Re: [Clamav-users] VIRUS? PHISH? "Western Union Transfer MTCN: 0258258718"

At 10:04 AM -0400 5/12/09, Charles Gregory wrote: >Greetings! > >Received the following e-mail that looks like a phishing attempt, >with an attached zipped .exe file ... > >I've saved the file to: > http://www.hwcn.org/~cgregory/virus/MTCN_INVOICE.zip > >I don't have the facilities to test any

Re: [Clamav-users] freshclam permissions on database directory

At 10:07 AM +1000 6/11/09, Ian Cheong wrote: >I've just done a clean (previous uninstall) default (configure;make;install >with no options) install of clamAV0.95.2 on MacOS10.5.7. Running freshclam >generates the following errors. > >ERROR: chdir_tmp: Can't create directory >./clamav-f6cd08cec8c728

Re: [Clamav-users] freshclam permissions on database directory

At 7:03 AM -0700 6/11/09, Dennis Peterson wrote: >Ian Cheong wrote: >> I've just done a clean (previous uninstall) default (configure;make;install >> with no options) install of clamAV0.95.2 on MacOS10.5.7. Running freshclam >> generates the following errors. >> >> ERROR: chdir_tmp: Can't creat

Re: [Clamav-users] freshclam permissions on database directory

At 7:24 AM -0700 6/11/09, Dennis Peterson wrote: >Tom Shaw wrote: > >> >> Under OSX you should not run freshclam as a deamon but as a periodic >> process run by launchd as _clamav:_clamav. Likewise for clamd. THis >> allows for automatic process restart by

Re: [Clamav-users] ClamAV update auf 0.95.2

At 1:35 AM +0200 6/18/09, Udo Stifter wrote: >Hallo, > >zur Zeit nutze ich ClamAV 0.95.1 auf meinem PowerMac G4 (933 MHz, >1.25 GB SDRAM, Mav OS X 10.4.11). >Seit einigen Tagen meldet freshclam folgende Fehler: >-- >ClamAV update process started at Wed Jun 17 21

Re: [Clamav-users] ClamAV update auf 0.95.2

At 10:26 PM +0200 6/20/09, Udo Stifter wrote: >Am 2009-06-18 10:04, Tom Shaw schrieb: > > > At 1:35 AM +0200 6/18/09, Udo Stifter wrote: > > > >Hallo, > > > > > > > >zur Zeit nutze ich ClamAV 0.95.1 auf meinem PowerMac G4 (933 MHz, > > >

Re: [Clamav-users] question about Clamav anti virus for old mac OS 9.2

At 2:41 PM +0100 6/22/09, off...@jimrailton.com wrote: >Hi there. I did read the archives and couldn't find anything about my >query. > >We have two older macs, a G3 running OS 8.6 and a G4 running 9.2. I believe >we have a microsoft word virus that I would like to get rid of. Is there a >versio

Re: [Clamav-users] question about Clamav anti virus for old mac OS 9.2

At 8:04 PM -0400 6/22/09, John Jasen wrote: >Tom Shaw wrote: > >> You could copy your MS Word files to an OSX machine and check them. >> You could search on eBay for an old AV program that worked on OS 8/9. >> You could email the suspect file(s) to virustotal so chec

Re: [Clamav-users] question about Clamav anti virus for old mac OS 9.2

.geckoandfly.com/2009/03/19/download-the-best-mac-os-x-anti-spyware-and-anti-virus-software-for-free/ I have to say you might be better off just hiring a local Mac guy for a couple of hours to make this painless. Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.

[Clamav-users] Zeus .bin files

Just a question on signatures... Does the signature team not do Zeus/ZBot configuration files? We have submitted a number (20+) of ".bin" files over the last 6-8 weeks but have yet to see these files detected using "Official" signatures. Should we not submit these files? Tom _

[Clamav-users] Signature dups

Does freshclam or clam on load/reload look for and remove dup signatures? Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Signature dups

At 11:05 PM +0200 6/30/09, Tomasz Kojm wrote: On Tue, 30 Jun 2009 11:26:25 -0700 "Bill Landry" wrote: So if I were to include a signature in my 3rd party database, and then a few days later ClamAV adds the same signature to the official signature database, that is not your problem, but rath

[Clamav-users] List bounces

I did my due diligence and emailed clamav-users-requ...@lists.clamav.net?subject=help and got the email contact of the owner of the list and emailed clamav-users-ow...@lists.clamav.net and have received no response. Every time I post to this list I receive a "no such user here" response for c

Re: [Clamav-users] clamd 0.95.2 unrar

At 3:20 PM -0700 7/9/09, MrC wrote: On 7/9/2009 3:14 PM, Tom Shaw wrote: I searched the archive and could not find a solution. I have been running without unrar support for a bit because I didn't have time to run this down. I compiled 0.95.2 from source and it has been running flawlessly

Re: [Clamav-users] clamd 0.95.2 unrar

a quick sudo ldconfig ( and some distros require that you explicitly include /usr/local/lib in your /etc/ld.so.conf - or /etc/ld.so.cond.d/.conf ) just to update the system catalogs... hth, Steve On Thu, 2009-07-09 at 18:14 -0400, Tom Shaw wrote: I searched the archive and could not find a sol

[Clamav-users] clamd 0.95.2 unrar

I searched the archive and could not find a solution. I have been running without unrar support for a bit because I didn't have time to run this down. I compiled 0.95.2 from source and it has been running flawlessly yet I get this warning: LibClamAV Warning: Cannot dlopen libclamunrar_iface:

Re: [Clamav-users] clamd 0.95.2 unrar

OK Got it fixed. Looks like incompatibilities of libraries. All is fine now. Thanks for your help pointing me in the right direction. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

[Clamav-users] Signature/Weirdness

I am running ClamAV 0.95.2/9806/Mon Sep 14 14:37:58 2009 when I run clamscan on a file I get no detection yet when I submit the same file to virustotal (0.94.1/20090912) I get Trojan.Zbot-4583 detected. My clamav install has been operating fine for months on OSX 10.5. Ideas? Tom _

Re: [Clamav-users] Signature/Weirdness

At 12:59 PM -0700 9/14/09, Bill Landry wrote: Tom Shaw wrote: I am running ClamAV 0.95.2/9806/Mon Sep 14 14:37:58 2009 when I run clamscan on a file I get no detection yet when I submit the same file to virustotal (0.94.1/20090912) I get Trojan.Zbot-4583 detected. My clamav install has

Re: [Clamav-users] Signature/Weirdness

At 2:00 PM -0700 9/14/09, Bill Landry wrote: > At 12:59 PM -0700 9/14/09, Bill Landry wrote: Tom Shaw wrote: I am running ClamAV 0.95.2/9806/Mon Sep 14 14:37:58 2009 when I run clamscan on a file I get no detection yet when I submit the same file to virustotal (0.94.1/20090912) I

Re: [Clamav-users] Submission policies

Giampaolo If you want some extra coverage you might try the signatures at http://sanesecurity.com. Besides all the great rules there, our winnow signatures, which are included, detect malware not yet in clamav as well as urls to malware. Current direct signatures are mapped to other AV syste

Re: [Clamav-users] DHL invoices

At 3:09 PM +0100 9/23/09, Steve Basford wrote: > I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot recognizes them as Win32/Bredolab!Generic but ClamAV does not. Hi, Just in case this helps block them... I've been detecting these for a while if its the same sort of fake

Re: [Clamav-users] DHL invoices

At 8:11 PM +0300 9/23/09, Jari Fredriksson wrote: > On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari Fredriksson wrote: Jari Fredriksson wrote: Then I decided SaneSecurity is not worth it, as SpamAssassin catches those too, and has less false positives. SaneSecurity triggers way too of

Re: [Clamav-users] DHL invoices

At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote: >> I don't run ClamAV via SpamAssassin. I have it called by amavisd-new, which does what it does: quarantine. Sure hope your not using heuristics, phishing and/or safebrowsing options in ClamAV if you feel that way. I use amavisd-new d

Re: [Clamav-users] DHL invoices

At 10:42 PM +0300 9/23/09, Jari Fredriksson wrote: > On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari Fredriksson wrote: Ehm, were you scoring SaneSecurity hits like one is supposed to, or just plain rejecting with them? Sounds like the latter. I don't run ClamAV via SpamAssassin. I hav

Re: [Clamav-users] DHL invoices

At 11:31 PM +0300 9/23/09, Jari Fredriksson wrote: > At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote: >> I don't run ClamAV via SpamAssassin. I have it called by amavisd-new, which does what it does: quarantine. Sure hope your not using heuristics, phishing and/or safebrowsing op

Re: [Clamav-users] DHL invoices

At 12:20 AM +0300 9/24/09, Jari Fredriksson wrote: >> This is what I found about Phishing and Heuristics. Dangerous? When I review the quaratine anyway. No more than sanesecurity rules and alot more than my winnow_malware.hdb which would have caught your virus. Point being you might jus

Re: [Clamav-users] DHL invoices

At 2:19 PM +0100 9/24/09, Steve Basford wrote: > Yeah, we already know that. Can you please cut&paste the full message returned by the form? Thanks, Hi Luca, I've *just* uploaded 4 copies of the dhl invoice malware that have been missed by up-to-date official sigs. These were blocked using

Re: [Clamav-users] DHL invoices

At 9:53 AM -0400 9/24/09, Tom Shaw wrote: At 2:19 PM +0100 9/24/09, Steve Basford wrote: > Yeah, we already know that. Can you please cut&paste the full message returned by the form? Thanks, Hi Luca, I've *just* uploaded 4 copies of the dhl invoice malware that have been mis

[Clamav-users] IRS Scam

Just a heads up on this piece of malware as you may have read about this in Computerworld or another news source. winnow sigs distributed as part of sanesecurity have been detecting the scam email as well as their changing payloads housed on fast flux domains for almost 2 weeks See: http://w

Re: [Clamav-users] Some Virus not detected by Clamav

At 10:28 AM +0200 10/13/09, Jose-Marcio Martins da Cruz wrote: Hello, I have 49 virus (2 kinds only) received at our mailserver last night which weren't detected by ClamAV, but are detected by most other antivirus available at www.virustotal.com The name of the virus, as detected by Sophos a

Re: [Clamav-users] Some Virus not detected by Clamav

ndetectable? Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475 (cell/voice mail,pager) US skypeline: 321-622-9098 Text Paging: http://www.oitc.com/Pager/sendmessage.html AIM/iChat: tr

Re: [Clamav-users] Some Virus not detected by Clamav

At 1:23 PM +0100 10/15/09, Steve Basford wrote: > Undetected Outlook Express malware: h t t p :/ / www.iki.fi/jarif/malware/install.zip That's one of 'em: Sanesecurity.Rogue.736.UNOFFICIAL Well that one didn't get detected by standard ClamAV. Must be running multiple payloads That one

Re: [Clamav-users] Some Virus not detected by Clamav

At 3:14 PM +0300 10/15/09, Jari Fredriksson wrote: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_20nrA2UWvqBocwzbhDgZQrQ22plLxr" Content-Disposition: inline 15.10.2009 14:55, Tom Shaw kirjoitti: The samples I have o

Re: [Clamav-users] Some Virus not detected by Clamav

At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_6GorA2txt0CVliaTmJuBPNhCIqDzZA" Content-Disposition: inline Undetected IRS scam variant. http://www.iki.fi/jarif/malware/tax-statement.exe -

Re: [Clamav-users] Some Virus not detected by Clamav

At 1:23 PM +0100 10/15/09, Steve Basford wrote: > Undetected Outlook Express malware: h t t p :/ / www.iki.fi/jarif/malware/install.zip That's one of 'em: Sanesecurity.Rogue.736.UNOFFICIAL FYI Official ClamAV sigs now detect as Trojan.Inject-2443 I just noticed that my winnow.malware.75

Re: [Clamav-users] Some Virus not detected by Clamav

At 5:24 PM +0300 10/15/09, Jari Fredriksson wrote: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_T3prA2NkQhJdMqo4E_3U4WfuiiDVVM" Content-Disposition: inline Does ClamAV somehow dedicate to email format (base64) or how it is possible that i

Re: [Clamav-users] Some Virus not detected by Clamav

At 8:42 AM +0100 10/16/09, Steve Basford wrote: > The script I use has a bit more finesse than this simple overview. I use a randomizer to prevent this process from running at the same minute past the hour Note there's a *tiny* chance if the script runs at 10.07 and then 11.03, you'll get t

Re: [Clamav-users] Some Virus not detected by Clamav

Tom Shaw wrote: Just to clarify winnow_malware.hdb is designed to detect malware payloads. Thus, it is effective in an email system only when the payload is attached (such as a dropper, etc). It is also very effective when used in file system/download checking scenarios. Thanks to Dennis

Re: [Clamav-users] Some Virus not detected by Clamav

Tom Shaw wrote: If you submit a file to virus-samp...@oitc.com I'll process it for winnow_malware.hdb and at the same time send it to the ClamAV malware signature team and virustotal to check if others can detect. If you submit a url to malware to virus-samp...@oitc.com I'lldo

Re: [Clamav-users] Some Virus not detected by Clamav

At 8:14 AM -0700 10/16/09, Dennis Peterson wrote: Tom Shaw wrote: Tom Shaw wrote: If you submit a file to virus-samp...@oitc.com I'll process it for winnow_malware.hdb and at the same time send it to the ClamAV malware signature team and virustotal to check if others can detect. I

Re: [Clamav-users] Some Virus not detected by Clamav

At 5:21 PM +0200 10/16/09, Jose-Marcio Martins da Cruz wrote: Tom Shaw wrote: As long as you don't obfuscate the url my scripts will isolate the url or the attached malware and process. Nice ! Can I send one URL per line ? I have 20 undetected virus. Yes it strips out all urls just

Re: [Clamav-users] APER

At 7:02 AM -0700 10/22/09, John Rudd wrote: Hope I haven't missed this one being discussed... but ... APER is a project hosted at Google Code (Anti-Phishing Email Reply) that tracks From, Reply-to, and Body URLs that match known phishing attacks. There are a few examples for how to use it ... b

[Clamav-users] where is 0.93 src?

Link of website goes to SF and there there is the sig but not the gz'd source. Please help, Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

[Clamav-users] Whoops where is 0.95.3 src?

At 1:12 PM -0400 10/28/09, Tom Shaw wrote: Link of website goes to SF and there there is the sig but not the gz'd source. Please help, Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/suppo

Re: [Clamav-users] load issues due to sanesecurity signatures

At 4:10 PM -0600 11/2/09, Noel Jones wrote: On 11/2/2009 1:42 PM, Avinash wrote: Hi everyone, We are using Sanesecurity signatures in clamd for scanning mails. Recently we are seeing some load issues on clamd server due to sanesecurity signatures (load is automatically decreasing when the sanes

Re: [Clamav-users] load issues due to sanesecurity signatures

At 9:32 PM +0530 11/3/09, Avinash wrote: Hi everyone, Thanks for the quick response. We are using the below 6 sanesecurity files. junk.ndb phish.ndb scam.ndb spear.ndb lott.ndb spam.ldb Some more info: I tried with adding these files one by one to clamd database, junk.ndb is causing more loa

Re: [Clamav-users] [Bulk] Re: Quarantine issue with new 0.95.x clamav-milter

At 6:28 PM -0500 11/9/09, Jerry wrote: On Mon, 09 Nov 2009 18:08:10 -0500 Michael Orlitzky replied: Jerry wrote: > > You don't want to bounce the message, yet you are telling the sender > that it was not delivered. That is inconsistent. Why not simply > send a notice to the email originat

Re: [Clamav-users] SubmitDetectionStats Error

At 11:14 AM +0100 11/20/09, Luca Gibelli wrote: Hello Greg, FYI, I'm still getting the submission error. ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance it looks like it will need some more time. I hope it will be back online by monday. Pardon thi

Re: [Clamav-users] SubmitDetectionStats Error

At 2:16 PM +0100 11/21/09, Luca Gibelli wrote: Hello, > FYI, I'm still getting the submission error. > ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance it looks like it will need some more time. I hope it will be back online by monday. The service

[Clamav-users] Detection Reporting

I have been looking at performing a single freshclam update and then distributing that update internally but I cannot find how to report detections from all the internal systems. Anyone have an idea on what I am missing? Tom ___ Help us build a comp

Re: [Clamav-users] Clamd & Clamav yield different results

At 11:57 AM -0600 11/29/09, James Babcock wrote: Thanks so much for the prompt response. I have an Intel iMacŠ running Mac OS 10-6-2 plus mall updates. Using Mac's "Terminal" option, I found no MAN pages you suggest. I am beginning to think that As a clamav user, I need a Linux version running

Re: [Clamav-users] Clamd & Clamav yield different results

At 12:57 PM -0800 11/29/09, Dennis Peterson wrote: James Babcock wrote: Thanks so much for the prompt response. I have an Intel iMacŠ running Mac OS 10-6-2 plus mall updates. Using Mac's "Terminal" option, I found no MAN pages you suggest. I am beginning to think that As a clamav user, I nee

Re: [Clamav-users] ClamAV Memory Usage

At 12:39 AM + 12/2/09, Gordan Bobic wrote: Hi, Can anyone explain why clamd 0.95.3 might use 190MB of RAM after 5 days of light usage (few hundred emails)? It is the single biggest process on my mail servers, and I'm not convinced it's size is reasonably justifiable. The database files un

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

At 3:50 PM +0300 12/3/09, Anatoly Pugachev wrote: Someone with linkedin account, could be interested in commenting the following discussion http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=10222162&gid=107486 Anatoly Whats the group's name? Tom __

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

environment with over 200 computers. We've used Symantec AV for 5 years now." opened by Robert Tana. Thanks. On 03.12.2009 / 08:10:30 -0500, Tom Shaw wrote: At 3:50 PM +0300 12/3/09, Anatoly Pugachev wrote: >Someone with linkedin account, could be interested in commenting the

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

At 3:04 PM +0100 12/3/09, Jan Pieter Cornet wrote: On Tue, Nov 24, 2009 at 04:17:50PM -0400, Robin wrote: I am administering 7 Debian based LAMP servers and am working to get anti-virus to scan uploads as they happen. Since I am a lone sheep in the Microsoft wild of a larger organization I n

Re: [Clamav-users] Phishing detection on downloaded pages

At 3:53 PM +0200 12/10/09, Török Edwin wrote: On 2009-12-10 15:41, Sundara Kaku wrote: Hi, As you mentioned "clamav would scan the mail".. means..can i add downloaded webpage as attachment to email with (javamail api) and save that mail as eml file and send this file for scanning.. is

Re: [Clamav-users] Phishing detection on downloaded pages

At 9:31 PM +0200 12/11/09, Török Edwin wrote: On 2009-12-11 21:14, Tom Shaw wrote: At 3:53 PM +0200 12/10/09, Török Edwin wrote: >> On 2009-12-10 15:41, Sundara Kaku wrote: The heuristic phishing detector only works on emails correctly, not websites by design, hence there is no po

Re: [Clamav-users] ExcludePath, defining absolute path

At 6:11 AM + 12/16/09, dev.ad...@ntlworld.com wrote: Hi, I know this is an old topic that seems to have caused some problems in the past and has apparently been fixed in version .3, but I still can't get it to work. I'm using OSX and I would like to scan the boot volume but one of the direc

[Clamav-users] TargetType

How does one determine what TargetType ClamAV will assign to a file or attachment? I have been all through the docs and wiki and can find no specifics. Any and all help is appreciated. Tom ___ Help us build a comprehensive ClamAV guide: visit http:

Re: [Clamav-users] TargetType

At 4:15 PM + 2/16/10, Steve Basford wrote: > Attached document? I did not see an attachment. Can you send a link? Is this the TargetType you are after... 2.3.4 Extended signature format The extended signature format allows for specification of additional information such as a target

Re: [Clamav-users] TargetType

On 02/16/2010 09:15 PM, Tom Shaw wrote: At 4:15 PM + 2/16/10, Steve Basford wrote: > Attached document? I did not see an attachment. Can you send a link? Is this the TargetType you are after... 2.3.4 Extended signature format The extended signature format allows

Re: [Clamav-users] TargetType

Vulnerability Research Team SOURCEfire Tel: 1(410)423-4764 email: <mailto:alain.zidoue...@sourcefire.com>alain.zidoue...@sourcefire.com On Sat, Feb 13, 2010 at 7:30 PM, Tom Shaw <<mailto:ts...@oitc.com>ts...@oitc.com> wrote: Pardon me, Alain, but I did say I did due diligen

Re: [Clamav-users] clamav syslog and cron

. Should I approach this in a different way like using clamscan instead? It does not look like clamscan can write to syslog but I could be wrong. Tim Why don't you just get rid of --fdpass and run the cron job as root? Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx:

[Clamav-users] quick question on freshclam

I want to change how I run freshclam on OSX from running as a deamon to running periodically using launchd. Unfortunately, freshclam's returning of 1 when no updates were required causes issues with launchd since it thinks freshclam exited abnormally and attempts to respawn. Now, I can easil

[Clamav-users] Bad link on site to 0.96RC1

The link on http://www.clamav.net/ to 0.96.rc1 actually downloads 0.95.3. It should be http://sourceforge.net/projects/clamav/files/clamav/0.96rc1/clamav-0.96rc1.tar.gz/download Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.c

Re: [Clamav-users] Bad link on site to 0.96RC1

At 12:39 AM +0100 3/11/10, Luca Gibelli wrote: Hello Tom, The link on http://www.clamav.net/ to 0.96.rc1 actually downloads 0.95.3. both links on www.clamav.net and www.clamav.net/download/sources work correctly for me. Thanks Luca. It must have been fixed because my first download was ab

[Clamav-users] FYI

Link to 0.95.3 on http://www.clamav.net/download/sources/ actually goes to 0.96rc1 Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] ***** SPAM ***** ***** SPAM ***** Re: 0.96rc1 LibClamAV Warning: JIT not compiled in

At 2:46 PM -0600 3/12/10, George R. Kasica wrote: We've compiled and are running here as well with Red Hat EL4 (gcc 3.4.6-11.el4_8.1) and Red Hat EL5 (gcc 4.1.2-46.el5_4.2) both of which are the latest released versions of gcc from Red Had RPMs and are seeing the same JIT failures...how new are y

[Clamav-users] Missed detection

I have a md5 based signature, winnow.malware.2015, that I created from a file ./malware/style25.dat-4mmrTv The signature is: 23848f3f080237b7e2d2313496f4c00f:3680:winnow.malware.2015 I can see its in my clam sigs by: $ sigtool --list-sigs=/usr/local/share/clamav/winnow_malware.hdb | grep "wi

[Clamav-users] byte code compiler configure issues

I have the following configure problem: $ cd obj && ../llvm/configure --enable-optimized --enable-targets=host-only --disable-bindings --prefix=/usr/local/clamav configure: WARNING: Unknown project (clamdriver) won't be configured automatically configure: WARNING: Unknown project (ifacegen) wo

Re: [Clamav-users] byte code compiler configure issues

At 8:52 AM +0300 5/1/10, Török Edwin wrote: On 05/01/2010 01:17 AM, Tom Shaw wrote: I have the following configure problem: $ cd obj && ../llvm/configure --enable-optimized --enable-targets=host-only --disable-bindings --prefix=/usr/local/clamav configure: WARNING: Unknown

Re: [Clamav-users] byte code compiler configure issues

At 2:40 PM +0300 5/1/10, Török Edwin wrote: On 05/01/2010 02:20 PM, Tom Shaw wrote: llvm[3]: Compiling ClamBCOptimizers.cpp for Release build /Users/tshaw/Sites/clamav/clamav-bytecode-compiler/clamav-bytecode-compiler/llvm/lib/Target/ClamBC/ClamBCModule.cpp: In member function 'virtual

Re: [Clamav-users] byte code compiler configure issues

orted only once /Users/tshaw/Sites/clamav/clamav-bytecode-compiler/llvm/lib/Target/ClamBC/version.c:4: error: for each function it appears in.) make[3]: *** [/Users/tshaw/Sites/clamav/clamav-bytecode-compiler/obj/lib/Target/ClamBC/Release/version.o] Error 1 make[2]: *** [ClamBC/.makeall] Error 2 mak

Re: [Clamav-users] byte code compiler configure issues

At 10:45 AM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 12:49 AM, Tom Shaw wrote: At 10:52 PM +0300 5/1/10, Török Edwin wrote: Please run 'make VERBOSE=1', and paste the output. llvm[3]: Compiling version.c for Release build Thanks, please 'git pull' and try build

Re: [Clamav-users] byte code compiler configure issues

At 4:46 PM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 04:44 PM, Tom Shaw wrote: At 10:45 AM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 12:49 AM, Tom Shaw wrote: At 10:52 PM +0300 5/1/10, Török Edwin wrote: Please run 'make VERBOSE=1', and paste the output.

Re: [Clamav-users] byte code compiler configure issues

At 6:07 PM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 05:33 PM, Tom Shaw wrote: At 4:46 PM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 04:44 PM, Tom Shaw wrote: At 10:45 AM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 12:49 AM, Tom Shaw wrote: At 10:52 PM +0300 5/1/10

Re: [Clamav-users] byte code compiler configure issues

At 6:07 PM +0300 5/2/10, Török Edwin wrote: We're getting closer. T Thanks, Edwin. That worked. Installed and tried to get version but got: $ /usr/local/clamav/bin/clambc-compiler -v clang -cc1 version 1.1 based upon llvm 2.7 hosted on i386-apple-darwin9 re2c: error: cannot re-open error: re2

Re: [Clamav-users] byte code compiler configure issues

At 12:27 PM -0700 5/2/10, Dennis Peterson wrote: On 5/2/10 8:14 AM, Tom Shaw wrote: Trying now let you know in about 10 10.5.8 right now. 10.6 after we get this working Tom I was able to compile .96 in Snow Leopard with no modification. Thanks Dennis. I had no problems for ClamAV (did

Re: [Clamav-users] byte code compiler configure issues

At 5:48 AM -0700 5/3/10, Jim Preston wrote: Dennis Peterson wrote: On 5/2/10 8:14 AM, Tom Shaw wrote: Trying now let you know in about 10 10.5.8 right now. 10.6 after we get this working Tom I was able to compile .96 in Snow Leopard with no modification. dp Hi Dennis, Did not know

Re: [Clamav-users] byte code compiler configure issues

At 6:06 AM -0700 5/3/10, Jim Preston wrote: Tom Shaw wrote: At 5:48 AM -0700 5/3/10, Jim Preston wrote: Dennis Peterson wrote: On 5/2/10 8:14 AM, Tom Shaw wrote: Trying now let you know in about 10 10.5.8 right now. 10.6 after we get this working Tom I was able to compile .96 in Snow

Re: [Clamav-users] 0.96.1 Daemon permissions on Mac OS 10.6.4?

ove) if not as owner _clamav. Check your config files. If you manually need to run use sudo freshclam Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475 (cell/voice mail,pager) US sky

[Clamav-users] writing rules

I have run into some problems creating rules. I am trying to create phish rules as R[Filter]:RealURL:DisplayedURL[:FuncLevelSpec] or MalwareName:TargetType:Offset:HexSignature[:MinEngineFunctionalityLevel:[Max]] and I am having two problems. First problem has to do with UTF/UNICODE characters

[Clamav-users] rule writing

OK I have read all the docs and gotten some feedback here (Thanks Steve, Scott and Edwin) but I am still a little confused and can't seem to find comprehensive docs to read. The below questions are for hex signatures. I also am confused on some of the others but those questions will come later

Re: [Clamav-users] rule writing

>Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-

Re: [Clamav-users] 0.95RC1 availability

At 12:08 PM -0500 2/27/09, Nigel Horne wrote: >Folks, > >0.95 RC1 was published on Wednesday 25/2/09. > >For details of the new features please refer to the Changelog. > >A what's new document that gives an overview of the new and improved >features is currently in preparation for publication on ww

Re: [Clamav-users] malformed securiteinfo.hdb

clam TIA, Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475(cell/voice mail,pager) Text Paging: http://www.oitc.com/Pager/sendmessage.html AIM/iChat: trs...@mac.com Fish more and

[Clamav-users] 0.95 rc1 OSX 10.5 issues

ERROR -rw-r--r--@ 1 tshaw staff 197 Nov 21 17:24 /Users/tshaw/Documents/assp/clamav/clamav-0.94.2/test/.split/split.clam.arjaa Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475

Re: [Clamav-users] 0.95 rc1 OSX 10.5 issues

At 6:16 PM -0800 2/28/09, Bill Landry wrote: >Tom Shaw wrote: >> Some issues: >> >> socat ran fine on 0.94.2 but on 0.95.rc1 >> >> echo PING|socat - /var/tmp/clamd.socket >> >> is silent yet I can type > >Tom, are you sure that is the correct

Re: [Clamav-users] 0.95 rc1 OSX 10.5 issues

At 6:20 PM -0800 2/28/09, Bill Landry wrote: >Bill Landry wrote: >> Tom Shaw wrote: >>> Some issues: >>> >>> socat ran fine on 0.94.2 but on 0.95.rc1 >>> >>> echo PING|socat - /var/tmp/clamd.socket >>> >>> is silent

Re: [Clamav-users] 0.95 rc1 OSX 10.5 issues

At 3:04 PM +0200 3/1/09, Török Edwin wrote: >On 2009-03-01 14:57, Tom Shaw wrote: >> At 6:16 PM -0800 2/28/09, Bill Landry wrote: >> >>> Tom Shaw wrote: >>> >>>> Some issues: >>>> >>>> socat ran fine on 0.94.

Re: [Clamav-users] 0.95 rc1 OSX 10.5 issues

At 10:55 AM -0500 3/1/09, Tom Shaw wrote: >At 3:04 PM +0200 3/1/09, Török Edwin wrote: >>On 2009-03-01 14:57, Tom Shaw wrote: >>> At 6:16 PM -0800 2/28/09, Bill Landry wrote: >>> >>>> Tom Shaw wrote: >>>> >>>>>So

Re: [Clamav-users] 0.95 rc1 OSX 10.5 issues

At 9:26 AM -0800 3/1/09, Bill Landry wrote: >Tom Shaw wrote: >>>>> >>>> What does this output: > >>> $ echo PING | strace socat - /var/tmp/clamd.socket >>>> $ echo -ne "nPING\n" | strace socat - /var/tmp/clamd.socket > >>

Re: [Clamav-users] 0.95 rc1 OSX 10.5 issues

At 9:34 PM +0200 3/1/09, Török Edwin wrote: >On 2009-03-01 20:43, Tom Shaw wrote: >> At 9:26 AM -0800 3/1/09, Bill Landry wrote: >> >>> Tom Shaw wrote: >>> >>>>>> What does this output: >>>>>> >>>

Re: [Clamav-users] Crash withThird-Party Sigs

At 9:04 AM + 3/6/09, Steve Basford wrote: > > No, it just has all sorts of characters in the virus name, like ][. > >Chris/All... > >If you want to manually fix, try replaing "][Date:" with "-" > >see if that passes the 0.95RC1 tests Actually its just the : that's causing the problem. Repl

[Clamav-users] ClamAV and VirusTotal

Any particular reason why they are using 0.94.1 (and it appears with the most non aggressive settings)? You are not showing off your best side... Just my2 cents Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://w

Re: [Clamav-users] test for SafeBrowsing?

At 7:20 AM -0700 3/18/09, Dennis Peterson wrote: >Erwan David wrote: >> On Wed, Mar 18, 2009 at 01:55:14PM CET, Dennis >>Peterson said: >>> Moray Henderson (ICT) wrote: > From: Török Edwin [mailto:edwinto...@gmail.com] >>> Try using for the URL. >>> >> Is that a requirement?

Re: [Clamav-users] ClamAV and VirusTotal

At 8:35 PM +0100 3/19/09, Julio Canto wrote: >Sarocet escribió: >> Julio Canto wrote: >>> Paul Whelan escribió: >>> must be the clamwin version then which is a strange 'official channel'. >>> Hi again, >>> You're wrong assuming that, th

[Clamav-users] What's the turnaround for new signatures?

What's the turnaround for new signatures? I submitted these 7 days ago both directly and via virustotal (see below) yet today my clamd 0.94.2 (main 50 daily 9149) doesn't detect new copies arriving. Tom Complete scanning result of "/Flash_Adobe11.exe", processed in VirusTotal at 03/16/2009 22

  1   2   >