Hello,
Assuming that I have many worm files with the same parameters like
size,name and I want to use clamscan with --move option. Daoe it move
all files to selected directory (for example generating unique name for
each other) or only the first one ?
I must ask becouse under Windows only the fi
Hi
Margo wrote:
Hi
I am not sure if my crontab is working.
My crontab for freshclam:
56 * * * * freshclam --quiet
However if I run it manually as me, I get these errors:
ClamAV update process started at Sat Oct 16 13:37:50 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version:
Hello,
Mitch (WebCob) wrote:
This is not an isolated case. The virus submission page must be changed
to run the latest RELEASED version of clamav.
Haven't looked in a while, but I think it should:
Display result using latest RELEASE
Display result using latest CVS
Display IDENTITY of the virus
Di
Hello,
Bill Maidment wrote:
I'm getting these errors on multiple machines when trying to scan an
email with an attachment on 0.80rc2 and upgrading to rc3 didn't help.
Any ideas?
Sep 29 14:27:44 video mimedefang.pl[28480]: i8T4Rc2d028538: Clamd
returned error:
/var/spool/MIMEDefang/mdefang-i8T4R
Hi,
Steve Brown wrote:
Hi,
I see that a similar reported problem was fixed (RFC2298 fixes) but I
have a slightly different problem.
After some debugging, I can see that clamav doesn't seem to be able to
scan POSIX tar archives (returns "Bad format or broken data ERROR")
while GNU tar archives a
Hi,
Bill Maidment wrote:
rc3 still doesn't autoconfigure when libcurl is nopt installed.
I still have to use --without-libcurl to get the make to work.
I could be completly wrong, but
check CFLAGS, CPPFLAGS if they include /usr/local/include (or whereever
you have libcurl headers)
If not maybe try
Hello,
Salvatore Basso wrote:
Hi, in my /var/log/clamav/freashcleam.log:
freshclam daemon 0.75.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Wed Sep 29 14:45:30 2004
ERROR: Can't open new file ./clamav-8afb9be871b84532 to write
ERROR: Can't download main.cvd from 147.229
Hi,
Tomasz Kojm wrote:
On Wed, 29 Sep 2004 17:34:06 +0200
BogusÃâaw Brandys <[EMAIL PROTECTED]> wrote:
What is the value of TMPDIR variable ? Empty ? I suspect that
Freshclam doesn't use TMPDIR, it only create files in DatabaseDirectory.
Right.Anyway permission to this directory is what I'll chec
Hi,
Dave Ewart wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello ClamAV users,
Using 0.80rc2 ... one local user sent another a zip file containing
various text files and an EXE program (compiled application from Delphi,
I think).
This file was blocked by ClamAV as "Suspected.Zip".
Can some
Hi,
Christopher X. Candreva wrote:
I've just run into a problem where clam is taking about 2 minutes to scan a
4.5 mb MS access database file. I'm seeing this on .80rc2 and the Sept 29
snap.
Unfortunately the data is proprietary and it doesn't look like I'm going to
be able to submit it. I'm tr
Hi,
Ryan Moore wrote:
Dennis Skinner wrote:
HmmI have 24618
ClamAV update process started at Fri Oct 1 14:54:00 2004
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder:
tomek)
daily.cvd is up to date (version: 510, sigs: 636, f-level: 2, builder:
trog)
Yea, same count her
Hello,
Anybody have an idea how to detect polymorphic viruses/ and other
mutating malware ?
Boguslaw Brandys
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Hi,
Look below
[EMAIL PROTECTED] wrote:
On Fri, 1 Oct 2004, Ryan Moore wrote:
Yea, same count here. They probably have another file in their database
directory or something.
This is what we have. Should some of 'em be removed?
ca3a946c1c51338c17424e66095263fa /var/lib/clamav/clamav-84cd742373f
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Tested with McAfee uvscan, Avgscan, clamscan. Only uvscan detected a
virus
Found the Exploit-MS04-028 trojan !!!
Additionally my Norton AV 2003:
1.jpg - Backdoor.Roxe
2.jpg - Bloodhound.Exploit.13
Regards
Bogusław Brandys
Steve Basford wrote:
Just use http://www.virustotal.com/ - excellent resource for scanning
suspicious files with multiple engines at once. As mentioned in the
Thanks all for the checking... as a extra site to bookmark, this site is
good too:
http://virusscan.jotti.dhs.org/ ( Jotti's malware sc
Hello,
Grant Supp wrote:
I'm using Clam AV 0.80 with Qmail-Scanner 1.23 and receive the following lines in my
clamd.log:
Tue Oct 19 15:22:34 2004 ->
/var/spool/qmailscan/tmp/newmail01.readyhosting.com109821735148216078/1098217354.16090-1.newmail01.readyhosting.com:
Trojan.Dropper.JS.Zerolin-6 F
Hi
Niek wrote:
On 10/21/2004 1:21 AM +0200, Dave P wrote:
I am trying to convince my company to switch to open
source where possible. It is much easier if the
software has been evaluated by an independent group.
Unfortunately, reviews that I could find, including
GMX Systematic and Heise magazines,
Hello,
Could someone explain why there are sometimes a few signatures for one
malware ? Does it mean that malware has small change and that are MD5
signatures ?
Today was for example submission of
HTML.Phishing.Auction-1
HTML.Phishing.Auction-2
HTML.Phishing.Bank-5
Trog wrote:
On Thu, 2004-10-21 at 14:48, Bogusław Brandys wrote:
Hello,
Could someone explain why there are sometimes a few signatures for one
malware ? Does it mean that malware has small change and that are MD5
signatures ?
Well, it depends what the signature is for.
Today was for example
Jeremy Kitchen wrote:
On Thursday 21 October 2004 09:46 am, Tomasz Kojm wrote:
On Thu, 21 Oct 2004 16:41:23 +0200
Bogusław Brandys <[EMAIL PROTECTED]> wrote:
These are different signatures (non MD5 in this case) for different
instances of phishing emails. So I wouldn't really call that
Tomasz Kojm wrote:
On Thu, 21 Oct 2004 14:28:58 -0500
Dale Bohl <[EMAIL PROTECTED]> wrote:
/home/cheetah/dbohl/proj/hsm/terabyte: OK
/home/cheetah/dbohl/proj/hsm/archiving: OK
/home/cheetah/dbohl/proj/uit/home_links_reasons: OK
LibClamAV Error: Can't create temporary file : No such file or
directo
Damian Menscher wrote:
On Wed, 20 Oct 2004, Rob Dueckman wrote:
I'm running mimedefang/spamassassin/clamav on an IRIX 6.5 machine and
have found that some files cause both clamd and clamscan to core.
Since I'm still running this combo, I can't forward the message to the
list, but it can be found at
Scott Rothgaber wrote:
Has anyone seen this? It built OK on the test machine but the production
machine produces these errors. Both are 4.10-RELEASE with the same
packages installed.
Thanks!
Scott
output.o: In function `logg_close':
output.o(.text+0x53): undefined reference to `pthread_mutex_loc
Dale Bohl wrote:
Bogusław Brandys wrote:
Tomasz Kojm wrote:
On Thu, 21 Oct 2004 14:28:58 -0500
Dale Bohl <[EMAIL PROTECTED]> wrote:
/home/cheetah/dbohl/proj/hsm/terabyte: OK
/home/cheetah/dbohl/proj/hsm/archiving: OK
/home/cheetah/dbohl/proj/uit/home_links_reasons: OK
LibClamAV Error:
Dale Bohl wrote:
Tomasz Kojm wrote:
On Tue, 26 Oct 2004 09:20:15 -0500
Dale Bohl <[EMAIL PROTECTED]> wrote:
Tomasz Kojm wrote:
On Thu, 21 Oct 2004 14:28:58 -0500
Dale Bohl <[EMAIL PROTECTED]> wrote:
/home/cheetah/dbohl/proj/hsm/terabyte: OK
/home/cheetah/dbohl/proj/hsm/archiving: OK
/home/cheeta
David Nicol wrote:
it was scanning a 1 gigabyte file system image, which took several
minutes.
I would not have gotten worried about it if the file name appeared on
its own before the "OK" -- possibly with some size information -- in the
output.
Is this related to Cygwin ?
Regards
Bogusł
ering if Cygwin tmpfile is limited to 32767 temporary files in
one running process (if it uses M$ VC++ runtime tmpfile it's probably
limited but maybe it uses own implementation ,like I do ;-)).
What is it "winclam" ? I didn't hear about it.
scanner also to test it.Anyway Broken.Executable could
eventually *broke* Your system if You use Windows 9X
Regards
Bogusław Brandys
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Jim Holland wrote:
Hi all
I have searched the archives without success for some information on this
problem. I have recently upgraded to ClamAV 0.80, and am running it via
MailScanner on a RedHat 7.1 server.
I noticed a suspicious message containing the attachment "message.pif",
which was not f
Hello,
After some tweaks, I can announce that Windows pure port of clamav core
is fully working with GMP support and pthreads under MS VC++ (tested
with VC++ 2003 free command line tools). The same port is for Mingw
(+Msys) and MS VC++ .
Look at www.bransoft.com/clamav.html for additional upda
Diego d'Ambra wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:clamav-users-
[EMAIL PROTECTED] On Behalf Of Julian Mehnle
Sent: 15. november 2004 17:54
To: ClamAV users ML
Subject: RE: [Clamav-users] ClamAV should not try to detect phishing
and
othersocial engineering attacks
Trog
Wondering if freshclam should verify database integrity before
downloading updates ? I tested corrupted daily.cvd and it's not
detected.Any new option for freshclam (--verify) to verify and delete
corrupted database?
Regards
Boguslaw Brandys
___
http:
Tomasz Kojm wrote:
On Thu, 18 Nov 2004 19:08:49 +0100
Bogusław Brandys <[EMAIL PROTECTED]> wrote:
Wondering if freshclam should verify database integrity before
downloading updates ? I tested corrupted daily.cvd and it's not
???
detected.Any new option for freshclam (--verify) to
Tomasz Kojm wrote:
On Thu, 18 Nov 2004 18:05:26 +
Brian Morrison <[EMAIL PROTECTED]> wrote:
On Thu, 18 Nov 2004 19:08:49 +0100 in [EMAIL PROTECTED] Bogus_aw
Brandys <[EMAIL PROTECTED]> wrote:
Wondering if freshclam should verify database integrity before
downloading updates ? I tested corrup
Alvaro Uría wrote:
Hello clamav-users,
This is my first post in here, and BTW, english is not my first
language, so excuse me if i don't express in a good way O:)
So... today i've been looking for some info about long filenames not
detected by antivirus, but i didn't find any interesting (for my
pr
Here You have output from clamscan under Windows:
D:\temp>clamscan d:\virtest --bell
d:\virtest/clam at very
long.txt: ClamAV-Test-File FOUND
d:\virtest/clam.zip: OK
d:\virtest/clam2.exe: OK
d:\virtest/eicar2.exe: Eicar-Test-Signature FOUND
d:\virtest/eicar3.exe: Eicar-Test-Signature FOUND
d
Bogusław Brandys wrote:
Here You have output from clamscan under Windows:
D:\temp>clamscan d:\virtest --bell
d:\virtest/clam at very
long.txt: ClamAV-Test-File FOUND
d:\virtest/clam.zip: OK
d:\virtest/clam2.exe: OK
d:\virtest/eicar2.exe: Eicar-Test-Signature FOUND
d:\virtest/eicar3.
Trog wrote:
On Wed, 2004-11-24 at 10:03, Alvaro Uria wrote:
I've just updated clamav database (with freshclam -v) but ClamAV still
doesn't detect it :-S
Thank you very much for your help :-)
It does here (with the file you made available, which you should
remove):
$ clamscan mail.zip
mail.zip: Wo
Alvaro Uria wrote:
Hi,
On Wed, 24 Nov 2004 11:03:56 +0100
Alvaro Uria <[EMAIL PROTECTED]> wrote:
I've just updated clamav database (with freshclam -v) but ClamAV still
doesn't detect it :-S
Sorry about this 'FUD'. I've just tried and it works. (some balanced servers
and one of them not actualized
David Wu wrote:
On Tue, 23 Nov 2004, aCaB wrote:
On 11/23/04 09:20, David Wu wrote:
I am not able to have clamd (and clamav-milter) built on BSD/OS 4.2 from
0.8 source, although everything else built and run without problem (after
fiddling with integer type define).
Found in clamd/Makefile the fol
Hello,
Sorry for this stupid question, but does Clamav detect any dial-up
programs ?
I think some of them causing very bad disaster (large fees ) so maybe
could be considered like phishing or trojans ?
If clamav detect them , how they are named in CVD database ?
Best Regards
Boguslaw Brandys
___
David Wu wrote:
On Wed, 24 Nov 2004, [ISO-8859-2] Bogusław Brandys wrote:
David Wu wrote:
On Tue, 23 Nov 2004, aCaB wrote:
On 11/23/04 09:20, David Wu wrote:
I am not able to have clamd (and clamav-milter) built on BSD/OS 4.2 from
0.8 source, although everything else built and run without
Trog wrote:
On Fri, 2004-11-26 at 10:06, Bogusław Brandys wrote:
Hello,
Sorry for this stupid question, but does Clamav detect any dial-up
programs ?
I think some of them causing very bad disaster (large fees ) so maybe
could be considered like phishing or trojans ?
If clamav detect them , how
Hi,
ClamMail - GPL POP3 proxy for Windows with tight integrated ClamAV
engine support , is now available for download.
This is Beta 3 release , only NT service support. Win98 support will be
available in next RC1 version.
ClamMail is based on 0.80 CVS version of ClamAV - GPL antivirus
(www.
HR wrote:
I've been running some tests lately, and I can not make clam block files
that exceed ArchiveMaxRecursion. I guess the same goes for the other
limits too, although I haven't tested them. clamd.conf attached inline
below. According to the log, the settings are acknowledged, but then a
(too)
Tomasz Kojm wrote:
On Wed, 22 Dec 2004 12:08:08 +0100
Boguslaw <[EMAIL PROTECTED]> wrote:
Hello,
I have something like this is my debug log:
[3056] LibClamAV Warning: in cli_scanhtml()
[3056] LibClamAV Warning: Calculated MD5 checksum:
beb3a0cb22a7d2018005f7ca37ac48f8
[3056] LibClamAV Warning: Ca
Why not just go to internet-cafe and look at documentation at
www.clamav.net ? All Your questions are explained there.
Get a good coffe and read a little.
Regards
Boguslaw Brandys
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
John Jolet wrote:
any intentions in the future to allow imap, as well as pop3?
Not now.
Regards
Boguslaw Brandys
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
A little bit off topic, but I'd like to ask if M$ is trying to prepare
own AV software ?
I found this : http://www.microsoft.com/security/malwareremove/default.mspx
a tool to remove MyDoom, Zafi,Netsky and a few others.
Best Regards
Boguslaw Brandy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
xterm1 wrote:
>
> Has the list been quiet or do I have an error somewhere!
>
> Brian
>
>
>
>
> ___
> htt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nigel Horne wrote:
> On Wednesday 16 Feb 2005 14:18, Ted Fines wrote:
>
>
>>FOUR MINUTES, 13 SECONDS for an 800k email.
>
>
> Look at the file again. It is NOT an 800k mail. It is over 200 emails embedded
> within each other. By definition the larg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ted Fines wrote:
> --On Thursday, February 17, 2005 3:38 PM + Nigel Horne
> <[EMAIL PROTECTED]> wrote:
>
>> On Thursday 17 Feb 2005 15:07, Tomasz Kojm wrote:
>>
>>> On Thu, 17 Feb 2005 11:50:11 + (GMT)
>>> Andy Fiddaman <[EMAIL PROTECTED]> wro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aiko Barz wrote:
> "Symantec has been granted U.S. patent number 6,851,057 for a system
> that enables the detection of complex viruses, worms, and spyware."
>
> http://www.symantec.com/press/2005/n050302.html
> http://www.heise.de/newsticker/meldung/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Guillaume Arcas wrote:
> Tomasz Papszun a écrit :
>
>
>>in case you wanted to disable some signature because of a false
>>positive, the proper way of solving this is submitting the sample at
>>http://www.clamav.net/sendvirus.html (selecting the butt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rob MacGregor wrote:
> On 4/28/05, Chris de Vidal <[EMAIL PROTECTED]> wrote:
>
>>ClamAV 0.83 from dag.wieers.com
>>CentOS 3.3 (A.K.A RedHat Enterprise Linux AS3)
>>Kernel 2.4.28
>>
>>I have a full system scan cron job. We have a 1.25TB Samba server t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
> I recently ran into a virus that amavisd-new/clamd doesn't detect but
> clamscan does.
>
> I'm running clamav-0.85 on FreeBSD 4.5.
>
> Here's the results from clamscan:
>
> root edoras[25]: clamscan --debug email-doc.scr
>
Len Conrad wrote:
We've been running f-prot on Imail/Windows. No problems, no users
reporting email viruses.
But the content-scanning on Imail has been really bogging the box down.
So we set up an amavis/spamassassin/ClamAV content-scanning box in front
of the Imail box, with the intention of
Micheal Patterson wrote:
Is this the same as Clam's Worm.VB-9 by chance? F-Secure tossed up a
radar 2 alert on Nyxem.E and indicated that it was similar to the D
variant which is detected as Worm.VB-8.
Thanks.
This is what I found:
Nyxem.E = Email-Worm.Win32.Nyxem.e = Worm.VB-8
Regards
B
Bogusław Brandys wrote:
Micheal Patterson wrote:
Is this the same as Clam's Worm.VB-9 by chance? F-Secure tossed up a
radar 2 alert on Nyxem.E and indicated that it was similar to the D
variant which is detected as Worm.VB-8.
Thanks.
This is what I found:
Nyxem.E = Email-Worm.
[EMAIL PROTECTED] wrote:
Sorry forgot the subject line
Does anyone know if the lastest "cvd" file has the virus:
http://cme.mitre.org/data/list.html#24
Thanks,
Ken
I'm quite sure that signature(s) for this worm is in daily.cvd but it's
more complicated.
Bogusław
___
60 matches
Mail list logo
