I had nothing but headaches with uvscan... We run 4 virus scanners and 4
other tests to a one-stop-server (all services)... Our load is pretty good,
usually below 1.00. We process approximately 20,000 messages a day.
I found that running clamscan rather then the deamon was a better option.
Have you considered auto-converting the .bmp to a .jpg, and remiming the
message? Also, stripping the image and putting it into a temporary web
link(expires and deletes say after 12 hours)?
Both might be options to use on your users I have many similar things
I've had to do to keep secur
Laura Penhallow writes:
I apologize in advance if this is something easy, but I am at my wits end. We have a customer that needs to receive rather large zip files from a client of theirs.
Trouble is -- clam keeps classifying the attachment as an OverSized.Zip virus and rejects it.
The zip fi
Fajar A. Nugraha writes:
Okay, now suppose that clamd works in a "complicated" way, so that
"The effect is that you don't *always* get back what you free() when you
free()",
Do you have any suggestion as to how to get back the free()d memory?
Will (borrowing Apache's way) using a prefork-kind
Hello,
I realize this is probably a redicules question, but what is the feasibility
or praticality of catching viruses through a packet scanner (firewall or
IDS) solely at the packet level?
For example (poor one but does illustrate the concept):
tcpdump -n -l -X | clamscan -
I can think o
Hello,
Look at http://clamav.net/3rdparty.html#other
What you describe is similar to Endian Firewall, Snort-ClamAV, Snort-inline and
perhaps RedWall Firewall.
I have looked at them and their source code before. These do not answer the
questions of feasibility and practicality of a packet l
Hello,
Rajkumar S writes:
Rob MacGregor wrote:
1) You'd need to decode the packet contents on the fly
2) Anything running over 1 packet would never be spotted
Just wondering how far a signature can go? Does the scanner needs to go
back and forth in a file for scanning or can it scan a st
Hello,
Rajkumar S writes:
Mar Matthias Darin wrote:
I have done some research on this already... If you store the file in a
disk buffer (say max 100K at a shot using tmpfs for speed), then scan the
buffer, it does indeed work.
How short can this buffer go? Does this file needs to be
Hello,
Matt Fretwell writes:
Good job I was just testing this rbl with a warn status on the
mailserver :)
I 've found using a warn for RBLs to be the best approach. As to the
unofficial sigs I'm hold off until more testings is done. I have to
question the integrity of using them in
