[Clamav-users] clamav-milter, "Please try again later" message.
Hello. Sometimes I see in maillog: Feb 25 04:03:59 clamav-milter[7350]: clamfi_header: Received: from 192.168.1.1 ([192.168.1.1]) by mail(WinRoute Pro 4.1) with SMTP; Tue, 24 Feb 2004 21:34:29 +0400 Feb 25 04:03:59 clamav-milter[7350]: clamfi_header: From: XX Feb 25 04:03:59 clamav-milter[7350]: write failure to clamd Feb 25 04:03:59 sendmail[7349]: i1OMRXXv007349: Milter: data, reject=451 4.7.1 Please try again later Feb 25 04:03:59 sendmail[7349]: i1OMRXXv007349: to=, delay=00:02:55, pri=572864, stat=Please try again la That do you think about add options "ignore scanning error" to clamav-milter ? Some servers must deliver mail in any case... -- Regards, Sergey --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Multiple viruses in same file.
Virgo Pärna sighed and wrote:: > It seems, that currently clamav stops scanning file, when it > finds that it's infected. But for testing purposes it would be nice, > if there would be swetch to run full db scan - so that the for file But wouldn't that waste cpu cycles when it has already been confirmed that the said file is infected? I mean, if say you were scanning your system and you find an infected(non-quarantined) file; would you care which virus(es) infected it? I for one would immediately delete it. In the case of automatic scanning by clamdscan, I would set mimedefang to delete it as well. That'd be my gut reaction to any infected files. However, with that said, I think it would be interesting to see the statistics of whether or not such files(infected by multiple viruses) do pass through the system. Edmund --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam error
On Wednesday 25 February 2004 12:24 am, Niber wrote: > Antony Stone a écrit : > > Do you always receive the error from the cron job, or did it just happen > > one or two times? > One or two times I would say that is "normal" then, simply due to synchronisation problems of the signatures database on the remote server. We all get those from time to time. Regards, Antony. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Please reply to the list; please don't CC me. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam error
One or two times Thanks for your help Niber Antony Stone a écrit : Do you always receive the error from the cron job, or did it just happen one or two times? Antony. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam error
On Tuesday 24 February 2004 8:36 pm, Niber wrote: > Hello, > > I receive this mail from > Cron <[EMAIL PROTECTED]> /usr/local/bin/freshclam --quiet -l > /var/log/clam-update.log : > > ERROR: Verification: Broken or not a CVD file. > > When I manually run freshclam it looks fine > > Where is the problem with freshclam ? Do you always receive the error from the cron job, or did it just happen one or two times? Antony. -- If the human brain were so simple that we could understand it, we'd be so simple that we couldn't. Please reply to the list; please don't CC me. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] freshclam error
Hello, I receive this mail from Cron <[EMAIL PROTECTED]> /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log : ERROR: Verification: Broken or not a CVD file. ERROR: Verification: Broken or not a CVD file. ERROR: Verification: Broken or not a CVD file. When I manually run freshclam it looks fine : # freshclam ClamAV update process started at Tue Feb 24 21:27:57 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 138, sigs: 808, f-level: 1, builder: tomek) Database updated (20795 signatures) from database.clamav.net (64.18.103.6). serveur:~# Where is the problem with freshclam ? Niber --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [signatures] How to use self-made signatures ?
On Tue, 24 Feb 2004 at 15:46:18 +0100, David Girardey wrote: > >> I'm testing signatures extraction with a 'home-made' virus : I extract > >> a piece of a binary file (jpeg file), and put it into a test.virus.db > > TP> No. First you must do a hex dump of the binary fragment. It's described > TP> in the doc. > > I use the "by hand" method. Good. > My steps are : > use the command od -x to view my jpeg file into hex, > copy a string of ~50 characters to my .sig, > add "Name.Virus (Clam)=" in .sig, > rename in .db > > Is it right ? Well, it depends on what you do with the 'od -x' output. Its format is like the following: 000 5a4d 0050 0002 0004 000f 020 00b8 2004 0040 001a while signature must be formed with continuous string of hex chars, like 5a4d00520004 etc. Also, be cautious not to insert any "foreign" chars like newlines, EOFs. If it still doesn't work, you must be doing some mistake :-). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Submission to virusbtn.com and AV-test.org?
On Tuesday 24 February 2004 1:46 pm, Mitch (WebCob) wrote: > I was given a pdf of a response time article written by Andreas > Marx at AV-test.org, but on a side note, she thinks he was unofficially > stating that Clam AV had only a 56% rate detection of virii in the wild - > I'd say my experience is better, perhaps this is someone to chat with? I wonder how long ago this was tested (ClamAV's signatures have really come on in the last 6-12 months), and also whether the testing was done with viruses which are currently in the wild, or with viruses which have been known to be in the wild (ClamAV does much better with current threats than with historical curiosities). Regards, Antony. -- The difference between theory and practice is that in theory there is no difference, whereas in practice there is. Please reply to the list; please don't CC me. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Submission to virusbtn.com and AV-test.org?
> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Mitch (WebCob) > Sent: 24. februar 2004 14:46 > To: [EMAIL PROTECTED] > Subject: [Clamav-users] Submission to virusbtn.com and AV-test.org? > > I was given a pdf of a response time article written by Andreas > Marx at AV-test.org, but on a side note, she thinks he was unofficially > stating that Clam AV had only a 56% rate detection of virii in the wild - > I'd say my experience is better, perhaps this is someone to chat with? > We're already in contact with Andreas Marx from AV-Test.org. They're tracking ClamAVs response time, but currently I'm not allowed to publish their results :-( You can read their first test result at http://www.pcwelt.de/news/viren_bugs/37827/2.html (or http://www.av-test.org). Best regards, Diego d'Ambra smime.p7s Description: S/MIME cryptographic signature
Re[2]: [Clamav-users] [signatures] How to use self-made signatures ?
Hello Tomasz, TP> On Tue, 24 Feb 2004 at 11:05:32 +0100, David Girardey wrote: >> >> I'm testing signatures extraction with a 'home-made' virus : I extract >> a piece of a binary file (jpeg file), and put it into a test.virus.db TP> No. First you must do a hex dump of the binary fragment. It's described TP> in the doc. I use the "by hand" method. My steps are : use the command od -x to view my jpeg file into hex, copy a string of ~50 characters to my .sig, add "Name.Virus (Clam)=" in .sig, rename in .db Is it right ? >> I use the creating signature manual to take a good string (size >> between 40 and 200, etc). >> >> I put this test.virus.db into my database directory (with daily.cvd >> and main.cvd). >> >> I test this signature with this command : >> >> clamscan --mbox /tmp/image.jpg TP> For testing purposes, quicker is using only that test signature: TP> clamscan -d test.virus.db /path/fileforscanning Thanks for your tips ! Regards, -- David Girardey / Agence France Presse mailto:[EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Submission to virusbtn.com and AV-test.org?
I was looking for reviews on virus protection quality as well as response time... Helen, the editor of virusbtn.com says as far as she knows, Clam AV has never been submitted for review. I asked for details on the process, and ask here if there is any reason NOT to submit to various reviewers - don't want to step on toes, but I figure the broader range of support we can get for the project, the faster our response times will be to detecting virii in the wild etc. I was given a pdf of a response time article written by Andreas Marx at AV-test.org, but on a side note, she thinks he was unofficially stating that Clam AV had only a 56% rate detection of virii in the wild - I'd say my experience is better, perhaps this is someone to chat with? Don't want to step on toes, so I thought I'd ask before I kept digging. Thanks! m/ --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamuko?
> Please don't use it yet - it will be back in the next week. That's excellent news! Thanks Tomasz! --Claudio Los mejores usados y las más tentadoras ofertas de 0km están en Yahoo! Autos. Comprá o vendé tu auto en http://autos.yahoo.com.ar --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [signatures] How to use self-made signatures ?
On Tue, 24 Feb 2004 at 11:05:32 +0100, David Girardey wrote: > > I'm testing signatures extraction with a 'home-made' virus : I extract > a piece of a binary file (jpeg file), and put it into a test.virus.db No. First you must do a hex dump of the binary fragment. It's described in the doc. > I use the creating signature manual to take a good string (size > between 40 and 200, etc). > > I put this test.virus.db into my database directory (with daily.cvd > and main.cvd). > > I test this signature with this command : > > clamscan --mbox /tmp/image.jpg For testing purposes, quicker is using only that test signature: clamscan -d test.virus.db /path/fileforscanning -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] [signatures] How to use self-made signatures ?
Hi, I'm testing signatures extraction with a 'home-made' virus : I extract a piece of a binary file (jpeg file), and put it into a test.virus.db I use the creating signature manual to take a good string (size between 40 and 200, etc). I put this test.virus.db into my database directory (with daily.cvd and main.cvd). I test this signature with this command : clamscan --mbox /tmp/image.jpg But clamscan doesn't detect my signature, the file is not infected for him. I use clamav 0.67-1. Any idea someone ? Regards, -- David Girardey / Agence France Presse mailto:[EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Multiple viruses in same file.
It seems, that currently clamav stops scanning file, when it finds that it's infected. But for testing purposes it would be nice, if there would be swetch to run full db scan - so that the for file infected with multiple viruses allt of them would be recognized. For example - I received virus mails that clamav recognized as "CIH #2", NAV recognised them as Swen.A (Gibe.F in clamav). Which rises another interesting question - if some new worm like Swen.A is infected with some old filoe virus, would it be possible, that it's infected so badly, that clamav does not recognize it as virus? It probably depends of signature. Anyway, I'm glad, that clamav does recognize CIH - it was quite nasty virus. -- Virgo Pärna [EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users