Re: [Clamav-users] sober.p and german adverts?

Jef Poskanzer wrote: > I really miss the days of destructive viruses. We just don't > >really see 'em like we used to. Remember Michaelangelo? What was his > >birthday again? > > Actually, I think a little stealth would be better. Something like > silently intercepting and dropping any attemp

Re: [Clamav-users] sober.p and german adverts?

Damian Menscher wrote: > > And did you not find the clamd log permissions debugging segment in > > another thread educational? I did. > > I found Stephen Gran's comment interesting, in that he beat me to > finding the bug (I'd wasted time looking in clamav-milter.c first). > The rest of the pos

Re: [Clamav-users] Re: virus passing through clamav-milter, but not through clamdscan!

Jef Poskanzer wrote: > >Also, Debug in the conf file helps quite a bit, and was actually what I > >was referring to. > > Ok, I uncommented that option and stopped/started clamav-milter. > I don't see any new syslog messages, or anything on stdout. Where > should I be looking? Do I also have to

Re: [Clamav-users] Force email scanning

Doug Hardie wrote: > I am using sendmail with clamav-milter to scan email. Normally > clamav-milter does not scan messages from the LAN or the machine > unless you direct it to do so via the flags. I would like to be able > to put something into a message such that it would be scanned even

Re: [Clamav-users] Force email scanning

Wilhelm du Plessis wrote: > >>this happen by using -o but then all the locally generated mail is > >>scanned which is not really necessary. > pardon my jumping on here... > but just how does one enable it globally to scan local mail aswell ? The answer is above :) Matt

Re: [Clamav-users] problem after upgarding from 0.84 to 0.85

ankush grover wrote: > Starting clamav-milter: ERROR: Please edit the example config file > ERROR: Please edit the example config file /etc/freshclam.conf. Edit those two ( > > ** example ** < < ) files, as the error messages say. Once you do that, you will see why they are called example file

Re: [Clamav-users] 'ERROR: Parse error at line 1: Unknown option _ELF


.'

David Suen wrote: > I double check with my clamd setting I realized that it is triggered by > clamd "SelfCheck 600" setting. > > It is not always happened but sometimes. > > Any idea? :( Your question has already been answered. Set your configs correctly. Matt __

Re: [Clamav-users] clamav-milter logfile permission error

Todd Lyons wrote: > clamav-milter: (-q && !LogSyslog): warning - all interception message > methods are off > /var/log/clamav/clamav.log: Permission denied > > Well, duh. The clamd daemon has that file open, so clamav-milter can't > open it. Can someone tell me how to tell the milter not

Re: [Clamav-users] clamav-milter logfile permission error

Todd Lyons wrote: > Thank you for the sarcas^W kind words. Can you hazard a guess as to why > that works on the Gentoo box using the same config settings? That was just dry, not sarcastic :) Version difference, possibly? Matt ___ http://lurker.clama

Re: [Clamav-users] ACME Labs mail filtering tutorial

Jef Poskanzer wrote: > I've been working on this for a few months, and just published it today: > > http://www.acme.com/mail_filtering/ > > ClamAV gets a prominent mention. Love the conclusions page :) Matt ___ http://lurker.clamav.net/list/cl

Re: [Clamav-users] ACME Labs mail filtering tutorial

Dennis Peterson wrote: > >> ClamAV gets a prominent mention. > > Love the conclusions page :) > You frequently remind me of me. Is that a compliment, or should I be worried :) > You don't happen to ride a harley, do you? Afraid not. Wife wouldn't let me have a motorbike. Thinks I am a wal

Re: [Clamav-users] Re: Clamav upgrade

Souza Simbota wrote: > >>checking for mi_stop in -lmilter... no > >>checking for library containing strlcpy... no > >>checking for mi_stop in -lmilter... no > >>configure: error: Cannot find libmilter > > >Install sendmail-devel > > Am running postfix as a mail server. So should I still install

Re: [Clamav-users] clamd lockup ?

Jason Frisvold wrote: > Hi all, > > The clamd process on one of my mail servers appears to have locked up > earlier today. I was unable to restart or kill the process. In fact, > I had to do a hard reset to fix the problem. > > So, Im wondering what steps I can take next time to a) determine w

Re: [Clamav-users] clamd lockup ?

Samuel Benzaquen wrote: > > If a 'kill -9' will not kill the process, I would say your problem > > lies elsewhere than with Clam. That would be more indicative of a > > hardware or OS problem. > If the process is trying some I/O to some not-available, hard-mounted > NFS filesystem, then the pr

Re: [Clamav-users] Configuring clamd.conf

Lee Zelyck wrote: > Does this mean that if I don't 'uncomment' anything > below this point, I will have the default scan options > enabled? > Or do I have to enable each of the options below this > point to augment the Default Scan Options? > > In short: Does the apparent double-negative...:

Re: [Clamav-users] Re: Memory limit per process hit

G.W. Haywood wrote: > > We added a sort of tarpitting solution to our sendmail... > > clamav-milter seems to be suffering. What happens is that the > > maximum number of childs are reached in a 2-4 hour period > > People with far more experience than I tell me that this isn't the > way. And th

Re: [Clamav-users] Configuring clamd.conf

Lee Zelyck wrote: > # Default: enabled > #ScanOLE2 ^^^ As you can see, the comments mention what the default is :) > Do I need to Uncomment '#DisableDefaultScanOptions' > and '#ScanOLE2' to get it to scan for OLE2's, or by > doing nothing, Clam will Scan for OLE2's by default. If you wa

Re: [Clamav-users] Output Errors From Clam-0.85.1 Startup

Lee Zelyck wrote: > Well, I think I have the install working, but I have a > small lingering concern: > > # /etc/init.d/clamav start > Starting Antivirus database update daemon. > Starting Antivirus daemon. > Starting E-mail scanner. > /usr/local/sbin/clamav-milter: (-q && !LogSyslog): > warning

Re: [Clamav-users] Reporting Phishing Mails?

Jan Pieter Cornet wrote: > > Looking forward to 0.90, when these debates can finally end. > > They can end NOW, for two reasons: first because subject has been > beaten to death and then some more already, and second because there's > a documented solution NOW, too. Well, you have just made sur

Re: [Clamav-users] /dev/console and LogSyslog

imacat wrote: > Thank you for your answer. I have made some test of redirecting the > Syslog channel you specified, but the problem still exists. The > "LibClamAV Warning:..." messages are still there at the console. You did restart syslogd after the changes? Matt ___

Re: [Clamav-users] should Broken.Executable files be submitted?

jef moskot wrote: > If I use the --detect-broken option, they're picked up as > Broken.Executable. > > Since --detect-broken is not the default behavior for clamscan, should > these still be submitted at clamav.net or is --detect-broken reasonable > enough that I should just turn it on? Broken

Re: [Clamav-users] Re: undetected malwares

Michel Arboi wrote: > > You're distributing malware, so you're bad. > > Clamav does not even catch half of the worms that are currently in the > wild. Most of them are dangerous IRC bots. > I was about to ask how I can help the project. I will not. I think > that you don't need "bad" people. C

Re: [Clamav-users] Arrogance toward well-meaning participants

Timo Schoeler wrote: > > What can certainly be observed on this mailing list is a tendency to > > attack and reproach the developers. > > IMHO this is misunderstood then. most of the cases some people ask why > this or that is managed in this or that way and some people have (and > tell) an idea

Re: [Clamav-users] Re: undetected malwares

Bart Silverstrim wrote: > > The devel's time is not infinite. I am sure most of them do have > > other jobs and things to do also. Do stop trolling and just ask them > > how to submit the virii :) ( No use being of a subtle disposition on > > this list :) > I also would disagree that he was t

Re: [Clamav-users] Arrogance toward well-meaning participants (was: undetected malwares)

Bart Silverstrim wrote: > If he already did and hadn't gotten feedback, maybe there could be some > people who would coordinate some form of feedback system on whether a > sample is in the works or in the queue or something like that or an > automated sig-maker system could be worked on as a proje

Re: [Clamav-users] Re: undetected malwares

Bart Silverstrim wrote: > My wife and I just had a newborn baby boy. The first and foremost > thing to learn...tolerance. He cries because it's the only way he can > communicate, it's frustrating because we have to interpret what he > means. But he's a baby and that's what they do! It's the

Re: [Clamav-users] Re: undetected malwares

Bart Silverstrim wrote: > Don't take out frustrations towards persistent idiots on this guy that > made, as you put it, an honest mistake. It makes the entire list and > the developers look rather poor. Just had to say, before I abide to Luca's request and shut up, my first response was actuall

Re: [Clamav-users] ERROR: Clamuko: Can't register with Dazuko

Scott Woodford wrote: > Either way, when I run a scan using "clamscan" or "clamdscan", or > Clamuko simply finds a virus, I get no message that a virus was found, > except in the log. All I get was something like "error accessing file". > I want both myself (root) and users to get a message sayi

Re: [Clamav-users] ERROR: Clamuko: Can't register with Dazuko

Timothy Omer wrote: VirusEvent echo "Virus found: %v" Then: vi /usr/src/sys/boot/forth/loader.conf or man rc.conf Those show you options for loading modules at boot time. rc.conf for modules, not rc.local. Matt ___ http://lurker.clamav.net/li

Re: [Clamav-users] ERROR: Clamuko: Can't register with Dazuko

Scott Woodford wrote: > My system doesn't have the loader.conf or the rc.conf files. I searched > for them and did not find anything. I don't even have a > "/usr/src/sys/boot/forth" directory. There was no manual entry for > rc.conf either. My system is RedHat 9.0. Any ideas where else to loo

Re: [Clamav-users] Recent CVS - broken logging to /dev/stderr ?

Steve Brown wrote: > It would appear that maybe privileges are being dropped too quickly > because with today's cvs I'm getting permission denied on /dev/stderr > with perms = rw--- root.root. It was fine (and still is) on cvs from > a few days ago. Unless I am very much mistaken, the per

Re: [Clamav-users] odd problem w/clamd

[EMAIL PROTECTED] wrote: > usually a restart of clamd does the trick, although yesterday even that > didn't seem to do the trick - after restart of clamd the message woudl > still trickle, so i rebooted the server, and everything returned to > normal... By the sounds of the above, I personall

Re: [Clamav-users] odd problem w/clamd

Odhiambo Washington wrote: > > > I run 0.85.1 on FreeBSD 4.11, 5.2.1, 5.3 and 5.4 and in all cases I > > > don't have a problem at all. None of my machines is as high specs > > > as his. > > Easy, cowboy. When he says that problems are confined to FreeBSD, > > that does not imply that all FreeBS

Re: [Clamav-users] Using clamav to scan adware

Joanna Roman wrote: > IS anyone using clamav to scan adware ? If so, have you been successful > ? Does your clamav scanner listen on port 80 only ? Or it also listens > on port 21 ? Wouldn't it just be easier to list the complete list of specific goals you wish to achieve, and then someone can

Re: [Clamav-users] Pthread error when compiling clamav

bsd wrote: > I have built on my test machine the latest version of clamav and I am > facing a pthread build problem. ./configure --disable-pthreads Matt ___ http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Pthread error when compiling clamav

Matt Fretwell wrote: > bsd wrote: > > > I have built on my test machine the latest version of clamav and I am > > > > facing a pthread build problem. > > > ./configure --disable-pthreads Just read the rest of your message and noticed you were using p

Re: [Clamav-users] Clamav + Exim on FreeBSD

jef moskot wrote: > I'm not sure that it's a new version of zlib, exactly, especially since > the problem and the fix seem to be OS-specific. > > If you have FreeBSD 5.3 or 5.4, there are explicit instructions for what > to do here: > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-0

Re: [Clamav-users] clamav only virus? - Trojan.Briss-1

Pablo Chamorro C. wrote: > What I know is clamav doesn't have a 'Virus Information Library' or > similar, that is the reason why I'm asking. If you search the archives, there have been links to comparison lists posted in the past. Matt ___ http://l

Re: [Clamav-users] uncompressed zip size of Zero

q# wrote: > Of course, but as you can see, I've created my own signature for empty > file in zip-file and it doesn't work. One might surmise, then, that you have not created it correctly? Matt ___ http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] newbie question

Christopher Scott wrote: > clamscan works just fine and, obviously, trying to run clamdscan > results in "connect(): No such file or directory > ERROR: Can't connect to clamd." > > Any ideas? /path/to/clamd Clamd has to be running to use clamdscan. Matt ___

Re: [Clamav-users] Problem to check virus within RAR archives ?

Stephan von Krawczynski wrote: > 04/11/2005 14:17:07:26333: run /usr/local/bin/clamdscan -r > --tempdir=/var/spool/qmailscan/mail-a02113111022758026333 > --disable-summary --unzip --unrar --unace --unarj --zoo --lha --jar > --tar --tgz /var/spool/qmailscan/mail-a02113111022758026333 2>&1 > 04/11/

Re: [Clamav-users] the birth year of ClamAV

Joe Yamasaki wrote: > I want to introduce ClamAV on Japanese magazine as one of > successful opensource projects. One thing I can't find is when the > first ClamAV released or this project started. It would be nice to > hear the birth year of ClamAV. Thanks for all people who made this >

Re: [Clamav-users] Re: virus detected using clamscan but not with Mail::ClamAV perl module

Dale Walsh wrote: > > Now, can we move on? Boy, some people on this list are > > cranky lately. > I can understand that the holiday season gets on people's > nerves and it doesn't take much to set someone off. What do you mean, 'cranky lately'. They're always cranky. :) (Couldn't resist). Ma

Re: [Clamav-users] The new e-mail exploit

On Tue, 21 Feb 2006 22:09:56 -0700 Philip Ershler <[EMAIL PROTECTED]> wrote: > Hi, > Will ClamAV be able to catch executable scripts hiding > as e-mail attachments any time soon? Any chance of being more specific? What type of executables? If they are virii, ( couldn't resist the temptation :)

Re: [Clamav-users] clamscan delete the entire mailbox

On Fri, 24 Feb 2006 07:56:13 +1300 Jason Haar <[EMAIL PROTECTED]> wrote: > > > > It might be best to find a scanning system that checks at > > the smtp level, rather than scanning the mailbox of the user > > manually. This would delete the virus as it's being > > transferred while preserving the m

Re: [Clamav-users] Phishing Signatures

On Sun, 26 Feb 2006 11:00:23 -0500 (EST) Krzys <[EMAIL PROTECTED]> wrote: > > I was looking for this but I did not find a lot of info about > it this morning and I was wondering if anyone could give me > some help... I would like to setup my ClamAV with Phishing > Signatures but as I said I was

Re: [Clamav-users] Phishing Signatures

On Sun, 26 Feb 2006 13:37:30 -0500 (EST) Krzys <[EMAIL PROTECTED]> wrote: > > Yes, I don't see why not, you need to add the ndb files to > > your normal virus database directory and restart clamd. > > I am so very sorry for asking such a stupid and for some > probably obvious question but how wo

Re: [Clamav-users] ping

On Mon, 27 Feb 2006 08:03:37 -0500 Mark Grieveson <[EMAIL PROTECTED]> wrote: > I just installed clamav on Debian Sarge, using packages from > the debian-volatile repository. When I test the daemon with > ping, I do not get the answer "pong", which I've read > somewhere that I should. Any idea

[Clamav-users] [OT] Rbl listing

Just as a point of possible interest, whilst testing the MSRBL list that someone mentioned the other day, noticed this: http://www.msrbl.com/site/check?ip=64.18.103.6 Might be worthwhile one of the list admins contacting the rbl admins to point out that listing a virus scanner mailing list for

Re: [Clamav-users] Disallowed characters found in MIME headers

On Fri, 03 Mar 2006 16:43:24 -0800 Alex Gottschalk <[EMAIL PROTECTED]> wrote: > This check is causing our mail server to quarentine mail sent > from PHP via postfix. It looks like it's because PHP wants > to put CRLF on the MIME headers instead of bare LFs. Is > there any way to modify or remo

Re: [Clamav-users] Sending "Sample Phishing Exploits" Stopped

On Sun, 12 Mar 2006 07:18:37 -0500 Gerard <[EMAIL PROTECTED]> wrote: > I seem to be having a slight problem with Clamav. It catches > incoming an incoming virus just fine. It also works on > phishing schemes. > > From time to time, I need to send samples of various phishing > schemes I receive to

Re: [Clamav-users] Some Help on initial configuring clamd.conf

On Sun, 12 Mar 2006 11:49:41 +0100 MP <[EMAIL PROTECTED]> wrote: > Can someone tell me the differences between clamav-server and > clamav ? what's clamav-server and do I need it ? > trying to #/sbin/chkconfig --level 2345 clamav- on, > idem for clamd.conf : what is ? > what are the differences b

Re: [Clamav-users] Some Help on initial configuring clamd.conf

On Sun, 12 Mar 2006 14:53:21 +0100 MP <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] init.d]$ more clamd.init > #!/bin/bash > # > # chkconfig: - 75 25 > # description: The clamd server running for > > CLAMD_SERVICE=clamav-server > . /usr/share/clamav/clamd-wrapper > [EMAIL PROTECTED] init.d]$ >

Re: [Clamav-users] Install help

On Mon, 13 Mar 2006 19:38:03 -0500 [EMAIL PROTECTED] wrote: > Hello all! New to ClamAV. I am using clamav .88 for linux. I > am also using Hula mailserver which scans mail using Clamav. > According to hula doco, the clamav engine must be in /usr/lib; > i install the rpm from the linux cd and then

Re: [Clamav-users] Scanning of ole objects in excel sheet

On Tue, 14 Mar 2006 09:53:42 + "B Boomerang" <[EMAIL PROTECTED]> wrote: > I have first created an .exe file containing the eicar virus > string Then I have created an excel sheet and embedded the > .exe file in it as an OLE object (the object is linked and > embedded) If I send this excel fil

Re: [Clamav-users] Progressive scan ?

On Mon, 24 Apr 2006 13:16:57 +0200 Roman ZARAGOCI wrote: > >> For example, I would want to scan only new files added to homes > >> directories or by checking the modification date of files. > >> Maybe someone has already made this sort of script ? > > > > If you run something like: > > > >fin

<    1   2