[Clamav-users] Web Site Authentication Prior to VirusDB download
The company I work for has implemented a firewall that only allows certain activity through it. I have requested that the user agent string "clamav/*" be allowed to communicate with the internet. The request has been refused because of security concerns. The approving authority is concerned that there does not appear to be any way of verifying that the web site the database is being downloaded from is the official site. The authority would like to see either a way of supplying a user id and password for authentication to the site or an exchange of SSLv2 keys. With the current clamav software is authentication possible? Robert D. Setterlund Federal Reserve Bank of Boston 600 Atlantic Ave., Boston, MA, 02106 (617) 973-3374 [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
On Thu, 2 Feb 2006, [EMAIL PROTECTED] wrote: > The company I work for has implemented a firewall that only allows certain > activity through it. I have requested that the user agent string > "clamav/*" be allowed to communicate with the internet. The request has > been refused because of security concerns. The approving authority is > concerned that there does not appear to be any way of verifying that the > web site the database is being downloaded from is the official site. The The virus db file is signed, that is how it maintains integrity. The official sites could be compromised, using that as your check is someone of false security. However there is no 'official' site, there is an every growing and changing system of mirrors. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
On Thu, 2 Feb 2006, [EMAIL PROTECTED] wrote: ; The company I work for has implemented a firewall that only allows certain ; activity through it. I have requested that the user agent string ; "clamav/*" be allowed to communicate with the internet. The request has ; been refused because of security concerns. The approving authority is ; concerned that there does not appear to be any way of verifying that the ; web site the database is being downloaded from is the official site. The ; authority would like to see either a way of supplying a user id and ; password for authentication to the site or an exchange of SSLv2 keys. With ; the current clamav software is authentication possible? There is a new option in the CVS version which allows you to change the user agent string to something already allowed by the filters.. not necessarily the way to solve it but it would work! A. ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 100% CPU clamav samba-vscan thunderbird
Hi guys environment: Debian Sarge 3.1 samba3.0.14a-3sarge clamav-daemon 0.88-0volatile vscan-samba 3.0.6b When I test w/ eicar w/samba or w/ clamscan it works like a charm, but when I tried to look at thunderbird mail at [ home] in samba, CPU increase till 100%. This problem only occurs when any user tries to read/receive an email. Any clues about it? Am I asking at the right list? openantivir list is out.. thanks in advance -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta é uma parte de mensagem assinada digitalmente ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.88 upgrade failed on ubuntu
Hi everybody, I am running Ubuntu Breezy. I have tried to upgrade ClamAV to 0.88 form 0.87 through Synaptic, but the (needed) libgmp3 has been renamed by Ubuntu people to libgmp3c2. Is there anything I can do to resolve the dependence? Best regards marco ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paulo Ricardo Bruck wrote: > Hi guys > > environment: > > Debian Sarge 3.1 > samba3.0.14a-3sarge > clamav-daemon 0.88-0volatile > vscan-samba 3.0.6b > > When I test w/ eicar w/samba or w/ clamscan it works like a charm, but > when I tried to look at thunderbird mail at [ home] in samba, CPU > increase till 100%. > This problem only occurs when any user tries to read/receive an email. > > Any clues about it? Am I asking at the right list? > > openantivir list is out.. > > thanks in advance Hi, This is probably because of your settings for vscan-samba. Here are my settings, although you may have to tweak things to get performance up. You could also try setting one of the 'scan on open' / 'close' flags to no to see if that suites your needs. - --- in samba-vscan.conf --- max file size = 8388608 ; 8M - You could also try the 0.40 snapshot for samba-vscan-clamav. I have a copy in my RPM. http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-2.fc1.src.rpm You probably are using IMAP or a huge inbox, try the max file size limit first. Let me know, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4jUskNLDmnu1kSkRAhz7AJoCOVM4rLQniso8mKhNGnFehgnzJgCeOry+ 9j6P1AhPNpPtAmolf0ikpX0= =4pWV -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88 upgrade failed on ubuntu
Marco Bisi wrote: > Hi everybody, > > I am running Ubuntu Breezy. > I have tried to upgrade ClamAV to 0.88 form 0.87 through Synaptic, but > the (needed) libgmp3 has been renamed by Ubuntu people to libgmp3c2. Is > there anything I can do to resolve the dependence? > > Best regards > > marco Ciao Marco, you should really send a bug report to your package maintainer. Meanwhile you may consider compiling ClamAV yourself. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.88 upgrade failed on ubuntu
On Thu, Feb 02, 2006 at 05:33:45PM +0100, Marco Bisi said: > Hi everybody, > > I am running Ubuntu Breezy. > I have tried to upgrade ClamAV to 0.88 form 0.87 through Synaptic, but > the (needed) libgmp3 has been renamed by Ubuntu people to libgmp3c2. Is > there anything I can do to resolve the dependence? Mixing and matching apt repositories works about as well as mixing and matching rpm repositories - in other words, it doesn't. I suggest downloading the packages for 0.88 from Debian, and rebuilding them on your ubuntu machine. The binary debs you get will then be built against the ubuntu versions of the libraries. -- -- | Stephen Gran | Insanity is the final defense ... It's | | [EMAIL PROTECTED] | hard to get a refund when the salesman | | http://www.lobefin.net/~steve | is sniffing your crotch and baying at | || the moon. | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamscan and tar
Hello, I have a problem to understand the report of clamscan tool applied on a tar file : ll /tmp/baert.tar (~250MB) -rw-rw-r-- 1 backuppc backuppc 282142720 Feb 2 17:55 /tmp/baert.tar when I untar the file /tmp/baert.tar and scan the dirs/files : + [EMAIL PROTECTED] fff]$ clamscan -i -r Local\ Settings/ Local Settings/Temp/ICD3.tmp/MediaTicketsInstaller.ocx: Trojan.Downloader.Mediatickets-3 FOUND Local Settings/Temp/ICD5.tmp/MediaTicketsInstaller.ocx: Trojan.Downloader.Mediatickets-3 FOUND Local Settings/Temp/ICD4.tmp/MediaTicketsInstaller.ocx: Trojan.Downloader.Mediatickets-3 FOUND Local Settings/Temp/ICD2.tmp/MediaTicketsInstaller.ocx: Trojan.Downloader.Mediatickets-3 FOUND Local Settings/Temp/ICD1.tmp/MediaTicketsInstaller.ocx: Trojan.Downloader.Mediatickets-3 FOUND --- SCAN SUMMARY --- Known viruses: 42108 Engine version: 0.88 Scanned directories: 85 Scanned files: 2411 Infected files: 5 Data scanned: 249.91 MB Time: 50.934 sec (0 m 50 s) + if I scan directly the tar file : + clamscan /tmp/baert.tar LibClamAV Error: cli_untar: only standard TAR files are currently supported /tmp/baert.tar: Trojan.Downloader.Mediatickets-3 FOUND --- SCAN SUMMARY --- Known viruses: 42108 Engine version: 0.88 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 25.62 MB Time: 5.589 sec (0 m 5 s) + If I scan directly the tar file with the devel engine : + [clamav-devel-latest]# clamscan/clamscan /tmp/baert.tar /tmp/baert.tar: Trojan.Downloader.Mediatickets-3 FOUND --- SCAN SUMMARY --- Known viruses: 42108 Engine version: devel-20060202 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.51 MB Time: 2.427 sec (0 m 2 s) + Somebody can explain me the output... why the 'Data scanned' are so different ? must I untar the archive before analyse it ? must I use the devel version to analyse a tar file ? thank in advance regards jmb -- --- Dr Ir Jean-Michel Beuken | University of Louvain-La-Neuve Computer Scientist| CISM, Bat P. Curie UCL PowerComputing Manager| 1, Rue du Compas | 1348 Louvain-La-Neuve | BELGIUM --- Tel : +32 10473570 Fax : +32 10473452 HTTP://www.mapr.ucl.ac.be/~beuken --- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan and tar
Jean-Michel Beuken wrote: Hello, must I use the devel version to analyse a tar file ? The tar code in the CVS version does indeed support more versions of tar (gone are the old days when there was only one version). jmb -- Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Tutor, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] postfix with clamav
From: John Jolet <[EMAIL PROTECTED]> Reply-To: ClamAV users ML To: ClamAV users ML Subject: Re: [Clamav-users] postfix with clamav Date: Wed, 1 Feb 2006 21:34:36 -0600 On Feb 1, 2006, at 7:00 PM, Tom Lee wrote: Hello, To get postfix work clamav on fedora 4, I installed the following packages, clamav-lib-0.88-1.fc4 clamav-update-0.88-1.fc4 clamav-data-0.88-1.fc4 clamav-0.88-1.fc4 clamav-server-0.88-1.fc4 and clamsmtp-1.6-1.fc4.mf However, I have no clue if I need all of those packages and how to configure clamav to work with postfix? i'm not sure about those packages...too lazy to check my fc4 box :) however, i'm using amavis to call clam. you put amavis in as a transport, and uncomment the clam parts of amavis. amavis also calls spamassassin. amavis has not been updated for more than one year. is there a way to have clamav to configure to work with postfix with the change in configuration file? I searched the documentation and cannot find any thing useful. Tom any suggestions? Tom ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] postfix with clamav
Tom Lee wrote: > From: John Jolet <[EMAIL PROTECTED]> > > On Feb 1, 2006, at 7:00 PM, Tom Lee wrote: > > > > > I installed the following packages, > > > > > > clamav-lib-0.88-1.fc4 > > > clamav-update-0.88-1.fc4 > > > clamav-data-0.88-1.fc4 > > > clamav-0.88-1.fc4 > > > clamav-server-0.88-1.fc4 > > > > > > and > > > > > > clamsmtp-1.6-1.fc4.mf > > > > > > However, I have no clue if I need all of those packages and > > > how to configure clamav to work with postfix? > > > > i'm not sure about those packages...too lazy to check my fc4 box :) > > however, i'm using amavis to call clam. you put amavis in as a > > transport, and uncomment the clam parts of amavis. amavis also > > calls spamassassin. > > amavis has not been updated for more than one year. > is there a way to have clamav to configure to work with postfix with > the change in configuration file? > I searched the documentation and cannot find any thing useful. You probably want amavisd-new. That is the currently supported version. http://www.ijs.si/software/amavisd/ -- Bowie ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] postfix with clamav
amavis has not been updated for more than one year. is there a way to have clamav to configure to work with postfix with the change in configuration file? I searched the documentation and cannot find any thing useful. postfix can't work directly with clam. however, i hear good things about a program called "MailScanner". I'm setting up a gentoo box to test it. Don't discount amavis just because it hasn't been updated in over a year. it definately does work. And it's really not very hard to get working. ___ http://lurker.clamav.net/list/clamav-users.html
Re :Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird
Em Qui, 2006-02-02 às 12:00 -0500, [EMAIL PROTECTED] escreveu: > -- > > Message: 14 > Date: Thu, 02 Feb 2006 11:37:00 -0500 > From: James Kosin <[EMAIL PROTECTED]> > Subject: Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird > To: ClamAV users ML > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Paulo Ricardo Bruck wrote: > > Hi guys > > > > environment: > > > > Debian Sarge 3.1 > > samba3.0.14a-3sarge > > clamav-daemon 0.88-0volatile > > vscan-samba 3.0.6b > > > > When I test w/ eicar w/samba or w/ clamscan it works like a charm, but > > when I tried to look at thunderbird mail at [ home] in samba, CPU > > increase till 100%. > > This problem only occurs when any user tries to read/receive an email. > > > > Any clues about it? Am I asking at the right list? > > > > openantivir list is out.. > > > > thanks in advance > > Hi, > > This is probably because of your settings for vscan-samba. > Here are my settings, although you may have to tweak things to get > performance up. > > You could also try setting one of the 'scan on open' / 'close' flags to > no to see if that suites your needs. > > - --- in samba-vscan.conf --- > > max file size = 8388608 ; 8M > > - > > You could also try the 0.40 snapshot for samba-vscan-clamav. I have a > copy in my RPM. > http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-2.fc1.src.rpm > > You probably are using IMAP or a huge inbox, try the max file size limit > first. > no only using pop for users and all mailboxes are under 10Mb > Let me know, > James Kosin > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFD4jUskNLDmnu1kSkRAhz7AJoCOVM4rLQniso8mKhNGnFehgnzJgCeOry+ > 9j6P1AhPNpPtAmolf0ikpX0= > =4pWV > -END PGP SIGNATURE- > -- > Scanned by ClamAV - http://www.clamav.net > > Hi James Following your tips. I still have the same problem. Users trying to see mail by thunderbird takes 100% of CPU. if helps here my vscan.conf -- samba-vscan] max file size = 10485760 verbose file logging = yes scan on open = no scan on close = yes deny access on error = yes deny access on minor error = no send warning message = yes infected file action = quarantine quarantine directory = /var/log/virus-quarantine quarantine prefix = vir- max lru files entries = 100 lru file entry lifetime = 5 exclude file types = clamd socket name = /var/run/clamav/clamd.ctl libclamav max files in archive = 1000 libclamav max archived file size = 10485760 libclamav max recursion level = 5 -- -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta é uma parte de mensagem assinada digitalmente ___ http://lurker.clamav.net/list/clamav-users.html
Re: Re :Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paulo Ricardo Bruck wrote: <<-- Snip -->> Ok, Lets start again. (1) Is the mail being stored on a samba share? Eg: Thunderbird getting mail and putting it in mail-boxes that are on the server share. (2) Do you get any improvement if you temporarily turn off the samba-vscan? Just trying to see if this is with samba-vscan or the Thunderbird client itself. (3) Try lowering the max file size option. samba-vscan does have a performance hit associated with it. (4) Try excluding the mail-box files from being scanned. Thunderbird like almost all email clients, won't like the mail-box files disappearing on them. Had this problem many times especially with outlook. You don't need to scan twice; especially if you already have clamav-milter installed and running. Let me know, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4lzskNLDmnu1kSkRAniWAJ4hAH4tsDH7qFlpDiHhzer6nC990ACeIdyT nKe7uo9O5yKDTZDbSBGGQJY= =teFj -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
Dennis Davis wrote: Very useful. I started using these signatures on this University's mail servers on Monday. Appended below are the stats on the incoming crap they stopped yesterday (Tuesday). Virus Count - - Total 308 The total incoming virus count for yesterday was 512[1]. So these signatures account for some 60% of what was detected. Thanks for those stats :) I'm glad they seem to be working great. I've just done an sig update, increasing from 164 sigs to 199 sigs. Hopefully, they improve things a little more :) Cheers, Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
Apologies for wibbling in the group, but I don't appear to have the root message of this thread. Where might I obtain these unofficial signatures? Mark Dennis Davis wrote: >>From: Steve Basford <[EMAIL PROTECTED]> >>To: clamav-users@lists.clamav.net >>Date: Tue, 24 Jan 2006 20:49:03 + >>Subject: [Clamav-users] Unofficial Phishing Signatures >> >>There are already a number of great phishing signatures in ClamAV ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
Mark Twells wrote: Where might I obtain these unofficial signatures? http://www.sanesecurity.com/clamav/ Cheers, Steve ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Problem Upgrading to version 0.88 on HP-UX 10.20
Hi there - I have downloaded the source code for version 0.88 onto an HP-UX 10.20 system. After gunzipping and untarring the file, I run the configure script as a sudo user and it appears to finish without problem. When I run the make command, again as a sudo user, I get an Error exit code 1. The tail end of the make output is shown below: manager.c:505: warning: unreachable code at beginning of switch statement manager.c:568: warning: unreachable code at beginning of switch statement *** Error exit code 1 Stop. *** Error exit code 1 Stop. *** Error exit code 1 Stop. What do I need to do to correct this? Thanks. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
Mark Twells wrote: Apologies for wibbling in the group, but I don't appear to have the root message of this thread. Where might I obtain these unofficial signatures? From Steve Basford on 1/24/06: http://www.sanesecurity.com/clamav/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
The latest batch seems to include a number of false positives, so I had to revert. I don't want to submit private user data, but an example is the apparently legit report from eBay entitled "Changes to eBay User Agreement and Privacy Policy". Other issues include apparently legitimate communications between buyers and sellers. Jeffrey Moskot System Administrator [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Is CME officially supported/supporting ClamAV?
The only reason that I care is that when there is hew and cry over a massively destructive virus, I can point at my virus statistics and say "oh, our AV calls CME-24 'worm.vb9' - we've been blocking it for weeks." Then I don't have to worry about what name another group might give it, and the PHB's will leave me alone for a little while longer. has anyone ever noticed how much EXTRA work we sysadmins do for that reason alone? There's a lot of cycles spent, collectively, to prove to management what we already know. I've just been asked if we're scanning for tomorrow's outbreak alert and still have not found anything official. I've found in the mailing lists that CME-24 is synonymous with worm.vb-8 and worm.vb-9 but it took some digging. I know I for one would appreciate it if clamav participated in the CME naming conventions as it would save me a lot of time. I have yet to see so many AV vendors cooperate to this extent before. I've scanned several major vendor's websites for cme-24 and they all list among their aliases cme-24 in a prominent display. I don't really see the harm aside from Mitre conspiracies. Just my $.02 -eric ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: > I have downloaded the source code for version 0.88 onto an HP-UX 10.20 system. > After gunzipping and untarring the file, I > > run the configure script as a sudo user and it appears to finish without > problem. When I run the make command, again as > > a sudo user, I get an Error exit code 1. The tail end of the make output is > shown below: > > manager.c:505: warning: unreachable code at beginning of switch statement > manager.c:568: warning: unreachable code at beginning of switch statement > *** Error exit code 1 [snip] You are using an option in the compiler that causes warnings to be treated as errors, that is why this build failed. With gcc the option is -Werror, perhaps you did put that in CFLAGS or your envirnoment setting have it. HTH - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPideAACgkQL3NNweKTRgwztgCg2oQK5FARToP/aMceoQzAGmqG eaIAmwehuFc4Vy2uoirZln0KzLa/2gPA =GBmb -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] postfix with clamav
> >i'm not sure about those packages...too lazy to check my fc4 box :) > >however, i'm using amavis to call clam. you put amavis in as a > >transport, and uncomment the clam parts of amavis. amavis > also calls spamassassin. > > > > amavis has not been updated for more than one year. > is there a way to have clamav to configure to work with > postfix with the change in configuration file? > I searched the documentation and cannot find any thing useful. > As at least one other person has mentioned, you want amavisd-new, not amavis which is essentially defunct. Amavisd-new is updated as needed, with new functionality added based on community feedback, and has absolutely first rate support and an extremely knowledgeable group of folks on the mailing list. I highly recommend it, as does the author of The Book of Postfix, Ralf Hildebrandt. http://www.ijs.si/software/amavisd/ Amavisd-new also integrates with SpamAssassin, DCC, vipuls-razor, and others. Give it a shot. MrC ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
HI there -- I checked my .login and .cshrc files for any CLAGS reference, and there was none. I also checked the d.profile and profile files with the same result. Is there an option in the configure script that changes the gcc option? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of René Berber Sent: Thursday, February 02, 2006 4:13 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: > I have downloaded the source code for version 0.88 onto an HP-UX 10.20 system. > After gunzipping and untarring the file, I > > run the configure script as a sudo user and it appears to finish without > problem. When I run the make command, again as > > a sudo user, I get an Error exit code 1. The tail end of the make output is > shown below: > > manager.c:505: warning: unreachable code at beginning of switch statement > manager.c:568: warning: unreachable code at beginning of switch statement > *** Error exit code 1 [snip] You are using an option in the compiler that causes warnings to be treated as errors, that is why this build failed. With gcc the option is -Werror, perhaps you did put that in CFLAGS or your envirnoment setting have it. HTH - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPideAACgkQL3NNweKTRgwztgCg2oQK5FARToP/aMceoQzAGmqG eaIAmwehuFc4Vy2uoirZln0KzLa/2gPA =GBmb -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Is CME officially supported/supporting ClamAV?
I've just been asked if we're scanning for tomorrow's outbreak alert and still have not found anything official. I've found in the mailing lists that CME-24 is synonymous with worm.vb-8 and worm.vb-9 but it took some digging. I know I for one would appreciate it if clamav participated in the CME naming conventions as it would save me a lot of time. I have yet to see so many AV vendors cooperate to this extent before. I've scanned several major vendor's websites for cme-24 and they all list among their aliases cme-24 in a prominent display. I don't really see the harm aside from Mitre conspiracies. Just my $.02 tomorrow's outbreak alert? I don't see any harm either...just no value. Course, I have to admit that I frequently have friction with bosses that task me with things that really add no value to the enterprise. :) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] postfix with clamav
On Feb 2, 2006, at 3:23 PM, <[EMAIL PROTECTED]> wrote: i'm not sure about those packages...too lazy to check my fc4 box :) however, i'm using amavis to call clam. you put amavis in as a transport, and uncomment the clam parts of amavis. amavis also calls spamassassin. amavis has not been updated for more than one year. is there a way to have clamav to configure to work with postfix with the change in configuration file? I searched the documentation and cannot find any thing useful. As at least one other person has mentioned, you want amavisd-new, not amavis which is essentially defunct. Amavisd-new is updated as needed, with new functionality added based on community feedback, and has absolutely first rate support and an extremely knowledgeable group of folks on the mailing list. I highly recommend it, as does the author of The Book of Postfix, Ralf Hildebrandt. http://www.ijs.si/software/amavisd/ Amavisd-new also integrates with SpamAssassin, DCC, vipuls-razor, and others. I have to say I meant amavis-new when I said amavis. sorry to be unclear. Give it a shot. MrC ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
>On Thu, 02 Feb 2006 19:40:17 +, you wrote: > >Dennis Davis wrote: >> Very useful. I started using these signatures on this University's >> mail servers on Monday. Appended below are the stats on the >> incoming crap they stopped yesterday (Tuesday). >> >> Virus Count >> - - >> Total 308 >> >> The total incoming virus count for yesterday was 512[1]. So these >> signatures account for some 60% of what was detected. >> >> > >Thanks for those stats :) I'm glad they seem to be working great. > >I've just done an sig update, increasing from 164 sigs to 199 sigs. >Hopefully, they improve things a little more :) > >Cheers, > >Steve Steve or Dennis: Where did you get the tool to get clamav stats? We just installed it here and could really use something like that. Thanks, ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] postfix with clamav
> >> amavis has not been updated for more than one year. > >> is there a way to have clamav to configure to work with > > > I have to say I meant amavis-new when I said amavis. > sorry to be unclear. Oh, that's ok. It was your statement about it not being updated in a year which threw us. Amavisd-new has been updated 4 times alone last year, and a new version will likely come out soon. As I mentioned, it is very up to date, and highly configurable. amavisd-new-2.3.3.tar.gz : 2005-08-22 amavisd-new-2.3.2.tar.gz : 2005-06-29 amavisd-new-2.3.1.tar.gz : 2005-05-09 amavisd-new-2.3.0.tar.gz : 2005-04-24 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
jef moskot wrote: The latest batch seems to include a number of false positives, so I had to revert. I don't want to submit private user data, but an example is the apparently legit report from eBay entitled "Changes to eBay User Agreement and Privacy Policy". Other issues include apparently legitimate communications between buyers and sellers. Could you give me the signature names that match the false positives please. Cheers, Steve ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: > I checked my .login and .cshrc files for any CLAGS reference, and there was > none. I also checked the d.profile and profile files with the same result. It's CFLAGS and you can look at the actual parameters used with the compiler from the build output, is there a -Werror? > Is there an option in the configure script that changes the gcc option? No. It has to be explicitly set either in the configure command (i.e. CFLAGS="-pipe" ./configure), the environment (check "echo $CFLAGS") or in a script if you are not using configure directly but using a script that runs configure... OK, there is a 4th possibility, not explicit and an ugly one, it could be set by the compiler's spec file (if everything else didn't show where it comes from then do "gcc -dumpspecs | grep Werror"). - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPifTwACgkQL3NNweKTRgyxuwCgzW4GOcJTbpYGCKS+r8Twwo3J RZoAniMFZWIxnLRpJzh/f4t8eHv2wR+M =ztyD -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Is CME officially supported/supporting ClamAV?
Eric Cunningham wrote: > I have yet to see so many AV vendors cooperate to this extent before. > I've scanned several major vendor's websites for cme-24 and they all > list among their aliases cme-24 in a prominent display. > > I don't really see the harm aside from Mitre conspiracies. Just my $.02 Exactly. And people need to take these conspiracy theories with a tonne a salt. Just because ONE PERSON implied there was something shady with the CME organization having "military ties" doesn't mean there's even a grain of truth behind it. MITRE and SANS both have long histories in the InfoSec arena - they do good work. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
[EMAIL PROTECTED] wrote: > The company I work for has implemented a firewall that only allows certain > activity through it. I have requested that the user agent string > "clamav/*" be allowed to communicate with the internet. The request has > been refused because of security concerns. The approving authority is > concerned that there does not appear to be any way of verifying that the > web site the database is being downloaded from is the official site. The > authority would like to see either a way of supplying a user id and > password for authentication to the site or an exchange of SSLv2 keys. With > the current clamav software is authentication possible? > Someone doesn't want you to succeed I'm afraid. We run similar rules in our DMZes - and I can tell you that most commercial AVs *also* don't run from specific sites. The AVs we use (I won't name names) also load-share their pattern downloads - and most of the sites the files can end up coming down from don't even have PTR records, or at best don't match back to the domains owned by the AV companies! (i.e. they outsource to content carriers like Akami) I can't see how your "approving authority" has managed to allow other AV products while applying such harsh rules to your ClamAV proposal... Of course, I'd be quite willing to set up a permanent site that you can have HTTPS pattern access to for a really big fee!! ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
At 03:43 PM 2/2/2006, Steve Basford wrote: jef moskot wrote: The latest batch seems to include a number of false positives, so I had to revert. I don't want to submit private user data, but an example is the apparently legit report from eBay entitled "Changes to eBay User Agreement and Privacy Policy". Other issues include apparently legitimate communications between buyers and sellers. Could you give me the signature names that match the false positives please. Cheers, Steve ___ I'm getting false positives with Html.Phishing.Auction.Gen009.Sanesecurity.06020102 Marking legit eBay communications as Phish; bid confirmations, outbid notices, "you won" notices. -- Noel Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Is CME officially supported/supporting ClamAV?
tomorrow's outbreak alert? For lack of better phrasing... CME-24 is set to execute tomorrow and has been rather hyped by the media. I don't see any harm either...just no value. Course, I have to admit that I frequently have friction with bosses that task me with things that really add no value to the enterprise. :) If it saves time, it would be valuable to me. Using reports from US-cert, Secunia, and Watchguard I was quickly able to look up which definition of Symantec detected this threat and confirm we were covered. However the clamav I use for my church I was left to google for. Even after knowing cme-24 is worm.vb-8, I still had trouble finding references to it. What does everyone else do when they receive a security alert and need to confirm detection? ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
Hi there -- I checked the Makefile and there was no instance of -Werror. What other file(s) should I check? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of René Berber Sent: Thursday, February 02, 2006 4:44 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: > I checked my .login and .cshrc files for any CLAGS reference, and there was > none. I also checked the d.profile and profile files with the same result. It's CFLAGS and you can look at the actual parameters used with the compiler from the build output, is there a -Werror? > Is there an option in the configure script that changes the gcc option? No. It has to be explicitly set either in the configure command (i.e. CFLAGS="-pipe" ./configure), the environment (check "echo $CFLAGS") or in a script if you are not using configure directly but using a script that runs configure... OK, there is a 4th possibility, not explicit and an ugly one, it could be set by the compiler's spec file (if everything else didn't show where it comes from then do "gcc -dumpspecs | grep Werror"). - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPifTwACgkQL3NNweKTRgyxuwCgzW4GOcJTbpYGCKS+r8Twwo3J RZoAniMFZWIxnLRpJzh/f4t8eHv2wR+M =ztyD -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
On Thu, 2 Feb 2006, Steve Basford wrote: > Could you give me the signature names that match the false positives > please. Oh, duh. Of course. Looks like 2 completely different kinds of eBay communications both matched: Html.Phishing.Auction.Gen009.Sanesecurity.06020102 Thanks. Jeffrey Moskot System Administrator [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAv along with a Mailer software
Hello, Is it possible to make ClamAv to check the incoming mails managed by a mailer software ? (in my case Evolution). I had a look in /etc/clamav.conf and noticed a uncommented line the word "ScanMail" What is the procedure to follow? Best Regards, Alberto Zeni ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] postfix with clamav
From: John Jolet <[EMAIL PROTECTED]> Reply-To: ClamAV users ML To: ClamAV users ML Subject: Re: [Clamav-users] postfix with clamav Date: Thu, 2 Feb 2006 15:33:21 -0600 On Feb 2, 2006, at 3:23 PM, <[EMAIL PROTECTED]> wrote: i'm not sure about those packages...too lazy to check my fc4 box :) however, i'm using amavis to call clam. you put amavis in as a transport, and uncomment the clam parts of amavis. amavis also calls spamassassin. amavis has not been updated for more than one year. is there a way to have clamav to configure to work with postfix with the change in configuration file? I searched the documentation and cannot find any thing useful. As at least one other person has mentioned, you want amavisd-new, not amavis which is essentially defunct. Amavisd-new is updated as needed, with new functionality added based on community feedback, and has absolutely first rate support and an extremely knowledgeable group of folks on the mailing list. I highly recommend it, as does the author of The Book of Postfix, Ralf Hildebrandt. http://www.ijs.si/software/amavisd/ clamsmtp is written in C and expects to run faster than Perl and easy to configure. http://memberwebs.com/nielsen/software/clamsmtp/ http://memberwebs.com/nielsen/software/clamsmtp/postfix.html What I want to do is to scan the virus for the mails recieved not for the mails sending out in postfix. I am not sure how it can be configured based on the doc of clamsmtp and amavis-new. thanks. tom Amavisd-new also integrates with SpamAssassin, DCC, vipuls-razor, and others. I have to say I meant amavis-new when I said amavis. sorry to be unclear. Give it a shot. MrC ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
I'm getting false positives with Html.Phishing.Auction.Gen009.Sanesecurity.06020102 Marking legit eBay communications as Phish; bid confirmations, outbid notices, "you won" notices. Okay, I've disabled this sig and re-uploaded... that should fix it until i can find sample email. One thing about that sig, is that it was using multiple matches.. but I did test without any problems... hmmm. Out of interest... could you email me a header from the false positive email? If you can, steveb_clamav ATT sanesecurity DOTT COMM Cheers, Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
> > > > I'm getting false positives with > > Html.Phishing.Auction.Gen009.Sanesecurity.06020102 > > > > Marking legit eBay communications as Phish; bid confirmations, outbid > > notices, "you won" notices. > > > Okay, I've disabled this sig and re-uploaded... that should fix it until > i can find sample email. > > One thing about that sig, is that it was using multiple matches.. but I > did test without any problems... hmmm. > > Out of interest... could you email me a header from the false positive > email? > If you can, steveb_clamav ATT sanesecurity DOTT COMM I can verify it blocks legitimate mail from Ebay (outbidnotice and endofitem). I cannot provide samples for obvious reasons. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv along with a Mailer software
On Thursday 02 February 2006 14:06, Alberto Zeni wrote: > Hello, > Is it possible to make ClamAv to check the incoming mails managed by a > mailer software ? (in my case Evolution). > I had a look in /etc/clamav.conf and noticed a uncommented line the word > "ScanMail" > What is the procedure to follow? yes, certain *nix email clients have built-in support for clamav. I know for a fact kmail does, and I believe evolution does. However, I believe virus scanning of emails belongs at the front-door of the mail server, so if you have control over your mail server, you should investigate how to implement clamav into it. (unless of course your mail server is running on windows, then I don't know ;) -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpsBhqCzZfle.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
Dennis Peterson wrote: I can verify it blocks legitimate mail from Ebay (outbidnotice and endofitem). I cannot provide samples for obvious reasons. Thanks to all for the reports... the signature was faulty and I've now disabled it.I've re-uploaded, with it removed. Sorry for all this... Cheers, Steve ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: > I checked the Makefile and there was no instance of -Werror. What other > file(s) > should I check? Makefile? I didn't say check the Makefile... there are 12 Makefiles in the build directory (and subdirs). Any hits from my other recommendations? (echo $CFLAGS, gcc -dumpspecs, you can also "grep Werro config.log"). - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPikWIACgkQL3NNweKTRgzGSgCgkzIwR2SIktSJEDu6ijdWlodn caUAoJq9z2JSamZGRtgncazpy9Nb8P7T =mOqa -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Let's go back to: > manager.c:505: warning: unreachable code at beginning of switch statement > manager.c:568: warning: unreachable code at beginning of switch statement These 2 warnings shouldn't happen. Do you have a netdb.h file? Must be under /usr/local but could be somewhere else if you installed bind (for instance under /usr/local/include/isc). Does it have a define for HOST_NOT_FOUND? If it doesn't, and it looks this way for those warnings to appear, then your resolver installation is bad or somewhere else. The point is clamav's configure found a netdb.h that does not define HOST_NOT_FOUND, that produced the warning, and that header is not what is normally expected. You have to find out where did that header came from, and if you have more than one by that name, how to use the good one to build clamav. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPiobkACgkQL3NNweKTRgxMjgCfb9ogg3a/1CvowuQnT3go+4Ic GOgAoLsMFIuAw+Px/mikeXbaPqvJmQoU =AFTO -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
Hi there -- I located the netdb.h file in the /usr/include directory as opposed to the /usr/local directory. When I checked out its contents, the line that contained the text HOST_NOT_FOUND appeared to be commented out. Here is the syntax of that line: #define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ If the file needs to be located in /usr/local, can a symbolic link be created in /usr/local that points to /usr/include? From: [EMAIL PROTECTED] on behalf of René Berber Sent: Thu 2/2/2006 7:20 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Let's go back to: > manager.c:505: warning: unreachable code at beginning of switch statement > manager.c:568: warning: unreachable code at beginning of switch statement These 2 warnings shouldn't happen. Do you have a netdb.h file? Must be under /usr/local but could be somewhere else if you installed bind (for instance under /usr/local/include/isc). Does it have a define for HOST_NOT_FOUND? If it doesn't, and it looks this way for those warnings to appear, then your resolver installation is bad or somewhere else. The point is clamav's configure found a netdb.h that does not define HOST_NOT_FOUND, that produced the warning, and that header is not what is normally expected. You have to find out where did that header came from, and if you have more than one by that name, how to use the good one to build clamav. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPiobkACgkQL3NNweKTRgxMjgCfb9ogg3a/1CvowuQnT3go+4Ic GOgAoLsMFIuAw+Px/mikeXbaPqvJmQoU =AFTO -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX
> > Hi there -- > I located the netdb.h file in the /usr/include directory as opposed to = > the > /usr/local directory. When I checked out its contents, the line that = > contained > the text HOST_NOT_FOUND appeared to be commented out. Here is the syntax = > of that > line: > #define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ > If the file needs to be located in /usr/local, can a symbolic link be = > created > in /usr/local that points to /usr/include? Start here: http://www.its.strath.ac.uk/courses/c/section3_13.html#SECTION00013000 dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: > I located the netdb.h file in the /usr/include directory as opposed to the > /usr/local directory. When I checked out its contents, the line that contained > the text HOST_NOT_FOUND appeared to be commented out. Here is the syntax of > that > line: > > #define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ This is a correct definition. It's not surrounded by #if ... #fi, is it? > If the file needs to be located in /usr/local, can a symbolic link be created > in /usr/local that points to /usr/include? No, that was my mistake, I wrote the wrong path. Now back to the original problem, why are those warnings appearing? Looking at the code the warning means that h_errno cannot take the value HOST_NOT_FOUND, h_errno is also defined in netdb.h just above the define. I can't see how the compiler determined that this part of the code is supposed to be unreachable (it really is reachable). That's two strange thing with the compilation, where is the -Werror? and why the compiler mistakenly thinks that some part of the code is unreachable? Perhaps I can think of something later. What version is your gcc? (i.e. gcc --version) - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPirKAACgkQL3NNweKTRgz7oACg3wkezPfHa1zSMnWpI8E51pNw fLAAn22NXbnGpBo8SQAS5tdNYdYMGAcn =/70i -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20
Hi there -- The version of gcc running on the system is 2.95.2 19991024 (release) From: [EMAIL PROTECTED] on behalf of René Berber Sent: Thu 2/2/2006 8:06 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: > I located the netdb.h file in the /usr/include directory as opposed to the > /usr/local directory. When I checked out its contents, the line that contained > the text HOST_NOT_FOUND appeared to be commented out. Here is the syntax of that > line: > > #define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ This is a correct definition. It's not surrounded by #if ... #fi, is it? > If the file needs to be located in /usr/local, can a symbolic link be created > in /usr/local that points to /usr/include? No, that was my mistake, I wrote the wrong path. Now back to the original problem, why are those warnings appearing? Looking at the code the warning means that h_errno cannot take the value HOST_NOT_FOUND, h_errno is also defined in netdb.h just above the define. I can't see how the compiler determined that this part of the code is supposed to be unreachable (it really is reachable). That's two strange thing with the compilation, where is the -Werror? and why the compiler mistakenly thinks that some part of the code is unreachable? Perhaps I can think of something later. What version is your gcc? (i.e. gcc --version) - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPirKAACgkQL3NNweKTRgz7oACg3wkezPfHa1zSMnWpI8E51pNw fLAAn22NXbnGpBo8SQAS5tdNYdYMGAcn =/70i -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
[EMAIL PROTECTED] wrote: > The company I work for has implemented a firewall that only allows certain > activity through it. I have requested that the user agent string > "clamav/*" be allowed to communicate with the internet. sorry, but blocking at the firewall/proxy level based on user-agent is one of the most absurd things I've ever heard. If they are doing it to disallow 'viruses' and whatnot from traversing the firewall, well, the virus writer can TRIVIALLY change the user-agent string to.. say.. IE, and get right through. In fact, since clamav provides the source for you, you should be able to TRIVIALLY change the user-agent string. grep, $EDITOR, and an exercise for the reader. Problem solved. -Jeremy signature.asc Description: OpenPGP digital signature ___ http://lurker.clamav.net/list/clamav-users.html