I haven't been able to find this answer in the archives.
Can I scan WinXP archive drives for malware with ClamAV running on my
Ubuntu laptop and find any viruses, bots, or whatever?
With ClamAV, I'll just have to delete the infected files, correct? No
cle
Hello, I am writing with a question about the EOL policy here:
https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-eol.md
I have a few 0.97.7 instances still out there and the wording in the EOL
has me wondering if they are technically unsupported. Is the 0.97 branch
still supported?
Mayb
Hi,
When you have "UNOFFICIAL" in the Clamav findings, means that a signature
was created with a sigtool either for md5 or hex-dump and added manually in
the .hdb or .ndb files.
I strongly encourage you not to use any database you dont know, because
the signatures may be written for a purpouse
Where?
2015-12-03 17:13 GMT+00:00 Current, Gordon D. :
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
Grato,
Tozo
_
On Tue, May 26, 2009 at 11:01 AM, Sander Marechal wrote:
> Thomas Lamy wrote:
> > I've use the clamav mod for PHP5 for a while, but was pretty
> disappointed.
> > Apache reload times (envolving clam database loading) were ridiculous. I
> > ended up with a ~50 liner, which connects to a running cla
Hi all.
I'm trying to track down a performance issue that I get using clamwin,
and I've traced the problem back to clamav (I've tested clamav's
current subversion on my Debian Etch box).
On my Thinkpad T60, I can run clamscan against a 24 megabyte binary
(filled with random bytes) in about 10 sec
On Mon, Feb 23, 2009 at 11:16 AM, Nigel Horne wrote:
> Folks,
>
> On Saturday I broke my left collar bone while playing American Football
> with some neighbourhood children. The good news is that I will still be
> able to work and reply to emails and phone calls, the bad news is that
> because I
anyone suggest a
solution ?
Thanks,
- J
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http
d to older versions of
> clamd (a couple of years back).
>
> I’m pretty sure this is a minor mistake on my part; can anyone suggest a
> solution ?
>
> Thanks,
>
> - J
Hello,
Just wondering if anyone has any advice regarding this issue.
Thanks,
- J
__
Hi Noel,
> On Feb 22, 2018, at 10:23 AM, Noel Jones wrote:
>
>> On 2/22/2018 8:29 AM, J Doe wrote:
>>
>>> Hello,
>>>
>>> I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and
>>> utilize it as a milter for Postfix v. 3.1.
don’t see any other options to specify a freshclam update check every 30
minutes.
Thanks,
- J
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV
> On Jun 4, 2018, at 11:08 AM, Micah Snyder (micasnyd)
> wrote:
>
> J,
>
> It appears that the info in freshclam.conf is out of date, and both the
> Google safebrowsing API have changed as well as our practices for publishing
> safebrowsing signature databases h
. clamd always has support for Mach-O binary scanning enabled ?
2. clamd includes this under the ScanELF parameter (ie: if ScanELF yes means
scan Mach-O as well), as a Mach-O binary is also a Unix binary ?
Thanks,
- J
___
clamav-users mailing list
clamav
book ?
Thanks,
- J
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi Terry,
maybe you need to change your amavisd.conf
like
...
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com)$'i,
# double extension
# qr'\.(exe|vbs|pif|scr|bat|com)$'i,
# banned extension
...
There is nothing to do with clamav.
Content-type: Multipart/Alternative; boundary="Alt-Boundary-8157.30078100"
--Alt-Boundary-8157.30078100
..
> > >
> > > $ v /var/run/clamav/clamd.ctl
> > > srwxrwxrwx1 amavis amavis 0 Jun 7 19:55
> > > /var/run/clamav/clamd.ctl
> >
> > OK, your are running both processes under user amavi
Hy Henry,
...
> infections, many of which are not detected by our Symantec
> NAV Corporate edition (with up to the minute definitions).
> i keep submitting files to Symantec, and they keep sending
> me back responses that, yes, my file is infected, and with
> the latest definitions i'll catch
The eicar string is in the right format, because it is recognised by clamav
when sending it as a normal attachment (this was already stated in my first
email). But when sending it as an OLE object inside an excel sheet it is not
detected.
Furthermore I have OLE2 scanning enabled in clamav
Can
From: GiM <[EMAIL PROTECTED]>
Reply-To: ClamAV users ML
To: ClamAV users ML
Subject: Re: [Clamav-users] Scanning of ole objects in excel sheet
Date: Wed, 15 Mar 2006 10:39:40 +0100
B Boomerang in message '[Clamav-users] Scanning of ole objects in excel
sheet' wrote:
> Hello,
>
> I have first
From: Robert Hogan <[EMAIL PROTECTED]>
Reply-To: ClamAV users ML
To: ClamAV users ML
Subject: Re: [Clamav-users] Scanning of ole objects in excel sheet
Date: Wed, 15 Mar 2006 18:12:10 +
On Wednesday 15 March 2006 16:23, Robert Hogan wrote:
> > I have first created an .exe file containing th
Hi all,
I wrote a simple script to listen to the OnUpdateExecute, OnErrorExecute and
the OnOutdatedExecute commands from freshclam.
It has been working well for about a year now, so I think it is okay.
Thank you developers for implementing 'OnOutdatedExecute', -I really don't
have the time to
> I developed this http://newmail.axess.com/virus/
Do you mind sharing it?
Regards
Joran Kvalvaag
> But it's only currently for Qmail/simscan (until someone wants to write
> a backend for another scanner).
> Regards,
> Rick
___
http://lurker.clama
Hi all, I'm running into a very baffling error with freshclam I'm hoping
someone can shed some light on. When I run Freshclam (either from a cron
script or manually from a SU'd account) I get the following error.
relay-01:/# freshclam
ClamAV update process started at Fri Jul 14 14:42:47 2006
SEC
Stephen,
Here's the output I'm looking:
relay-01:/etc# host -t txt current.cvd.clamav.net
current.cvd.clamav.net text "0.88.3:39:1599:1152901741:1"
relay-01:/etc# perl -e 'printf "%d\n", time;'
1152915750
3 * 3660 = 10980 and the difference I'm seeing here is 14009. What's really
strange is th
On 7/14/06, Stephen Gran <[EMAIL PROTECTED]> wrote:
On Fri, Jul 14, 2006 at 12:27:13PM -0700, J. Chieppa said:
> Stephen,
>
> Here's the output I'm looking:
>
> relay-01:/etc# host -t txt current.cvd.clamav.net
> current.cvd.clamav.net text "0.88.3:39:1599
After upgrading from 0.97.6 to 0.98.1 I get the following messages on
the console:
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: fmap: map a
ay 01 Mar 2014 17:01:20 J. W. Andersen wrote:
After upgrading from 0.97.6 to 0.98.1 I get the following messages on
the console:
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid t
at 11:01 AM, J. W. Andersen wrote:
After upgrading from 0.97.6 to 0.98.1 I get the following messages on the
console:
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length
Hello ClamAV Users,
I have a Solaris 10 system.
Openssl 1.0.1g is installed at /usr/local/ssl configured like so:
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl
old Openssl 0.9.7d is installed at /usr/sfw from the appropriate solaris
packages.
Im building clamav 0.98.4 and confi
On Thu, 2014-08-21 at 19:22 -0400, Steven Morgan wrote:
> Hi Urban,
>
> I took a look at this code. The real problem is the inability to
> create a
> temporary file. The second message just results from the return code
> of the
> function that attempts to create the temp file. We need to find out
On Wed, 2009-06-03 at 16:00 -0500, Javier Lopez wrote:
> Hi community,
>
> I would like to know if there is a way to send the e-mail messages that
> were clasified by clamav as "Infected Message" to a particulary e-mail
> account automatically as they are detected.
Yes. Using amavisd-new, I c
me.
I'd be happy to see it in the same twitter feed as the pattern updates.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
obably
want to do something like:
$ cat eicar.txt | clamdscan
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi,
Until yesterday, I was running the clam daemon (0.96.2) and able to establish a
tcp socket connection. Then I updated the database and started seeing duplicate
start messages and a warning to update. So I updated to 0.96.3.
Now I cannot establish a tcp connection. I can run the scan tests,
t;
On Sep 21, 2010, at 5:20 PM, Wendy J Bossons wrote:
Hi,
Until yesterday, I was running the clam daemon (0.96.2) and able to establish a
tcp socket connection. Then I updated the database and started seeing duplicate
start messages and a warning to update. So I updated to 0.96.3.
Now I
7
Phone 617-253-0770
Fax 617-253-4462
wboss...@mit.edu<mailto:wboss...@mit.edu>
http://libraries.mit.edu
On Sep 22, 2010, at 2:34 AM, Török Edwin wrote:
On Tue, 21 Sep 2010 17:28:55 -0400
Wendy J Bossons mailto:wboss...@mit.edu>> wrote:
Note: after the last reinstallation, I cannot
I am running clamav on my dev laptop which is Snow Leopard, running FreeBSD.
The bzip2 warning if I don't have to worry about it -- that's fine. But if I
wanted to fix the issue, I don't think it's obvious how to go about it. I would
rather ran the software without the warning -- warnings are th
r clamav from rpm, then it's pretty easy to add a
patch like this to a specfile...
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
What is the overhead of opening and closing socket connections to clamd?
I am trying to get some metric on that, but they are not making sense to me.
What should be the amount of time in milliseconds that this takes, scanning x
length files, different types of files, etc?
Any information relate
Bossons
Senior Software Engineer
MIT Libraries
Software Analysis and Development
77 Masachusetts Avenue
Cambridge, MA 02139-4307
617-253-0770
wboss...@mit.edu<mailto:wboss...@mit.edu>
On Nov 4, 2010, at 10:24 AM, Matus UHLAR - fantomas wrote:
On 04.11.10 10:09, Wendy J Bossons wrote:
What
Edwin wrote:
On Thu, 4 Nov 2010 10:09:19 -0400
Wendy J Bossons mailto:wboss...@mit.edu>> wrote:
What is the overhead of opening and closing socket connections to
clamd?
Depends on system load, if all your CPUs are busy it might take until
the next time slice till clamd gets a chance to respon
wrote:
On Thu, 4 Nov 2010 11:50:40 -0400
Wendy J Bossons mailto:wboss...@mit.edu>> wrote:
Ok. I see. That's good -- it is clearer.
One question and this has been blocking my understanding as well --
when I scan a small pdf, I am getting this . . . INSTREAM: Size limit
reached, (request
Fax 617-253-4462
wboss...@mit.edu<mailto:wboss...@mit.edu>
http://libraries.mit.edu
On Nov 4, 2010, at 2:34 PM, Török Edwin wrote:
On Thu, 4 Nov 2010 14:02:16 -0400
Wendy J Bossons mailto:wboss...@mit.edu>> wrote:
I have been sending the chunk size, and then its contents, bu
Hello,
I recently completed a project to integrate virus scanning features into an
application, which uses the clamav daemon.
We are completing our documentation. I'm a little confused about the feature
set between the unix version and the windows version. I have only tested using
the unix ver
lt;mailto:wboss...@mit.edu>
http://libraries.mit.edu
On Dec 16, 2010, at 2:09 PM, Török Edwin wrote:
On Thu, 16 Dec 2010 13:16:13 -0500
Jerry mailto:clamav.u...@seibercom.net>> wrote:
On Thu, 16 Dec 2010 19:05:17 +0200
Török Edwin mailto:edwinto...@gmail.com>> articulated:
On
Just a friendly aside, it was clear from Edwin's first response that the ClamAV
port for windows is true. My other question about tcp sockets remains.
..\wendy
On Dec 16, 2010, at 2:24 PM, Wendy J Bossons wrote:
Maybe I wasn't specific enough. The application that I develop for
When I run make/make install, it ends and following are the suspect errors. The
only dirs in my clamav install are lib and include, e.g. no bin or other
expected dirs. This is a clean install, with the exception that I had run the
make make install on a different home directory just prior -- wit
3:31 PM, Wendy J Bossons wrote:
> When I run make/make install, it ends and following are the suspect errors.
> The only dirs in my clamav install are lib and include, e.g. no bin or other
> expected dirs. This is a clean install, with the exception that I had run
> the make make i
Hi,
what key is the 0.97.5 package signed with?
I had the previous key on my gpg keyring.
Thanks
A Thew
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
off-list?
>
> Open a bugreport on bugzilla, and attach the example.
attach it to bugid 396, which I opened yesterday for the same cause.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
On Thu, 2007-03-08 at 16:54 +0100, Ralf Hildebrandt wrote:
> * Don Drake <[EMAIL PROTECTED]>:
>
> > I would, but I'm getting the following error in Bugzilla:
> >
> > You are not authorized to access bug #396.
>
> I wonder why that is -- it's a stupid idea IMHO.
>
I believe all bugs are coded a
t
as default, and the new clamd.conf file provided by the RPM puts the
clamd.sock file in a different location.
In either case, cleaning up clamd.conf and restarting clamd will fix
your problem.
>
> Thanks
> Sebastian
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin E
blem, and ensure that freshclam does update properly? Thanks.
Instead of
AllowSupplementaryGroups
make it
AllowSupplementaryGroups yes
You will probably need to read through the whole freshclam.conf and
clamd.conf file to make those changes.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, C
uch file or directory
Check that /etc/init.d/clamd refers to an image in the same location
that you installed it. You might have put clamd in /usr/local/sbin, and
the init.d file might be referring to /usr/sbin, as an example.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http:/
the zip error that Nigel claims to have fixed in SVN, this
has been a near flawless upgrade.
> Thank you to all who answered my original email and to the ClamAV crew for
> the hard work you put into this effort.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
h
d maybe you have set wrong
> >permissions/rights on the socket-"file".
> >
> >Sven
>
> clamd.conf is shown 644 root:root, should it be 644 clamav:clamav?
That's not the problem. /var/lib/clamav/clamd.socket, or wherever you
have put it, is the likely is
The only way it could
know would be using the Obsoletes: tag in the rpm itself, but you can
only fiddle with a specfile in a SRPM...
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
___
Help us build
erclient
deny from all
> Thanks for any help
>
> Chris
>
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
h
es in the %doc section and it should do
fine.
While you are at it, upgrade to 0.90.3 ;-)
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.c
directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 25.20 MB
Time: 488.716 sec (8 m 8 s)
from the content, it appears to be marketing anyway, so it's not
critical, but advice on what to do with it would be appreciated.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austi
>
> Wait a couple minutes, and see if the socket is created:
>
> srwxrwxrwx 1 clamav clamav 0 2007-11-20 16:05 clamd.ctl
> -rw-rw 1 clamav clamav 4 2007-11-20 16:05 clamd.pid
> -rw-rw 1 clamav clamav 4 2007-11-20 16:00 freshclam.pid
>
> What source did you install from (sarge volatile?).
Has anyone be using ClamAV with FreeBSD 7? Are there any known problems? I use
clamd with MIMEDefang and Sendmail. TIA.
Richard
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
I want to setup a linux box with smoothwall, ipcop or some other
opensource internet security application (preferably linux based) at
home, but don't know how ClamAV might handle things like Antivirus 2008
that make fraudulent claims and are considered malware.
I searched archives, but don't co
ch)
2. Malware Scanning and blocking (Sain, David J.)
3. Re: Malware Scanning and blocking (Brandon Perry)
4. Re: Malware Scanning and blocking (Sarocet)
5. maliciout javascript in WWW pages (Matus UHLAR - fantomas)
--
I'm running clamd with MIMEDefang on a CentOS machine. Once in a while there
will be a day when there are many "Problem running virus scanner: code=999"
errors, anywhere from 1 or 2 (who cares?) to 4486 (now I'm concerned...), like
yesterday. The next
day, all will be back to normal until it hap
I can't believe I got not a single response to this, so I'm trying again:
I'm running clamd with MIMEDefang on a CentOS machine. Once in a while there
will be a day when there are many "Problem running virus scanner: code=999"
errors, anywhere from 1 or 2 (who cares?) to 4486 (now I'm concerned.
On Sat, 2008-12-06 at 17:29 -0800, Dennis Peterson wrote:
> Derek Currie wrote:
> > On Dec 6, 2008, at 12/06, 7:26 PM, Dennis Peterson wrote:
> >
> >> There is
> >> no naming standard.
> >
> > Again with the misinformation. There is, in fact, a naming standard,
Prove it.
> > and an organizatio
Noel Jones wrote:
>Richard J. Kieran wrote:
>> I can't believe I got not a single response to this, so I'm trying again:
>>
>> I'm running clamd with MIMEDefang on a CentOS machine. Once in a while there
>> will be a day when there are many "Prob
On Thu, 19 Feb 2009, Ian Eiloart wrote:
> Date: Thu, 19 Feb 2009 13:15:06 +
> From: Ian Eiloart
> Reply-To: ClamAV users ML
> To: ClamAV users ML
> Subject: Re: [Clamav-users] please remove
>
>
>
>>>
>>> Can we not have the list unsubscribe link in the footer, too? It's a
>>> legal requir
On Tue, 2009-03-17 at 16:59 +0200, Török Edwin wrote:
> On 2009-03-17 16:57, McDonald, Dan wrote:
> > On Tue, 2009-03-17 at 14:08 +, Steve Basford wrote:
> >
> >>> Is there a test string I can use to see if the SafeBrowsing code is
> >>> working properly? I've just set up 0.95RC2 with SafeB
naged to find 3 hits in the wild last week, out of about 181,000
messages. The messages were all identical
>
> You'd think someone at Google had the foresight to provide a test-URL.
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
___
e historical oddities for when they
are bored.
> Does ClamAV's 10k not include
> variants in it's numbers, but does in fact cover them?
>
> If anyone can provide some info regarding this, that would be most
> appre
Hello all,
I'm running ClamAV 0.65 which I installed on a RedHat 9 box from RPM
(ftp://crash.fce.vutbr.cz/pub/linux/clamav/clamav-0.65-2.i386.rpm).
I'm testing out running scans against the system using clamscan and
clamdscan (the clamd client), and I have the clamd daemon running.
Here are th
I've run into the following situation:
When an email comes in that is infected with
Worm.Mimail.G, clamscan isn't catching it, so
I did some manual testing:
Scan of the zip file:
clamscan readnow.zip
readnow.zip: OK
-
That should do it. It looks like I'm running 0.6
I'll get that upgraded right now and retest.
Thanks,
-Russell
Cedric Foll wrote:
Which version of clamav you use ?
With 0.65 it works fine. If the zip is corrupted it will says:
'Seriously Broken Zip FOUND'
Le ven 12/12/200
F.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
> Free Linux Tutorials. Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> __
respective of how
many times clamdscan is invoked. clamscan has to parse the virus
database each time clamscan starts up.
--
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy
---
This SF.net email is sponsored by: Perforce Software.
http://www.perforce.com/perforce/loadprog.html
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
--
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy
dering if you have GMP on your machine? It's needed to
> > verify the signatures of the new database files introduced with 0.65.
> >
> > /Peter Bonivart
--
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy
---
T
gt; make install, it then starts catching viruses again. How do I fix this?
Make certain you remove all of the 6.5 freshclam binaries. There are
installed in a different place now, and your path may be finding the 6.5
one before the 6.0 one.
--
Daniel J McDonald, CCIE 249
he
log files. Then the original log file is compressed, which essentially
deletes the old file.
--
Daniel J McDonald, CCIE 2495, CNX
Austin Energy
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Dev
y.cvd updated (version: 127, sigs: 688, f-level: 1, builder: tkojm)
Database updated (20675 signatures) from database.clamav.net
(152.66.249.132).
Clamd successfully notified about the update.
[EMAIL PROTECTED] clamav]#
Root has no problem. Is that limitation by design or accident?
--
Daniel J McD
an't open file /var/log/clamav/freshclam.log to write.
> > ERROR: Problem with internal logger.
> >
>
> does the "unprivileged user" have access to write to /var/log/clamav/ ??
>
Nope. It did not have write permission under 0.
On Fri, 2004-02-13 at 08:22, Nigel Horne wrote:
> On Friday 13 Feb 2004 1:58 pm, Daniel J McDonald wrote:
>
> > > does the "unprivileged user" have access to write to /var/log/clamav/ ??
> >
> > Nope. It did not have write permission under 0.65 either.
>
I am hooking clamscan into a procmail filter like this:
:0
CLAMAV=|/usr/bin/clamscan --disable-summary --stdout --mbox -
:0
* CLAMAV ?? .*: \/.* FOUND
{
:0 fhw
| /usr/bin/formail -a"X-ClamAV: ${MATCH}"
}
But clamscan seems to hang and never return. From strace it seem to be
stuck in a loop:
l,-a,X-ClamAV: Worm.SCO.A-dam FOUND"
Of course this only is working because I have commented out that
section of code in the clean up function clamav_rmdirs.
Brian
[1] Originally copied from:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF
-8&selm=13w6cjksyx6
But I couldn't find an answer in my quick glances through the archives.
Is there any way to tell clamav-milter to simply REJECT messages which
are found to be infected?
The bounce option *seems* to read, from the manpage, as though it will
actually generate a bounce message instead of simply re
On Feb 18, 2004, at 10:46 AM, Tarjei Knapstad wrote:
On Wed, 2004-02-18 at 15:41, Derek J. Balling wrote:
But I couldn't find an answer in my quick glances through the
archives.
Is there any way to tell clamav-milter to simply REJECT messages which
are found to be infected?
No, because t
kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
--
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy
---
I had my first virus slip through today. Something struck me as odd...
the .deb package recommends lha and zoo but doesn't say anything about
unzip... the payload was "misc.zip" which contained "misc.doc.com"...
does ClamAV not scan into zip files?
D
smime.p7s
Description: S/MIME cryptographi
On Feb 25, 2004, at 11:40 AM, Peter McCreath wrote:
I'm still having problems with zip files containing
viruses getting past Clamav,
I'm running Clamav 0.67 , with Mimedefang 2.39.
I've enabled Streamsavetodisk and Scanarchive in my
clamav.conf, but all to no avail.
Any pointers would be greatly ap
I was originally going to ask "how come this virus is getting through
([EMAIL PROTECTED])", but decided "let's update the virus definitions and see
if it's been added already".
Except that freshclam segfaults.
Anyone know of any known problems on that front?
[strace output below]
D
execve(
On Mar 1, 2004, at 11:00 PM, Me Its wrote:
I am using debian - sid, but I got error when I apt-get upgrade, when
it tries to install the new ClamAV
Sounds like something is odd. I just did that myself and now:
# dpkg --list | grep clamav
ii clamav 0.67-5 Antivirus scanner for Uni
On Mar 3, 2004, at 11:06 AM, Antony Stone wrote:
As far as I'm aware, all of these tests do not actually involve
viruses (or
even the Eicar test virus) - therefore you wouldn't expect an
Anti-Virus
program to be triggered by them. They are tests of other things to
do with
email which a mail se
On Mon, 2004-03-15 at 14:20, [EMAIL PROTECTED] wrote:
> Has the Ladmar.A virus been merged as a different virus? The count went
> down by 1 and Ladmar was removed. Any ideas?
It's been picking up false positives.
--
Daniel J McDonald <[EMAIL PROTECTED]&
d
> to av database?
Nope. Each zip file is created on the fly and encrypted with a random
password.
--
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial
work.
--
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fund
d ' ' -f 2 | sort |
> uniq); do
> echo -n "$VIRUS: "
> grep -c "$VIRUS" clamd.log
> done
Seems a tad repetitive:
grep FOUND clamd.log | cut -d \ -f 2 | sort | uniq -c
I'm sure someone could swap the final order for you...
--
Daniel
ich there was no alert, cranked in about
100 per day. Naturally, clamav caught them all.
--
Daniel J McDonald, CCIE 2495, CNX
Austin Energy
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Dan
ip of this directory is set to user/group amavis.
> Do my clamav user/group have to have a read access on this directory, if yes
> could you tell me how to set it .
> And then as i think i have to learn more on how to define rights under a
> linux system, could you told me a good tutorial of
1 - 100 of 373 matches
Mail list logo
