Jonathan Kamens wrote:
> Greetings,
>
> Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd
> version 4540 reported that an EXE on one of our servers was infected
> with Hacktool.PCGI. This EXE came from a pretty reputable source, and
> when I scanned the same file with Symante
Greetings,
Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd
version 4540 reported that an EXE on one of our servers was infected
with Hacktool.PCGI. This EXE came from a pretty reputable source, and
when I scanned the same file with Symantec AntiVirus, it claimed that
the fi
Hello!
Is it possible to create new .cvd files from older
.cvd files, using the appropriate .cdiff files?
If this is not possible (with .cdiff files), do u
think that we can somehow create a binary diff file
from the two .cvd versions (old against new)?
Thanks
ilias
PS: sorry for posting this t
Tilman,
Thank you for your reply.
Everything is being done as root.
Sean
- Original Message
From: Tilman Schmidt <[EMAIL PROTECTED]>
To: ClamAV users ML
Sent: Wednesday, October 17, 2007 9:30:23 AM
Subject: Re: [Clamav-users] eicar Identified But Not Moved
Sean McGlynn schrieb:
> Fo
That's it!! When I disable clamuko, the scan results indicated an infected
file was found (which it was not doing) and the file was moved to the
quarantine directory.
Now, that said, where does that leave me as far as clumuko? We rely on that
for on access scanning. I assume, now that I'm se
Sean McGlynn schrieb:
> For the record, I can manually move the file:
>
> OES-FS05:/home/justlgn/test # mv eicar.com /var/log/clam/infected/
Judging from the prompt, you are doing this as root, but beneath
your (justlgn's) home directory.
> OES-FS05:/home/justlgn/test # ls -al
> total 2
> drwxr-
Hey,
I don't know if clamuko should deny access to this file. If you are
running Clamuko then disable it please ;-) or show us ls -al
/home/justlgn/test/eicar.com
/rl
Sean McGlynn wrote:
> The following is what appears in the trace that I belive is relevant (it is
> all that appears relevant
P.S.S
For what it's worth, it wont remove the file either. Same "can't open file"
message is displayed.
- Original Message
From: Török Edvin <[EMAIL PROTECTED]>
To: ClamAV users ML
Sent: Tuesday, October 16, 2007 3:18:43 PM
Subject: Re: [Clamav-users] eicar Identified But Not Moved
P.S.
Based on the trace results I believe what you are saying about this not being
about moving the file is correct. I don't think the process has gotten as far
as trying to move the file.
For the record, I can manually move the file:
OES-FS05:/home/justlgn/test # mv eicar.com /var/log/clam/i
The following is what appears in the trace that I belive is relevant (it is all
that appears relevant to eicar)
lstat64("/home/justlgn/test/eicar.com", {st_mode=S_IFREG|0644, st_size=69,
...}) = 0
stat64("/home/justlgn/test/eicar.com", {st_mode=S_IFREG|0644, st_size=69, ...})
= 0
stat64("/home/
10 matches
Mail list logo
