* Константин Белозеров :
> Hello.
>
> Error when building from source anti-virus in the operating system
> GNU/Linux Debian 7.1 Performed make check VG=1. But to no avail.
But which error are you getting?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
r
* Константин Белозеров :
> Errors are listed in log file.
Would you mind pasting them here?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Ber
st since you don't have
valgrind
installed
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT
IAL FOUND
> /home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL FOUND
> /home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL FOUND
>
> But https://virustotal.com thinks otherwise.
It's an UNOFFI
* Gene Heskett :
> > It's an UNOFFICIAL pattern, not a core clamav pattern
>
> Still, is it not un-needed noise?
It's obviously a FP, but calling it un-needed noise is a bit off. If
the pattern were correct and would find a real virus, is it not
un-needed noise?
> 2. Up to now, I never got a notification, although "Notify me" was checked.
Indeed. I also submitted quite a lot of malware and never got a
notification (in years!)
> 3. Why shall we not post more than two sample files per day ?
I also wondered about that.
--
Ralf Hil
rom freshclam?
> All of them are failing since last night on all of our servers.
>
> Probed are:
> 178.63.73.246
> 84.39.110.99
> 88.198.17.100
http://lutz.donnerhacke.de/Blog/ClamAV-aktualisiert-sich-nicht-mehr
--
Ralf Hildebrandt Charite Universitätsmedizi
* Joel Esler (jesler) :
>
>
> http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
Are these signatures already active?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.c
can together with clamd eliminated the long startup time.
> does it provide any added features or functionality not already present
> with freshclam + clamscan running on-demand from cronjobs?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@c
dy did a FP report. It happened with PDFs from "Springer
Medical". had to diable that signature.
> I hope there are some additional FP-Reports from other people regarding this
> virus to review this signature.
Yep.
--
Ralf Hildebrandt Charite Universitätsmedizin
* Al Varnell :
> Has anybody submitted a PDF yet?
Of course.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzw
* Al Varnell :
>
> On Wed, Nov 30, 2016 at 02:33 AM, Ralf Hildebrandt wrote:
> >
> > * Al Varnell :
> >> Has anybody submitted a PDF yet?
> >
> > Of course.
>
> Hash?
8d62c398679ab6c7b85749eacf7a9a80
--
Ralf Hildebrandt Cha
* Ralf Hildebrandt :
> * Al Varnell :
> >
> > On Wed, Nov 30, 2016 at 02:33 AM, Ralf Hildebrandt wrote:
> > >
> > > * Al Varnell :
> > >> Has anybody submitted a PDF yet?
> > >
> > > Of course.
> >
> > Hash?
>
&
* Bengt H. :
> Unsubscribe please
List-Unsubscribe:
<http://lists.clamav.net/cgi-bin/mailman/options/clamav-users>,
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.c
t this, could anyone comment?
They probably mean the exploit code used in operation Grizzly Steppe
ATP 29, APT 28, Cozybear, Fancybear, Sandworm, Sofacy etc.
https://www.dhs.gov/news/2016/12/30/executive-summary-grizzly-steppe-findings-homeland-security-assistant-secretary
--
Ralf Hi
* ANANT S ATHAVALE :
> Hi List,
>
> One of the .pptx file which was attached is getting detected as VIRUS:
> Win.Exploit.CVE_2016_3301-6210129-0. As it is a official document and can't
> to uploaded for submission. How to manually verify?
What do you want to verify?
digits in Subject or Body)
You'd probably need to use amavisd-new
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ral
* Török Edwin :
> On 2011-06-29 17:01, Michael Scheidell wrote:
> >
> >
> > On 6/29/11 9:24 AM, Michael Scheidell wrote:
> >> Ok, so not just me.
> >>
> >> I am going to ask Ralf Hildebrandt what version of os he is using.
> >> maybe w
c5aab:1317888) FOUND
What am I doing wrong here? Running clamv 0.97.3
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt.
* Alain Zidouemba :
> Ralf,
>
> We got your FP reports and will address them today.
Thanks :) But the original question remains in case I need to
whitelist a signature.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus
* Bill Maidment :
> > What am I doing wrong here? Running clamv 0.97.3
>
> It's the same story here. We've had to switch off all bytecode rules in
> the conf file. Not ideal.
Sound like one cannot whitelist a bytecode signature?
--
Ralf Hildebrandt
t emit a line number. Fields are not seperated with : but with ;
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
G
* Jan-Pieter Cornet :
> I haven't got any experience with IRIX, but I do wonder: why are you
> using tits for testing purposes? That seems inappropriate.
No, he's using un-tits. Everything but tits. E.g. a canary would be an
un-tit. Like an undead is anything but dead.
PS ;-)
___
/local/share/clamav/local.ign2
> > BC.Exploit.CVE_2011_3412
>
> The entry is not complete. The correct one is:
>
> BC.Exploit.CVE_2011_3412.{CVE_2011_3412}
After applying your fix, correct?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.de
Is there an alternative way of submitting FP's?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +
* Török Edwin :
> On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote:
> > Is there an alternative way of submitting FP's?
> >
>
> Are you using this page?
> http://www.clamav.net/lang/en/sendvirus/submit-fp/
Yep.
--
Ralf Hildebrandt Chari
> I just tested and it worked fine for me.
>
> What's exactly the problem on your side?
I keep getting:
Under maintenance. Try again later.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin
* Török Edwin :
> On 04/19/2012 04:10 PM, Ralf Hildebrandt wrote:
> >
> >> I just tested and it worked fine for me.
> >>
> >> What's exactly the problem on your side?
> >
> > I keep getting:
> >
> > Under maintenance. Try again
GMT
X-Varnish: 216808379
Age: 0
X-Cache: MISS from proxy-cvk-1
Via: 1.1 varnish, 1.0 proxy-cvk-1 (squid/3.1.19-20120412-r10444)
Connection: close
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";
Maintenance
Under maintenance. Try again later.
Connection closed by fo
tion: close
... remained of page sent correctly ...
The FP submission page used to work for us uptill now. Hm.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30,
* Török Edwin :
> Can you try flushing your varnish cache, and trying again?
It's your varnish cache :) (we don't have any here)
I already restarted my squid servers, no change. It's very odd.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hild
* Ralf Hildebrandt :
> * Török Edwin :
>
> > Can you try flushing your varnish cache, and trying again?
>
> It's your varnish cache :) (we don't have any here)
>
> I already restarted my squid servers, no change. It's very odd.
Now I emptied my c
vice Unavailable.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +4
orking and unfortunately your admin is not willing to
check the logs to see whats being logged for my source IP.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm
software which
> receives the requests cannot pass them to the right server instance
> because your client has not told it which one it wants to talk to.
It's not a client issue. It depends on my source IP.
--
Ralf Hildebrandt Charite Universitätsmedizin B
ol: max-age=0
Connection: keep-alive
answer:
HTTP/1.1 503 Service Unavailable
Server: Varnish
Content-Type: text/html; charset=utf-8
Retry-After: 5
Content-Length: 284
Accept-Ranges: bytes
Date: Fri, 04 May 2012 10:29:21 GMT
X-Varnish: 221993613
Age: 0
Via: 1.1 varnish
Connection: close
--
Ral
own"
and a subsequent error page from varnish. Setting it to "delete", "on"
or "truncate" make the page http://cgi.clamav.net/sendfp.cgi work
again. Only "off" causes the page to fail.
--
Ralf Hildebrandt Charite Universitätsmedizi
0165).
>
> Anyone else seeing this?
Yes, I'm also seeing a lot of FP's for BC.Exploit.CVE_2012_0184
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgda
* Joel Esler :
> Please run Freshclam. This has already been cleared up.
Thanks for the heads up. Time to release stuff from the quarantine.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
h
* Don Drake <[EMAIL PROTECTED]>:
> I would, but I'm getting the following error in Bugzilla:
>
> You are not authorized to access bug #396.
I wonder why that is -- it's a stupid idea IMHO.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Char
until it worked :(
The download URLs for the mirrors are incorrect and for some reason it
pukes on the output of Debian's clamd --debug
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame E
27;ll take that script for a test.
I uploaded my adapted script here:
http://www.arschkrebs.de/postfix/UpdateSaneSecurity.sh
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von
r/lib/clamav//main.inc
(it has a trainling slash)
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962
IT-Zentrum
* Thomas Spuhler <[EMAIL PROTECTED]>:
> I wish Amavis would support clamd.
It does.
> It's in the amavis.conf file but it
> just doesn't use clamd but uses that backup clamscan and this is a
> disaster.
What's in the log? It uses clamd happily here...
* Chuck Swiger <[EMAIL PROTECTED]>:
> Amavisd-new supports clamdscan just fine.
Actually, it uses it's own code, which resembles clamdscan.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)
* Chuck Swiger <[EMAIL PROTECTED]>:
> On Jul 9, 2007, at 12:17 PM, Ralf Hildebrandt wrote:
> >> Amavisd-new supports clamdscan just fine.
> >
> > Actually, it uses it's own code, which resembles clamdscan.
>
> You're right-- perhaps I should have sa
ust configure clamd to run as the amavisd user?
Of course you can do that. But you do have to configure something
somewhere -- either clamd OR amavisd-new.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450
> WARNING: Local version: 0.90.2 Recommended version: 0.91.1
> DON'T PANIC! Read http://www.clamav.net/support/faq
^^
Read it, will you?
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsme
installed on exchange
> itself is picking up this virus:
>
> W32/Zhelatin.gen!eml
>
> It seems our ClamAV is not seeing it. We get a couple hundred of these a day
> and they're all the same virus.
>
> Any ideas?
False positive? By any means, submit it to the team.
* Ralf Hildebrandt <[EMAIL PROTECTED]>:
> False positive? By any means, submit it to the team.
http://www.clamav.net/sendvirus/
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/li
> ' followed by the address in question,
> i've tried a number of addresses manually but anything containing | has the
> same problem.
Please do show the logs.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin Berlin
ted.
0.90: 11.575.374
0.91: 13.026.634
0.92: 16.134.725
0.93: 20.247.322
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962
IT-Zen
* Dennis Peterson <[EMAIL PROTECTED]>:
> > My point was that it's ten times as big as it should be
>
> Which begs the question: How big should it be, and why is that size
> better than the one it is?
>
Size matters not!
--
Ralf Hildebrandt (i.A. des IT-Zentr
e.clamav.net 85.255.112.204:
>
> $ nslookup database.clamav.net 85.255.112.204
> Server: 85.255.112.204
> Address: 85.255.112.204#53
Why don't you ask your ISP?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berl
0 0 480 futex
0.000.00 0 1 restart_syscall
-- --- --- - - ----
100.000.103050 3803012 total
--
Ralf Hildebrandt Charite Universitätsmedizi
0.838784 952 881 fcntl
...
-- --- --- -
100.00 195.366582 47161 total
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de
* Karl Pielorz :
> This ends up with a lot of wedged mail processes (and we slowly run out of
> fd's as the process table fills up).
Same here on Ubuntu 16.04 with official patterns.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...
* Reindl Harald :
> sounds like an issue with the official signatures given that you are not the
> first reporter and that we don't use them and have no problems
Thought so. Must be a recent signature in daily.cvd.
--
Ralf Hildebrandt Charite Universitätsmed
548fe87bc9a454486cbe37d5c89b.tmp (deleted)
lrwx-- 1 root root 64 Jan 26 10:38 995 ->
/tmp/clamav-0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted)
...
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://
> Arguably if a bug in the signatures can lead to such massive problems
> then that is in itself a bug in the software, which might be (but
> apparently so far isn't) fixed in a later version.
Amen to that.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
* maxal :
> nobody of clamav/cisco reading this list?
It's 7:45AM on the east coast.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 1220
* lukn :
> As ClamAV/Thalos is owned by Cisco I assume all ClamAV employees are
> located in Silicon Valley area and therefore still enjoying a good
> Californian night's sleep.
Or maybe in Philadelphia.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
* Reindl Harald :
>
>
> Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt:
> > * maxal :
> > > nobody of clamav/cisco reading this list?
> >
> > It's 7:45AM on the east coast
>
> so what - i don't get how such updates slip through at all - i
* Joel Esler (jesler) :
> You're right. That's my fault. I'll correct that here in a second after I
> read through all the emails in my ClamAV folder.
OK, tomorrow then :)
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@cha
trying to parse the logfile?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
sig
mav/clamd.ctl
PONG
# echo RELOAD | socat - /var/run/clamav/clamd.ctl
RELOADING
# echo PING | socat - /var/run/clamav/clamd.ctl
# echo PING | socat - /var/run/clamav/clamd.ctl
PONG
Yeah!
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.de
* Philip :
> Has this been released yet by the major Distros? I'm using Debian 9 and
> can't get any higher than 0.99.x
Debian has 0.100:
https://packages.debian.org/buster/clamav
I used that source package to rebuild for my Ubuntu installaions.
--
Ralf Hildebrandt
* Paul Stead :
> Yet another Malwarepatrol FP:
>
> MBL_14437114 - https://drive.google.com
That's a recurring FP. Happens every week.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://
do anymore. Is it worth it to keep malwarepatrol?
I'm wondering this as well. That stuff pops up every other day.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgd
this is not a false
> positive.
>
> There is no reason to believe that the Google infrastructure doesn't
> host malware. In case you still don't want or can't block such domain,
> we advise you to whitelist it before applying our block lists."
Fucking idiots.
trol were to
> list the specific site where the malware was reportedly found, rather
> than condemning the entire sub-domain.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de
achments and
usually scans the whose mail "as is" and the text parts and
attachments sperately.
> As clam* can also do URL checks and stuff, also mails withouth attachments
> can be infected.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@ch
* Fajar A. Nugraha <[EMAIL PROTECTED]>:
> Which brings my earlier suggestion. Is there any way to put a
> built-in memory limiter (not external program like softlimit) to
> clamd?
Why add code to clamd when a good unix-like solution already exists?
--
Ralf Hildebrandt (i.A.
ory allocation error, but sleep.
It doesn't die, it's being killed by the kernel.
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0
* Jason Haar <[EMAIL PROTECTED]>:
> On Wed, Sep 15, 2004 at 09:58:41AM +0200, Ralf Hildebrandt wrote:
> > > Because current clamd implementation is not to "die" on
> > > memory allocation error, but sleep.
> >
> > It doesn't die, it's be
* Trog <[EMAIL PROTECTED]>:
> > Ok, THAT's bad - and should be fixed.
>
> If it were true it would be. Please point me at some code in clamd that
> does that.
That was not my claim, but the other person's.
--
Ralf Hildebrandt (i.A. des IT-Zentrum)
LogSyslog
PidFile /var/run/clamd.pid
DataDirectory /var/lib/clamav
LocalSocket /var/amavis/clamd
FixStaleSocket
MaxThreads 30
MaxDirectoryRecursion 15
User amavis
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
--
Ralf Hildebrandt (i.A. des IT-Zentrum
sending virus which indeed is a good result, but was
> unable to block test number 20,23,24 and 25,
How does your mail server interface with clamav?
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
mission denied
>
>
> The option in freshclam.conf has been disabled (default):
> #PidFile /var/run/freshclam.pid
The default value is being used: /var/run/freshclam.pid != /var/clamav/freshclam.pid !
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Unive
* Gerry Doris <[EMAIL PROTECTED]>:
> I have been unable to install the perl module Mail::ClamAV on either of my
> Fedora Core 2 boxes.
Why?
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-15
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> I'm setting up some email gateways for small businesses and was wondering
> what program the people on this list would use to combine clam and
> spamassassin for an email gateway.
What is simscan?
--
Ralf Hildebrandt
t; freshclam - which I'm happy to ignore until the other issue is dealt with.
>
> Am I right that the MS05-002 check is built into the clamscan executable
> (libclamav) an is not a true signature?
Same here, what is the fix?
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL
* Francis Stevens <[EMAIL PROTECTED]>:
> My "fix" was to go back to 0.81. Hopefully the ClamAV team will be able
> to suggest a better one
My point exactly.
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin Berlin
* Trog <[EMAIL PROTECTED]>:
> You can apply the enclosed patch if you want less stringent checking.
Is that in the CVS as well?
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
G
* Francis Stevens <[EMAIL PROTECTED]>:
> All the problem files I've had are Powerpoint and Word files. For the
> Powerpoint files it was a common background image.
Same here!
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universit
r. After make
> install I tried clamscan -r clamav-devel-latest. The scan ran for
> about 15 minutes and then segfaulted. Do you need me to send you any
> additional information RE: the configuration?
Same here, the thing suddenly crashes every now and then...
--
Ralf Hildebrandt (i
* Tomasz Kojm <[EMAIL PROTECTED]>:
> Such reports are useless to us. We need files to reproduce the problem
> or at least stack backtraces. Send them to [EMAIL PROTECTED]
First I need to find the core file...
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTEC
* Nigel Horne <[EMAIL PROTECTED]>:
> > Same here, the thing suddenly crashes every now and then...
>
> What version of zlib? What is the stacktrace from gdb? Have you sent me
> the errant message as requested? I haven't received it yet.
Like I said, I have yet to fi
* Ralf Hildebrandt <[EMAIL PROTECTED]>:
> * Nigel Horne <[EMAIL PROTECTED]>:
>
> > > Same here, the thing suddenly crashes every now and then...
> >
> > What version of zlib? What is the stacktrace from gdb? Have you sent me
> > the errant me
* Nigel Horne <[EMAIL PROTECTED]>:
> > I set ulimit -c accordingly and am waiting for the next crash...
>
> What version of zlib?
ii zlib1g 1.2.2-3 compression library - runtime
ii zlib1g-dev 1.2.2-3 compression library - dev
> > Can phishing be considered one kind of spam ?
> What is the universe in and where are God's parents?
42
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung
quot;complete" solution when it comes to virus scanning.
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962
IT-Zentrum Standort
* David Kandou <[EMAIL PROTECTED]>:
> Dear all,
> When I want to install clamav 0.85 (rpm version) i found that clamav need
> libcrypto.so.4 installed.
> Can anybody help me how to get libcrypto.so.4 ???
Install the OpenSSL libraries.
--
Ralf Hildebrandt (i.A. des IT-Zentru
em to 0 really disable the limits?
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF
* Shannon Scott <[EMAIL PROTECTED]>:
> Greetings,
> I have been using postfix for a while, and would like to integrate
> clamav for scanning email.
> What is the best and most simple way to achieve this?
amavisd-new
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL
r, recipient, client, etc).
Thus, clamav cannot work as a policy server, since the virus is in the
mail...
Do you by chance mean an smtpd_proxy_filter?
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-15
* Wilson Kwok <[EMAIL PROTECTED]>:
> Hi,
>
> Can Clamav auto scan the Linux system directory, and then after scan
> can send the results to email such as root, how can I do that ?
clamscan / | mailx -s Result root
--
Ralf Hildebrandt (i.A. des IT-Zentrums)
y something different. can someone inform me where i would
> edit the "from" in the email? Thanks in advance
Which program are you using to scan the mail? clamsmtpd? amavisd-new?
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin
> > field to say something different. can someone inform me where i would
> > edit the "from" in the email? Thanks in advance
>
> >Which program are you using to scan the mail? clamsmtpd? amavisd-new?
>
> Sorry about that, i am just using clamd as far as i know.
them)
Check if another clamav process is still running...
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962
1 - 100 of 142 matches
Mail list logo
