Hi Eric,
Thanks for the info...
FYI...
[root@myserver etc]# /usr/sbin/clamav-unofficial-sigs.sh -c
/etc/clamav-unofficial-sigs.conf
File removed: /usr/share/clamav/mbl.ndb
File removed: /usr/share/clamav/unofficial-dbs/mbl-dbs/mbl.ndb
======================================================================
Sanesecurity Database & GPG Signature File Updates
======================================================================
Sanesecurity mirror site used: svetlana.ability-network.net 91.121.188.82
Connection to svetlana.ability-network.net 91.121.188.82 failed - Trying next
mirror site...
Sanesecurity mirror site used: postfix.charite.de 141.42.206.35
Connection to postfix.charite.de 141.42.206.35 failed - Trying next mirror
site...
Sanesecurity mirror site used: clamav.us.es 150.214.142.197
Connection to clamav.us.es 150.214.142.197 failed - Trying next mirror site...
Sanesecurity mirror site used: saturn.retrosnub.co.uk 178.18.118.26
Connection to saturn.retrosnub.co.uk 178.18.118.26 failed - Trying next mirror
site...
Sanesecurity mirror site used: sane.helljert.de 178.63.197.162
Connection to sane.helljert.de 178.63.197.162 failed - Trying next mirror
site...
Sanesecurity mirror site used: secure.kozstyle.com 178.63.226.23
Connection to secure.kozstyle.com 178.63.226.23 failed - Trying next mirror
site...
Sanesecurity mirror site used: roxxor.lncsa.com 188.165.202.60
Connection to roxxor.lncsa.com 188.165.202.60 failed - Trying next mirror
site...
Sanesecurity mirror site used: resolv3.vianetworks.de 194.77.111.24
Connection to resolv3.vianetworks.de 194.77.111.24 failed - Trying next mirror
site...
Sanesecurity mirror site used: rsync-mirror.rollernet.us 208.79.241.67
Connection to rsync-mirror.rollernet.us 208.79.241.67 failed - Trying next
mirror site...
Sanesecurity mirror site used: www01.masbytes.es 213.194.159.34
Connection to www01.masbytes.es 213.194.159.34 failed - Trying next mirror
site...
Sanesecurity mirror site used: sanesecurity.spamrl.com 31.25.98.183
Connection to sanesecurity.spamrl.com 31.25.98.183 failed - Trying next mirror
site...
Sanesecurity mirror site used: mail.us.tx1.zoidial.com 72.249.91.126
Connection to mail.us.tx1.zoidial.com 72.249.91.126 failed - Trying next mirror
site...
Sanesecurity mirror site used: 85-31-187-138.blue.kundencontroller.de
85.31.187.138
Connection to 85-31-187-138.blue.kundencontroller.de 85.31.187.138 failed -
Trying next mirror site...
Sanesecurity mirror site used: luxuo-host.unix-scripts.info 88.190.35.181
Connection to luxuo-host.unix-scripts.info 88.190.35.181 failed - Trying next
mirror site...
Sanesecurity mirror site used: sanesecurity.roessner-net.de 88.198.80.227
Connection to sanesecurity.roessner-net.de 88.198.80.227 failed - Trying next
mirror site...
Access to all Sanesecurity mirror sites failed - Check for connectivity issues
or signature database name(s) misspelled in the script's configuration file.
======================================================================
SecuriteInfo Database File Updates
======================================================================
4 hours have not yet elapsed since the last SecuriteInfo update check
--- No update check was performed at this time ---
Next check will be performed in approximately 1 hour(s), 16 minute(s)
======================================================================
===========================================================
= Database removal(s) detected, reloaded ClamAV databases =
===========================================================
best wishes
Tony White
Yea Computing Services
http://www.ycs.com.au
4 The Crescent
Yea
Victoria
Australia 3717
Telephone No's
VIC : 03 9008 5614
FAX : 03 9008 5610 (FAX2Email)
IMPORTANT NOTICE
This communication including any file attachments is intended solely for
the use of the individual or entity to whom it is addressed. If you are
not the intended recipient, or the person responsible for delivering
this communication to the intended recipient, please immediately notify
the sender by email and delete the original transmission and its
contents. Any unauthorised use, dissemination, forwarding, printing or
copying of this communication including file attachments is prohibited.
It is your responsibility to scan this communication including any file
attachments for viruses and other defects. To the extent permitted by
law, Yea Computing Services and its associates will not be liable for
any loss or damage arising in any way from this communication including
any file attachments.
You may not disclose this information to a third party without written
permission from the Author.
On 20/08/2012 00:03, Eric Shubert wrote:
On 08/19/2012 05:36 AM, Tony White wrote:
Hello Eric,
Results here....
[root@myserver clamd]# ls -l /usr/share/clamav
total 72M
drwxr-xr-x 3 clamav clamav 4.0K Aug 19 22:31 .
drwxr-xr-x 112 root root 4.0K May 19 23:20 ..
-rw-r--r-- 1 clamav clamav 58K Jul 26 16:11 bytecode.cvd
-rw-r--r-- 1 clamav clamav 16M Aug 19 16:02 daily.cld
-rw-r--r-- 1 clamav clamav 23K Feb 16 2012 honeynet.hdb
-rw-r--r-- 1 clamav clamav 4.8M Jul 22 2011 junk.ndb
-rw-r--r-- 1 clamav clamav 370K Jul 23 2011 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 30M Apr 25 12:16 main.cvd
-rw-r--r-- 1 clamav clamav 314K Aug 19 19:40 mbl.ndb
-rw-r--r-- 1 clamav clamav 156 Aug 19 22:31 mirrors.dat
-rw-r--r-- 1 clamav clamav 2.7M Jul 22 2011 phish.ndb
-rw-r--r-- 1 clamav clamav 147K Jul 23 2011 rogue.hdb
-rw-r--r-- 1 clamav clamav 8.9K Jun 21 2011 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1.7M Jul 22 2011 scam.ndb
-rw-r--r-- 1 clamav clamav 83K Jun 29 2010 securiteinfobat.hdb
-rw-r--r-- 1 clamav clamav 294K May 31 06:28 securiteinfodos.hdb
-rw-r--r-- 1 clamav clamav 82K Jan 13 2012 securiteinfoelf.hdb
-rw-r--r-- 1 clamav clamav 14M Aug 19 19:58 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 1.2M Aug 19 20:00 securiteinfohtml.hdb
-rw-r--r-- 1 clamav clamav 308K Feb 10 2012 securiteinfooffice.hdb
-rw-r--r-- 1 clamav clamav 458K Aug 16 19:12 securiteinfopdf.hdb
-rw-r--r-- 1 clamav clamav 30K Jan 14 2012 securiteinfosh.hdb
-rw-r--r-- 1 clamav clamav 56K Jun 24 2011 spamimg.hdb
drwxr-xr-x 8 clamav clamav 4.0K Oct 22 2010 unofficial-dbs
-rw-r--r-- 1 clamav clamav 4.7K Jun 20 2011 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav 1005K Jul 23 2011 winnow_malware_links.ndb
[root@myserver clamd]#
Client using outlook express, submission port 587, TLS.
All other attachments are sent just this jpg.
Have checked the log and the clamd logs show lots of errors where jpgs
are involved.
Which look like?? (A simple would be nice)
I have sent him the exact image from my own email account and it was
received correctly.
I want him to send a bmp next just ot see if it is jpg's only or all
images.
best wishes
Tony White
I'm guessing that a false positive is being triggered somehow. The MBL has had some FPs recently, and the downloading of
signatures from there has not been as reliable as we'd like.
I have removed MBL from my configuration, and I suggest you do the same. Edit the
/opt/qmailtoaster-plus/etc/clamav-unofficial-sigs.conf file, commenting out the mlb_dbs entries (under MalwarePatrol
Database(s) as such:
#mbl_dbs="
# mbl.ndb
#"
Then run:
# /usr/sbin/clamav-unofficial-sigs.sh -c /etc/clamav-unofficial-sigs.conf
The script will get rid of mlb, then restart clamav, which you should see in the log. Then try sending again to see if
that cleared it up.
I don't know off hand why we're not getting a more meaningful error message in this case. IIRC, the actual signature that
fires is given in the error message to the client (typically a sending server). I suspect that OE simply isn't showing
the error from the server. Not much we can do about that. ;)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
