Paolo De Michele skrev den 2013-11-01 01:08:
how can I fix it?
freshclam -D
show us the error
in case its stock, delete the mirrors.dat file in databasedir
maybe even delete all content of that dir except main.* and daily.*
___
Help us build a c
Paolo De Michele skrev den 2013-11-01 16:59:
honestly, I do not think that increasing my VPS to 1gb of ram solve
the situation
hmp
how can I fix it?
try another vps ?
btw swap can be on a swap file, not just a special swap partion
other then that you can try resolve clamd to max 1 thread
Andreas Schulze skrev den 2013-11-05 14:20:
we use clamav with local created pattern.
Detected content is marked with "virusname.UNOFFICIAL".
That confuses some people here.
clamav is opensource so patch will be welcommed :=)
I think about a local patch to clamav to change the string UNOFFIC
lcon...@go2france.com skrev den 2013-11-11 20:39:
freebsd FreeBSD mx1.hctc.net 7.2-RELEASE
clamav-0.95.1 (yeah, I know)
need to whitelist:
report them to sanesecuity maillist, not clamav maillist since its
unofficial sigs :)
___
Help us build
Andreas Schulze skrev den 2013-11-12 09:58:
But it looks like clamav does not load/use/recognize all entries:
$ clamscan --debug /tmp/falsepositive 2>&1 | grep -e 'local.ign2' -e
'Ignoring signature'
LibClamAV debug: /var/lib/clamav/local.ign2 loaded
LibClamAV debug: Ignoring signature Eicar-Te
Michael Orlitzky skrev den 2013-11-27 02:27:
Do you have any asshole friends who've used your PC lately?
we all have one :)
This sounds like the answer to the question, "I have my buddy Dave's
computer for the next five minutes, what's the most annoying thing I
could do?"
FAQ:
Q: if non r
黄海涛 skrev den 2013-12-13 15:12:
hi
when virus database(main.cvd & daily.cvd) is loader which consumers
206M memory,
is there any way to reduce memory, such as by using simplified version
of virus database (Does small virus database exist?)
or by filtering some lowerly-graded sig,or by editing c
黄海涛 skrev den 2013-12-17 09:52:
what is the difference between main.cvd and daily.cvd?
main.cvd does not being updated daily basicly
what is the meaning of daily?
signatures will be in this file first
please introduce each of virus database.
it will take me longer to write then to read
Joshua Soulwin Malayappan skrev den 2013-12-24 06:29:
I got the below error
Failed dependencies:
libz.so.1(ZLIB_1.2.0.2)(64bit) is needed by
clamd-0.98-2.el6.rf.x86_64.
report this here is fine, but it does not solve redhat dependice hell
with precompiled problems, so report it to re
黄海涛 skrev den 2013-12-30 15:47:
Is it rigth that the signature whose offset is farther is newer in
main.mdb (mian.cvd) or daily.mdb(daily.cvd)?
i dont understand your queststion
___
Help us build a comprehensive ClamAV guide:
https://github.com
On 2014-02-02 18:43, Alex wrote:
The heuristics engine is only used for selected financial institution
domains (currently 263)
listed in daily.pdb as H:
It looks like I only have daily.cld. Can you explain what you mean
here?
cd /tmp && sigtool --unpack-current=daily
there you find what you
On 2014-02-13 10:48, Sim wrote:
Which is the best solution/way to block all EXE/executable files?
http://sanesecurity.com/foxhole-databases/
or submit samples to clamav
http://www.clamav.net/lang/en/sendvirus/
___
Help us build a comprehensive ClamA
On 2014-02-13 11:29, Jesse Nicholson wrote:
Need to write an anti virus that uses the NIST NSRL database and
operate it
as a white list based AV. The db contains some 100 million hashes of
known
good binary files. I tried to crowd fund to do this but no one was
interested.
it would be silly t
On 2014-02-14 09:36, Steve Basford wrote:
There is an option to contact the author for support/suggestions...
why cant clamdscan not use a running clamd socket to check files instead
of load db itself ?, why had sorcefire not make that possible ?
does clamwin create a clamd socket ?
if so
On 2014-02-14 10:01, Steve Basford wrote:
Just a POC ;)
share somewhere how to build this 2 files ?
i still have less then 2GB ram on my mailserver, so using it will be
lots of more ram needed
foxhole uses less ram to do basicly the same
___
Help
Mischa Coenen skrev den 2014-04-11 10:31:
Anybody advice what could be the issue?
if its not in tarball one would use --recursive if subdirs would be
scanned aswell, if you see this is not working in archive files that
clamav can unpack then its imho a bug
so try scan a tarball with --recu
Dave Shevett skrev den 2014-04-17 16:46:
But, can I say "clamav does not scan for linux viruses" or is that not
true?
there is talented fools on every distros
whats the point of tripwire when upstream management md5 sum there
installs ?
okay windows have there problems aswell to allow unsi
Sending the jpg file is not an option without puting it in a zip archive first?
It does not pay of to compress jpg without jpg tools, that sayed if it just to
get single attachment on mail it still make sense to use zip for a container
file
Dont know a solution else
--
Sendt fra min Android te
Gene Heskett skrev den 2014-05-16 06:38:
Can we please get this FP removed?
3dr party sigs does not make sense to blame on clamav maillist
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/su
Gene Heskett skrev den 2014-05-16 08:03:
On Friday 16 May 2014 00:59:44 Al Varnell did opine
And Gene did reply:
UNOFFICIAL means it did not come from ClamAV®
Now what? Shut down my daily scan?
clamconf | grep -i database
make sure this dir does not contain unofficial sigs
not possible t
Michael Heuberger skrev den 2014-05-28 03:47:
Too bad :(
apt-get source clamav -b
possible ask for maintainer support on lunchpad ?
come on :=)
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.
On 2. jun. 2014 13.36.42 CEST, Andreas Schulze
>what's wrong here
--build=database dont include subdir there
--
Sendt fra min Android telefon med K-9 Mail. Undskyld hvis jeg er lidt
kortfattet.
___
Help us build a comprehensive ClamAV guide:
On 2. jun. 2014 13.36.42 CEST, Andreas Schulze wrote:
>Hello,
>
>we are creating signatures mostly using procedures described in
>~clamav-src/docs/signatures.pdf
>The resulting files *.hdb, *ign2, *db are copied to a clamav datadir
>and used by clamav.
>Thats fine.
>
>As far as I understand I co
On 18. jun. 2014 20.51.50 CEST, Steve Basford
wrote:
>Hi All,
>
>I'm playing with .cud file creation from a couple of files...
>
>testdb folder
>
>COPYING
>testdb.hdb
>testdb.ndb
>
>
>set SIGNDUSER=me
>sigtool --datadir=testdb --build=testdb.cud --unsigned --cvd-version 1
Change --datadir to .
On 23. jun. 2014 19.36.58 CEST, Steve Basford
wrote:
>
>Sanesecurity.Malware.23787.ZipHeur
>Added: 23 Jun 2014 09:32:40 UT
I have a dream on virustotal start using 3dr party clamav signatures
___
Help us build a comprehensive ClamAV guide:
https://gith
On 17. jul. 2014 12.04.58 CEST, Matus UHLAR - fantomas
wrote:
>it seems db.sk.clamav.net has connectivity issues, the transfer goes
>horribly slow.
should not being a problem being slow imho :)
>is there a possibility to detect this so freshclam will switch to other
>mirror? OR, can I tell fres
On 4. sep. 2014 07.54.34 Andreas Schulze wrote:
It's handy to point a user to the official Website to proof that he's
running outdated viresscanner.
Freshclam gives a warning of outdates here just fine, does not need
external tools to tell me that, are admins so dump todays ?
__
Run freshclam
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On October 6, 2014 3:37:34 PM Tim Smith wrote:
> are you really trying to compare response times from PAID sollutions to
the free/community maintened ones ?
Of course not, the paid solutions will always be better.
Dream on, my commodore 64 is the best 8bit computer ever not needing
antiviru
On October 6, 2014 4:21:58 PM Tim Smith wrote:
Seriously, why should I mess around with creating virus signatures,
its a waste of my time.
Well sayed, this maillist here is not waste of your time, can you pay back
now ?
___
Help us build a compre
On October 10, 2014 8:05:11 AM Prasanna Lotke wrote:
Can anyone tell me how many signatures does Clam virus database have? Or
how many malwares can it detect?
Try run freshclam
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtad
On October 10, 2014 9:05:47 AM "Steve Basford"
wrote:
Total: 249,167
Recalc that
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On November 7, 2014 9:13:31 PM Edgar Pettijohn
wrote:
It looks like I finally got my config working correctly, however I now
see the following errors.
You have it poosible working in a insecure way, read the url below, for a
solution that does not use 777 permissions
Clamav user is a memb
On November 7, 2014 10:02:48 PM Edgar Pettijohn
wrote:
I didn't notice the "/parts" above and changed permissions and that
seems to have fixed things. Sorry for the noise.
Amavis does not reuse parts dirs, so its not a fix what you did
___
Help us
Use logrotate in clamav-milter, not external logrotate, then you dont need to
restart
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Andreas Schulze skrev den 2014-11-18 08:16:
But notthing for rotation.
what version do you have ?
clamconf please, possible upgrade config files if you have oldconfig ?
:=)
imho clamconf can create updated new default confs
clamav 0.98.4 sure have logrotate here
__
Is the help text correct ?
Fase possitive ?
If running clamsubmit do i need to extract content first with eg ripmine if
content is in email or does clamsubmit self do all this ?
What is a fp and fn ?
___
Help us build a comprehensive ClamAV guide:
h
I cant figure out how to build cud files yet with 0.98.5
Is there a guide somewhere for this ?
It fails with build name, and sigtool interactive ask for the build name,
but fails to build with the type answer :(
Env variables is not explained anywhere
_
On 1. dec. 2014 15.58.15 Shawn Webb wrote:
No need to extract files prior to submission, though it would
certainly accelerate analysis if you did. The acronym "FP" means
"False Positive"--a file that erroneously caused ClamAV to report a
virus. The acronym "FN" means "False Negative"--a file th
On 18. dec. 2014 15.30.08 polloxx wrote:
Since more and more malware is not attached to a mail but only an url to
it, detecting it is challenge. Is there any good url scanner avalable for
Clamav?
Squidclamav via icap in squid, then safebrowsing comes more to mind
_
Virgo Pärna skrev den 2015-02-05 09:46:
Recently I have received some viruses that have scr inside zip
arhcive inside zip archive. And also there have been some cab's
containing exe
files.
google foxhole clamav
Since I have already blocked exe and scr files in exim mime check I
did try
Virgo Pärna skrev den 2015-02-05 13:59:
Well, foxhole is something I never thought to Google:)
+1
Clamav does unpack archives recursively up to 16 levels (by default).
yep, it just create another problem, zip bomps
For clamd it is set with MaxRecursion configuration value, for clamscan
w
Daniel Spies skrev den 2015-02-22 01:42:
Any help is greatly appreciated.
LocalNet localdomain
PS: why does 127.0.0.1 not resolve ?
post /etc/hosts for more help :=)
is the client ip in clamav-milter really in local domain ip listed ?
host 127.0.0.2
host 127.0.1.1
host 192.168.1.1
if this
Daniel Spies skrev den 2015-02-22 02:28:
Maybe LocalNet is the wrong option (?) but how else would I stop
clamav-milter from scanning outgoing e-mail then?
in postfix master.cf:
for the pickup add
-o non_smtpd_milters=
eg no milter for this service
or much better dont add milters in main.c
Daniel Spies skrev den 2015-02-22 03:19:
Yes, but I have (still) enabled sending e-mail to port 25. This would
only work for submission (see my other e-mail).
yes i remember that problem here aswell, so far i think postfix does not
honner it to disable smtp auth on port 25 while have it enabl
On February 24, 2015 10:27:47 AM Andreas Schulze
wrote:
Hello,
could somebody explain the meaning of the field in the mentioned TXT record ?
$ dig current.cvd.clamav.net txt +short
"0.98.6:55:20101:1424766540:1:63:43056:246"
Field1: 0.98.6 -> current software version
Field2: 55 -> ?
Fie
Shawn Reynolds skrev den 2015-03-09 03:16:
How do I unsubscribe from the ClamAV update list? I currently have
about 80 emails of it in my inbox, and it is keeping me from important
e-mails.
press the last link on every here gives you a nice webpage that holds
info on what maillists exists, the
James Brown skrev den 2015-03-12 00:04:
Freshclam keeps failing for me. I delete the Mirrors.dat file and try
again. Sometime it works, sometimes it claims that all of the mirrors
are not synchronised.
freshclam --list-mirrors
try change mirror country temporary, but mirror admins would solve
Steve Basford skrev den 2015-06-19 12:39:
daily.ftm seems to be out-of-sync with the latest filetypes_int.h
okay
Eg, 4546492050415254 is missed and a few of the newer ones.
i miss dokumention of daily.ftm does it overlab with sanesecurity.ftm ?
_
Gene Heskett skrev den 2015-06-30 15:26:
Do I need to restart freshclam, or whatever to bring that
setting in?
imho its just so 2x each day you check dns for updatees, http servers is
only abused if dns says you are behind latest in dns
yes freshclamd need to be restarted if conf are edited
Gene Heskett skrev den 2015-08-07 18:39:
On Friday 07 August 2015 12:34:54 Jim Popovitch wrote:
clamscan --database=/tmp/hackingteam.hsb -ri /
Chuckle, and will, on this system, take a loooggg time. :)
rsync is slow first time, 2nd download is faster
btw extradatabase is for signed
Scott Kitterman skrev den 2015-08-08 00:34:
0.99 isn't released yet, so of course it's not in wheezy. It is in
Experimental where it belongs. No yelling needed.
freshclam.conf have more options on fetch 3dr party sigs, but since its
entirely http is not gpg checked, so if it really did that
Thomas Peterson skrev den 2015-08-11 21:59:
Is there a method to authenticate ClamAV updates? I see that GnuPG can
be used to verify the signature of the ClamAV installation, what about
the virus database updates. I use ClamAV completely offline and do
not have the ability to connect directly to
J skrev den 2015-08-18 21:18:
I haven't been able to find this answer in the archives.
Can I scan WinXP archive drives for malware with ClamAV running on my
Ubuntu laptop and find any viruses, bots, or whatever?
With ClamAV, I'll just have to delete the infected files, correct? No
cleaning?
aklist skrev den 2015-09-02 00:37:
Hi All: A PDF attachment to an email was scanned by clamAV and found
to have the following virus: PUA.Script.PDF.EmbeddedJS-1
PUA is not a false possitive
I googled around on this and found some reports that it's a false
positive.
see above
I'm still run
Al Varnell skrev den 2015-09-02 02:28:
Of course, chances are extremely high that even a malicious javascript
would be Windows based and no threat to a Mac, but that’s probably
beside the point.
and javascript does not work on mac ?
possible ignore me :=)
_
On September 29, 2015 10:16:13 AM Marco wrote:
2015-09-29T01:03:53.151179+02:00 av2 clamd[15201]: Database correctly
reloaded (5342845 signatures)
as i see you use alot of 3rd party sigs
Is there a way to speed up this phase? Maybe putting the db files into
a RAM fs?
waste of ram
more h
On September 29, 2015 1:55:47 PM Andreas Schulze
wrote:
I see it relaxed because I *do run* one of these mirrors
and I make sure to not bother other mirrors that way...
+1, our point is more do not use freshclam from cronned shell, but when its
local mirror it will miss dns data update to t
On September 30, 2015 9:12:01 AM Marco wrote:
I have
daily.cld
time saver since its uncompressed
main.cvd
time waster since it compressed
to get the uncompressed main.cld find a older main.cvd and freshclam update
it with scriptedupdates yes, when its main.cld you no longer use time to
On October 15, 2015 5:04:36 PM Gene Heskett wrote:
So they will be gone from tomoorows scan report.
no backup ?
Clamav user list, comments please?
foxhole is 0day signatures, so you find files that match it in localhost
does not mean its virus
___
Gene Heskett skrev den 2015-10-15 17:27:
Ok, but how do I keep clamscan from using it, when its clamdscan,
scanning the incoming mail via this recipe in my .procmailrc
add --official-db-only=yes to clamscan or for clamdscan search for this
option in clamd.conf
more info in man clamscan
VI
Gene Heskett skrev den 2015-10-15 17:32:
Amanda will have them yet for about 29 more days. But they are very
very
old, with lots newer versions readily downloadable.
so amanda is not usefull here
Can freshclam be used to keep it up to date? If so, how?
yes, but in case dns is spoffed yo
Michael K. skrev den 2016-01-11 13:14:
the file "clamd.conf" is owned by "root" - this is not correct?
maybe you have a old clamav installed with a new systemrc ?
anyway try see
clamconf
with list all valid config entrys
___
Help us build a compr
i have seen it do this so many times now that i like to know if its just
me that use it or its known problem
upgrade to 0.99 does not help, currently on the stable gentoo 0.98.7
is there a github version of clamav ?
___
Help us build a comprehensive C
On 2016-01-26 16:46, Steven Morgan wrote:
If this is still a problem with the most current software on github,
please
create a bug report at http://bugzilla.clamav.net.
Please attach samples that result in the crash.
this is the hard part if not recieved
i have added clamav- now to fidon
On 2016-01-28 19:50, Al Varnell wrote:
Yet another malware site.
Can we get this guy off the list please.
+
add sanesecurity sigs to maillist server could help even more
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/cla
On 2016-01-29 09:27, Steve Basford wrote:
As Sanesecurity have been doing this for 10 years this year, hopefully
the GPG key can be trusted ;)
will extradatabasee ever be used in freshclam :(
will unofficial ever go away :(
thanks for the github link btw, seems i can finaly stay with
clamav
On 2016-01-29 23:28, Al Varnell wrote:
Not sure how you would arrive at that conclusion. SaneSecurity is not
affiliated with Cisco/SourceFire/ClamAV.
sadly true :(
hopefully all 3dr party sigs will be sourcefire signed oneday
until then gpg works
__
On 2016-02-08 22:26, Steven Morgan wrote:
I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to
investigate and track the issue. Plz sign up for an account at
https://bugzilla.clamav.net and send me the user id and I will CC you
on
the bug. Once that is done, I will need for you to a
On 9. mar. 2016 15.56.30 farbod emami wrote:
please help
Run freshclam
If it fails, what settings are shown in clamconf
Dont post clamconf here, if need more help pastebin it and share link to it
___
Help us build a comprehensive ClamAV guide:
htt
On 8. mar. 2016 04.00.59 "Joel Esler (jesler)" wrote:
http://blog.clamav.net/2016/03/clamav-will-release-new-maincvd-and.html
The estimated size of these files are 100 MB and 10 MB respectively.
Daily 115M
Main 156M
Bytecode 402K
All in uncompressed size, so the estinated is compressed ?
I
On 2016-03-13 14:41, Jaroslav Fojtik wrote:
ould you tell me any idea how to undo this.
speculation:
that ip is used more then from you eq its a isp NAT connection that is
from cloudflare is seen as heavy single user :(
years ago all mailservers used pop-before-smtp to allow authed mail
s
On 2016-03-16 23:30, Scott Galambos wrote:
I had to completely restart the server, not just restart the daemons
for some reason. Its off now and not scanning encrypted PDF's.
glad you found the issues about it
another time you can make a new default config from clamconf -g
clamd.conf >/tmp/c
On 2016-03-16 23:04, Steven Morgan wrote:
server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf
testfile.pdf
/temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
Why? How do I stop this?
is clamconf saying this clamd.conf is default config ?
is there diff results from using clamsca
one more reason to use gentoo where i created a github master trunk ?, now
i just emerge @live-rebuild to get the latest stable clamav
nothing happens if users dont notifify maintainers of precompiled problems
___
Help us build a comprehensive ClamAV g
On 2016-04-14 16:15, Kris Deugau wrote:
Does anyone have any examples of valid signatures for the .cdb
sigfiles?
http://sanesecurity.com/foxhole-databases/
"whatever"), but based on what I've tried so far that's apparently not
valid.
yes i have hard to get more info on cdb format files asw
On 2016-04-19 01:33, Paul Kosinski wrote:
"However, as a bank, our security department do not like to use such
free opensource initiatives."
1: clamav is open source
2: clamav does not need cisco signatures
what to loose here ?
if banks would compiled clamav self, and add own trusted signatur
On 2016-04-19 14:15, Leonardo Rodrigues wrote:
My personal experience show that when IT teams cames with these
'we don't like free/open source software', it actually means they will
NOT accept that solution, no matter how much data you gather to prove
that that would be a great solution.
indee
so if yahoo.com users subscribe thay will later be unsubscribed as long
as clamav users break dkim
i see forward to have this solved aswell for yahoo.com users
its not a option for me to ask yahoo.com to fix there dmarc, but please
check my dmarc fail or pass, where did it break ?
hopefully
On 2016-05-30 03:30, Dennis Peterson wrote:
Mail list servers and dkim are generally poorly compatible. I'm not
aware of a way to send a signed message to a list then have the list
resend it to all members while preserving the dkim signature. There's
been no shortage of debate on the topic. Both
On 2016-05-30 08:07, Andreas Schulze wrote:
It's simply a matter of doing it.
Don't hurt: see http://dovecot.org/list/dovecot/2014-June/096547.html
and Timo can reject html mails in mailmanger, no need to break
dkim/dmarc
___
Help us build a compre
On 2016-05-30 08:11, Dennis Peterson wrote:
That is an unacceptable hack (removes functionality) for an
unacceptable hack (DKIM).
have you ever seen my dmarc pass ?
if there is more then one way to make it, users choice the incorrect way
___
Help us
On 2016-06-06 18:12, Steven Morgan wrote:
Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582.
You are not authorized to access bug #11582.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.
On 2016-06-06 21:39, Steven Morgan wrote:
Sorry, try it now.
solved
https://bugzilla.clamav.net/show_bug.cgi?id=11156 fail
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On 2016-07-13 20:40, Joel Esler (jesler) wrote:
http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
what ExtraDatabase is it in freshclam ?
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
htt
On 2016-07-13 21:11, Joel Esler (jesler) wrote:
what ExtraDatabase is it in freshclam ?
It’s not. It’s in the regular daily.cvd that you download from us.
silly imho :(
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/cla
On 2016-07-13 21:30, Joel Esler (jesler) wrote:
Why would it be silly to make life easier for millions of users?
its is since users want choices
why is SafeBrowsing not on pr default ?
___
Help us build a comprehensive ClamAV guide:
https://github.co
On 2016-07-13 21:52, Joel Esler (jesler) wrote:
Nothing prevents anyone from using 3rd party sigs. We just want to
incorporate 3rd party sigs into the official repo, for more coverage,
for more users.
If ClamAV has, say, 10M users, how many of those 10M do you suppose
also run 3rd party sigs?
On 2016-07-13 22:13, Joel Esler (jesler) wrote:
All third party signatures have the name of the third party submitter
in the signature itself. For example:
* Win.Malware.Agent4285353149/CRDF-1
I understand what you are saying Benny, however, we’re rather err on
the side of shipping more det
On 2016-07-13 22:21, Joel Esler (jesler) wrote:
It basically has to do with our how signature system works.
so its complicated ?
i still like to know why its 3rd party, and why its not just added in
ExtraDatabase
marketing stats dont intrest me
SafeBrowsing is a option, why is 3dr party fo
make it possible to have policy banks in clamav-milter so eq one can
have 3dr party signatures that just add header like it would do when
accept virus, but lets be creative possible aswell make a PUA.pattern to
accept or deny as virus
so one policy bank for officiel signatures, and upto a rand
On 2016-08-04 19:15, G.W. Haywood wrote:
make it possible to have policy banks in clamav-milter ...
Are you sure that you mean clamav-milter?
its what sendmail uses imho ?
and if it happens there it works just what amavisd do with make some
virus signature over to spam signature to be proce
On 2016-08-11 10:18, ancien compte wrote:
i'v forgot :)
wget -qO- http://www.kaspersky.fr/internet-security/ | clamscan -
stdin: Html.Exploit.CVE_2016_3326-3 FOUND
hopefully thay read it here sooneer or later ? :=)
i am not good at france so hopefully there webmaster can recieve mail
__
On 2016-08-11 19:32, Axb wrote:
In that post aithor states:
"I created some YARA rules that use the external variable „filename“
to work. LOKI and THOR use the „filename“ and other external variables
by default."
hmm... now how the heck do we get to happen with ClamAv? :)
.. talking to myself
On 2016-08-17 20:25, Young, Timothy R (IS) wrote:
We operate in a classified environment and do not have internet
access. So, we are limited to downloading and burning to DVD.
so burn more then one DVD pr day ?
what is the security of that ?
thoos usb sticks
where you are downloading, use
On 2016-09-13 23:18, Ted Hatfield wrote:
I was unaware that server was still in the list.
I sent an email last year asking to remove it.
drop the dns hostname, hopefully clamav team does not use ip addresses
:(
think about dual stacking
___
Help
Steve Basford skrev den 2016-12-07 17:42:
Just a quick one... in case it confuses visitors to Bugzilla...
+1
Going to https://bugs.clamav.net/
well spotted ssl error
Firefox reports:
"bugs.clamav.net uses an invalid security certificate. The certificate
is
only valid for bugzilla.clamav
Joel Esler (jesler) skrev den 2016-12-07 18:10:
Thanks Steve,
I’ve opened a ticket for review.
using http:// redirect to the one that works, nice :=)
simply kill that dns is the fastest solutiion
___
clamav-users mailing list
clamav-users@lists.clam
is it possible currently to accept 3dr party virus in clamav-milter ?
eq:
OnUnofficial Accept
where default is Rejct like OnInfected ?
this will make clamav-milter more flexible
using currently here clamav from github head
___
clamav-users mailing l
On December 29, 2016 13:06:51 "Steve Basford"
wrote:
https://bugs.clamav.net/show_bug.cgi?id=11708
still ssl error
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us b
1 - 100 of 310 matches
Mail list logo
