Re: [Clamav-users] My first question
El 01/02/2006, a las 11:34 AM, Daniel Cortes escribió: Hi everybody I installed clam for checking mails. The problem is update database, I have to specify to my admin where freshclam have to connect to do available connection. My question is: If I say to the admin that only opens connection to database.clamv.net , will clam works fine? If this option isn't correct, how can I do to update manually the database? thks for your replies. ___ http://lurker.clamav.net/list/clamav-users.html If you mean what ip's to tell the admin to allow, it is fine to just list the database.clamav.net ip's. I just did a host database.clamav.net host db.XX.clamav.net (where XX is your country) host cvd.clamav.net and allowed freshclam to access those ip's not sure if you need anymore (or if you need all of them), but it works fine for me. :~ dacamo$ host database.clamav.net database.clamav.net is an alias for db.local.clamav.net. db.local.clamav.net is an alias for db.america.clamav.net. db.america.clamav.net has address 64.34.165.168 db.america.clamav.net has address 69.46.24.178 db.america.clamav.net has address 69.57.154.46 db.america.clamav.net has address 205.139.192.213 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] My first question
Daniel Cortes wrote: > Hi everybody I installed clam for checking mails. The problem is update > database, I have to specify to my admin where freshclam have to connect > to do available connection. > My question is: If I say to the admin that only opens connection to > database.clamv.net , will clam works fine? > If this option isn't correct, how can I do to update manually the database? > > thks for your replies. > ___ > http://lurker.clamav.net/list/clamav-users.html from the command line issue the following command: freshclam that will force and update of virus definitions. -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by RHEL 4 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virus identified as "Suspicious File"
On Saturday 04 February 2006 12:33, Maren S. Leizaola wrote: > Hi, > I have clamav running with cgpav on 2 servers. One works perfectly > and reports > the virus name on the email and another just identifies it as > "Suspicious File". > I am using the same .conf files on both servers. > > Attention! We received a message for you with > VIRUS: Suspicious File: details03_maren.pif > The sender's address is [EMAIL PROTECTED], but it's probably forged. > The message was rejected for delivery. > > One runs FreeBSD 5.4 and the other 5.21 > > Clamscan identifies the virus correctly on the server labels the virus > as "Suspicous file". check the configuration of whatever you use to run clamav against your incoming mail. Also, this may be coming from your other virus scanner (assuming cpgav is another virus scanning package) > Any hints what is wrong? it's not clamav. Your mail<->clamav shim is probably outright rejecting .pif files without scanning them with clamav. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgpmM4TQScpEs.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Virus identified as "Suspicious File"
Hi, I have clamav running with cgpav on 2 servers. One works perfectly and reports the virus name on the email and another just identifies it as "Suspicious File". I am using the same .conf files on both servers. Attention! We received a message for you with VIRUS: Suspicious File: details03_maren.pif The sender's address is [EMAIL PROTECTED], but it's probably forged. The message was rejected for delivery. One runs FreeBSD 5.4 and the other 5.21 Clamscan identifies the virus correctly on the server labels the virus as "Suspicous file". Any hints what is wrong? thanks. Maren. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] RE: File Attachment Size Problem
On 1/30/06, Bill King <[EMAIL PROTECTED]> wrote: > Thanks! This is working. However I am thinking of trying to skip the scan > of large messages as I am not sure if it is worth the CPU ticks. Does > anyone have ideas about whether or not this is a good plan? There are two schools of thought on this: 1. Your target for mail scanning should be restricted to blocking viral worms which are almost all sending relatively small attachments in order to spread quickly and efficiently. 2. Your target should be any incoming infected file. If you believe in (1) and that your desktop AV software will protect you from (2) then put in an attachment size restriction. The standard mimedefang-filter has an example of this in place for SpamAssassin scanning, restricted to 100K for the same reasons as (1) above. If you believe in (2) then you have to throw hardware at it. IMHO ClamAV isn't terribly efficient at scanning large files and appears to have particular issues with documents that it parses such as XML and MS Office filetypes. Throwing CPUs at it and increasing your timeout limits works ok though. You could also consider prioritising smaller messages if you have limited resources. -- des -- http://frommars.org/ ___ http://lurker.clamav.net/list/clamav-users.html
