alled from same directory, etc Are they perhaps
contacting different db servers?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
On 2007-08-10 12:42, Roberto Ullfig wrote:
> The number of virus we are detecting went down drastically at around
> 3:30 pm yesterday. Anything going on?
>
>
>
>
Actually, what we see is that nearly all viruses of the form:
Email.Phishing.RB-12...
stopped being detected
On 2007-08-10 17:00, Roberto Ullfig wrote:
> On 2007-08-10 12:42, Roberto Ullfig wrote:
> > The number of virus we are detecting went down drastically at around
> > 3:30 pm yesterday. Anything going on?
> >
> >
> >
> >
>
> Actually, what
The number of virus we are detecting went down drastically at around
3:30 pm yesterday. Anything going on?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net
On 2007-08-10 18:51, Roberto Ullfig wrote:
> On 2007-08-10 17:00, Roberto Ullfig wrote:
> > On 2007-08-10 12:42, Roberto Ullfig wrote:
> > > The number of virus we are detecting went down drastically at around
> > > 3:30 pm yesterday. Anything going on?
> > >
Sven Strickroth wrote:
> Am 10.08.2007 19:00 schrieb Roberto Ullfig:
>
>> On 2007-08-10 12:42, Roberto Ullfig wrote:
>> Actually, what we see is that nearly all viruses of the form:
>>
>> Email.Phishing.RB-12...
>>
>> stopped being detected on Au
I had to disable PDF scanning on our servers. We were receiving 9 MB PDF
files and clamd started consuming 100% CPU and not completing the scan.
Anyone else have issues with PDF scanning?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a
Dennis Peterson wrote:
> Roberto Ullfig wrote:
>
>> I had to disable PDF scanning on our servers. We were receiving 9 MB PDF
>> files and clamd started consuming 100% CPU and not completing the scan.
>> Anyone else have issues with PDF scanning?
>>
>&g
We restart sendmail/clamd every morning. This morning this restart
failed on several servers. The startup hung when clamd was trying to
startup. I deleted everything in /var/lib/clamav (database files) and
everything started up just fine.
--
Roberto Ullfig - [EMAIL PROTECTED
Rob MacGregor wrote:
> On 9/19/07, Roberto Ullfig <[EMAIL PROTECTED]> wrote:
>
>> We restart sendmail/clamd every morning. This morning this restart
>> failed on several servers. The startup hung when clamd was trying to
>> startup. I deleted everything in /var/l
Roberto Ullfig wrote:
> Rob MacGregor wrote:
>
>> On 9/19/07, Roberto Ullfig <[EMAIL PROTECTED]> wrote:
>>
>>
>>> We restart sendmail/clamd every morning. This morning this restart
>>> failed on several servers. The startup hung when clamd
00% when PDF scanning (new feature
introduced recently) large files. We've disabled PDF scanning for now.
We will need to put in our own check to prevent PDF scanning of files
over a certain size.
--
Roberto Ullfig - [EMAIL PROTECTED]
_
ompressed data--format violated
clamd would fail to start because of the bad data.
Quick fix is to delete all files in /var/lib/clamav and restart clamd
and reload all databases, etc...
If you're using scamp.sh to download sanesecurity sigs, modify it to
test for the return code of gunzip.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
SIGNATURE-
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHh3gWkNLDmnu1kSkRAvImAJ9d+4QxiQkBp2MebMN18JLfJCSzlwCfWN3v
> JuRHZcyn4MsxgpQmhVoOwgs=
> =4o5C
> -END PGP SIGNATURE-
>
>
I have the same
the author of the one you are using and inform him of the problem.
>
>
>
I installed the latest script but it looks like behavior may have
changed. When I ran the script, the sigs were downloaded fine but they
weren't detected by clamav un
We've recently been getting these messages in mimedefang:
Clamd returned error: Files number limit exceeded
What would the problem be? Thanks!
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit
Roberto Ullfig wrote:
> Török Edwin wrote:
>
>> Roberto Ullfig wrote:
>>
>>
>>> This won't work for us. This creates a usr hierarchy starting under DESTDIR.
>>>
>>> The installation needs to go into directories like this:
>>&
Török Edwin wrote:
> Roberto Ullfig wrote:
>
>> This won't work for us. This creates a usr hierarchy starting under DESTDIR.
>>
>> The installation needs to go into directories like this:
>>
>> /mnt/aaa/bbb/local/ccc/ddd/bin
>> /mnt/aaa/bbb/local/
r one installation to complete before starting the next one.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
to a
directory not ending in /usr/local/lib
Is there a way to get around this restriction?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Török Edwin wrote:
> Roberto Ullfig wrote:
>
>> We use a binary repository in blah/local/blah. In the past I would set
>> prefix and install to this location. This is no longer possible with
>> 0.92.1 (maybe 0.92 also).
>>
>> export prefi
in such a situation - though of course it would do nothing. This
becomes relevant when the server you're working on is not connected to
the network (can't access the sig files), with newly built servers,
servers that are rebooted, etc...
--
Roberto Ullfi
t; very soon, and all users are advised to update to this release with
> immediate effect.
> 0.93RC1 does not include the fix.
>
> Regards,
>
By disabling the module do you mean to say that 0.92.1 is not
vulnerable? Why does CERT say otherwise?
-
27;
>
>> collect2: ld returned 1 exit status
>> make[2]: *** [freshclam] Error 1
>> make[2]: Leaving directory `/root/clamav-0.93/freshclam'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory `/root/clamav-0.93'
>> make: ***
Roberto Ullfig wrote:
> Joey McKnight wrote:
>
>> here is what nm -D /usr/lib/libz.so|grep gz displayed:
>>
>> 00d674c0 T gzclearerr
>> 00d67320 T gzclose
>> 00d66380 T gzdopen
>> 00d67240 T gzeof
>> 00d67390 T gzerror
>> 00d66ec0 T gzflush
John Rudd wrote:
> Nigel Horne wrote:
>
>> Roberto Ullfig wrote:
>>
>>> Nigel Horne wrote:
>>>
>>>> A vulnerability was identified by Secunia in 0.92.1 relating to the
>>>> PE module.
>>>> We immediate
x 1 root root13 Apr 15 08:38 /usr/local/lib/libz.so.1 ->
libz.so.1.2.3
-rwxr-xr-x 1 root root 75778 Apr 15 08:22 /usr/local/lib/libz.so.1.2.3
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
on of /usr/local/lib/libz.a
>> and got the same error. In /usr/lib we have the old rhel 4 version (I
>> don't think that matters for this issue). I added the shared version of
>> v1.2.3 (run configure -s if you have zlib source) to /usr/local/lib and
>> all
I've been reviewing our clamav configuration and noticed that we have:
PhishingScanURLs no
while the default in 0.93.1 is yes
What exactly does this test do? How many of you have it turned on and off?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
o not report stability problems to
the ClamAV developers!
[EMAIL PROTECTED] lib]# /usr/local/bin/bzip2 --help
bzip2, a block-sorting file compressor. Version 1.0.5, 10-Dec-2007.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive C
Török Edwin wrote:
> On 2008-09-02 22:49, Roberto Ullfig wrote:
>
>> Running redhat and have installed bzip2 1.0.5 in /usr/local/. How can I
>> tell clamav's Configure to look in /usr/local/ just for bzip2?
>>
>
> Try this:
> ./configure -
L/usr/local/lib -lbz2
#
Also, there is no problem when linking with the redhat libs in /usr/lib:
# gcc -o conftest -g -O2 -lz -lbz2 test.c
#
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin wrote:
> Hi,
>
> There is a patch for the bzip2 problem here:
> https://wwws.clamav.net/bugzilla/attachment.cgi?id=801
>
> Please let me know if it works.
>
> Best regards,
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit ht
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
redhat didn't patch it. Their latest version appears to be from 2005 -
per the date on the file.
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
ted, I guess, resulting in a fixed
> bzip2 for the RHEL series (or is this wishful thinking?).
>
>
>
Rhetorical question: Why does it have to be a _security_ bug in order
for redhat to fix it?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
ment suffixes to .txt but this causes some problems with some
applications. We'd like to rename the attachments with another suffix,
one that will never be used for an application (present or future). Does
anyone know if a standard suffix has been created for just this purpose?
--
Roberto
36 matches
Mail list logo
