Latest from clamav-virusdb announcements:
"ClamAV database updated (28 May 2014 04-17 -0400): daily.cvd"
Yet freshclam says (with and without -no-dns)
# freshclam
ClamAV update process started at Wed May 28 09:33:52 2014
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builde
Oops, left off the latest version of patterns - 19041, allegedly, yet we're
stuck on 19037.
Cheers,
Phil
-Original Message-
From: clamav-users-boun...@lists.clamav.net
[mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Randal, Phil
Sent: 28 May 2014 09:35
To: Clamav-
On the subject of 0.94.x's end-of-life, will the ClamAV developers
please work with the folks at VirusTotal to ensure that VirusTotal runs
ClamAV 0.95.x.
It is still on 0.94.x.
Cheers,
Phil
P.S. This has come up on the list before, but was never resolved.
--
Phil Randal | Networks Engineer
N
Check out Julian Field's ScamNailer:
http://www.scamnailer.info/
"18/10/2009 - New "scamnailer.ndb" ClamAV signature database is now
available from http://www.mailscanner.eu/scamnailer.ndb. This is updated
very frequently. Do not download it more than once per hour!"
Cheers,
Phil
--
Phil Randa
That looks like the same issue we've got wth clamd 0.96 and MailScanner:
http://thread.gmane.org/gmane.mail.virus.mailscanner/74234
Cheers,
Phil
--
Phil Randal | Networks Engineer
NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office |
I.C.T. Services Division
Thorn Of
Francis Stevens wrote:
> Chris wrote:
>> I've misplaced the original post I made so I can't reply to it,
>> however I'd like to make a note for the archives what the problem is
>> and to thank Steve Basford and Edwin for the their help in finding
>> it. Seems like I had both a main.cvd and main.cld
Hi folks,
Anyone else having problems updating patterns?
The clamav-virusdb mailing list says:
"ClamAV database updated (07 Jul 2010 05-56 -0400): daily.cvd
Version: 11333"
Yet clamav.net, DNS, and the mirrors say we're still at 11330.
Not good!
Phil
--
Phil Randal | Netw
copies of it.
-Original Message-
From: clamav-users-boun...@lists.clamav.net
[mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Randal, Phil
Sent: 07 July 2010 11:11
To: clamav-users@lists.clamav.net
Subject: [Clamav-users] Mirrors not being updated
Hi folks,
Anyone el
There are packages in the rpmforge (aka repoforge) yum repository.
Cheers,
Phil
--
Phil Randal
Infrastructure Engineer
Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT
Tel: 01432 260415 | Email: phil.ran...@hoopleltd.co.uk
-Original Message-
From: clamav-users-boun...@lists.clamav.ne
>Does clamav have any certificate of any labs like www.icsalabs.com?
And how does that make it a better product, exactly?
Phil
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
[EMAIL PROTECTED] wrote:
> Michael Heiming wrote:
>> René Berber wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>>
>>> Michael Heiming wrote:
>>>
Tests show pretty bad performance with 0.90.2 and clamscan. Running
Mailscanner it seems not trivial to switch to clamd,
>>>
Conrad Zane Minnaar wrote:
> Le mercredi 27 juin 2007 15:09, Schramm e.K. [ Deutschland ] a écrit :
> > Dear clamav-users-list,
> >
> > like the subject sounds have i some problems
> > with clamav.
>
> > Known bug. Already corrected in version 0.91 rc2.
>
> I don't know if it is really fixed. I
You need to have gmp and gmp-devel installed to get digital signature
support IIRC.
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Richard Collyer
> Sent: 03 Au
Do you give risk assessments of each and every "virus" caught, then?
That would be a complete waste of time.
But, just to let you know the risks we're talking about here:
eCard stuff: emails containing either a link to a website pushing
Trojans onto the PCs of those stupid enough to visit; or a
[EMAIL PROTECTED] wrote:
> There is an article on eWeek.com today concerning "instability" in AV
> software due to the impossibility of adequately testing updates when
> releasing them as quickly as they are needed
> (www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLINF010208STR3).
>
Just to
I wrote earlier that
> clamscan --version behaves differently in 0.92.1 to 0.92
>
> # clamscan --version
> ClamAV 0.92.1
>
> # clamscan --version
> ClamAV 0.92/5785/Tue Feb 12 10:41:10 2008
It looks like the checkin to fix bug 699
(https://wwws.clamav.net/bugzilla/show_bug.cgi?id=699) has broke
clamscan --version behaves differently in 0.92.1 to 0.92
# clamscan --version
ClamAV 0.92.1
# clamscan --version
ClamAV 0.92/5785/Tue Feb 12 10:41:10 2008
Can we have the old behaviour back please?
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
___
Last pattern posted to clamav-virusdb was:
ClamAV database updated (10 Jun 2008 14-18 +): daily.cvd
Version: 7421
Yet the DNS, clamav homepage, and mirrors still say 7417.
What gives?
Cheers,
Phil
--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK
___
This is what I have in my milter-greylist's greylist.conf.
The google entries are accurate as of a week or so ago, taken from their
SPF record.
list "broken mta" addr { \
12.5.136.141/32\ # Southwest Airlines (unique sender)
12.5.136.142/32\ # Southwest Airlines
[EMAIL PROTECTED] wrote:
> Hi,
>
>
>
> For a couple of days now, I have some performance issues with clamav.
> I use clamav on my email server to scan incoming traffic. I faced the
> problem yesterday with the "Trojan.Agent-49425" before clamav was
> considering it as a virus. The scanning time
Steve Basford wrote:
>> For details of the new features please refer to the Changelog. For an
>> overview please refer to
>> http://www.clamav.net/press/0.94.1-WhatsNew.pdf.
>>
>
> Nigel, does the stats sent... only send information regarding ClamAV
> default signatures (when detected)... or doe
Tomasz Kojm wrote:
> On Thu, 16 Oct 2008 13:43:12 +0100
> "Randal, Phil" <[EMAIL PROTECTED]> wrote:
>
>> I haven't had the time to check the source code.
>>
>> How does it send it? What protocol and port, to which servers?
>>
>> Any
Nigel Horne wrote:
> McDonald, Dan wrote:
>
>> how about:
>> Daily CVD 8721 (sigs: 32788, new: 1) at 04 Dec 2008 13-26 +
>
> Thank you for your suggestion. It's a great idea so we've made the
> change!
>
> -Nigel
And now you've sorted out twittering, how about fixing the
clamav-virusdb mai
A quick nudge of the ClamAV team.
Christoph Cordes announced update 8996 at 16:51GMT (or thereabouts), but
there's no sign of it on mirrors...
Cheers,
Phil
--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
Services Division
Thorn Office Centre,
No 8996, 8997, 0r 8998
clamav tweeted "Daily CVD 8998 (sigs: 13223; new: 15) on 16 Feb 2009
22-40 -0500" but no sign.
No message on web page, no tweet explaining difficulties, or anything.
Arrrggghhh...
Phil
--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Of
Luca Gibelli wrote:
> Hello Randal,
>
>> A quick nudge of the ClamAV team.
>>
>> Christoph Cordes announced update 8996 at 16:51GMT (or thereabouts),
>> but there's no sign of it on mirrors...
>
> we have experienced some connectivity problems between the server
> where the CVD are created and t
Just a heads up.
DNS is still reporting 9002, which seems to be the latest on mirrors,
yet 9005 has been announced.
Cheers,
Phil
--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6J
ender immediately and destroy all copies of it.
-Original Message-
From: clamav-users-boun...@lists.clamav.net
[mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Randal, Phil
Sent: 18 February 2009 17:31
To: ClamAV users ML
Subject: [Clamav-users] Once again,daily updates being announce
Francesco Peeters wrote:
> Seeing this list is clearly an OPT-IN affair, those rules are mostly
> irrelevant, and - as stated - the required info *is* provided...
>
> Having said that, I do think it would be a good idea to expose the
> unsubscribe link in the footer, even though nobody will read
aCaB wrote:
> Charles Gregory wrote:
>> Oh, and FTR, I could not find a "change log" or "version notes" on
>> the main clamav website, or I could have answered this question
>> myself A link in the left-side menu would be nice. :)
>
> It's not that hard...
> http://svn.clamav.net/svn/clamav-de
ClamAV was picking up the original version here 6 hours before McAfee had
their 4319 DATs out, and detected the "B" variant here yesterday at least 4
hours before McAfee's 4320 DATs were released.
You guys deserve medals.
A big heartfelt thank you to all the ClamAV team (and virus submitters).
P
ClamAV's just detected Worm.Mimail.R here.
McAfee calls it Mimail.s - http://vil.nai.com/vil/content/v_100989.htm
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
---
I think you'll find it was one of the first to detect it.
ClamAV calls it Worm.SCO.A, and it has caught hundred of the critters here.
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From:
MailScanner (from http://www.mailscanner.info).
See also http://www.sng.ecs.soton.ac.uk/mailscanner/install/zmailer.shtml
for how to use it with ZMailer.
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original
http://www.win-rar.com/index.php?lang=&aid=knowl&kb_category_id=&kb_article_
id=67&kb=
And the license.txt reads:
*** ** unRAR - free utility for RAR archives
** ** ** ** ** ** ~
** *** **License for use and di
It is also known as W32/[EMAIL PROTECTED] (McAfee) Alua (symantec)
http://vil.nai.com/vil/content/v_101030.htm
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EM
What McAfee detects as Netsky and Netsky.b are both detected by ClamAV as
Worm.SomeFool.
It's starting to flood in here.
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [
Would you rather have a prompt and timely detection of new viruses or wait
for a committee to decide a common name?
Your call.
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL
MailScanner users need to upgrade to MailScanner 4.28.4 (just out), which
can block password-protected .zip files.
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
Tomasz Papszun wrote:
> Detecting that a zip file is encrypted and rejecting it
> (available only
> since a very recent CVS version) isn't a good solution either as a
> submitter can have a valid reason to encrypt some sample
> intentionally.
At least one antivirus company requires you to submi
Doug Hardie erote:
> The problem I encountered has now been identified and I have
> a working
> clamd that does not hang. I compiled it two different ways and both
> worked. The problem was /dev/urandom returning either a -1 or a 0.
> Either of those will cause others.c to hang as it does
Jeffrey Moskot wrote:
> Based on what this article says, it looks like there will
> soon be problems
> with my config:
> http://www.sophos.com/virusinfo/articles/bagletwist.html
>
> I wasn't able to get my version of amavis properly patched to
> submit the
> body of the message to clam (or at
Don't call us, we'll call you.
Marketing emails are spam unless explicitly requested.
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> I do still have the old style signatures located in
> /usr/share/clamav from clam-0.65. Tomasz mentioned
> in an earlier post that this could be the problem.
> I am wondering if I should change the freshclam.conf
> database line from /var/lib/clamav to /usr/share/clamav?
>
> It seems to me t
Graham Murray wrote:
> So maybe, as with celestial objects, there should be
> agreement that the first AV 'vendor' to publish a detection
> for a virus should be given the honour of naming it and the
> other vendors adopt the same name rather than inventing their
> own (and potentially causing
T. Suter wrote:
> Because when I entered "freshclam" before, it used to update
> in 10 seconds. Now I can wait for hours when I enter
> "freshclam" manually and still nothing.
Check that your firewall is allowing TCP port 53 access to DNS servers.
Database.clamav.net returns records which are
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gervase
> Sent: 03 June 2004 14:24
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] Re: Freshclam not responding
>
> On Wed, 2004-06-02 at 15:49, Ron Snyder wrote:
>
> > if you do a 'dig database
Last update details on clamav-virusdb is 349 (June 10th), current version is
354.
Are the individual update summaries available elsewhere?
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
---
This SF.Net email is spo
Daniel J McDonald wrote:
> That's one of the things that seems to be driving the size of
> daily.cvd up - updating main.cvd entails a massive
> distribution of files to the world.
Current main.cvd = 1103636 bytes, last updated on July 8
Current daily.cvd = 156470 bytes
A bit of mental arithmeti
[EMAIL PROTECTED] wrote:
> Everyone,
>
> For the last 2 days I have been getting:
>
> ERROR: Verification: Broken or not a CVD file
>
> when freshclam tries to download an updated file.
>
> I am getting this message on both of our servers. Any ideas?
>
> Greg Ennis
Which version of ClamAV ar
Submit it to the clamav team (link on www.clamav.net).
It is probably Mydoom.u (McAfee).
http://vil.nai.com/vil/content/v_128346.htm
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] O
[EMAIL PROTECTED] wrote:
> Hello.
>
> I have message with Win32.HLLM.MyDoom.43520 (DrWeb's name).
> ClamAV can't found virus in it (ClamAV 0.75.1/clamav-milter).
> ClamAV online scanner can't found virus too. But I can't send
> example via http://clamav.catt.com/cgi-bin/sendvirus.cgi It's say:
>
Steffen wrote:
> Hi
>
>> Why? Since all you achieve with rejects is indirectly
> causing a lot of
> "virus bounces" to appear at innocent bystanders.
>
> NO.
> Virii are usually send directly from the virus and the virus
> will not send bounces... :D However, if a virus can send
> through an SMTP
David Thompson wrote:
> I would like to download clamav. however using adblock in
> mozilla stops the ability to download.
I'm using AdBlock here without problems.
It looks like you have some erroneous or over-zealous AdBlock rules.
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire
[EMAIL PROTECTED] wrote:
> Hi everyone
>
> I'm running 8.0 rc3 on a Fedora 2 linux box.
>
> I'm trying to compile Mail-Clamav 0.11 and I've the following error:
>
> ClamAV.xs: In function `clamav_perl_constant':
> ClamAV.xs:282: error: `CL_SCAN_ENCRYPTED' undeclared (first
> use in this
> functi
Alessandro Bianchi wrote:
>>
>> I've reopened the bug I filed against Mail::ClamAV for this issue:
>>
>> http://rt.cpan.org/NoAuth/Bug.html?id=7320
>>
>> The workaround is to uninstall 0.80rc, install 0.75, build
>> Mail::ClamAV, uninstall 0.75, reinstall 0.80rc.
>
> Thank you Phil
>
> Alex
Michiel van Es wrote:
> Hi,
> why is Clamav checking my zlib version and stopping the installer
> (./configure) ? I mean...I use a patched zlib version straight from my
> Distro..and am not using the newest bleeding edge zlib
> version (which is being checked in the ./configure script?) I
> would
[EMAIL PROTECTED] wrote:
> Trog wrote:
>> It is detected by Clam as Trojan.Downloader.Small-165, which was
>> added on 8th Nov 2004 by Christoph.
>>
> Wow, that was some time ago, and TrendNet is only just now
> putting out an update! That's scarry!
>
> Thanks Trog
>
> --
> Craig Daters ([EMAIL
[EMAIL PROTECTED] wrote:
>> Craig Daters
>> Wow, that was some time ago, and TrendNet is only just now putting
>> out an update! That's scarry!
>>
>> Thanks Trog
>
> What concerns me (if it is true that ClamAV has detected this
> specific variant since November) is that ClamAV is not
> performin
Look at the thread on
http://news.gmane.org/gmane.comp.security.virus.clamav.user entitled
"RAR Module Failure". ClamAV supports RAR 2 and not RAR 3 format
archives.
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL
Francis Stevens wrote:
> I'm seeing several false positives for Exploit.W32.MS05-002
> since I upgraded to 0.82 yesterday. I've posted samples to
> the submission website but would like to do something about
> this. Using "sigtool -l"
> doesn't list Exploit.W32.MS05-002 as a signature in the
[EMAIL PROTECTED] wrote:
> On Wed, 2005-05-04 at 16:24 +0100, Nigel Horne wrote:
>> On Wednesday 04 May 2005 16:16, [EMAIL PROTECTED] wrote:
>>> Man that never gets old. hahahaha not funny.
>>>
>>> I have no control over this warning.
>>
>> Yes you do. Use a hotmail/yahoo/gmail account.
>
>
It's easy to block.
Check the handler's Diary at http://isc.sans.org/ and follow the links.
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Bart Silverstrim
>
[EMAIL PROTECTED] wrote:
> Hello,
>
> I'm running clamav (currently version 0.85) on two separate
> servers and my home notebook and recently noticed odd
> behavior when running freshclam.
> While on one server and my notebook it always both displays
> to the console and logs information about bot
Douglas Ward asked:
> Do you by chance know of any resources that I could look at
> that would outline how to plug the two together? Thanks!
Have a look at MailScanner (http://www.mailscanner.info).
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
___
David Kandou wrote:
> Dear all,
> When I want to install clamav 0.85 (rpm version) i found that
> clamav need libcrypto.so.4 installed.
> Can anybody help me how to get libcrypto.so.4 ???
>
> Regards,
> David Kandou
That's an OpenSSL library (see
http://www.rpmfind.net/linux/rpm2html/search.php
Pedro Silva asked:
> Dear members,
>
> During the last hours I have received several email
> containing the W32/Mytob-Fam (Sophos name), which were not
> caught by Clam.
>
> Can someone tell me why Clam is not detecting this virus?
No idea, but you should submit samples to:
http://cgi.clam
Pablo Chamorro C. said
>
> I installed clamwin under windows 2000 and it found a file
> infected with Trojan.Briss-1 but looking up in
> http://www.rainingfrogs.co.uk/index.orig.php?search=num&vid=97961
> I'm noting that only clamav detect that virus.
>
> How can we know that virus is really a v
Pablo Chamorro C. wrote:
> > Try submitting the infected file to http://virusscan.jotti.org and
> > http://www.virustotal.com and see if any of their scanners
> detect it.
>
> Thank for all the answers, I found that only clamav on July
> 12th included that signature, but now, where can I find
[EMAIL PROTECTED] asked:
> Subject: [Clamav-users] Clam AV on windows with the cygwin
> environment installed
>
> Is this possible? Are there any pitfalls in doing this?
Yes, take a look at http://www.clamwin.com/. It's not a realtime
scanner, just an on-demand one.
Cheers,
Phil
Phil Ra
Both caught by Bitdefender as [EMAIL PROTECTED]
ClamAV daily update 1085 catches one of them as Worm.Bagle.BO (McAfee
also picks it up as generic malware) but not the later one.
I've submitted samples of both to clamav.net, virusscan.jotti.org,
virustotal.com, malwareupload.com, and webimmune.net
I wrote:
> Both caught by Bitdefender as [EMAIL PROTECTED]
>
> ClamAV daily update 1085 catches one of them as Worm.Bagle.BO
> (McAfee also picks it up as generic malware) but not the later one.
>
> I've submitted samples of both to clamav.net,
> virusscan.jotti.org, virustotal.com, malwareuploa
We've received over two dozen copies of a new Bagle / Mytob variant in
the last few hours.
Various subjects, attached files
Re: DocumentDetails.exe
Re: Hello Information.exe
Re: Details.exe
Encrypted document MoreInfo.exe
Protecte
Maurizio Marini said:
> Hi there
> i have received a mail with an attachment:
> Secret.zip
> inside it there is a file
>
> Filename 9.src
> Size 75,776
> Size now 43721
>
>
> is this a virus/worm/malware?
>
>
> the mail server report this freshclam output:
> mailgw1:/etc/postfix# freshclam
>
> > But you do not know the sender. You only know an address that the
> > virus presents as the sender address. And you trust the virus...
>
> Ok, i see you must have experience. Are there really so many
> virussender who specify a fake REAL EXIST mail address?
>
> Michael Neurohr
Many viruses
Dennis Peterson said:
> Regardless, anything you need to know about the message can
> be found in the logs. I've never seen a need to keep a virus
> around - even in the postmaster account or quarantine directory.
I have. It's very useful when a new virus variant arrives and is
detected by onl
Dennis Peterson said:
> I guess I don't understand the need to submit a detected and
> quarantined virus to anti-virus vendors.
It's called being socially responsible.
Just because ClamAV (or Bitdefender or McAfee or whatever) detected it
doesn't mean that everybody else does or have even seen
Jay Lee wrote:
> >>I've already submitted a sample to the website, any hope of getting
> >>this blocked soon?
> > Did you submit it to the online testing web page to see if
> that system
> > handles it differently from yours?
>
> I have now yes, I tried sending the raw email message, the
> at
> I have the latest version of ClamAV and the signature files
> installed, however it fails to detect the Win32.Blackmail.F virus.
>
> My mail is delivered to a FreeBSD server that I run. One of
> the machines on the network is a WinXP machine running
> ZoneAlarm Suite. When this Windows machin
Jason Haar wrote:
> I've been watching CME (Common Malware Enumerator) starting
> to take off over the past few weeks, and I've noticed CME
> entries and their corresponding names used by antivirus vendors.
>
> ...and ClamAV ain't in there from what I've seen...
>
> Is there no interest in sup
Don't know when this started happening, but ClamAV is misidentifying the
Zafi worm as Trojan.Downloader.Small-1004.
>From a MailScanner notification:
Sender: [EMAIL PROTECTED] IP Address: 85.98.131.226
Recipient: [EMAIL PROTECTED] (changed to protect the innocent)
Subject: Fw: Merry Chri
It's always worth submitting samples to http://www.virustotal.com and
http://virusscan.jotti.org as well.
They forward to the ClamAV team and other antivirus vendors.
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL
I'd keep well clear of this until PSCM is updated to use MailScanner
4.53.8.
4.53.6 had a major bug in the phishing detection code which could cause
MailScanner to loop.
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EM
Robert Isaac wrote:
> 4.53.7 is the latest version, it came out a few days after 4.53.6
Check http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml for
yourself if you don't believe me!
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
__
Fernando Azevedo asked:
> I'm running a pretty stable server with clamav 0.88.2 on top of qmail
> with simscan. I'm checking all messages (incoming and
> outgoing) and I'd
> like to append a small footnote with a disclaimer and also with some
> (free) advertisement stating that the message has go
Pat Masterson wrote:
> I just installed clamav-0.88.2 on a solaris 9 system. when running
> freshclam I get this:
>
> [EMAIL PROTECTED] [170]: /usr/local/bin/freshclam --datadir=/home/clamav -v
> Current working dir is /home/clamav
> Max retries == 3
> ClamAV update process started at Fri Jun 16
> Dear all,
> 1) I am going to use the anti-virus in a closed network, and
> connection to
> the Internet is not possible. How can ClamAV be updated
> manully without
> accessing the Internet? Can "freshclam" be deactivated? And
> will there be
> any effect on the signature update if "freshclam"
Diego Lorenzo - OJC said
> Hello, folks!
>
> I´m needing to mark all incoming and outgoing e-mails with a
> virus scanned message, kindda "This e-mail was scanned by
> Clamav (or Amavis)", something like that. Is there any flag I
> can set it? It is really in Clamav configuration file I can do
Daniel Hertanu wrote:
> Yesterday I received 3 emails in which the local antivirus (AVG for
> Windows, Free edition) has detected a virus named
> I-Worm/Generic.RX. The email server is a sendmail with
> clamav-milter. Having a look into the log
> file I discovered that clamav-milter declared th
I'd recommend pmwiki.
Phil
___
http://lurker.clamav.net/list/clamav-users.html
There were two or three variants of that Trojan (not strictly a virus)
spammed out on the 18th, with one or more variants pushed out a day
later (sample submitted, still waiting for the updated patterns for
that).
Trojan-downloader.647 was one of the variants.
If you keep your eye on whatever vir
Not detected here either, nor by ClamAV at http://virusscan.jotti.org
Scan taken on 23 Jan 2007 14:57:25 (GMT)
AntiVir Found nothing
ArcaVir Found Trojan.Door.Mirc-based
Avast Found Win32:Trojan-gen. {VC}
AVG Antivirus Found HideExec.G, IRC/BackDoor.Flood
BitDefender Found Troja
Galactic wrote:
> Seems it is already in the DB as something else,
> Trojan.Downloader-6xx.
> Norton was stripping the file from my email so I couldn't
> read the headers
> on it. Not sure why it was slipping past ClamAV however. When
> I tried to
> upload these 3 files postcard.exe, Full Clip.exe
Christopher X. Candreva wrote
> I've been running 0.90rc2 here for a few months. IMHO it is
> more stable than
> the 0.88.x I was running previously.
>
> Just yeaterday I received a Bugzilla note from one I had
> submitted that it
> was fixed in 0.90rc3. I am taking that to mean we will see r
94 matches
Mail list logo
