Re: [Clamav-users] Re: failed to send SCAN (null) command to clamd
Hello, Matias Lopez Bergero wrote: George Chelidze wrote: Hello Krištof, Krištof Petr wrote: George Chelidze wrote: When it happens on next time, try to run clamdscan to check the clamd is running fine and problem is in clamav-milter itself. It happened again on database reload. I followed your advice and seems clamd is ok, clamav-milter fails. I'll try daily snapshot and reply back soon. With clamdscan works OK. I have tried the nightly snapshot a it's working good. I have checked devel-20050209 and clamav-milter failed again. downgraded to 0.81. Any ideas? I can provide more information if required. Thanks in advance. Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: clamav-0.82 bug (Cannot detect virus in certain archive ???)
On Wed, 9 Feb 2005 18:03:30 -0800 (PST) Joanna Roman <[EMAIL PROTECTED]> wrote: > If you tgz test dir to be test.tar.gz, the clamscan can detect it. > But clamscan cannot detect it in clamav-0.82.tar.gz > > I just want to know the reason (e.g. max number of files reached ? max > archive level reached ?). Anybody knows the answer ??? Not all kinds of GNU tar archives are currently supported by the internal unpacker. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Feb 10 03:17:07 CET 2005 pgptMbgXvPjQv.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: clamav-0.82 bug (Cannot detect virus in certain archive ???)
If you tgz test dir to be test.tar.gz, the clamscan can detect it. But clamscan cannot detect it in clamav-0.82.tar.gz I just want to know the reason (e.g. max number of files reached ? max archive level reached ?). Anybody knows the answer ??? René Berber <[EMAIL PROTECTED]> wrote: Joanna Roman wrote:> I downloaded clamav (0.92) and installed it. When I> clamscan clamav-0.82.tar.gz, clamscan says the archive> is OK. However, when I clamscan clamav-0.82/test,> clamscan says "ClamAV-Test-File" found. So why cant> clamscan detect "ClamAV-Test-File" "virus" in> clamav-0.82.tar.gz in the first place ??It seems to be specific to clamav-0.82.tar.gz.I did "tar czvf test.tar.gz clamav-0.82/test; clamscan test.tar.gz" and it does find the ClamAV-Test-File. With the old clamav-0.80.tar.gz it only finds the Eicar-Test-Signature which is inside clamdwatch.tar.gz .So, I think this might be intentional, somewhere clamscan has hardcoded to ignore the test directory inside clamav-*.tar.gz .Whatever.-- René Berber___http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
> >Can I suggest a mailing list for announcements to > > http://clamav.net/ml.html#pagestart Argh. OK, T FM is R'd. I've subscribed there and am unsubscribing here. So long guys, thanks for the help. G ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Re: clamav-0.82 bug (Cannot detect virus in certain archive ???)
Joanna Roman wrote: I downloaded clamav (0.92) and installed it. When I clamscan clamav-0.82.tar.gz, clamscan says the archive is OK. However, when I clamscan clamav-0.82/test, clamscan says "ClamAV-Test-File" found. So why cant clamscan detect "ClamAV-Test-File" "virus" in clamav-0.82.tar.gz in the first place ?? It seems to be specific to clamav-0.82.tar.gz. I did "tar czvf test.tar.gz clamav-0.82/test; clamscan test.tar.gz" and it does find the ClamAV-Test-File. With the old clamav-0.80.tar.gz it only finds the Eicar-Test-Signature which is inside clamdwatch.tar.gz . So, I think this might be intentional, somewhere clamscan has hardcoded to ignore the test directory inside clamav-*.tar.gz . Whatever. -- René Berber ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: AW: [Clamav-users] M$ preparing AV software ?
At 02:46 PM 2/9/2005, you wrote: > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jason > Frisvold > Some would argue that welfare is not good for the world... :P Only rich people in the northern countries would say that. bollocks. let's not have that argument here. please. this is clamav-users. take it elsewhere. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
On Wed, 09 Feb 2005 15:40:25 -0600 in [EMAIL PROTECTED] Graham Toal <[EMAIL PROTECTED]> wrote: > Can I suggest a mailing list for announcements to be used for > "must do" upgrades using the stable source chain; There is already an announcement list and an RSS feed of that and the ClamAV news page... -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: AW: [Clamav-users] M$ preparing AV software ?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jason > Frisvold > Some would argue that welfare is not good for the world... :P Only rich people in the northern countries would say that. > -- > Jason Frisvold ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: AW: [Clamav-users] M$ preparing AV software ?
> -Original Message- > From: Steffen Heil [mailto:[EMAIL PROTECTED] > Subject: AW: AW: [Clamav-users] M$ preparing AV software ? > > > Hi > > > Is that somehow good for the world as a whole? > > I also never claimed that microsoft would do good for the world. > (Even though I don't know anyone besides Bill Gates, who > gifted 500.000.000$ > for wellfare at once.) Some would argue that welfare is not good for the world... :P > Regards, > Steffen I think this has drifted way off topic at this point... :) -- Jason Frisvold ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
AW: AW: [Clamav-users] M$ preparing AV software ?
Hi > > > Hrm - MS buys another AV company which sells a Linux product. > > > > I would rather look at it as mircosoft buying a company > which creates > > valuable "ms exchange" protection software. > > So how do you explain M$ buying RAV and shutting it down > (among other competitors/Linux supporters)? I never said microsoft would not do so. I just said that it did not this time IMHO. > Is that somehow good for the world as a whole? I also never claimed that microsoft would do good for the world. (Even though I don't know anyone besides Bill Gates, who gifted 500.000.000$ for wellfare at once.) Regards, Steffen smime.p7s Description: S/MIME cryptographic signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: AW: [Clamav-users] M$ preparing AV software ?
On Wed, 9 Feb 2005, Steffen Heil wrote: > Hi > > > Hrm - MS buys another AV company which sells a Linux product. > > I would rather look at it as mircosoft buying a company which creates > valuable "ms exchange" protection software. So how do you explain M$ buying RAV and shutting it down (among other competitors/Linux supporters)? Is that somehow good for the world as a whole? -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
On Wed, 09 Feb 2005 15:40:25 -0600, Graham Toal <[EMAIL PROTECTED]> wrote: >Can I suggest a mailing list for announcements to http://clamav.net/ml.html#pagestart -- Steve ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
AW: [Clamav-users] M$ preparing AV software ?
Hi > Hrm - MS buys another AV company which sells a Linux product. I would rather look at it as mircosoft buying a company which creates valuable "ms exchange" protection software. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamav-0.82 bug (Cannot detect virus in certain archive ???)
I downloaded clamav (0.92) and installed it. When I clamscan clamav-0.82.tar.gz, clamscan says the archive is OK. However, when I clamscan clamav-0.82/test, clamscan says "ClamAV-Test-File" found. So why cant clamscan detect "ClamAV-Test-File" "virus" in clamav-0.82.tar.gz in the first place ?? At the beginning, I thought it could be due to max space was reached. So I scan with option --max-block, apparently none of max-files, max-space and max-recursion was reached. Is this a bug ? See below: linux7:/home/netscan 192 >clamscan clamav-0.82/test/ <-- detected "ClamAV-Test-File" clamav-0.82/test/clam.cab: ClamAV-Test-File FOUND clamav-0.82/test/clam-error.rar: RAR module failure clamav-0.82/test/clam-error.rar: OK clamav-0.82/test/clam.rar: ClamAV-Test-File FOUND clamav-0.82/test/clam.exe: ClamAV-Test-File FOUND clamav-0.82/test/clam.exe.bz2: ClamAV-Test-File FOUND clamav-0.82/test/README: OK clamav-0.82/test/clam.zip: ClamAV-Test-File FOUND --- SCAN SUMMARY --- Known viruses: 30342 Scanned directories: 1 Scanned files: 7 Infected files: 5 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.376 sec (0 m 0 s) exit code = 1 linux7:/home/netscreen1 193 >clamscan clamav-0.82.tar.gz <--- Did not detect "ClamAV-Test-File" clamav-0.82.tar.gz: OK --- SCAN SUMMARY --- Known viruses: 30342 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 23.78 MB I/O buffer size: 131072 bytes Time: 6.080 sec (0 m 6 s) exit code = 0 linux7:/home/netscan 194 >clamscan --block-max clamav-0.82.tar.gz <-- Did not detect "ClamAV-Test-File" clamav-0.82.tar.gz: OK --- SCAN SUMMARY --- Known viruses: 30342 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 23.78 MB I/O buffer size: 131072 bytes Time: 6.156 sec (0 m 6 s) exit code = 0 linux7:/home/netscan 195 > __ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
On Wednesday 09 February 2005 23:22, Ed shaped the electrons to say: > >> Good management is all about looking forward. > >> They seem to bet om more horses these days...:-) > >> > >> Grz. Johan > > > > I'm actually viewing it more as a tactic of MS buying and then closing > > up shops that sell Linux products. Look at what they did with > > VirtualPC. The first release after they bought it you couldn't load > > Linux in the virtual machine. > > > > I'm wondering if that is what they are doing with all the AV purchases > > they've done? > > > > Thomas > > ___ > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > I thought that when they took out RAV [ GeCAD ] ... They [RAV] were > supplying a lot of services to IBM which is a very large competitor to > M$, and were almost totally a Linux / Unix application. It appears this > level of paranoia may have some basis. I for one don't see M$ changing > their ways. They've always bought and put out of business their > competition if they couldn't bully them or force them out some other > way. They love that monopoly thing. > > Go get 'em Bill ! Lets see how many times your anti-virus solution > crashes when you demo that at a show ;-) Yep I'd trust M$ with the > security of my network .. sure right ... As much as a chocolate fireguard... > > --Ed -- Scott Ryan Telkom Internet ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
> > I've been getting those messages too for about a week. I updated to > > the devel version on December 26th, after staying with 0.75 for too > > long. I do *not* have any old copies of either libclamav or freshclam > > anywhere; I've checked carefully with "find" and "locate". clamscan -V > > reports ClamAV devel-20041226/702/Wed Feb 9 06:31:34 2005 > > You are running a copy between 80 and 81. .81 was released on Jan 26, and > .82 on Feb 06 of this year. Thank you to both of the people who pointed this out. I think there may be an assumption on the part of the authors that all the clamav users actually run the command and see the warnings. For me at least that is not the case, it is invoked by an SMTP filter and I never see it, except sometimes accidentally when I'm checking something. The traffic on this list is way too high to read every post (at least for someone like me who just uses the code and is not actively tracking every minor change - something I dare not do on a production system) and the releases that force a rebuild are *not* clearly marked in the subject lines in this group. I always miss them. That may be my failing but I bet I'm not alone. Can I suggest a mailing list for announcements to be used for "must do" upgrades using the stable source chain; or at a minimum a very visible subject line to be standardised on, maybe to the extent that I can catch it consistently with a procmail filter to ensure it stands out. I appreciate all the work you guys do keeping this code up to date, but I get the impression that the majority of users are 'bleeding edge' developers. Please keep us plodders in mind too, where our primary goal is stability and a lack of surprises and sudden urgent repairs. I've seen way too many posts of people installing new fixes then having something break to be willing to do that. thanks Graham ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
- Original Message - From: "Thomas Cameron" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Wednesday, February 09, 2005 4:13 PM Subject: Re: [Clamav-users] M$ preparing AV software ? > I'm actually viewing it more as a tactic of MS buying and then closing up > shops that sell Linux products. Look at what they did with VirtualPC. The > first release after they bought it you couldn't load Linux in the virtual > machine. > > I'm wondering if that is what they are doing with all the AV purchases > they've done? > > Thomas > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Would that be suprising? They're buying up security related companies at a very quick pase. Buy a few that offer nothing to linux, and you've got protection from anti-competitive practices. Long story short. Windows has been called "a hackers door way into your computer". MS AV/Spybot utilities are sure to be labled "The Express Lane" Not too much longer all that'll be left for Windows PC's to do is Implode upon activation ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
Good management is all about looking forward. They seem to bet om more horses these days...:-) Grz. Johan I'm actually viewing it more as a tactic of MS buying and then closing up shops that sell Linux products. Look at what they did with VirtualPC. The first release after they bought it you couldn't load Linux in the virtual machine. I'm wondering if that is what they are doing with all the AV purchases they've done? Thomas ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users I thought that when they took out RAV [ GeCAD ] ... They [RAV] were supplying a lot of services to IBM which is a very large competitor to M$, and were almost totally a Linux / Unix application. It appears this level of paranoia may have some basis. I for one don't see M$ changing their ways. They've always bought and put out of business their competition if they couldn't bully them or force them out some other way. They love that monopoly thing. Go get 'em Bill ! Lets see how many times your anti-virus solution crashes when you demo that at a show ;-) Yep I'd trust M$ with the security of my network .. sure right ... --Ed -- __ EAS*Ent.Net - World Class Web Hosting and Email Services www.easent.net ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
- Original Message - From: "Johan Barelds" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Wednesday, February 09, 2005 2:34 PM Subject: Re: [Clamav-users] M$ preparing AV software ? Op woensdag 9 februari 2005 21:10, schreef Thomas Cameron: - Original Message - From: "Johan Barelds" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Wednesday, February 09, 2005 11:49 AM Subject: Re: [Clamav-users] M$ preparing AV software ? > Talking about AV software: > They bought Sybari Antigen today. > > Grz. Johan Hrm - MS buys another AV company which sells a Linux product. Interesting. Thomas Good management is all about looking forward. They seem to bet om more horses these days...:-) Grz. Johan I'm actually viewing it more as a tactic of MS buying and then closing up shops that sell Linux products. Look at what they did with VirtualPC. The first release after they bought it you couldn't load Linux in the virtual machine. I'm wondering if that is what they are doing with all the AV purchases they've done? Thomas ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
Good management is all about looking forward. They seem to bet om more horses these days...:-) Grz. Johan Op woensdag 9 februari 2005 21:10, schreef Thomas Cameron: > - Original Message - > From: "Johan Barelds" <[EMAIL PROTECTED]> > To: "ClamAV users ML" > Sent: Wednesday, February 09, 2005 11:49 AM > Subject: Re: [Clamav-users] M$ preparing AV software ? > > > Talking about AV software: > > They bought Sybari Antigen today. > > > > Grz. Johan > > Hrm - MS buys another AV company which sells a Linux product. Interesting. > > Thomas > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Kind Regards / Met vriendelijke groet, Johan Barelds Good-IT! Tel.+31(0)70-3965230Strijplaan 320 Mob.+31(0)6-542537502285 HZ Rijswijk(ZH) [EMAIL PROTECTED] http://www.good-it.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Downloading virus base manually?
В сообщении от 9 Февраль 2005 12:48 Tomasz Papszun написал(a): > http://www.mail-archive.com/clamav-users@lists.clamav.net/msg12349.html Thanks. I think this should be in the FAQ. -- Yours, Mikhail Ramendik ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Downloading virus base manually?
В сообщении от 9 Февраль 2005 01:59 McDonald, Dan написал(a): > This was discussed at length fairly recently. Basically, you need some > sort of web access (port 80) to copy the files. You can, if you are > satisfied with the md5sum's, copy them into the appropriate directory > yourself. When you restart clamd, or at a regular interval (I think it's > once per hour by default) clamd will reload with the files it finds in the > directory. I'm not interested in clamd for this box. clamscan is what I want. > The preferred method for this sort of activity is to create a local web > server, copy the files there by some method, and point freshclam at the > local mirror. Since you have a linux box and a winDOwS box, you could run > freshclam on the linux box, OK, so no download without freshclam... I really wanted to avoid installing clamav on the Linux box, since I'm trying to avoid maintaining a lot of packages. But apparently there's no way to do it without freshclam? -- Yours, Mikhail Ramendik ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
- Original Message - From: "Johan Barelds" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Wednesday, February 09, 2005 11:49 AM Subject: Re: [Clamav-users] M$ preparing AV software ? Talking about AV software: They bought Sybari Antigen today. Grz. Johan Hrm - MS buys another AV company which sells a Linux product. Interesting. Thomas ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
That's it. The old libraries are still there, probably because I didn't do a proper "make uninstall"! On Feb 9, 2005, at 9:26 AM, [EMAIL PROTECTED] wrote: At 09:53 AM 2/9/2005, you wrote: Hi Bob, I had the same problem after upgrading to v0.82. The solution is quite simple: check for old clamav libs left from former installations (filenames libclamav.) and remove them. Probably they are in /usr/local/lib/ Good luck! easier - cd to the build directory for the previous version and run make uninstall then cd to the new build directory and repeat make install. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
At 09:53 AM 2/9/2005, you wrote: Hi Bob, I had the same problem after upgrading to v0.82. The solution is quite simple: check for old clamav libs left from former installations (filenames libclamav.) and remove them. Probably they are in /usr/local/lib/ Good luck! easier - cd to the build directory for the previous version and run make uninstall then cd to the new build directory and repeat make install. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
On Wed, 09 Feb 2005 19:55:16 +0100 Peter Bonivart <[EMAIL PROTECTED]> wrote: > jef moskot wrote: > > On Wed, 9 Feb 2005, Maxim Britov wrote: > > > P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 > >FOUND> > >>I don't know, but size is ~50-100KB. > > > > If they're tiny files, are you sure they're actually wavs? > > My guess is they are ring signals for the Sony Ericsson P900 mobile > phone. If they were created by a software from Sony Ericsson then nothing strange the files break standards. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 9 20:05:00 CET 2005 pgpP4sHuoA6uy.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
jef moskot wrote: On Wed, 9 Feb 2005, Maxim Britov wrote: P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND I don't know, but size is ~50-100KB. If they're tiny files, are you sure they're actually wavs? My guess is they are ring signals for the Sony Ericsson P900 mobile phone. -- /Peter Bonivart --Unix lovers do it in the Sun ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
On Wed, 09 Feb 2005 12:10:20 -0600 in [EMAIL PROTECTED] Graham Toal <[EMAIL PROTECTED]> wrote: > I've been getting those messages too for about a week. I updated to > the devel version on December 26th, after staying with 0.75 for too > long. I do *not* have any old copies of either libclamav or > freshclam anywhere; I've checked carefully with "find" and "locate". > clamscan -V reports ClamAV devel-20041226/702/Wed Feb 9 06:31:34 > 2005 Well that version is pre-0.81 then. 0.82 is the current released version so you're almost two releases behind. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Re: failed to send SCAN (null) command to clamd
George Chelidze wrote: Hello Krištof, Krištof Petr wrote: George Chelidze wrote: When it happens on next time, try to run clamdscan to check the clamd is running fine and problem is in clamav-milter itself. It happened again on database reload. I followed your advice and seems clamd is ok, clamav-milter fails. I'll try daily snapshot and reply back soon. With clamdscan works OK. I have tried the nightly snapshot a it's working good. BR, Matías. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
> I've been getting those messages too for about a week. I updated to > the devel version on December 26th, after staying with 0.75 for too > long. I do *not* have any old copies of either libclamav or freshclam > anywhere; I've checked carefully with "find" and "locate". clamscan -V > reports ClamAV devel-20041226/702/Wed Feb 9 06:31:34 2005 You are running a copy between 80 and 81. .81 was released on Jan 26, and .82 on Feb 06 of this year. > > Is it likely I do need to update or is mine a false report too? I see > the high levels of traffic and problems on this mailing list and I'm > reluctant to install every latest tweak on what is a heavily used > live system. (17,000 users) I prefer to live with known limitations > until a solid stable release is identified. > > Graham > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
I've been getting those messages too for about a week. I updated to the devel version on December 26th, after staying with 0.75 for too long. I do *not* have any old copies of either libclamav or freshclam anywhere; I've checked carefully with "find" and "locate". clamscan -V reports ClamAV devel-20041226/702/Wed Feb 9 06:31:34 2005 Is it likely I do need to update or is mine a false report too? I see the high levels of traffic and problems on this mailing list and I'm reluctant to install every latest tweak on what is a heavily used live system. (17,000 users) I prefer to live with known limitations until a solid stable release is identified. Graham ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: AW: [Clamav-users] M$ preparing AV software ?
On Wed, 9 Feb 2005, Steffen Heil wrote: > So, just sit back and relax. > > And by the way, it was already asked who would trust microsoft with this. > And yes, I would. Maybe not as the only security solution, just as I now > have McAfee local to my clamav on my server. You are missing the point however that were Microsoft to fix the holes in their code (one would think a company worth billions would be able to hire competent programmers and QA specialists) that most of this would be necessary. Some of the holes have existed for years, and M$ stubbornly refuses to address the problem. I wouldn't trust them any further than I could throw Bill's wallet. Sam -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
AW: [Clamav-users] M$ preparing AV software ?
Hi > A little bit off topic, but I'd like to ask if M$ is trying > to prepare own AV software ? Microsoft bought GeCAD (RAV) back in the last summer, then Giant Compny Software, Inc. in december and two days ago they bought Sybari. So they are collecting know-how about virus detection, spyware detection and server process security. > I found this : > http://www.microsoft.com/security/malwareremove/default.mspx > > a tool to remove MyDoom, Zafi,Netsky and a few others. This is only a small tool. I assume there will be some defence tool integrated with windows longhorn and maybe delivered with windows xp sp3/4 which will give any user basic security. (No, this is not nessesarry only because of security holes in mircosoft products, but because of the users using microsoft software. Most of them work as admins and open every attachment. Doing the same on linux would cause the same problems.) Microsoft has the some big advantage here. First they can deploy such defence systems to any windows installtion with update services enabled without user interaction. And they can keep those systems up to date - they already have the windows update infrastructure - which is right now extended to the microsoft update infrastructure. (windows update v6 will update more then the windows core itself - at least office and other microsoft products will be included.) I must say, that I am happy to hear that. I will target different users as clamav and will not be a competitor in clamav's domain - neighter will clamav become a big player in workstation virus defence anytime soon imho. So, just sit back and relax. And by the way, it was already asked who would trust microsoft with this. And yes, I would. Maybe not as the only security solution, just as I now have McAfee local to my clamav on my server. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
On Wed, 9 Feb 2005 07:44:33 -1000 in [EMAIL PROTECTED] Bob Cunningham <[EMAIL PROTECTED]> wrote: > So ... why would I be getting the warning: You probably have an old freshclam somewhere in your path... -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous "installation is OUTDATED" message?
Hi Bob, I had the same problem after upgrading to v0.82. The solution is quite simple: check for old clamav libs left from former installations (filenames libclamav.) and remove them. Probably they are in /usr/local/lib/ Good luck! Grz. Johan Op woensdag 9 februari 2005 18:44, schreef Bob Cunningham: > Just installed 0.82: > > # freshclam -V > ClamAV 0.82/702/Wed Feb 9 02:31:34 2005 > > So ... why would I be getting the warning: > > # freshclam -v > Current working dir is /opt/csw/share/clamav > Max retries == 3 > ClamAV update process started at Wed Feb 9 07:39:37 2005 > Querying current.cvd.clamav.net > TTL: 669 > Software version from DNS: 0.82 > WARNING: Your ClamAV installation is OUTDATED - please update > immediately! > WARNING: Local version: 0.81 Recommended version: 0.82 > main.cvd version from DNS: 29 > main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: > tomek) > daily.cvd version from DNS: 702 > daily.cvd is up to date (version: 702, sigs: 1368, f-level: 4, builder: > trog) > Freeing option list...done > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Kind Regards / Met vriendelijke groet, Johan Barelds Good-IT! Tel.+31(0)70-3965230Strijplaan 320 Mob.+31(0)6-542537502285 HZ Rijswijk(ZH) [EMAIL PROTECTED] http://www.good-it.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
On February 9, 2005 09:26 am, BogusÅaw Brandys wrote: > A little bit off topic, but I'd like to ask if M$ is trying to > prepare own AV software ? > I found this : > http://www.microsoft.com/security/malwareremove/default.mspx > a tool to remove MyDoom, Zafi,Netsky and a few others. They've been trying for awhile (and they used to have their own AV tool back in the DOS/Win3.1 days). They purchased RAV a year or two ago. Then they bought a spyware cleaning company last year (and released a beta spyware cleaner recently). And they just recently bought another enterprise anti-virus company that also has some security tools. Soon, they'll be releasing "something" that covers security, AV, and spyware cleaning all in one. What would be nicer, though, is if MS would fix the security model in the base OS that allows for these things to spread so easily, instead of adding more and more layers of bandaids on top. Fix the foundation, don't try to prop up the walls with two-by-fours. -- Freddie Cash, CCNT CCLPHelpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
Talking about AV software: They bought Sybari Antigen today. Grz. Johan Op woensdag 9 februari 2005 18:21, schreef Ed: > Hi, > > Well anything is possible. They bought RAV and a few others a while > back. But the 32 cent question I'd have to ask is being M$ would _you_ > trust them with anti-virus protection ? Hmmm ? > > --Ed > > Bogusław Brandys wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Hi, > > > > A little bit off topic, but I'd like to ask if M$ is trying to prepare > > own AV software ? > > I found this : > > http://www.microsoft.com/security/malwareremove/default.mspx > > > > a tool to remove MyDoom, Zafi,Netsky and a few others. > > > > > > Best Regards > > Boguslaw Brandys > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.0 (MingW32) > > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > > > iD8DBQFCCkertuGICzHOh+YRAgsnAJ44+w4SzB136wguc4gfX2MWIOSlEQCfUWWi > > DEplBPSsz16tb5WTzPBdJio= > > =dJMU > > -END PGP SIGNATURE- > > ___ > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Kind Regards / Met vriendelijke groet, Johan Barelds Good-IT! Tel.+31(0)70-3965230Strijplaan 320 Mob.+31(0)6-542537502285 HZ Rijswijk(ZH) [EMAIL PROTECTED] http://www.good-it.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Erroneous "installation is OUTDATED" message?
Just installed 0.82: # freshclam -V ClamAV 0.82/702/Wed Feb 9 02:31:34 2005 So ... why would I be getting the warning: # freshclam -v Current working dir is /opt/csw/share/clamav Max retries == 3 ClamAV update process started at Wed Feb 9 07:39:37 2005 Querying current.cvd.clamav.net TTL: 669 Software version from DNS: 0.82 WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Local version: 0.81 Recommended version: 0.82 main.cvd version from DNS: 29 main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek) daily.cvd version from DNS: 702 daily.cvd is up to date (version: 702, sigs: 1368, f-level: 4, builder: trog) Freeing option list...done ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] M$ preparing AV software ?
Hi, Well anything is possible. They bought RAV and a few others a while back. But the 32 cent question I'd have to ask is being M$ would _you_ trust them with anti-virus protection ? Hmmm ? --Ed Bogusław Brandys wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, A little bit off topic, but I'd like to ask if M$ is trying to prepare own AV software ? I found this : http://www.microsoft.com/security/malwareremove/default.mspx a tool to remove MyDoom, Zafi,Netsky and a few others. Best Regards Boguslaw Brandys -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCkertuGICzHOh+YRAgsnAJ44+w4SzB136wguc4gfX2MWIOSlEQCfUWWi DEplBPSsz16tb5WTzPBdJio= =dJMU -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- __ EAS*Ent.Net - World Class Web Hosting and Email Services www.easent.net ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] M$ preparing AV software ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, A little bit off topic, but I'd like to ask if M$ is trying to prepare own AV software ? I found this : http://www.microsoft.com/security/malwareremove/default.mspx a tool to remove MyDoom, Zafi,Netsky and a few others. Best Regards Boguslaw Brandys -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCkertuGICzHOh+YRAgsnAJ44+w4SzB136wguc4gfX2MWIOSlEQCfUWWi DEplBPSsz16tb5WTzPBdJio= =dJMU -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
On Wed, 2005-02-09 at 11:51 -0500, jef moskot wrote: > On Wed, 9 Feb 2005, Maxim Britov wrote: > > > > P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND > > I don't know, but size is ~50-100KB. > > If they're tiny files, are you sure they're actually wavs? > > Maybe someone downloaded these things and instead of funky beats, they're > full of Greek soldiers? WAV files don't just have to be PCM audio. I've seen (from the I Love Bees site) MPEG Audio Layer-III data inside a WAV RIFF wrapper. Since these files were triggering the malformed RIFF scanner, this could very well be the case. -- Chris ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
On Wed, 9 Feb 2005, Maxim Britov wrote: > > > P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND > I don't know, but size is ~50-100KB. If they're tiny files, are you sure they're actually wavs? Maybe someone downloaded these things and instead of funky beats, they're full of Greek soldiers? Jeffrey Moskot System Administrator [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] "Clamuko is not available"
I agree, it is strange. But to confirm, I completed deleted my build directory, and re-extracted the original source tarball. I then re-ran the configure and inspected the clamav-config.h file. Although that file contains the following: /* #undef CLAMUKO */ It appears that the needed "#define CLAMUKO 1" found in "configure.in" is just not getting set anywhere in the program. Ken -Original Message- From: Tomasz Kojm [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 10:27 AM To: ClamAV users ML Subject: Re: [Clamav-users] "Clamuko is not available" On Wed, 9 Feb 2005 10:22:00 -0500 "Cormack, Ken" <[EMAIL PROTECTED]> wrote: > Tomasz, > > The Configure script does appear to be broken. In the clamav-config.h > file, I manually added a "#define CLAMUKO 1", and then recompiled. That's strange. Your config.log looks O.K. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND p900\Evanescence - Bring Me To Life - Daredevil 2 (2).wav: Exploit.W32.MS05-002 FOUND p900\robby-feel.wav: Exploit.W32.MS05-002 FOUND Hello, I don't suppose these files were submitted for analysis by the clamav developers? Chris ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] "Clamuko is not available"
On Wed, 9 Feb 2005 10:22:00 -0500 "Cormack, Ken" <[EMAIL PROTECTED]> wrote: > Tomasz, > > The Configure script does appear to be broken. In the clamav-config.h > file, I manually added a "#define CLAMUKO 1", and then recompiled. That's strange. Your config.log looks O.K. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 9 16:26:53 CET 2005 pgpy0QzYjG69Y.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Confirmed working now - RE: [Clamav-users] "Clamuko is not availa ble"
Tomasz, I just confirmed that clamd/clamzuko is now working. Attempting to "cat" an EICAR test file, I got an "EICAR: operation not permitted" error on my screen, and the clamd.log shows the following: Wed Feb 9 10:22:43 2005 -> Clamuko: /home/hc43/EICAR: Eicar-Test-Signature FOUND So it looks like CLAMUKO is just not being defined by configure. Ken ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] "Clamuko is not available"
Tomasz, The Configure script does appear to be broken. In the clamav-config.h file, I manually added a "#define CLAMUKO 1", and then recompiled. Now, after loading clamd, I see the following: Wed Feb 9 10:17:29 2005 -> Clamuko: Correctly registered with Dazuko. Wed Feb 9 10:17:29 2005 -> Clamuko: Scan-on-open mode activated. Wed Feb 9 10:17:29 2005 -> Clamuko: Scan-on-close mode activated. Wed Feb 9 10:17:29 2005 -> Clamuko: Scan-on-exec mode activated. Wed Feb 9 10:17:29 2005 -> Clamuko: Included path /home Wed Feb 9 10:17:29 2005 -> Clamuko: Excluded path /dev Wed Feb 9 10:17:29 2005 -> Clamuko: Excluded path /proc Wed Feb 9 10:17:29 2005 -> Clamuko: Excluded path /var/tmp Wed Feb 9 10:17:29 2005 -> Clamuko: Max file size limited to 52428800 bytes. -Original Message- From: Tomasz Kojm [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 9:46 AM To: ClamAV users ML Subject: Re: [Clamav-users] "Clamuko is not available" ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Milter died
On Wed, 09 Feb 2005 08:28:12 -0600, Steven Stern <[EMAIL PROTECTED]> wrote: > >It was the only error I could find. Where can I find .82c? Is that the >snapshot or do I extract it from CVS? I rolled back my production machines to 0.81 and have built latest-devel on my test machine. I'll let you know how it's going later today. -- Steve ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
> > > > BTW, all the "false positives" I've seen so far are also reported as > > > > broken by the showriff utility, which was written specifically to check > > > > these files. > > > > For example: > > > > $ showriff virus-2005-02-08-n0009134 > > > > Contents of file virus-2005-02-08-n0009134 (18926/0x8926 bytes): > > > All the problem files I've had are Powerpoint and Word files. For the > > > Powerpoint files it was a common background image. > > P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND > > p900\Evanescence - Bring Me To Life - Daredevil 2 (2).wav: > > Exploit.W32.MS05-002 FOUND p900\robby-feel.wav: Exploit.W32.MS05-002 FOUND > 'Stealing Music?' tut tut ;) I don't know, but size is ~50-100KB. -- Maxim Britov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB GnuPG-ru Team; xmpp:[EMAIL PROTECTED] ICQ 198171258 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
On Wednesday 09 February 2005 15:56, Maxim Britov shaped the electrons to say: > On Tue, 08 Feb 2005 16:32:41 + > > Francis Stevens <[EMAIL PROTECTED]> wrote: > > Trog wrote: > > > BTW, all the "false positives" I've seen so far are also reported as > > > broken by the showriff utility, which was written specifically to check > > > these files. > > > > > > For example: > > > > > > $ showriff virus-2005-02-08-n0009134 > > > Contents of file virus-2005-02-08-n0009134 (18926/0x8926 bytes): > > > > All the problem files I've had are Powerpoint and Word files. For the > > Powerpoint files it was a common background image. > > P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND > p900\Evanescence - Bring Me To Life - Daredevil 2 (2).wav: > Exploit.W32.MS05-002 FOUND p900\robby-feel.wav: Exploit.W32.MS05-002 FOUND 'Stealing Music?' tut tut ;) -- Scott Ryan Telkom Internet ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] "Clamuko is not available"
On Wed, 9 Feb 2005 09:39:13 -0500 "Cormack, Ken" <[EMAIL PROTECTED]> wrote: > Yes, Tomasz. I built it myself, from the tarball, downloaded from the > clamav.net web site. The clamd binary that I am hard-pathing to, is > correctly reporting it's version as 0.82. No clam rpms are installed. Please post me (off-list) your config.log -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 9 15:45:46 CET 2005 pgpiMjYMiD5zm.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] "Clamuko is not available"
Yes, Tomasz. I built it myself, from the tarball, downloaded from the clamav.net web site. The clamd binary that I am hard-pathing to, is correctly reporting it's version as 0.82. No clam rpms are installed. Ken Cormack Red Hat Certified Engineer On Wed, 9 Feb 2005 08:47:56 -0500 "Cormack, Ken" <[EMAIL PROTECTED]> wrote: > Tomasz, > > I first tried without any flags, and got the same result Which is > why I then tried the "--enable-clamuko" flag. :/ Make sure you're executing the proper clamd binary (i.e. not the one installed from a RPM package). ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Milter died
> It was the only error I could find. Where can I find .82c? Is that the > snapshot or do I extract it from CVS? Either ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Milter died
On Wed, 9 Feb 2005 09:02:15 +, Nigel Horne <[EMAIL PROTECTED]> wrote: > >I am confused. Your subject says "Milter died", yet the only message you send >is >a non fatal warning. Try 0.82c and post the results. It was the only error I could find. Where can I find .82c? Is that the snapshot or do I extract it from CVS? On my big production system, I had a similar failure. I think it was in Dag's compilation, so I uninstalled the Dag version and installed the CrashHat version. That seems to be stable. On my test machine, I build from source from clamav.net. -- Steve ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] "Clamuko is not available"
On Wed, 9 Feb 2005 08:47:56 -0500 "Cormack, Ken" <[EMAIL PROTECTED]> wrote: > Tomasz, > > I first tried without any flags, and got the same result Which is > why I then tried the "--enable-clamuko" flag. :/ Make sure you're executing the proper clamd binary (i.e. not the one installed from a RPM package). -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 9 15:24:13 CET 2005 pgpciD70zTowf.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Re: failed to send SCAN (null) command to clamd
George Chelidze wrote: Hello, I have yesterday upgraded to 0.82 on two servers (RedHat 7.3 kernel 2.4.24) yesterday morning and everything went fine. This morning I found that on both servers clamd is running but viruses are not detected. >[...] Same problem here My log is full of this messages: Feb 9 11:06:01 anubis clamav-milter[6296]: failed to send SCAN (null) command to clamd Matías. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.W32.MS05-002 False Positives
On Tue, 08 Feb 2005 16:32:41 + Francis Stevens <[EMAIL PROTECTED]> wrote: > Trog wrote: > > > BTW, all the "false positives" I've seen so far are also reported as > > broken by the showriff utility, which was written specifically to check > > these files. > > > > For example: > > > > $ showriff virus-2005-02-08-n0009134 > > Contents of file virus-2005-02-08-n0009134 (18926/0x8926 bytes): > > > > All the problem files I've had are Powerpoint and Word files. For the > Powerpoint files it was a common background image. P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND p900\Evanescence - Bring Me To Life - Daredevil 2 (2).wav: Exploit.W32.MS05-002 FOUND p900\robby-feel.wav: Exploit.W32.MS05-002 FOUND -- Maxim Britov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB GnuPG-ru Team; xmpp:[EMAIL PROTECTED] ICQ 198171258 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] "Clamuko is not available"
Tomasz, I first tried without any flags, and got the same result Which is why I then tried the "--enable-clamuko" flag. :/ Ken -Original Message- From: Tomasz Kojm [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 7:59 AM To: ClamAV users ML Subject: Re: [Clamav-users] "Clamuko is not available" >> I used "./configure --enable-clamuko" in building clamd, and have >There's most likely a bug in the configure script. Please reconfigure it >without any flags. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] failed to send SCAN (null) command to clamd
Hello Krištof, Krištof Petr wrote: George Chelidze wrote: Hello, I have yesterday upgraded to 0.82 on two servers (RedHat 7.3 kernel 2.4.24) yesterday morning and everything went fine. This morning I found that on both servers clamd is running but viruses are not detected. I run freshclam from cron every hour between 15 and 45 minutes randomly so both servers outputed the following into log files and stoped to work after daily update (701) was loaded between 20:15:00 UTC Feb 8 2005 and 20:45:00 UTC Feb 2005: Tue Feb 8 23:42:37 2005 -> No stats for Database check - forcing reload Tue Feb 8 23:42:38 2005 -> Reading databases from /bases Tue Feb 8 23:42:39 2005 -> Database correctly reloaded (30353 viruses) my maillog file reports contains a lot of messages like this: Feb 8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) command to clamd Feb 8 23:26:45 ns clamav-milter[1148]: failed to send SCAN (null) command to clamd Feb 8 23:26:54 ns clamav-milter[1150]: failed to send SCAN (null) command to clamd When it happens on next time, try to run clamdscan to check the clamd is running fine and problem is in clamav-milter itself. It happened again on database reload. I followed your advice and seems clamd is ok, clamav-milter fails. I'll try daily snapshot and reply back soon. Thanks, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] failed to send SCAN (null) command to clamd
Hello Nigel, Nigel Horne wrote: On Wednesday 09 Feb 2005 06:40, George Chelidze wrote: Feb 8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) command to clamd Try clamav-milter 0.82c and post the results. Is it a known issue or just a guess? -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] "Clamuko is not available"
On Tue, 8 Feb 2005 14:47:18 -0500 "Cormack, Ken" <[EMAIL PROTECTED]> wrote: > I used "./configure --enable-clamuko" in building clamd, and have There's most likely a bug in the configure script. Please reconfigure it without any flags. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 9 13:58:10 CET 2005 pgpG7ROXxLfAr.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Downloading virus base manually?
On Wed, 09 Feb 2005 at 1:49:30 +0300, Mikhail Ramendik wrote: > > My typical use case for ClamAV is for catching a worm on a Windows machine, > which can not be online (because the worm would send spam or propagate). My > Linux machine is not infected and I don't want to install anything on it. > > So, I would like to download a Windows binary and a fresh virus base > manually, > and then to move them to the Windows machine bu other means. > > I looked at the clamav.net site and could not find a way to download a fresh > base without freshclam. Does such a way exist? > http://www.mail-archive.com/clamav-users@lists.clamav.net/msg12349.html -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] failed to send SCAN (null) command to clamd
George Chelidze wrote: Hello, I have yesterday upgraded to 0.82 on two servers (RedHat 7.3 kernel 2.4.24) yesterday morning and everything went fine. This morning I found that on both servers clamd is running but viruses are not detected. I run freshclam from cron every hour between 15 and 45 minutes randomly so both servers outputed the following into log files and stoped to work after daily update (701) was loaded between 20:15:00 UTC Feb 8 2005 and 20:45:00 UTC Feb 2005: Tue Feb 8 23:42:37 2005 -> No stats for Database check - forcing reload Tue Feb 8 23:42:38 2005 -> Reading databases from /bases Tue Feb 8 23:42:39 2005 -> Database correctly reloaded (30353 viruses) my maillog file reports contains a lot of messages like this: Feb 8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) command to clamd Feb 8 23:26:45 ns clamav-milter[1148]: failed to send SCAN (null) command to clamd Feb 8 23:26:54 ns clamav-milter[1150]: failed to send SCAN (null) command to clamd When it happens on next time, try to run clamdscan to check the clamd is running fine and problem is in clamav-milter itself. Petr ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Milter died
Steven Stern wrote: Clamav-milter (0.82) died this afternoon. As far as I can see, this is the first error that appears in clamd.log. After that, there are many similar ones. LibClamAV Warning: j17LZE5n030858: /var/spool/clamav/msg.sUSLWW: Access denied. ERROR Are you using /var/spool/clamav/ as quarantine directory? clamav user must have permission to write to this directory. No more idea :-( Petr ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] failed to send SCAN (null) command to clamd
On Wednesday 09 Feb 2005 06:40, George Chelidze wrote: > Feb 8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) > command to clamd Try clamav-milter 0.82c and post the results. -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Milter died
On Wednesday 09 Feb 2005 04:29, Steven Stern wrote: > Clamav-milter (0.82) died this afternoon. As far as I can see, this is the > first error that appears in clamd.log. After that, there are many similar > ones. > > LibClamAV Warning: j17LZE5n030858: /var/spool/clamav/msg.sUSLWW: Access > denied. > ERROR > > I stopped sendmail and clamd, did an rm -fr the contents of /var/spool/clamav, > and restarted everything. So far, it seems happy. > > Any ideas on what might have caused clamav-milter to get confused and die? I'm > using clamav-milter with the --external switch. I am confused. Your subject says "Milter died", yet the only message you send is a non fatal warning. Try 0.82c and post the results. -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Kmail Filters
>I want to set up a filter in Kmail to scan my email for viruses like I have >spamassasian checking for spam. Can someone tell me how to do that? As other users have pointed out you can use the anti-virus wizard that's built into the latest versions of KMail. Another alternative, is to use the mail-scanning agent that comes with KlamAV, a KDE gui frontend for Clamav. The setup process is performed by KlamAV itself, so it should require minimum fuss to get it going. Because KlamAV uses clamd the scanning is faster and less intrusive than the clamscan scanning set up by KMail's wizard. I should probably declare my interests by saying that I'm the author of KlamAV. So if you do try it, I'd welcome any feedback. Thanks, Robert __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
