RE: [Clamav-users] ClamAv v0.83 for SuSE 9.2 bin rpm's?
taken from suse ml: Yes, we know. We will be releasing 0.83 too in some days. Ciao, Marcus im using suse 9.2 too but i dont wanna wait everytime for the rpms so i compile clam from source greetings andy >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >Johan Barelds >Sent: Monday, February 21, 2005 6:37 PM >To: ClamAV users ML >Subject: [Clamav-users] ClamAv v0.83 for SuSE 9.2 bin rpm's? > > >Hi all, > >Does someone know if or when ClamAv 0.83 for SuSE v9.2 will >become available? The latest version on their website( >ftp://ftp.suse.com/pub/projects/clamav) >is 0.82. >I seem to recall from earlier discussions in this list that >SuSE have been >patching the broken software themselves and therefor not >upgrading the Clamav >rpm's? > >Thanks for any info! > >-- >Kind Regards / Met vriendelijke groet, > >Johan Barelds Good-IT! >Tel.+31(0)70-3965230 Strijplaan 320 >Mob.+31(0)6-54253750 2285 HZ Rijswijk(ZH) >[EMAIL PROTECTED] http://www.good-it.com >___ >http://lurker.clamav.net/list/clamav-users.html > ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Clamav.conf parameters revisited
Harald Villemoes wrote: I have a novice question. I am running clamav on a W2003server (clamWin / cygwin) and are very happy with it. I use it through the clamscan interface, but expect to be able to run much faster using clamav and clamdscan. That depends on several factors. For instance I have a CommuniGate mail server that uses the cgFilterMessages filter, it has the option of using clamdscan or clamscan, and for low volume it makes no difference. But you are right, there could be a difference with higher messaging volume. Unfortunately I cannot read the man pages except in "raw" format, which is not very convenient. Can I read the clamav.conf parameter description somewhere on the net ? Or does anybody know a Win-based man reader ? Cygwin's man is what I use. But I assume you installed only ClamWin not Cygwin... which BTW includes in its distribution clamav so, for a mail server, you don't need ClamWin which is really for end users. I could run "man clamd.conf > clamd.conf.txt" and send it to you, if you like. One note about Clamav/Cygwin, using the last "stable" Cygwin release you will notice that clamd uses an increasing number of UDP ports. The problem is in Cygwin and its implementation of threads, it has been corrected but the snapshots have other problems and changes so I don't recomend using them. But the point is, and you'll see people talking that clamd is not stable under Windows when they don't really know, that it can work very well, the maintainer for Cygwin seems to be doing a good job (I don't use it because I spent a lot of time tracking the problem and know how to correct it). Regards. -- René Berber ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrading ClamAV
Put them all on one line... rpm -Fvh zlib-1.2.1.2-0.fc2.i386.rpm zlib-devel-1.2.1.2-0.fc2.i386.rpm *clam*83*.rpm That worked just great. Thanks. Matthew >I am trying to upgrade ClamAV on Fedora Core 2 box. [EMAIL PROTECTED] files]# freshclam ClamAV update process started at Mon Feb 21 14:59:24 2005 WARNING: Your ClamAV installation is OUTDATED - please update immediately! So I try upgrading Good! as below. Any suggestions? warning: clamav-0.83-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1 error: Failed dependencies: zlib >= 1.2.1.2 is needed by clamav-0.83-1 [EMAIL PROTECTED] files]# rpm -Uvh zlib-1.2.1.2-0.fc2.i386.rpm error: Failed dependencies: zlib = 1.2.1.1 is needed by (installed) zlib-devel-1.2.1.1-2.1 [EMAIL PROTECTED] files]# rpm -Uvh zlib-devel-1.2.1.2-0.fc2.i386.rpm error: Failed dependencies: zlib = 1.2.1.2 is needed by zlib-devel-1.2.1.2-0.fc2 Put them all on one line... rpm -Fvh zlib-1.2.1.2-0.fc2.i386.rpm zlib-devel-1.2.1.2-0.fc2.i386.rpm *clam*83*.rpm ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrading ClamAV
Matt wrote: [EMAIL PROTECTED] files]# rpm -Uvh zlib-1.2.1.2-0.fc2.i386.rpm error: Failed dependencies: zlib = 1.2.1.1 is needed by (installed) zlib-devel-1.2.1.1-2.1 [EMAIL PROTECTED] files]# rpm -Uvh zlib-devel-1.2.1.2-0.fc2.i386.rpm error: Failed dependencies: zlib = 1.2.1.2 is needed by zlib-devel-1.2.1.2-0.fc2 Put the packages into the same rpm command and rpm resolves the inter dependencies... The clam packages will require the same, so rpm -vhU clamav... clamav-db... clamd... zlib... zlib-devel... does the job (I don't immediately see any other dependency problem on FC2), although many prefer to update packages that comes with Fedora with yum, at least if you can find a decent mirror, since yum automagically resolves any such dependencies for you. HR -- /"\ \ /ASCII Ribbon Campaign X against HTML email & vCards / \http://arc.pasp.de/ ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Upgrading ClamAV
I am trying to upgrade ClamAV on Fedora Core 2 box. [EMAIL PROTECTED] files]# freshclam ClamAV update process started at Mon Feb 21 14:59:24 2005 WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Local version: 0.80 Recommended version: 0.83 main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek) daily.cvd is up to date (version: 718, sigs: 1929, f-level: 4, builder: tkojm) WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Current functionality level = 3, required = 4 So I try upgrading as below. Any suggestions? Thanks. Matthew [EMAIL PROTECTED] files]# rpm -Uvh clamav-0.83-1.i386.rpm warning: clamav-0.83-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1 error: Failed dependencies: zlib >= 1.2.1.2 is needed by clamav-0.83-1 [EMAIL PROTECTED] files]# rpm -Uvh zlib-1.2.1.2-0.fc2.i386.rpm error: Failed dependencies: zlib = 1.2.1.1 is needed by (installed) zlib-devel-1.2.1.1-2.1 [EMAIL PROTECTED] files]# rpm -Uvh zlib-devel-1.2.1.2-0.fc2.i386.rpm error: Failed dependencies: zlib = 1.2.1.2 is needed by zlib-devel-1.2.1.2-0.fc2 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav.conf parameters revisited
I have a novice question. I am running clamav on a W2003server (clamWin / cygwin) and are very happy with it. I use it through the clamscan interface, but expect to be able to run much faster using clamav and clamdscan. Unfortunately I cannot read the man pages except in "raw" format, which is not very convenient. Can I read the clamav.conf parameter description somewhere on the net ? Or does anybody know a Win-based man reader ? Thanks in advance Harald ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Questions on clamd.conf parameters: MaxConnectionQueueLength and MaxThreads
Joanna Roman wrote: What are MaxConnectionQueueLength and MaxThreads for ? MaxThreads is used to define the number of concurrent scanners; high throughput servers do requiere that many messages be scanned at the same time. MaxConnectionQueueLength defines how many requests each scanner tries to handle sequentially (by putting them in a FIFO queue they accept new connections but scan one by one). Each scanner is one thread, there is also a manager thread that decides when to create more scanner threads. I think that you can only run one clamd instance on one machine. Anymore more instaces will automatically exist due to not being able to bind to the same socket (either /tmp/clamd or TCP socket 3310. Correct. On my machine, I set both to be 2. Then I noticed that I can do more than two telnet 3310 to the localhost. So I am just curious what are MaxConnectionQueueLengh and MaxThreads really for ? I would try more than MaxConnectionQueueLengh x MaxThreads connections (i.e. 5 in your test). Disclaimer: I'm not a clamav expert, just a programer, and these concepts do vary with different operating systems (how they handle threads and queues) so what I say may not be very precise. Hope this helps anyway. -- René Berber ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: System boot error:Starting clamav-milter:clamam-milter:No socket address given
shams rahman wrote: i have installed the clamav-0.83.tar.gz,clamd is auto staring at boot,while for clamav-milter this is the error: System boot error:Starting clamav-milter:clamam-milter:No socket address given any one can help me where i can give the soket address for clamav-milter? regards That's done in sendmail's configuration. The manual (under clamav-0.83/Docs/) says how to do that. -- René Berber ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: return codes
G. Harman wrote: Being new to clamav, I'm still struggling a bit with the scanning process. I'm using clamav on a stand-alone machine. Clamd and fresh clam seem to be working O.K. at boot. My Thunderbird email headers are: X-Mozilla-Status: X-Mozilla-Status2: Is this what clam should be reporting? Or is there a setting I'm missing to show something like X-VirusScan:0 ? What should the headers look like to let me know everything is good. Clamd doesn't add anything to mail messages, is another (3rd party) software that does that. For instance you may retrieve your mail using P3scan which is a pop3 proxy, you do that by connecting Thunderbird to P3scan which in turn is connected to your real (ISP perhaps) pop server. There are many 3rd party packages for different purposes, see http://www.clamav.net/3rdparty.html, and their installation and configuration including your client software (Thunderbird) varies. Thunderbird alone doesn't have antivirus integration (perhaps some plugin does, I'm not sure). Hope this helps. -- René Berber ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAv v0.83 for SuSE 9.2 bin rpm's?
Hi all, Does someone know if or when ClamAv 0.83 for SuSE v9.2 will become available? The latest version on their website( ftp://ftp.suse.com/pub/projects/clamav) is 0.82. I seem to recall from earlier discussions in this list that SuSE have been patching the broken software themselves and therefor not upgrading the Clamav rpm's? Thanks for any info! -- Kind Regards / Met vriendelijke groet, Johan Barelds Good-IT! Tel.+31(0)70-3965230Strijplaan 320 Mob.+31(0)6-542537502285 HZ Rijswijk(ZH) [EMAIL PROTECTED] http://www.good-it.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] moving ml
- Original Message - From: "Luca Gibelli" <[EMAIL PROTECTED]> To: Sent: Sunday, February 20, 2005 3:24 AM Subject: Re: [Clamav-users] moving ml Please bear with us as we move the ml. our primary ml server is back online. Should you encounter any problem, please contact me or Mike Cathey privately. Our contacts are on the website. Best regards -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg ___ http://lurker.clamav.net/list/clamav-users.html Wow - that was pretty seamless! Great job, folks! Thomas ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam and milter --internal notification
[5th attempt to send to list.. apparently primary MX just drops messages after accepting them.] I'm using clamav-milter in the default mode (no --external flag). As such, I see no need to run clamd. But freshclam doesn't like this very much: freshclam[26975]: ERROR: Clamd was NOT notified: No socket specified in /usr/local/encap/clamav-0.83/etc/clamd.conf Now, clamav-milter will still see the updates, right? Since it checks the database for changes? Or should I be doing something differently here, like setting the socket in clamd.conf to the milter.sock (rather than the clamd.sock it would normally have pointed to)? If I'm not doing something wrong here, then perhaps this freshclam message should be toned down a bit from ERROR to Warning, or have a flag to disable it? Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam and milter --internal notification
[Fourth try, from a different machine this time.] [Third try... hopefully it'll work now that the mailing list has been "moved".] [Sorry if this becomes a dupe... I sent it hours ago and it doesn't appear to have gone out on the list.] I'm using clamav-milter in the default mode (no --external flag). As such, I see no need to run clamd. But freshclam doesn't like this very much: freshclam[26975]: ERROR: Clamd was NOT notified: No socket specified in /usr/local/encap/clamav-0.83/etc/clamd.conf Now, clamav-milter will still see the updates, right? Since it checks the database for changes? Or should I be doing something differently here, like setting the socket in clamd.conf to the milter.sock (rather than the clamd.sock it would normally have pointed to)? If I'm not doing something wrong here, then perhaps this freshclam message should be toned down a bit from ERROR to Warning, or have a flag to disable it? Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam and milter --internal notification
[Third try... hopefully it'll work now that the mailing list has been "moved".] [Sorry if this becomes a dupe... I sent it hours ago and it doesn't appear to have gone out on the list.] I'm using clamav-milter in the default mode (no --external flag). As such, I see no need to run clamd. But freshclam doesn't like this very much: freshclam[26975]: ERROR: Clamd was NOT notified: No socket specified in /usr/local/encap/clamav-0.83/etc/clamd.conf Now, clamav-milter will still see the updates, right? Since it checks the database for changes? Or should I be doing something differently here, like setting the socket in clamd.conf to the milter.sock (rather than the clamd.sock it would normally have pointed to)? If I'm not doing something wrong here, then perhaps this freshclam message should be toned down a bit from ERROR to Warning, or have a flag to disable it? Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam and milter --internal notification
[Sorry if this becomes a dupe... I sent it hours ago and it doesn't appear to have gone out on the list.] I'm using clamav-milter in the default mode (no --external flag). As such, I see no need to run clamd. But freshclam doesn't like this very much: freshclam[26975]: ERROR: Clamd was NOT notified: No socket specified in /usr/local/encap/clamav-0.83/etc/clamd.conf Now, clamav-milter will still see the updates, right? Since it checks the database for changes? Or should I be doing something differently here, like setting the socket in clamd.conf to the milter.sock (rather than the clamd.sock it would normally have pointed to)? If I'm not doing something wrong here, then perhaps this freshclam message should be toned down a bit from ERROR to Warning, or have a flag to disable it? Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Creating new signatures
On Sat, Feb 19, 2005 at 09:07:05PM +0100, q# wrote: [...] > So I want create those sigs but my skillindex is at 0% level :/ Can > users who have experience with catching and creating malware sigs point > me to useful docs/tools? >From Google: http://www.antionline.com/showthread.php?s=&threadid=262455 http://clamav.net/doc/0.75/signatures.pdf http://clamav.net/doc/0.83/signatures.pdf Above PDFs are differ, both have useful info. > I started .HDB (md5) sigs but not all malware could be catched with this > way. My biggest problem is to: how to catch evil code inside binary > file. http://hns.at.kubek.eu.org/pub/ftp/viruses/ In `./local/' you can find my `local.hdb' file, which is created from separate ./done-clamav-?/*.hdb sigs. Those single sigs are against malware with similar name and .vir extension in `./done-*' dirs. Comments are welcome. -- best regards q# ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] This is a bug in 0.82 and 0.83
Hi, Let me know what you think. I downloaded clamav (0.92) and installed it. When I clamscan clamav-0.82.tar.gz, clamscan says the archive is OK. However, when I clamscan clamav-0.82/test, clamscan says "ClamAV-Test-File" found. So why cant clamscan detect "ClamAV-Test-File" "virus" in clamav-0.82.tar.gz in the first place ?? At the beginning, I thought it could be due to max space was reached. So I scan with option --max-block, apparently none of max-files, max-space and max-recursion was reached. Is this a bug ? See below: linux7:/home/netscan 192 >clamscan clamav-0.82/test/ <-- detected "ClamAV-Test-File" clamav-0.82/test/clam.cab: ClamAV-Test-File FOUND clamav-0.82/test/clam-error.rar: RAR module failure clamav-0.82/test/clam-error.rar: OK clamav-0.82/test/clam.rar: ClamAV-Test-File FOUND clamav-0.82/test/clam.exe: ClamAV-Test-File FOUND clamav-0.82/test/clam.exe.bz2: ClamAV-Test-File FOUND clamav-0.82/test/README: OK clamav-0.82/test/clam.zip: ClamAV-Test-File FOUND --- SCAN SUMMARY --- Known viruses: 30342 Scanned directories: 1 Scanned files: 7 Infected files: 5 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.376 sec (0 m 0 s) exit code = 1 linux7:/home/netscreen1 193 >clamscan clamav-0.82.tar.gz <--- Did not detect "ClamAV-Test-File" clamav-0.82.tar.gz: OK --- SCAN SUMMARY --- Known viruses: 30342 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 23.78 MB I/O buffer size: 131072 bytes Time: 6.080 sec (0 m 6 s) exit code = 0 linux7:/home/netscan 194 >clamscan --block-max clamav-0.82.tar.gz <-- Did not detect "ClamAV-Test-File" clamav-0.82.tar.gz: OK --- SCAN SUMMARY --- Known viruses: 30342 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 23.78 MB I/O buffer size: 131072 bytes Time: 6.156 sec (0 m 6 s) exit code = 0 linux7:/home/netscan 195 > __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Questions on clamd.conf parameters: MaxConnectionQueueLength and MaxThreads
What are MaxConnectionQueueLength and MaxThreads for ? I think that you can only run one clamd instance on one machine. Anymore more instaces will automatically exist due to not being able to bind to the same socket (either /tmp/clamd or TCP socket 3310. On my machine, I set both to be 2. Then I noticed that I can do more than two telnet 3310 to the localhost. So I am just curious what are MaxConnectionQueueLengh and MaxThreads really for ? __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] System boot error:Starting clamav-milter:clamam-milter:No socket address given
Hi, i have installed the clamav-0.83.tar.gz,clamd is auto staring at boot,while for clamav-milter this is the error: System boot error:Starting clamav-milter:clamam-milter:No socket address given any one can help me where i can give the soket address for clamav-milter? regards _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam and milter --internal notification
I'm using clamav-milter in the default mode (no --external flag). As such, I see no need to run clamd. But freshclam doesn't like this very much: freshclam[26975]: ERROR: Clamd was NOT notified: No socket specified in /usr/local/encap/clamav-0.83/etc/clamd.conf Now, clamav-milter will still see the updates, right? Since it checks the database for changes? Or should I be doing something differently here, like setting the socket in clamd.conf to the milter.sock (rather than the clamd.sock it would normally have pointed to)? If I'm not doing something wrong here, then perhaps this freshclam message should be toned down a bit from ERROR to Warning, or have a flag to disable it? Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] return codes
Greetings, Being new to clamav, I'm still struggling a bit with the scanning process. I'm using clamav on a stand-alone machine. Clamd and fresh clam seem to be working O.K. at boot. My Thunderbird email headers are: X-Mozilla-Status: X-Mozilla-Status2: Is this what clam should be reporting? Or is there a setting I'm missing to show something like X-VirusScan:0 ? What should the headers look like to let me know everything is good. Thanks for the newbie patience ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] PATCH: typo in daily.db (against v:718)
Hi, Small typo in ``Trojan.Quickbrowse-1'' signature name. -- best regards q# --- daily.dbMon Feb 21 14:09:04 2005 +++ daily.db.newMon Feb 21 14:12:08 2005 @@ -956,7 +956,7 @@ Trojan.Lazzar-1 (Clam)=696379636f6e6669675f70617468003200646d6d2e657865006c617a7a61726f5f7061746820002570726f6772616d66696c6573252577696e646f777325002573797374656d25706172616d00646972006e616d6572756e0073657373696f6e006c617a7a61 Trojan.Qhost.T (Clam)=61646573636f2e636f6d2e6272003230392e3133342e34312e34310025732025730a0089f68dbc27433a5c57494e444f57535c73797374656d33325c647269766572735c6574635c686f737473008d76008dbc275531c089e583ec1883e4 Trojan.Qhost.U (Clam)=636f732e636f6d00772e6c79636f732e636f6d00646d6f7a2e6f7267005c647269766572735c6574635c686f73747300770025730925730a00905589e5575681ec00038dbd18ffbe10404000b8e000fc89c1c1e902f3a5c744240400028d8518fd890424e8650183ec08c7442404553340008d8518fd890424e87c09c744 -Trojan.Quickbrowse-1 8Clam)=425253520073767272756e2e65786573767272756e716273767272756e752e6578650077696e6469725c73767272756e2e6c6f6700696e7374616c6c00756e696e7374616c6c00696e7374616c6c0073767272756e6d124000851240001d644200e01c4000103340005ec8 +Trojan.Quickbrowse-1 (Clam)=425253520073767272756e2e65786573767272756e716273767272756e752e6578650077696e6469725c73767272756e2e6c6f6700696e7374616c6c00756e696e7374616c6c00696e7374616c6c0073767272756e6d124000851240001d644200e01c4000103340005ec8 Trojan.Sectho-9 (Clam)=726572002f76372f646174612f636f6e6669672d76312e62696e2f76372f646174612f636f6e6669672d76312e6d643577696e757064742e62696e002f76372f636c2e7068703f613d6526623d256426633d256430303032536f6674776172655c41554e303030312564253032783030303353 Trojan.Delf-21 (Clam)=7366af76452dcde7b9338069f742a35ca5f5fd15bb3ed5e0152ecceb6edbcb9fb988b05b3ab0d606262b5acb22f33ae6e9bb6fc6562c3db11672df9ebd36ad79327335d7cd0c3feb15e44b25e4114816743e6036f71670d820b6fb15c08f738355bea3528204a8835661fb6a12348e17d9a5b57c90a4fc3f671621ce62235fcb5b7c9c6a80584a1a464e8734112bf9ac6e3bc2cee2d0 Trojan.HacDef-8 (Clam)=eb06c706060200c08b45248b005f5e5bc9c22400cc558bec53568b750c8b466033db8d4e18578b7e0c8919895e1c80380e8b500c897d0c752b8bda83e30380fb0375058b5e3ceb038b5d0cff75085152ff700453ff7008576a01ff7018e86df78bd832d28bceff15342001005f5e8bc35b5dc208004661696c656420746f2063726561746520646576696365210a00466169 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Does ClamAV crash?
On Feb 21, 2005, at 01:52, Tomasz Kojm wrote: On Mon, 21 Feb 2005 01:39:20 -0500 Dale Walsh <[EMAIL PROTECTED]> wrote: These are systems I have been able to see ClamAV either crash or freeze on (can only do gdb on Mac due to access, I own them.) and the problem appears to be related to the shared library more than anything else from what I can tell (meaning, if you use the library, it will crash and I'm assuming it does when it's adding a new viri def as I believe is being noted in the bt on frame 1) Digging back, problems seems to have been introduced in 0.81. OSX 10.3.4, 10.3.7, 10.3.8 FreeBSD 5.2, 5.3 FC1 It's most likely a programming bug. You know what my last (private) advice to you was... -- oo. Tomasz Kojm <[EMAIL PROTECTED]> I do recall the last private message and I can't see how that applies to several different OS environments. I didn't do the FC1 or FreeBSD 5.2 install but I did do the others, I have since been able to get gbd installed on the FreeBSd 5.2 server and have been keeping an eye on it and it looks like it hangs with exactly the same problem and I have been tracing the process and it seems to occur during a freshclam cvd update (when it actually updates the virus db files) and now appears to have little to do with external use of the shared libraries because I have nothing accessing them on any system yet it continues to hang on the FC1 server after a couple of db updates and the FreeBSD system clamd just dies so I'll wait until the next time it dies and see where it leads me. Building the source on FreeBSD gives warnings about redefines of int8_t and some others while on the Mac, I get other warnings but nothing that stops the build process. The issue with linking on the Mac has been resolved by the latest OS/Dev Tools update. -- Dale ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] stdin - stdout mail filter
Hi, I'm using courier-mta and am looking for a mail filter that does the following: - read mail from stdin - scan for viruses - modify header of the message accordingly - optional: send mail to sender in case of infection - optional: remove virus from mail - write resulting mail to stdout I want to be able to include that program in the .courier file with "||". If the program or script would integrate spamassasin it would be great. At the moment I'm using the longtime discontinued blackhole, which does all of this except for writing to stdout, it writes directly to the mailbox preventing further filtering. Does anyone know a program that fulfills my needs? Thanks, Philipp ___ http://lurker.clamav.net/list/clamav-users.html
