[Clamav-users] virus threats to Linux (was: PhishingScanURLs is dreadfully slow/CPU-intensive)
Kelson schrieb: Tilman Schmidt wrote: Also, OpenOffice on Linux is normally run from a non-privileged user ID, heavily limiting the ability of any malicious macro to harm or propagate. Huh? What difference does running as a non-privileged user make when the method of infection is to spread via *documents*? It doesn't need root access to modify the user's own files. If that's all it does then yes, running non-privileged doesn't change anything. -- Tilman Schmidt Abteilungsleiter Technik Tilman Schmidt [EMAIL PROTECTED] Phoenix Software GmbH Tel. +49 228 97199 0 Geschäftsführer: W. Grießl Fax +49 228 97199 99 Adolf-Hombitzer-Str. 12 www.phoenixsoftware.de 53227 Bonn, GermanyAmtsgericht Bonn HRB 2934 signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Error message appended to subject line
Tony Baker wrote: Hi after a recent upgrade of ClamAV Some mail is having (No virus check: internal error) appended to the subject line. That message appears nowhere in the ClamAV source code, so I presume it's generated by some 3rd party software which you haven't told us you're using and I would suggest aiming your enquiry to their mailing list. Tony -- Nigel Horne. Adjudicator, Arranger, Band Trainer, Conductor, Composer, Tutor. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Error message appended to subject line
Hi after a recent upgrade of ClamAV Some mail is having (No virus check: internal error) appended to the subject line. However checking through the logs the mail is showing that is Passed CLEAN Can someone tell me where this appending of the subject line is being generated from. More importantly is it a problem that requires fixing. Sending a test virus from eicar.com gets picked up as a virus correctly but doesn't append the subject line Tony ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Error message appended to subject line
Tony Baker wrote: Hi after a recent upgrade of ClamAV Some mail is having (No virus check: internal error) appended to the subject line. Nigel Horne wrote: That message appears nowhere in the ClamAV source code, so I presume it's generated by some 3rd party software which you haven't told us you're using and I would suggest aiming your enquiry to their mailing list. Nigel Hi ! Thanks for the reply Apologies if I have sent this to the wrong list, but the message started occurring after an upgrade of ClamAV. I have also upgraded spamassassin and amavis-new, but the messages started after upgrading ClamAV. My system is an Intel Apple Xserver running MacOSX 10.4.10 using postfix for mail. Do you think I should be trying the amavis or spamassassin lists then?? Tony ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Error message appended to subject line
On Nov 13, 2007 10:42 AM, Tony Baker [EMAIL PROTECTED] wrote: Apologies if I have sent this to the wrong list, but the message started occurring after an upgrade of ClamAV. I have also upgraded spamassassin and amavis-new, but the messages started after upgrading ClamAV. ---SNIP--- Do you think I should be trying the amavis or spamassassin lists then?? As you're probably using amavis for calling clamav I'd suggest you try the amavis list. Be sure to provide details that you've missed on this thread, like actual version numbers and how you're calling clamav from amavis ;) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Accurate subjects (was Re: PhishingScanURLs is dreadfully slow/CPU-intensive)
On Mon, Nov 12, 2007 at 04:22:47PM -0500, David F. Skoll wrote: My own opinion is that the developers are not going to change the default settings since they are what the majority of users would want enabled by default. Really? All posters on this thread who gave an opinion wanted PhishingScanURLs off by default. I invite users who want PhishingScanURLs to be on by default to come forward; I'll happily go with the majority decision. If there's going to be a vote, I haven't expressed my opinion in this thread yet. PhishingScanURLs should be off, in my opinion, for every mailserver installation that actually cares about delivering legitimate mails to its users. So that would imply the default to be off. In fact, this very feature is the reason we are considering to stop the use of ClamAV. Complete lack of a standard naming scheme to distinguish between viruses and phishing mails is also a factor here. The reason we're so concerned about this is the false positive rate. Traditionally, virus scanners have had a negligible false positive ratio (less than 1 in 1E9, typically). This means it is in practice no problem to flat-out reject or discard mails that are flagged as a virus. However, spam and phishing detection has a much higher false positive rate, so it's very unwise to discard the mails, and it's usually bad to reject them (because of automatic bounce handling by legitimate bulk mailers), so we put such mails in a special folder. -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Accurate subjects (was Re: PhishingScanURLs is dreadfully slow/CPU-intensive)
Hi there, On Monday November 12, 2007 at 04:22:47 (PM) David F. Skoll wrote: Really? All posters on this thread who gave an opinion wanted PhishingScanURLs off by default. I invite users who want PhishingScanURLs to be on by default to come forward; I'll happily go with the majority decision. I invite users who really care about this issue to send mail directly to Mr. Skoll, and not to add to the noise on the ClamAV mailing list. On Tue, 13 Nov 2007 Dennis Peterson wrote: I think it's a non-issue. Even timid users need to edit the file as a minimum to disable the Example line. Once there I'm certain they can then change the other critical areas that require attention. +1 to that, and I don't intend to add any pseudo-legitimacy to this voting nonsense either. There are more important issues. Please let's kill this thread. -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Accurate subjects (was Re: PhishingScanURLs is dreadfully slow/CPU-intensive)
G.W. Haywood wrote: I invite users who really care about this issue to send mail directly to Mr. Skoll, and not to add to the noise on the ClamAV mailing list. OK. Off-list to [EMAIL PROTECTED] and I will summarise. There are more important issues. Please let's kill this thread. There are more important issues, maybe. However, I think on-by-default code that is inefficient, badly-written, a source of false-positives and of dubious value in a virus-scanner is pretty important to discuss. Regards, David. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Accurate subjects (was Re: PhishingScanURLs is dreadfully slow/CPU-intensive)
On Tue, 13 Nov 2007 Dennis Peterson wrote: Even timid users need to edit the file as a minimum to disable the Example line. Another point is that those who use clamscan (not the daemon) will have the default behavior changed more invisibly. You have to pass a parameter to disable the anti-phishing stuff, and clamscan users aren't used to making config changes to get the same behavior. It's not the end of the world, but it is a shock to the system when the behavior of a program changes so drastically. Jeffrey Moskot System Administrator [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
