Re: [clamav-users] Freshcalm issues

It would be helpful to see the output of this command: clamconf |egrep -i "^.*(mirror|proxy|server|local|database)" dp On 2/11/17 7:07 AM, Hugo Deprez wrote: Hello, am I the only one having that kind of issues ? On 3 January 2017 at 14:49, Hugo Deprez wrote: _

Re: [clamav-users] Javascript file not recognized

It is really bad form to post suspected malware to this or any list. dp On 2/16/17 11:55 AM, Markus Egg wrote: The attached file was in an email as attachment as "bill": 319598.js sha1sum b32a6dfdef2444de1695cb96e6a674c2f7cda74b 319598.js sha256sum 319598.js 50df856fa3291473face6db59dcc655476

Re: [clamav-users] Javascript file not recognized

There was no attachment on the e-mail I received, did you get it? -Al- On Thu, Feb 16, 2017 at 12:02 PM, Dennis Peterson wrote: It is really bad form to post suspected malware to this or any list. dp On 2/16/17 11:55 AM, Markus Egg wrote: The attached file was in an email as attachment as

Re: [clamav-users] Question about .cvd files

The ClamAV product is designed to be used for real time detection with mail transport agents and to respond on detection. These mail transport agents are capable of delivering malware that will run on any architecture. In a perfect world everyone that runs an MTA would test outbound mail for mal

Re: [clamav-users] Identify Threat Risk Level with ClamAV

This is probably not the best list for this conversation. You make get better results by talking with developers, not end-users. dp On 4/14/17 9:33 AM, crazy thinker wrote: Oh.. ok..But how Commercial AV Calculating risk level of malware and what is the criteria for that.? On 14 April 201

Re: [clamav-users] ClamAV for EnterPrise

You should hire an integrator that already knows how to do this. dp On 4/18/17 3:28 AM, crazy thinker wrote: Hi ClamAV Developers, ClamAV Users I have refered ClamAV Docs but i could find any info to set up clamav in Business Environment. i have a small business office where 50-75 employees

Re: [clamav-users] error when starting clamd: LibClamAV Warning: Don't know how to create filter for: BC.Win.Exploit.CVE_2017_0060-6099223-0.{}

Which version of ClamAV are you running? dp On 4/19/17 5:46 PM, Jobst Schmalenbach wrote: Hi Upon starting clamd I am receiving following messages: Starting clamd: LibClamAV Warning: Don't know how to create filter for: BC.Win.Exploit.CVE_2017_0060-6099223-0.{} LibClamAV Warning: cli_a

[clamav-users] Mirror problem

Anyone else seeing this? Sat Apr 1 14:02:39 2017 -> Trying host db.us.clamav.net (209.198.147.20)... Sat Apr 1 14:03:09 2017 -> Can't connect to port 80 of host db.us.clamav.net (IP: 209.198.147.20) Mon Apr 3 08:02:39 2017 -> Can't connect to port 80 of host db.us.clamav.net (IP: 209.198.14

Re: [clamav-users] ClamAV UnOfficial Database

You make this harder than is necessary. Create a directory for your preferred signature files in it (/var/lib/crazyclam, for example), put your preferred signature files in it, create a new clamd config file (crazyclamd.conf, for example) with that directory defined (DatabaseDirectory /var/lib/c

Re: [clamav-users] Question about ClamAV

I would consider a malware author that does not pass his/her new product through several file scanners to be incompetent. There is little point in distributing such files if it is commonly detectable. Scanners are one of the best quality inspection tools a malware author has at their disposal. C

Re: [clamav-users] Question about ClamScan

On 5/12/17 10:19 AM, crazy thinker wrote: @Maarten I mailing to both ClamAV Developers and Users.. Hope you unerstand this .ClamAV Developers Mailing list seems inactive.. They are not responding Given that your crazyplan is to develop a new fork of ClamAV they can hardly be blamed for not h

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

If not email what is the vector? dp On 5/15/17 5:11 PM, Joel Esler (jesler) wrote: To be clear let me link to our blog post on the subject: http://blog.talosintelligence.com/2017/05/wannacry.html There has been No email vector seen in WannaCry to date. Almost everyone that has claimed this,

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

If I were to have gotten a suspicious message notice from epl.paypal-communication.com and gone through a whois, nslookup, whois (ip address), dig txt paypal-communication.com, dig mx paypal-communication.com, dig mx epl.paypal-communication.com routine I would have found a very suspicious pedi

Re: [clamav-users] Main CVD and Main Cdiff have been published

The main.cld is equivalent to main.cvd and the date is correct. The difference is one is compressed, the other not. dp On 6/8/17 9:30 PM, mlnl wrote: Hi, should this be correct? -rw-r--r--. 1 clam clam654336 Jun 7 03:18 bytecode.cld -rw-r--r--. 1 clam clam 123921920 Jun 9 03:26 dail

Re: [clamav-users] Unable to download database

nslookup db.local.clamav.net |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1 nslookup db.us.clamav.net |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1 nslookup db.ca.clamav.net |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1 nslookup db.ru.clamav.net |awk '/Address:/ {print $2}' |xargs -L

Re: [clamav-users] Unable to download database

cing using real-time network response time. If nothing else it will stop most if not all attempts to missing mirrors which seem to be the majority. Obviously it will also ignore mirrors that disallow icmp traffic. dp On 8/23/17 9:48 AM, Dennis Peterson wrote: nslookup db.local.clamav.net |awk &#x

Re: [clamav-users] Freshclam failure - Still ongoing???

You don't need ClamAV ppl to help - you have complete control over this process. Try this: Find a healthy mirror Put that healthy mirror's IP address in your freshclam.conf file as the first definition of DatabaseMirror Run freshclam manually. grep ^DatabaseMirror freshclam.conf You should s

Re: [clamav-users] Freshclam failure - Still ongoing???

This is abysmal. # freshclam --list-mirrors |grep Success |sort -n -k2 Successes: 0 Successes: 0 Successes: 0 Successes: 0 Successes: 0 Successes: 0 Successes: 0 Successes: 4 Successes: 7 Successes: 8 Successes: 11 Successes: 11 Successes: 19 Successes: 46 Successes: 79 Successes: 81 Successes: 8

Re: [clamav-users] Freshclam failure - Still ongoing???

anyone have a list of confirmed working mirrors? Thanks Joel for getting onto this, let me know if I can help somehow. -- Thanks Paul Dean. "Life is not WHAT you make it, it's WHO you have in it..." On Fri, 25 Aug 2017 07:43:08 -0700 Dennis Peterson wrote: You don't nee

Re: [clamav-users] Freshclam failure - Still ongoing???

I grabbed a tld file to use to locate (best effort) all ClamAV mirrors using a couple patterns I've discovered. Surely there is a better way but I'm old and time is precious. db.TLD.clamav.net db.TLD.rr.clamav.net I used the host command to find every mirror available to this method. That ret

Re: [clamav-users] Freshclam failure - Still ongoing???

On 8/26/17 10:49 AM, Dennis Peterson wrote: I grabbed a tld file to use to locate (best effort) all ClamAV mirrors using a couple patterns I've discovered. Surely there is a better way but I'm old and time is precious. db.TLD.clamav.net db.TLD.rr.clamav.net Snippage happened.

Re: [clamav-users] Freshclam failure - Still ongoing???

It will fall through to db.local.clamav.net. dp On 8/27/17 1:07 AM, Andreas Schulze wrote: Am 25.08.2017 um 22:44 schrieb Joel Esler (jesler): We are working on ways to not only fix the on going mirror issues, but prevent them in the future, as well as bring back the Mirror page on ClamAV.net

Re: [clamav-users] Mirror issues and what we are doing to fix it

I had the same thing happen and I also got successful dl's of the daily.cld file multiple times and I'm sure it would have continued looping forever if I'd not stopped it after observing it was stuck in a loop. Same symptoms on two separate systems. Couldn't find the cdiff file and the correspon

Re: [clamav-users] Mirror issues and what we are doing to fix it

Aug 30, 2017, at 1:11 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: I had the same thing happen and I also got successful dl's of the daily.cld file multiple times and I'm sure it would have continued looping forever if I'd not stopped it after observing it was stu

Re: [clamav-users] update mirror trouble?

There are still a lot of broken mirrors out there aside from this problem. dp On 11/6/17 8:05 AM, Joel Esler (jesler) wrote: This should be resolving itself as we speak. -- Joel Esler | Talos: Manager | jes...@cisco.com _

Re: [clamav-users] fail updates

Your report includes mirrors that should be ignored based on last access. I built a list of current mirrors from freshclam logs that go back only to August. grep -h Ignoring freshclam* |grep -v Reading |awk '{print $9}' |sort |uniq -c |sort -rn The result is an easy to understand (if not jaw

Re: [clamav-users] fail updates

Come to think of it, 130.59.10.36 shouldn't even still be in mirrors.dat and that is part of the systemic problems in the system. Nothing cleans up stale entries in mirrors.dat except rm -f mirrors.dat. dp On 11/6/17 9:02 AM, Benny Pedersen wrote: freshclam --list-mirrors Mirror #1 IP: 130.5

Re: [Clamav-users] Deletion of local.ign

Bill Landry wrote: > > So, the problem with checking to see if the .ign entry still resides in > the database file or not has a flaw. As a signature writer, if I have a > signature that, for example is called: > >Spam.Email.123:25:26f757073 > > and someone reports this as a false positive

Re: [Clamav-users] Signature related question

Bill Landry wrote: > There has been some discussion on the Sanesecurity users list about > ClamAV signatures matching unintended words. For example, a signature > that is written to match "acebook . com" (remove the spaces) would also > match "facebook . com". > > Is there a way to delimit what c

Re: [Clamav-users] Clamd regularly crashing

Robert wrote: > My install of Clamd has been crashing regularly. > 5 times yesterday, 28 times and counting today. > > # Go into your clamav signature directory where all the signature files are and run this test: ls >/tmp/test.txt for file in *[bd] do echo $file; clamscan -d $file /tmp/te

Re: [Clamav-users] Clamd regularly crashing

Robert wrote: > On 2 Jun 2009, at 02:38, Dennis Peterson wrote: > >> Robert wrote: >>> My install of Clamd has been crashing regularly. >>> 5 times yesterday, 28 times and counting today. >>> >>> # >> Go into your clamav signature directory

Re: [Clamav-users] Clamd regularly crashing

Robert wrote: > On 2 Jun 2009, at 03:05, Dennis Peterson wrote: > >> The >> simple test I provided does a quick third-party check outside your >> existing >> (perhaps flawed) processes. >> >> dp > > Well, being a relative novice in this fiel

Re: [Clamav-users] Did Clamd REALLY crash ?

Robert wrote: > Would this then cause clamdwatch to assume Clamd had crashed > and restart it accordingly ?? > > > If I'm way off base here, be merciful Change the logic so that clamdwatch alerts only after two or more failures to connect. There's lots of reasons why a single failure can t

Re: [Clamav-users] freshclam permissions on database directory

Ian Cheong wrote: > I've just done a clean (previous uninstall) default (configure;make;install > with no options) install of clamAV0.95.2 on MacOS10.5.7. Running freshclam > generates the following errors. > > ERROR: chdir_tmp: Can't create directory > ./clamav-f6cd08cec8c72896e10b38ef34215214 >

Re: [Clamav-users] freshclam permissions on database directory

Tom Shaw wrote: > > Under OSX you should not run freshclam as a deamon but as a periodic > process run by launchd as _clamav:_clamav. Likewise for clamd. THis > allows for automatic process restart by launchd if there is a problem > (for example the bug that caused 0.94.2 to randomly crash u

Re: [Clamav-users] submitting stats at log turnover

Matus UHLAR - fantomas wrote: >> On Wed Jun 17 2009 16:37:42 GMT+0200 (CEST) >> Matus UHLAR - fantomas wrote: >>> Hello, >>> >>> does freshclam submit stats when clamav log turns over or is it just >>> forgetting those? >> Hi, >> >> freshclam submits up to 50 records in one session from the curren

Re: [Clamav-users] Spontaneous failure to read DB dir

Kris Deugau wrote: > > clamscan seems to be able to read the database files just fine. > > Any suggestions on what to poke to get more detail on what's actually > broken? Send the result of running clamconf and ps -ef |grep [c]lam dp ___ Help us bui

Re: [Clamav-users] Error libclamav.so.6

Wong wrote: Yes Jim, it is in /usr/local/lib Thx & Rgds, Wong In a terminal window go to the directory where the application is (freshclam) and run the ldd (list dynamic dependancies) command: ldd freshclam This will tell you what libraries are needed and where freshclam is looking for

[Clamav-users] Clamd return codes

Does Clamd provide any distinctive return codes for spam vs scams vs heuristic hits, etc? Most of what is found in my systems's mail is scams/urls/images, none of which are viruses, yet it is all considered virus content in the logs and by the milter I use. Any options here to take advantage of

Re: [Clamav-users] freshclam - how to hard-code to specific IP?

W S wrote: Folks, Is there anyway to Hard-Code IP address for updating ClamAV db? I see this keep changing: % host database.clamav.net database.clamav.net is an alias for db.local.clamav.net. db.local.clamav.net is an alias for db.us.rr.clamav.net. db.us.rr.clamav.net has address 194.47.250

Re: [Clamav-users] Option NOT to log empty files

Rick Stanley wrote: Would it be possible to have an option NOT to log the presence of an empty file. I am scanning a system logging the messages, but only want to see presence of infected files and other warning/error messages, but don't care about empty files. If you are using syslog-ng you

Re: [Clamav-users] DHL invoices

Jari Fredriksson wrote: Then I decided SaneSecurity is not worth it, as SpamAssassin catches those too, and has less false positives. SaneSecurity triggers way too often when some dumb user pastes a spam into his mail, or some robot sends a bounce with an attachment. I do not want to report th

Re: [Clamav-users] DHL invoices

Jari Fredriksson wrote: I give rat's ass to WinNow. If I would have been interested in SaneSecurity or WinNow I would have installed those again, and tested with them. Don't let it fall through the cracks that people here are trying to help you. dp ___

Re: [Clamav-users] ClamAV 0.95.3

Thiyaga wrote: Hi, When can we expect the stable 0.95.3 version to be released? Currently we are using 0.95.1 version. If 0.95.3 is going to released soon, we will directly upgrade ClamAV to 0.95.3 instead of upgrading it to 0.95.2 and then to 0.95.3. (But we will not have much choice, if 0.95.

Re: [Clamav-users] Some Virus not detected by Clamav

Richard Chapman wrote: I am interested in Tom's list of unofficial signatures - but haven't found the recommended way to use the signatures. Do I need to download them periodically - or do I just add an additional freshclam DataBaseMirror directive. In either case - exactly what is the url to

Re: [Clamav-users] Some Virus not detected by Clamav

Steve Basford wrote: The script I use has a bit more finesse than this simple overview. I use a randomizer to prevent this process from running at the same minute past the hour Note there's a *tiny* chance if the script runs at 10.07 and then 11.03, you'll get temp block for an hour from some o

Re: [Clamav-users] Some Virus not detected by Clamav

Tom Shaw wrote: Tom Shaw wrote: If you submit a file to virus-samp...@oitc.com I'll process it for winnow_malware.hdb and at the same time send it to the ClamAV malware signature team and virustotal to check if others can detect. If you submit a url to malware to virus-samp...@oitc.com I'l

Re: [Clamav-users] New free Signature creation tool for clamav

mp5 wrote: Hi all, I just came across this "SigCreate" free Signature creation tool program for creating your own custom clamav signature database. The site says that it's for clamav win32 but I'd guess one could use it for Linux platform as well. Here is the link if anyone wants to check i

Re: [Clamav-users] Virus Event ?

David Vo wrote: Please take me off this list. The instructions to do this are in the headers of each message you've ever received from this list server but which I include here: Reply-To: ClamAV users ML List-Id: ClamAV users ML List-Unsubscribe:

Re: [Clamav-users] All quiet on the virus front?

fchan wrote: Hello, Ever since about 10-Nov-2009 1810UTC I haven't gotten any virus hits on my mail server and I'm checking if anyone seen the same thing. Before that time, I used to get about 1000 virus hits per day so are the virus writers/spammers gone away or this is the quiet before the s

Re: [Clamav-users] Best way to mirror database updates

Dan Irwin wrote: I am wondering what is the best way to mirror database updates. Use freshclam and a custom freshclam.conf file that places the downloaded and tested files in a directory used by your mirroring software. dp ___ Help us build a comp

Re: [Clamav-users] 'The Need of King Angus' - a novel - 'n gettin' it published

Taylor wrote: Well, I've just published my 1st novel! This would be more difficult if all our return addresses were cloaked by the list server software or otherwise hidden from non-members. dp ___ Help us build a comprehensive ClamAV guide: visit

Re: [Clamav-users] sorry this is a bit brief...

steve wrote: ... one of my other servers is under attack! I've reverted to 0.95.2 - both build with ./configure --enable-milter --disable-clamuko and is all running fine again. Can anyone suggest where to start with sorting this one out?? Any config file changes I've missed, for example?

Re: [Clamav-users] Clamd & Clamav yield different results

James Babcock wrote: Thanks so much for the prompt response. I have an Intel iMac… running Mac OS 10-6-2 plus mall updates. Using Mac's "Terminal" option, I found no MAN pages you suggest. I am beginning to think that As a clamav user, I need a Linux version running under my VMWare system jus

Re: [Clamav-users] Clamd & Clamav yield different results

Tom Shaw wrote: I'm running ClamAV on a Mac, Sun Sparc with Solaris, and Linux. I'll soon have it running on a Mac Mini Server though on that system the case issues will be corrected. Anyway - it works fine on a Mac. Actually, Dennis, it comes preinstalled on Mini Server it just located in

Re: [Clamav-users] ClamAV Memory Usage

Gordan Bobic wrote: Hi, Can anyone explain why clamd 0.95.3 might use 190MB of RAM after 5 days of light usage (few hundred emails)? It is the single biggest process on my mail servers, and I'm not convinced it's size is reasonably justifiable. The database files under /var/lib/clamav use abo

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

Robin wrote: Jan Pieter: Thanks for balancing out the arguments! I have been trying to convince the upper end folks to accept clamav so I was looking for some good use cases compared to McAfee CommandLine Scanner, since this would be the product I would use from the corporate standard of McAfee

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

Thomas Harold wrote: On 12/3/2009 10:32 PM, Dennis Peterson wrote: I quoted viruses above because much of what is found is actually blacklisted URL's, scams, spam, etc. Very few true viruses show up anymore. That seems to be true if you're doing DNSBLs that block the dynami

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

lists wrote: On Thu, 2009-12-03 at 19:32 -0800, Dennis Peterson wrote: http://www.barracudanetworks.com/ns/legal/ It's so good that TrendMicro thought it worth going to court to stop it. It is good - and thanks to Dennis for pointing it out. The Barracuda link is synonymous with the

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

lists wrote: On Fri, 2009-12-04 at 08:31 -0800, Dennis Peterson wrote: lists wrote: On Thu, 2009-12-03 at 19:32 -0800, Dennis Peterson wrote: http://www.barracudanetworks.com/ns/legal/ It's so good that TrendMicro thought it worth going to court to stop it. It is good - and thanks to D

Re: [Clamav-users] OT Dennis - Barracuda - this is how cheap they are...

lists wrote: Dennis, to give you some idea (if you did not already know) how cheap Barracuda Networks are, they advertise for staff on Craigslist - because it is free: I am truly stunned you are so wound around Barracuda. I don't give a rip one way or the other about them and I've not even di

Re: [Clamav-users] OT Dennis - Barracuda - this is how cheap they are...

lists wrote: On Sat, 2009-12-05 at 08:45 -0800, Dennis Peterson wrote: lists wrote: Don't get your knickers in a twist love ;-) Wasn't much of an apology, but I accept it, none the less. dp ___ Help us build a comprehensive ClamAV gu

Re: [Clamav-users] clamd as a service

Mark Gregory wrote: Hi, If clamdscan calls clamd when it is run as a scheduled task is there a reason for having clamd running as a windows service? It appears that it would be loaded and using RAM for no reason. If you are not in a hurry or not concerned with your scanning process spending a

Re: [Clamav-users] clamd reload - reloading logfile failed ?

On 12/12/09 7:21 PM, Jason Frisvold wrote: Hi all, I seem to be having some problem with clamd and logrotate. Logrotate reloads clamd after rotating the logfile and creating a new one, but clamd fails reload with the following : Reloading log file:[FAILE

Re: [Clamav-users] ExcludePath, defining absolute path

On 12/15/09 10:11 PM, dev.ad...@ntlworld.com wrote: Hi, I know this is an old topic that seems to have caused some problems in the past and has apparently been fixed in version .3, but I still can't get it to work. I'm using OSX and I would like to scan the boot volume but one of the directorie

Re: [Clamav-users] Script updated: clamav-unofficial-sigs.sh (v3.7)

On 1/23/10 10:12 PM, John Rudd wrote: removes MSRBL (as it's no longer being updated) Did they declare themselves to be defunct, or are you declaring it for them (without any actual announcement from them)? The most recent news from them is Jan of this year: http://msrbl.blogspot.com/ They

Re: [Clamav-users] Script updated: clamav-unofficial-sigs.sh (v3.7)

On 1/23/10 10:51 PM, Bill Landry wrote: On 1/23/2010 10:44 PM, Dennis Peterson wrote: On 1/23/10 10:12 PM, John Rudd wrote: removes MSRBL (as it's no longer being updated) Did they declare themselves to be defunct, or are you declaring it for them (without any actual announcement from

Re: [Clamav-users] question on install, clamav user/group and LDAP

On 2/3/10 11:29 AM, Lesiak, Stephen wrote: We auth through LDAP and I noticed there was a piece in the install that allowed for specifying a UID and GID. I created clamav as a user and group in our instance of LDAP: -sh-3.2# id clamav uid=20722(clamav) gid=1045(clamav) groups=

Re: [Clamav-users] Getting "***UNCHECKED***" on some emails I send out.

On 2/24/10 6:52 AM, Steven Stern wrote: On 02/24/2010 08:06 AM, Jason (spot) Brower wrote: It seems that some emails couldn't be checked. Encrypted Zip files in particular. It seems that when I try to send them from Evolution (Ubuntu 9.10) I get this message sent to my recipients. Is there an

Re: [Clamav-users] Getting "***UNCHECKED***" on some emails I send out.

On 2/24/10 8:38 AM, Jerry wrote: On Wed, 24 Feb 2010 10:33:09 -0500 Kris Deugau articulated: Steven Stern wrote: Checking outgoing mail is pointless. Why bother? So you can reduce malware propagation? (And as a result, maybe not end up on everyone's local blacklist for spewing garbage...)

Re: [Clamav-users] Getting "***UNCHECKED***" on some emails I send out.

On 2/24/10 9:15 AM, Jim Preston wrote: No Dennis, you would just know they are coming from the spammer and not zombies. Then again, there would be far fewer zombies if people took personal responsibility for their computers There are relatively few end points on the Internet that send mail out

Re: [Clamav-users] Getting "***UNCHECKED***" on some emails I send out.

On 2/24/10 10:10 PM, Erwan David wrote: Le Wed 24/02/2010, Dennis Peterson disait There are relatively few end points on the Internet that send mail out without going through an ISP's gateway. I'm not so sure about this. Compaies do not use ISP gateways... Count the companies vs

Re: [Clamav-users] Getting "***UNCHECKED***" on some emails I send out.

On 2/25/10 6:09 AM, Steven Stern wrote: If you're sending mail directly from your client to Google's SMTP servers, your ISP isn't touching it as the connection to Google is encrypted. What are you using for an SMTP server? For example, I'm typing this in Thunderbird and the smtp server for th

Re: [Clamav-users] Getting "***UNCHECKED***" on some emails I send out.

On 2/26/10 8:59 AM, Jerry wrote: On Fri, 26 Feb 2010 12:14:50 +1300 Steve Holdoway articulated: You what? In the last case I had a problem, it was a networked pc infected with a trojan spewing spam out. Just *how* does SMTP Auth stop this? Your lack of knowledge is matched only by your inabil

Re: [Clamav-users] Useless message on update failure in local mirror config.

On 3/2/10 7:58 AM, Nathan Gibbs wrote: Question. Why does freshclam suggest checking http://www.clamav.net/support/mirror-problem for possible problems with a a LOCAL MIRROR when it KNOWS that its checking a local mirror. There is nothing on that page that is inappropriate for debugging the

Re: [Clamav-users] Useless message on update failure in local mirror config.

On 3/2/10 10:14 AM, Nathan Gibbs wrote: Not functional issues, just a couple rough edges that could use sanding. You have an idea and the source code - implement it and submit the change. If there is a pent up demand to prevent that lying SOB (freshclam) from spinning yarns in the logs then

Re: [Clamav-users] Sender and recipient of blocked messages not appearing in logs, only

On 3/7/10 3:06 PM, Robert S wrote: I have been getting these messages in my logs when a message is detected as a virus: Mar 8 08:44:56 mypc clamav-milter[6112]: Message o27LiRP8029635 from to with subject 'Important notice: Google' message-id 'UNKNOWN' date 'UNKNOWN' infected by Sanesecurity.J

Re: [Clamav-users] Still fighting with clamav-milter on remote machine to clamd....

On 3/16/10 2:38 PM, Nathan Gibbs wrote: * Steve Holdoway wrote: On Sat, 2010-03-13 at 08:25 -0500, Nathan Gibbs wrote: I get those errors with these clamd settings CommandReadTimeout 120 ReadTimeout 900 This is with the milter load balancing across 5 nodes. Cheap, Fast,& Right, pick two. O

Re: [Clamav-users] Still fighting with clamav-milter on remote machine to clamd....

On 3/16/10 6:01 PM, Steve Holdoway wrote: So I'm stuck in this situation, with a clamd server at the same dc, but connecting over tcp port 3310 just times out. I've sent the requestor a tcpdump ( brave man and thanks! ), but am not too thrilled at posting it publicly, as in anonymizing it I will

Re: [Clamav-users] infos

On 3/24/10 7:31 AM, Del Monte Paolo wrote: Hi Giampaolo, Are you sure that I can download the upgrade from a window server and put it in a second time on a hpux server. The automatic upgrade don't depend on the platform on witch I configure freshclam? The clam scanners (clamd, clamscan) don't

Re: [Clamav-users] list email cancel

On 4/9/10 2:49 PM, Michael Swank wrote: Please take me off the email list for now. Thank you. mikesw...@aol.com Instructions on how to do that are in every email header this list sends. dp ___ Help us build a comprehensive ClamAV guide: visit http:

[Clamav-users] Odd FP signature

One of my customers in Eastern Washington just got some mail blocked because of this non-Clamav pattern: :INetMsg.SpamDomain-2w.gonzaga_edu:4:*:(2e|2f|40|20|3c|5f)676f6e7a6167612e656475(27|22|20|2f|3d|5f|3e|0a|0d) No way I'm telling the Zag's they're not getting their mail :) Point being is it

Re: [Clamav-users] Can the builders quit screwing with the Socket configs?

On 4/15/10 11:33 AM, James Kinter wrote: Thanks Edwin. I think I get them from Dag, but Ill check and email the appropriate offenders :-) I setup a YUM repo to point to somewhere, so every update comes from the same place every time. Getting them from the same place is no guarantee that build

Re: [Clamav-users] The EOL tweets

On 4/16/10 8:05 AM, Giampaolo Tomassoni wrote: Was the 'stop gap' really useful? To which purpose? Did the ClamAV team meant to stop old installations to work, in order to silence competitors? Perhaps to teach to clamav users about the very complex nature of today systems and services? Unfortun

Re: [Clamav-users] The EOL tweets

On 4/17/10 9:03 PM, Jim Preston wrote: I whole heartedly agree Dan. However I have been slandered today being called arrogant and ignorant, so what do I know? Yutz on the left, mench on the right. This EOL process has been a test. It was a simple test to separate yutz from mench. If you faile

Re: [Clamav-users] (no subject)

On 4/18/10 1:27 PM, Spiro Harvey wrote: Shame you haven't talked to to others - like havp for example - before doing this. The announcement to EOL the old releases was made at the start of october last year. If people using clam as an integral part of their software don't read announcements, wh

Re: [Clamav-users] Lots of "pread fail" warnings during scanning

On 4/18/10 3:11 PM, Hauke Duden wrote: OK. Sorry for the confusion. Shouldn't this be in the FAQ (or was I just too blind to find it?)? I'd hate to think that I am the only one making this mistake. ClamAV is an antivirus tool. It is reasonable to expect it will be used on file systems wher

Re: [Clamav-users] (no subject)

On 4/19/10 9:22 AM, Jim Preston wrote: But on a more serious note, what method would you like to have had them take to make you aware of the impending failure? The question wasn't directed to my but I'd like to see them be more selective as to who should be allowed to use this product. Maybe

Re: [Clamav-users] The EOL tweets

On 4/19/10 1:17 PM, Dan wrote: Really, a mission-critical product such as ClamAV needs to be watched by the sysadmin, not left for someone else to do it for you. You've passed the IQ test. Next. dp ___ Help us build a comprehensive ClamAV guide: vi

Re: [Clamav-users] No debian woody support anymore?

On 4/21/10 11:16 AM, Stephen Gran wrote: Faced with an old release of software that will die if the team uses new functionality due to a known bug, and people who will not upgrade to the version that fixes this bug, and a reasonably urgent need to use the new functionality, what exactly would yo

Re: [Clamav-users] On a happier (but slightly OT) note...

On 4/21/10 12:10 PM, Francesco Peeters wrote: http://www.engadget.com/2010/04/21/mcafee-update--shutting-down-xp-machines/?sms_ss=email :-þ Received from McAfee earlier today: Folks, I have been collecting information as it has been flowing across the wire on my side. If you are not the dir

Re: [Clamav-users] Clubbing a deceased equine

On 4/21/10 8:03 PM, Steve Wray wrote: I believe that best practice with this sort of thing is to only issue warnings and not to actually force a potentially harmful change without *express* consent of the user. Suggest at least one way to inform all the users successfully that obsolete softw

Re: [Clamav-users] Clubbing a deceased equine

On 4/21/10 8:20 PM, Dennis Peterson wrote: know way of knowing What the hell? Did I write that? :) dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

On 4/21/10 10:06 PM, Eric Rostetter wrote: Quoting Jim Preston : Read what I said. *functional* not security. Like, for example, php is at 5.2.6 on lenny, unless you configure is differently. That's the whole point of releases. There are distros that release functional (feature) upgrades as w

Re: [Clamav-users] Way, way, way OT: Re: (no subject)

On 4/21/10 10:31 PM, Steve Holdoway wrote: Personally I'd like to see the masses catered for. There's your problem. The masses are stump stupid. Ever was it so. It is no accident that 'exceptional' means not typical. Exceptional does not include the masses. If the best we shoot for is to appeas

Re: [Clamav-users] Way, way, way OT: Re: (no subject)

On 4/21/10 11:08 PM, Steve Holdoway wrote: Alienating those 'asshat whiners' will revert them to being windows admins, and our career prospects dwindle ever further. I'm over that, too. It means I'll always have a job if there is no competition. I don't have any notion of ever being a Window

Re: [Clamav-users] Problems with db.ca.clamav.net mirror

On 4/23/10 8:41 AM, Jim Preston wrote: Just a question, but what time is freshclam running? Most of the time a majority of people run freshclam at the top of the hour which means you are in heavy competition for resources. I have mine set to run via cron at ten minutes after the hour. Jim You

Re: [Clamav-users] Problems with db.ca.clamav.net mirror

> > On 4/23/10 10:46 AM, "Dennis Peterson" wrote: > > > On 4/23/10 8:41 AM, Jim Preston wrote: > > > >> Just a question, but what time is freshclam running? Most of the time a > >> majority of people run freshclam at the top of the hour

Re: [Clamav-users] Yet more clubbing of deceased equine.

On 4/24/10 6:36 AM, Stephen Gran wrote: On Fri, Apr 23, 2010 at 05:02:07PM -0700, Chris Knight said: On Fri, Apr 23, 2010 at 1:39 PM, Christopher X. Candreva wrote: On Fri, 23 Apr 2010, Simon Hobson wrote: So, it still runs the software it used to run ? Yes It's running software that is EO

Re: [Clamav-users] Clamd was NOT notified

On 4/26/10 6:01 PM, Mark wrote: Hello, I just upgraded to clamav 0.96.1 on FreeBSD 7. Everyhing seemed to be running fine, except that I suddenly got this message in my freshclam log: WARNING: Clamd was NOT notified: Can't find or parse configuration file yes It used to say "" Clamd su

<    1   2   3   4   5   6   7   8   9   10   >