> From: Gavin Aiken [mailto:[EMAIL PROTECTED]
> The only case I'm worried about is what happens if our primary MX (which is
> my box and had clamav installed) is offline for whatever reason (eg SDSL
> down), and the mail gets routed via our secondary MX machines, which are at
> Easynet and don't do
> From: Jim Maul [mailto:[EMAIL PROTECTED]
> Quoting Shayne Lebrun <[EMAIL PROTECTED]>:
>
> >> I like virii - it sounds important and like something
> >> that can be on the ER equivalent for geeks...
> >
> > Perhaps, but if you were to actually pluralize it using
> Latin rules, the
> > result wou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Silly Billy wrote:
> while executing this command to configure Clamav ...
>
>
> perl -pi -e "s/^LocalSocket /tmp/clamd/LocalSocket
> /var/run/clamav/clamd/g" /etc/clamav.conf
>
You're using slashes as your s/// delimeter and also as your directory
Damian Menscher wrote:
> For most mailserver admins, the danger of losing our jobs
> is much greater if we tempfail all incoming mail due to a clamav crash
> than is the danger of losing our jobs due to a couple of viruses leaking
> through.
s/most/some/;
Spoken as one who has never gotten burned
Rajanikanth P wrote:
> Hello D.J. Fan,
>
> But i have a problem here. Assume that clam updates are published at
> 6:10 Pm. I check for new updates at 6:05 so the next time i gonna
> check is at 7:05 it just means that after 55 mins i got the updates.
> And within this 55 minutes thousands and thou
Matthew van Eerde wrote:
> Rajanikanth P wrote:
> > Hello D.J. Fan,
> >
> > But i have a problem here. Assume that clam updates are published at
> > 6:10 Pm. I check for new updates at 6:05 so the next time i gonna
> > check is at 7:05 it just means that after 55 mins i got the updates.
> > And wi
Damian Menscher wrote:
> It's really not hard to figure out the best time to update.
> Just write
> down all possible minutes, and cross off those that the average idiot
> would pick. ;)
>
> Damian Menscher
"Average idiot"s don't use freshclam. It takes a very special kind of idiot. ;)
Serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sean Hafeez wrote:
> I have a 384k line and someone is trying to send me a 100mb
> pdf. Can I
> set the time line higher or set it to just let the file thru?
:-O
My advice - get a gmail account and have them send it there.
[EMAIL PROTECTED]
Brad Morgan wrote:
> Does anyone know if ClamAV has been packaged with any of the
> Live Linux CDs?
>
> I've got a Windows PC that keeps rebooting over and over and
> we suspect a
> virus. It would be nice to have a Live Linux CD with ClamAV that can
> freshclam somehow and then scan the PC harddr
Steffen Heil wrote:
> Hi
>
>> We have Clam Av installed and running. It is blocking virus e-mails
but
>> is not generating any notification.
>
> ... PLEASE only send a notification to the
> intended user, NOT to the author. This would cause lot of
> collateral damage.
With one caveat.
It is per
Nigel Horne wrote:
> On Monday 20 Sep 2004 22:45, Jonathan Pitcher wrote:
>> Is it possible to send a message onto the user that they had an
>> e-mail blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus
>> sent to them?
>
> Yes it is, though the first option is not advisable. You c
There seems to be a problem with clamav-milter's --pidfile option.
It successfully writes the PID to the file but then it also puts a trailing newline.
This makes it unsuitable for the standard
kill `cat /the/pidfile`
trick.
As a workaround this seems to work:
kill `head --bytes=-1 /the/pidfil
Matthew.van.Eerde wrote:
> There seems to be a problem with clamav-milter's --pidfile option.
I retract this. The --pidfile option is fine.
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to re
Doug Hardie wrote:
> On Sep 24, 2004, at 13:48, <[EMAIL PROTECTED]> wrote:
>
>> Matthew.van.Eerde wrote:
>>> There seems to be a problem with clamav-milter's --pidfile option.
>>
>> I retract this. The --pidfile option is fi
Simon Christian wrote:
> Anyway, could
> someone please give me some reasons why this error might occur.
>
> Cheers
>
> Simon
There's some confusion here.
There need to be TWO sockets. One is for clamd. The other is for clamav-milter.
sendmail.mc needs to point to the clamav-milter socket. cl
gt;>>
>>> Any ideas how I can achieve this ?
>>
>> Use the --advisory flag of clamav-milter.
>>
>>> Marvin
>>
>> -Nigel
>
>
> But I'm, not using sendmail.
You're not? Why? ;)
You might find it easier to get help if
to add a header with a
virus name. I use clamav-milter which does include the virus name in the REJECT
message.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift"
marvin wrote:
> cgpav is open source
Ah! That's a good thing.
You might try grep'ing the source for X-Virus-Flag to see where the header is added.
If you're lucky it will be simple to add the virus name as well.
Matthew.van.Eerde (at) hbinc.com 805.964.
Salvatore Basso wrote:
> Hi, I have the following problem with clamav 0.75.1 on fc 2:
>
> [EMAIL PROTECTED] Archive-Zip-1.13]# /usr/local/bin/freshclam -d
> ERROR: Can't open /var/log/freshclam.log in append mode.
> ERROR: Problem with internal logger
Maybe you have another freshclam running? I
Todd Lyons wrote:
> Kevin Old wanted us to know:
>
>> /usr/bin/ld: cannot find -lgssapi_krb5
>> ...
>> The weird part is, I've checked my /etc/ld.so.conf file and it
>> lists: /usr/kerberos/lib /usr/X11R6/lib
>> /usr/lib
>
> That is for runtime. The issue you're having is that it cannot find
> t
Rodney Green wrote:
> Greetings!
>
> I have just upgraded to the latest version of ClamAV that is said to
> be able to detect the new JPEG vulnerability. I'm using ClamAV with
> MailScanner to scan e-mail. How can I test to see if ClamAV is indeed
> detecting the JPEG exploit?
>
> Thanks,
> Rod
Kevin Old wrote:
>> Can I just link libgssapi_krb5.so to libgssapi_krb5.so.2 in
>> /usr/kerberos/lib?
>
> I just did this and now during make I get:
>
> /usr/bin/ld: cannot find -lkrb5
>
> Guess that didn't fix it.
>
> Any ideas?
>
> Kevin
What I meant was
For every X in /usr/kerberos/lib:
l
Sasa Stupar wrote:
> Just forgot to mention that I am running Clamav 0.75.1.
>
> At 20:34 5.10.2004 +0200, you wrote:
>> I am running a clamav-milter with sendmail 8.13.0. I have made a
>> test at www.testvirus.org and two tests passed thru: #24 and #25.
>> In explanation it says that it should de
Marcus Habermehl wrote:
> ERROR: Can't open /var/log/freshclam.log in append mode.
> ERROR: Problem with internal logger.
>
> Is there a general problem with my installation of clamav?
>
> Marcus
The user you're running freshclam as doesn't have permissions to make files in /var/log
Here's what
as to what the use of the Checks setting is if -d doesn't work with it.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift&q
ced in two different branches, in the rare event of a first-hop caller
going down.
Just a wild idea. The DNS thing works great.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/
it.rd, for
example)
If you run freshclam from /etc/cron.something/ then don't use the -d flag.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shi
as days go by.
You set the update frequency in /etc/freshclam.conf as Checks - the update frequency
is )
"(Checks) times per day" for freshclam -d. If you run freshclam via cron.hourly,
leave off the -d.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business
clam
You're fine here
> Hopefully you're not running a freshclam -d from /etc/cron.daily or
> you'd be running more and more freshclam processes as days go by.
OK, this isn't happening, good
> my value is 'Checks 24', but why the up
Matthew.van.Eerde wrote:
>>> cat /etc/freshclam.conf
>> # Number of database checks per day.
>> # Default: 12 (every two hours)
>> Checks 24
> OK, so it checks 24 times a day - once every hour
> If you want it to check every 30 minutes, change this to 48
> If
item to a temporary file
Scan the file
Accumulate an infection report
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "
gt;
> Matt
Umm... yes... so long as you don't scan the Exchange .edb or .log files.
That's a good way to corrupt your information store. But you could presumably
run the above procedure using a Scheduled Task from the server, assuming you
installed ClamWin and Perl (and Ne
leged mailbox using a privileged user
account
2) Works from Perl?
Possible candidates: IMAP, POP3, MAPI (is there a Mail::MAPI module?), DAV (I
use this to keep track of mailbox sizes)...
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
be catching.
ClamAv is marketed as an antivirus tool. I think, as you say, there is a need
for a generic anti-malware tool. But don't call it clamav.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e
sdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_imessage_htmlbody.asp
"When... you set the HTMLBody property, Microsoft Collaboration Data Objects
(CDO) automatically sets the TextBody property to the plain text equivalent."
Matthew.van.Eerde (at) hbinc.com
Peter J. Holzer wrote:
> Otherwise, if it is HTML, filter it through w3m, lynx, or some other
> html to text converter.
This is the dangerous part. If there's going to be any way for a malignant
HTML email to overflow a buffer, it's here.
___
http://li
n't you save CPU by
PIF-blocking the attachment, then scanning it later (during off-peak hours, or
in a nice process) to find out what virus it was?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"ma
s other vendors
will update first. If you scan in series you'll get the best of both worlds.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}s
John Madden wrote:
>> Just stop mail with certain attachments
>> (.bat/.com/.scr/.cpl/.ectect) at the door.
>
> Well of course, and we currently block RAR's because of the license
> issues, but that doesn't help the zip file situation. ...Perhaps
> amavisd can.
>
> John
What we do:
If a zip fil
.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
http://lurker.clamav.net/list/clamav-users.html
ahellary wrote:
> i STILL cannont get either version .81 or .82 to detect any virus
Try 0.83?
> its slackware
I've got 0.83 running OK on slackware... but I had to upgrade zlib... do you
get any make errors?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispan
Keith Patton wrote:
> ahellary wrote:
>> ... on our qmail...
> Look at http://www.mimedefang.org
But MIMEDefang is a sendmail-only milter...
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e
with a certificate and
give the clients his public key so they can confirm he was the one who wrote it.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjh
Dennis Peterson wrote:
> Now if we can make people aware of the evils of out-of-office
> auto-responders...
I know! Why isn't there an SMTP code for this?
-> RCPT TO: <[EMAIL PROTECTED]>
<- 2?0 OK, but he's out of the office right now
-> RSET never mind then
M
Tim Howell wrote:
> Several of my users have received the virus classified by ClamAV as
> Worm.Sober.K today...
>
> How should I go about tracking this down?
Find a particular infected message and check the logs for errors or warnings
around the time the message went through
Matth
re is no point in spam scanning a file if it has
been identified as a virus.
Of the two processes (spam scanning and virus scanning), spam scanning is more
resource-intensive (at least the way I do it) - so I virus scan first, and
spam-scan second.
Matthew.van.Eerde (at) hbinc.com
s own SpamAssassin object which is quite big. I've been toying
with the idea of writing a SpamAssassin::Client module to emulate spamc, but
haven't done anything serious with it. I know someone else got a working
prototype together.
Matthew.van.Eerde (at) hbinc.com
#x27;s not
> over-written)? Probably not, but I thought I'd ask. :)
Sounds like a feature request to me... "can we have a user.cvd file" (in
addition to main.cvd and daily.cvd)
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
ClamAV will load it after
the official .cvd files. You need not to sign the .db file.
I presume clamd needs to be HUP'd?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a
Therefore - in my opinion - ClamAV should limit itself to detecting (and
rejecting) threats of the first kind by default. If an option is added to
detect and reject threats of the second kind, that can only be a good thing -
so long as it is an option.
Matthew.van.Eerde (at) hbinc.com
people from registering a domain like onlinebanking.example and
then sending out - perfectly legitimately - from [EMAIL PROTECTED]
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;
:
> X-MS-TNEF-Correlator:
> Thread-Topic: [Clamav-users] New Virus?
> Thread-Index: AcU2HfVJlXoUlYzJRuC2osx2VBm8CwABWsIg
>
> Looks like you have reason to deploy security by obscurity.
FWIW recent versions of Outlook block user access to received attachments of
the form .exe .com
Carl Thompson wrote:
> I can only get clamd to open port 3311 as a listening TCP socket.
Default is 3310, no? Why can't you open port 3310? Is there something else
already listening?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiver
ne, and tell
clamav-milter to communicate with clamd on the other machine?
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
Nigel Horne wrote:
> On Thursday 14 Apr 2005 01:12, [EMAIL PROTECTED] wrote:
>
>> You're correct, clamav-milter won't listen on a TCP port, only on a
>> local socket.
>
> Wrong.
*removes foot from mouth* oops, sorry...
Matthew.van.Eerde (at) hbinc.com
x] spam
[x] stupid jokes
[x] urban myths
[x] (company) will pay you $ for every person you forward this to
[x] cute puppies
[x] sob stories
...
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a
op me if I'm wrong but I think that's just the way sockets work.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,
k of 0/1/2 as
No/Yes/Maybe (where Maybe includes the subcases "I can't tell because I can't
unencrypt the file" and "I can't tell because I wasn't able to allocate memory"
and "I can't tell because...")
You could adopt a policy that "yes, pa
lockEncrypted, it should
> never be 2.
Matter of opinion. I wish ArchiveBlockEncrypted were the default. Guess it
depends on what you use ClamAV for.
I guess an additional ArchiveIgnoreEncrypted (return 0) option would make us
both happy.
Matthew.van.Eerde (at) hbinc.com
lamav.net 80.69.66.9 BIND: 9.2.3
ns5.clamav.net 213.92.8.2 BIND: 9.3.1
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg
/bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null`
2> /dev/null || true
endscript
}
I use defang as a generic "mail administration" group, which is why that group
gets read access.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
His
ue. ( Unless spammers have a
>>> predilection for make up :)
>>
>> Hmm. I guess aspell thinks that is a word... and probably some
>> spammers do, rofl.
> It IS a word...just not the one you wanted. swine spellchekers
On that note:
http://jobsearch.monster.com/jo
cepting mail though it is configured identically :-?)
I'm using both clamav-milter and MIMEDefang (which prints directly to
clamd.sock)
This behavior is new as of 0.85.1
What could I be doing wrong and how do I fix it?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
rror db.us.clamav.net
DatabaseMirror database.clamav.net
Checks 24
NotifyClamd
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,&quo
Matthew.van.Eerde wrote:
> Damian Menscher wrote:
>> On Wed, 18 May 2005 [EMAIL PROTECTED] wrote:
>>> LibClamAV Warning: Not reloading database until idle - waiting for 2
>>> children
>>
>> Could you tell us how you're running clamav-milter? Speci
file was quarantined (I consider this a feature)
#27 was rejected with:
virus Exploit.Zip.ModifiedHeaders detected by ClamAV - http://www.clamav.net
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Soft
has settled, there should be
plenty of time to agree on what to call each virus.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;prin
ever read the Debug setting since it
> doesn't get restarted. clamscan doesn't use the clamd daemon, so you
> accomplish all that is asked without having to potentially damage the
> flow of mail across your machine.
Or just use clamscan --debug?
--
Matthew.van.Eerde (at)
.rp wrote:
> Is there a build anywhere that will run under NT4 ?
This is a good place to start looking:
http://www.clamav.net/binary.html#pagestart
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl
hrough clamd.sock than it would be to connect to a
TCP socket.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjh
.2.1, 5.3 and 5.4 and in all cases I
> don't have a problem at all. None of my machines is as high specs
> as his.
Easy, cowboy. When he says that problems are confined to FreeBSD, that does
not imply that all FreeBSD installations will have problems.
--
Matthew.van.Eerde (at) hbinc
r are suffering from I/O
> wait and it fixes when you kill the thread that's analizing that big
> email.
Mounting /tmp as a tmpfs file system can be a real performance lifesaver for a
busy clamd setup.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Busi
cy dependant. The only answer is "it's up
> to you".
There was (still is?) a bug in recent clamav-milter thread handling that caused
it to time out if it did the work itself. I was forced to start it with
--external which passes the work to running clamd daemon
1123120121120120
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
http://lurker.clamav.net/list/clamav-users.html
ormly let through, or uniformly block, all encrypted archives.
If you want sophisticated zip file handling, consider MIMEDefang [1] and
Archive::Zip
[1] www.mimedefang.com
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDivers
fang - it's a
generic Active Directory to sendmail access database script
There's a version for Exchange 2000 and another for Exchange 5.5
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"
nder their own control,
with malicious virus definitions. I'll let everyone imagine the worst-case
consequences of that.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}s
age before accepting the update, that would
mitigate this concern.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wpr
rm.
You might be able to do something to the effect of:
1) Recognize the initial packet of the zip file
2) Accumulate all future packets of that stream
3) Put all the packets together to get the complete zip file
4) Decompress the zip file
5) Scan the decompressed contents
--
Matthew.van.Eerde (a
il?
RSET should be enough. Unless the user is really committed to infecting
themselves, and astoundingly resourceful.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-
and going in my environment?
No.
> TIA for any pointers or URL's where I can RTFM.
www.mimedefang.com
www.spamassassin.org
www.clamav.net
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
http://lurker.clamav.net/list/clamav-users.html
you really can telnet to a socket.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
__
ough cron (without the -d.) Do not run
freshclamd -d through cron or you'll be running multiple daemons and eventually
bring your machine to its knees.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl
rupt .zip files (with unreasonable zip header values)
should NOT be considered viruses by default. If there is an option to turn
this on, fine, but this is pushing the envelope a bit too far for me.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireD
0 - ?
0 - ?
- ?
0 - ?
1 - ?
1 - ?
Your sig doesn't seem to match the published doc format.
What does sigtool -i ./local/empty.zmd say?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -
q# wrote:
> Wrong signature format: zmd != ndb
Alright - where's the documentation of the zmd database format?
Does sigtool --list-sigs | grep "Zip.Empty" have any output? That should at
least verify whether the sig is being loaded.
--
Matthew.van.Ee
identical MX's with spam- and
virus-filtering on both. That way if a box breaks the mail still flows.
The mail must flow.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
Thomas Cameron wrote:
>> 2005-08-27 smX-0.0.Beta0.0 has been released. Do you have a plans
>> on adaptation clamav-milter for smX ?
>
> What is Sendmail X? Enquiring minds want to know!
http://www.sendmail.org/sm-X/
--
Matthew.van.Eerde (at) hbinc.com 805.964.
eerfully accept pointers if I missed something.
Make sure your machine has enough RAM for your load as disk I/O is a real
bottleneck.
Are you doing synchronous syslogging? Try asynchronous (just add a "-" in the
right place in syslog.conf)
--
Matthew.van.Eerde (at) hbinc.com
e socket create itself
sleep 2
fi
}
Note -e is --external
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
av-milter uses /etc/clamd.conf to a certain extent, but has many other
options that can only be specified at the command line. man clamav-milter for
the gory details.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html
frequently-made customization to mimedefang-filter is to change
action_discard to action_bounce for suspicious characters. That at least takes
care of false positives. YMMV.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic
le/File-Scan-1.43.tar.gz),
> that also can report things as suspicious.
Bingo...
Fortunately, MIMEDefang allows multiple virus scanners.
Fortunately, MIMEDefang logs virus detections.
Unfortunately, MIMEDefang doesn't include which scanner caught the virus.
--
Matthew.van.Eerde (at) hbinc.com
s-Status: Clean
>
Are you using --external?
How does clamav-milter know when new virus definitions are available? I assume
freshclam doesn't notify clamav-milter threads.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com
nition update notification becomes
important. How/when does clamav-milter find out about virus definition updates?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
___
ht
fault here.
Hmm...
Is clam 0.87 a fresh install or an upgrade or an uninstall/install? Are you
using precisely this release?
http://sourceforge.net/project/showfiles.php?group_id=86638&release_id=356974
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispani
ith a solution shortly though, I
> may need to downgrade back to 0.86.
Have you tried running clamd and using --external on clamav-milter?
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.co
out there that make a copy of
all incoming mail they scan. Maybe that would be useful... you might install
one of these archive milters, making sure it appears before clamav-milter in
the list of milters... then when a thread goes haywire, check the last few
emails in the archive for fishynes
ter.sysconfig
### Simple config file for clamav-milter, you should
### read the documentation and tweak it as you wish.
...
--noreject
...
he has it set to absorb viruses (don't reject, don't deliver, don't bounce)
--
Matthew.van.Eerde (at) hbinc.com 805.964.45
; Rather convenient of you to snip THE NEXT LINE:
> -obl local:%{_localstatedir}/clamav/clmilter.socket
>
> Note that the -b is short for --bounce.
Missed that one. So he has both --bounce and --noreject??? LOL
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispani
1 - 100 of 149 matches
Mail list logo
