Re: [Clamav-users] Re: virus passing through clamav-milter, but not through clamdscan!
Apostolos Papayanakis: There seems to be a problem with the initial From line in the viral mbox-style mailbox (removing it hides the virus from clamdscan). I can confirm this. If I remove the From line from my sample files, clamscan says they are OK. With the From line, they show as infected with Bagz. I think you are on to something. --- Jef Jef Poskanzer [EMAIL PROTECTED] http://www.acme.com/jef/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Sober.P sidebar topic
[EMAIL PROTECTED] said: On Tue, 17 May 2005, Dennis Peterson wrote: We've seen a huge number of increased failed ssh logins, however, I can't exactly corrolate it with anything specific. They appear to be zombies scanning for known default passwords. The kickoff date here was May 4. Nothing in the logs prior and then 24/7 solid, so I thought I'd ask around and see what others are experiencing. Thanks, Eric. dp Here's a graph for May to date. Not sure what happened on the 5th -- aparently everyone was out drinking for cinco de mayo. My ~/t.t holds all the sshd entries for 2 logrotates back (zgrep++). Do you see much of a trend? The 4th is huge, but so are a few other days. -Eric Tracks well with mine, Eric - can you provide the IP list from the 4th? Offline, of course so big sig guy doesn't get his speedos in a bunch. Thanks! dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] option -V reports wrong database
Hello, I just noticed that clamav freshclam 0.85.1 seems to report wrong informations about the virus database $clamscan -V ClamAV 0.85.1/507/Mon Sep 27 12:53:21 2004 #freshclam -V ClamAV 0.85.1/507/Mon Sep 27 12:53:21 2004 but my database is up2date : #freshclam ClamAV update process started at Wed May 18 09:51:15 2005 Reading CVD header (main.cvd): OK (IMS) main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm) Reading CVD header (daily.cvd): OK (IMS) daily.cvd is up to date (version: 884, sigs: 1338, f-level: 5, builder: ccordes) It used to report the correct database. Just in case it can help : $ll -tr /var/lib/clamav/ total 7292 -rw-r--r-- 1 clamav clamav 117896 aoĆ» 18 2004 632555234d72f34e -rw-r--r-- 1 clamav clamav 227634 sep 2 2004 6a810ff829635ed0 -rw-r--r-- 1 clamav clamav 232832 sep 3 2004 71b86cdf5896c461 -rw-r--r-- 1 clamav clamav 251019 sep 8 2004 09e6e8be9f01781d -rw-r--r-- 1 clamav clamav 242488 sep 9 2004 1f78566bc1b07cc9 -rw-r--r-- 1 clamav clamav 252370 sep 13 2004 c2fe0615fd7861b6 -rw-r--r-- 1 clamav clamav 221656 sep 14 2004 f5913265058b92e7 -rw-r--r-- 1 clamav clamav 261245 sep 15 2004 3814c32757ad0d43 -rw-r--r-- 1 clamav clamav 264858 sep 16 2004 9193151b56dcef49 -rw-r--r-- 1 clamav clamav 227450 sep 20 2004 caf6f29735217f6a -rw-r--r-- 1 clamav clamav 235728 sep 21 2004 e1f89ccecbf96bc2 -rw-r--r-- 1 clamav clamav 258563 sep 22 2004 531e0e78e504b3f7 -rw-r--r-- 1 clamav clamav 227712 sep 23 2004 3d411a220bedaefb -rw-r--r-- 1 clamav clamav 232594 sep 24 2004 8a331014e9d8f91a -rw-r--r-- 1 clamav clamav 261433 sep 27 2004 b50fa9ad3a5027a8 -rw-r--r-- 1 clamav clamav 311822 sep 28 2004 66731f1bd37cb418 -rw-r--r-- 1 clamav clamav 1284637 sep 29 2004 main.cvd.rpmsave -rw-r--r-- 1 clamav clamav 63542 sep 29 2004 daily.cvd.rpmsave -rw-r--r-- 1 clamav clamav 2014018 avr 26 12:00 main.cvd -rw-r--r-- 1 clamav clamav 158168 mai 18 09:36 daily.cvd Regards. -- didier ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Worm.Mytob.BR two servers one finding, second not
clamd 0.85 and 0.85.1 same result, system OpenBSD 3.5 on first server work fine on second clamdscan report OK any sugestion ? i'll be greatfull Wojtek -- Startuj z INTERIA.PL! http://link.interia.pl/f186c ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Worm.Mytob.BR two servers one finding, second not
On Wed, 2005-05-18 at 10:20 +0200, rybka52 wrote: clamd 0.85 and 0.85.1 same result, system OpenBSD 3.5 on first server work fine on second clamdscan report OK any sugestion ? How many signatures is each reporting to have? -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] AES encrypted zips causing scan error
OK - this seems to be a 'known issue'. A patch is here if other are having this problem: http://blog.gmane.org/gmane.comp.security.virus.clamav.devel Does anyone know if/when this will be fixed in a stable release? Thanks, Chris --- Chris Masters [EMAIL PROTECTED] wrote: Hi All, WinZip 9 256 bit AES encrypted zip files cause errors [tested against 0.85.1]. We're calling clam from MIMEDefang and the scan returns an error. Other encrypted zip files scan OK. Is there any way round this as we have users wanting to get these files through? Thanks, Chris LibClamAV debug: Loading databases from /usr/local/clamav-0.85.1/share/clamav LibClamAV debug: Loading /usr/local/clamav-0.85.1/share/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 97483b1d8189548e820e8a3f4bef787b LibClamAV debug: Decoded signature: 97483b1d8189548e820e8a3f4bef787b LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-9ed9a4f6e5fc39f3/COPYING LibClamAV debug: Unpacking /tmp/clamav-9ed9a4f6e5fc39f3/main.db LibClamAV debug: Unpacking /tmp/clamav-9ed9a4f6e5fc39f3/main.hdb LibClamAV debug: Unpacking /tmp/clamav-9ed9a4f6e5fc39f3/main.ndb LibClamAV debug: Unpacking /tmp/clamav-9ed9a4f6e5fc39f3/main.zmd LibClamAV debug: Unpacking /tmp/clamav-9ed9a4f6e5fc39f3/main.fp LibClamAV debug: Loading databases from /tmp/clamav-9ed9a4f6e5fc39f3 LibClamAV debug: Loading /tmp/clamav-9ed9a4f6e5fc39f3/main.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-9ed9a4f6e5fc39f3/main.hdb LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-9ed9a4f6e5fc39f3/main.ndb LibClamAV debug: Loading /tmp/clamav-9ed9a4f6e5fc39f3/main.zmd LibClamAV debug: Loading /tmp/clamav-9ed9a4f6e5fc39f3/main.fp LibClamAV debug: Loading /usr/local/clamav-0.85.1/share/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 42269589481f2dbe16f277ce58a5a080 LibClamAV debug: Decoded signature: 42269589481f2dbe16f277ce58a5a080 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-3181b9a816c26648/COPYING LibClamAV debug: Unpacking /tmp/clamav-3181b9a816c26648/daily.db LibClamAV debug: Unpacking /tmp/clamav-3181b9a816c26648/daily.hdb LibClamAV debug: Unpacking /tmp/clamav-3181b9a816c26648/daily.ndb LibClamAV debug: Loading databases from /tmp/clamav-3181b9a816c26648 LibClamAV debug: Loading /tmp/clamav-3181b9a816c26648/daily.db LibClamAV debug: Loading /tmp/clamav-3181b9a816c26648/daily.hdb LibClamAV debug: Loading /tmp/clamav-3181b9a816c26648/daily.ndb LibClamAV debug: Recognized ZIP file LibClamAV debug: in scanzip() LibClamAV debug: Zip: A File.txt, crc32: 0x0, encrypted: 1, compressed: 4921, normal: 43378, method: 99, ratio: 8 (max: 250) LibClamAV debug: ZzipLib: Unsupported compression mode (99) LibClamAV debug: Zip: Can't open file A File.txt LibClamAV debug: Calculated MD5 checksum: aa70e748d4c68d5a337cca261693bfea problem.ZIP: Zip module failure LibClamAV debug: Recognized ZIP file LibClamAV debug: Calculated MD5 checksum: aa70e748d4c68d5a337cca261693bfea problem.ZIP: OK --- SCAN SUMMARY --- Known viruses: 34399 Engine version: 0.85.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.01 MB Time: 0.804 sec (0 m 0 s) __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Jones Sent: dinsdag 17 mei 2005 15:57 To: ClamAV users ML Subject: Re: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through? On my system, only #24 and #25 make it through ... both of which don't have a test virus in them :) -- Ken Jones What is stopping #5 #17 in your configuration ? Is it clamd or somethingelse ? My config : messagewall, clamdmail, clamd, spamd and numbers 5,17, 24 and 25 are getting trough :-( Stefaan ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Exclude extension from scanning
Hello, I have a problem with an extension .FM6. Really, this file is an encrypted zip and the clamd says ASBHCI83.FM6: Input/Output error ERROR How I can exclude this extension from the clamd? Thank you. David. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Exclude extension from scanning
On Wed, 2005-05-18 at 12:44 +0200, David wrote: Hello, I have a problem with an extension .FM6. Really, this file is an encrypted zip and the clamd says ASBHCI83.FM6: Input/Output error ERROR How I can exclude this extension from the clamd? Upgrade to 0.85.1 -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Exclude extension from scanning
On Wed, 18 May 2005 12:44:21 +0200 David [EMAIL PROTECTED] wrote: Hello, I have a problem with an extension .FM6. Really, this file is an encrypted zip and the clamd says ASBHCI83.FM6: Input/Output error ERROR Upgrade to 0.85.1. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed May 18 12:46:46 CEST 2005 pgpZIzSVqlWn1.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Exclude extension from scanning
But, if i need to exclude an extension. How i do it? Thanx, -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Tomasz Kojm Enviado el: dimecres, 18 / maig / 2005 12:47 Para: ClamAV users ML Asunto: Re: [Clamav-users] Exclude extension from scanning On Wed, 18 May 2005 12:44:21 +0200 David [EMAIL PROTECTED] wrote: Hello, I have a problem with an extension .FM6. Really, this file is an encrypted zip and the clamd says ASBHCI83.FM6: Input/Output error ERROR Upgrade to 0.85.1. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed May 18 12:46:46 CEST 2005 ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Exclude extension from scanning
On Wed, 2005-05-18 at 13:28 +0200, David wrote: But, if i need to exclude an extension. How i do it? Use --exclude, easy when you read the manual. -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Exclude extension from scanning
On Wed, May 18, 2005 at 01:28:43PM +0200, David wrote: But, if i need to exclude an extension. How i do it? Thanx, Pardon my butting in, but is this not more of a job for MailScanner or such? Once MailScanner (or similar) has decided which mails it is not going to reject, it then calls ClamAV to test for viruses. Regards, Jo. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem in clamav startup on solaris
On Tue, 17 May 2005, Eric J. Wisti wrote: How are others with Solaris handling the socket? I put my socket in /var/clamav instead of /var/run [Libby]:/var$ ls -ld clamav/ drwxrwsr-x2 clamav clamav512 May 17 11:06 clamav/ Both the clamd and clamav-milter sockets are there, along with the clamd.pid file. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Worm.Mytob.BR two servers one finding, second not
clamd 0.85 and 0.85.1 same result, system OpenBSD 3.5 on first server work fine on second clamdscan report OK any sugestion ? How many signatures is each reporting to have? work bad : 34417 work fine : 34517 Thanks for advice ! Wojtek -- Startuj z INTERIA.PL! http://link.interia.pl/f186c ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Sober.P sidebar topic
On Tuesday 17 May 2005 8:58 pm, Dennis Peterson wrote: Anyone noticing any increase in failed login attempts via ssh? I have and the timing associates well with the recent outbreak. Last night we saw the first password ssh scans against our machine. Looks like scanning for default accounts with passwords set to password Ken Jones inter7.com ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Sober.P sidebar topic
Yip, seen it increase since this German SPAM started to hit my server -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Jones Sent: 18 May 2005 04:42 PM To: ClamAV users ML Subject: Re: [Clamav-users] Sober.P sidebar topic On Tuesday 17 May 2005 8:58 pm, Dennis Peterson wrote: Anyone noticing any increase in failed login attempts via ssh? I have and the timing associates well with the recent outbreak. Last night we saw the first password ssh scans against our machine. Looks like scanning for default accounts with passwords set to password Ken Jones inter7.com ___ http://lurker.clamav.net/list/clamav-users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.12 - Release Date: 2005/05/17 ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Sober.P sidebar topic
Thomas Wheeler said: Yip, seen it increase since this German SPAM started to hit my server -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Jones Sent: 18 May 2005 04:42 PM To: ClamAV users ML Subject: Re: [Clamav-users] Sober.P sidebar topic On Tuesday 17 May 2005 8:58 pm, Dennis Peterson wrote: Anyone noticing any increase in failed login attempts via ssh? I have and the timing associates well with the recent outbreak. Last night we saw the first password ssh scans against our machine. Looks like scanning for default accounts with passwords set to password Ken Jones inter7.com We had one IP attempting to get in for quite a while (194.55.159.7) last night. Probably not worth blocking in the packet filter. If a pattern shows up I'll consider blocking IP ranges. dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd reload causing mail server to tempfail
Gack! I came in this morning to find this in my clamd.log... Tue May 17 15:35:10 2005 - Reading databases from /usr/local/share/clamav Tue May 17 15:35:10 2005 - Database correctly reloaded (34417 viruses) LibClamAV Warning: Not reloading database until idle - waiting for 2 children LibClamAV Warning: Waiting for 1 children until databae reload LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Not accepting inputs at the moment (last line repeats many many times...) LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Waiting for 0 children until databae reload LibClamAV Warning: Accepting inputs again LibClamAV Warning: Accepting inputs again LibClamAV Warning: Accepting inputs again (last line repeats many many times ...) LibClamAV Warning: Accepting inputs again Tue May 17 17:13:05 2005 - SelfCheck: Database status OK. Tue May 17 17:13:06 2005 - /tmp/clamav-135326ee7c681aaa/msg.yzNKKB: Worm.SomeFool.P FOUND Checking the mail log between 3:35 PM and 5:13 PM reveals that all incoming mail was tempfailed during that time (luckily I have another MX which was accepting mail though it is configured identically :-?) I'm using both clamav-milter and MIMEDefang (which prints directly to clamd.sock) This behavior is new as of 0.85.1 What could I be doing wrong and how do I fix it? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clmilter - out of memory with current cvs
i have recently run into a clmilter problem causing sendmail to crash out with an out of memory exception (cannot allocate memory). a quick look around on google comes up with a few hits but no clear solutions This has occurred after an upgrade to the most recent gentoo ebuild for clamav, and was working for months prior to the upgrade. I have also tried the latest cvs snapshot tarball and encountered the same error. if I remove the milter, sendmail starts working again :) Any tips would be helpful :) Cheers, Elliot. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd reload causing mail server to tempfail
On Wed, 18 May 2005 [EMAIL PROTECTED] wrote: Tue May 17 15:35:10 2005 - Reading databases from /usr/local/share/clamav Tue May 17 15:35:10 2005 - Database correctly reloaded (34417 viruses) LibClamAV Warning: Not reloading database until idle - waiting for 2 children LibClamAV Warning: Waiting for 1 children until databae reload LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Waiting for 0 children until databae reload LibClamAV Warning: Accepting inputs again Tue May 17 17:13:05 2005 - SelfCheck: Database status OK. Tue May 17 17:13:06 2005 - /tmp/clamav-135326ee7c681aaa/msg.yzNKKB: Worm.SomeFool.P FOUND Wait, so the problem fixed itself after 1.75 hours? That's *very* interesting. (I don't think anyone has waited it out before, so it wasn't known that it could fix itself.) Could you tell us how you're running clamav-milter? Specifically, I'd like to know if you're using --external and your --max-children setting. Also, do you often hit the --max-children setting? I suspect that the bug occurs when reloading the database when max_children is hit, though that hasn't been proven yet. Perhaps increasing its value will help? If you're using --external, also post the uncommented lines of your clamd.conf, since it's possible the problem could be with clamd itself. This behavior is new as of 0.85.1 Actually it's new as of 0.84. Check the archives. Unfortunately nobody has been able to spot the bug in the code. (I've personally spent several hours looking for it.) Until this bug gets squashed, you might want to run my clmilter_watch program [0], which can verify that clamav-milter is accepting inputs and restart it if necessary. You might also consider changing how sendmail treats milter failures (you could have it pass the mail through unscanned, for example), though that depends on local conditions (number of windows machines, gullibility of users, etc). Certainly *do* post if it happens again, and if you get any more information. There are at least 5 people on this list who are very concerned about this issue. [0] http://www.itg.uiuc.edu/itg_software/clmilter_watch/ Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamd reload causing mail server to tempfail
Damian Menscher wrote: On Wed, 18 May 2005 [EMAIL PROTECTED] wrote: LibClamAV Warning: Not reloading database until idle - waiting for 2 children Could you tell us how you're running clamav-milter? Specifically, I'd like to know if you're using --external and your --max-children setting. Also, do you often hit the --max-children setting? I suspect that the bug occurs when reloading the database when max_children is hit, though that hasn't been proven yet. Perhaps increasing its value will help? in /etc/rc.d/rc.clamav: /usr/local/sbin/clamd sleep 2 /usr/local/bin/freshclam -d /usr/local/sbin/clamav-milter -Cfq /var/run/clamav/milter.sock in /etc/clamd.conf: LogFile /var/log/clamav/clamd.log LogTime LogSyslog PidFile /var/run/clamav/clamd.pid LocalSocket /var/run/clamav/clamd.sock FixStaleSocket MaxThreads 50 User clamav ScanMail ScanHTML ScanArchive ArchiveMaxFileSize 100M ArchiveMaxRecursion 8 ArchiveBlockEncrypted in /etc/freshclam.conf: UpdateLogFile /var/log/clamav/freshclam.log PidFile /var/run/clamav/freshclam.pid DatabaseOwner clamav DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.us.clamav.net DatabaseMirror database.clamav.net Checks 24 NotifyClamd -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Exclude extension from scanning
Hello, I upgraded my clamv ClamAV 0.85.1/886/Wed May 18 12:32:36 2005 But the problem is not resolved qmail/simscan/1116416733.717518.2973/AKQLCI35.zip: Input/Output error ERROR qmail/simscan/1116416781.176909.3110/AKQLCI35.FM6: Input/Output error ERROR Any ideas? -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Trog Enviado el: dimecres, 18 / maig / 2005 13:32 Para: ClamAV users ML Asunto: RE: [Clamav-users] Exclude extension from scanning On Wed, 2005-05-18 at 13:28 +0200, David wrote: But, if i need to exclude an extension. How i do it? Use --exclude, easy when you read the manual. -trog ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Exclude extension from scanning
Excuse, but i read the manual and the --exclude option is not present in the clamd. Thanx -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Trog Enviado el: dimecres, 18 / maig / 2005 13:32 Para: ClamAV users ML Asunto: RE: [Clamav-users] Exclude extension from scanning On Wed, 2005-05-18 at 13:28 +0200, David wrote: But, if i need to exclude an extension. How i do it? Use --exclude, easy when you read the manual. -trog ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re:Clam AV allows e-mail from www.webmail.us/testvirus through?
On my system, only #24 and #25 make it through ... both of which don't have a test virus in them :) -- Ken Jones What is stopping #5 #17 in your configuration ? Is it clamd or somethingelse ? My config : messagewall, clamdmail, clamd, spamd and numbers 5,17, 24 and 25 are getting trough :-( Stefaan I use mimedefang with clamd, and got 5, 8, 19, 22, and 23 all the way through 25 got through, partially... MIMEDefang stripped off the attachment, but the message came through. any hints on how to firm that up a bit? -- Frank Barton Starwolf.biz Systems Administrator www.starwolf.biz/~pauling (My Key is linked there.) pgpqKwjc7KlZN.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamd reload causing mail server to tempfail
Matthew.van.Eerde wrote: Damian Menscher wrote: On Wed, 18 May 2005 [EMAIL PROTECTED] wrote: LibClamAV Warning: Not reloading database until idle - waiting for 2 children Could you tell us how you're running clamav-milter? Specifically, I'd like to know if you're using --external /usr/local/sbin/clamav-milter -Cfq /var/run/clamav/milter.sock Changed this to /usr/local/sbin/clamav-milter -eCfq /var/run/clamav/milter.sock Will advise -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Sober.P sidebar topic
On Wednesday, May 18, 2005, at 04:25 pm, Dennis Peterson wrote: We had one IP attempting to get in for quite a while (194.55.159.7) last night. Probably not worth blocking in the packet filter. If a pattern shows up I'll consider blocking IP ranges. Look for sshmonitor recently posted to alt.sources. Useful as a template for your needs. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Exclude extension from scanning
On Wed, 18 May 2005 18:56:23 +0200 David [EMAIL PROTECTED] wrote: Hello, I upgraded my clamv ClamAV 0.85.1/886/Wed May 18 12:32:36 2005 But the problem is not resolved qmail/simscan/1116416733.717518.2973/AKQLCI35.zip: Input/Output error ERROR qmail/simscan/1116416781.176909.3110/AKQLCI35.FM6: Input/Output error ERROR Any ideas? Search the archives for how to properly upgrade ClamAV. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed May 18 21:48:23 CEST 2005 pgpaiXzFYMziH.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html