Will a patched version of the installation package be made publically
available? We don't have git installed and there are many system
complaints when a patch attempt is made. (Maybe due to the "--git" option
in the diff lines?)
Installing git didn't make the error magically go away, and rat
On Sun, 8 Nov 2009, Török Edwin wrote:
You should apply the patch with:
patch -p1
Ah, thank you! The "-p1" was the necessary voodoo.
It wasn't on the download page or on the Bug #1737 page, which is where
you are directed for more information.
I didn't think to look on the wiki. It might
This is on a FreeBSD 7.1/amd64 machine.
I'll spare you the whole output of make, but there's a lot of this:
...
CXXBasicBlock.lo
CXXConstantFold.lo
CXXConstants.lo
llvm/lib/VMCore/Constants.cpp: In static member function 'static
llvm::Constant* llvm::ConstantExpr::getAlignOf(c
On Thu, 8 Apr 2010, Török Edwin wrote:
Which compiler version are you using?
If we can trust this query and response...
# which gcc
/usr/bin/gcc
# gcc --version
gcc (GCC) 4.2.1 20070719 [FreeBSD]
Jeffrey Moskot
System Administrator
j...@math.miami.edu_
On Thu, 8 Apr 2010, Jerry wrote:
Is there any specific reason that you are not using the version supplied
in the ports system?
If you're somewhat careless with updating, it can be very inconvenient to
roll back to a previous version of the port if there's a problem.
Also, many years ago, the
Hi, all.
I was on vacation for a bit and then wanted to wait for the EOL storm to
blow over. I never actually got any response to my original question,
which got sidetracked by a discussion of the FreeBSD port system.
At any rate, the original environment still applies: FreeBSD 7.1/amd64
wi
On Sat, 17 Apr 2010, Török Edwin wrote:
Is g++ the same version too (i.e. does g++ -v shows 4.2.1 too?).
Yep, same deal:
# g++ --version
g++ (GCC) 4.2.1 20070719 [FreeBSD]
For the record, no checks failed, although some were skipped:
make check-TESTS
PASS: check_clamav
PASS: check_freshcla
This might be a question for the mimedefang list, but I thought I'd try
here first in case I'm missing something obviously related to clam.
I've had 0.95.3 running since it came out with no problems, but 0.96
returns an error of 2 (which the man explains as "Some error(s) occured.")
when mimed
On Thu, 22 Apr 2010, jef moskot wrote:
Things ran smoothly for a little while without the larger databases...
Hmm, looks like I spoke too soon. While it did catch bad messages, it
barfed a little while doing so.
A couple of examples...
===
libclamav JIT: Allocation failed when allocating
On Thu, 22 Apr 2010, Török Edwin wrote:
You are running out of memory (or rather mmap()s).
We have a bugreport about this, but we haven't figured how to fix it.
Increasing the max number of mmaps FreeBSD allows won't fix it :(
Yikes. Well, at least there's already an open report.
Try scannin
On Thu, 22 Apr 2010, Török Edwin wrote:
Well you can add --debug 2>/tmp/clamscan-debug.
That way it'll always go to a place you know (assuming mimedefangs allow
the redirection).
I don't want to go too far down the mimedefang-specific path, but I added
this to the command line call in my mimed
On Fri, 23 Apr 2010, Török Edwin wrote:
Try writing a shell script that invokes clamscan and redirects stderr as
above, then in mimedefang invoke your script (don't forget to chmod +x it).
OK, I tried this 0.95.3 first, because it's working properly now and I
don't want to introduce yet anothe
On Thu, 22 Apr 2010, Török Edwin wrote:
On 04/22/2010 01:02 PM, jef moskot wrote:
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap: map allocation failed
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Warning: fmap: map allocation failed
LibClamAV Error: CRITICAL: fmap
On Sat, 24 Apr 2010, Török Edwin wrote:
Does Mimedefang run clamscan under ulimit? (or is mimedefang itself
constrained by some ulimits?)
I doubled the MX_MAX_RSS and MX_MAX_AS arguments in the startup script,
and it seems to have taken care of the problem (which I was able to
recreate, see b
On Sat, 24 Apr 2010, Török Edwin wrote:
On 04/24/2010 11:08 AM, jef moskot wrote:
I doubled the MX_MAX_RSS and MX_MAX_AS arguments in the startup script,
and it seems to have taken care of the problem (which I was able to
recreate, see below).
What are these values btw?
Here's the rel
Got this error about an hour ago when freshclam updated:
"LibClamAV Warning: Cannot prepare for JIT, because it has already been
converted to interpreter"
The error also now appears every time clamscan runs, but it all seems to
work. It's just annoying because it shows up in all the notifica
On Mon, 18 Oct 2010, Török Edwin wrote:
You can apply this patch (that will be in 0.96.4):
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blobdiff_plain;f=libclamav/bytecode_nojit.c;h=66d385d6a2b2f2f6afc4440a53ae87b9cae8c38b;hp=ec961a9d1bc6e3d274e664f9eb9afe4992f7757f;hb=670adde2bc4e4ba2f3b96c
On Mon, 18 Oct 2010, Török Edwin wrote:
Simply download the patch with a browser (or wget), and then apply it
like this:
patch -p1
Gotcha.
"-p1" was the juju I needed to make it go.
The patch apparently works fine. Viruses still being caught without the
error message.
Thanks very much!
J
On Fri, 23 Mar 2007, Pascal Duchatelle wrote:
> What I discovered this way is that thunderbird (at least the version I
> had installed) never really erase the messages.
This article should interest you:
http://kb.mozillazine.org/Thunderbird_:_Tips_:_Compacting_Folders
For what it's worth, I think
On Fri, 1 Jun 2007, Noel Jones wrote:
> Ok, I've narrowed it down to the following TWO lines in daily.wdb:
> X:http.//www\.ebay\.co\.uk.+:.+emailpics.\.ebay\.com:14-
> X:http.//info.citibank.com.+:https.//offer.citibank.com:14-
I removed the files in the .inc directories and freshclam pulled down
On Fri, 1 Jun 2007, Noel Jones wrote:
> So you're having this same problem?
Yes, I was getting core dumps trying to clamscan.
> I used sigtool -u to unpack daily.cvd, then hand-created a daily.inc
> directory with all the unpacked files, then hand-edited daily.wdb to
> remove the offending lines.
On Mon, 4 Jun 2007, Noel Jones wrote:
> BTW, I'm *very* impressed with the db load speed improvements in
> 0.91rc1.
I agree. The load speed for 0.92 had me considering rolling back to 0.88,
but 0.91rc1 is a tremendous improvement. Thanks for a great service.
Jeffrey Moskot
System Administrator
On Mon, 18 Jun 2007, Dennis Peterson wrote:
> Clamscan is a terrible tool to use in real time with email.
I would recommend it for low volume servers with cycles to burn, given
that the other option is a daemon that can potentially fail. Neither is
entirely ideal, but we should take the wide vari
On Mon, 18 Jun 2007, Eric Rostetter wrote:
> I feel there are good reasons to run clamscan instead of another option,
> and I feel that one can indeed do so if they have sufficient
> resources...
For perspective, in my environment we'd be talking about a database load
time of less than a couple se
On Mon, 8 Oct 2007, Joao S Veiga wrote:
> To me, is more logical/easier/less annoying to explode the mboxes ONLY if
> something is found in them instead of exploding all the mboxes to scan them
> (in
> 99.842% of the cases, they will be clean anyway).
If you use the SaneSecurity signatures, it is
On Mon, 12 Nov 2007, Dennis Peterson wrote:
> Even timid users need to edit the file as a minimum to disable the
> "Example" line. Once there I'm certain they can then change the other
> critical areas that require attention.
>From my point of view, without the phishing code, you can pretty safely
On Tue, 13 Nov 2007 Dennis Peterson wrote:
> Even timid users need to edit the file as a minimum to disable the
> "Example" line.
Another point is that those who use clamscan (not the daemon) will have
the default behavior changed more invisibly. You have to pass a parameter
to disable the anti-p
On Fri, 16 Nov 2007, rick pim wrote:
> who on earth upgrades from one beta to another and uses the same
> configfile???
If you're using clamscan, the config file doesn't enter into it, but the
default behavior still changes. You need to pass a flag to turn off the
phishing checks.
I get the whol
On Mon, 19 Nov 2007, Dennis Peterson wrote:
> Perhaps they should issue a warning or advisory against re-using the
> config files from previous versions as this has the potential to
> introduce surprises.
The surprise would still exist if you use clamscan and not clamdscan.
This config file talk
On Thu, 22 Nov 2007, Christoph Cordes wrote:
> - after a new release ClamAV should mimic the behavior of the preceding
> version by default unless it's a major release (.x0) or the user enabled
> possible new features explicitly. furthermore the default behavior
> should be as conservative as possi
On Tue, 27 Nov 2007, Mark wrote:
> Hmm, i'm just in the process of upgrading from 0.88.7 to 0.91.2
> (FreeBSD). "The difference in accuracy between what we were used to and
> the newer version was so large that it fundamentally changed the nature
> of the product," do you mean that in a bad way?
I
On Tue, 19 Feb 2008, Gomes, Rich wrote:
> I have a specific need to quarantine emails coming from a particular
> email address.
A quick hack would be to make a signature that includes the address, and
some other identifying information from a mail header.
Everything you need to know is here, alth
On Tue, 19 Feb 2008, Gomes, Rich wrote:
> So if I am going to trigger on one address (i.e. [EMAIL PROTECTED])
> my syntax will be:
>
> sigtool --hex-dump [EMAIL PROTECTED] > mycustomsignature.db
That mght work, but the proper format is to have a name for the
signature, so Clam knows what to ca
On Tue, 19 Feb 2008, Brandon Perry wrote:
> sigtool --hex-dump [EMAIL PROTECTED] | tee ~/mycustomsignature.db
That didn't do anything for me either, and it doesn't address the issue
of naming the signature in the database.
Sometimes a good old-fashioned cut-and-paste is simpler than
fun-with-pipe
On Tue, 19 Feb 2008, Gomes, Rich wrote:
> How do you run sigtool in interactive mode?
Just type "sigtool --hex-dump" (without the quotes) at the command line.
Whatever you type in will be converted into hex on the next line
(although, again, it will also convert the linefeed, so strip off the las
I've been using ClamAV happily for years, but we're finally moving to a
modern server and our heavily modified amavis-perl script no longer works
and is significantly difficult to debug that it makes sense to modernize.
In the past, we've not dealt with clamd or any daemonized version of
amavis, s
On Thu, 7 Aug 2008, Gerard wrote:
> Depending on the quantity of emails your receive, you might very well
> significantly reduce the load on your system by using one or perhaps a
> few RBL's. There is no point, at least in opinion, of accepting mail
> that is obviously SPAM.
We definitely do that
On Thu, 7 Aug 2008, Brandon Perry wrote:
> if the text is the same every time, you can just use an MD5 sum of the
> text file in qeustion.
If you want to key off specific parts of a text file, you can use
"sigtool --hex-dump" to convert the text to hex and create your own
signatures in a .db file.
On Thu, 7 Aug 2008, Henrik K wrote:
> I use both, but MD is IMO more of a hobbyist tool...
I didn't mean to spark a milter fight, but as the Subject line says, we're
looking for the simplest thing out there. I'm replacing a simplistic perl
script that just broke a message down, clamscanned it, an
On Fri, 8 Aug 2008, David F. Skoll wrote:
> G.W. Haywood wrote:
> > You're making a rod for your own back if you accept bad mail. The
> > sender will sell the recipients' addresses to all his spammer friends
> > and you'll just get more of it.
>
> In my experience, spammers do not bother cleaning
On Fri, 7 Nov 2008, Chris wrote:
> For instance if I have a commonly reported signature,
> Sanesecurity.Phishing.Cur.1266.UNOFFICIAL, is this reported or is it
> only malware that is in the 'Official' ClamAv database reported?
I'd like to know this as well, since we have a lot of custom signatur
On Mon, 10 Nov 2008, Tomasz Kojm wrote:
> At the moment it will report all signatures. If you think it could be
> useful in your case, we can add an option to only report the official
> sigs.
It might be useful to continue collecting the Sanesecurity and MSRBL info
from those who don't want to
On Sat, 21 Feb 2009, Matus UHLAR - fantomas wrote:
> Did you find the unsubscribe unsubscribe link?
Neither the URL nor the mail reply work if you don't remember what email
address you signed up with. I suppose it could be added to the message
somewhere. A lot of lists will do that for you.
I
On Sat, 21 Feb 2009, Matus UHLAR - fantomas wrote:
> While not all MTAs add that info into the header, the recipient should
> be able to find that out from queue IDs (if the ML doesn't use VERP for
> list mail) or Received: headers, should have the copy of subscription
> confirmation. And, final
I know the syntax changed for most of the command line parameters, but I
can't seem to get --move to work any more.
Previously, I could do this:
# clamscan --move /tmp testfile.zip
...and the file would be properly moved to /tmp if it's infected.
That doesn't work any more, and adding the "="
I've heard of a new strategy for spreading viruses/worms. The victim
receives a message with an attached passworded zip file. The password is
included in the text of the message.
Granted, we should hope that our users should be educated enough to not
fall for this, but if we had educated users i
Out of curiosity, what sort of viruses are typically being added to the
database? Are they mostly new viruses?
Sometimes it's obvious when a user has submitted a large library of old
viruses, but in general it's tough to tell whether the latest crop of
updates have been recently discovered or if
On Mon, 12 Jan 2004, Tomasz Papszun wrote:
> Added are viruses which users submitted to us :-) . Or found by us.
Well, yes, obviously, but could you maybe take a recent representative
update and give us an idea of what the added viruses are like? Just so
that we get an approximate feeling of wha
On Mon, 12 Jan 2004, Daniel J McDonald wrote:
> are you on the clamav-virusdb mailing list?
Yes, but it doesn't say whether the viruses are old or new, and looking
them up given the various names used and the quantity of updates is not
very convenient.
> Tomasz Kojm sent out an update on Saturday
On Mon, 12 Jan 2004, Denis De Messemacker wrote:
> In conclusion, and to answer your question, we receive actually a
> majority of current worms,trojans and viruses that are still in activity.
> Those are analysed on a fifo base.
> At any time, if fast spreading new virus is received, it preempts t
I don't see any reason to re-invent the wheel. If there are no legal or
technical problems with linking to another commercial site, I think it
makes more sense to just add an URL to our list, as opposed to generating
fresh content for thousands of entries.
Jeffrey Moskot
System Administrator
[EMA
On Wed, 28 Jan 2004, Nigel Horne wrote:
> If systems administrators can't even be trusted to set up systems correctly
> to not bounce on trapping a worm how can they be trusted to update to an AV
> system that supports some new flag?
Well, from our point of view, I think it could be a useful tool
On Mon, 9 Feb 2004, [iso-8859-1] Claudio Alonso wrote:
> I heard that, but I couldn't get SpamAssassin to compile on Digital
> (Digital UNIX doesn't seem to provide the snprintf function which is
> apparently needed by SpamAssassin).
If you have the option to block spam before your users even see
On Tue, 10 Feb 2004, OpenMacNews wrote:
> in my experience and opinion, this list -- and the great team and
> product behind it -- is one of the most active/responsive opensource
> products that i've seen
While I heartily agree, and recommend ClamAV to anyone within earshot when
the subject comes
On Thu, 26 Feb 2004, Jesper Juhl wrote:
> ...I have setup a cron job to monitor it every 5 minutes and start it up
> again if it should happen again - so, that way I should only be relying
> on clamscan for a maximum of 5min which is not a problem.
Ah, OK. Well, that doesn't sound too bad at all.
On Thu, 26 Feb 2004, Jesper Juhl wrote:
> clamd has died on me only once...
Traffic at my site is still low enough that I am just using clamscan.
What happens when clamd dies? Does mail continue to go through unscanned,
or does it start backing up in a queue? Neither sounds very good...
Jeffrey
I know this has been asked a long time ago, but with all the new mirrors
up and the recent barrage of new worms, I've been wondering what the
ClamAV team suggests for a reasonable update rate?
One of my users has suggested once every 5 minutes, but that sounds
excessive and would probably be a bad
On Tue, 2 Mar 2004, Tomasz Papszun wrote:
> So please folks, stop submitting encrypted zip files (without a full
> message) to us as it's quite impossible to create a signature for them.
Does this mean you still want samples including the full message?
Jeffrey Moskot
System Administrator
[EMAIL P
On Tue, 2 Mar 2004, Tomasz Papszun wrote:
> As usually: only if ClamAV with an up-to-date database isn't detecting
> an infection in a sample. In this particular case "a sample" = "a full
> message sample".
Roger that. Up until a few minutes ago, a few samples had gotten through,
but things look
For some reason, my system is allowing Worm.Bagle.F-zippwd files through,
but can detect them once they've arrived. I haven't had a single capture
of one of these passworded files.
Example:
> clamscan -V
clamscan / ClamAV version 0.67-1
> clamscan passworded.sample
passworded.sample: Worm.Bagle
On Tue, 2 Mar 2004, jef moskot wrote:
> For some reason, my system is allowing Worm.Bagle.F-zippwd files
> through...
For what it's worth, this seems to be an issue with amavis. By default,
it doesn't scan the body of the message. If/when I get I fix, I'll post
it here s
On Wed, 3 Mar 2004, Tomasz Papszun wrote:
> Our signatures Worm.Bagle.F-zippwd* are based on the "real" contents of
> mail messages (stream of characters as they are), while amavisd-new (and
> probably amavis) "divide" messages to parts and decode them separately,
> hence ClamAV doesn't get the ori
On Thu, 11 Mar 2004, Dave Ewart wrote:
> ClamAV is a fabulous project - wish I could find some way to contribute.
Well, there's always: http://clamav.net/donate.php#pagestart
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
---
This SF.Ne
It looks like you get the proper IP of the offending machine firing off
these worms in the header (even though everything else is forged).
Is there any point in telling [EMAIL PROTECTED] that one of their DSL
customers is spamming the Internet with noxious messages? Anyone have any
experience reg
Based on what this article says, it looks like there will soon be problems
with my config: http://www.sophos.com/virusinfo/articles/bagletwist.html
I wasn't able to get my version of amavis properly patched to submit the
body of the message to clam (or at least as far as I can tell, that's not
wha
On Thu, 18 Mar 2004, Diego d'Ambra wrote:
> A signature to detect these e-mails was added through daily.cvd version
> 194, so I guess you must patch your amavis setup so ClamAV is allowed to
> scan the raw e-mail.
Thanks, looks like I've managed to apply a new layer of duct tape, and the
script se
On Fri, 19 Mar 2004, Antony Stone wrote:
> If you bounce the rest, you are sending unwanted and irrelevant emails to
> innocent users who didn't send anything to you, and who will regard your
> bounce messages basically as spam.
Worse than that, if the virus is still attached, you're now sending i
On Fri, 19 Mar 2004, Robert Schmidt wrote:
> When I say bounce I mean reject.
That's better, but still makes the problem worse. At the very least, you
should filter out rejections from worms.
> It is bad practice to drop messages in the round file and not tell
> anyone about it.
Not if the mess
On Sun, 21 Mar 2004, Bit Fuzzy wrote:
> I notify the 'recipient' in the event the email in question was expected
> (part of a project, family / business correspondence etc).
Again, you can safely dump the message if it's an automatically generated
worm. I can see some kind of notification for a W
The update says:
> Signatures older than two weeks have been moved into main.cvd. This
> update also removes signatures for spam encrypted with JavaScript - we
> decided to leave the spam detection to our professional colleagues from
> anti-spam projects.
Just to be clear, the spam that's not bei
On Tue, 30 Mar 2004, Tomasz Kojm wrote:
> The spam is encoded into an ASCII array, something like:
>
> earthling = new Array(252,
> 177,106,210,160,139,71,177,228,121,83...
>
> and there's a simple decoder. I'm not familiar with anti-spam software
> but I was told it should catch this type of spam.
On Tue, 6 Apr 2004, Eric Rostetter wrote:
> If netsky is Worm.SomeFool, then why is it not labeled as Worm.SomeFool?
While I agree with this in principle, I think for instances where a
question like this pops up at least once a week just on this list, it
might be worth it to just bite the bullet a
On Tue, 6 Apr 2004, Eric Rostetter wrote:
> But changing the name after the fact would just confuse people more.
I completely disagree. Hardcore Clam users are more likely to understand
the reality of the situation and realize that the ClamAV team has to call
the viruses SOMETHING. Usually, that
On Tue, 6 Apr 2004, Eric Rostetter wrote:
> Great for netsky since almost everyone uses it.
Exactly.
> Should clamav have migrated along from SCO to NOVARG to MYDOOM just
> because the others came along later and in that order?
It could easily be taken on a case-by-case basis. But, as even you
On Tue, 6 Apr 2004, Antony Stone wrote:
> There are many examples of the commercial A-V vendors having different
> names for the same virus...
That's true, but when that's the case for an extremely prevalent virus,
it's usually noted in the media.
Using the well-known naming convention is a much
Is there no way to get Clam to report which message the infected file (or
at least the FIRST infected file) is in? Or does that add too much
overhead? Someone once suggested turning verbose mode on, but that still
didn't help to pin down specific messages.
Jeffrey Moskot
System Administrator
[EM
On Wed, 14 Apr 2004, Jesper Juhl wrote:
> I've been working on a website to allow users to do exactely that, but
> due to being overworked and various other issues it has not progressed
> as fast as I had hoped - still working on it when I have a chance
> though, so expect something like that in th
On Wed, 14 Apr 2004, Antony Stone wrote:
> The problem here is that it's only possible to measure "prevalence" once
> there's been quite a lot of it under the old name...
I agree with this in principle, but I think this is a special case.
There's no denying that this is one of the most "popular"
d
On Fri, 9 Apr 2004, Tomasz Kojm wrote:
> jef moskot <[EMAIL PROTECTED]> wrote:
> > Is there no way to get Clam to report which message the infected file
> > (or at least the FIRST infected file) is in?
> You may try with clamscan -m --debug
Could you give some tips on h
On Wed, 14 Apr 2004, Nigel Horne wrote:
> On Wednesday 14 Apr 2004 12:58 am, jef moskot wrote:
> > Is keeping a message counter feasible, given the design of the code?
> It's perfectly feasable and I've just done it when you enable debug to help
> you (look in the CVS
On Wed, 14 Apr 2004, Bart Silverstrim wrote:
> On Apr 13, 2004, at 7:16 PM, jef moskot wrote:
> > Personally, I don't understand why this particular name has not been
> > changed, given the prevalence of this worm.
> Statistics being broken, it would create "transien
> > Is keeping a message counter feasible, given the design of the code?
> It's perfectly feasable and I've just done it when you enable debug to help
> you (look in the CVS code I've just committed - mbox.c version 1.66). However
> please don't enable debug all the time, and remember that enabling
Oops. Didn't mean to spam the world with this, but since I've already
done it...
> ...remember that enabling debug now also leaves the temporary files
> around to aid (of course!) debugging.
Where does it leave these files?
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
--
On Mon, 10 May 2004, Kevin Spicer wrote:
> My current thinking is to do it as automatically as possible, otherwise
> I'll just get bored / occupied doing something else and not keep the
> alias mapping up to date
Not to dis your excellent work, but has anyone contacted the corporate
anti-virus com
On Sun, 9 May 2004, Kevin Spicer wrote:
> I've put a little more work into my virus alias database (at
> http://www.kevinspicer.co.uk)
What's the suggested method for dealing with the ClamAV-calls-it-
something-else problem?
I know other AV authors have this same issue, but they tend to have
webs
On Wed, 9 Jun 2004, Mitch (WebCob) wrote:
> We are sending this notification as a public service. Please contact
> your computer support person or visit one of the many PC Antivirus
> providers. Many have free solutions to your problem.
That does sound reasonable to me. I wonder if there isn't a
On Thu, 10 Jun 2004, Nigel Horne wrote:
> And just hope that the next person to dial in to the ISP who gets that
> IP address from DHCP is the same person...
If it's done immediately, then the chance of alerting the wrong machine is
pretty small, isn't it?
Jeffrey Moskot
System Administrator
[EMA
> Just curious, if clamav was running on the server, how did the infected
> message get into the mbox in the first place?
I've experienced this problem before when a new worm hits before Clam has
can detect it. Usually no more than a few infected messages get through
before Clam catches up. I'd
On Tue, 10 Aug 2004, Damian Menscher wrote:
> Anyone know if it's really feasible for us to obtain a mailserver that
> can send out 2k emails to all (100,000?) users in a short (5-10 mins)
> time?
I haven't been following the whole discussion, but I thought this was
mostly to provide support to "p
On Sun, 5 Sep 2004, Luca Gibelli wrote:
> SourceWear.com is selling some nice t-shirts and polo shirts
> powered by ClamAV.
Will you be making any with the old skool line-drawn clam logo?
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
-
Is there any simple way to specify which particular message in a mailbox
file is infected?
I asked about this before and it was suggested that I use the --debug tag,
but this generates a huge amount of data that I can't seem to pipe
anywhere useful. And even if I could, that doesn't translate int
On Thu, 23 Sep 2004, Christopher X. Candreva wrote:
> On Thu, 23 Sep 2004, jef moskot wrote:
> > Is there any simple way to specify which particular message in a
> > mailbox file is infected?
> No.
Would it be difficult for the ClamAV team to offer such output when doing
Does this relate to any of the FreeBSD ports?
http://www.freebsd.org/cgi/ports.cgi?query=zlib&stype=all
Or is this a core OS thing? I haven't seen a security release from the
FreeBSD team on this one yet...
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
___
On Mon, 15 Nov 2004, Trog wrote:
> For example, the last Bagle (or Bofra) outbreak simply sent an email to
> it's target victims, who then have to click on a link to download the
> Worm. According to your definition, that is a 'social' attack, and
> should not be blocked.
I was going to make this
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
> I'd say leave it to the antispammers to hammer out, and to the people
> who focus on bayes filters...
In my case, if Clam has a chance to see the phishing e-mail, the anti-spam
tactics have already failed. So, from my point of view, this is extra
pro
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
> ...if you're going to start moving it into another direction, it may be
> best to fork that and leave the original recipe alone until the new
> direction...
I think you're overstating what the ClamAV team is trying to accomplish
here. Forget the "sli
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
> I think (julian's?) original problem was that he didn't see why a virus
> scanner should shoulder the responsibility for every message that goes
> out saying "Hey, click here for k3wl new deals on Mort Gage rat3s!
> Yoove been approved!", when it's not
On Tue, 16 Nov 2004, Julian Mehnle wrote:
> If people require machines as desperately as that to prevent themselves
> from falling for fraud attempts...
...then they're pretty much behaving in the manner humanity always has and
always will.
> To those of you who argue that ClamAV should detect ph
On Sat, 18 Dec 2004, Nigel Horne wrote:
> What tests do you have for false positives with RTBL?
The good lists allow you to manually de-list yourself in a few seconds, so
even if you take no other precautions, there should never be a case where
a user can't send legit mail (unless their machine is
On Tue, 28 Dec 2004, Christopher X. Candreva wrote:
> Pardon me if I'm confusing a discussion here with something from either
> the spamassassin or SPAM-l lists, but every discussion I've read says
> that returning a 550 at your gateway is the prefered method, as it
> blocks actual bad stuff, while
1 - 100 of 142 matches
Mail list logo
