote:
; I have to disagree. The "id -u" problem with Solaris is still in that
; snapshot, I just tried it. I think you mentioned earlier that you use
; GNU id and you probably have that in your path so it works but for the
; rest of us it doesn't. I would like
On Mon, 16 Feb 2004, Nigel Horne wrote:
; On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote:
;
; > Feb 15 19:14:18 <1.4> zoon clamav-milter: ClamAv: private data not NULL
; > What does the message mean and is
; > there a configuration parameter I need to alter to avoid it?
;
; This sounds like a
I have two files here which Clam identified as Worm.Doomjuice.B but which
appear to be completely different virii (certainly their file sizes are
completely different).
McAfee identifies them as W32/Pate.b and W32/Valla.a
(Interestingly, F-Prot agrees with Clam)
I tried to submit these samples u
On Tue, 17 Feb 2004, Ed Phillips wrote:
; Configure libgmp to build in 32-bit mode... it automatically builds in
; 64-bit mode by default on Solaris (unfortunately). ClamAV builds in
; 32-bit mode... they have to match.
Both gmp & Clam build in 64-bit mode here by default and work fine
(which is
On Thu, 26 Feb 2004, Mike Brodbelt wrote:
; Jason wrote:
; > Couple of questions about ClamAV.
; > Can someone give me a run down on stability of ClamAV? Is it pretty much
; > just set it up and let it run? Reliability? Performance. A daemonized
; > version of software was very important to me, tha
Well, your message didn't get through Clam here ;)
A Virus has been detected in a mail message.
Scanner:Clam
Quarantine ID: i1SA7ST7012100
Remote IP: 66.35.250.206 (lists.sourceforge.net)
From: <[EMAIL PROTECTED]>
To: <[E
I just received a few e-mails which were detected as Worm.Bagle.F-zippwd-5
but when I extracted the files, some of them were identified as
Worm.Bagle.I instead of Worm.Bagle.F.
Is this a problem with the signature or a double infected file (or can
you tell me how to find out for myself?) ?
I know
On Thu, 4 Mar 2004, Tomasz Kojm wrote:
; due to many requests ClamAV is now able to detect and mark password
; protected archives as a virus type "Encrypted.Zip" (big thanks to
Excellent thank you!
I don't know what the long term plans are for the clamd interface (i.e. is
it planned to move to I
On Tue, 9 Mar 2004, Charles Sprickman wrote:
; Has anyone made it through the market-speak and glad-handing to actually
; figure out what it does? The best I can gather from it is that it's a
; generic content-filtering "protocol" geared towards cache boxes and other
; expensive hardware I don't
On Mon, 15 Mar 2004, Martin A. Brooks wrote:
; Part of the text file is a boilerplate set of instructions on how to make
; an EICAR test file. Clam detects this signature and marks the file as
; being infected. NAI and Norton AV do not.
;
; I'm undecided as to which action is correct and would
On Tue, 11 May 2004, Alex V. Kovirshin wrote:
; On Tue, May 11, 2004 at 05:22:02PM +0300, turgut kalfaoglu wrote:
; > I haven;t had any problems with other compilations, but this time the
; > 'latest' gives me a hard time:
; >
; >
; > Making all in clamscan
; > ../shared/output.c:296: error: `LOG
Having a maximum at all makes it easy for someone to DoS you because a
thread is created for each new SMTP connection.. just connect X times and
don't start entering a sender address.
I think the thread maximum should be implemented around the actual virus
scan because having a thread which is ju
On Fri, 30 Apr 2004, Joe Maimon wrote:
; Andy Fiddaman wrote:
; >How about implementing this as a semaphore in the eom callback, i.e.
; >
; >decrement semaphore;
; >scan using clamd
; >increment semaphore;
; >
; >That would limit the number of simultaneous scans and keep t
I received an email today with a 14MB attachment which takes over two
minutes to scan. The other scanners I have here take less than 5 seconds
so I wondered if this is a problem with Clam ? Unfortunately I can't send
the file to anyone due to its content, but if there's anything I can do to
help d
On Wed, 4 Aug 2004, Damian Menscher wrote:
; I was just reading the source code (I was curious what the --local flag
; does, exactly) and saw a minor bug:
[.. snip ..]
; Changes are:
; - put 127.0.0.1 first (for efficiency) since it's the most likely
; - put ^$ around the 127.0.0.1 to preven
On Fri, 6 Aug 2004, Dan O'Brien wrote:
; Seems not all of the macros listed in the Sendmail ops guide
; are available. If I get ambitious, I'll do a template with
; all listed and see what cooks.
;
The only variables available are those specified in your sendmail.cf/.mc
file as those which sendm
On Tue, 10 Aug 2004, Arthur Kerpician wrote:
; Hi all,
; Is anybody getting this message in the mail notifications?
; ---clamdscan results ---
; WARNING: Ignoring option -r: please edit clamav.conf instead.
; ---
Whatever process is using the 'clamdscan' command is passing the -r flag
to it which
On Sun, 15 Aug 2004, Mitch (WebCob) wrote:
; > > Please always try to _avoid_ to have cron based internet
; > services run by the
; > > hour. Please consider another value than 0. What about 17 or 41
; > as the value
; > > for the minute?
; >
; > As per discussions on this list on awhile ago; I u
On Tue, 24 Aug 2004, Dennis Peterson wrote:
; Fajar A. Nugraha wrote:
; > Dennis Peterson wrote:
; >
; > > The ClamAV
; > > vendor can offer a push of the AV patterns to paying customers with
; > > special needs. That way you will receive the updates as quickly as do the
; > > mirrors and the ven
On Wed, 25 Aug 2004, Shayne Lebrun wrote:
; > Any reason why that percentage should be less than 100?
; >
; Cost of bandwidth, cost of equipment, and cost of administrating the
; purchase/access system?
That about covers it. To be worth anything, the mirror farm would have to
be able to support
Since the latest daily update, ClamAV has been crashing here with every
email it scans, has anyone else seen this ?
It appears to be related to the new .hdb file containing an EICAR signature.
ClamAV version devel-20040819
Initial backtrace is (more details when I've investigated a bit more):
P
On Tue, 31 Aug 2004, David Champion wrote:
; * On 2004.08.31, in <[EMAIL PROTECTED]>,
; * "Andy Fiddaman" <[EMAIL PROTECTED]> wrote:
; >
; > Since the latest daily update, ClamAV has been crashing here with every
; > email it scans, has anyone else seen this
On Wed, 1 Sep 2004, Tomasz Kojm wrote:
; On Tue, 31 Aug 2004 21:03:22 + (GMT)
; Andy Fiddaman <[EMAIL PROTECTED]> wrote:
;
; >
; > Since the latest daily update, ClamAV has been crashing here with
; > every email it scans, has anyone else seen this ?
; > It appears to be
On Wed, 1 Sep 2004, David Champion wrote:
; * On 2004.09.01, in <[EMAIL PROTECTED]>,
; * "Christopher X. Candreva" <[EMAIL PROTECTED]> wrote:
; >
; > Me too -- Solaris 8 on Sparc, gcc 3.4.0, was running 20040805
;
; Heh. Sounds like the tighter memory access protection (~ "it's better
; to b
On Wed, 1 Sep 2004, Tomasz Kojm wrote:
; On Tue, 31 Aug 2004 21:03:22 + (GMT)
; Andy Fiddaman <[EMAIL PROTECTED]> wrote:
;
; >
; > Since the latest daily update, ClamAV has been crashing here with
; > every email it scans, has anyone else seen this ?
; > It appears to be
I've been re-running some tests on an EICAR file here with mixed results.
According to the eicar web page:
"The first 68 characters is the known string. It may be optionally
appended by any combination of whitespace characters with the total file
length not exceeding 128 characters."
If I scan
* libclamav: replace current MD5 implementation with another one
In tests here, the new implementation is about 15% faster than the old
one!
Andy
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer
On Fri, 24 Sep 2004 [EMAIL PROTECTED] wrote:
; Hi All,
;
; I've done done my *first* ndb sigs for some of the current windows expolits:
;
; JS.dragdrop.1:3:*:64796E7372633D22*2E65786522
; JS.dragdrop.2:3:*:666F6C6465723D227368656C6C??7374617274757022
; exploit.jpg:5:*:FFD8FF(E0|FE)*FFFE00(00|01)
; On Wed, 2004-10-20 at 16:33, Grant Supp wrote:
;
; > It seems to happen when scanning the same files. "Untitled Attachment" seems to
cause the problem evey time. I think this attachment might be generated by Outlook
2003 when assigning a task to a user, although I'm not sure, since I don't have
On Thu, 21 Oct 2004, Grant Supp wrote:
; Andy Fiddaman wrote:
; I'm not a developer but this looks similar to what I'm seeing on Solaris.
; Is readdir_r in use here ? (grep READDIR_R clamav-config.h)
; Can you post the dirent struct from your /usr/include/sys/dirent.h file ?
; Oth
On Fri, 22 Oct 2004, Scott Rothgaber wrote:
; Has anyone seen this? It built OK on the test machine but the production
; machine produces these errors. Both are 4.10-RELEASE with the same packages
; installed.
;
; Thanks!
; Scott
;
;
; output.o: In function `logg_close':
; output.o(.text+0x53): un
On Fri, 29 Oct 2004, Fajar A. Nugraha wrote:
; James Lick wrote:
;
; > Fajar A. Nugraha wrote:
; >
; > > I have several mail relays on Sun Sparcs with Solaris 8 and 9
; > > running exim, exiscan, and clamav. All the same version.
; > > top shows clamd uses 5%-40% CPU time (it was always
; > > amon
; What is your hardware spec anyway? and what do you run on it?
; I use v120, 512M, with exim+exiscan+clamd.
v210, 2048MB, twin CPU, with sendmail + milter + clamd
; > Mind you, the Solaris
; > installation is extensively tuned for this application which may
; > contribute to some of the differen
On Wed, 3 Nov 2004, Jason Haar wrote:
; Hi there
;
; I think the TCP option needs some more explicit documentation, as I have
; begun seeing RPMs of clamav where the Socket option is *disabled* and the
; TCP option is *enabled* as the defaults.
;
; As far as I'm aware, that is *not* a good idea.
I've set up a web page containing binary packages of ClamAV for 64-bit
Solaris 9 on SPARC at http://clamav.citrus-it.net/ for anyone who wants
an easy way of getting it up and running on this platform.
The only package there at present is of 0.80 with the readdir_r patch
backported from the devel
On Wed, 16 Feb 2005, [ISO-8859-2] Bogusław Brandys wrote:
; -BEGIN PGP SIGNED MESSAGE-
; Hash: SHA1
;
; Nigel Horne wrote:
; > On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
; >
; >
; >>FOUR MINUTES, 13 SECONDS for an 800k email.
...
; > 0.80 didn't scan it properly and would have let a
On Wed, 16 Feb 2005, Tomasz Kojm wrote:
; On Wed, 16 Feb 2005 17:51:28 +0200
; Scott Ryan <[EMAIL PROTECTED]> wrote:
;
; > I will just have to allow these types of mails to go unscanned. Four
; > minutes to scan 1 will cause a DOS.
;
; So increase the number of MaxThreads...
;
; > Would it be po
On Thu, 17 Feb 2005, Nigel Horne wrote:
; On Thursday 17 Feb 2005 15:07, Tomasz Kojm wrote:
; > On Thu, 17 Feb 2005 11:50:11 + (GMT)
; > Andy Fiddaman <[EMAIL PROTECTED]> wrote:
; >
; > > Kind of.. there's a limit for how many times the mail scanner is
; > >
; [EMAIL PROTECTED] Nigel Horne <[EMAIL PROTECTED]>
; wrote:
;
; > On Thursday 17 Feb 2005 16:07, Andy Fiddaman wrote:
; >
; > > The problem with the old limit was that it was hard coded and so was
; > > the behaviour when it was exceeded (IIRC it used to just not scan
; &
On Thu, 17 Feb 2005, David Blank-Edelman wrote:
; Hi-
; Thanks for such a great program and all of the work being put into it. We're
; having a nasty problem with clamd 0.8x (even with 0.83 which we just installed
; yesterday). After running for a while, it will decide to just stop functioning
;
On Fri, 18 Feb 2005, David Blank-Edelman wrote:
; On Feb 18, 2005, at 4:12 AM, Trog wrote:
;
; > This really looks like you're running out of some resource. That accept
; > () failure is from the clamd primary socket. We will need to find out
; > what the error is. Please try this patch:
;
; Hi Tr
On Fri, 18 Feb 2005, David Blank-Edelman wrote:
;
; Thanks for taking the time to look into this with me.
You could try the attached patch, which makes clamd increase its file
descriptor limit to the OS's maximum or the maximum safe value if
you're using select().
A.diff -r -u clamav-devel/clamd
On Mon, 18 Apr 2005, Trog wrote:
; On Mon, 2005-04-18 at 13:50 +0300, Odhiambo Washington wrote:
; > I am always running on FreeBSD (4.11 and 5.4) if that matters.
; > I am only wondering if anyone has managed to successfully compile
; > Clamav from CVS, or even the snapshot-20050417 at all.
; >
;
On Tue, 19 Apr 2005, Trog wrote:
; On Mon, 2005-04-18 at 18:22 +, Andy Fiddaman wrote:
; > On Mon, 18 Apr 2005, Trog wrote:
; > ;
; > ; Run autoreconf
; >
; > Is this something that has changed and will stay this way ? I don't
; > currently have the auto utilities on m
On Sat, 25 Jun 2005, Odhiambo Washington wrote:
; I am trying to compile the CVS version on FreeBSD 4.11, but it fails
; as follows:
;
[.. snip ..]
;
; server-th.c: In function `acceptloop_th':
; server-th.c:437: warning: passing arg 3 of `thrmgr_new' makes integer from
pointer without a cast
;
On Wed, 10 Aug 2005, Dennis Peterson wrote:
; Dale Walsh said:
; >
; > On Aug 10, 2005, at 08:12 AM, Andr?s Yacopino wrote:
; >
; >> I have solaris too and compiled with gcc, this works great. I
; >> compiled it with this parameters:
; >>
; >> First i do:
; >>
; >> in /usr/local/lib
; >>
; >> ln -
On Wed, 21 Sep 2005, Nigel Horne wrote:
; On Wed, 2005-09-21 at 16:07, Carol Overes wrote:
; > Hi Nigel and others,
; >
; > Nigel Horne wrote:
; > > I'm confused, you say clamd was missing, but you also say that the
; > > installation was successful.
; >
; > I can imagine :)
; >
; > During compile
On Thu, 27 Oct 2005, Roger Rustad wrote:
; ClamAV aficionados:
;
; I just recently bought an account on webhostingbuzz.com. Curious as to how
; well the domains were protected against viruses, I went to
; http://www.webmail.us/testvirus and emailed the eicar virus to my account. My
; mail is supp
On Mon, 19 Dec 2005, Hamilton Vera wrote:
; Since November, I noticed that clamav 87.1 does not recognize the following
; virus.
;
; www.i2.com.br/~hamilton/reg_pass.zip
;
; So I posted it in http://cgi.clamav.net/sendvirus.cgi, but I got no answer
;
; NOD32 detects it as Win32/Sober.Y worm,
On Sat, 21 Jan 2006, Len Conrad wrote:
; had. The f-prot-good vs clamav-bad difference was clear and quick. But
; we're sure where the problem is. We have assumed clam is a good as f-prot.
I run multiple AV scanners in parallel here including ClamAV and F-Prot.
It's extremely rare that F-Prot
On Thu, 2 Feb 2006, [EMAIL PROTECTED] wrote:
; The company I work for has implemented a firewall that only allows certain
; activity through it. I have requested that the user agent string
; "clamav/*" be allowed to communicate with the internet. The request has
; been refused because of securit
On Wed, 14 Feb 2007, [EMAIL PROTECTED] wrote:
;
; Undefined first referenced
; symbol in file
; res_close clamav-milter.o
;
; In what library is res_close?
It should be in libresolv.so but it's a deprecated interface alth
On Fri, 23 Feb 2007, Jerry K wrote:
; Text relocation remains referenced
; against symbol offset in file
;0x4d4
; /usr/local/ssl/lib/libssl.a(s3_lib.o)
;0x4d8
; fopen64
62 matches
Mail list logo
