Re: [Clamav-users] Oversized Zip, again ...
On Fri, 28 Nov 2003 18:24:02 +0100 Tomasz Papszun <[EMAIL PROTECTED]> wrote: > I have also seen stopped .doc files compressed with ratio 236. > And .dbf files with ratio 1101. Also, .wav files with ratio 1182. > > Users send quite strange things. So an admin may be forced to set > ZIPOSDET for some big value. > > I think that this parameter should be made runtime configurable (in > clamav.conf). Not every site compiles Clamav on its own. You only get this kind of full disclosure with an Open Source virus scanner. Thanks for that. Now I may have missed something, but I'm wondering what is the harm of setting it to 1500 or to 2000? Just to make sure to catch everything. thanks, CP -- Chris Paul Rex Consulting - Messaging and Security Solutions +1 831.338.7712 Key fingerprint = 588A 289C ADE2 08F9 050B D2A0 DDA4 331D C61B DFD1 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Process based clamd
The current CVS code contains a new directive: UseProcesses that will cause clamd to use processes instead of threads. Initial version but seems to work ;) It should be really useful for clamav-milter users. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Nov 29 04:38:31 CET 2003 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Autochecking script for clamd
On Fri, 28 Nov 2003 [EMAIL PROTECTED] wrote: > bash is not a part of the default solaris 8 server installation. neither is > clamav, for that matter. This is quickly getting off topic -- however a number of gnu type utils were included in Solarius 8, and I am fairly sure /bin/bash was one of them. clamd, yes, is not. :-) == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Autochecking script for clamd
At 06:03 AM 11/28/2003, Christopher X. Candreva wrote: On Thu, 27 Nov 2003 [EMAIL PROTECTED] wrote: > daemontools isn't "special", whatever that means, and bash shells are 'sepcial' is in a default installation. As in there is nothing called daemontools on my Solaris 8 server. There is however both sh and bash. bash is not a part of the default solaris 8 server installation. neither is clamav, for that matter. Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Oversized Zip, again ...
On Thu, 27 Nov 2003 at 23:54:14 +0100, Tomasz Kojm wrote: > On Thu, 27 Nov 2003 18:03:06 +0900 > Jerome Schlumberger <[EMAIL PROTECTED]> wrote: > > > Can someone explain me about the libclamav/scanners.c and this value > > at the line 64 ? Should I increase it again ? > > Please set it to 70 - we need to find an optimal value. Just to remind the fragment we are talking about :-) : #define ZIPOSDET 20 /* FIXME: Make it user definable */ When someone reported problem with "Oversized Zip", it was adviced to increase the value to 50. Now the suggestion is 70. I've got some drastic, but a real-life example. On one of systems I know, a parameter "maximum compression ratio" in some AV scanner had to be increased up to 200 (AFAIR due to zipped .bmp files). Surprisingly, it wasn't enough! It had to be further increased up to 220, this time due to some database files. I have also seen stopped .doc files compressed with ratio 236. And .dbf files with ratio 1101. Also, .wav files with ratio 1182. Users send quite strange things. So an admin may be forced to set ZIPOSDET for some big value. I think that this parameter should be made runtime configurable (in clamav.conf). Not every site compiles Clamav on its own. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Autochecking script for clamd
> > echo $TIMESTAMP " restarting freshclam daemon" > > /usr/local/bin/freshclam -d -c 4 > > --datadir=/var/amavisd/usr/local/share/clamav --log-verbose > > fi > > > > > > FYI - Since installing 0.65 this has recorded no restarts > > Well, but why run freshclam all the time? > I suppose that I could have run a cron job. But in dealing with the problems with clamd I found this easiest for me to manage and track. This computer's only role is to filter mail and pass it on to the main mail server for 50 users. Not much overhead. I think I tried the cron job at first but went to the daemon when troubleshooting clamd dieing. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Autochecking script for clamd
* Lynn Duerksen <[EMAIL PROTECTED]> [20031128 18:58]: wrote: > > > Subject: Re: [Clamav-users] Autochecking script for clamd > > > > > > At 08:50 PM 11/27/2003, Brian Bruns wrote: > > >Well, I should have put this in the last message. > > > > > >I guess the one I threw together doesn't require anything special > > >(doesn't need daemontools), and only needs bash. I have a habit of > > >writing things very simply to be as small and lightweight as > > possible > > >:) > > > > daemontools isn't "special", whatever that means, and bash shells are > > neither small nor lightweight. so, you lose on all counts. > > > > Special is as Special Does! > > I use a simple shell script to check for clamd and freshclam since there > have been versions where both/either died. Plus I timestamp and log. > > As far as daemontools, I could never get it to function properly on my > OpenBSD - Postfix - Amavisd system. This simple script works great. > > #!/bin/sh > # redirect output to /var/log/messages file > exec 1>>/var/log/checkclam > exec 2>&1 > TIMESTAMP=`date +"%b %e %H:%M:%S"` > # Check for clamd daemon > if ! (ps -aU amavisd | grep clamd | grep -v grep > /dev/null) > then > echo $TIMESTAMP "restarting clamd" > # Remove Stale Socket > rm /var/amavisd/clamd.sock > # Start clamd > /usr/local/sbin/clamd > # Timestamp, log and send me a note > echo $TIMESTAMP "restarting clamd" > /tmp/clamrestart.txt > cat /tmp/clamrestart.txt | mail -s "clamd restart report" > [EMAIL PROTECTED] > /dev/null > rm /tmp/clamrestart.txt > /dev/null > fi > if ! (ps -aU amavisd | grep freshclam | grep -v grep > /dev/null) > then > echo $TIMESTAMP " restarting freshclam daemon" > /usr/local/bin/freshclam -d -c 4 > --datadir=/var/amavisd/usr/local/share/clamav --log-verbose > fi > > > FYI - Since installing 0.65 this has recorded no restarts Well, but why run freshclam all the time? cheers - wash +--+-+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +-+--+ "Oh My God! They killed init! You Bastards!" --from a /. post smime.p7s Description: S/MIME cryptographic signature
Re: [Clamav-users] Clam 0.65 and Dazuko
On Thu, 27 Nov 2003 19:29:16 -0500 "Rick Cooper" <[EMAIL PROTECTED]> wrote: > And still when clamd initializes it turns on dazuko. Any thoughts? Make sure you edit the right config file. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Nov 28 15:30:07 CET 2003 pgp0.pgp Description: PGP signature
RE: [Clamav-users] Autochecking script for clamd
> Subject: Re: [Clamav-users] Autochecking script for clamd > > > At 08:50 PM 11/27/2003, Brian Bruns wrote: > >Well, I should have put this in the last message. > > > >I guess the one I threw together doesn't require anything special > >(doesn't need daemontools), and only needs bash. I have a habit of > >writing things very simply to be as small and lightweight as > possible > >:) > > daemontools isn't "special", whatever that means, and bash shells are > neither small nor lightweight. so, you lose on all counts. > Special is as Special Does! I use a simple shell script to check for clamd and freshclam since there have been versions where both/either died. Plus I timestamp and log. As far as daemontools, I could never get it to function properly on my OpenBSD - Postfix - Amavisd system. This simple script works great. #!/bin/sh # redirect output to /var/log/messages file exec 1>>/var/log/checkclam exec 2>&1 TIMESTAMP=`date +"%b %e %H:%M:%S"` # Check for clamd daemon if ! (ps -aU amavisd | grep clamd | grep -v grep > /dev/null) then echo $TIMESTAMP "restarting clamd" # Remove Stale Socket rm /var/amavisd/clamd.sock # Start clamd /usr/local/sbin/clamd # Timestamp, log and send me a note echo $TIMESTAMP "restarting clamd" > /tmp/clamrestart.txt cat /tmp/clamrestart.txt | mail -s "clamd restart report" [EMAIL PROTECTED] > /dev/null rm /tmp/clamrestart.txt > /dev/null fi if ! (ps -aU amavisd | grep freshclam | grep -v grep > /dev/null) then echo $TIMESTAMP " restarting freshclam daemon" /usr/local/bin/freshclam -d -c 4 --datadir=/var/amavisd/usr/local/share/clamav --log-verbose fi FYI - Since installing 0.65 this has recorded no restarts L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 ClamAV version 0.65 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Autochecking script for clamd
where can I get the daemon tools baeed one t test it please? -- Eduardo Kaftanski [EMAIL PROTECTED] Red Hat Certified Engineer/Instructor/Examiner Gerente Ingenieria LinuxCenter S.A. Canada 239 5to Piso, Providencia, Stgo de Chile. http://www.linuxcenter.cl 2745000 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Autochecking script for clamd
On Thu, 27 Nov 2003 [EMAIL PROTECTED] wrote: > daemontools isn't "special", whatever that means, and bash shells are 'sepcial' is in a default installation. As in there is nothing called daemontools on my Solaris 8 server. There is however both sh and bash. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Oversized Zip, again ...
On Fri, 28 Nov 2003 10:11:35 +0900 Jerome Schlumberger <[EMAIL PROTECTED]> wrote: > Ok, I am going to try this, but could you explain to the list what is > the point of this parameter ? if (original_size / compressed_size >= ZIPOSDET) return Oversized.Zip Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Nov 28 14:38:38 CET 2003 pgp0.pgp Description: PGP signature
[Clamav-users] clamd descriptors leakage?
Hi. I'm using clamd/clamav-milter from clamav-devel-latest with sendmail 8.12 on a linux/2.2. Unfortunately, I can't tell when this bug was introduced. At the moment, I'm on clamav-devel-20031125 with clamav-milter patched *a bit* [just to make its 'virus intercepted' emails more useful for our users] Clamd seem to leak some descriptors. Take a look: [EMAIL PROTECTED]:~# grep -i socket /etc/clamav.conf # Remove stale socket after unclean shutdown. FixStaleSocket # Path to the local socket. The daemon doesn't change the mode of the LocalSocket /var/run/clamav/clamd #TCPSocket 3310 So, clamav uses AF_UNIX socket to listen. But after some time [few hours running], there is a bunch of open ports, which clamd is listening on (which I think are not closed after scanning a message received from clamav-milter): [EMAIL PROTECTED]:~# netstat -nlp | grep clam tcp 0 0 0.0.0.0:80760.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:32640 0.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:52369 0.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:27451 0.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:30870.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:13918 0.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:98960.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:53371 0.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:27301 0.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:22677 0.0.0.0:*LISTEN18818/clamd tcp 0 0 0.0.0.0:40824 0.0.0.0:*LISTEN18818/clamd unix 0 [ ACC ] STREAM LISTENING 2976549 18818/clamd /var/run/clamav/clamd unix 0 [ ACC ] STREAM LISTENING 2976557 18824/clamav-milter /var/run/clmilter.sock [EMAIL PROTECTED]:~# ls -al /proc/18818/fd [...] lrwx--1 root proc 64 Nov 28 13:40 0 -> socket:[2976549] lr-x--1 root proc 64 Nov 28 13:40 1 -> pipe:[2976552] lrwx--1 root proc 64 Nov 28 13:40 10 -> /tmp/tmpfYzbdY6\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 11 -> socket:[3051478] lrwx--1 root proc 64 Nov 28 13:40 12 -> socket:[3039092] lrwx--1 root proc 64 Nov 28 13:40 13 -> socket:[3039093] lrwx--1 root proc 64 Nov 28 13:40 14 -> /tmp/tmpfKNhpaY\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 15 -> socket:[3040223] lrwx--1 root proc 64 Nov 28 13:40 16 -> socket:[3039565] lrwx--1 root proc 64 Nov 28 13:40 17 -> socket:[3039566] lrwx--1 root proc 64 Nov 28 13:40 18 -> /tmp/tmpfreM4U7\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 19 -> socket:[3039806] l-wx--1 root proc 64 Nov 28 13:40 2 -> pipe:[2976552] lrwx--1 root proc 64 Nov 28 13:40 20 -> socket:[3039807] lrwx--1 root proc 64 Nov 28 13:40 21 -> /tmp/tmpfedXGCu\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 22 -> socket:[3040224] lrwx--1 root proc 64 Nov 28 13:40 23 -> /tmp/tmpfShHqIm\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 24 -> socket:[3051479] lrwx--1 root proc 64 Nov 28 13:40 25 -> /tmp/tmpfEcVZiN\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 26 -> socket:[3056386] lrwx--1 root proc 64 Nov 28 13:40 27 -> socket:[3054569] lrwx--1 root proc 64 Nov 28 13:40 28 -> socket:[3054570] lrwx--1 root proc 64 Nov 28 13:40 29 -> /tmp/tmpfGoCLhu\ (deleted) l-wx--1 root proc 64 Nov 28 13:40 3 -> /var/log/clamav/clamd.log lrwx--1 root proc 64 Nov 28 13:40 30 -> socket:[3056387] lrwx--1 root proc 64 Nov 28 13:40 31 -> /tmp/tmpfaGK03w\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 32 -> socket:[3063845] lrwx--1 root proc 64 Nov 28 13:40 33 -> socket:[3063846] lrwx--1 root proc 64 Nov 28 13:40 34 -> /tmp/tmpfPkfDwB\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 35 -> socket:[3076204] lrwx--1 root proc 64 Nov 28 13:40 36 -> socket:[3076205] lrwx--1 root proc 64 Nov 28 13:40 37 -> /tmp/tmpfLqwRtn\ (deleted) lrwx--1 root proc 64 Nov 28 13:40 38 -> socket:[3113720] lrwx--1 root proc 64 Nov 28 13:40 39 -> socket:[3113721] lrwx--1 root proc 64 Nov 28 13:40 4 -> socket:[2976537] lrwx--1 root proc 64 Nov 28 13:40 40 -> /tmp/tmpf2LuNwM\ (deleted) lr-x--1 root proc 64 Nov 28 13:40 5 -> /usr/share/clamav/ lr-x--1 root proc 64 Nov 28 13:40 7 -> /dev/urandom lrwx--1 root proc 64 Nov 28 13:40 8 -> socket:[3039412] lrwx--1 root
Re: [Clamav-users] clamav-milter: is it possble to mark infected e-mail, but still deliver it to addressee ?
Hi! On Fri, 28 Nov 2003, Tommi Rintala wrote: TR>I hope that I didn't understand the original question wrong, but how about TR>installing amavis to work with clamav. It could inform the user that an TR>infected mail message was tried to be delivered, but was stopped (so no TR>actual delivery is done). TR> TR>Therefore the actual delivery is confirmed, but the contents (virus) is TR>not. Current clamav-milter can do this for you. misha. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Autochecking script for clamd
[EMAIL PROTECTED] wrote: At 08:50 PM 11/27/2003, Brian Bruns wrote: Well, I should have put this in the last message. I guess the one I threw together doesn't require anything special (doesn't need daemontools), and only needs bash. I have a habit of writing things very simply to be as small and lightweight as possible :) daemontools isn't "special", whatever that means, and bash shells are neither small nor lightweight. so, you lose on all counts. To be honest, Brian's script only requires /bin/sh (it contains no bash-isms), and it does not rely on other packages besides clamd), so it should run on most UNIXens (even on DJB-free ones). Thomas --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter: is it possble to mark infected e-mail, but still deliver it to addressee ?
At 11:29 PM 11/27/03, you wrote: >Hello Brian, > >I hope you don´t laugh too much and think about the problems of filtering mails from >time to time: > >67.106.13.26 does not like recipient. >... Schicken Sie hat abgelehnt ab. Es war >entweder werbe, dumm, oder nur Drgern. >Giving up on 67.106.13.26. > >Can you tell me what Drgern means? And who did this nice translation? (A 4 year old >child after his 3rd german lesson? Is it usual that you get rude within a >smtp-session?) Did you notice that a mail sent to you was filtered? Do your users >know that? What about false positives? Just laugh - or think - a bit about this. ;-) You'd have to take that specific rule up with the owner of the company, he personally installed it on all of our residential mail servers. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Autochecking script for clamd
At 08:50 PM 11/27/2003, Brian Bruns wrote: Well, I should have put this in the last message. I guess the one I threw together doesn't require anything special (doesn't need daemontools), and only needs bash. I have a habit of writing things very simply to be as small and lightweight as possible :) daemontools isn't "special", whatever that means, and bash shells are neither small nor lightweight. so, you lose on all counts. Paul Theodoropoulos http://www.anastrophe.com --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter: is it possble to mark infected e-mail, but still deliver it to addressee ?
Christoph Cordes wrote:
I hope you don´t laugh too much and think about the problems of filtering mails from time to time:
67.106.13.26 does not like recipient.
... Schicken Sie hat abgelehnt ab. Es war
entweder werbe, dumm, oder nur Drgern.
Giving up on 67.106.13.26.
Can you tell me what Drgern means? And who did this nice translation? (A 4 year old child after his 3rd german lesson? Is it usual that you get rude within a smtp-session?) Did you notice that a mail sent to you was filtered? Do your users know that? What about false positives? Just laugh - or think - a bit about this. ;-)
I think it was "Ärgern" ("fret" or "annoy" in english, according to
LEO), but now the 8th bit is stripped off ;-)
But I agree on the translation quality :-)
Thomas
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter: is it possble to mark infected e-mail, but still deliver it to addressee ?
Hello Brian, Friday, November 28, 2003, 6:34:40 AM, you wrote: BWA> We do run ClamAV at the ISP level and we've had one user ask that we BWA> not filter their email. My response was to laugh, my boss offered to BWA> mail the user one of the AOL CD's we've got laying around and to cancel BWA> their account with us. BWA> Users don't get to demand the delivery of messages we've determined BWA> contain a payload that can be a danger both to their machine and our BWA> network if they're stupid enough to be infected by it. Those that try BWA> are encouraged to come to their senses or to become the problem of BWA> another ISP. BWA> Filtering for spam, yes, we do disable that upon request. The virus BWA> filters though are not negotiable. I hope you don´t laugh too much and think about the problems of filtering mails from time to time: 67.106.13.26 does not like recipient. ... Schicken Sie hat abgelehnt ab. Es war entweder werbe, dumm, oder nur Drgern. Giving up on 67.106.13.26. Can you tell me what Drgern means? And who did this nice translation? (A 4 year old child after his 3rd german lesson? Is it usual that you get rude within a smtp-session?) Did you notice that a mail sent to you was filtered? Do your users know that? What about false positives? Just laugh - or think - a bit about this. ;-) -- Best regards, Christophmailto:[EMAIL PROTECTED] --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter: is it possble to mark infected e-mail, but still deliver it to addressee ?
I hope that I didn't understand the original question wrong, but how about installing amavis to work with clamav. It could inform the user that an infected mail message was tried to be delivered, but was stopped (so no actual delivery is done). Therefore the actual delivery is confirmed, but the contents (virus) is not. yours, -- Tommi Rintalapuhelin: 044-767 7770 WasaLab Oy web: http://www.wasalab.fi/ PL 365 käyntios: Wolffintie 36 F2 65101 VAASA 65200 VAASA On Thu, 27 Nov 2003, Brian W. Antoine wrote: > At 01:10 PM 11/27/03, you wrote: > >Hello Brian, > > > >Thursday, November 27, 2003, 9:25:01 PM, you wrote: > > > >BWA> At 11:11 AM 11/27/03, you wrote: > >>>Unfortunately not all our users are happy of the situation > >>>when they cannot get e-mails with viruses in them. > > > >BWA> You've got to be kidding. Did the user take the hint when you had > >BWA> trouble replying because you were laughing too hard? > > > >already and they offer solutions for it (KAV,McAfee,H+B EDV for example). And if > >you run Clam as an ISP it can be a real problem, if you have a user that demands > >this messages to be delivered you have a lot of work while sort them out. > > We do run ClamAV at the ISP level and we've had one user ask that we > not filter their email. My response was to laugh, my boss offered to > mail the user one of the AOL CD's we've got laying around and to cancel > their account with us. > > Users don't get to demand the delivery of messages we've determined > contain a payload that can be a danger both to their machine and our > network if they're stupid enough to be infected by it. Those that try > are encouraged to come to their senses or to become the problem of > another ISP. > > Filtering for spam, yes, we do disable that upon request. The virus > filters though are not negotiable. > > > > > --- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
