On Thu, 27 Jan 2005, Jim Maul wrote:
> What if the plumber and the mechanic work on it together? ;)
What if the electrician goes to night school to learn ornithology?
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Is there an eicar sample wrapped up using this version of rar available?
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Wed, 9 Feb 2005, Maxim Britov wrote:
> > > P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND
> I don't know, but size is ~50-100KB.
If they're tiny files, are you sure they're actually wavs?
Maybe someone downloaded these things and instead of funky beats, they're
full o
On Tue, 22 Feb 2005, Cormack, Ken wrote:
> > I can't understand why everyone runs this through cron when it doesn't
> > eat much memory or cpu cycles when run as a daemon?
>
> I can think of lots of reasons.
The way I look at it, if you need something in cron to periodically check
that the freshcl
Is anyone having trouble detecting Test #14 (the TNEF test) from
http://www.webmail.us/testvirus ?
I know there's been a lot of discussion about eicar detection with regards
to Clam recently, and, to complicate the issue, I can't seem to unpack the
winmail.dat file, so it could be that things have
On Tue, 22 Mar 2005, Tomasz Kojm wrote:
> ClamAV doesn't support the TNEF format.
Hmm, good point. I also forgot to mention I'm using ClamAV 0.83, but I
guess that's irrelevant.
I use amavis to pass the files off to ClamAV and I haven't changed
anything (purposely) with it, but prior to this wee
On Thu, 24 Mar 2005, Sean Franklin wrote:
> http://www.testvirus.org/
> Anyway, #14 got thru this time:
> Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat)
I noticed the same thing this week. I believe, as Nigel mentioned, that
the winmail.dat file is corrupt and cannot be read.
If I do the #24 testvirus test ( http://www.webmail.us/testvirus ), the
mail is delivered properly (which is fine, because there's no virus in
there), but I also get a little file in /var/tmp/clamav-partial named
something like partialmsg### that doesn't go away.
Inside the file is the data po
Dave Sill writes:
> If you're running ClamAV in addition to a commercial scanner, or using
> it to filter out junk e-mail messages, then its database is complete
> enough, is updated regularly enough, and clamscan is reliable enough.
In our experience, 98% of all intercepted messages are Klez vari
On Fri, 14 Feb 2003, Nigel Kukard wrote:
> most klez infections use the IFrame exploit, so infact the IFrame Exploit
> will match before the klez one. what we do is break up the email into all
> the mime peices, decode them and scan the individual portions, most of the
> time clamscan picks up both
Tomasz said:
> Also there's an official FreeBSD port, but only for 0.54.
This is excellent news. Congratulations, this should certainly increase
the number of ClamAV users. (I hope they weren't responsible for the
network problems on elektrapro!)
It would be very convenient if you (or the port
On Monday 09 June 2003 18:44, Stephen White wrote:
> The sender will see the bounce,
Also note that most of the recent worms forge the From: address, so all
the bounce message does is increase net traffic and confuse uninvolved
parties.
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
On Fri, 22 Aug 2003, Daniel Wiberg wrote:
> Delete a mail from a mailfile can be done manually, so that shouldn't be a
> problem.
I use a nice little utility called "mboxgrep", which you can also use to
remove spam and such once it's already been delivered on your system.
You can do something lik
On Tue, 2 Sep 2003, Graham Murray wrote:
> On the contrary, if it is not dangerous and ClamAV does not detect it
> and product X does, then ClamAV is superior as Product X has just
> generated a false positive!
While you certainly have made a reasonable case from a technical
standpoint, I don't th
I have a copy of Mimail.G ("readnow.zip") which is getting through my
ClamAV installation, but is detected when I submit it through the
specimen scanner on gietl.com
I'm using "clamscan / ClamAV version 0.60", which I know is not
up-to-date, but would this explain why the worm is getting through?
> http://clamav.sf.net/snapshot/clamav-20031106-tk.tar.gz
> Please test it ASAP. Thank you.
OK, there's progress:
> clamscan -V
clamscan / ClamAV version devel-20031106
> clamscan readnow.zip
readnow.zip: Worm.Mimail.G FOUND
--- SCAN SUMMARY ---
Known viruses: 19846
Scanned
On Fri, 7 Nov 2003, [iso-8859-1] Mário Luis Ghoneim wrote:
> > --disable-archive --unzip
>
> But it doesn't work yet :(
I added this line to my clamscan call and it didn't work either. I can
provide a sample of the zip file that causes the problem, if that would
help. If I zip up other virus sam
On Fri, 7 Nov 2003, [iso-8859-1] Mário Luis Ghoneim wrote:
> I sent a zip file ( http://www.jcradios.com.br/virus/hello.zip ) and clamav
> worked fine. This means that my amavis installation it's ok, or no yet :-|?
>
> So, if I send this wrong zip file (
> http://www.jcradios.com.br/virus/photos.zi
On Sat, 8 Nov 2003, Tomasz Kojm wrote:
> There must be something wrong with amavis.
Is everyone who's having this problem using amavis on FreeBSD? I know
there have been problems with those zip libraries in the past.
I'm using the p5-Archive-Zip-1.08 port right now.
I also have an external zipp
On Wed, 12 Nov 2003, Serge Sivkov wrote:
> Archive: photos.zip
I've just gone through the same thing. If you run clamscan on the file
directly from the command line, you'll probably see that it detects the
virus appropriately.
The "problem" appears to be in the Archive::Zip perl module, which c
On Mon, 16 May 2005, Matt Fretwell wrote:
> Dennis Peterson wrote:
> > The world experience is that Windows drones on dialups or cable/dsl
> > are a major source of spam/viruses.
> That is coming back to the dynamic elitist viewpoint.
I agree with both of you, actually. In theory, of course, Mat
I've got a couple .pif files that McAfee detects as W32/[EMAIL PROTECTED] and
clamscan doesn't detect at all, in its default mode.
If I use the --detect-broken option, they're picked up as
Broken.Executable.
Since --detect-broken is not the default behavior for clamscan, should
these still be sub
On Fri, 3 Jun 2005, Jason Haar wrote:
> I've always been too afraid to turn it on as I was concerned about any
> assumptions made by the code might lead it to block otherwise valid
> executables
I wonder about that too, since it's not the default behavior. For what
it's worth, I turned it on earl
Out of curiosity, is clamav-milter necessary to use clamscan (not clamd)
with sendmail and SpamAssassin?
Right now, I use amavis between sendmail and clamscan but when I upgrade
the system, I'd like to use SpamAssassin. I'd like to use the simplest
setup possible, so if I'm going to be using Spam
On Wed, 15 Jun 2005, Damian Menscher wrote:
> clamav-milter works *only* as a plugin to sendmail. There will be a
> line in your sendmail.mc that tells sendmail to send stuff to the
> milter.
This is exactly how amavis is working right now.
> One could "simplify" by having procmail call clamdsca
I read your message and decided it sounded like something interesting to
try to block spam, and I'm having the opposite problem.
I did a "sigtool --md5 g1.gif > g1.hdb" and stuck the result in my
definitions directory.
When I scan the gif directly, it works:
# clamscan g1.gif
g1.gif: Spam.g1 FOUN
On Sat, 18 Jun 2005, jef moskot wrote:
> If I forward the spam with the attached image to myself, clamscan picks
> it up. If I forward the image itself in a different message to myself,
> clamscan also detects it.
>
> However, if I clamscan the original mail file with the spam in
On Tue, 21 Jun 2005, jef moskot wrote:
> On Sat, 18 Jun 2005, jef moskot wrote:
> > If I forward the spam with the attached image to myself, clamscan picks
> > it up. If I forward the image itself in a different message to myself,
> > clamscan also detects it.
> >
>
On Thu, 7 Jul 2005, Christopher X. Candreva wrote:
> www.zlib.net is still showing 1.2.2 from Oct 3 2004 as the latest version.
> Where is the version that was released yesterday ?
It affects FreeBSD 5.4 and 5.4, so if you have 4.x, you might not have
noticed. Full details here:
ftp://ftp.freebsd
On Thu, 7 Jul 2005, jef moskot wrote:
> It affects FreeBSD 5.4 and 5.4...
Oops, that's 5.3 and 5.4. Sorry about that.
Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html
On Thu, 7 Jul 2005, Odhiambo Washington wrote:
> Where is the new version of zlib, if you might know?
I'm not sure that it's a new version of zlib, exactly, especially since
the problem and the fix seem to be OS-specific.
If you have FreeBSD 5.3 or 5.4, there are explicit instructions for what
to
On Mon, 25 Jul 2005, Dennis Peterson wrote:
> Christopher McCrory said:
> > What are the chances of getting new version announcements to the 'users'
> > list also?
> Monitor your logs - you don't need anyone's help to learn there's a new
> version. Just a cron entry that grep's -i "warning" pipe ma
The latest batch seems to include a number of false positives, so I had to
revert. I don't want to submit private user data, but an example is the
apparently legit report from eBay entitled "Changes to eBay User Agreement
and Privacy Policy".
Other issues include apparently legitimate communicati
On Thu, 2 Feb 2006, Steve Basford wrote:
> Could you give me the signature names that match the false positives
> please.
Oh, duh. Of course.
Looks like 2 completely different kinds of eBay communications both
matched: Html.Phishing.Auction.Gen009.Sanesecurity.06020102
Thanks.
Jeffrey Moskot
On Sun, 27 Aug 2006, Bit Fuzzy wrote:
> As for the situation, we've been using ClamAV for going on 3 years now,
> and I have never (I repeat never) seen this occur.
Occasionally there are major virus flare-ups (and often there are phishing
scams and such) that occur before an appropriate signature
On Mon, 28 Aug 2006 [EMAIL PROTECTED] wrote:
> jef moskot wrote:
> > Occasionally there are major virus flare-ups (and often there are phishing
> > scams and such) that occur before an appropriate signature is in place.
> When do you actually scan then? Do you scan when the ema
On Mon, 28 Aug 2006 [EMAIL PROTECTED] wrote:
> I can see this working in a smaller environment although I still think
> it is less then ideal...
I think we all agree with that, but the world is a somewhat less than
ideal place and there are some cases where such a tool is useful. Thanks
to the or
On Fri, 10 Nov 2006, Bart Silverstrim wrote:
> What you're talking about is hassle...if it's too much hassle, you move
> on to something else. That's fine and dandy. But there are many many
> many people who are using, for example, ClamAV without throwing a fit
> because there's too much in the c
On Fri, 10 Nov 2006, Bart Silverstrim wrote:
> On Nov 10, 2006, at 11:07 AM, jef moskot wrote:
> > If some packages install without difficulty and others do not, then
> > how about we work together to bring the less efficient packages in line
> > with the more effective ones?
On Wed, 29 Nov 2006, JamesDR wrote:
> ...if your users are being let down by the 'time it takes to get a phish
> sig' then isn't about time their network/mail admin looked into added
> levels of detection?
I think the original point was that if Clam is going to scan for phishing
at all, the respon
I was thinking of doing something hacky by having clam triggered by
specific text in an X-header. I haven't made a signature based on a
simple text string before, but it didn't look very difficult based on the
docs.
Aside from the basic poor design and misuse of tools involved, would there
be any
On Sat, 3 Mar 2007, [ISO-8859-1] Leonardo Rodrigues Magalhães wrote:
> This middle-software will get the email text, save in a file and ask
> clamav to scan those files. If headers are saved as well, so clamav will
> YES scan headers. If the software saves only body, then clamav will have
> no acce
101 - 142 of 142 matches
Mail list logo
