quot;",$2);count[$2]+=1; total+=1} END {for (virus in count)
> print(virus","count[virus]);print("Total,"total)}' | sort -t, -rnk2
>
> Reports back:
>
> Total,476
> Worm.Mytob.KG,187
> ...
Great script. Thanks.
--
Good day, eh.
Chris
___
http://lurker.clamav.net/list/clamav-users.html
update your defs, version 1245 gets it.
Payal Rathod wrote:
On Wed, Jan 18, 2006 at 07:04:27PM +0200, Cevher wrote:
You can create a temporary signature...
Please tell me how. I read signatures.pdf but ...
$ sigtools --md5 virus_file > temp.hdb
What do I do after that? I use clamd, so do I
Hi,
I've been making "md5" style sigs out of all of the images from spam I've
had over since around June 2005.
They are available via http://www.msrbl.com/site/msrblimagesdownload if
anyone else wants to give them a try.
ChrisB.
___
http://lurke
I've been making "md5" style sigs out of all of the images from spam I've
had over since around June 2005.
They are available via http://www.msrbl.com/site/msrblimagesdownload if
anyone else wants to give them a try.
that's nice. My mix of spam doesn't quite match though: from the last 658
s
ually.
Regards,
Chris Burton
___
http://lurker.clamav.net/list/clamav-users.html
On Tue, 2006-04-25 at 16:29 -0400, Christopher X. Candreva wrote:
> On Tue, 25 Apr 2006, G.W. Haywood wrote:
>
> > > If you know a gunzip option that will NOT delete the compresed file,
> > > that would be the prefered method.
> >
> > cat file.gz | gunzip > file
>
> That's not a gunzip option --
logged in as root. Not too terribly familiar with command-line options,
I am learning linux.
Thanks for the help!
Chris
___
http://lurker.clamav.net/list/clamav-users.html
containing a list of files that are new or where
the md5sum has changed. The problem I have now is how to get that
information to clamscan efficiently.
--
Chris
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http
Ian Abbott wrote:
On 27/11/2006 23:32, Chris Purves wrote:
I have a list of files that I have written to a file and I would like
clamscan to read the list from that file and scan only the files in
the list. Is there a good way to do this?
I have tried
cat filelist | xargs clamscan
This
uild a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
--
Chris
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
dscan would take care of the reload problem, but I don't
want to run clamd as root, because I already have it running as a
specific user for scanning incoming mail.
--
Chris
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clama
on bugzilla, but I don't expect it will
get a very high priority.
--
Chris
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
be no
need to split the list of symlinks into smaller parts. Plain launching
clamdscan on that directory should be sufficient.
Okay, I didn't know about that. I assumed that since clamscan couldn't
do that, neither could clamd. Thanks.
--
Chris
__
heze54 wrote:
hi,
How can I upgrade my clamav installation to the latest version using
apt-get command??Is possible?
debian-volatile keeps up to date with clamav releases
http://www.debian.org/devel/debian-volatile/volatile-mirrors
--
Chris
by "brew") solve this
or am I doing something wrong?
Thanks,
Chris
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
t's largely a ClamAV configuration problem compounded with
inherent limitations of the OSX filesystem.
On Thu, Jul 9, 2015 at 4:02 PM, Chris St John
wrote:
> I've installed ClamAV 0.98.5 using "brew" on OSX (Yosemite) and I schedule
> a daily freshclam followed by clamscan
I've come down with the whooping cough (I've been coughing until I choke for 5
weeks now) AND a cold (didn't get much sleep last night). Yuck.
Doesn't ClamAV make human antivirus software??? The influenza virus (flu)
mutates, must be open source LOL...
{Santa Claus Is Coming to Town, Unix Sty
ClamAV 0.83 from dag.wieers.com
CentOS 3.3 (A.K.A RedHat Enterprise Linux AS3)
Kernel 2.4.28
I have a full system scan cron job. We have a 1.25TB Samba server that
causes the load average to go to 5+. When that happens the users notice
and I must kill the script. I've even reniced it to 19 wit
Matt Fretwell said this while chewing gum:
> Scan on an evening when your users are gone?
Thanks for the fast reply!
A 1.25TB Samba server takes several days to do a full scan with clamscan.
CD
Have you ever lied, no matter the color? I have. Have you ever stolen
anything, no matter the valu
Matt Fretwell said this while chewing gum:
> Surely you're not doing a full scan each time, are you?
Yeah, just like the large Windows boxen we run. It's a corporate
requirement that we scan daily but clamscan is just too slow for a daily
scan so I run it weekly. It's a decent compromise; I'd co
Morgan Smith said this while chewing gum:
> Do compiler options help? YMMV but if I'm looking for speed I'll
> compile from source or create an RPM from the SRPM, and I'll add some
> optimizations:
> ./configure CFLAGS=-O3 -march=pentium4
>
> The man page for gcc may provide more insight.
OK I'll
Todd Lyons said this while chewing gum:
> If the scan is occurring during normal business hours, then yeah, you
> need to nice the heck out of it to keep it from sucking away
> performance. If you know a bit about c, you could add a commandline
> option --delay=x where x is the number of milliseco
Jakub Suchy said this with great authority:
> Is it possible to access your data in differrent way than via Samba? Samba
> is very ineffective and slow and is causing overheads. Maybe you should
> also try 2.6.x kernel with more effective I/O scheduler
We're not going through Samba to clamscan the
Lionel Bouton said this with great authority:
> You may try to wrap the scan in a Perl script which only scan files with
> modified mtimes.
Good idea!
CD
Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The
bible equates hate with murder. Ever lusted? Jesus equated lust w
Trog said this with great authority:
> If your users are also accessing the data via Samba, then use on-access
> scanning via Samba VFS. The vscan module does that
> http://www.openantivirus.org/projects.php#samba-vscan
Another good idea!
CD
Ever lied? You're a liar. Ever stolen? You're a thi
After several hours the system stops processing
mail and amavisd-new says in log: "TROUBLE in check_mail:
virus_or_banned quar+notif FAILED: timed out"
To be short: it takes a bit more time than we thought... But we're still
working on it.
Chris
On Mon, 2003-01-13 at 15:59, Tomasz
,
but were recognized by others. Would it be helpful to create such a
setup?
Regards,
Chris
On Mon, 2003-01-13 at 12:19, David Woolley wrote:
> Hi David,
> Sunday, January 12, 2003, 8:43:06 AM, you wrote:
> DV> I am getting a lot of these coming through our system. Looks
> DV> l
No, we are using amavisd-new. Amavis-ng has problems with certain types
of messages. Amavisd-new looks very stable and fast so far.
Regards,
Chris
On Tue, 2003-01-14 at 11:09, Vincent Renardias wrote:
>
> Chris van Meerendonk wrote :
>
> > In our config it's not to
On Wed, 2003-03-12 at 20:01, Tomasz Nidecki wrote:
> Wednesday, March 12, 2003, 7:11:27 PM, Jeffrey wrote:
>
> > I found that Postfix, amavis-new, and clamav ran fine on a 133MHz 486
> > with 40MB RAM. I get 300-500 messages/weekday.
>
> Hmm, so it's not that bad - I have a Pentium MMX 166 so it
better and more
reliable.
Regards,
Chris
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
pefully 'learns' the lates virussess in a short time. It would
be nice if more people could create such a setup since we don't get all
virussess...
Regards,
Chris
On Tue, 2003-04-01 at 14:10, Magnus Sundberg wrote:
> Hi,
> I while ago, I read an article that stated that openso
Trendmicro didn't find a virus also...
Chris
On Tue, 2003-05-27 at 11:37, Fajar Arief Nugraha wrote:
> Hi,
>
> I'm attaching a zip file (password : "virus") containing a virus
> attachment (joke.exe) which clamav missed during scanning.
> I believe the virus
You can find it in viruses.db. Probably in /var/lib/clamav or else at
http://clamav.elektrapro.com/database/
These are the signatures together with the virus-names.
Regards,
Chris
On Sat, 2003-06-14 at 19:04, Ted Fines wrote:
> Hi folks,
>
> Dumb newbie question here. Is the
I have a Samba file server with 546,500 files. When clamscan runs recursively,
I get "ERROR: Can't open file" on approximately 43,000 files. When I run
clamscan individually on any of these files, it works. Our other large servers
have 352,200, 168,932 and 101,680 files and they work every time.
I need to add this is with version 0.60 on RedHat 7.3, kernel 2.4.21 with xfs
support.
--- Chris de Vidal <[EMAIL PROTECTED]> wrote:
> I have a Samba file server with 546,500 files. When clamscan runs
> recursively,
> I get "ERROR: Can't open file" on approxima
--- Payal Rathod <[EMAIL PROTECTED]> wrote:
> I love clam antivirus. It has caught many of Sobig virus on my server.
> Does anyone has report on how it competes against commercial viruscanner
> and is anyone using it on a production server?
I'm using it in production (200GB Samba servers with 100-
--- Chris de Vidal <[EMAIL PROTECTED]> wrote:
> I guess I could use a structure like this...
> In /etc/clamav.exclude:
> EXCLUDES= \
> --exclude=/foo \
> --exclude=/bar
Just tested it. Works great, except I've modified it like so:
EXCLUDES="\
--exclude=/f
--- Daniel Wiberg <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 16, 2003 at 05:18:16AM +, Payal Rathod wrote:
> > Is it possible to download the updates manually and transfer therm on
> > floppy or CD to a machine which does not have internet access but just
> > local LAN access?
> > If yes, how to
I wrote a clamscan cron script like this:
source /etc/clamav.excludes
clamscan $EXCLUDES --recursive --quiet /
The clamav.excludes file looks like this:
EXCLUDES="\
--exclude=/foo \
--exclude=/foo/bar \
--exclude=/foo/baz \
"
This had been working _great_ until I needed to exclude dir
I forgot to mention I also tried editing /etc/clamav.conf:
ClamukoExcludePath /foo/bar/something with spaces/tmp
I also tried
ClamukoExcludePath "/foo/bar/something with spaces/tmp"
and
ClamukoExcludePath /foo/bar/something\ with\ spaces/tmp
/dev/idal
--- Chris de Vidal <[EM
No, I'm still getting this error.
Could someone in the group shed light on this problem? Suggestions? Ideas?
/dev/idal
--- Mike Parin <[EMAIL PROTECTED]> wrote:
> Hi Chris,
>
> I'm experiencing exactly the same problem with clamav
> as you expressed on the mailing
I apologize for the delay in answering this; clamscan took over 2 weeks to
complete!! Dang it's slow.well I can't complain for a free program.
--- Gerardo Reynoso Cobos <[EMAIL PROTECTED]> wrote:
> Are you scanning the files locally on the same server or are you
> scanning files using sm
--- Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Mon, 3 Nov 2003 10:56:33 -0800 (PST)
> Chris de Vidal <[EMAIL PROTECTED]> wrote:
>
> > I apologize for the delay in answering this; clamscan took over 2
> > weeks to complete!! Dang it's slow.well I
--- Chris de Vidal <[EMAIL PROTECTED]> wrote:
> > > I apologize for the delay in answering this; clamscan took over 2
> > > weeks to complete!! Dang it's slow.well I can't complain for
> > > a free program.
> >
> > Are you using dazu
ys updated the definitions
without any issues. Is it something on my end I need to do or is it an issue
with ClamAV?
Thanks
--
Chris Garcia
https://supersamplestar.bandcamp.com/
https://www.bitchute.com/channel/supersamplestar/
Securely sent with Tutanota. Claim your encrypted m
VPN i still get the same error.
Thanks
--
Chris Garcia
https://supersamplestar.bandcamp.com/
https://www.bitchute.com/channel/supersamplestar/
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
Dec 23, 2020, 19:55 by clamav-users@lists.clamav.net:
> Hi there
--config-file=/etc/clamav/freshclam.conf --quiet --
log=/var/log/clamav/freshclam.log --daemon-
notify=/etc/clamav/clamd.conf
It's not a bother that this is happening, just some info for me however
I'm just curious as to why it suddenly started happening with the
update.
Chris
Note: This pe
On Thu, 2020-01-09 at 17:14 +, Micah Snyder (micasnyd) wrote:
> Hi Chris,
>
> Do you have the LogVerbose option enabled enabled in your
> freshclam.conf file? 0.102 introduced the use of libcurl for HTTP(S)
> connections. Libcurl's output is logged when LogVerbose is ena
tmp/clamav-f297c096fb16292e8547120761d949f3.tmp:
Permission denied
Permissions for /var/tmp are
drwxrwxrwt 13 root root 12288 Jan 10 19:26 tmp
and for /var/lib/clamav
drwxrwxr-x 3 clamavclamav4096 Jan 10 18:04 clamav
Any suggestions?
--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
19:23:52 up 39 d
On Sat, 2020-01-11 at 12:09 +, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Fri, 10 Jan 2020, Chris via clamav-users wrote:
>
> > Since upgrading to 0.102.1+dfsg-0ubuntu0.18.04.2 this past
> > Wednesday
> > I'm seeing the above error in my syslog
On Sat, 2020-01-11 at 19:28 -0600, Chris wrote:
> On Sat, 2020-01-11 at 12:09 +, G.W. Haywood via clamav-users
> wrote:
> > Hi there,
> >
> > On Fri, 10 Jan 2020, Chris via clamav-users wrote:
> >
> > > Since upgrading to 0.102.1+dfsg-0ubuntu0.18.0
This link should help you
https://kifarunix.com/how-to-install-and-use-clamav-antivirus-on-ubuntu-18-04/
--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
17:47:09 up 7 days, 18 min, 1 user, load average: 0.84, 0.97, 0.78
Description:Ubuntu 20.04.1 LTS, ke
ld
Wed Mar 6 05:57:30 2019 -> daily.cld updated (version: 25380, sigs:
1503528, f-level: 63, builder: raynman)
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
09:09:31 up 16:15, 1 user, load average: 1.40, 0.90, 0.82
Description:Ubuntu 18.04.2 LTS, kernel 4.15.0-46-gene
74.cdiff [100%]
and it's now 17:12CST. Top shows
1997 clamav20 0 578112 450352 21692 R 100.0 2.9 123:49.48
freshclam
I stopped and restarted freshclam:
Wed Mar 6 17:13:54 2019 -> Downloading safebrowsing-48474.cdiff [100%]
32439 clamav20 0 167716 40428 22256 R 99.7 0.3
-
8755.UNOFFICIAL(5269acdb10a7bf81de 1 4.55%
SecuriteInfo.com.Spam-
3835.UNOFFICIAL(b3cfb50a01c714a5eb 1 4.55%
SecuriteInfo.com.Spam-
8755.UNOFFICIAL(b6396a22ce5637efaf 1 4.55%
SecuriteInfo.com.Spam-
3019.UNOFFICIAL(53e6ed8c5476d215ed 1 4.55%
SecuriteInfo.
The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS. Is
there a list of CVE's that I can reference in a bug report to try and
get ClamAV updated to the latest version?
Thank you
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
16:10:12 up 9 days, 7:
ameters?
>
> On Aug 22, 2019, at 14:12, Chris Pollock via clamav-users <
> clamav-users@lists.clamav.net> wrote:
> > The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS.
> > Is
> > there a list of CVE's that I can reference in a bug report
nks Al.
> On Thu, Aug 22, 2019 at 17:37 PM, Chris Pollock via clamav-users
> wrote:
> > On Thu, 2019-08-22 at 16:58 -0700, Al Varnell via clamav-users
> > wrote:
> > > I'm don't see anything specifying 0.100.3 yet: <
> > > https://cve.mitre.org/cg
On Fri, 2019-08-23 at 18:47 +0200, Matus UHLAR - fantomas wrote:
> On 22.08.19 16:12, Chris Pollock via clamav-users wrote:
> > The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS.
> > Is
> > there a list of CVE's that I can reference in a bug report to
I submitted a bug report at Ubuntu Launchpad to have ClamAV updated to
the latest 0.101.4 -
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1841281
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
17:18:57 up 13 days, 8:36, 1 user, load average: 1.36, 0.86, 0.80
Hello,
A scan of a PC I was given to disinfect reports the following when using
clamav 0.102.1 portable in Windows:
[code]
PS C:\Users\UserName\Desktop\clamav-0.102.1-win-x64-portable>
.\clamscan.exe --remove C:\Windows\System32\msiexec.exe
C:\Windows\System32\msiexec.exe: Win.Virus.Expiro-73966
means.
Combining the ClamSMTP proxy and SMTP proxy into one is not really an
option for what I am trying to do.
Any ideas?
Thanks,
Chris
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> René Berber
> Sent: 03 February 2005 21:20
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] Re: ClamSMTP in Transparent Proxy Mode
>
> Mason, Chris, VF
401 - 463 of 463 matches
Mail list logo
