I've noticed that occasionally clamav-milter (from my perspective) misses
some viruses, although subsequently decoding (base64) the file and then
running clamscan on the .zip does successfully find the virus. My
understanding of the clamav package is that clamav-milter passes the
information to cla
> On Fri, 05 Mar 2004 at 10:57:12 -0800, Dominic Mazzoni wrote:
> > I'm also having the problem that Ron Snyder reported yesterday,
>
> Ron's problem regarded milter if I saw correctly, so it may
> be something
> diferent. Anyway...
I thought it was milter relate
Just want to pipe in with another opinion/question-- have there been more A
records added for database.clamav.net recently? Freshclam had been working
just fine for me for several weeks just started reporting the same problems
that Seve reported. When I started debugging the problem (using dig) I p
> I have a different issue: ALL the tests from testvirus.org
> are detected, but my virus log is very slow: I am talking
> about 1-2 catches per day. Does that mean, that my clamav is
> not working, or I am in an extremely "safe" area of Internet(-:)?
>
> I wonder, what others' virus logs look
Jo Mills wrote:
> packets for DNS sometime on Monday afternoon. I'll sort out
> some DNS servers
> from our ISP and (yet again!) work around the IT
> guys. (Trog helped
As an IT guy myself, I'd like to respectfully suggest that you let your IT
team know that you've noticed a change in
Dns answers have been too big for udp packets, so query gets redone as tcp.
Some firewalls (or fw admins) block tcp dns requests. (Although I would have
expected to see a "server failed" type of message rather than "non-existent
host".) Something to investigate, anyway.
> -Original Message-
Here are two different captures of what the thing looks like (including the
'=' at the end of the line). These are appended to "normal" spammy looking
emails. (I've replaced 'object data' with 'x' so that it doesn't hit
virus filters.)
which decode to (respectively)
http://&#=
119;ww.f
I've been getting some persistent emails that I thought were just spams, but
out of curiosity I decided to wget some of the links from the spam. After a
redirect or two, this is the html that was retrieved:
http://www.linemovie.com/line/user2/msxml20.cab#version=1,0,0,1";
VIEWASTEXT width=0 height
> I've found a few bits of spy/adware that everything missed.
> You can download
> a trial at www.norman.com .
>
> I should say that I don't have any connection with this
> company except as a
> end user.
>
> Below is a example of what it reports.
>
> Cheers,
> Patrick
>
> ALARM:
> Virus infe
> Sorry for the confusion. Sandbox is part of Norman's AV
> product, and not a
> separate product.
Ah, OK. I'll take a look at that then.
> Also I never scanned the cab file yesterday I just posted a
> report from a
> earlier infection I had. I did this just to illustrate the
> type of info y
> Following my own question of Tue, 2004-06-01 at 15:05, in
> which I wrote:
> > I have been using Clamav 0.70 without problem for some time
> but without
> > warning freshclam recently stopped responding. No error
> message except
> > the usual notification that I had no digital signature,
>
> > To narrow down the problem further (and eliminate either
> dns or clamav), try
> > doing the dns query from wherever freshclam is running.
>
> I tried disabling my firewall with no effect.
>
> "host database.clamav.net" attracted:
> "truncated, retrying in TCP mode,
> timed out -no servers c
> Does this tell you anything more? Others have said that my
> firewall is
> blocking port 53, but the problem persists when I turn the firewall
> off. This is strange since SuSE ship Clamav with the OS. Perhaps I
> should take it up with them.
Who controls the nameserver is listed in your /et
> > Who controls the nameserver is listed in your
> /etc/resolv.conf? Do you
> > control it, or does it belong to your ISP? It's certainly
> possible that the
> > nameserver isn't configured to allow tcp queries (or responses).
> Sorry, how do I check that? My name servers as listed are
> 212.
> Yep that was it. So I need to stop freshclam and clamd before
> logrotate
> and start them after logrotate? What a bore!
Or log to syslog instead of directly to a file?
-ron
---
This SF.Net email is sponsored by: GNOME Foundation
Hackers U
> > Ran into this one myself today..
> >
> > cd SENDMAILSRC/libmilter
> > ./Build
> > make install
> >
> > then run make on clamav
> >
> > James
>
> That's the first thing I did when the error popped up. I
> recognized the
> calback as I had been working on another milter on another
> box and h
clamav-milter is "sort of" ignoring the quarantine directory because it's
creating the daily directories, I'm just not finding any files in them.
I've got two mail filtering gateways that both have the same versions of
sendmail+clamav+clamav-milter+spamassassin, and as near as I can tell all of
th
17 matches
Mail list logo
