>
> Hi,
>
>
> I've done some research on the best way to integrate it, but hoped
> someone could point me to a current document that outlines how to do
> this and help me answer some of my questions.
The best way to integrate them is to follow the instructions at Steve's
web site (Sane Security
On 4/29/10 7:06 AM, Adam Stephens wrote:
That error doesn't come from the mirrors; it comes from freshclam - the
message is in manager.c, and it's triggered by this check in mirman.c:
if(mdat->dbflevel && (mdat->dbflevel > flevel) && (mdat->dbflevel -
flevel > 3))
if(time(NULL) - mdat->mirtab[
On 5/2/10 8:14 AM, Tom Shaw wrote:
Trying now let you know in about 10
10.5.8 right now. 10.6 after we get this working
Tom
I was able to compile .96 in Snow Leopard with no modification.
dp
___
Help us build a comprehensive ClamAV guide: visit h
On 5/2/10 9:59 AM, Alex wrote:
Hi,
Why are some of the databases duplicated in the clamav root dir and
also in the unofficial-dbs/ss-dbs directory, such as
winnow_malware.hdb?
The rsync protocol only downloads the changes between the local and remote
files, so the local file much be available
On 5/3/10 12:09 AM, Mark wrote:
On Apr 27, 2010, at 3:23 PM, Sarocet wrote:
The ClamAV team didn't design the AV to stop on getting a special
signature. That signature could exist due to a bug that you decided
not to fix (by not updating/patching). It was a clever use of a bug
to disable the d
On 5/3/10 8:45 AM, Alex wrote:
Hi,
Dennis Peterson wrote:
Rsync is able to transfer only the differences between two files provided a
version of the file being
transferred exists on the source and the destination. In addition, rsync will
not transfer anything if it
determines there are no
On 5/3/10 8:45 AM, Simon Hobson wrote:
It's actually more efficient than that !
It uses something similar to a rolling checksum to find throughout the
file. So in principal, you can add a short bit to the front of a large
file, or even chop a file up into chunks and rearrange them, and it will
On 5/3/10 9:43 AM, Bill Landry wrote:
If you are seeing three copies of each unofficial database, then you have
a problem somewhere.
This topic is really OT for the ClamAV mailing list.
My net nanny buzzer went off.
dp
___
Help us build a comprehe
On 5/4/10 1:25 PM, Freddie Cash wrote:
Add the volatile repo to /etc/apt/sources.list, if it's not already there.
Then it's a simple:
aptitude update
aptitude install clamav-daemon clamav-freshclam
aptitude will install everything else automatically.
Does it first uninstall the existin
On 5/4/10 8:01 PM, eric wrote:
Strange, clamav has been update, but still cannt found Virus.MSExcel.Agent.c
, Any idea will be appreciate.
It's there. It isn't called Virus.MSExcel.Agent.c:
X97M.Escape:0:*:74696d6576616c7565{-14}22737461727475702e786c732179636f7022*6f6e2e73746172747570
dp
_
On 5/4/10 5:56 PM, Freddie Cash wrote:
On Tue, May 4, 2010 at 5:11 PM, Dennis Peterson wrote:
On 5/4/10 1:25 PM, Freddie Cash wrote:
Add the volatile repo to /etc/apt/sources.list, if it's not already there.
Then it's a simple:
aptitude update
aptitude install clamav-dae
On 5/12/10 3:58 PM, Wolfgang Breyha wrote:
Hi!
In the last week I noticed several times that freshclam needs up to 30
minutes using a full CPU to update safebrowsing database.
Most of the time the next update shows
Empty script safebrowsing-20426.cdiff, need to download entire database
What's
On 5/13/10 7:54 AM, Cliff Hayes wrote:
Hello,
I am a system administrator who manages many servers and need a way to
programatically ping clamd on a server and get a response which I can
interpret to mean clamd is ok or the engine needs to be updated.
Unfortunately, I often get overwhelmed and d
On 5/12/10 12:59 PM, Shawn Bakhtiar wrote:
ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public
License by the Free Software Foundation, and is free (as in freedom) software.
To find out more about GNU GPL, please visit the following link: Philosophy of
the GNU Projec
On 5/13/10 7:10 PM, Jason Haar wrote:
On 05/13/2010 01:57 AM, Bowie Bailey wrote:
No, ClamAV for Windows currently does not use the ClamAV engine
(although there is talk of adding it in). It instead uses Immunet's
cloud-based antivirus.
http://www.immunet.com/protect
Huh? That comes as a sh
On 5/13/10 10:19 PM, Jason Haar wrote:
On 05/14/2010 02:52 PM, Dennis Peterson wrote:
On 5/13/10 7:10 PM, Jason Haar wrote:
Why is Sourcefire allowing a third-party to use their brandname (and
linking to their site) when it doesn't use ClamAV code itself? It
supports other AV vendor pro
On 5/10/10 8:43 AM, Eddie Ekwo wrote:
Hello Everyone.
I am new to using ClamAV and I have searched through the mail archives for
help/pointers on setting up a tired freshclam update environment.
I have got a server that has access to the internet on port 80, so updates from
internet are not a
While testing my build of 0.96.1 today I was alerted by a screen message on
starting clamd that I had two bytecode files - compressed and uncompressed. I
removed the uncompressed file and restarted clamd. Later I checked the log to
see if there was more information I could add to logwatch and th
On 5/20/10 10:27 PM, Dennis Peterson wrote:
While testing my build of 0.96.1 today I was alerted by a screen message
on starting clamd that I had two bytecode files - compressed and
uncompressed. I removed the uncompressed file and restarted clamd. Later
I checked the log to see if there was
On 5/21/10 12:16 AM, Török Edwin wrote:
On 05/21/2010 08:40 AM, Dennis Peterson wrote:
On 5/20/10 10:27 PM, Dennis Peterson wrote:
While testing my build of 0.96.1 today I was alerted by a screen message
on starting clamd that I had two bytecode files - compressed and
uncompressed. I removed
On 5/21/10 7:17 AM, Török Edwin wrote:
On 05/21/2010 05:15 PM, Dennis Peterson wrote:
This is Solaris 9 on Sparc.
OK, I'll do some tests on Solaris9/Sparc.
Is everything OK on Solaris10/Sparc?
Haven't built that one yet. I'm still trying to understand what hap
On 5/21/10 7:17 AM, Török Edwin wrote:
On 05/21/2010 05:15 PM, Dennis Peterson wrote:
I don't get this error, what OS/arch is this?
ERROR: Failed to load new database: Malformed database
This message was in freshclam's log though, right?
This is Solaris 9 on Sparc.
OK, I&
On 5/21/10 8:06 AM, Török Edwin wrote:
On 05/21/2010 05:49 PM, Dennis Peterson wrote:
I just repeated this test (manually dl bytecode.cvd and test it with
clamscan)
My configuration is probably different than yours, that is why it fails
for you and not for me.
That is why I asked for output
On 5/21/10 8:14 AM, Shawn Bakhtiar wrote:
If your using wget:
form the man pages under -c option
Note that you don’t need to specify this option if you just want the current
invocation of Wget to retry downloading a file should the connection be lost
midway through. This is th
On 5/21/10 8:33 AM, Freddie Cash wrote:
It may not have happened on your network, but it's (filtering outbound
traffic) saved our bacon several times over the years, especially back in
the Code Red/Nimda days. And, in an educational setting (I work for a
school district now), you definitely do
On 5/21/10 8:22 AM, Török Edwin wrote:
-lmalloc? That looks like something related to the memory allocation
failure? Can you try without it?
And I'll try to see if I can reproduce the problem with -lmalloc.
Yep it fails with -lmalloc here.
Please remove that from LDFLAGS, and it should work
On 5/21/10 9:28 PM, ClamAV List wrote:
Hi,
I upgraded to 0.96.1. Whenever I restart clamd, it will prompt me the error
below.
Starting Clam AntiVirus Daemon: LibClamAV Warning: Detected duplicate
databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually
remove one of them
Whic
Has the team explored the notion of checking MD5 hashes of signature files
before deciding to reload them? Is it even possible to reload only those that
have changed since the last reload?
dp
___
Help us build a comprehensive ClamAV guide: visit http:
On 5/22/10 1:12 AM, Török Edwin wrote:
On 05/22/2010 08:34 AM, Dennis Peterson wrote:
Has the team explored the notion of checking MD5 hashes of signature
files before deciding to reload them?
This might be useful if partial reloads would be supported, but see below.
clamd checks the
On 5/13/10 11:46 PM, Török Edwin wrote:
On 05/14/2010 08:19 AM, Jason Haar wrote:
On 05/14/2010 02:52 PM, Dennis Peterson wrote:
On 5/13/10 7:10 PM, Jason Haar wrote:
Why is Sourcefire allowing a third-party to use their brandname (and
linking to their site) when it doesn't use ClamAV
On 5/25/10 7:51 AM, Tomasz Kojm wrote:
On Tue, 25 May 2010 16:27:48 +0200 Sarocet wrote:
Tomasz Kojm wrote:
This scenario makes no much sense to me. First of all, as I wrote in the
previous email the files you provided as example are almost identical
(they only differ in high nibbles of six by
On 6/3/10 5:57 AM, Steve Basford wrote:
You can use 'sigtool -fPUA.HTML.Infected.WebPage' to find and print the
sigs, no need to unpack.
Also works for:
sigtool -fSanesecurity.Phishing.Fake.13780 | sigtool --decode-sigs
Could a --database type option be added to sigtool, for loading database
On 6/3/10 6:24 AM, Dennis Peterson wrote:
This is brute force but works:
grep -h Sanesecurity.Phishing.Fake.13780 * 2>/dev/null |sigtool
--decode-sigs
dp
It's brute force but apparently so too is the sigtool method. Grep is faster.
dp
>
> On 07/06/2010 09:38 AM, Chuck Swiger wrote:
> > Hi, JD--
> >
> So, the fedora distro people screwed up by setting it to level 44 in the
> source code?
>
Is it possible you installed only a clam client and not the full suite?
> So, should I be bringing this up with the fedora team?
Check
>
> On 07/06/2010 10:28 AM, Dennis Peterson wrote:
> >>On 07/06/2010 09:38 AM, Chuck Swiger wrote:
> >>> Hi, JD--
> >>>
> >> So, the fedora distro people screwed up by setting it to level 44 in the
> >> source code?
> >>
&g
On 7/6/10 3:27 PM, JD wrote:
I ran:
$ sudo clamdscan -l /tmp/clamdscan.log /sda1
/sda1 is the mount point for my windows partition.
I got tons of error mssages like this one:
/sda1/WINDOWS/Installer/265ad74.msp: Can't create temporary directory ERROR
In what directory is clamdscan trying to
On 7/6/10 5:31 PM, JD wrote:
On 07/06/2010 05:00 PM, Dennis Peterson wrote:
clamconf |grep TemporaryDir
$ clamconf |grep TemporaryDir
TemporaryDirectory = "/var/tmp"
TemporaryDirectory disabled
Is that what's causing it? The disabled setting?
Where do I enable it?
Now that
On 7/6/10 11:59 PM, JD wrote:
On 07/06/2010 05:57 PM, Dennis Peterson wrote:
Now that we see you have a discrepancy we need to know where it is. run
clamconf |less then look through the output to find the two lines above. The
output includes the configuration of clamd, freshclam, and clamav
On 7/26/10 4:27 AM, Moray Henderson wrote:
Now that mobile telephones have become advanced (stupid?) enough to
require virus protection, can ClamAV be usefully run on a mobile? Or
can anyone recommend free AV software for mobile devices?
Virus protection is a heavy weight process that does not
On 8/2/10 7:48 PM, Alex wrote:
Hi all,
I was thinking of implementing the MSRBL signatures, as they are
described on the sanesecurity site, but it appears they haven't been
updated in quite some time. I wouldn't have considered it, except that
they are listed on the sanesecurity site.
Are they
On 8/3/10 12:35 AM, Steve Basford wrote:
I've discontinued using them because of the lack of activity. I've also
shut off
SecuriteInfo and because of false positives, InetMsg signatures.
Hi Dennis,
If any FP's are reported here:
false_positive AT sanesecurity DOT me DOT uk
And surely the p
On 8/6/10 6:20 PM, Bill Landry wrote:
On 8/6/2010 9:42 AM, Dennis Peterson wrote:
On 8/3/10 12:35 AM, Steve Basford wrote:
I've discontinued using them because of the lack of activity. I've also
shut off
SecuriteInfo and because of false positives, InetMsg signatures.
Hi Denni
On 8/16/10 11:38 AM, Tomasz Kojm wrote:
Dear users,
ClamAV 0.96.2 was released on August 12, 2010. If you missed it check
it out here: http://www.clamav.net/download/sources. Highlights include:
It's compiled and runs fine in Solaris 9 and 10, and RHEL 5.4, here.
9.6.1 did not put a notice
On 8/23/10 7:45 AM, Jean Jacques Siebrits wrote:
WARNING: Current functionality level = 44, recommended = 51
rpm -qi clamav
Sorry, I forgot to mention it was a source installation. Configuration
string was:
./configure --prefix=/usr --sysconfdir=/etc --datadir=/var/run/clamav
--enable-milter
On 9/5/10 12:11 PM, Ted the insane wrote:
Hello,
How to exclude path form clamd?
And without Clamuko.
Thank you
Best regards
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Try somethin
On 9/14/10 1:55 AM, Tomasz Kojm wrote:
On Mon, 13 Sep 2010 20:54:28 +0100 Steve Basford
wrote:
In addition, there a brilliant Third-Party signature decoder here, which
will easily show you the content of the Third-Party signature,
just cut/paste or type in the signature name and it'll decode
Has any thought been given to allowing optional additional database directory
locations? I've never been real happy mixing the "OFFICIAL" signatures with the
"UNOFFICIAL" signatures, and there are some pragmatic reasons for avoiding
this intermingling.
Perhaps:
DatabaseDirectoryIncludePath /v
On 9/15/10 5:58 AM, cla...@pcez.com wrote:
Hello,
Let's try it again. I did not get a response last time so I will try it again
not trying to insult anyone with my stupidly.
I'm trying to use the whitelist file without much success. Could someone post
your "clamav.whitelist" file so I can see
On 9/15/10 7:47 AM, Tomasz Kojm wrote:
On Tue, 14 Sep 2010 09:22:48 -0700 Dennis Peterson
wrote:
Time tests of sigtool --find-sigs compared to grep. The output of either
sigtool or grep can be piped back in to sigtool --decode-sigs:
$ time sigtool --find-sigs Sanesecurity.Spam.10995
On 9/15/10 11:15 AM, Török Edwin wrote:
On Wed, 15 Sep 2010 10:05:02 -0700
Dennis Peterson wrote:
On 9/15/10 7:47 AM, Tomasz Kojm wrote:
On Tue, 14 Sep 2010 09:22:48 -0700 Dennis
Peterson wrote:
Time tests of sigtool --find-sigs compared to grep. The output of
either sigtool or grep can
On 9/15/10 10:02 AM, Jerry wrote:
On Wed, 15 Sep 2010 09:36:44 -0700
Dennis Peterson articulated:
Some of us see that request as a breach of etiquette as well as a
security risk. I really don't wish to publish my free pass info :)
So you enter random data in the fields. T believe tha
On 9/21/10 9:55 PM, Nathan Gibbs wrote:
* Nathan Gibbs wrote:
I won't say that my implementation is the best way, it certainly isn't pretty,
but it works.
Now will the REAL C CODERS PLEASE STAND UP!
Do it right and show me how its done.
Better yet, just do it right the first time, and I won'
It builds and runs without weirdness on Solaris 9, Sparc, gcc 3.3.2, Solaris 10,
Sparc, gcc 3.4.2, Apple OS X Snow Leopard 32-bit, gcc 4.2.1, Snow Leopard Server
64-bit, gcc 4.2.1, and Red Hat Linux 5.4, gcc 4.1.2.
I'm happy here. And yes, 3.3.2 is getting pretty old and tired.
dp
On 9/22/10 6:58 AM, Nathan Gibbs wrote:
Those guys could do this better than me any day of the week. They could code
circles around me, but so far they won't. what does that tell you?
They have higher priorities.
dp
___
Help us build a comprehensi
On 9/27/10 1:24 PM, Alex wrote:
Hi,
In addition, there a brilliant Third-Party signature decoder here, which
will easily show you the content of the Third-Party signature,
just cut/paste or type in the signature name and it'll decode it:
http://www.sanesecurity.com/clamav/decodesigs.htm
Some
On 9/27/10 11:55 PM, Török Edwin wrote:
On Tue, 28 Sep 2010 04:36:15 +0200
If you want to reject by content, you can do that as well (only for
nonencrypted archives of course) by writing a signature for your
filetype, and treating it as if it was a virus.
Rather than depend on file extension
On 9/28/10 5:40 AM, Daniel McDonald wrote:
On 9/28/10 2:05 AM, "Dennis Peterson" wrote:
On 9/27/10 11:55 PM, Török Edwin wrote:
On Tue, 28 Sep 2010 04:36:15 +0200
If you want to reject by content, you can do that as well (only for
nonencrypted archives of course) by writing a
On 9/30/10 8:57 PM, Syed Zubair wrote:
This is what I get when I try to install ClamAV 96.3: Help
configure: Summary of engine detection features
autoit_ea06 : yes
bzip2 : bugged (CVE-2010-0405)
zlib: /usr
unrar :
On 9/30/10 10:10 PM, Al Varnell wrote:
Apple released an upgrade to bzip2 a few days ago - did you install it?
I don't think so. I just checked the user and developer support downloads and
there's no sign of it. It has been available from third party porting
publishers, but nothing heard
On 9/30/10 10:22 PM, Dennis Peterson wrote:
On 9/30/10 10:10 PM, Al Varnell wrote:
Apple released an upgrade to bzip2 a few days ago - did you install it?
I don't think so. I just checked the user and developer support downloads and
there's no sign of it. It has been available
On 9/30/10 10:36 PM, Dennis Peterson wrote:
On 9/30/10 10:22 PM, Dennis Peterson wrote:
On 9/30/10 10:10 PM, Al Varnell wrote:
Apple released an upgrade to bzip2 a few days ago - did you install it?
I don't think so. I just checked the user and developer support downloads and
there
On 9/30/10 10:44 PM, Dennis Peterson wrote:
On 9/30/10 10:36 PM, Dennis Peterson wrote:
On 9/30/10 10:22 PM, Dennis Peterson wrote:
On 9/30/10 10:10 PM, Al Varnell wrote:
Apple released an upgrade to bzip2 a few days ago - did you install it?
I don't think so. I just checked the use
On 10/1/10 3:24 AM, TR Shaw wrote:
Al
Just compile bzip2 from the source. Thats what I did and everything was fine.
Tom
The bzip2 source is a mess that requires much customization to build as the
author hasn't the resources to put it together right. It builds fine in Solaris,
not so fine o
On 10/1/10 11:30 PM, Al Varnell wrote:
On 10/1/10 12:07 AM, "Dennis Peterson" wrote:
A short term solution until Apple updates bzip2 is to install MacPorts if not
already installed, and use it to install bzip2. It will install it in
/opt/local
so you need to add an option to y
On 10/4/10 9:20 AM, Al Varnell wrote:
On 10/4/10 7:51 AM, "Dennis Peterson" wrote:
On 10/1/10 11:30 PM, Al Varnell wrote:
On 10/1/10 12:07 AM, "Dennis Peterson" wrote:
A short term solution until Apple updates bzip2 is to install MacPorts if
not
already installed, a
On 10/4/10 10:03 AM, Al Varnell wrote:
On 10/4/10 9:39 AM, "Erwan David" wrote:
On 04/10/10 18:25, Dennis Peterson wrote:
On 10/4/10 9:20 AM, Al Varnell wrote:
On 10/4/10 7:51 AM, "Dennis Peterson" wrote:
On 10/1/10 11:30 PM, Al Varnell wrote:
On 10/1/10 12:07
On 10/4/10 6:03 PM, Al Varnell wrote:
I troubleshoot ClamXav for users and it's important for me to not get ahead
of the ClamXav developer or Apple, so I must leave things as they are until
Mark has a chance to compile and release 0.96.3 and or Apple gets around to
fixing bzip2.
I just don't
On 10/4/10 6:25 PM, Al Varnell wrote:
otool gives me identical results
I've got a PPC so I'm still at Leopard 10.5.8.
$ ls -l *bz2*
-rwxr-xr-x 1 root wheel 282048 Nov 11 2008 libbz2.1.0.4.dylib
-rwxr-xr-x 1 root wheel 282048 Jun 17 2009 libbz2.1.0.5.dylib
lrwxr-xr-x 1 root wheel
On 10/4/10 8:29 PM, Al Varnell wrote:
Could it be that clamd was somehow compiled with 1.0.2?
It appears that your library is 1.0.2 regardless of what the binary might be.
Did you ever do a restore of you /lib? That's most frequently how libs get
mysteriously backleveled. Assuming it was ever
On 10/29/10 6:22 AM, Carlos Mennens wrote:
My question is where or how can I see what the location of the two
infected files are? I looked at /var/log/clamav/freshclam.log& didn't
see anything there when grep'ing for the word "infected".
In my logs I look for "FOUND".
dp
___
On 10/29/10 11:28 AM, Carlos Mennens wrote:
On Fri, Oct 29, 2010 at 1:12 PM, Dennis Peterson wrote:
On 10/29/10 6:22 AM, Carlos Mennens wrote:
My question is where or how can I see what the location of the two
infected files are? I looked at /var/log/clamav/freshclam.log&didn&#
=== quote =
Subject: Re:[Clamav-users]Locating Infected Files in Logs
Hi Dennis:
Can you answer this one regarding infected files. The log file is on
stdout as follows: is this reading the ClamAV files are infected? How
do I get rid of the 45 infected files if they are really infected.
On 2/28/11 7:30 AM, Török Edwin wrote:
Maybe we should tag all our new signatures with 0.96.4+ (ldb, bytecode,
and ndb at least)?
Of course that means that 0.95 would be even less effective at detecting
malware than it already is (no VI/IDB/CBC support there), but apparently
people running 0.95
On 3/5/11 8:36 AM, Jim Preston wrote:
You have missed the point, my system does serve my needs to the extent that
upgrading the OS is not worth the benefit till now. A major cause is the lack of
a clean upgrade path from the early FC versions. The recommended method was a
clean install. Since v
On 3/6/11 1:43 PM, Alex wrote:
The MBL_144360 is still present in the mbl database, but now it
doesn't match.
That signature has a big google footprint. I found it here, for example:
http://permalink.gmane.org/gmane.comp.security.virus.clamav.sanesecurity/3094
It would seem there is a QA pro
On 3/16/11 7:24 AM, Russ Tyndall wrote:
On Mar 15, 2011, at 4:51 PM, Chuck Swiger wrote:
One thing you might consider doing is using "find /location -mtime 1" to
generate a list of which files have been modified over the past day, and only scanning
these via clamdscan -f.
I experimented wi
On 3/18/11 10:18 AM, Chuck Swiger wrote:
On Mar 17, 2011, at 6:22 PM, Dennis Peterson wrote:
Since you're thinking in this direction you may discover locate is faster than
find though it has issues of it's own as well as opportunity. See more at man
locate. Locate searches a
On 3/18/11 11:12 AM, Chuck Swiger wrote:
On Mar 18, 2011, at 11:02 AM, Dennis Peterson wrote:
Yes, and while locate is great for older files, is not really intended for
detecting files which have appeared over the past day on a fileserver. By
default, the locate DB is only rebuilt once a
On 3/18/11 11:29 AM, Chuck Swiger wrote:
On Mar 18, 2011, at 11:22 AM, Dennis Peterson wrote:
[ ... ]
Took a while but you're at least thinking.
Please spare the readers of the list this sort of pointless sarcasm. *plonk*
That wasn't sarcasm. It was a compl
On 3/19/11 5:51 AM, G.W. Haywood wrote:
As Mr. Petersen says there are few restrictions on the databases, and
it would seem that 'updatedb' and 'locate' are well-suited to the task
if the OP is happy with a non-real-time approach.
Locate will find directories and dump the contents. That is pr
On 4/14/11 7:00 AM, Bowie Bailey wrote:
On 4/14/2011 9:49 AM, Antonio Pereira wrote:
Thanks
I ad put in
MBL_200562.UNOFFICIAL
instead of
MBL_200562
I reloaded clamav and now it works.
I would have done the same thing if I hadn't looked at the Sanesecurity
file first. I think "UNOFFICIAL" i
On 4/14/11 7:21 AM, Nathan Gibbs wrote:
* Dennis Peterson wrote:
It is a non-optional logging feature of ClamAV. I'd like to see a config
option in there to turn it on or off. As it is I edit the source code at
each build and turn it off.
Could you send me your code for that? I'l
On 4/16/11 1:50 PM, Nathan Gibbs wrote:
Which is right along the lines of what the OP wants.
The OP wanted ( Re: *.UNOFFICIAL Virus Names ):
"It is a non-optional logging feature of ClamAV. I'd like to see a config
option in there to turn it on or off. As it is I edit the source code at
each bu
On 4/17/11 1:35 PM, Nathan Gibbs wrote:
* Steve Basford wrote:
I receive .UNOFFICIAL reports too, which aren't produced by Sanesecurity,
so instead I forward them on and/or whitelist.
This page shows FP contact details for all the .UNOFFICIAL ones
http://www.sanesecurity.com/clamav/fps.ht
On 4/17/11 1:28 PM, Nathan Gibbs wrote:
* aCaB wrote:
On 04/17/11 05:05, Dennis Peterson wrote:
Adding the hard-coded UNOFFICIAL reduces some liability from the Clamav
team.
Which is why it shouldn't be changed in the underlying libclamav.
That! And lots of daily annoyances wi
On 5/26/11 7:27 AM, Michael Scheidell wrote:
Two different servers, in two different data centers, trying to pull the latest
safebrowsing list, hung, cpu 100%
Having a similar problem with the Canadian pool at IP: 24.215.0.24 - the
download never finishes, the socket is closed, freshclam kee
On 5/27/11 7:05 AM, Dennis Peterson wrote:
On 5/26/11 7:27 AM, Michael Scheidell wrote:
Two different servers, in two different data centers, trying to pull the
latest safebrowsing list, hung, cpu 100%
Having a similar problem with the Canadian pool at IP: 24.215.0.24 - the
download never
On 5/27/11 7:36 AM, Michael Scheidell wrote:
On 5/27/11 10:26 AM, Dennis Peterson wrote:
On 5/27/11 7:05 AM, Dennis Peterson wrote:
On 5/26/11 7:27 AM, Michael Scheidell wrote:
Two different servers, in two different data centers, trying to pull the
latest safebrowsing list, hung, cpu 100
On 5/27/11 8:11 AM, Michael Scheidell wrote:
On 5/27/11 11:07 AM, Dennis Peterson wrote:
Obviously, but a second verification is helpful whereas rants from a sample of
one? Well, not so much.
my email was clear, concise, and very the problem easily duplicated.
you really have a thin skin
On 7/14/11 9:57 AM, James Ralston wrote:
On 2011-07-11 at 13:40-04 Christopher X Candreva wrote:
I have one machine run freshclam, and use rsync to update all my
other servers with the databases. The clamav user has to have ssl
keys set up so it can ssh to the other servers without a password
>
>
>
> I suggest that you rely on our twitter feed for real time info
> (twitter.com/clamav)
>
In my opinion, if twitter is a requirement for using ClamAV then this project
is doomed. I don't see our 'business' endorsing our NOC playing with twitter as
part of the job. I hope they don't re
On 7/25/11 9:35 AM, Luca Gibelli wrote:
Hello,
The service is still in beta, you are welcome to contact Luca Gibelli
if you intend to join the beta program.
We especially welcome those who already distribute their own unofficial
signatures to join. A list of databases distributed by the ne
On 8/2/11 6:35 AM, Alain Zidouemba wrote:
Alex,
Your (or any) submissions are not being ignored. We have have just
been facing a large volume of submissions and prioritization sometimes
makes it that it takes us longer than we'd want to to get to some
submission.
I will be contacting you shortl
On 9/3/11 1:25 AM, Paul Kraus wrote:
On Fri, Sep 2, 2011 at 11:37 AM, Anne Wilson wrote:
No. As I reported yesterday, that returns
ls: cannot access
/home/anne/.kde/share/apps/kmail/imap/.1687036093.directory/.INBOX.directory/Newsletters:
No such file or directory
Anne,
Typical troubl
On 9/9/11 4:25 AM, G.W. Haywood wrote:
So what's the problem?
I guess I'd like to see what your Checkpoint firewall rules in your DC look like
and read your presentation to your security team justifying connecting your
system to unknown systems using a distribution method most better known for
On 9/9/11 3:07 PM, Nathan Gibbs wrote:
Not everyone on this list works in your kind of shop.
Our shop has a host whose main purpose in life is to torrent Debian ISO's.
All the other person is asking, is why can't we have the capability to
use torrents?
This solution could take load off the glo
On 9/13/11 3:15 PM, Bryan Burke wrote:
At least concerning this issue, is there anything more to be done?
Eliminate some unknowns - like maybe your DNS doesn't like big packets. Add this
*temporarily* to your host table:
88.198.67.125 db.us.big.clamav.net
And try again - and try with yo
On 9/13/11 7:53 PM, Noel Jones wrote:
On 9/13/2011 9:03 PM, Bryan Burke wrote:
My logs show successful update sources in the last line, but not when there
is no update.
Ok, well I did check the output of the grep before posting the number of lines
on this
list, and all log entries mentioning
On 9/13/11 8:05 PM, Dennis Peterson wrote:
I've just sent the URL to validator.wc3.org and got the same problem with this
message:
My fat fingers intended to type http://validator.wc.org and not what they did
type.
dp
___
Help us bu
On 9/13/11 8:31 PM, Al Varnell wrote:
Sounds like the server will be pulled, so you may not care, but since I went
through the effort.
Made changes to the hosts file.
Ran dig $ db.us.clamav.net
Does your dig use the host table? Mine does not. Same with nslookup. I can't
imagine why they w
301 - 400 of 1801 matches
Mail list logo
