On Wed, 28 Jan 2004 [EMAIL PROTECTED] wrote:
> How is the resource useage with clamav? I'm tempted to install it, but
> the cpus on that server are already pretty stressed just dealing with
> spamc (I already offloaded spamd to another box) and everything else it
> has to do, and am hesitant to
How is the resource useage with clamav? I'm tempted to install it, but
the cpus on that server are already pretty stressed just dealing with
spamc (I already offloaded spamd to another box) and everything else it
has to do, and am hesitant to add much more...
TIA,
On Wed, 28 Jan 2004, Richard B
Thanks for all the help guys. I've installed clamav and set it to quietly
refuse the Novarg virus (rather than trying to bounce all back to
non-existent senders), and it seems to be successfully stomping on the
beasty.
Thanks again -
Regards,
Richard
-Original Message-
From: [EMAIL PRO
And data.zip, which ClamAV detected and McAfee didn't. I've forwarded it to
NAI.
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> [EM
>he only problem so
>far is bounces containing the full, original virus message source aren't
>caught.
Yeah, what's up with that, anyway? What kind of moronic AV scanner bounces an
infected attachment instead of removing it?
Check out this interesting rant on Attrition.org:
http://www.attrit
On Tuesday 27 January 2004 09:43 am, Chris Barnes wrote:
> Let me 2nd this - on the server I run for my dept, we have had ZERO
> messages get through with this virus. Otoh, I spent 2 hours on the
> phone with a dozen or so friends explaining to them how to get this off
> of their machines (sometim
he?
what's going on here?!?
repeat after me: "spamassassin is no virusscanner!"
virusscanners need to be able to scan attachments, and this is a thing
that SA can't do.
have a look here
http://www.ijs.si/software/amavisd/
and please stop trying to abuse our spam murdering little ninja, ok? :D
Spam detection software, running on the system "p15139277.pureserver.info", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
http://www.cw-mediade
On Tue, 27 Jan 2004, John Hall wrote:
> This is a list of all the filenames I've seen so far today:
>
> body.bat
> body.exe
> body.zip
> data.pif
> data.scr
> doc.zip
> document.pif
> document.zip
> kcmnw.exe
> message.scr
> message.zip
> pqoew.pif
> readme.scr
> readme.zip
> text.e
On Tue, 27 Jan 2004, Russell Mann wrote:
> I got one of these guys yesterday, then ClamAV has stopped them since. If
> you're using a QmailScanner setup, it can easily be configured to block
> these guys.
I configured qmail-scanner to do just that...I'm not sure I want yet
another process on the
> Christopher X. Candreva <[EMAIL PROTECTED]> wrote:
> > I suggest simply installing clamav and additionally passing mail
> > through it. Clam runs as a daemon and is actually much faster than
> > SpamAssassin.
> >
> > Clamav was catching Novarg here almost immediately (I have a cron job
> > that c
On Tuesday 27 January 2004 09:43 am, Chris Barnes wrote:
> Let me 2nd this - on the server I run for my dept, we have had ZERO
> messages get through with this virus. Otoh, I spent 2 hours on the
> phone with a dozen or so friends explaining to them how to get this off
> of their machines (sometim
Christopher X. Candreva <[EMAIL PROTECTED]> wrote:
> I suggest simply installing clamav and additionally passing mail
> through it. Clam runs as a daemon and is actually much faster than
> SpamAssassin.
>
> Clamav was catching Novarg here almost immediately (I have a cron job
> that checks for viru
>
> > Could someone help me cobble together a rule quickly to counteract the
> > attachments it's using. Something to catch test.zip, readme.zip and
> > body.zip (the most common ones it appears to be using at the moment).
>
If you go to John Hardin's site
http://www.impsec.org/email-tools/local
"Richard Beyer" <[EMAIL PROTECTED]> wrote ...
> We're seeing a lot of activity from the [EMAIL PROTECTED] virus
>
(http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
l)
> Could someone help me cobble together a rule quickly to counteract the
> attachments it's using. Someth
15 matches
Mail list logo
