[Clamav-users] New to Clam AV
Morning List. Firstly, I am new to clam, so I am asking for you understanding when I post stupid questions. My platform is Redhat 8, Spamassassin 2.55, sa-exim 3.1, exiscan and Clam AV 0.60. Chat soon. Regards, Tom Kinghorn --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd dies
I am having the same problem with OpenBSD 3.3 Clamd sometimes "just" stops running. I don't have freshclamd running.. so no idea about that Wouter Lynn Duerksen wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Kojm Sent: Tuesday, September 16, 2003 10:23 AM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] clamd dies I have not seen anyone with a solution so far for my Postfix-Spamassassin-Openbsd3.3-Amavisd-new setup. On the latest version freshclam even bombs now. Run the following script from crontab Freshclam bombs ? Can't believe ;) Although it does not happen as often as clamd on occasion it does need to be restarted. It had gone 11 days without needing restarting but this morning it needed restarting twice in 1 hour. I still wonder if it has to do with running amavisd in chroot jail under user amavisd. Is there a guide somewhere for running it in chroot jail. I have gotten all kinds of advice from different sources and I usually have to do some tweaking of each to make it work. I know that the OpenBSD port has the user "_clamd" coded into the port. I modify the Makefile and set it to user amavisd but still have to come back and chown on some files and directories that were set to user "_clamd". My log of restarts: -- -- checkclam log grep "restarting" -- -- Sep 4 22:30:01 restarting clamd daemon Sep 5 09:30:01 restarting clamd daemon Sep 5 14:30:01 restarting freshclam daemon Sep 5 15:00:01 restarting freshclam daemon Sep 5 20:30:01 restarting clamd daemon Sep 9 22:00:01 restarting clamd daemon Sep 10 21:30:01 restarting clamd daemon Sep 11 11:00:01 restarting clamd daemon Sep 14 21:30:01 restarting clamd daemon Sep 16 10:00:02 restarting freshclam daemon Sep 16 10:30:01 restarting freshclam daemon> -- -- end checkclam log -- -- My clamav.conf settings -- -- clamav.conf -- -- LogFile /var/amavisd/var/log/clamd.log LogTime LogVerbose PidFile /var/run/clamd.pid DataDirectory /var/amavisd/usr/local/share/clamav LocalSocket /var/amavisd/clamd.sock MaxConnectionQueueLength 30 MaxThreads 10 MaxDirectoryRecursion 15 User amavisd ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 -- -- end clamav.conf -- -- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd dies
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Tomasz Kojm > Sent: Tuesday, September 16, 2003 10:23 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] clamd dies > > > > I have not seen anyone with a solution so far for my > > Postfix-Spamassassin-Openbsd3.3-Amavisd-new setup. On the latest > > version freshclam even bombs now. Run the following script from > > crontab > > Freshclam bombs ? Can't believe ;) Although it does not happen as often as clamd on occasion it does need to be restarted. It had gone 11 days without needing restarting but this morning it needed restarting twice in 1 hour. I still wonder if it has to do with running amavisd in chroot jail under user amavisd. Is there a guide somewhere for running it in chroot jail. I have gotten all kinds of advice from different sources and I usually have to do some tweaking of each to make it work. I know that the OpenBSD port has the user "_clamd" coded into the port. I modify the Makefile and set it to user amavisd but still have to come back and chown on some files and directories that were set to user "_clamd". My log of restarts: -- -- checkclam log grep "restarting" -- -- Sep 4 22:30:01 restarting clamd daemon Sep 5 09:30:01 restarting clamd daemon Sep 5 14:30:01 restarting freshclam daemon Sep 5 15:00:01 restarting freshclam daemon Sep 5 20:30:01 restarting clamd daemon Sep 9 22:00:01 restarting clamd daemon Sep 10 21:30:01 restarting clamd daemon Sep 11 11:00:01 restarting clamd daemon Sep 14 21:30:01 restarting clamd daemon Sep 16 10:00:02 restarting freshclam daemon Sep 16 10:30:01 restarting freshclam daemon> -- -- end checkclam log -- -- My clamav.conf settings -- -- clamav.conf -- -- LogFile /var/amavisd/var/log/clamd.log LogTime LogVerbose PidFile /var/run/clamd.pid DataDirectory /var/amavisd/usr/local/share/clamav LocalSocket /var/amavisd/clamd.sock MaxConnectionQueueLength 30 MaxThreads 10 MaxDirectoryRecursion 15 User amavisd ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 -- -- end clamav.conf -- -- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
I am using sendmail and clamav-milter. Here is my sendmail.mc file divert(-1)dnl #- # $Sendmail: debproto.mc,v 8.12.9 2003-07-01 23:39:44 cowboy Exp $ # # Copyright (c) 1998-2003 Richard Nelson. All Rights Reserved. # # ./cf/debian/sendmail.mc. Generated from sendmail.mc.in by configure. # # sendmail.mc prototype config file for building Sendmail 8.12.9 # # Note: the .in file supports 8.7.6 - 8.12.10, but the generated # file is customized to the version noted above. # # This file is used to configure Sendmail for use with Debian systems. # # If you modify this file, you will have to regenerate /etc/mail/sendmail.cf # by running this file through the m4 preprocessor via one of the following: # * `sendmailconfig` # * `make` # * `m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf` # The first two options are preferred as they will also update other files # that depend upon the contents of this file. # # The best documentation for this .mc file is: # /usr/share/doc/sendmail-doc/cf.README.gz # #- divert(0)dnl # # Copyright (c) 1998-2002 Richard Nelson. All Rights Reserved. # # This file is used to configure Sendmail for use with Debian systems. # define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: sendmail.mc, v 8.12.9-5 2003-07-01 23:39:44 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl dnl # dnl # General defines dnl # dnl Start of ClamAV-Milter INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=,T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clamav') dnl End of ClamAV-Milter dnl # dnl # dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot() dnl # into this directory before writing files. dnl # If *all* your user accounts are under /home then use that dnl # instead - it will prevent any writes outside of /home ! dnl # define(`confSAFE_FILE_ENV', `')dnl LOCAL_CONFIG FEATURE(`masquerade_envelope')dnl LOCAL_CONFIG Cwrhumphrey.com FEATURE(`use_cw_file')dnl FEATURE(`use_ct_file')dnl FEATURE(`smrsh')dnl dnl # dnl # Dialup/LAN connection overrides dnl # include(`/etc/mail/dialup.m4')dnl include(`/etc/mail/provider.m4')dnl dnl # MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl LOCAL_CONFIG ## Custom configurations below (will be preserved) include(`/etc/mail/tls/starttls.m4')dnl On Tuesday 16 September 2003 10:37 am, Tomasz Kojm wrote: > > NB: > > * my server runs Exim 4.22 on FreeBSD 4.6, with exiscan-acl and clamd > > * OK means that the virus file has been identified by ClamAV > > * FAILED means that the virus file got though without being detected > > Some of the tests failed because a detection for them must be implemented > in a mail wrapper between smtp and clamd and is not possible in clamd > itself. > > Best regards, > Tomasz Kojm --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav.conf
[ Charset ISO-8859-1 unsupported, converting... ] > Hi, I am having one small problem here. > Where would the temp directory be for a mail scanner be in a RedHat7.3 setup? > I ask this because I cannot start the Antivirus program untill the configuration > file is complete (clamav.conf). > Sorry for the noobie question. Do you really need on-access scanning ? Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav.conf
Hi, I am having one small problem here. Where would the temp directory be for a mail scanner be in a RedHat7.3 setup? I ask this because I cannot start the Antivirus program untill the configuration file is complete (clamav.conf). Sorry for the noobie question. ==Quote You need to enable clamuko in clamav.conf. To protect directory /home, please use the option: ClamukoIncludePath /home To protect the whole system: ClamukoIncludePath / ClamukoExcludePath /proc ClamukoExcludePath /tempdir/of/mail/scanner <--here??? == I use exim and sendmail.
Re: [Clamav-users] Help with gzip attachments
Hi Nigel, > > This is a test file I've sent out to a couple of you > > that passes undetected... I'm just trying to see if this > > issue has been resolved? > > Please send me a copy of the test file and I'll double > check. If this is a file you've already sent me, give me > an indication which one it is please, and I'll retest. > Yes, I've sent the file, probably twice. :-) It is called "virusfile.2.gz", I believe, please let me know if you'd like me to send it again. Ricardo --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] About Clamscan scanresult
Please mail that possible false positive samples to [EMAIL PROTECTED] or using http://clamav.sf.net/cgi-bin/sendvirus.cgi and we will check it. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
Richard Humphrey wrote: On Tuesday 16 September 2003 10:03 am, Thomas Lamy wrote: Emre Sümengen wrote: I also have the same problem, ClamAV succesfully finds the eicar test virus bundled with the software, but no matter how many times I send it attached to an email, nothing happens. I'm running clamav with root and using TCP-IP access and even running telnet 3310 and running SCAN command detects the virus but nothing happens when the file is sent as an attachment. By the way, I'm using qvcs (http://qvcs-guide.sourceforge.net/) on redhat 7.3. What's going on? Have you enabled then "ScanMail" and "ScanArchive" option in clamd.conf, or started clamscan with the --mbox option? If not, (compressed) attachments get not scanned. Yes scanmail is enabled and I even get the scanned header in my email, but the virus was not detected.. This is what shows up in header. X-Virus-Scanned: clamdscan / ClamAV version 0.60+BugFixesFromCVS-20030905 Which mail server? Could you post the clam-related excerpts from the configuration files? Thomas --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
> NB: > * my server runs Exim 4.22 on FreeBSD 4.6, with exiscan-acl and clamd > * OK means that the virus file has been identified by ClamAV > * FAILED means that the virus file got though without being detected Some of the tests failed because a detection for them must be implemented in a mail wrapper between smtp and clamd and is not possible in clamd itself. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd dies
> I have not seen anyone with a solution so far for my > Postfix-Spamassassin-Openbsd3.3-Amavisd-new setup. On the latest > version freshclam even bombs now. Run the following script from crontab Freshclam bombs ? Can't believe ;) Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
On Tuesday 16 September 2003 10:03 am, Thomas Lamy wrote: Yes scanmail is enabled and I even get the scanned header in my email, but the virus was not detected.. This is what shows up in header. X-Virus-Scanned: clamdscan / ClamAV version 0.60+BugFixesFromCVS-20030905 > Emre Sümengen wrote: > > I also have the same problem, ClamAV succesfully finds the eicar test > > virus bundled with the software, but no matter how many times I send it > > attached to an email, nothing happens. > > > > I'm running clamav with root and using TCP-IP access and even running > > telnet 3310 and running SCAN command detects the virus but nothing > > happens when the file is sent as an attachment. > > > > By the way, I'm using qvcs (http://qvcs-guide.sourceforge.net/) on > > redhat 7.3. What's going on? > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Richard > > Humphrey > > Sent: Tuesday, September 16, 2003 5:18 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Clamav-users] Testing ClamAV > > > > > > If you are saying that the tests failed (i.e. clamav didnt find any > > virus in > > your email) then you are correct. I just tried it and all tests sent the > > file > > straight thru with nothing in the log to tell me it was a virus. (Sorry > > i > > just joined the list and didnt see the initial post. > > > > I am using clamdscan / ClamAV version 0.60+BugFixesFromCVS-20030905 on > > debian > > unstable and have the same problem. command line scanning works, but > > mailscanner isnt working. > > > > On Tuesday 16 September 2003 8:59 am, [EMAIL PROTECTED] wrote: > >>>... > >>> > Looking for something else, I ended up on Declude.com web site > where I found a virus testing tool. Being curious by nature, I ran > > > all the tests = > >>> > >>>at > >>> > http://www.declude.com/tools/mailsend.html against my SMTP server > using clamd. > >>> > >>>Which version of clamd? > >> > >>Version 0.60_1 > > Have you enabled then "ScanMail" and "ScanArchive" option in clamd.conf, > or started clamscan with the --mbox option? If not, (compressed) > attachments get not scanned. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
Emre Sümengen wrote: I also have the same problem, ClamAV succesfully finds the eicar test virus bundled with the software, but no matter how many times I send it attached to an email, nothing happens. I'm running clamav with root and using TCP-IP access and even running telnet 3310 and running SCAN command detects the virus but nothing happens when the file is sent as an attachment. By the way, I'm using qvcs (http://qvcs-guide.sourceforge.net/) on redhat 7.3. What's going on? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Humphrey Sent: Tuesday, September 16, 2003 5:18 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Testing ClamAV If you are saying that the tests failed (i.e. clamav didnt find any virus in your email) then you are correct. I just tried it and all tests sent the file straight thru with nothing in the log to tell me it was a virus. (Sorry i just joined the list and didnt see the initial post. I am using clamdscan / ClamAV version 0.60+BugFixesFromCVS-20030905 on debian unstable and have the same problem. command line scanning works, but mailscanner isnt working. On Tuesday 16 September 2003 8:59 am, [EMAIL PROTECTED] wrote: ... Looking for something else, I ended up on Declude.com web site where I found a virus testing tool. Being curious by nature, I ran all the tests = at http://www.declude.com/tools/mailsend.html against my SMTP server using clamd. Which version of clamd? Version 0.60_1 Have you enabled then "ScanMail" and "ScanArchive" option in clamd.conf, or started clamscan with the --mbox option? If not, (compressed) attachments get not scanned. -- Thomas Lamy Technik & Softwareentwicklung Ingolstadt Online GmbH -- Ihr drahtloser Weg ins Internet --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam antivirus testimony
Our mail server is not as busy as some of the others who reported here (1-15000 mails each day). Since about a month we have MailScanner running with ClamAV and McAfee (and SpamAssassin). Here are the numbers of virus mails intercepted by each scanner: DateClamAV McAfee Sep 1 832 867 Sep 2 999 1024 Sep 3 12461263 Sep 4 10791096 Sep 5 889 898 Sep 6 709 722 Sep 7 663 679 Sep 8 12141228 Sep 9 13371352 Sep 10 426 432 Sep 11 42 44 Sep 12 40 40 Sep 13 46 48 Sep 14 56 56 Sep 15 58 58 Sep 16 23 23 I haven't done an in-depth investigation, but most of the mails intercepted by McAfee and not by ClamAV were the damaged copies of Sobig-F. After the end of the Sobig outbreak, all mails were caught by both antivirus products without difference. David Jansen -- David Jansenmailto:[EMAIL PROTECTED] Leiden Observatory( Sterrewacht Leiden ) P.O. Box 9513, 2300 RA Leiden, The Netherlands Phone: (+31) 71 5275810Fax: (+31) 71 5275819 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Testing ClamAV
I also have the same problem, ClamAV succesfully finds the eicar test virus bundled with the software, but no matter how many times I send it attached to an email, nothing happens. I'm running clamav with root and using TCP-IP access and even running telnet 3310 and running SCAN command detects the virus but nothing happens when the file is sent as an attachment. By the way, I'm using qvcs (http://qvcs-guide.sourceforge.net/) on redhat 7.3. What's going on? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Humphrey Sent: Tuesday, September 16, 2003 5:18 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Testing ClamAV If you are saying that the tests failed (i.e. clamav didnt find any virus in your email) then you are correct. I just tried it and all tests sent the file straight thru with nothing in the log to tell me it was a virus. (Sorry i just joined the list and didnt see the initial post. I am using clamdscan / ClamAV version 0.60+BugFixesFromCVS-20030905 on debian unstable and have the same problem. command line scanning works, but mailscanner isnt working. On Tuesday 16 September 2003 8:59 am, [EMAIL PROTECTED] wrote: > > ... > > > > > Looking for something else, I ended up on Declude.com web site > > > where I found a virus testing tool. Being curious by nature, I ran > > > all the tests = > > > > at > > > > > http://www.declude.com/tools/mailsend.html against my SMTP server > > > using clamd. > > > > Which version of clamd? > > Version 0.60_1 > > > > --- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
I am new to clamav and I have it installed, but not sure if I have it configured properly. Is there somewhere I have to tell it what to do with files it finds in the mailscan? On Tuesday 16 September 2003 9:23 am, [EMAIL PROTECTED] wrote: > > > http://www.declude.com/tools/mailsend.html ... > > > > I tried it any my tests came back similarly. However, despite the fact > > those messages "got through" none of the emails or attachments I received > > had a viewable attachment with the eicar pattern. There's just the > > mysterious statement that we're susceptible to future viruses (umm, > > wouldn't future patterns _include_ encoding information if that was a > > required part of the virus's payload?). > > > > Though I think it would be great to find more testing systems like this, > > I don't think the failed tests represent any security risk in clamav... > > Anyone disagree? > > > > -Daniel > > When I ran my tests, the virus files really got though and I was able to > execute the attachments. I got them sent to a test mailboxe and checked it > with Eudora 5.2 on a Win2k machine. This machine had eTrust-EZ running on > it, and it did detect the virus files when they arrived. > > I'll run the tests again, with the exiscan-acl demime facility disabled and > eTrust-EZ disabled too on the client machine, and I'll leave a copy of the > messages in the FreeBSD's mailboxe, so as to see how they look like before > being interpreted by Eudora. > > LOL > > > > --- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
> > http://www.declude.com/tools/mailsend.html ... > > I tried it any my tests came back similarly. However, despite the fact > those messages "got through" none of the emails or attachments I received > had a viewable attachment with the eicar pattern. There's just the > mysterious statement that we're susceptible to future viruses (umm, > wouldn't future patterns _include_ encoding information if that was a > required part of the virus's payload?). > > Though I think it would be great to find more testing systems like this, I > don't think the failed tests represent any security risk in clamav... > Anyone disagree? > > -Daniel > When I ran my tests, the virus files really got though and I was able to execute the attachments. I got them sent to a test mailboxe and checked it with Eudora 5.2 on a Win2k machine. This machine had eTrust-EZ running on it, and it did detect the virus files when they arrived. I'll run the tests again, with the exiscan-acl demime facility disabled and eTrust-EZ disabled too on the client machine, and I'll leave a copy of the messages in the FreeBSD's mailboxe, so as to see how they look like before being interpreted by Eudora. LOL --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
If you are saying that the tests failed (i.e. clamav didnt find any virus in your email) then you are correct. I just tried it and all tests sent the file straight thru with nothing in the log to tell me it was a virus. (Sorry i just joined the list and didnt see the initial post. I am using clamdscan / ClamAV version 0.60+BugFixesFromCVS-20030905 on debian unstable and have the same problem. command line scanning works, but mailscanner isnt working. On Tuesday 16 September 2003 8:59 am, [EMAIL PROTECTED] wrote: > > ... > > > > > Looking for something else, I ended up on Declude.com web site where I > > > found a virus testing tool. Being curious by nature, I ran all the > > > tests = > > > > at > > > > > http://www.declude.com/tools/mailsend.html against my SMTP server using > > > clamd. > > > > Which version of clamd? > > Version 0.60_1 > > > > --- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Testing ClamAV
> ... > > > Looking for something else, I ended up on Declude.com web site where I > > found a virus testing tool. Being curious by nature, I ran all the tests = > at > > http://www.declude.com/tools/mailsend.html against my SMTP server using > > clamd. > > Which version of clamd? Version 0.60_1 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] updates download
--- Daniel Wiberg <[EMAIL PROTECTED]> wrote: > On Tue, Sep 16, 2003 at 05:18:16AM +, Payal Rathod wrote: > > Is it possible to download the updates manually and transfer therm on > > floppy or CD to a machine which does not have internet access but just > > local LAN access? > > If yes, how to do it? > > wget http://clamav.sourceforge.net/database/viruses.db && wget > http://clamav.sourceforge.net/database/viruses.db2 > > Add .gz if you want them compressed. ...and then plop them into /usr/local/share/clamav (tarball install) or /var/clamav (RedHat RPM install). Good luck! = /dev/idal "GNU/Linux is free freedom" --Me __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] freshclam ERROR: Can't open new file...
Hi, I've just built from sources and installed clamav-0.60, according to the User Manual. My problem is that when I try to run this command freshclam -v -l /var/log/clam-update.log --log-verbose I *always* get the following errors messages Checking for a new database - started at Tue Sep 16 15:11:34 2003 ERROR: Can't open new file ./5bb82cbfa3669e7f to write ERROR: Can't download viruses.db from clamav.elektrapro.com repeated for each entry in /usr/share/clamav/mirrors.txt Please note that: 1) I've run the command as root 2) I've created clam-update.log according to the User Manual, i.e. -rw---1 clamav root 761 Sep 16 15:16 /var/log/clam-update.log TIA for any help Roberto --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ignoring eicar virus
On Tuesday 16 September 2003 1:06 am, Nigel Horne wrote: > On Tuesday 16 Sep 2003 1:40 am, Richard Humphrey wrote: > > Forgive me if this is covered somewhere alreadsy but i was unable to find > > it in the archives. i am running Debian unstable with Sendmail and > > clamav-milter, clamd etc. When I do a clamscan i can detect the test > > eicar file, but if I send it to myself in an email, it doesnt get > > detected. Am i doing something wrong? > > What version of clamav, and what runtime options did you give to > clamav-milter (which only optionally checks outgoing e-mails) > > > Richard > > -Nigel I am using ClamAV version 0.60+BugFixesFromCVS-20030905 on Debian unstable. I used the following to start clamav-milter: /usr/sbin/clamav-milter -blo /var/run/clamav.sock. Richard --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] updates download
On Tue, Sep 16, 2003 at 05:18:16AM +, Payal Rathod wrote: > Hi, > Is it possible to download the updates manually and transfer therm on > floppy or CD to a machine which does not have internet access but just > local LAN access? > If yes, how to do it? wget http://clamav.sourceforge.net/database/viruses.db && wget http://clamav.sourceforge.net/database/viruses.db2 Add .gz if you want them compressed. //daniel wiberg -- www.wiberg.nu --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
