[Clamav-users] ZIP files autodetected as virus
Is their any way to tell Clamav to look at a file before it is considered a Virus? I got a call from a customer who said that Zip files are getting intercepted by clamav and are defaulting them as a virus. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ZIP files autodetected as virus
On Dec 5, 2006, at 1:36 PM, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: Is their any way to tell Clamav to look at a file before it is considered a Virus? I got a call from a customer who said that Zip files are getting intercepted by clamav and are defaulting them as a virus. ClamAV doesn't consider all ZIP files to be viruses; I suggest you gather more information from your logs, and confirm what is going on. -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ZIP files autodetected as virus
- Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem <[EMAIL PROTECTED]> wrote: > Is their any way to tell Clamav to look at a file > before it is considered a Virus? > > I got a call from a customer who said that Zip files > are getting intercepted by clamav and are defaulting them as a virus. It depends on what you have configured ClamAV to do. You can configure ClamAV to: * Consider all password protected archives are infected (assume they are infected because they can't be checked) (ArchiveBlockEncrypted) * Consider all archives over a certain size to be infected. (ArchiveBlockMax) So what have you configured ClamAV to do? Good thing you run ClamAV too, as you are also using the root@ account to send (and probably) e-mail. That's generally a bad idea. I think ClamAV can detect most mail bombs, but you but should probably not rely on ClamAV as your only security against a complete server compromise. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd consumes more and more resources
I've set up a new mail server, running on on an Intel Mac Mini. Every now and then I notice that there are no new entries in my SMTP Proxy's log. Looking at Activity Monitor I notice that clamd and kernel_task are both running at about 57% of CPU. kernel_task usually runs at less than 1%. As soon as I quit clamd, mail starts flowing flowing through the SMTP Proxy (after it realises that it can't connect to the socket and disables clamav filtering). clamd.log doesn't say anything, - the last entries say "SelfCheck: Database status OK". Clamav is 0.88.6 Has anyone else had these problems? My previous mail server (running 0.88.1) did not have this problem. Thanks, James. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
