Re: [Clamav-users] clamav and squid

On Tue, 2003-12-02 at 13:42, Benny Pedersen wrote: > > ONAY, Gabriel wrote: > > I have heard, that is possible to use clamav with squid. > > Is that right? We use clamav with DansGuardian Anti-Virus ( http://freshmeat.net/projects/dgvirus/?topic_id=907%2C43 ) which sits between squid and users and

Re: [Clamav-users] Bagle Virus/Worm Status?

On Mon, 2004-01-19 at 20:57, Tom Walsh wrote: > Anybody seen these yet? > > http://www.viruslist.com/eng/alert.html?id=783050 > > There has been some discussion on bugtraq about it's payload today. > > Just curious... > Yeah, we had about 30 today so far. It seems to be spreading quite rapidl

Re: [Clamav-users] Bagle Virus/Worm Status?

On Mon, 2004-01-19 at 21:31, Tim Wilde wrote: > On Mon, 19 Jan 2004, Kevin Spicer wrote: > > > Yeah, we had about 30 today so far. It seems to be spreading quite > > rapidly. Good news is its supposed to deactivate on the 28th. > > Only 30? I've seen over 500 on

Re: [Clamav-users] Bagle Virus/Worm Status?

On Tue, 2004-01-20 at 11:12, Fajar A. Nugraha wrote: > Kevin Spicer wrote: > > >I guess it depends on how much mail you handle! To put mine in > >perspective I'm talking a daily load of only about 7000 messages of > >which only about 3-4000 will be incoming. So pro

Re: [Clamav-users] Mailscanner, sendmail 8.12, split input queues

On Wed, 2004-01-21 at 22:19, Peter Bonivart wrote: > Leif Neland wrote: > > How does this fit in with sendmail 8.12 already having two queues, mqueue > > and mqueue-client? > > You really should have posted this on the MailScanner list since nothing > of this is Clam related. I'll second that,

Re: [Clamav-users] SCO.A virus

On Mon, 2004-01-26 at 23:19, Rick Macdougall wrote: > Hi, > > McAfee has picked it up and is calling it MyDOOM. > Symantec are calling it [EMAIL PROTECTED] BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This mess

Re: [Clamav-users] Worm.SCO.A

On Wed, 2004-01-28 at 16:01, Patricia Viana wrote: > Hi. > > My SMTP filter running ClamAV is blocking a huge amount of messages with the > Worm.SCO.A. > It seams to be the same virus as MyDoom or Novarg. > Can anyone confirm this?! > That is correct. Clam had a signature whilst t

[Clamav-users] [Fwd: Handling zip files]

(Posting this again as it seem not to have reached the list) I encountered some behavior that was not as I expected with some zip files and clamscan (I'm not saying it is a bug - it may be by design). One of our clients attempted to send us a zipfile or data which had been compressed down to arou

[Clamav-users] Handling zip files

I encountered some behavior that was not as I expected with some zip files and clamscan (I'm not saying it is a bug - it may be by design). One of our clients attempted to send us a zipfile or data which had been compressed down to around 1.5% of its original size. Not surprisingly this triggered

[Clamav-users] Sco.a again

This is another post about the problems that some people have been having with sco.a seemingly making it past clam due to doggy mime structure in bounce messages. I noticed that Symantec on our exchange servers (which are behind a mailscanner box running clam and sophos) is picking up a few Sco's

RE: [Clamav-users] clamav-milter compilation problems again

On Wed, 2004-02-04 at 23:29, Stevens, John wrote: > and sorry for this stupid disclaimer. > We also have a stupid disclaimer, but one question about yours - can you have "omissions that are present"? I did think about making it a very small font, or white text on a white background - but then yo

RE: [Clamav-users] libunrar.so support?

On Thu, 2004-02-12 at 17:02, Randal, Phil wrote: > And the license.txt reads: IANAL but I believe points 2, 3, and maybe 6 would make this license GPL incompatible. >2. The unRAR sources may be used in any software to handle RAR > archives without limitations free of charge, but cann

OT: Re: [Clamav-users] calling rbellora@tecnoaccion.com.ar

On Fri, 2004-02-13 at 22:19, Craig Daters wrote: > >Maybe it's cool for you but surely not for a sender who receives that > >auto spam. > > How is it spam? The sender is simply receiving an email asking for > them to confirm that they sent the message? All they do is reply to > it. It is no diff

Re: OT: Re: [Clamav-users] calling rbellora@tecnoaccion.com.ar

On Fri, 2004-02-13 at 23:17, Antony Stone wrote: > What's a "joe-job"? > As with all jargon see ESR's excellent jargon lexicon! http://catb.org/~esr/jargon/html/J/joe-job.html BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _

Re: [Clamav-users] unrar

ace, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # [EMAIL PROTECTED] # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # Un

Re: [Clamav-users] How to handle quarantined SPAM

On Wed, 2004-02-18 at 00:19, Luc de Louw wrote: > Hi all, > > Does someone know a software, that allows users to browse and handle > quarantined Mails? > > Preferably a Web-interface... > You don't say what you are using to quarantine, but if using MailScanner then I think Mailwatch for MailSc

Re: [Clamav-users] some little questions

On Wed, 2004-03-03 at 02:28, Rembrandt wrote: > I know guys wich are working as administrators at a newspaper. > They make backups.. yes.. > But they make it only for 1 week (couse there's too much data). > So they're able to restore all files wich changed since date X. > But what's about a virii

RE: [Clamav-users] Problem with *.zip atachments!

On Wed, 2004-03-03 at 20:57, Grzesiek Staleńczyk wrote: > > MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which > > can block password-protected .zip files. > RP> MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which > RP> can block password-protected .zip

Re: [Clamav-users] some little questions

On Wed, 2004-03-03 at 23:05, Rembrandt wrote: > I think zzip-lib could be replaced with the info-zip > http://www.info-zip.org/ is under BSD-like license! :) > And info-zip is in use on nBSD. > > Are there other parts of clamAV witch are GPLed? > > And Michael I dislike the GPL couse it dosn't se

Re: [Clamav-users] pipechk: [kegger:clamav-virus-list] (fwd)

On Mon, 2004-03-15 at 20:20, [EMAIL PROTECTED] wrote: > > Has the Ladmar.A virus been merged as a different virus? The count went > down by 1 and Ladmar was removed. Any ideas? > It was temporarily removed due to a false positive. You can keep track of additions and removals by subscribing to

[Clamav-users] FAO. List admins -- clamav-announce

Would it be possible for posts to clamav-announce to be cross-posted here please. I imagine I'm not the only one here that didn't know about 0.68. Cross posting to the users list seems to be fairly common among other projects (it makes sense that anyone on the users list is going to want to know

Re: [Clamav-users] RE: Nbr of signatures

On Tue, 2004-03-16 at 17:53, Alex S Moore wrote: > Has the number of virus signatures increased significantly lately? I > thought there were around 21,000 but now I have this msg in clamd.log. > > Tue Mar 16 11:45:22 2004 -> Protecting against 40969 viruses. > Maybe you have both old and new sty

Re: [Clamav-users] clamav on early Linux 2.0 release

On Sun, 2004-03-28 at 15:45, Fred Flintstone wrote: > Any other quick 'n' dirty suggestions for this one? :) > Have you tried just building a statically linked binary on a more recent distro and seeing if it works on yours? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000

Re: [Clamav-users] RAR module failure

On Mon, 2004-04-12 at 23:01, Niek wrote: > Hi list, > > Using devel of 20040412, and got this RAR module failure on a rar. > unfortunately qmail-scanner deleted it, so can't reproduce it. > > Isn't it possible to make clamav call the freeware unrar executable ? clamscan --unrar=/path/to/unrar

Re: [Clamav-users] What is this Exploit.JUnksurf.A ? (Off topic)

On Thu, 2004-05-13 at 20:53, Damian Menscher wrote: > You are obviously correct in the case of an intrusion. But I don't know > many 1337 h4x0rs that would mess with: > //usr/share/doc/libxml2-devel-2.5.4/example.html: Exploit.Junksurf.A FOUND > which is why i recommended updating clamav before re

RE: [Clamav-users] Re: Virus Alias Database

On Tue, 2004-05-11 at 00:58, Mitch (WebCob) wrote: > I'm sure there are many (including myself) that could be convinced to host > mirrors once the concept stabilizes... > > Or alternatively, you could allow download of the db and functions so people > wouldn't have to keep hitting your server...

Re: [Clamav-users] Virus Alias Database

On Mon, 2004-05-10 at 18:24, jef moskot wrote: > So, if I type in "Netsky", I don't see any ties to SomeFool. If I put in > "SomeFool", I don't see any immediate reference to Netsky, but if I poke > around a little, it becomes apparent that we're talking about the same > thing. But if you put in W

Re: [Clamav-users] Re: Virus Alias Database

On Mon, 2004-05-10 at 11:38, Russ Phillips wrote: > I had a look, and I have a couple of thoughts/comments. > > 1. Will it handle heavy loads? It may start to get a lot of hits once > people start to find out about it Its running PHP & MySQL on apache2, unfortunately this is my home box (that sa

Re: [Clamav-users] Recommendation RedHat replacement

On Mon, 2004-05-10 at 19:57, Bora wrote: > Sorry, this may not be appropriate to post here, but I know many of you are > using RH and are figuring new options as they are no longer offering free > download for RH 7, 8 and 9. When starting a new topic please would you create a fresh message rather

[Clamav-users] Virus Alias Database

I've put a little more work into my virus alias database (at http://www.kevinspicer.co.uk) and it is now indexing virus definitions from Sophos, F-Prot, Norman and Vexira as well as those from F-Secure and Symantec that were indexed previously. This has nearly doubled the number of virus names and

[Clamav-users] Flase positive

I submitted a false positive of Joke.BinLaden last week (through the web interface), but I haven't heard anything of it, and its not shown up in the virusdb list. Should I resubmit? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 __

[Clamav-users] Virus Alias Database

I've put up a proof-of-concept (read 'ugly') virus alias database at http://www.kevinspicer.co.uk Its currently rather limited in that it only fully indexes Clam, Fsecure and Symantec (although some aliases for other vendors are picked up). If people feel it is worth pursuing then I'll try and fi

Re: [Clamav-users] Problem

On Thu, 2004-04-29 at 21:42, Bernard Elbourn wrote: > From a 1 year old installation [snip] > Is it time to upgrade? Oh yes. It was probably time to upgrade some months ago! Virus scanning (and virus production) is an arms race, really well advised to keep pace. BMRB International http://

Re: [Clamav-users] Problem

On Fri, 2004-04-30 at 08:05, Bernard Elbourn wrote: > Unfortunately this installation is remote to me so not so easy to just > update. Shame I did not get any warning! > > How can I find out when I should update so I can plan ahead? > Subscribe to clamav-announce list. Generally speaking its a

Re: [Clamav-users] Virus found in virgin RHES 3 installation?

On Fri, 2004-05-07 at 18:36, Ken Morley wrote: > I was surprised when clamdscan reported: > > //proc/kcore: Trojan.MiniCommander.dr FOUND > > What's the possibility that the server is really infected? It got to be somewhat unlikely that a running linux kernel would get infected with a Windows

Re: [Clamav-users] Easiest/best sendmail integration

On Fri, 2004-05-07 at 18:27, Mike Lambert wrote: > Again, the advantage is sending 5xx instead of 2xx. IMO, giving the > connecting mta a status code appropriate to the message disposition is > better than simply accepting _all_ messages only to drop some later (I > do not consider generating a sep

Re: [Clamav-users] One seems to have sneaked by W32.BEAGLE.X

On Sun, 2004-05-16 at 02:26, Steven P. Donegan wrote: > This was a first for me - ClamAV has been - well about as perfect as any > software could be - today one sneaked by that Norton/Symantec caught. > I've only seen it twice recently.. One was a damaged Netsky/SomeFool that only Symantecs signa

[Clamav-users] New Address for Virus Alias Database

For those that found my virus alias database useful I have now moved it to http://www.rainingfrogs.co.uk to get0 rid of the annoying UK2 popup add and banner. This also means that it will now accept direct links to URL's of specific entries, for those that requested that facility. Kevin signatu

Re: [Clamav-users] name that worm: agobot,gaobot,polybot

On Wed, 2004-05-19 at 12:54, Betsy Schwartz wrote: > Some PC's on our network have been flagged as having > "agobot,gaobot,polybot" (or a sasser variant), by the perimiter security > system. I have looked at Kevin's excellent database at > http://www.rainingfrogs.co.uk and don't see any matches

Re: [Clamav-users] Question regarding virus detection

On Thu, 2004-05-20 at 19:21, Peter Bonivart wrote: > Jim Maul wrote: > > There is something that is causing clamav to not be able to detect this > > virus after the message has been bounced and now forwarded. > > Damaged bounces are not dangerous. Why bother making signatures for them > when you

Re: [Clamav-users] blocking attachments

On Tue, 2004-05-25 at 17:12, Ken Jones wrote: > Is it possible to configure clamav to block certain > types of attachements even if they do not have a virus? > Take a look at MailScanner http://www.mailscanner.info it offers a number of ways to apply all sorts of policy to email. signature.asc

Re: [Clamav-users] blocking attachments

On Tue, 2004-05-25 at 17:12, Ken Jones wrote: > Is it possible to configure clamav to block certain > types of attachements even if they do not have a virus? > Take a look at MailScanner http://www.mailscanner.info it offers a number of ways to apply all sorts of policy to email. BMRB Interna

Re: [Clamav-users] blocking attachments

On Tue, 2004-05-25 at 17:12, Ken Jones wrote: > Is it possible to configure clamav to block certain > types of attachements even if they do not have a virus? > Take a look at MailScanner http://www.mailscanner.info it offers a number of ways to apply all sorts of policy to email. signature.asc

Re: [Clamav-users] Version 0.71 - clamdscan error

On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: > Just noticed that scanning files with clamdscan does not scan > filesthat are not world readable. Perhaps it would be better if clamd could implement some kind of privilege separation, so that a minimal process running as root reads the files,

Re: [Clamav-users] CommuniGate Pro and ClamAV

On Fri, 2004-05-28 at 16:29, Brandon wrote: > Good Morning! > > Has anyone on this list had any luck running clamav with CommuniGate Pro? > Our mail volume is approximately 40,000 messages per hour across two front > end servers. Does anyone have any statistics they would like to share > about C

Re: [Clamav-users] Re: Freshclam not responding

On Tue, 2004-06-01 at 22:09, Fajar A. Nugraha wrote: > Gervase wrote: > > >ERROR: Can't get information about database.clamav.net host. > > > > > Seems like DNS problem. Configure your DNS server properly, > or use proxy (edit freshclam.conf) Make sure your firewall allows DNS over both UDP _an

Re: [Clamav-users] Re: Freshclam not responding {Scanned}

On Fri, 2004-06-04 at 07:15, Gervase wrote: > On Thu, 2004-06-03 at 15:22, Jo Mills wrote: > > > Don't give up! > > Many thanks for joining in. Unfortunately I was impatient and > reinstalled. But, alas, the problem did not go away. > > Have you tried something along the lines of: > > host go

RE: [Clamav-users] Ethics Question

On Wed, 2004-06-09 at 20:10, Samuel Benzaquen wrote: > I think the only way I could think is reporting the IP to some DNSBLs. > That way you can stop receiving their mails and you leave the cleansing > problem to their ISP. Or simply block the IP with sendmails acces database (or the equivalent f

Re: [Clamav-users] Sober.H

On Sat, 2004-06-12 at 22:12, Philipp Grosswiler wrote: > Now I read a news article on heise.de, that F-Secure calls those e-mails > under the name of Sober.H. I would like that ClamAV could also add those > signatures to the database, as there seem to be a lot of victims out there > being infected

Re: [Clamav-users] error in cronjob

On Wed, 2004-06-16 at 22:26, List wrote: > Hi, > > I notice some errors in my cron.daily. I am running RedHat 9 and Clam 7.2. > Errors listed below :- > > /etc/cron.daily/clamscan: > > /etc/cron.daily/clamscan: line 1: clamscan: command not found > /etc/cron.daily/clamscan: line 1: sigtool: comm

Re: [Clamav-users] Lib GNU MP on Solaris

On Mon, 2004-06-21 at 19:41, Thomas Jackson wrote: > According to the FAQ and the configure script I need to install GNU MP > on my Solaris 8 system so that clam will support digital signatures. > > I've installed GMP 2.0.2, 3.1, and 4.1.3 on test systems and none will > satisfy the configure sc

Re: [Clamav-users] Bad Virus Signature?

On Mon, 2004-06-21 at 16:05, Benjamin Sherman wrote: > I was wondering if false positives ever make it into the virus DB updates? They do > Since the update on Jun18, all of my windows 2000 workstations with > Service Pack 4 are showing what I beleive to be false positives for > Worm.Lovgate.W-

Re: [Clamav-users] Gettin a return code from clamdscan in a script

On Thu, 2004-07-22 at 22:01, Kevin W. Gagel wrote: > I'm confused because the docs say it will return a "1" which it does if I run > them from the command line, just not in a script. Perhaps you could post your script? Are you using the same shell in your script as you use at the command line, som

Re: [Clamav-users] Scanning files being uploaded via a form

On Mon, 2004-07-26 at 11:46, Suril Patel wrote: > I have currently got no AV installed and want to know if installing > ClamAV will let me call the virus scanner from a PHP script during > the upload process and reject/accept the attachment based on the > results. Yes, easily. I've done the exact

Re: [Clamav-users] My.Doom.o

On Tue, 2004-07-27 at 16:26, Scott Ryan wrote: > I have not submitted any virii (correct word?) viruses BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the

Re: [Clamav-users] My.Doom.o

On Wed, 2004-07-28 at 06:51, Michael Brennen wrote: > On Tue, 27 Jul 2004, Matt wrote: > > > > On Tue, 2004-07-27 at 13:28, Kevin Spicer wrote: > > > > On Tue, 2004-07-27 at 16:26, Scott Ryan wrote: > > > > > I have not submitted any virii (correct wor

Re: [Clamav-users] Sigtool Build Time

On Wed, 2004-07-28 at 17:51, Denis De Messemacker wrote: > It means the signature was done at 3:12 pm (15:12) , in a GMT+2 zone. > So 1:12pm GMT. > > Assuming Central Standard Time USA is GMT-5 in summer, it makes 8:12 am. > Perhaps there would be some sense in timestamping the signature databas

Re: [Clamav-users] [OT] Re: KDE/MS patent and prior art (Was: Idea for more timely virusdb updates)

On Sun, 2004-08-15 at 21:02, Martin Konold wrote: > > IANAL... but wouldn't that count as 'prior art' ? > > No, basically MS patented the obvious addition not mentioned in the publically > posted email. Then can't it be appealed as patents are supposed to be for non-obvious inventions? Maybe th

Re: [Clamav-users] Freshclam errors

On Tue, 2004-08-17 at 17:04, Randall Perry wrote: > >> ClamAV update process started at Mon Aug 16 23:22:04 2004 > >> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES > > Ok, installed the gmp package and reinstalled clamav. > I'm still getting the error above stating no support for signatures -

Re: [Clamav-users] Freshclam errors

On Tue, 2004-08-17 at 18:43, Randall Perry wrote: > on 8/17/04 12:32 PM, Kevin Spicer at [EMAIL PROTECTED] wrote: > > Depending on your OS and how you installed clam you may need to install > > the gmp-devel package and configure; make; make install clam again. > > > I ca

Re: [Clamav-users] clam newbie

On Wed, 2004-08-18 at 07:48, Tomasz Papszun wrote: > Please, make sure you do NOT send notifications to senders (they are > almost always spoofed nowadays), maybe except pertaining MS Office > macros and test signatures (EICAR and ClamAV-Test-Signature). I completely agree with that, but... > Als

Re: [Clamav-users] Cannot Compile

On Sat, 2004-09-04 at 23:05, Felipe Tonioli wrote: > normaly i edit the Mafkefile to delete this option and work.. but with > Mail::ClamAV looks like he rebuild the make file befora compile evrytime .. > so, he add the option again. > > > does any one have the solution ? Maybe its your gcc versi

Re: [Clamav-users] Mail antivirus help

On Fri, 2004-09-10 at 14:33, Stelian wrote: > We curently have about 6 POP3 acounts stored on our ISP server. The > viral trafic (incoming, of course) on them is very high, up to the > point where we cannot longer use them. > My task is to provide some kind of filtering server, to keep the viri > o

[Clamav-users] JPEG vulnerability

I guess everyones heard about the jpeg vulnerability in certain Microsoft products? CERT have put out an advisory, and it is being ranked as critical. Now I know that strictly speaking this isn't a virus, its a vulnerability - but there have been, in the past, signatures added for some exploits

Re: [Clamav-users] JPEG vulnerability

On Thu, 2004-09-16 at 22:24, Kevin Spicer wrote: > It looks like there are two possible four byte sequences that can > trigger the exploit. I guess this is probably too small to avoid an > unacceptable level of false positives(?) Presumably this could be > combined with the 'm

Re: [Clamav-users] JPEG vulnerability

On Fri, 2004-09-17 at 03:02, Tomasz Kojm wrote: > > Okay, well I've found an easier to understand source... > > http://www.funducode.com/freec/Fileformats/format3/format3b.htm > > and it seems that the particular exploit byte sequence would be unique > > within jpeg files. I've also tracked down d

Re: [Clamav-users] JPEG vulnerability

On Fri, 2004-09-17 at 16:21, Daniel Lord wrote: > Those signatures don't catch the poc xploit found at > http://www.gulftech.org/?node=downloads. But maybe it's better to > leave this alone till there are real worms etc. to produce good > signatures. At the moment clamav sigs don't seem good enough

Re: [Clamav-users] JPEG vulnerability

On Sat, 2004-09-18 at 06:25, Matt wrote: > One last question, do the fffe 000(0|1) bytes > always have to follow each other for this exploit, or is this just a pure > example of the possibility of this exploit? they have to follow each other fffe denotes the start of a jpeg comment field and the f

[Clamav-users] 0.80rc and the new .ndb sig file format

I'm just playing about with this and I can't seem to get it to work quite the way I expect. I've created two signatures, to match the jpeg exploit we discussed recently. My idea is that although the signature is very small it minimises false positives by being restricted to graphics files and the

Re: [Clamav-users] 0.80rc and the new .ndb sig file format

On Tue, 2004-09-21 at 02:21, Tomasz Kojm wrote: > It seems there's a small type in filetypes.c. Try changing > > {0, "\377\330\377", 4, "JPEG", CL_TYPE_GRAPHICS}, > > to > > {0, "\377\330\377", 3, "JPEG", CL_TYPE_GRAPHICS} That did the trick, thanks very much Tomasz.

Re: [Clamav-users] stats

On Wed, 2004-09-22 at 15:17, Nikhil Parva wrote: > hi, > > try using mailscanner-mrtg. It is available in the form of RPM and the > webpage can be displayed using apache. So long as you're using MailScanner of course! If you are using MailScanner you might also like to look at vispan (the two pr

Re: AW: [Clamav-users] Re: Re: Re: Windows port ?

On Wed, 2004-09-22 at 14:25, [EMAIL PROTECTED] wrote: > The database is not a script. It is a binary compilation. It's not a script, true, but it also is not a binary compilation. If you look inside any of the database files unpacked by sigtool (sigtool --unpack) you'll note that they are actua

Re: [Clamav-users] ERROR: JPEG.Comment

On Wed, 2004-09-29 at 05:34, Brandon Knitter wrote: > I have a few images that seem to be flagged as virii, when they are not. I'm > taking an image that is considered fine (no virus), then when I process it > through convert (ImageMagick) it thinks it's has the virus. I have over 4000 > images

[Clamav-users] A suggestion....

The following message seems to be the cause of one of the most frequently asked questions around here... "SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES" May I suggest that as this is in the FAQ that any point where this message is displayed (freshclam, configure?) it also displays the text.

Re: [Clamav-users] FOO.EXE

> sigtool -c "clamscan --stdout" -f message.zip -s "message" Someone correct me if I'm wrong but I'm pretty sure you can't use sigtool to extract the virus signature from a zip (no matter what scanner you use). The zip itself is not infected, you need to unzip the file and extract the signature f

Re: [Clamav-users] Clamscan: how to tell which message number in anmbox?

On Wed, 2003-08-20 at 17:12, Martin-Éric Racine wrote: > Greetings, > > I installed clamav to scan mails from work (I telework and the stupid company > doesn't scan emails for possible viruses) and doing a quick run of clamscan > indeed found one virus. The problem is we're dealing with a mailfil

Re: [Clamav-users] Proxy and Scanning?

On Wed, 2003-08-27 at 00:20, Mark wrote: > Is it possible to scan the traffic (via plug in or so) with SQUID or an > SOCKS-Proxy (like Dante)? > If not: Feature Request -> TrafficScan via PlugIN, own mod or Daemon :) > Dansguardian (http://www.dansguardian.org) is a content filter for squid which

Re: [Clamav-users] Segfault and "directory recursion limit exceeded"

On Wed, 2003-09-10 at 11:52, Petr Kulhavy wrote: > Hello. > > I'm running clamav 2003-08-29 together with amavis and spamassassin on > OpenBSD 3.4 server. Clamd sometimes crashes on signal 11. After crash > stack (in core) is full of zeroes - that means end of debugging and 12M of > trash (core).

Re: [Clamav-users] Email results

On Thu, 2003-09-18 at 22:09, Darryl W. DeLao Jr wrote: > Anyone know of a way to make clamscan email you when its done scanning with > the results included? > clamscan ${YOUR_OPTIONS} --stdout | mail -s "Clamscan results" [EMAIL PROTECTED] ...Or (to ignore okay files).. clamscan ${YOUR_OPTIONS}

Re: [Clamav-users] Email results

On Thu, 2003-09-18 at 23:30, Antony Stone wrote: > On Thursday 18 September 2003 10:58 pm, Kevin Spicer wrote: > > clamscan ${YOUR_OPTIONS} --stdout | grep -v OK | mail -s "Clamscan > > results" [EMAIL PROTECTED] > > Achieve the same thing by including -i or --inf

Re: [Clamav-users] Email results

On Fri, 2003-09-19 at 23:59, Antony Stone wrote: > Try clamscan --help > I already did (after your previous post) and it is there, I just think it should be added to the man page as well, that is what man pages are for after all. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _

Re: [Clamav-users] clamav CVS version

On Mon, 2003-10-13 at 05:57, Odhiambo Washington wrote: > > I am behind a firewall, but this has not been an issue for > > non-Sourceforge CVS servers such as the BSD-Airtools project, etc. Check the status page of sf.net, theres been problems with pserver based cvs access for a while. SF exp

RE: [Clamav-users] clam-update log file...

On Thu, 2003-10-16 at 12:09, Informacion wrote: > Hi, > > Check the: /etc/cron.hourly/msec and /etc/cron.daily/msec ... > > This is the problem, the script msec, chown all files in /var/log to root > user. Rather than turning those scripts off you can easily customise how they behave... You nee

Re: [Clamav-users] Adding a Spam DB to ClamAV ?

On Thu, 2003-10-16 at 21:32, Stefan Schoeman wrote: > I was wondering what it would take to add another database to ClamAV > (something like spam.db) that could also be used in scanning for spam. I > would think that this should be fairly easy to implement into clamscan and > freshclam and anyone

Re: [Clamav-users] Adding a Spam DB to ClamAV ?

On Thu, 2003-10-16 at 22:54, Antony Stone wrote: > Oh? Do these deal with image attachments as well? I thought they only > looked at text of spams... I could easily be wrong :) > You could easily be right too. To be honest I didn't pick up that the original poster was referring to attach

RE: [Clamav-users] postfix + clamav + clamdmail

On Sat, 2003-10-25 at 00:08, Noel Jones wrote: > At 05:46 PM 10/24/03, Walgamotte, David wrote: > > >I didn't have luck with amavisd-net mailscanner is the way to go ... > > Don't use MailScanner with postfix. MailScanner manipulates the postfix > queue in an unsupported manner and will cause l

[Clamav-users] Re: dealing with zips with corrupted headers

I'm cross-posting this message from the MailScanner mailing list because I think folks here might be interested in it. If anyone needs a copy of that zip please let me know. Kevin On Wed, 2003-11-05 at 02:04, Chris Yuzik wrote: > Hi everyone, > > No sooner do we (well...Julian) come out a worka

[Clamav-users] Zoo archives

Could someone confirm whether the correct argument for handling zoo archives is --zoo or --unzoo, clamdoc.pdf and man clamscan don't agree on this. --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand

Re: [Clamav-users] RE: MiMail.C virus. {Virus Engine Scanned}

On Wed, 2003-11-12 at 06:30, Odhiambo Washington wrote: > To other clamav users, I did ask about "File size limit exceeded." but did not > rcv any comments. Is this value dependant on ArchiveMaxFileSize? As you're a MailScanner user you might like to know that the latest beta of MailScanner now ig

Re: [Clamav-users] clamav vs amavis (was: Where is the quanantine folder?)

On Sun, 2005-07-17 at 22:11 -0400, Jim Popovitch wrote: > One follow-up question: I currently use clamav-milter to integrate > clamav w/ sendmail. Would I be better served by using amavisd-new, or > does clamav-milter cover the ground good? It sounds to me, based on > your comments above, that a

Re: [Clamav-users] AV relay + MX backup question

On Sun, 2005-08-28 at 14:31 -0700, Roger E. Rustad, Jr. wrote: > I have a ASSP antivirus relay setup > (assp.sourceforge.net) > that's currently filtering spam and viruses for one domain. I'd like for it > to do the same for other domains, but would like to make sure

Re: [Clamav-users] HELP ME.

On Mon, 2005-08-29 at 17:24 +0500, Shahzad Abid wrote: > I know what error mesg says but this is FACT that when i emply specified > quortine folder clamd starts with following command i.e. service clamd > start. > This occurs once in a week. > > Is there any permanent solution for this?