it normail for clamav 0.95.1? Thank for helping
Hi,
It is not.
However make sure the loglevel *in sendmail* is setup properly.
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Clean
>
>
> so, the milter message at maillog related to sendmail or clamav-milter?
Note the "sendmail[3783]:" prefix.
This stuff doesn't come from the milter, otherwise it would read
"clamav-milter:...".
Any milter loglevel setting > 8
s it is really
hard to tell. It mostly depends on the severity of the threat, that is,
how many of such samples we've already received. Big outbreaks generally
take less than one hour. Unique samples may need several days to be
processed.
-aCaB
___
Help
rovided clients and parse their output. clamscan is
linked to libclamav, clamdscan talks to the daemon instead.
Everything is documented at http://www.clamav.net/doc/latest/html/
and in the tools manpages.
-acab
___
Help us build a comprehensive Clam
Dan wrote:
> So you would prefer we submit directly to ClamAV at
> <http://cgi.clamav.net/sendvirus.cgi>
Yes, we do.
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
w get a gcc 3.x installed then you should be able to
compile clamav without major problems.
Old libraries should link ok (although most of them are probably
exploitable), with the exception of libmilter. If you don't need
clamav-milter that shouldn't really bother you.
-acab
iate some load from the mirrors.
If you only want the code you can simply grab a branch off the svn.
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
s should give anyone enough time to switch to INSTREAM or FILDES.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
o the the infected email but not modify the SUBJECT: line?
You are correct.
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
I can send it without problems?
Please save the mail and upload it to
http://www.clamav.net/sendvirus/
Thanks,
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Sergey Yudin wrote:
> When clamd reloads new database it stops responding requests via local
> socket. For example DansGuardian reports "Exception whist reading ClamD
> socket: Can't read from socket"
Hi Sergey,
Please head to http://bugs.clamav.net/ and open
ke up
more memory that it's bare size.
Cheers,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
a ticket on the bugzilla to optionally make it read entries from a file.
When time permits I'll work on that.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
its own signal catching; that's
braindead, if you ask me, but that's the way it is.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
) with ESMTP id 41CFB2290F
> for ; Thu, 3 Sep 2009 09:04:30 -0400 (EDT)
TO:
HtH,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
can start with the string "From:" or "To:" (note:
no whitespace after the colon) indicating if it is, respectively, the
sender or recipient that is to be whitelisted."
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
should probably use them. Otherwise you can
setup a small cron job using "find -mtime" and clamscan to check the
whole ftp space.
HtH,
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
list
> mail. :-(
No. Whitelisting based on the "Received" header is not supported as it
doesn't make much sense.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
was fixed in the clamav-devel version:
>
> clamav-devel:
>
> +Sat Oct 24 15:06:50 CEST 2009 (acab)
> + * libclamav/mpool.c: increase max pool to 8M to allow loading huge
> custom dbs
Hi Steve,
The (now) increased pool size is around 16 times bigger than the largest
pool used by the
ot the same as the milter
interface.
I'd suggest you to start from http://www.postfix.org/MILTER_README.html
which will answer all your other questions.
Cheers,
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
ht
t.
The only alternative is that we release what WE think is ok and we
re-release when YOU tell us it's not.
Thanks for the lesson,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
case you missed that mail...
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
t.
The other one is to run a buildbot slave. Results are available at
http://www.0xacab.net:8010/waterfall
If you want to help with either, please mail Edwin or me off list.
Thanks,
-acab
___
Help us build a comprehensive ClamAV guide: visit
orically allowing quarantine+reject, in
practice, sendmail doesn't obey and only performs one of the actions
(reject but not quarantine, IIRC).
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
alignment and other nasty things.
70MB are roughly equivalent to 90-100MB on 32 bit systems and 110-10MB
on a 64bit system.
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
> but one of the directories is called 'Volumes' which
> contains directories and links to other volumes which I
> scan separately.
>
> Is it possible to exclude an absolute path using the
> configure variable ExcludePath?
>
> A.
Not sure I got the righ
e umask.
Just set it to suit your needs.
As for adding a dedicated option to clamav-milter, that's sure something
that can be done.
Please open a feature request ticket so it doesn't get forgotten.
Cheers,
-acab
___
Help us build a comprehensiv
mail_host}, {mail_addr}.
If you are using postfix, double check your milter_XXX_macros directives.
HtH,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
open a ticket. It's too late for 0.96, but will likely make
it into 0.96.1.
Thanks,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
v.net
Just copy/paste the info in your email and also state your zlib version
and attach the problematic daily.cvd.
Cheers,
acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Si St wrote:
> Whats the difference between:
> clamav-0.96rc1-19.1.i586.rpm
> and:
> clamav-0.96-27.1.i586.rpm
> ?
The RC is a release canditate package. It was issued before the final
0.96 release (the non-RC package).
> I am thinking of the "RC" specification of the package.
> Which one should
tribute (load balance and fail over) scan requests to all the
available scanners. Again you have several options here ranging from
writing a piece of perl filter to do manage the scan requests, to
routing mails to a second line of mta's (or amavisd's) in a (pos
acy:
> ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file
> formats, which allows remote attackers to bypass virus detection via
It's quite funny to hear that the 7z handler is vulnerable in versions
<0.96 because it was, in fact, introduced in 0.96... :)
Cheers,
rect contact. The Apple
> boards of full of users with dead mail servers.
No negotiation needed, it's free software.
Apple takes it and package it as they like. They decide what version to
ship and if/when to deliver updates. No question asked.
--acab
___
h...@dip-systems.de wrote:
> Is there no more support for this Debian Release?
Debian Woody became old-stable in Jun 2005 and support was discontinued
since June 2006.
Your version of ClamAV is also obsolete.
--aCaB
___
Help us build a comprehens
hat correct?
It may or may not, depending on the message and the signature that
catches it.
Since clamav internally process the mail message and all its attachments
anyway, having this done twice (by amavis and by clamav) is probably
pointless...
---acab
___
bly blacklisted all the servers.
HtH,
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
ople behind them as much as you
like. This thread is dead for me.
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
ck to topic 0.96+dfsg-4~volatile1 was accepted a couple of days ago
and it's digging its way to the mirrors. It shouldn't take long till all
archs are built and the debs are available.
--acab
___
Help us build a comprehensive ClamAV guide:
uggestion.
Mind posting your suggestions to the bugzilla?
So other can contribute and there are less chances that it'll be forgotten?
Thanks,
--acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
.net/sendvirus.cgi ?
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
gt; What's wrong with safebrowsing?
There's a bug for that:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2017
--acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
just pull the code via git.
HtH,
--acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
ed bugs are re-evaluated
and either assigned to a release, or closed, or left in the queue.
So there's nothing to ARGH about... yet! :)
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
DAVID BERTHIAU wrote:
> I don't know how, but my current system do, I will look if it is because the
> encrypted files are blocked. Is it possible to do it with clamav?
It is.
Look for ArchiveBlockEncrypted in clamd.conf.
Cheers,
-acab
pposed to mean recipient -- if that is so, what does?
Hi Chris,
I think you're doing it right.
You only need to configure sendmail to fill in those macroes, which, by
default, it leaves blank.
It's generally only a matter of adding the following line to your .cf:
define(`confMILTER_MACROS_
NKNOWN'.
To get sendmail to fill in all the fields you need, you have to
explicitly instruct it to do so. And this is done via its configuration
file, using the confMILTER_MACROS_EOM as I wrote above.
Any clearer now?
-acab
___
Help us build a co
quite a few arguments to manage and not
just one.
The simpler solution was to avoid % expansion and simply feed all the
info I have to the invoked script. From there, the admin can do whatever
s/he likes: use some params, use all of them, disregard them all.
Hope that sheds some light on
Nathan Gibbs wrote:
> Here is my working "test" implementation for the milter
>
> http://www.cmpublishers.com/oss/clamfi.c
Hi Nathan,
awsome spirit!
I'd love to say "awesome code" too but I haven't had a chance to look at
it yet.
I'll cert
me (admittedly
small) time in advance. Anyone willing to coordinate or ask for a delay
can certainly do through this channel.
If it wasn't a security release we would certainly have gone with an
RC... which certainly would have mitigated most of the issues.
Cheers,
-aCaB
_
/attachment.cgi?id=1498 allows configure
to continue.
Cheers,
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On 03/10/11 20:58, Peter Bonivart wrote:
> You could give our ClamAV package a try:
>
> http://www.opencsw.org/packages/CSWclamav/
Guys,
Anybody tried?
I'd be very interested in hearing the results.
Cheers,
--aCaB
___
Help us build a
the older version
was way better.
Let alone 3 minutes...
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On 04/06/11 15:41, Leonardo Rodrigues wrote:
> is that possible ?
Nope, just one.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On 04/16/11 06:14, Nathan Gibbs wrote:
> Is there some test data that will cause clamd to to emit the .UNOFFICIAL
> output without loading any 3rd party DB's
Just load any db file in non cvd/cld format.
-aCaB
___
Help us build a comprehen
t;>
>
> As it is I edit the source code at each build and turn bug 1754 fixes on.
> :-)
>
> Thanks for the idea, its a good one, now if I can just catch it.
FYI you can use callbacks, in particular clcb_post_scan.
See clamav.h for details.
-aCaB
___
On 04/16/11 16:48, Nathan Gibbs wrote:
> Do you mean something like.
>
> cat daily.cvd | sigtool -mdb > daily.mdb
That won't work. If you want to use an official db you should you
"sigtool --unpack".
Alternatively you can forge your own custom db. E.g.:
acab@1337
On 04/17/11 05:05, Dennis Peterson wrote:
> Adding the hard-coded
> UNOFFICIAL reduces some liability from the Clamav team.
That!
And lots of daily annoyances with FP reports too.
Which is why the suffix won't go away nor an option will be available to
get rid of it.
Ch
to go through it and act accordingly without breaking legacy apps.
In a words, it's no quick fix :(
Please open a bug/feature request on the bugzilla. I'll take care of it
when time permits.
Thanks,
-aCaB
___
Help us build a compreh
On 06/10/11 12:18, Steve Basford wrote:
> Can't see the windows binaries for 0.97.1 yet?
>
> http://sourceforge.net/projects/clamav/files/clamav/win32/
Hi Steve,
Luca's on holidays. He'll upload them as soon as he reaches a PC,
probably lat
On 06/21/11 20:25, Michael Scheidell wrote:
> I can't reproduce it, but installed clamav 097.1 on several amd64 boxes,
> and i386 boxes running freebsd 7.3
Hi Michael,
do you have any chance to attach gdb to the stuck clamd?
Cheers,
-aCaB
y to work since libclamav dlopen()'s it due to
license restrictions and incompatibilities.
Do you really need a static build?
Cheers,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
all helps a lot in reducing
load and bw usage on our mirrors (which are provided for free to all our
userbase) and still allows for quick incremental updates.
Cheers,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav
ng wait time and shut
the socket down.
Either way you probably have some corresponding error in clamd.log.
Can you look them up as well?
Cheers,
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
(Email|HTML)\.Phishing
Mind you, there are currently 2 spurious entries which are likely not
intended to be there. I'm gonna fix them this week:
acab@barney:~$ sigtool -l | grep -i phish | egrep -v
'^(HTML|Email)[.]Phishing'
Catphish.698.A
Catphish.698.B
E-Mail.Phishing.SMT
PD
Luca,
My commit seems to have been pushed [*].
But it seems it didn't propagate to git.clamav.net.
Also no commit email is showing up and the bbot wasn't triggered.
Is there anything wrong?
[*]
acab@1337ness:~/git$ git push origin HEAD
Counting objects: 12, done.
Delta compression usi
Sorry folks, wrong ML.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
enario you describe and
the question you raise. However it's very unlikely that suck a feature
is going to be added in the future.
Cheers,
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
e matching is case insensitive.
--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On 03/16/12 10:54, Steve Basford wrote:
> Hi,
>
> Any eta on an update to v0.97.4 here...
>
> http://sourceforge.net/projects/clamav/files/clamav/win32/
I'm building them right now, so probably your late afternoon.
BTW, please don't hijack
urse if you go through the trouble of tracing the crash and be sure
that it's not related to bzip2 (or other configure things you might have
messed around with) then you are still welcome to submit a bug report :)
Cheers,
-- aCaB
___
Help us buil
, so they can be processed ASAP.
Cheers,
-- aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On 04/21/12 01:44, Frank Chan wrote:
> On 19-04-2012 01:11, aCaB wrote:
>> On 04/18/12 23:10, Frank Chan wrote:
>>> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
>>> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
> Done.
I still can't find them. Do yo
On 04/24/12 01:31, Frank Chan wrote:
> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
I'm sorry Frank,
it appears the upload wasn't successful.
I can't find neither :/
Cheers,
-- acab
__
On 04/26/12 14:53, Gary Yao wrote:
> is there a way I can tell postfix to whitelist this sender?
Gary,
I don't know about Postfix but you can do some whitelisting in the milter.
There is a dedicated "Exclusions" section in its config file[*].
You may want to give a look at it
On 05/24/12 16:54, Giles Coochey wrote:
> Was a bug / feature request ever opened for this? Was it ever fixed?
Yup,
https://bugzilla.clamav.net/show_bug.cgi?id=2879
Cheers,
-- aCaB
___
Help us build a comprehensive ClamAV guide: visit h
nicely handled by the SMTP protocol and are
generally not considered a big issue.
Cheers,
-- aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
void top posting or quote excessively
large chunks when replying.
Thanks,
-- acab
[*] http://lists.clamav.net/mailman/listinfo/clamav-users
http://wiki.clamav.net/Main/TopPost
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.
libs
>
> There is no reason for us to package these separately, by including
> them we again reduce the barrier to entry for people.
FYI unrar license is incompatible with the GPL. That was the rationale
in the packaging.
-- acab
___
Help us buil
Emin Islam Tatli wrote:
> Hi,
>
> I try to integrate clamav in my exim configuration.
>
> as av_scanner I could not manage using clamd and always got the error "
> clamd: unable to read from socket (No such file or directory)", even
> though the files and directories existed (pid and ctl files).
Robert Isaac wrote:
> Ooops. Strange how we always look for the complicated and forget the basic
> simple things.
... like not to top post :)
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clama
archives, hence they scan slowly.
Now, are you saying that a particular PPT file takes ages or that every
PPT file scans slowly?
If the former, then please provide us with the slow-scanning file. If
the latter then you may want to tweak your scan options.
-aCaB
___
dware :P
Cheers,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
fidential, make sure you check the
"private" option.
Thanks,
aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
;
> I'm HOPING this hasn't happened and you mis-typed your reply.
Hi James,
please reread Tomasz's first post again, expecially where he says: "Both
the ClamAV engine and the signature database will remain under GPL."
Cheers,
aCaB
__
.
HtH,
aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
gypsy wrote:
> I have posted to the Wiki in vain. Where is the correct place to post a
> request for a feature?
https://wwws.clamav.net/bugzilla/
Please mark your "bug" report as "enhancement".
-aCaB
___
Help us build a
Stephen Gran wrote:
> You are not authorized to access bug #736.
Hi Stephen,
please try again.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
That test file is licensed under the GPL. Please refer to it for
redistribution rules.
Cheers,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
think, forgetfulness.
Sorry about that, the hw support is currently available as a patch and
can be found under contrib/hwaccel/hwaccel.patch
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
.net/sendvirus.cgi
Make sure you mark it as False Positive.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
René Berber wrote:
> Bad advice, how do you know it's a false positive?
In the same we we know that a file is actually infected: we check it.
We don't blindly add all submitted virus as such, nor we blindly remove
signatures based on FP re
Brandon Perry wrote:
> Hi, I am just wondering if anyone knows where I can get a description
> for Trojan.Jesta? It has been found in a customer's computer in C:
> \Program Files\Sony\Welcome to VAIO life\ and I am wondering if this is
> known or if this is just a coincidence that the Trojans are t
Brandon Perry wrote:
> I don't know if it is truly clean or not. That is why I wanted to see
> the description before I uploaded them.
Then just ask for a second opinion. Use your own scanner or check
http://virusscan.jotti.org/ or http://www.virustotal.
David Cunningham wrote:
> To whom it may concern,
Hi David,
Please open a bugzilla report and attach (a few of) those files.
Thanks,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/cla
you want us to keep such
a "feature"?
Thanks,
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
a real usage scenario for "Oversized.Zip" and friends?
2- Are you aware of what the ArchiveBlockMax option does and if so, have
you set it to "on"? And why?
Thanks a lot for your attention and your time.
-aCaB
___
Help us buil
cript
to manually specify the FPU endianess.
This is currently in SVN and will be included in the next stable release.
-aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
aCaB wrote:
> Hi list.
> I'm in the process of redesigning the logic of limits in ClamAV.
> The rewrite (scheduled for the upcoming 0.93) is aimed at solving, once
> for all, the annoyances related to config options like
> (clamd.conf-style): ArchiveMaxFileSize,
iles, and files that have caused problemsin the past.
However, despite being extensive, our tests cannot simulate YOUR
peculiar environment... which is why we are asking for YOUR results and
opinions.
Thanks everyone for the feedbacks.
-aCaB
___
Help us bu
1 - 100 of 207 matches
Mail list logo
