Re: [Clamav-users] Question of clamav/clamav-milter

On Sat, 2009-06-06 at 14:39 -0500, Javier Lopez wrote: > Daniel, > > How I do "the redirect" with amavisd? See http://www.ijs.si/software/amavisd/amavisd-new-docs.html#quarantine There are lots of variations, but mainly you need a $virus_quarantine_method of smtp or lmtp, and a $virus_quaranti

Re: [Clamav-users] New kind of phissing mail

On Thu, 2009-07-30 at 20:02 +0200, Jack Raats wrote: > Today I received a new kind of phissing mail. > > Spamassassin (freebsd), clamav (freebsd) and avg (windows) didn't recognised > it. > > The email had an attached word file in which the phissing was written. Yes, its a variation of one tha

Re: [Clamav-users] Building Mandriva 2009.1 RPMS

On Thu, 2009-10-29 at 22:11 -0500, Chris wrote: > Last night I attempted to build the 0.95.3 RPMS for Mandriva 2009.1 and > ran into a problem. I kept getting this error: > > 1 out of 1 hunk FAILED -- saving rejects to file > clamav-milter/clamav-milter.c.rej > error: Bad exit status from /home/ch

Re: [Clamav-users] The EOL tweets

On 4/16/10 9:03 AM, "Giampaolo Tomassoni" wrote: >> If I run a ssh service on my machine, and yes I do, I keep track of the >> ssh announce list. >> Why because I hate it to find my root password changed because there >> was a security update I didn't updated 6 months ago because an apt-get >> up

Re: [Clamav-users] clamd missed

You've got your socket named incorrectly in clamd.conf. It is overwriting the executable. You should move your socket to /var/lib/clamav. On Jul 6, 2010, at 9:22 PM, Hook wrote: > Sorry for the delayed response. > > I found that after install clamd is a ´normal exec´ file with some Kb ( lets

Re: [Clamav-users] Upcoming release of ClamAV

I compiled and installed it on Mandriva Enterprise server 5.1. No issues On Oct 23, 2010, at 10:18 AM, "Jim Preston" wrote: > > On Oct 22, 2010, at 1:56 PM, Török Edwin wrote: > >> On Fri, 22 Oct 2010 13:33:42 -0700 >> Jim Preston wrote: >> >>> no avail. >> >> Are you running it from a part

Re: [clamav-users] What happened to 12663 ?

On Feb 12, 2011, at 3:38 AM, "Steve Holdoway" wrote: > On Fri, 2011-02-11 at 21:26 -0700, Jim Preston wrote: >> >> On 02/11/2011 12:59 PM, Bowie Bailey wrote: >>> On 2/11/2011 2:17 PM, Jan-Frode Myklebust wrote: We have a strong preference to running only RHEL5+EPEL packages, so we're

Re: [clamav-users] Yet Another US Mirror Issue

> -Original Message- > From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users- > boun...@lists.clamav.net] On Behalf Of Luca Gibelli > > Hello G.W., > > > > If anyone can provide a CVD mirror in US, please contact me > directly. > > > We definitely need more capacity in the db.u

Re: [clamav-users] Help to download ClamAV 0.97.5

On 6/15/12 9:59 AM, "gene heskett" wrote: > On Friday, June 15, 2012 10:44:29 AM Matt Olney did opine: > > Is there a method that would faithfully duplicate the rpm installs image? > Install source rpm from your distro. Put the new tarball and .sig file in the SOURCES directory Edit the spec f

Re: [clamav-users] How to pick / specify the correct mirror

On 1/28/13 4:10 PM, "Noel Jones" wrote: > On 1/28/2013 2:27 PM, Benny Pedersen wrote: > >> if you used freshclam as a deamon it will update when dns is showing >> new versions, not wait one hour or more in cron to get the newest >> updates > > > Incorrect. > > When you run freshclam as a da

Re: [clamav-users] ClamAV on small memory computers

On 9/30/13 10:25 AM, "Joel Esler" wrote: > On Sep 28, 2013, at 8:04 AM, G.W. Haywood wrote: > >> On Sat, 28 Sep 2013, Boszormenyi Zoltan wrote: >> >>> The machine in question is an older thingy with 256MB memory >>> running an embedded Linux version and a special full screen application >>> ov

Re: [Clamav-users] error stops clamd

>From: [EMAIL PROTECTED] on behalf of Luca Gibelli >Hello jacusy, >> this night my clamd-process terminated with an error. The reason was >> that freshclam took too long to do its update, so that clamd could not >> lock the database. So clamd exited. But this behaviour is very fatal >> because the

Re: [Clamav-users] Greeting Card virus

>From: [EMAIL PROTECTED] on behalf of Jeff Thurston >I thought ClamAV was able to catch these "Greeting Cards from family >member", our domain keeps getting these emails in large quantities even >after upgrading to ClamAV 0.90.3 recently. As far as I know, you have to use the follow-url thingy,

Re: [Clamav-users] Mabezat virus not detected

On Thu, 2008-12-04 at 18:37 +0200, Zvi Kave wrote: > I forgot to specify that it is ClamAV 0.94.2 in Fedora 8. > sigtool -l shows this: > # sigtool -v -l | grep -i mabezat > W32.Mabezat-1 > W32.Mabezat-2 > W32.Mabezat > W32.Mabezat-3 > > NODE32 detects it from Windows as W32/Mabezat.A Have you su

Re: [Clamav-users] Twitter

On Thu, 2008-12-04 at 12:45 -0500, Nigel Horne wrote: > Folks, > > We'd like to hear any feedback people have who are following our Twitter > channel at http://twitter.com/clamav. the RSS feed from twitter truncates it much shorted, and you have a lot of repeated characters, so it's not as usefu

[Clamav-users] Why are new releases listed as "bugfix" rather than "security" releases?

A new version of clamav was released this week, along with the typical "this is a bugfix release" announcement. Along comes the end of the week, and SANS reports a vulnerability [1] in the previous version. It's a lot easier to get linux distro folks to make new packages for security releases. W

Re: [Clamav-users] Twitter

On Wed, 2008-12-10 at 13:59 -0500, Nigel Horne wrote: > McDonald, Dan wrote: > > > how about: > > Daily CVD 8721 (sigs: 32788, new: 1) at 04 Dec 2008 13-26 + > > Thank you for your suggestion. It's a great idea so we've made the change! I noticed. It

Re: [Clamav-users] Mandriva 2009 and ClamAv

On Tue, 2008-12-30 at 15:17 -0600, Chris wrote: > I'm working on updating my old Mandrake 10.1 system to Mandriva 2009, what > a pain, anyway, using urpmi I installed 94.2. When trying to start it I got a > 'command not found' and noticed that in /usr/bin there is no clamd file. > There > is a

Re: [Clamav-users] Problem Reloading Database during self check

On Fri, 2009-01-02 at 10:24 -0500, Frank DeChellis wrote: > Hi there and happy new year. > > We are running ClamAV 0.94.2 . Just installed it 2 hours ago. When it does > the self check and reload I get this message: > ERROR: Command: readsock() failed. > Socket file removed. > ERROR: Can't unlink

[Clamav-users] Daily 8867?

According to the twitter feed, Daily 8867 had 1325 new signatures. But the [clamav-virusdb] mailing doesn't have a single entry without "Added: No". Where do the 1325 new entries come from? -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signatu

Re: [Clamav-users] Is there any maintenance

On Fri, 2009-02-06 at 10:08 -0800, Madhuri Somavarapu wrote: > Hi, > > I installed clamav on my machine. I am using it for scanning files not > for my mail server I want to know what kind of maintainence needed for > this software (Like upgrades). Upgrades are not automatic, so watch the user lis

Re: [Clamav-users] OS X malware

On Wed, 2009-02-18 at 14:03 -0700, s...@softhome.net wrote: > Please forgive me for raising this question. When can we expect the OS X > malware submitted to ClamAV to be included in the database. Are you submitting samples? If no samples are submitted, then there is nothing for the Clamav team

[Clamav-users] Stop it already! (Was: please remove)

From: clamav-users-boun...@lists.clamav.net on behalf of Nathan Brink #Charles Gregory wrote: #> More often than not, I see this kind of thinking as *policy* but without a [...] #> #Wouldn't this easily break threading? In this case, the respondent [...] Not germane to clamav - please send fo

Re: [Clamav-users] 0.95RC1 availability

On Fri, 2009-02-27 at 15:36 -0500, James Kosin wrote: > Nigel Horne wrote: > > Folks, > > > > 0.95 RC1 was published on Wednesday 25/2/09. > > > Nigel, > > Compiles and links in FC1. I know it is old; but, nothing is broken in > the compiling. Just finished altering the mandriva spec file so i

Re: [Clamav-users] 0.95RC1 availability

On Fri, 2009-02-27 at 14:48 -0600, McDonald, Dan wrote: > On Fri, 2009-02-27 at 15:36 -0500, James Kosin wrote: > > Nigel Horne wrote: > > > Folks, > > > > > > 0.95 RC1 was published on Wednesday 25/2/09. > > > > > Nigel, > > > >

Re: [Clamav-users] 0.95RC1 availability

On Fri, 2009-02-27 at 23:34 +0200, Török Edwin wrote: > On 2009-02-27 22:58, McDonald, Dan wrote: > > This is new. Is there another library that has been added to the > > requirements? > > > > Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file &g

Re: [Clamav-users] 0.95RC1 availability

From: Török Edwin >On 2009-02-28 01:11, McDonald, Dan wrote: >> On Fri, 2009-02-27 at 23:34 +0200, Török Edwin wrote: >> >>> On 2009-02-27 22:58, McDonald, Dan wrote: >> >>> This is new. Is there another library that has been added to the >>&g

Re: [Clamav-users] 0.95RC1 availability

From: Török Edwin >On 2009-02-28 17:35, McDonald, Dan wrote: >> From: Török Edwin >> >>> On 2009-02-28 01:11, McDonald, Dan wrote: >>> >>>> On Fri, 2009-02-27 at 23:34 +0200, Török Edwin wrote: >>>> &

Re: [Clamav-users] clamunrar_iface (was clamav 0.95RC1 availabilty)

From: Török Edwin On 2009-02-28 17:56, McDonald, Dan wrote: >> From: Török Edwin >> >> >> dlopen does look for .so files, if the .la are not found, but it is not >> finding it, >> since the code is looking for /usr/lib/libclamunrar_iface.so instead of

Re: [Clamav-users] clamunrar_iface

From: Török Edwin >On 2009-02-28 18:08, McDonald, Dan wrote: >> From: Török Edwin >> On 2009-02-28 17:56, McDonald, Dan wrote: >> >>>> From: Török Edwin >>>> >>>> >>>> dlopen does look for .so files, if the .la are not f

Re: [Clamav-users] [sanesecurity] clamd now crashes

On Mon, 2009-03-02 at 12:41 +, Steve Basford wrote: > > Having used clamd for several years without it ever crashing, I am now > > faced with it crashing quite often. This follows me setting up the new > > sanesecurity system! > Some users are seeing no problems, other are - which is the frus

[Clamav-users] test for SafeBrowsing?

Is there a test string I can use to see if the SafeBrowsing code is working properly? I've just set up 0.95RC2 with SafeBrowsing enabled. I've sent an EICAR and detected that, and scanned the /usr/share/doc/clamav-0.95/test/ directory to find ClamAV-Test-File, but I would like to see a SafeBrowsin

Re: [Clamav-users] test for SafeBrowsing?

On Tue, 2009-03-17 at 14:08 +, Steve Basford wrote: > > Is there a test string I can use to see if the SafeBrowsing code is > > working properly? I've just set up 0.95RC2 with SafeBrowsing enabled. > > I've sent an EICAR and detected that, and scanned > > the /usr/share/doc/clamav-0.95/test/ d

Re: [Clamav-users] test for SafeBrowsing?

On Tue, 2009-03-17 at 14:08 +, Steve Basford wrote: > > Is there a test string I can use to see if the SafeBrowsing code is > > working properly? I've just set up 0.95RC2 with SafeBrowsing enabled. > > I've sent an EICAR and detected that, and scanned > > the /usr/share/doc/clamav-0.95/test/ d

Re: [Clamav-users] test for SafeBrowsing?

On Wed, 2009-03-18 at 07:20 -0700, Dennis Peterson wrote: > Erwan David wrote: > > On Wed, Mar 18, 2009 at 01:55:14PM CET, Dennis Peterson > > said: > >> Moray Henderson (ICT) wrote: > From: Török Edwin [mailto:edwinto...@gmail.com] > >> Try using for the URL. > >> > > Is that a

Re: [Clamav-users] Problems builing in solaris related to unrar libraries

On Thu, 2009-03-26 at 17:16 -0400, Vigil, Joe wrote: > My environment: > AIX 4.3.3 (yeah, I know it's old) > GCC 2.95.2 > Clamav v0.95 > > I'm getting the same error " LibClamAV Warning: Cannot dlopen: file not found > - unrar support unavailable". > I've tried setting the LIBPATH va

Re: [Clamav-users] News about 0.95

On Tue, 2009-03-31 at 12:11 +0200, Matus UHLAR - fantomas wrote: > > Matus UHLAR - fantomas wrote: > > > Hmm, there could be an option for not rejecting signatures like > > > *.Phishing.* or Safebrowsing.* > > On 31.03.09 11:46, aCaB wrote: > > If you want to fine tune detection based on malware n

Re: [Clamav-users] clamav-milter in 0.95

On Sat, 2009-04-18 at 16:25 +0200, Greg McCarthy wrote: > In the previous versions of clamav I used to run: > > /usr/local/sbin/clamav-milter -ol $CLAMAV_MILTER_SOCKET > --postmaster-only --postmaster=not...@domain.com > --quarantine-dir=/var/mail/quarantine > > I've just upgraded to 0.95 Not 0

Re: [Clamav-users] clamav-milter in 0.95

ing I did manage to find the option to add in > the headers. Still can't get the postmaster bit sorted out though. Let > me search further :) > > > On Sat, Apr 18, 2009 at 4:36 PM, McDonald, Dan > wrote: > > On Sat, 2009-04-18 at 16:25 +0200, Greg McCarthy wro

RE: [Clamav-users] Bagle.N Virus cannot be detected by local clam scan

From: Ling Ho [mailto:[EMAIL PROTECTED] >One of my user (and possibly another) received a mail with an attachment >Document.zip and password in a jpeg file. McAfee detected it as Bagle.N and >ClamAV website site detected it as Worm.Bagle.Gen-zippwd-2 . However, when I ran >clamscan on my Linux mail

[Clamav-users] Request: Add virus counts to Virusdb Update message

To keep track of clamav, I generally have a tail -f /var/log/clamav/clamd.log running on each of my mail servers. That lets me know when the database is updated: there is a helpful line that says the database is reloaded and the number of viruses protected against is X. It doesn't, however, tell

RE: Re: [Clamav-users] ERROR: Parse error at line 67: Unknown opt ion ThreadTimeout

>From: Mário L. Ghoneim >Sent: 5/28/04 6:13 AM >Subject: Res: Re: [Clamav-users] ERROR: Parse error at line 67: Unknown option ThreadTimeout >Seems like the problem is a mixed installation of old/new ClamAV. >It´s true. >I upgraded from 0.68. >So, how can I to fix it? First, rename the optio

RE: [Clamav-users] Downloading virus base manually?

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mikhail Ramendik Sent: Tuesday, February 08, 2005 4:50 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Downloading virus base manually? >I looked at the clamav.net site and could not find a way to download a fresh >base with

RE: [Clamav-users] Latest virusdb update - mismatched signature c ount?

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of At 12:48 PM 3/17/2005, [EMAIL PROTECTED] wrote: >>you've broken something in the distributed CVD's. i've seen other reports >>of this problem today. >correction, the other reports are regarding changes to the C

RE: [Clamav-users] Report Phishing attacks?

Julian Mehnle wrote: >Trog wrote: >> Julian Mehnle wrote: >> > Trog wrote: >> > > Robert Stampfli wrote: >> > > > My question: Does the ClamAV team want examples of these >> > > > phishing emails submitted to them through their >> > > > interface? >> > > >> >

RE: [Clamav-users] Re: [Clamav-virusdb] Update (daily: 822)

-Original Message- >From: [EMAIL PROTECTED] >Sent: 4/12/2005 7:23 AM >Subject: [Clamav-users] Re: [Clamav-virusdb] Update (daily: 822) >Not complaining, but am I the only one on the Clamav-virusdb list that >received the notice 3 times ? No, I got three copies as well. They came 2 minute

[Clamav-users] 0.85 - no attTNEFVERSION defined

I tried to build an rpm of 0.85, and got the following error: gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -O2 -fomit-frame-pointer -pipe -march=i586 -mtune=pentiumpro -fno-omit-frame-pointer -MT tnef.lo -MD -MP -MF .deps/tnef.Tpo -c tnef.c -fPIC -DPIC -o .libs/tnef.o tnef.c: In f

RE: [Clamav-users] viruses that forge from: and/or envelope sende r addresses

-Original Message- From: Jesse Guardiani >Is there a database anywhere that lists all the viruses >that forge addresses? There may be, but can you react quickly to a new one? >I'd like to prevent my server from sending out false >notification messages. I've come to the conclusion that i

RE: [Clamav-users] Digital Signatures warning

>From: Eric Rostetter [mailto:[EMAIL PROTECTED] Quoting Flinn Mueller <[EMAIL PROTECTED]>: >> You are missing GMP, install then rebuild with support for it. >Or, more specifically, the RH gmp-devel RPM. For Mandrake users, it's libgmp3-devel, but `urpmi gmp-devel` figured it out.

Re: [Clamav-users] Config problem with 0.90RC1

On Mon, 2006-10-16 at 14:23 +0100, Stephen Gran wrote: > On Mon, Oct 16, 2006 at 08:55:24AM -0400, Robert Blayzor said: > > Balzi Andrea wrote: > > > FixStaleSocket > > > Remove stale socket after unclean shutdown. > > > Default: disabled > > > > > > What are the value