Re: [Clamav-users] old database format no longer available
Lucca already annouced dropped support for old-style viruses.db* (used by clamav = 0.60). Newer versions (with *.cvd) don't need the /database directory, since *.cvd is located on root dir. As such, the /database was removed from all mirrors. Regards, Fajar Forget my last question :) Thanks! JC --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Virus getting through
Virus: 'Troj/WindFind-D' detected in C:\Temp\Temporary Internet Files\Content.IE5\CCLL3WD8\eros[1].exe File deleted Sophos has release an IDE for this trojan around 10 August. But it slipped through Squid and Dansguardian with ClamAV. Is it possible that ClamAV is not updated with this particular one. Thanks, Matjaz Antloga
Re: [Clamav-users] ERROR: Can't unlink the socket file /var/run/clamav/clamd.ctl
On Thu, 02 Sep 2004 at 15:44:52 -0500, Kevin Blackwell wrote: I've been having problems with clamav. Every Sunday, clamav dies. These are the last messages in the logs every week. ERROR: Can't unlink the socket file /var/run/clamav/clamd.ctl ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid --- Stopped at Sun Aug 29 06:34:34 2004 I searched on the internet (google) and I see similar problems, but not this problem. Any help would be appreciated. Looks like a permission problem. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus getting through
Submit the virus, that way your helping the community. There is a way to check which names are in the clamav-database, but the command slipped my mind... - Original Message - From: Matjaz Antloga [EMAIL PROTECTED] Date: Fri, 3 Sep 2004 08:33:34 +0200 Subject: [Clamav-users] Virus getting through To: [EMAIL PROTECTED] Virus: 'Troj/WindFind-D' detected in C:\Temp\Temporary Internet Files\Content.IE5\CCLL3WD8\eros[1].exe File deleted Sophos has release an IDE for this trojan around 10 August. But it slipped through Squid and Dansguardian with ClamAV. Is it possible that ClamAV is not updated with this particular one. Thanks, Matjaz Antloga --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus getting through
ralf bosz wrote: Submit the virus, that way your helping the community. There is a way to check which names are in the clamav-database, but the command slipped my mind... sigtool -l OR http://213.152.53.60/index.php?virus=WindFindsearch=containsSearch=Search (Kevin Spicer's virus alias db, from many vendors.) Don't know if it's up-to-date or not. OR http://clamav-du.securesites.net/cgi-bin/clamgrok (clamav db only) If it's not there, submit a sample to http://clamav.catt.com/cgi-bin/sendvirus.cgi Regards, Fajar --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MyDoom.M Starting to get through
On Friday 03 September 2004 07:50, ralf bosz wrote: Are you using the --mbox option when manually scanning the mailfiles? No because I dont use mbox format. I cat the email message and pipe it through clamdscan. It picks up that it has to scan scanning mail messages from my /etc/clamav.conf # cat testmail.eml | clamdscan --mbox - WARNING: Ignoring option -m (--mbox): please edit clamav.conf instead. stream: Worm.Mydoom.M FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.023 sec (0 m 0 s) [EMAIL PROTECTED] root]# cat testmail.eml | clamdscan - stream: Worm.Mydoom.M FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.023 sec (0 m 0 s) I have tried installing latest snapshot and clam still doesnt pick up this particular zip file containing the my.Doom.M virus. I dont think that it is a problem with qmail scanner as i am picking up thousands of mails a day - like i said earlier, i even have records in my logs that clam is catching some my.doom.M viruses. On Fri, 3 Sep 2004 07:13:53 +0200, Scott Ryan [EMAIL PROTECTED] wrote: I had an issue with this a while back which was fixed by upgrading to latest devel and then eventually 0.75-1. I run qmail-scanner which in turn calls clamdscan. If i cat the message and pipe through clamdscan manually, clam reports that the message contains the virus myDoom.m, but it is not being trapped by clamav when invoked by the scanner. What is strange is: In my virus logs, i do see the virus my.Doom.m being trapped and quite a lot... The actual attachment is a zipped zip file, and in my clamav.conf i have archiveMaxRecursion set to 5 ScanMail - but that is not the issue or clam would not have been able to capture the virus when run manually. Does anyone have any ideas or should I submit this as a bug? Many thanks -- +-+ (0 Scott Ryan //\ Unix/Linux Systems Engineer V_/_Telkom Internet - SA +-+ Email: [EMAIL PROTECTED] Cell: +27721164832 Work: +27126807835 +-+ --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] (no subject)
trying to compile the current cvs-version of clamav on a solaris 5.9 SPARC-box, i am getting some error-messages which i can't resolve. i used /usr/local/src/clamav-devel# ./configure --sysconfdir=/etc --enable-milter --disable-clamuko ans make produces those errors: Making all in clamscan /bin/bash ../libtool --mode=link gcc -g -O2 -lsocket -lnsl -o clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o ../libclamav/libclamav.la gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o ../libclamav/.libs/libclamav.so -lbz2 -L/opt/csw/lib /opt/csw/lib/libcurl.so -lssl -lcrypto -ldl -lz -lpthread -lsocket -lnsl -R/usr/local/lib -R/opt/csw/lib Undefined first referenced symbol in file bzRead ../libclamav/.libs/libclamav.so bzReadClose ../libclamav/.libs/libclamav.so bzReadOpen ../libclamav/.libs/libclamav.so ld: fatal: Symbol referencing errors. No output written to .libs/clamscan collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `clamscan' Current working directory /usr/local/src/clamav-devel/clamscan *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /usr/local/src/clamav-devel *** Error code 1 make: Fatal error: Command failed for target `all' bzip2 is installed. anyone out for help? :-) tia -- Nikolaj Wicker --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MyDoom.M Starting to get through
On Fri, 3 Sep 2004 10:26:49 +0200, Scott Ryan [EMAIL PROTECTED] wrote: No because I dont use mbox format. I cat the email message and pipe it through clamdscan. It picks up that it has to scan scanning mail messages from my /etc/clamav.conf You may want to RTFM: --mbox Enable scanning of various mail file types (also treat stdin as a mailbox - for backward compatability). So, the mbox option enables scanning of emails, not simply the mbox format. -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MyDoom.M Starting to get through
On Friday 03 September 2004 11:18, Rob MacGregor wrote: On Fri, 3 Sep 2004 10:26:49 +0200, Scott Ryan [EMAIL PROTECTED] wrote: No because I dont use mbox format. I cat the email message and pipe it through clamdscan. It picks up that it has to scan scanning mail messages from my /etc/clamav.conf You may want to RTFM: --mbox Enable scanning of various mail file types (also treat stdin as a mailbox - for backward compatability). So, the mbox option enables scanning of emails, not simply the mbox format. Maybe you want to read the mail i sent again. I use clamdscan not clamscan # man clamdscan ... --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OverSize.Zip file
That worked! I changed the ratio to 1000 from 300 and the zip file came right through. thank you so much for explaining the compression differences -- that's exactly what I needed. thanks again! Laura - Original Message - From: Mitch (WebCob) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 02, 2004 5:55 PM Subject: RE: [Clamav-users] OverSize.Zip file Winzip reports the AVERAGE and clam uses the PEAK value... try bumping up the value to two or three times that amount: ArchiveMaxCompressionRatio from 1000 to test this... the culprit could be an ascii file with a lot of white space that is hugely compressible. m/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Laura Penhallow Sent: Thursday, September 02, 2004 2:55 PM To: [EMAIL PROTECTED] Subject: [Clamav-users] OverSize.Zip file I apologize in advance if this is something easy, but I am at my wits end. We have a customer that needs to receive rather large zip files from a client of theirs. Trouble is -- clam keeps classifying the attachment as an OverSized.Zip virus and rejects it. The zip file is ~8.7 mb contains 1506 files and winzip reports 78 % compression. We're running Clam v 0.74 I have been googling and reading other posts and I have made the following changes to clamav.conf Changed -- ArchiveMaxFileSize from 10M to 20M Changed -- ArchiveMaxFiles from 1000 to 2000 Changed -- ArchiveMaxCompressionRatio from 200 to 300 Still no luck. Is there something I am missing?? thanks in advance Laura --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MyDoom.M Starting to get through
On Fri, 2004-09-03 at 11:47 +0200, Scott Ryan wrote: Maybe you want to read the mail i sent again. I use clamdscan not clamscan # man clamdscan Then do you have the ScanMail option set in the clamav.conf file set? -- Chris --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] netsky and my.doom
Hi all, My clamav install has been working very well from what I can tell but it never seems to catch any Netsky or My.Doom viruses. Is anyone having similar problems? If so, do you know a way to stop them from getting through unscathed? Thanks for your time, Kind regards, Elvar --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] send_sms passed parameters
I installed clamav a few months ago, then upgraded to version 0.71 soon after. I'm curious what happened to %f for send_sms to pass the location of the file that is infected. Only the %v parameter is passed now. I would rather know where a virus is than the name of the virus, if I have to choose. Would upgrading to 0.75 return %f to me? Karl --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users