You should check this variable on the clamav.conf file
# Mark potential archive bombs as viruses (0 disables the limit)
ArchiveMaxCompressionRatio 20
-Samuel
- Original Message -
From: "Dave Stocker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 11, 2004 12:30 PM
Subject
g a couple of
days in production enviroment.
Regards,
Samuel Benzaquen
Samuel Benzaquen wrote:
>Hello all,
>
>We've installed clamav / clamav-milter on a sendmail server with HIGH
>trafic. It worked well most of the time, but on peak hours (more than 400
>concurrent connection
First, when you show a config file, please omit the comment lines... It
makes the mail big and doesn't give any extra info.
Answering your problem, I think you are lacking one option on the
sendmail.cf file.
We have sendmail(8.12.11) + clamav + clamav-milter and the options we have
on the sendmail
Hi,
As a matter of fact, the configuration I wrote about was correct.
Setting the thread stack to 2Mb solved the problem and let the system create
more than 256 threads of clamav-milter (till the hard limit of glibc).
Regards,
Samuel Benzaquen
>Hi,
>
>I have to say that the answe
ernel 2.4.20-19.7smp compiled by RedHat,
glibc-2.2.5-43.
We also tried on a Fedora Core 1, kernel 2.6.4 (downloaded and compiled),
glibc-2.3.2-101.1.
Any help would be appreciated,
Ing. Samuel Benzaquen
CANTV, Gerencia General de la Red
Gerencia de Operaciones Centralizadas de la Red
Gerencia de Sop
Hi,
I'm trying to do a report of how clamav have reduced disk usage by blocking
virus emails.
What I need is the virus size. Can I get that from the signature file?
Thanks,
-samuel benzaquen
---
This SF.Net email is sponsor
> On Tue, 18 May 2004, Antony Stone wrote:
> > On Tuesday 18 May 2004 3:39 pm, Samuel Benzaquen wrote:
> >
> > > I'm trying to do a report of how clamav have reduced disk
> usage by blocking
> > > virus emails.
> >
> > Huh? That seems l
nformation from
clamd, got ''
...
Thanks,
Samuel Benzaquen
-
Don't fix it if it's not broken.
But if u still want to fix it, call me. I'll break it for u.
---
This SF.Net email is sponsored by: Oracle 10g
Ge
> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] nombre de Trog
> Enviado el: Martes, 25 de Mayo de 2004 09:28 a.m.
> Para: [EMAIL PROTECTED]
> Asunto: Re: [Clamav-users] freshclam: NotifyClamd or not NotifyClamd
>
>
> On Tue, 2004-05-25
> [mailto:[EMAIL PROTECTED] nombre de Jo Mills
> Enviado el: Jueves, 27 de Mayo de 2004 07:33 a.m.
>
>
> On Thu, May 27, 2004 at 01:06:01PM +0200, Pippi Langstrumpf wrote:
> > Hi,
> >
> > how can i configure clamd in a local network? has
> > anybody some documentation (more detailed than the the
>
> [mailto:[EMAIL PROTECTED] nombre de Trog
> Enviado el: Martes, 25 de Mayo de 2004 11:19 a.m.
>
> On Tue, 2004-05-25 at 15:41, Samuel Benzaquen wrote:
> > > Upgrade to 0.71.
> > >
> > > It was most likely waiting for a scanning thread to finish,
> whi
I've seen zip attachments with no content (like 70 bytes long the zip file).
The mail looks just as a Netsky worm, but with no content in the zip.
-samuel
> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] nombre de Bad Apple
> Enviado el: Lunes, 31 de Mayo de 2004 1
ue, Jun 01, 2004 at 01:41:08AM -0500, Damian Menscher wrote:
>
> > May 31 11:36:23 astro clamd[1002]: Segmentation fault :-( Bye..
>
> > So... the message that broke it was sent to this list, specifically the
> > message from Samuel Benzaquen with timestamp:
> >
# from the outside world.
#TCPAddr 127.0.0.1
---
Be sure to use clamdscan. clamscan will not try to connect to a clamd
deamon.
-samuel
>
> --- Samuel Benzaquen <[EMAIL PROTECTED]> schrieb: >
> > >
> > [mailto:[EMAIL
Yes...
you could see the log file.
Actually, you have to read /etc/clamav.conf to see where is it
logging (file or syslog or both).
And
you could probably use LogClean just to see if it is scanning at all.
REMEMBER TO REMOVE THIS OPTION LATER.
Can
also check CPU time/usage on clamd pro
Hello,
I've been looking for a way to change the standard 55x reject message to
something on my own language (spanish) for my clients to understand it.
I looked over clamav-milter's command line options and can't find it.
For what I looked on clamav-milter.c it is forced on the code.
Is there a
> Tris Forster
> Sent: Wednesday, June 09, 2004 1:02 PM
>
> While the aim of doing this may be completely honourable, sending
> winpopups to a non-firewalled machine stinks of spamming and thus I am
> in two minds about putting it into practice
You are right. That could be even worst that the
> > I think the only way I could think is reporting the IP to some DNSBLs.
> > That way you can stop receiving their mails and you leave the cleansing
> > problem to their ISP.
>
> And just hope that the next person to dial in to the ISP who gets
> that IP address
> from DHCP is the same person...
ot scanned; untested big block size - please
report
/var/tmp/Seguimiento RON SANTA TERESA - carta.docKd0l57: OK
---
It doesn't segfault anymore.
As the message says *please report*, that is what I am doing.
Is this the way to report it ?
Do you need the .doc file ?
Regards,
- S
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Trog
> Sent: Friday, July 02, 2004 4:02 AM
>
> On Thu, 2004-07-01 at 15:27, Samuel Benzaquen wrote:
> >
> > Then searching the changelog I found that it was fixed to skip 'probably
> > corrupt&#x
Hello all,
We have been using dag's i386 rpm and we're wondering if there are some
optimizations done for >i686 processors that would worth compiling it
ourselves. (Or asking dag to compile some in i686 ;)
Thanks,
Samuel Benzaquen
---
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Dennis
> Peterson
>
>
> Jeremy Kitchen wrote:
> > On Tuesday 10 August 2004 02:41 pm, Damian Menscher wrote:
> > [snip: using a program delivery to process update mailing list mails]
> >
> >>With sendmail,
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> [EMAIL PROTECTED]
>
>
> Damian Menscher wrote:
> > For most mailserver admins, the danger of losing our jobs
> > is much greater if we tempfail all incoming mail due to a clamav crash
> > than is the dan
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Daniel
> Lord
>
>
> Those signatures don't catch the poc xploit found at
> http://www.gulftech.org/?node=downloads. But maybe it's better to
> leave this alone till there are real worms etc. to produce good
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Bart
> Silverstrim
> Sent: Thursday, September 30, 2004 7:50 AM
>
>
> On Sep 30, 2004, at 3:26 AM, Damian Menscher wrote:
>
> > On Wed, 29 Sep 2004 [EMAIL PROTECTED] wrote:
> >> ... It's interesting that vi
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Andy Fiddaman
> Sent: Thursday, November 04, 2004 6:49 AM
>
>
>
> On Wed, 3 Nov 2004, Jason Haar wrote:
>
> ; Hi there
> ;
> ; I think the TCP option needs some more explicit documentation, as I have
> ;
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Tim Howell
> Sent: Tuesday, November 09, 2004 3:44 PM
>
>
> [EMAIL PROTECTED] wrote:
> > On Mon, 8 Nov 2004 [EMAIL PROTECTED] wrote:
> >
> >> Tim Howell wrote:
> >>> Have any of you thought of what it would
l.R.2
1 Trojan.Dropper.JS.Zerolin-7
1 Worm.P2P.Darby.O
1 W32.Magistr.B2
1 Exploit.HTML.Bagle.Gen-1-eml
1 Worm.Lovgate.R
1 Worm.SomeFool.K
1 Dialer.StarDialer-4
1 Worm.Yaha.G
1 Worm.To
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Jeremy
> Kitchen
> Sent: Friday, December 03, 2004 11:51 AM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] RE: Re: This is how I use ClamAV
>
>
> On Friday 03 December 2004 09:44 am, Kiril Todorov wr
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Matias Lopez
> Bergero
> Sent: Friday, December 03, 2004 2:40 PM
>
>
> > We use Sendmail 8.13.0 (since 8.12.11) + Clamav-milter + Clamd.
> > No quarantine, no postmaster/sender/recipient notice, just
> reje
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of C. Bensend
> Sent: Wednesday, December 15, 2004 10:31 AM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] How does freshclam execute OnUpdateExecute
> program?
>
>
>
> Hey folks,
>
>I'm working on a ne
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Arkady
> V.Belousov
>
> >> M> I failed to remember it was a geographically inclined selection :)
> >> ? How access to free AV databases may/should depend from
> >> geography?!
> >> Why database.c
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Arkady
> V.Belousov
>
> SB> I'm just guessing that those sites happen to respond FTP
> request because,
> SB> and just because, they share the same IP with some FTP site
> the admin of the
> [...]
> SB> The
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mal Herring
>
>
> Hello ClamAV-Users,
> I am running Clam on a Gentoo box, However the latest version is not yet
> in Portage...
>
> Does anyone know how much of a mission it would be to "un-merge" my
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of jijo
> Sent: Sunday, January 30, 2005 7:05 AM
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] updateerror
>
>
> I have ClamAV 0.80-2 and I want to update it to clamAV 0.81-2
> I have instal
>
> At the risk of showing my ignorance...what is a CVS, and how does one go
> about applying one?
>
You can never be ignorant if you have the Internet on your hands ;)
You can read some about it here:
http://en.wikipedia.org/wiki/Concurrent_Versions_System
-Samuel
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Hal Goldfarb
> Sent: Tuesday, February 15, 2005 9:41 PM
>
> I am trying to play by the rules, honest. Can you instruct me on how to
> properly be informed of clamav code updates? I also think RPM binarie
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Allan
> Joergensen
> Sent: Thursday, February 17, 2005 9:16 AM
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] freshclam question
>
>
> Hi,
>
> in order to insure that the database is always
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Penkower
> Sent: Tuesday, March 01, 2005 2:30 PM
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] Why did Clam Av Let this in?
>
> Why Did ClamAV let the file get to my mail server in the
It's very strange...
1. I recieved one of those trojan.small variants this morning and wanted to
see if clamav can catch it now. So, what I did was to forward the mail to
myself and it was just accepted!
When checking the (new incoming copy of) the mail it says X-Virus-Status:
Clean.
2. I copied
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Rainer
> Zocholl
> Sent: Friday, March 11, 2005 12:36 PM
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] Funny pathes
>
>
>
> /tmp/clamav-178c630c01f4f986/usr/share/clamav-testfiles/clam.rar
>
> Yeah, people here keep telling me that, though they're not exactly
> communicative about why that is. All I've read is "_I_ don't need what
> you are proposing, so shut up" or just plain "shut up". Little substance,
> not very helpful, and certainly no reason for me (or anyone!) to stop
> bri
> else) other people are free to pick up where they left off and
> continue updating ClamAV.
>
> You could even do this yourself if you wanted to ;)
>
> That's the nice things about Free Software
This is so true. Even if they systematically obliterate the mirrors (and
their devel PCs) I can assure
>
> Doug Hardie wrote:
> > I have been running clamav for quite some time now. For most of that
> > time I was receiving between 1500 and 2000 viruses per day. However,
> > lately the number is down to about 200 per day. I don't have any users
> > complaining about receiving viruses so I don't t
>
> Sweet... here are my selections
> [x] viruses
> [x] phishing
> [x] spam
> [x] stupid jokes
> [x] urban myths
> [x] (company) will pay you $ for every person you forward this to
> [x] cute puppies
> [x] sob stories
> ...
>
[x] completly useless messages from useful mailing lists
Oh, no! This
> [mailto:[EMAIL PROTECTED] Behalf Of Damian
> Menscher
>
> My silly university spent $0.5M on a commercial product to perform spam
> and virus filtering (they have the "if it costs that much, it MUST be
> good" mentality). And, just after they put it into production, Sober.P
> came out and knock
Hi,
I have a couple of hours looking on google and the lists if it has been
asked and it beats be.
Is there anywhere I can read about the DNS server software that
db.local.clamav.net uses? how does it resolve name depending on the IP
address of the client ?
Thanks,
-Samuel
_
> -Original Message-
> From: [EMAIL PROTECTED]
>
> [EMAIL PROTECTED] wrote:
> > Hi,
> >
> > I have a couple of hours looking on google and the lists if it has
> > been asked and it beats be.
> > Is there anywhere I can read about the DNS server software that
> > db.local.clamav.net uses? ho
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Matt Fretwell
> And yes, I will echo what Tomasz said in this regard. These
> gentleman|lady admins are paid to keep these systems in prime working
> condition, inclusive of updates for new threats or sec
> > > http://www.squish.net/dnscheck/
> > > look up "db.local.clamav.net" record type "ANY"
> > >
> > > ns1.clamav.net69.61.68.204BIND: 9.2.5
> > I still can't figure out how can BIND know which IP belongs to which
> > country.
>
> It's impossible. We just _try_ to do that. Our primary goal
Matt Fretwell wrote:
>
> Rainer Zocholl wrote:
>
> > There are two flaws IMHO:
> > - "Gray" should only be used for *un*important infos, but
> > it is used for important infos and worse main titles(!) too.
>
> And I thought I rambled on about irrelevant things.
I don't see it as irrelevant
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Elliot
> Mackenzie
> Sent: Friday, May 20, 2005 9:24 AM
> To: ClamAV users ML
> Subject: [Clamav-users] Sendmail out of memory with clmilter
>
>
> I have run into a problem with sendmail and clmilter. Spec
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Damian
> Menscher
>
> At least, that's the theory. In practice, n_children isn't ever hitting
> 0, so it stays in the !accepting state forever. For example, in the
> ktrace you posted, n_children dropped
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Matt Fretwell
> Sent: Friday, May 27, 2005 1:56 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] clamd lockup ?
>
>
> Jason Frisvold wrote:
>
> > Hi all,
> >
> > The clamd process on one of my mail
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Timo Schoeler
> Sent: Sunday, June 05, 2005 6:06 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] ClamAV HW acceleration
>
>
> furthermore it's a ecological *and* economical thing: for a large ISP,
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of René Berber
> Sent: Wednesday, June 08, 2005 4:00 PM
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] Re: Worm.Mytob
>
>
> Pavel R. Levashov wrote:
>
> > I have a mail server (sendmail on RedHa
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Scott
> Woodford
> Sent: Wednesday, June 08, 2005 3:55 PM
> To: 'ClamAV users ML'
> Subject: RE: [Clamav-users] ERROR: Clamuko: Can't register with Dazuko
>
>
> Tim, not a problem. Been a long day for me
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> [EMAIL PROTECTED]
> Sent: Friday, June 10, 2005 4:21 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] odd problem w/clamd
>
>
> and what of a virus zipped into a larger zip file? Since the largest
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Johnny Stork
> Sent: Monday, June 20, 2005 11:49 AM
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] Password protected ZIP's---howto?
>
>
>Is there any way to get clamav to handle passwo
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of suneel cumar
> Sent: Monday, June 20, 2005 11:42 PM
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] problem with clamav-0.85.1
>
>
> i have upgraded the clamav 0.74 to 0.85.1.
>
ClamAV has c
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of .rp
> Sent: Wednesday, July 20, 2005 4:40 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] virusDB update issue
>
>
>
> > Hi all,
> >
> > I have one question about the virusDB updating. Supposely my
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Eric Scopinho
>
> Long Question:
> I'm doing some tests with libipq (kind of userspace packet filter).
> I get network packets, write them in small temp files and scan using
> cl_scandesc from libclamav, i
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mad Unix
> Sent: Tuesday, July 26, 2005 8:26 AM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] protection
>
>
> okay ... thats for the internet mail server, and what about a
> Intranet Mail server
>
>
> Hi,
>
> I get this error, and i googled but found nought but source code.
>
> What is the meaning of this error ?
>
>
man clamd.conf
There are several limits that have to be configured according your needs.
These limits are imposed to avoid scanning files that can overload your
clamd server.
64 matches
Mail list logo
