[Clamav-users] FYI : recent clamav db updates, Google groups

[Fajar A. Nugraha]

FYI, this is the time and number of new virus added to daily.cvd in
the last 11 days.
The numbers are pretty impressive. The details, including virus names,
is available on clamav-virusdb archive.

[EMAIL PROTECTED] fajar]$ for file in 461 462 463 464 465 466 467 468 469
470 471 472 473 474 475;do host -t any
built.$file.daily.db.clamav.or.id;host -t any
newcount.$file.daily.db.clamav.or.id;done
built.461.daily.db.clamav.or.id text 19 Aug 2004 20-18 +0200
newcount.461.daily.db.clamav.or.id text 8
built.462.daily.db.clamav.or.id text 19 Aug 2004 22-27 +0200
newcount.462.daily.db.clamav.or.id text 101
built.463.daily.db.clamav.or.id text 20 Aug 2004 11-13 +0100
newcount.463.daily.db.clamav.or.id text 57
built.464.daily.db.clamav.or.id text 20 Aug 2004 16-53 +0200
newcount.464.daily.db.clamav.or.id text 7
built.465.daily.db.clamav.or.id text 23 Aug 2004 11-22 +0200
newcount.465.daily.db.clamav.or.id text 6
built.466.daily.db.clamav.or.id text 23 Aug 2004 18-39 +0200
newcount.466.daily.db.clamav.or.id text 0
built.467.daily.db.clamav.or.id text 24 Aug 2004 23-32 +0200
newcount.467.daily.db.clamav.or.id text 34
built.468.daily.db.clamav.or.id text 25 Aug 2004 15-57 +0200
newcount.468.daily.db.clamav.or.id text 10
built.469.daily.db.clamav.or.id text 27 Aug 2004 00-43 +0200
newcount.469.daily.db.clamav.or.id text 0
built.470.daily.db.clamav.or.id text 27 Aug 2004 12-38 +0100
newcount.470.daily.db.clamav.or.id text 26
built.471.daily.db.clamav.or.id text 29 Aug 2004 02-29 +0200
newcount.471.daily.db.clamav.or.id text 53
built.472.daily.db.clamav.or.id text 30 Aug 2004 03-10 +0200
newcount.472.daily.db.clamav.or.id text 3
built.473.daily.db.clamav.or.id text 31 Aug 2004 21-27 +0200
newcount.473.daily.db.clamav.or.id text 0
built.474.daily.db.clamav.or.id text 31 Aug 2004 22-49 +0200
newcount.474.daily.db.clamav.or.id text 17
built.475.daily.db.clamav.or.id text 01 Sep 2004 00-53 +0200
newcount.475.daily.db.clamav.or.id text 1

OT, is there a possibility of moving this list to google groups?
Archiving and search features there is really nice :)


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Messages that got through clam

[Nigel Horne]

On Wednesday 01 Sep 2004 00:52, Philip Ershler wrote:
 I am running clam in series with RAV on CommuniGate Pro via cgpav. The 
 messages go through clam first and if clam says OK then they go through 
 RAV. Today RAV caught 4 messages that clam thought were OK. The 
 following lines are from the RAV log. Should I provide the original 
 messages to the clam team, via appropriate methods?

Yes, please send the original emails not just the attachments

 And by the way, how  
 does one send the clam team apparently virus laden e-mail?

zip them with the password virus and email to me personally if you
suspect it's an email decoding problem or to http://www.clamav.net if
you suspect that they are viruses not in the table.

 Thanks, Phil

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] LibClamAV Warning: Not all attachments will be scanned

[Nigel Horne]

On Tuesday 31 Aug 2004 19:55, Daniel J McDonald wrote:
 Checking my virus quarantine and came across:
 $ clamscan --mbox --stdout virus-20040831-*
 [...]
 virus-20040831-102553-18818-02-12: Worm.Bagle.N FOUND
 LibClamAV Warning: Not all attachments will be scanned
 LibClamAV Warning: Not all attachments will be scanned
 LibClamAV Warning: Not all attachments will be scanned
 virus-20040831-102843-20225-01-18: OK
 virus-20040831-103636-18818-02-44: Worm.SomeFool.I FOUND
 [...]
 
 virus-20040831-102843-20225-01-18 contains a midi file (which is why I
 block it) and other fluff - is that the message that is not being
 scanned?

This message will no longer occur in 0.80 (all attachments are scanned).
This new functionality available now in the developer's release available in CVS.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] LibClamAV Warning: Not all attachments will be scanned

[Tomasz Papszun]

On Tue, 31 Aug 2004 at 13:55:39 -0500, Daniel J McDonald wrote:
[...]
 Incidentally, I've gotten a number of .chm files lately in a unicode
 message.  Clamav hasn't twigged on them, but I ban them with amavis-new
 anyway.  Are there any known exploits with .chm files, or is that just
 another way to move SPAM around?

Yes, there are known exploits with .chm files.

An example notice is at
http://www.us-cert.gov/cas/techalerts/TA04-099A.html

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org

[Maurizio Marini]

as subscriber to Modssl-users, i'm receiving by yestarday many copies of an
email with subject: foto
coming from engelschall
i think some of them have received it , too

is this mail infected?
if yes, why clamav doesn't recognize it?
maurizio




---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Install Clam-dev

[Frank Elsner]

On Wed, 01 Sep 2004 17:26:43 +0800 Wilson Mak wrote:
 I like to install clamav dev version, but got these errors when running 
 make:
 
 cd .  /bin/sh /usr/local/src/clamav-devel-latest/missing --run autoconf
 configure.in:20: error: Autoconf version 2.58 or higher is required
 aclocal.m4:529: AM_INIT_AUTOMAKE is expanded from...
 configure.in:20: the top level
 autom4te: /usr/bin/m4 failed with exit status: 1
 make: *** [configure] Error 1

Strange. No problem with RH-7.3, autoconf-2.13-17

--Frank Elsner




---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org

[Jo Mills]

On Wed, Sep 01, 2004 at 02:20:37PM +0200, Maurizio Marini wrote:
 as subscriber to Modssl-users, i'm receiving by yestarday many copies of an
 email with subject: foto
 coming from engelschall
 i think some of them have received it , too
 
 is this mail infected?
 if yes, why clamav doesn't recognize it?
 maurizio
 
Hi Maurizio,

Just to let you know we run ClamAV 0.75.1-3 (Debian package) here and
it seems to have caught such a foto e-mail OK.  Please see the
report below:

   Date: Tue, 31 Aug 2004 20:26:46 +0100
   To: [EMAIL PROTECTED]
   From: MailScanner [EMAIL PROTECTED]
   Subject: Warning: E-mail viruses detected

   The following e-mail messages were found to have viruses in them:

   Sender: [EMAIL PROTECTED]
   IP Address: 127.0.0.1
   Recipient: name-withheld@localhost
   Subject:  foto
   MessageID: 1C2EH9-0002Sn-00
   Report: ClamAV: fotos.zip contains Trojan.JS.RunMe

As you can see, it seems to work OK.

Regards,

Jo.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org

[xterm1]

|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] Behalf Of Maurizio
|Marini
|Sent: Wednesday, September 01, 2004 8:21 AM
|To: [EMAIL PROTECTED]
|Subject: [Clamav-users] foto From: Rse [EMAIL PROTECTED] To:
|Modssl-users [EMAIL PROTECTED]
|
|
|as subscriber to Modssl-users, i'm receiving by yestarday many copies of an
|email with subject: foto
|coming from engelschall
|i think some of them have received it , too
|
|is this mail infected?
|if yes, why clamav doesn't recognize it?
|maurizio
|
|
|
I recieved the foto Virus, Clamav and f-prot both found it apon scanning
Brian



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] MD5 crashes... (fwd)

[Dennis Peterson]

Andy Fiddaman wrote:
Since the latest daily update, ClamAV has been crashing here with every
email it scans, has anyone else seen this ?
It appears to be related to the new .hdb file containing an EICAR signature.
ClamAV version devel-20040819
I reverted to .75.1 and got things going again. We were receiving quite a few 
viruses/minute at the time and the down time was an unneeded source of stress. 
But it is all working so that is a good thing.

dp
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: MD5 crashes... (fwd)

[Mark G. Thomas]

On Tue, Aug 31, 2004 at 04:55:51PM -0500, David Champion wrote:
 * On 2004.08.31, in [EMAIL PROTECTED],
 * Andy Fiddaman [EMAIL PROTECTED] wrote:
  
  Since the latest daily update, ClamAV has been crashing here with every
  email it scans, has anyone else seen this ?
  It appears to be related to the new .hdb file containing an EICAR signature.
 
 Yes. I get almost the same backtrace as you. I've had to disable clam
 to get mail through -- I've been fighting with this one since 14:47
 GMT-0500, but since I couldn't receive mail, I didn't know I wasn't
 alone.
 
 I'm running today's CVS on Solaris 9/SPARC -- haven't made much progress
 on it, as I was making other major changes in my mail system at the time
 this struck. Red herrings galore.
 
 -- 
  -D.[EMAIL PROTECTED]  NSIT::ENSS

We had the same problem here.  I had been running clamav-devel-20040727,
but as of yesterday evening's freshclam update, clamd would die as soon
as it tried to scan any content.  This morning I updated to clamav-0.75.1,
and this seems to have fixed the problem.  If you are not up to
clamav-0.75.1, I strongly suggest updating.

Mark


-- 
Mark G. Thomas ([EMAIL PROTECTED])
voice: 215-591-3695
http://www.misty.com/  http://mail-cleaner.com/


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] MD5 crashes... (fwd)

[Tomasz Kojm]

On Tue, 31 Aug 2004 21:03:22 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 
 Since the latest daily update, ClamAV has been crashing here with
 every email it scans, has anyone else seen this ?
 It appears to be related to the new .hdb file containing an EICAR
 signature.
 
 ClamAV version devel-20040819
 
 Initial backtrace is (more details when I've investigated a bit more):
 
 Program received signal SIGSEGV, Segmentation fault.
 __md5_process_block (buffer=0x1006cfc3a, len=64,
 ctx=0x7fffea10)
 at md5.c:338

Fixed in CVS.

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Sep  1 16:13:36 CEST 2004


pgpTZRqesFLlL.pgp
Description: PGP signature

Re: [Clamav-users] Can I submit a file if I'm not sure it's a virus?

[D.J. Fan]

D.J. Fan wrote:
I just received 3 emails with a subject of 'foto' or 'fotos'
and a zip attachment named 'foto.zip' with 'calc.exe' and 'foto.htm'
contained therein that passed through 3 different scanners undetected.
This is Trojan.Dropper.Small-11 added in ClamAV update 475 just in the last 
hour.  I got a couple that slipped through just before the update, but they 
are being caught now.  My other virus scanners still don't detect it.

James Lick 
It was Trojan.Dropper.Small-11 that Symantec calls Download.Ject.C
It was discovered August 28th, and it infected a computer on my network
on that day, but for some reason, no anti-virus vendor that I am aware of
put it in their pattern file until August 31st. It disables descktop 
anti-virus
programs. This allowed the same computer to get infected with a Beagle
virus. I have 4 scanners on our network, ClamAV, Panda, Symantec and Trend
Micro. It just goes to show you how easy it is for a blended threat to 
occur.

New rule: quarantine all zip attachments. (I do this on my main network but
have no control over a few machines that need to use a different email 
provider.)

_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: MD5 crashes... (fwd)

[Christopher X. Candreva]

On Wed, 1 Sep 2004, Andy Fiddaman wrote:

 ;  Since the latest daily update, ClamAV has been crashing here with every
 ;  email it scans, has anyone else seen this ?

 ; Yes. I get almost the same backtrace as you. I've had to disable clam
 ; ...
 ; I'm running today's CVS on Solaris 9/SPARC -- haven't made much progress
 
 Same here, Solaris 9.

AOLMe too/AOL -- Solaris 8 on Sparc, gcc  3.4.0, was running 20040805

Now back at 0.75.1, was going to try the devel-20040901 snapshot before 
posting when I saw this thread.


==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] foto From: Rse rse@engelschall.com To: Modssl-users modssl-users@modssl.org

[BitFuzzy]

Jo Mills wrote:
On Wed, Sep 01, 2004 at 02:20:37PM +0200, Maurizio Marini wrote:
 

as subscriber to Modssl-users, i'm receiving by yestarday many copies of an
email with subject: foto
coming from engelschall
i think some of them have received it , too
   

In my opinion the modssl users list has been made useless.
heh you can't even get off the darn thing.
Due to virus and spam being sent through the list, I ended up having to 
black list the list.
Emails to the maintainer don't even get answered.

I am very happy to find that the clamav list has nothing in common ;)
Regards
KC
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] old database format no longer available

[Luca Gibelli]

Dear ClamAV users,

as previously announced [*], we stopped distributing the database in the old
format (viruses.db, viruses.db2). The old database has been completely removed 
from our main site and mirrors.

If you are still using ClamAV 0.60 (or older) you should upgrade
immediately.



The ClamAV team (http://www.clamav.net/team.html)

[*] http://www.gossamer-threads.com/lists/clamav/announce/10454

-- 
Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner
PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87  D802 6277 8FF4 5EFC 5582
PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: MD5 crashes... (fwd)

[David Champion]

* On 2004.09.01, in [EMAIL PROTECTED],
*   Christopher X. Candreva [EMAIL PROTECTED] wrote:
 
 AOLMe too/AOL -- Solaris 8 on Sparc, gcc  3.4.0, was running 20040805

Heh. Sounds like the tighter memory access protection (~ it's better
to bus or memory fault than to corrupt data) introduced in Solaris 8
is putting us at the bloody edge of of bug detection again. I'm pleased
that the Clam team are ready and qualified to fix them - some vendors
I've dealt with are not.

-- 
 -D.[EMAIL PROTECTED]  NSIT::ENSS


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: MD5 crashes... (fwd)

[Igor Brezac]

On Wed, 1 Sep 2004, Christopher X. Candreva wrote:
On Wed, 1 Sep 2004, Andy Fiddaman wrote:
;  Since the latest daily update, ClamAV has been crashing here with every
;  email it scans, has anyone else seen this ?

; Yes. I get almost the same backtrace as you. I've had to disable clam
; ...
; I'm running today's CVS on Solaris 9/SPARC -- haven't made much progress

Same here, Solaris 9.
AOLMe too/AOL -- Solaris 8 on Sparc, gcc  3.4.0, was running 20040805
Now back at 0.75.1, was going to try the devel-20040901 snapshot before
posting when I saw this thread.
Do not try.  It is broken as well...
--
Igor
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: MD5 crashes... (fwd)

[Andy Fiddaman]

On Wed, 1 Sep 2004, David Champion wrote:

; * On 2004.09.01, in [EMAIL PROTECTED],
; * Christopher X. Candreva [EMAIL PROTECTED] wrote:
; 
;  AOLMe too/AOL -- Solaris 8 on Sparc, gcc  3.4.0, was running 20040805
;
; Heh. Sounds like the tighter memory access protection (~ it's better
; to bus or memory fault than to corrupt data) introduced in Solaris 8
; is putting us at the bloody edge of of bug detection again. I'm pleased
; that the Clam team are ready and qualified to fix them - some vendors
; I've dealt with are not.
;

Yep, it looks like an alignment error. The SPARC MMU doesn't allow reading
a 32-bit block unless it's the bottom or top half of a word.

The fix from Tomasz was very quick, a lot better than any commercial
vendor I've dealt with, just waiting for it to be visible in CVS!


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] List Down

[Michael St. Laurent]

Daniel J McDonald  wrote:
 No, merely slow.  It only took 4 hours to be delivered to me.  What do
 you want?  Back in the bad old days we only got mail once a month,
 over a 1200 baud modem, in the snow, uphill both ways!  And you're
 complaining about a 4-hour delay?  Young whippersnapper! ;-)

You had a 1200 baud modem!?  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [SPAM] Re: [Clamav-users] OS X Installer and Permissions

[cH4os]

On Tue, 31 Aug 2004 12:39:55 -0500
Chris Jett [EMAIL PROTECTED]> wrote:

I am working on a double-click installer for Mac OS X.  Everything 
seems to be working OK and I am able to start clamd just fine and scan

files just fine.  The only problem I am seeing is when trying to use 
freshclam.  Here is the error I get on the command line:

ClamAV update process started at Tue Aug 31 12:29:38 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./clamav-1a227263d1e5cc92 to write
open: Permission denied
ERROR: Can't download main.cvd from 64.69.64.158

Make sure the database directory (usually /usr/local/share/clamav) is
writeable for freshclam.


   Tomasz,

please send me copy!   I'd appreciate it! Or let me know were to download!


cH4os  '}|

Re: [Clamav-users] List Down

[Jeff Wimmer]

300 baud telephone cup modem here.then 1200when I got 2400 and the
screen scrolled by faster than I could read, I KNEW I was in tall cotton
then.:-)


Jeff
[EMAIL PROTECTED]






- Original Message - 
From: Michael St. Laurent [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 01, 2004 1:16 PM
Subject: RE: [Clamav-users] List Down


 Daniel J McDonald  wrote:
  No, merely slow.  It only took 4 hours to be delivered to me.  What do
  you want?  Back in the bad old days we only got mail once a month,
  over a 1200 baud modem, in the snow, uphill both ways!  And you're
  complaining about a 4-hour delay?  Young whippersnapper! ;-)

 You had a 1200 baud modem!?  ;-D

 -- 
 Michael St. Laurent
 Hartwell Corporation


 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 8/30/2004




---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] MD5 crashes... (fwd)

[Andy Fiddaman]

On Wed, 1 Sep 2004, Tomasz Kojm wrote:
; On Tue, 31 Aug 2004 21:03:22 + (GMT)
; Andy Fiddaman [EMAIL PROTECTED] wrote:
;
; 
;  Since the latest daily update, ClamAV has been crashing here with
;  every email it scans, has anyone else seen this ?
;  It appears to be related to the new .hdb file containing an EICAR
;  signature.
; 
;  ClamAV version devel-20040819
; 
;  Initial backtrace is (more details when I've investigated a bit more):
; 
;  Program received signal SIGSEGV, Segmentation fault.
;  __md5_process_block (buffer=0x1006cfc3a, len=64,
;  ctx=0x7fffea10)
;  at md5.c:338
;
; Fixed in CVS.

* libclamav: replace current MD5 implementation with another one

A bit drastic ;)

This one does look cleaner though, and doesn't have a dependance on the
data being 32-bit aligned, looks like it might be faster as well.

Thanks again for the quick fix.

Andy


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] EICAR Test File

[Andy Fiddaman]

I've been re-running some tests on an EICAR file here with mixed results.

According to the eicar web page:

The first 68 characters is the known string. It may be optionally
appended by any combination of whitespace characters with the total file
length not exceeding 128 characters.

If I scan the minimal 68-byte file, then the test virus is detected, but
if I add any whitespace to the end of this then it is not.

Is this a problem with the current signature ?

A.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Damian Menscher]

On Wed, 1 Sep 2004, Andy Fiddaman wrote:

 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

I don't see that with clamav-0.75.1.

Personally, I'm intrigued by the fact that the first two characters are
not required, and neither are the last 26.  It matches on just 38
characters:
  [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA  (with _ replaced by -)

Interestingly, there's also a second signature (Trivial.Eicar.122) that
adds a few more characters (RD-ANTIV) on to the end.  Not sure what the
purpose of that is

For completeness, the malware md5 signature requires exactly 68 bytes,
which might be what you were seeing?

Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Tomasz Kojm]

On Wed, 1 Sep 2004 22:01:48 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total
 file length not exceeding 128 characters.
 
 If I scan the minimal 68-byte file, then the test virus is detected,
 but if I add any whitespace to the end of this then it is not.
 
 Is this a problem with the current signature ?

The current signature is more compatible with the official definition
than the old one ;-)

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep  2 01:32:24 CEST 2004


pgpeDgCTMl9JA.pgp
Description: PGP signature

Re:[Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 19:01 


I've been re-running some tests on an EICAR file here with mixed results.

According to the eicar web page:

The first 68 characters is the known string. It may be optionally
appended by any combination of whitespace characters with the total file
length not exceeding 128 characters.

If I scan the minimal 68-byte file, then the test virus is detected, but
if I add any whitespace to the end of this then it is not.

Is this a problem with the current signature ?

A.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Tomasz Kojm]

On Wed, 1 Sep 2004 22:01:48 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 
 I've been re-running some tests on an EICAR file here with mixed
 results.
 
 According to the eicar web page:
 
 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total
 file length not exceeding 128 characters.
 

This is the correct definition:

Any anti-virus product that supports the test file should detect it in
any file providing that the file starts with the following 68
characters, and is exactly 68 bytes long

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep  2 01:53:03 CEST 2004


pgpHN49HOsbjs.pgp
Description: PGP signature

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:07 

On Wed, 1 Sep 2004, Andy Fiddaman wrote:

 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

I don't see that with clamav-0.75.1.

Personally, I'm intrigued by the fact that the first two characters are
not required, and neither are the last 26.  It matches on just 38
characters:
  [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA  (with _ replaced by -)

Interestingly, there's also a second signature (Trivial.Eicar.122) that
adds a few more characters (RD-ANTIV) on to the end.  Not sure what the
purpose of that is

For completeness, the malware md5 signature requires exactly 68 bytes,
which might be what you were seeing?

Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:36 

On Wed, 1 Sep 2004 22:01:48 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total
 file length not exceeding 128 characters.
 
 If I scan the minimal 68-byte file, then the test virus is detected,
 but if I add any whitespace to the end of this then it is not.
 
 Is this a problem with the current signature ?

The current signature is more compatible with the official definition
than the old one ;-)

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep  2 01:32:24 CEST 2004



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:45 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 19:01 


I've been re-running some tests on an EICAR file here with mixed results.

According to the eicar web page:

The first 68 characters is the known string. It may be optionally
appended by any combination of whitespace characters with the total file
length not exceeding 128 characters.

If I scan the minimal 68-byte file, then the test virus is detected, but
if I add any whitespace to the end of this then it is not.

Is this a problem with the current signature ?

A.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] EICAR Test File

[Damian Menscher]

Uh oh could one of the list moderators unsubscribe this idiot?  He's
responding to his own posts, and infinite loops on mailing lists are
bad.

Damian


On Wed, 1 Sep 2004, Jorge Danussi wrote:

 LLEGO BIEN.

 Jorge Danussi

  [EMAIL PROTECTED] 09/01/04 20:45 

 LLEGO BIEN.

 Jorge Danussi

  [EMAIL PROTECTED] 09/01/04 19:01 


 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

 A.


 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_idP47alloc_id*808op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_idP47alloc_id808opÌk
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users


Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:54 

On Wed, 1 Sep 2004 22:01:48 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 
 I've been re-running some tests on an EICAR file here with mixed
 results.
 
 According to the eicar web page:
 
 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total
 file length not exceeding 128 characters.
 

This is the correct definition:

Any anti-virus product that supports the test file should detect it in
any file providing that the file starts with the following 68
characters, and is exactly 68 bytes long

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep  2 01:53:03 CEST 2004



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:54 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:07 

On Wed, 1 Sep 2004, Andy Fiddaman wrote:

 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

I don't see that with clamav-0.75.1.

Personally, I'm intrigued by the fact that the first two characters are
not required, and neither are the last 26.  It matches on just 38
characters:
  [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA  (with _ replaced by -)

Interestingly, there's also a second signature (Trivial.Eicar.122) that
adds a few more characters (RD-ANTIV) on to the end.  Not sure what the
purpose of that is

For completeness, the malware md5 signature requires exactly 68 bytes,
which might be what you were seeing?

Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:17 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:45 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 19:01 


I've been re-running some tests on an EICAR file here with mixed results.

According to the eicar web page:

The first 68 characters is the known string. It may be optionally
appended by any combination of whitespace characters with the total file
length not exceeding 128 characters.

If I scan the minimal 68-byte file, then the test virus is detected, but
if I add any whitespace to the end of this then it is not.

Is this a problem with the current signature ?

A.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:32 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:54 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:07 

On Wed, 1 Sep 2004, Andy Fiddaman wrote:

 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

I don't see that with clamav-0.75.1.

Personally, I'm intrigued by the fact that the first two characters are
not required, and neither are the last 26.  It matches on just 38
characters:
  [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA  (with _ replaced by -)

Interestingly, there's also a second signature (Trivial.Eicar.122) that
adds a few more characters (RD-ANTIV) on to the end.  Not sure what the
purpose of that is

For completeness, the malware md5 signature requires exactly 68 bytes,
which might be what you were seeing?

Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:22 

Uh oh could one of the list moderators unsubscribe this idiot?  He's
responding to his own posts, and infinite loops on mailing lists are
bad.

Damian


On Wed, 1 Sep 2004, Jorge Danussi wrote:

 LLEGO BIEN.

 Jorge Danussi

  [EMAIL PROTECTED] 09/01/04 20:45 

 LLEGO BIEN.

 Jorge Danussi

  [EMAIL PROTECTED] 09/01/04 19:01 


 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

 A.


 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_idP47alloc_id*808op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_idP47alloc_id808opÌk
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users


Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 22:52 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:17 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:45 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 19:01 


I've been re-running some tests on an EICAR file here with mixed results.

According to the eicar web page:

The first 68 characters is the known string. It may be optionally
appended by any combination of whitespace characters with the total file
length not exceeding 128 characters.

If I scan the minimal 68-byte file, then the test virus is detected, but
if I add any whitespace to the end of this then it is not.

Is this a problem with the current signature ?

A.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 22:48 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:13 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:36 

On Wed, 1 Sep 2004 22:01:48 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total
 file length not exceeding 128 characters.
 
 If I scan the minimal 68-byte file, then the test virus is detected,
 but if I add any whitespace to the end of this then it is not.
 
 Is this a problem with the current signature ?

The current signature is more compatible with the official definition
than the old one ;-)

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep  2 01:32:24 CEST 2004



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 23:10 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:22 

Uh oh could one of the list moderators unsubscribe this idiot?  He's
responding to his own posts, and infinite loops on mailing lists are
bad.

Damian


On Wed, 1 Sep 2004, Jorge Danussi wrote:

 LLEGO BIEN.

 Jorge Danussi

  [EMAIL PROTECTED] 09/01/04 20:45 

 LLEGO BIEN.

 Jorge Danussi

  [EMAIL PROTECTED] 09/01/04 19:01 


 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

 A.


 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_idP47alloc_id*808op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_idP47alloc_id808opÌk
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users


Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 23:13 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:32 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:54 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:07 

On Wed, 1 Sep 2004, Andy Fiddaman wrote:

 I've been re-running some tests on an EICAR file here with mixed results.

 According to the eicar web page:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total file
 length not exceeding 128 characters.

 If I scan the minimal 68-byte file, then the test virus is detected, but
 if I add any whitespace to the end of this then it is not.

 Is this a problem with the current signature ?

I don't see that with clamav-0.75.1.

Personally, I'm intrigued by the fact that the first two characters are
not required, and neither are the last 26.  It matches on just 38
characters:
  [EMAIL PROTECTED](P^)7CC)7}$EICAR_STANDA  (with _ replaced by -)

Interestingly, there's also a second signature (Trivial.Eicar.122) that
adds a few more characters (RD-ANTIV) on to the end.  Not sure what the
purpose of that is

For completeness, the malware md5 signature requires exactly 68 bytes,
which might be what you were seeing?

Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 23:14 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:31 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:54 

On Wed, 1 Sep 2004 22:01:48 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 
 I've been re-running some tests on an EICAR file here with mixed
 results.
 
 According to the eicar web page:
 
 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total
 file length not exceeding 128 characters.
 

This is the correct definition:

Any anti-virus product that supports the test file should detect it in
any file providing that the file starts with the following 68
characters, and is exactly 68 bytes long

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep  2 01:53:03 CEST 2004



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [OT] Symantec update frequency

[Steven Stern]

On Wed, 01 Sep 2004 02:02:30 +0200, Niek [EMAIL PROTECTED] wrote:

On 8/31/2004 11:02 PM +0200, John Jolet wrote:

[snip]

Symantec's corporate products can be configured to update more often,
than standard liveupdate.

Kind regards,
Niek Baakman

I use the following script to update my Windows machines. The script runs
under 4NT, but can be adapted to any other batch extender.

rem - Update Script for 4NT to get daily Intelligent Updater
rem - 4nt from http://www.jpsoft.com
rem

@echo off
setlocal
set downdir=c:\download

cdd %downdir%

iff %1 == ? then
 echo Downloads today's Intelligent Updater if no paramater supplied
 echo Otherwise, enter MMDD of the file to be installed
 endlocal
 quit
elseiff %1== then
 set [EMAIL PROTECTED],%_isodate]-*-i32.exe
else
 set dp=%1-*-i32.exe
endiff

echo downloading %dp

iftp
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/;
::dir ftp:*.*
copy ftp:%dp %downdir%
iftp /c
set [EMAIL PROTECTED]
do
   set [EMAIL PROTECTED]
   iff %dp3== then
  leave
   else
  *del %dp2
  set dp2=%dp3
   endiff
enddo
set [EMAIL PROTECTED]
iff exist %dp2 then
   %dp2 /Q
   eventlog /sNAV /i Update: %dp2
   *del %dp2
  else 
   eventlog /sNAV /w Update: No Update Available
  endiff
endlocal
-- 
  Steve 
   


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 23:41 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 22:52 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:17 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:45 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 19:01 


I've been re-running some tests on an EICAR file here with mixed results.

According to the eicar web page:

The first 68 characters is the known string. It may be optionally
appended by any combination of whitespace characters with the total file
length not exceeding 128 characters.

If I scan the minimal 68-byte file, then the test virus is detected, but
if I add any whitespace to the end of this then it is not.

Is this a problem with the current signature ?

A.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] EICAR Test File

[Jorge Danussi]

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/02/04 00:46 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 23:37 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 22:48 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 21:13 

LLEGO BIEN.

Jorge Danussi

 [EMAIL PROTECTED] 09/01/04 20:36 

On Wed, 1 Sep 2004 22:01:48 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:

 The first 68 characters is the known string. It may be optionally
 appended by any combination of whitespace characters with the total
 file length not exceeding 128 characters.
 
 If I scan the minimal 68-byte file, then the test virus is detected,
 but if I add any whitespace to the end of this then it is not.
 
 Is this a problem with the current signature ?

The current signature is more compatible with the official definition
than the old one ;-)

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep  2 01:32:24 CEST 2004



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id*808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users