[Clamav-users] ClamAv
Hello, I have installad ClamAV over apt.get on a debian sarge system. I have made this: apt-get install clamav clamav-freshclam clamav-daemon usermod -G Debian-exim clamav /etc/init.d/clamav-daemon restart So is that correct, how can i test it? Or must i configure more? How does freshclam updates the virus definitions? Must i add a link to the virusdatabse and make a cronjob? Thanks for the help Marcus _ Die neue MSN Suche Toolbar mit Windows-Desktopsuche. Suchen Sie gleichzeitig im Web, Ihren E-Mails und auf Ihrem PC! Jetzt neu! http://desktop.msn.de/ Jetzt gratis downloaden! ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] what is the default port that clamav (clamd) runs on
Should you ever come back to visit this list you'll learn that everything you need to know about this can be found in your clamd.conf file. That leaves for you the challenge of finding that clamd.conf file. dp MM all. I feel like a twit, but here goes anyway. How the heck do you run clamd? Man pages suggest that I just type clamd, I get the following response: [EMAIL PROTECTED] ~]$ clamd -bash: clamd: command not found [EMAIL PROTECTED] ~]$ I honestly cant think of where else to turn, before I get asked the obvious clam is installed, when I type clamscan I get the following: [EMAIL PROTECTED] ~]$clamscan --- SCAN SUMMARY --- Known viruses: 40192 Engine version: 0.87 Scanned directories: 1 Scanned files: 13 Infected files: 0 Data scanned: 0.05 MB Time: 1.004 sec (0 m 1 s) [EMAIL PROTECTED] ~]$ When I try clamdscan it does this: [EMAIL PROTECTED] ~]$ clamdscan ERROR: Clamd is not configured properly. --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) [EMAIL PROTECTED] ~]$ Does this mean clamd is running? I had to copy the man page for clamd, from the calmav website, but the others, (clamscan, clamdscan, clamd.conf.) but no clamd This is extremely confusing, any assistance would be GREATLY appreciated. By the way, I'm replying to this message, because clamd.conf man page, said clamd.conf was in /etc in my case I had to create it Many thanks in advance, God Bless, Grant. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] what is the default port that clamav (clamd) r uns on
-Original Message- From: Grant Basson [mailto:[EMAIL PROTECTED] Sent: 28 November 2005 11:08 To: 'ClamAV users ML' Subject: RE: [Clamav-users] what is the default port that clamav (clamd) runs on I feel like a twit, but here goes anyway. How the heck do you run clamd? Man pages suggest that I just type clamd, I get the following response: [EMAIL PROTECTED] ~]$ clamd -bash: clamd: command not found [EMAIL PROTECTED] ~]$ I honestly cant think of where else to turn, before I get asked the obvious clam is installed, when I type clamscan I get the following: ./configure --help By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] i.e. default installation is /usr/local (the bin/ sbin/ lib/ etc.) At a guess /usr/local/sbin isn't in your PATH... as thats where system executables (like clamd) are installed. Ken ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] what is the default port that clamav (clamd) runs on
./configure --help By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] i.e. default installation is /usr/local (the bin/ sbin/ lib/ etc.) At a guess /usr/local/sbin isn't in your PATH... as thats where system executables (like clamd) are installed. Ken Ken, thanks a lot, but no joy... :( I installed from an RPM, I tried the following: [EMAIL PROTECTED] grant]# which clamscan /usr/bin/clamscan [EMAIL PROTECTED] grant]# ls /usr/bin/ | grep clam clamav-config clamdscan clamscan freshclam [EMAIL PROTECTED] grant]# Is it possible that clamd wasn't installed? Thanks for your response... :) Grant. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv
On Mon, Nov 28, 2005 at 11:04:37AM +, Markus Braun said: Hello, I have installad ClamAV over apt.get on a debian sarge system. I have made this: apt-get install clamav clamav-freshclam clamav-daemon usermod -G Debian-exim clamav /etc/init.d/clamav-daemon restart So is that correct, how can i test it? Or must i configure more? How does freshclam updates the virus definitions? Must i add a link to the virusdatabse and make a cronjob? dpkg-reconfigure clamav-freshclam dpkg-reconfigure clamav-base Will do most of the work for you. Take care, -- -- | Stephen Gran | Love America -- or give it back.| | [EMAIL PROTECTED] | | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] what is the default port that clamav (clamd) runs on
On Mon, Nov 28, 2005 at 01:49:12PM +0200, Grant Basson said: ./configure --help By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] i.e. default installation is /usr/local (the bin/ sbin/ lib/ etc.) At a guess /usr/local/sbin isn't in your PATH... as thats where system executables (like clamd) are installed. Ken Ken, thanks a lot, but no joy... :( I installed from an RPM, I tried the following: [EMAIL PROTECTED] grant]# which clamscan /usr/bin/clamscan [EMAIL PROTECTED] grant]# ls /usr/bin/ | grep clam clamav-config clamdscan clamscan freshclam [EMAIL PROTECTED] grant]# Is it possible that clamd wasn't installed? Thanks for your response... :) Look in /usr/sbin/ - it presumablyisn't on your path as a user, so it isn;t found. Generally speaking, clamd is run as a daemon on system startup, and you won't need to do much manually after that. There are init scripts provided for RH, so I would start with seeing if they work for, and checking your config file and so forth. -- -- | Stephen Gran | Ogden's Law: The sooner you fall | | [EMAIL PROTECTED] | behind, the more time you have to catch | | http://www.lobefin.net/~steve | up. | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] what is the default port that clamav (clamd) runson
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Basson Sent: 28 November 2005 01:49 PM To: 'ClamAV users ML' Subject: RE: [Clamav-users] what is the default port that clamav (clamd) runson ./configure --help By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] i.e. default installation is /usr/local (the bin/ sbin/ lib/ etc.) At a guess /usr/local/sbin isn't in your PATH... as thats where system executables (like clamd) are installed. Ken Ken, thanks a lot, but no joy... :( I installed from an RPM, I tried the following: [EMAIL PROTECTED] grant]# which clamscan /usr/bin/clamscan [EMAIL PROTECTED] grant]# ls /usr/bin/ | grep clam clamav-config clamdscan clamscan freshclam [EMAIL PROTECTED] grant]# Is it possible that clamd wasn't installed? Thanks for your response... :) Grant. By the way: [EMAIL PROTECTED] grant]# clamscan -V ClamAV 0.87/1082/Wed Sep 14 17:22:17 2005 [EMAIL PROTECTED] grant]# ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv
dpkg-reconfigure clamav-freshclam dpkg-reconfigure clamav-base I have installed these packages: apt-get install clamav clamav-freshclam clamav-daemon but clamav is not active. How can i check this? The eicar testfile comes into my mailbox. :-( But in the exim4 reject.log, is some info that he is rejecting it. marcus _ Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! http://desktop.msn.de/ Jetzt gratis downloaden! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] what is the default port that clamav (clamd) runs on
Grant Basson wrote: [..] I had to copy the man page for clamd, from the calmav website, but the others, (clamscan, clamdscan, clamd.conf.) but no clamd This is extremely confusing, any assistance would be GREATLY appreciated. By the way, I'm replying to this message, because clamd.conf man page, said clamd.conf was in /etc in my case I had to create it Look at mailing list archive for solution. pk ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] what is the default port that clamav (clamd) runs on
Grant Basson said: ./configure --help By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] i.e. default installation is /usr/local (the bin/ sbin/ lib/ etc.) At a guess /usr/local/sbin isn't in your PATH... as thats where system executables (like clamd) are installed. Ken Ken, thanks a lot, but no joy... :( I installed from an RPM, I tried the following: [EMAIL PROTECTED] grant]# which clamscan /usr/bin/clamscan [EMAIL PROTECTED] grant]# ls /usr/bin/ | grep clam clamav-config clamdscan clamscan freshclam [EMAIL PROTECTED] grant]# Is it possible that clamd wasn't installed? Thanks for your response... :) Grant. Try looking in /usr/local/sbin and /usr/sbin. If you install from an rpm anything is possible. Because the rpm creator did not use the ClamAV defaults nor update the documentation to help you find the peices, I'd suggest removing that rpm and then build from source. I'd also suggest you write down the locations of the various components you install so you can find them later. Or find an rpm that is properly built and documented. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] what is the default port that clamav (clamd) runs on
On Monday 28 Nov 2005 11:08, Grant Basson wrote: Should you ever come back to visit this list you'll learn that everything you need to know about this can be found in your clamd.conf file. That leaves for you the challenge of finding that clamd.conf file. dp MM all. I feel like a twit, but here goes anyway. How the heck do you run clamd? Man pages suggest that I just type clamd, I get the following response: [EMAIL PROTECTED] ~]$ clamd -bash: clamd: command not found you need the full path probably find it with which clamd to see if it's running ps ax | grep clamd netstat -ap | grep clamd if you installed from the tarball, clamav will most likely be installed under /usr/local I honestly cant think of where else to turn, before I get asked the obvious clam is installed, when I type clamscan I get the following: [EMAIL PROTECTED] ~]$clamscan --- SCAN SUMMARY --- Known viruses: 40192 Engine version: 0.87 Scanned directories: 1 Scanned files: 13 Infected files: 0 Data scanned: 0.05 MB Time: 1.004 sec (0 m 1 s) [EMAIL PROTECTED] ~]$ When I try clamdscan it does this: [EMAIL PROTECTED] ~]$ clamdscan ERROR: Clamd is not configured properly. --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) [EMAIL PROTECTED] ~]$ Does this mean clamd is running? I had to copy the man page for clamd, from the calmav website, but the others, (clamscan, clamdscan, clamd.conf.) but no clamd This is extremely confusing, any assistance would be GREATLY appreciated. By the way, I'm replying to this message, because clamd.conf man page, said clamd.conf was in /etc in my case I had to create it Many thanks in advance, God Bless, Grant. ___ http://lurker.clamav.net/list/clamav-users.html -- - Bob Hutchinson Midwales dot com - ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] what is the default port that clamav (clamd) runs on
Try looking in /usr/local/sbin and /usr/sbin. If you install from an rpm anything is possible. Because the rpm creator did not use the ClamAV defaults nor update the documentation to help you find the peices, I'd suggest removing that rpm and then build from source. I'd also suggest you write down the locations of the various components you install so you can find them later. Or find an rpm that is properly built and documented. dp Thanks... but no joy: [EMAIL PROTECTED] grant]# ls /usr/local/sbin/ | grep clam [EMAIL PROTECTED] grant]# [EMAIL PROTECTED] grant]# ls /usr/sbin/ | grep clam [EMAIL PROTECTED] grant]# But thanks... gonna get the source... know any South African mirrors? Many thanks, Grant ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv
On Mon, Nov 28, 2005 at 12:00:25PM +, Markus Braun said: I have installed these packages: apt-get install clamav clamav-freshclam clamav-daemon but clamav is not active. How can i check this? What does this mean? Not running, or not magically integrated with your MTA? ps -u clamav will tell you what processes are running as user clamav. If clamd and freshclam are not listed in the output, I will be very surprised. On the other hand, if you mean they're not magically integrated with your MTA, then the answer is of course they're not. Read /usr/share/doc/clamav-daemon/README.Debian.gz and look for instructions on how to integrate clamav with your MTA. The eicar testfile comes into my mailbox. :-( But in the exim4 reject.log, is some info that he is rejecting it. Again, not sure what you mean here - exim is rejecting a message with eicar, and yet delivering it anyway? That makes no sense. -- -- | Stephen Gran | On-line, adj.: The idea that a human | | [EMAIL PROTECTED] | being should always be accessible to a | | http://www.lobefin.net/~steve | computer. | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv
What does this mean? Not running, or not magically integrated with your MTA? ps -u clamav will tell you what processes are running as user clamav. If clamd and freshclam are not listed in the output, I will be very surprised. sorry for my bad english. So Clamd and freshclam is runnning as user clamav. Again, not sure what you mean here - exim is rejecting a message with eicar, and yet delivering it anyway? That makes no sense. yes, he delivered it in my mailbox. but i cant understand why? This is in the reject.log of exim4: 2005-11-28 08:35:33 H=(XXX.XXX.XXX.XXX) [219.133.174.71] rejected EHLO or HELO 80.XXX.145.XXX: Dropped spammer pretending to be us 2005-11-28 12:49:57 1EghW9-0001Kd-Mb H=mail.fluns.com (www.declude.com) [63.246.13.85] F=[EMAIL PROTECTED] rejected after DATA: This message contains an unwanted file extension (com) Envelope-from: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] P Received: from mail.fluns.com ([63.246.13.85] helo=www.declude.com) by dXXX-XXX-XXX-XXX.dds.hosteurope.de with smtp (Exim 4.50) id 1EghW9-0001Kd-Mb for [EMAIL PROTECTED]; Mon, 28 Nov 2005 12:49:57 +0100 X-Web-Originating-IP: 193.28.100.68 I Message-Id: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 02 Nov 2000 20:23:17 -0500 F From: WebMaster [EMAIL PROTECTED] T To: User [EMAIL PROTECTED] Subject: Test eicar.com file [eicarplain] Mime-Version: 1.0 Content-Type: multipart/mixed; BounDary==_307115168==_ But in my (/etc/exim4/vexim-acl-check-content.conf i have this part: # Reject virus infested messages. warn message = This message contains malware ($malware_name) malware = * log_message = This message contains malware ($malware_name) So he dont warn me :-( any idea? marcus _ Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! http://desktop.msn.de/ Jetzt gratis downloaden! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv
On Mon, Nov 28, 2005 at 01:26:04PM +, Markus Braun said: What does this mean? Not running, or not magically integrated with your MTA? ps -u clamav will tell you what processes are running as user clamav. If clamd and freshclam are not listed in the output, I will be very surprised. sorry for my bad english. So Clamd and freshclam is runnning as user clamav. Again, not sure what you mean here - exim is rejecting a message with eicar, and yet delivering it anyway? That makes no sense. yes, he delivered it in my mailbox. but i cant understand why? This is in the reject.log of exim4: [63.246.13.85] F=[EMAIL PROTECTED] rejected after DATA: This message contains an unwanted file extension (com) A file was rejected because it had the extension .com, not because of viral content. But in my (/etc/exim4/vexim-acl-check-content.conf i have this part: # Reject virus infested messages. warn message = This message contains malware ($malware_name) malware = * log_message = This message contains malware ($malware_name) So he dont warn me :-( The warn directive adds a log message, or a header (if used as message = X-virus: yes or some such) It does not reject mail or impede mail flow in any way. Look in your logs - do you see a line with the above warning? Take a look at /usr/share/doc/exim4-base/spec.txt.gz for details of what the various directives mean. It sounds at the moment like you are hoping for a different behavior than you have configured from your MTA, so I would start with making sure the MTA is properly configured. If you look through the docs in the exim4-base directory, there are several that point to Debian-specific sources of information, such as mailing lists and on-line documetnation. I would start there, and return here if clamav does not work as expected after you are sure the MTA integration is correct. Take care, -- -- | Stephen Gran | In those days he was wiser than he is | | [EMAIL PROTECTED] | now -- he used to frequently take my| | http://www.lobefin.net/~steve | advice. -- Winston Churchill | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] W32.Sober.X
Hello, Some of my users have been receiving this virus. http://www.sophos.com/virusinfo/analyses/w32soberx.html Is there an update for this? I have checked the database and this is not mentioned. Unfortunately I do not have a example as it was neutralised/deleted by other AntiVirus software. Regards /Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Information about Virus Sober.Y
On 11/25/05, Richard Pijnenburg [EMAIL PROTECTED] wrote: Okay, So if i understand you correctly, Sober.Y == Sober.U ? Viruses mutate frequently, and different vendors give different names to viruses as they get ahold of samples. And, there's no strict line between versions; one program might identify two samples as being two different Sober variants; another program might call them both the same variant. THere's *no way* to tell for sure whether your program's Sober Y is Clamav's Sober.U without catching a live sample. There are a couple of folks out there trying to keep track of names between antivirus programs (check the list archives), but it's pretty much an uphill battle. Other than knowing that somefool == Netsky, I don't bother. If your problem is that some live viruses are getting through, and you've got the latest clamav and defs installed, snag a live copy and follow the instructions for uploading it at www.clamav.net . cheers Betsy PS before submitting a sample, take the simple step of updating your definitions and emailing it back to yourself. The definitions are updated so frequently that you may find something that got through yesterday is blocked today. It doesn't happen often but every once in a while McAffee or Symantec beats ClamAV to the punch for a new variant by a few hours. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Exploit IE CVE CAN-2005-1790
Elizabeth Schwartz wrote: On 11/23/05, Cedric Foll [EMAIL PROTECTED] wrote: is it possible to have a clamav signature for the exploit ? Proof of conecpt here: http://www.computerterrorism.com/research/ie/poc.htm I dunno about anyone else here , but I haven't heard of this site and I really, REALLY don't want to click on whatever that is. Want to provide some more detail? Hi, It is the Internet Explorer JavaScript Window() Remote Code Execution proof of concept. I'm pretty sure you can not make a signature for that exploit. The site in this case is just sees if your IE is vulnerable and if so launches calc.exe lynx is your friend with suspicious URL's Regards, Rick ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Exploit IE CVE CAN-2005-1790
Elizabeth Schwartz wrote: On 11/23/05, Cedric Foll [EMAIL PROTECTED] wrote: is it possible to have a clamav signature for the exploit ? Proof of conecpt here: http://www.computerterrorism.com/research/ie/poc.htm I dunno about anyone else here , but I haven't heard of this site and I really, REALLY don't want to click on whatever that is. Want to provide some more detail? It's Secunia's top-ranking vulnerability at the moment: http://secunia.com/advisories/15546/ http://secunia.com/ -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] what is the default port that clamav (clamd) runs on
Grant Basson wanted us to know: Should you ever come back to visit this list you'll learn that everything you need to know about this can be found in your clamd.conf file. That leaves for you the challenge of finding that clamd.conf file. I feel like a twit, but here goes anyway. How the heck do you run clamd? Man pages suggest that I just type clamd, I get the following response: [EMAIL PROTECTED] ~]$ clamd -bash: clamd: command not found It's not in the path for user grant. There should be a super user on your system that will have that binary in the path. [EMAIL PROTECTED] ~]$ clamdscan ERROR: Clamd is not configured properly. Does this mean clamd is running? No. It probably also means that it is definitely not running. This is extremely confusing, any assistance would be GREATLY appreciated. By the way, I'm replying to this message, because clamd.conf man page, said clamd.conf was in /etc in my case I had to create it There are some basic system administration issues that you probably will learn over the course of getting this to work. -- Regards... Todd we're off on the usual strange tangents. next will be whether it is ethical to walk in your neighbor's open house if they're running ipv6:-). --Randy Bush Linux kernel 2.6.12-12mdksmp 3 users, load average: 2.72, 2.57, 2.46 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] what is the default port that clamav (clamd) runs on
Todd Lyons wrote: Grant Basson wanted us to know: Should you ever come back to visit this list you'll learn that everything you need to know about this can be found in your clamd.conf file. That leaves for you the challenge of finding that clamd.conf file. I feel like a twit, but here goes anyway. How the heck do you run clamd? Man pages suggest that I just type clamd, I get the following response: [EMAIL PROTECTED] ~]$ clamd -bash: clamd: command not found Its also very possible that the package you installed is broken out into multiple rpm's and you didnt install the 'server' rpm so your clamd binary is missing. It's not in the path for user grant. There should be a super user on your system that will have that binary in the path. [EMAIL PROTECTED] ~]$ clamdscan ERROR: Clamd is not configured properly. Does this mean clamd is running? No. It probably also means that it is definitely not running. This is extremely confusing, any assistance would be GREATLY appreciated. By the way, I'm replying to this message, because clamd.conf man page, said clamd.conf was in /etc in my case I had to create it the rpm should create the clamd.conf so if you dont have one, it seems to verify what i said above. Check to make sure you have a clamd binary on your system. If its not there at all, check to make sure the package you installed doesnt have a server rpm which was missed during installation. -Jim ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Mytob virus detected as Broken.Executable?
Hello, we got reports that several emails carrying the Mytob virus (W32/[EMAIL PROTECTED] as reported by F-Prot) slipped through our ClamAV installation (0.87.1, latest virus database 34/1197). We managed to get a copy of an infected message and submitted it to the ClamAV Virus Database where it was recognised as Broken.Executable. We are using the default values, more or less, for the scanning options in our clamav-milter/clamd installation and thus DetectBrokenExecutables was disabled by default. Any opinions regarding the DetectBrokenExecutables option? Could we or should we enable it? And if so, why is it disabled by default? The infected message can be found at: http://noc.ntua.gr/~christia/tmp/message Regards, Panagiotis http://noc.ntua.gr/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Mytob virus detected as Broken.Executable?
We are using the default values, more or less, for the scanning options in our clamav-milter/clamd installation and thus DetectBrokenExecutables was disabled by default. Any opinions regarding the DetectBrokenExecutables option? Could we or should we enable it? And if so, why is it disabled by default? Disabled by default because it is harmless and cannot infect anything. Some AV companies like to detect them as a virus because it ups their detection amount. I doubt that ClamAV is concerned about it. I have mine enabled, because my users cannot tell the difference between a real virus and a broken one. Even when the dialog box is telling them. I find it easier to rid the system of them right upfront rather than put up with users crying that their system is infected. = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca --- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv
Markus Braun said: [whackage happened] Hi, i looked at the Readme.DEbian and found this here: To enable clamav in the Debian exim4 packages, add av_scanner = clamd:/var/run/clamav/clamd.ctl (or if you've chosen tcp sockets) av_scanner = clamd:127.0.0.1 3310 to the main configuration settings (a new file under /etc/exim4/conf.d/main/ if split config is being used) Then add the following to your data time acl: deny message = This message contains a virus: ($malware_name) please scan your system. demime = * malware = * I have addes this lines to my configuration, but the ZIP Eicar testfile comes directly in my mailbox, but i think some other virus mails are blocked. This is some text of the rejectlog: Can i test it with another virust test string? A possible problem, I suppose, is that you're testing from a local account and your system is not set up to scan mail from local accounts. Crazier things have happened. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Text of email not scanned.
On 29/11/05, PBR [EMAIL PROTECTED] wrote: Done all this. Clamscan reports the eicar test string if I scan the eicar file from the command line, finds it if the file is an attachment. But not inside an email meeting all the above requirements. How are you integrating clamav with your mail server? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html