My clamav-milter is not load balancing between 2 hosts running clamd.
Startup commando:
/usr/local/sbin/clamav-milter --server=host1.domain.com:host2.domain.com
local:/var/run/clamav/clmilter.sock
Only host1 is used. If I put host2 first, host1 will not be used anymore and
everything will be send
some addional debug info:
LibClamAV debug: Running as user clamav (UID 106, GID 106)
LibClamAV debug: numServers: 2
If I stop the clamd process on host1 the clamav-milter process
on the sendmail server even crashes:
uid 106: exited on signal 10
--
policy work regulations.zip: OK
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820 298
mobile: +49 171 865 962 2
fax: +49 2371 211 443
e-mail: j.hartm...@kirchhoff-automotive.com
KIRCHHOFF Witte GmbH
c/o KIRCHHOFF Automotive GmbH
The maleware is not known atm only 12 virusscanner on Virus total detect it.
The spam wave hit us yesterday and caused a massiv internal spamwave.
Gesendet von meinem BlackBerry 10
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820
HI rajesh,
thanks for the rules, solved it for me
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820 298
fax: +49 2371 211 443
e-mail: j.hartm...@kirchhoff-automotive.com
KIRCHHOFF Witte GmbH
c/o KIRCHHOFF Automotive GmbH
Mit freundlichen Grüßen / Best Regards
i. A. Jan Hartmann
IT Administrator Groupware
phone: +49 2371 820 298
mobile: +49 171 865 962 2
fax: +49 2371 211 443
e-mail: j.hartm...@kirchhoff-automotive.com
KIRCHHOFF Witte GmbH
c/o KIRCHHOFF Automotive GmbH
Stefanstrasse 2
58638 Iserlohn
u can read
the file from that descriptor. In case it is transferred trough the TCP
protocol via INSTREAM command, the value is 'stream'.
Is there any chance to read that file from stream?
Thank you
Jan
smime.p7s
Description: Elektronicky podpis S/MIME
Hello,
try to use these signatures http://sanesecurity.com/foxhole-databases/
Jan
Dne 15.3.2016 v 04:03 Scott Galambos napsal(a):
I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it
still is not catching all these ZIP files with .js files inside them.
Is clamav suppo
ccessfully get the "clamd" command to work.
HELP, please!!! Thanx, Jan Elliott
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
ht
lmost as bullet-proof as UNIX, so this
episode with these pop-ups has been an eye-opener, one
that I could have done without!!!
Again, thanx for your response, and, if you have any
further thoughts, I'd be interested in hearing from you
again. Jan
=>> Hi there,
=>>
=>> On Wed
Thanx very much! I'll give it a try ASAP. Jan
=>> Jan,
=>>
=>> Look in clamd.conf for something like:
=>>
=>> LocalSocket /var/run/clamav/clamd.ctl
=>> FixStaleSocket true
=>> LocalSocketGroup clamav
=>> LocalSocketMode 666
=>>
I am also trying to "unsubscribe" to the clamav-users
list, but have not found a link or instructions on how to
do this. Thanx for pointing me to the email header! Jan
=>> Hi there,
=>>
=>> On Thu, 8 Sep 2022, Michael Piziak via clamav-users
wrote:
=>>
=>>
lem is new in Clamav 0.96,
clamav-0.95.3 does compile an run with these settings.
Thanks for your help.
Jan Kratochvil
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
e from Clamav 0.90 (stable) to Clamav
0.91 (testing). I tried to upgrade Postfix as well (from 2.3.8 to 2.4.6)
but it didn't help.
Any idea what's wrong or how to fix it? Thank you very much in
advance.
H.
--
Jan Hrdonka
___
Help us build
reproduce
> the problem, so I'd like to know if the 0.92 changes have helped.
It looks better after upgrade from 0.91 (etch-backports) to 0.92
(etch/volatile) - after running it a few days there's no error in the
log. Thank you!
H.
--
Jan Hrdonka
I have a Mac. Where do I find support for ClamxAV?
--Jan
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
> Clamav version is 0.90.1.
...
> So when I restart clamd, clamd scan
> email first, it took more than 20 minutes before it recreated pid and
> socket file.
I had similar problem with clamav 0.90 (OS Etch stable), after upgrade
to 0.91 problem disappeared.
H.
--
nks in advance !
Regards,
Jan
___
http://lurker.clamav.net/list/clamav-users.html
only hope the clamd daemon
is stable.
Regards,
Jan
- Original Message -
From: "Jan Alphenaar" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 31, 2005 12:29 PM
Subject: [Clamav-users] Clamscan slow on large attachements
All,
I was strugling with clamav this weekend for a f
316-1.
This means that on our medium sized ISP, we got so many false positives from
ClamAV in a few hours, that it would take several weeks for ClamAV to even find
the same number of true positives in our e-mail stream.
Guess that's the end of ClamAV as an e-mail virus scanner here...
--
,
--
-=== Jan-Peter Rühmann & Kuma
===-
Gubkower Str.7 [ Tel.: +49 (38205) 65484 ]
jan-pe...@ruehmann.name
18195 Prangendorf[ FAX: +49 (38205) 65212 ]
http://www.ruehmann.name
[ Tel.:
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hJGS9qFqrqFPPsvR2Nh89bjXmVT1vvC1q
From: =?UTF-8?Q?Jan-Peter_R=c3=bchmann?=
Reply-To: jan-pe...@ruehmann.name,
ClamAV users ML
To: clamav-users@lists.clamav.net
Message-ID:
Subject: [clamav-users] clamd onaccess scan and virusEvent
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hJGS9qFqrqFPPsvR2Nh89bjXmVT1vvC1q
From: =?UTF-8?Q?Jan-Peter_R=c3=bchmann?=
Reply-To: jan-pe...@ruehmann.name,
ClamAV users ML
To: clamav-users@lists.clamav.net
Message-ID:
Subject: [clamav-users] clamd onaccess scan and virusEvent
,
--
-=== Jan-Peter Rühmann & Kuma
===-
Gubkower Str.7 [ Tel.: +49 (38205) 65484 ]
jan-pe...@ruehmann.name
18195 Prangendorf[ FAX: +49 (38205) 65212 ]
http://www.ruehmann.
signature.asc
Description: OpenPGP digital signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam
,
--
-=== Jan-Peter Rühmann & Kuma
===-
Gubkower Str.7 [ Tel.: +49 (38205) 65484 (Privat) ] Mail:
jan-pe...@ruehmann.name
18195 Cammin [ Tel.: +49 (38205) 65215 (Firma) ] Web:
http://www.ruehmann.name
Deutschland [ FAX:
Am 04.08.2017 um 11:59 schrieb Reindl Harald:
>
>
> Am 04.08.2017 um 11:54 schrieb Jan-Peter Rühmann:
>> I´ve seen there is an plugin for ClamAv to scan RAR Archives.
>> To install it I shall enable the non-free repository but I can´t find
>> anything about how
&
Am 04.08.2017 um 13:11 schrieb Kees Theunissen:
> On Fri, 4 Aug 2017, Jan-Peter Rühmann wrote:
>
>> But there is no such Package as libclamunrar6.
> On debian 8 or 9 (with clamav 0.99.2) the package is called:
> libclamunrar7.
>
> I guess that name is also used on Ubunto.
&
time isn't free either, ClamAV is definately worse than
commercial AV products, even if you consider performance/price ratio.
Be aware that YMMV.
--
Jan-Pieter Cornet
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and d
On 2011 Jan 3, at 1:46 , TR Shaw wrote:
> On Jan 2, 2011, at 7:12 PM, Bob Traktman wrote:
>> Is there any reason not to keep ClamAv and Sophos Anti-Virus -- both active?
>
> None whatsoever. Defense in depth is a good thing.
Probably not. However, a contemplation...
It's
rsion: 12660
Signatures: 37218
Functionality level: 58
Builder: edwin
MD5: 4518087caf519a9f0d28135aade4e2a8
Digital signature:
x34ZJRr8E4mKeTiDl+XotNCMI6BEdCnZHi8F9AyX3o9L8LFQEXUZLXi2y6B4A7NyUtSbfj4e8+bOWFlB9dTw3aQBBRr0sfc4C5G/B1zOoIDggfBBe7ZqCqD4pzMCZDnOW4QCvh1BH/44GZft6xnVPpPxqfy2OsHkhorvOPAsZXh
Ve
Could someone please give some insight into what happened
the the v12663 daily.cld? How long did it take to notice the
problem, and how quickly was it fixed?
For us it took down clamd on 15 servers at 00:03 today, and
we received the fix 3 hours later... but clamd wasn't restarter
before later thi
On 2011 Feb 11, at 13:54 , Jan-Frode Myklebust wrote:
> For us it took down clamd on 15 servers at 00:03 today, and
> we received the fix 3 hours later... but clamd wasn't restarter
> before later this morning, leading to huge mailqueues.
>
> We should probably look into ver
On 2011-02-11, Jan-Pieter Cornet wrote:
> On 2011 Feb 11, at 13:54 , Jan-Frode Myklebust wrote:
>> For us it took down clamd on 15 servers at 00:03 today, and
>> we received the fix 3 hours later... but clamd wasn't restarter
>> before later this morning, leading to
On 2011 Feb 11, at 17:56 , Vincent Fox wrote:
> On 2/11/2011 8:31 AM, Jan-Pieter Cornet wrote:
>> On the other hand, since you haven't updated ClamAV in over a year, leading
>> to (significantly) decreased detection, maybe the scanning of email isn't
>> top p
FYI: I've been working on getting clamav-0.97 available in EPEL, and
now it's available in EPEL-testing. I would appreciate if any clamav/EPEL
users can try out this release, and give karma in bodhi so that we can
get it pushed to EPEL proper. Upgrade using:
yum --enablerepo=epel-testing
can trivially
create your own signature using an md5 hash and use that instantly.
That's one of the things I particularly like about clamav (and used a couple of
times in the past).
--
Jan-Pieter Cornet
"People are continuously reinventing the flat tyre".
PGP.sig
Descri
On 2011 Jul 19, at 17:20 , Luca Gibelli wrote:
> http://www.clamav.net/support/ml
What? If websites are a requirement for ClamAV then this project is doomed. I
don't see our NOC surfin the interwebz as part of the job.
(Sarcasm alert).
--
Jan-Pieter Cornet
"People are
there's a virus in range,
they just die :)
PS ;-)
--
Jan-Pieter Cornet
SSL is only keeping your connection safe from hackers, crooks and three
letter agencies by the least secured, least likely to refuse money from
strangers, and least bullying-proof of several hundred compani
choose whatever he or she
likes. But ADSP doesn't appear to be getting a lot of leverage, and if dmarc
does take off, ADSP will be obsolete.
--
Jan-Pieter Cornet
SSL is only keeping your connection safe from hackers, crooks and three
letter agencies by the least secured, least like
now puts in the virus
database directory.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinite
On Sat, Mar 10, 2007 at 11:26:10AM +0100, Marc Haber wrote:
> On Sat, Mar 10, 2007 at 11:11:39AM +0100, Jan-Pieter Cornet wrote:
> > Just put this in your freshclam.conf:
> >
> > ScriptedUpdates no
> >
> > It will make sure only .cvd files are downloaded.
>
you ever send
a notification "an email was addressed to you but it contained a virus",
that you will NOT send such notifications outside of your own
organisation, EVER. Not even in the form of an out-of-office reply to
such a message.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
artup time appears to be fixed in 0.91rc1.
Kudos to the delopers for recognising one of the roots of all evil).
So I don't think it's mimedefang that should label the clamscan
method as "not for production use".
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclame
till only just beginning to upgrade our several clusters
of FreeBSD 4 machines.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message i
ing 5-10 million mails a day, could be that we're seeing
more false positives due to the high volume)
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Ple
such atrocities. Good luck. Really. May I
suggest Mail::SpamAssassin::Plugin::DonQuixote ?
But please, in any case, stay away from virus scanning, because it
has nothing to do with that.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended rec
On Tue, Sep 25, 2007 at 03:17:35PM -0700, Bill Landry wrote:
> > Epoch time:
> > perl -e 'print time() . "\n";'
Golfed:
perl -le print+time
You can even leave the -l switch if used in ``, because the trailing
newline doesn't matter there.
--
Jan-Pieter Co
comes without perl if you do a bare bones install. Then again,
FreeBSD date groks %s).
So, TIMTOTDI squared (look ma', no perl!). This does the same as
date +%s too:
echo|awk '{print systime()}'
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of
it isn't
excessive so it can skip beyond the next header into the next message
body.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive
t is in
practice no problem to flat-out reject or discard mails that are flagged
as a virus.
However, spam and phishing detection has a much higher false positive
rate, so it's very unwise to discard the mails, and it's usually bad
to reject them (because of automatic bounce handling by leg
mails in a special folder.
>
> Why does this make you wanting to drop the use of ClamAV?
> You can filter based on "virus found name", and those containing
> 'Heuristics' can go to
> your special folder.
> Or you can turn the feature entirely off.
If we do sto
alse positives (or you'd need a pretty
huge test set). Since we're "reasonably" protected from FPs anyway, we
decided to put it in production, but found out we were tempfailing
legitimate paypal mails soon after, so we disabled the URL scanning.
--
Jan-Pieter Cornet <[EMAIL P
virusscanner, at some point,
to keep the users secure. And at the moment the NSA (or your local
favorite TLA secret agency) hears that that is possible, ISPs will get a
request for some more functionality in the transparent proxy, and your
privacy will be completely hosed.
--
Jan-Pieter Cornet <
hink that article pretty much gives every suggestion
that also went to this mailinglist in the past few days (regarding
the random generation, at least).
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of
On Tue, Jan 08, 2008 at 10:47:28PM +, Bob Hutchinson wrote:
> On Tuesday 08 January 2008 18:05, Charles Mckee wrote:
[how to update on multiple clients]
> > Cool thank you !! I must install a webserver !!
>
> or use rsync
And don't forget to "clamdctl reload".
On Mon, Jan 21, 2008 at 11:07:11PM -0600, Robert wrote:
> I'm running into the situation, quite regularly lately, where I have to do a
> virus scan of a machine that has either out-dated or no anti-virus software.
> Obviously, just installing some anti-virus software and ho
one who actually cares about delivering valid email to their
users, should switch this off.
> What I would like to know is why is this considered Phishing?
>
> What characterizes Phishing.Heuristics.Email.SpoofedDomain classification?
>
> What can I do to avoid such classification?
-
gram does not auto-respond to
mailinglist mails, especially not to the list itself. On some
mailinglists, it is grounds for immediate removal.
さよなら
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test
re
are tons of readily exploitable php out there? These exploited unix
servers aren't sending out viruses just because the spammer/botherder
has better use for them at this moment, not because it's impossible.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of t
;ll have to google it.
(how far away from viruses are we yet?)
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message ind
again unpleasantly surprised
by this. It is *NOT* the task of clamav to detect broken archives,
if you cannot extract the archive, give up, or AT MOST have a
configuration option on how to proceed (like ArchiveBlockEncrypted).
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addres
On Mon, Apr 21, 2008 at 11:45:39PM +0200, Jan-Pieter Cornet wrote:
> One of my customers is reporting that a file is being blocked as
> "Suspect.Zip". I haven't got a copy of the file itself, however,
> I started looking for the virus signature (as it is definately a
>
this on our mirror, there are no connections stuck
in FIN_WAIT_1 at all.
Could it be that all stuck connections you see, are the result of some
popular DSL-router/NAT box in your area, that behaves badly?
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email
f the already insignificant amount of email viruses (we don't
count phishes as a virus, they add to the score in SA).
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and d
st, some do, it seems.
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow ver
h really such a big deal now that people usually toss
DVD images around?)
Also note - every other virus scanner I'm aware of also comes with a
database "out of the box" (that sophos update I just downloaded
was also 24Meg). Of course, outdated as soon as you hit "Download&quo
tely big ISP, there's always something coming in.
The graphs are at: http://www.xs4all.nl/en/veiligheid/statistieken.php
(The URL itself is partly in Dutch, but don't let that scare you, the
page itself is in English)
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee
ase files. You could just run
> freshclam --submit-stats=/path/to/clamd.conf
> on the hosts that get real traffic. Would that work for you? (if so, we will
> activate this option in 0.94.1-final).
That would certainly work for us. We have the same setup: two freshclam
"config master&
n trust the signature file?
Because it's PGP signed. It's not just an md5 hash.
> Anyone in a position to compromise one would almost definitely be able
> to compromise the other.
Sure. But it would be suspect if gpg/pgp says:
Good Signature by Snake Oil <[EMAIL PROTECTED]&
rules, then bye bye, unsubscribe *.uk and go and have fun on
clamav-uk-us...@lists.1984.gov.uk. Or at least, that's what I'd say if I
were the list operator, which I'm not (I do administrate other email
lists, though)
Capice?
--
Jan-Pieter Cornet
!! Disclamer: The addressee o
)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge i
t//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;
/,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk
3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
--
But unfortunately, you cannot change the "success" reply with milter :(
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f
On Tue, Sep 21, 2004 at 06:39:25PM -0500, Damian Menscher wrote:
> On Wed, 22 Sep 2004, Jan Pieter Cornet wrote:
> >On Mon, Sep 20, 2004 at 04:26:40PM -0700, [EMAIL PROTECTED]
> >wrote:
> >>It is perfectly acceptable to place an explanatory message in an SMTP
> >>
i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Fri, Dec 03, 2004 at 02:54:44PM -0800, Todd Lyons wrote:
> Jan Pieter Cornet wanted us to know:
> >What I find really odd is your complete lack of Worm.Sober-I. Our stats for
> >Thu Dec 2:
>
> Good point. I had totally missed that too.
>
> >Top-5:
> >
On Thu, Jan 13, 2005 at 10:30:52PM -0600, WES wrote:
> I have installed and tested ClamAV (.80-2) which starts up clamd and runs
> without a problem. Also I have installed clamav-milter (.80-2).
>
> I included in my sendmail.mc file the suggested:
> INPUT_MAIL_FILT
On Thu, Jan 27, 2005 at 08:10:36AM +, Brian Morrison wrote:
> The clamdoc.aux file was not found, so sections will not be numbered
> and cross-references will be shown as icons.
>
> Is there a correct command for generating the html docs or the
> clamdoc.aux file? I'm n
On Thu, Jan 27, 2005 at 10:49:57AM +, Brian Morrison wrote:
> > TeX generates the .aux file itself. Just rerun the command you gave.
>
> Done that, same result. I ran latex2html, do I need to run another
> command first?
Hm, I'm not very familiar with latex2html. Maybe
[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
/,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
27;',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
p;)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
z/Art/Bart-Google.gif
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;
m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html
.Lupii
Exploit.Linux.Lupii-2
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.e
On Fri, Jan 06, 2006 at 05:20:37PM -0500, Jenn wrote:
> So, to be sure I understand, clamav 0.9
> is what I would need if I wanted to turn off
> the detection of "Phishing" by ignoring the currently
> existing 500 (or so) "Phishing" signatures?
No, you can also
On Fri, Jan 06, 2006 at 12:37:02PM -0500, Chuck Swiger wrote:
> Anyway, amavisd-new lists a dozen or so examples:
>
> # Treat envelope sender address as unreliable and don't send sender
> # notification / bounces if name(s) of detected virus(es) match the list.
> # Note
ction 2.3.7: "SMTP client implementations MUST NOT
transmit ["bare" "CR" or "LF" characters] except when they are intended
as line terminators and then MUST, as indicated above, transmit them
only as a sequence."
So it looks like the fault is in your mime-enc
On Mon, Mar 06, 2006 at 02:23:51PM -0800, Alex Gottschalk wrote:
> Jan Pieter Cornet wrote:
> >On Mon, Mar 06, 2006 at 12:20:11PM -0800, Alex Gottschalk wrote:
> >>Replacing the CRLF with a bare LF in these headers causes Clamav to no
> >>longer quarantine these mail me
ntaining "XF.Sic.L" and remove
that, and point your virus scanner to the extracted files (which have
to be in another directory than the .cvd files).
Or provide a non-virus-scanned email address, or non-virus-scanned
outgoing mail server (usable with specific SMTP AUTH only), or something.
--
On Tue, May 23, 2006 at 12:49:50PM -0700, Kelson wrote:
> Jan Pieter Cornet wrote:
> >Maybe "tons" is slightly exaggerated? Out of approximately 10 million
> >emails today, our logs show one hit for XF.Sic.L, and then another hit
> >when that email was bounce
1 - 100 of 117 matches
Mail list logo
