[Clamav-users] Hardware acceleration for virus scanning
Hi, I remember that clamAV once supported Sensory networks' Nodal core acceleration. But I don't find this support in the source code (clamav-0.94.2) I have downloaded today. Does ClamAV support hardware acceleration for virus scanning ? Please clarify. Thanks, Babu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Update mechanism of ClamAV
On Wed, 3 Dec 2008 09:25:41 +0700 "tung dang" <[EMAIL PROTECTED]> wrote: >Dear Torok Edwin and friends, >Many thanks for your information. > >You say below that it is a private mirror, and you say here that it is >> a public mirror. >> Which one is it? >> >> If you want to become a *public* mirror, do you have the necesary >> bandwidth? (10 Mbit/s, unlimited traffic) > > >As i mentioned in the first email, now i have been investigating >ClamAV on some commercial products, so we need to evaluate from many >aspects. We want to build our own mirror, so we can manage any >services on it. Bandwidth, traffic or any other condition is not our >problem. Can you give me some advices for some following questions: >+ If i build a Windows-mirror, what version we should use (server2003, >server2008, xp ...) >+ If i build a linux-mirror, what distro we should use (centos, fedora, >debian, ubuntu ...) > >Maybe some distro of linux, version of windows has some advantages over >other distros, versions. So i would like to know, what distro of >linux, what version of windows are best > >> >> No, you can't rebuild a .cvd. >> >> I think you can write some script to fetch the .cdiff file from the >> public mirror, launched from freshclam's --on-update-execute. >> You then put these files on your local webserver, and set your other >> freshclams to use your webserver as a mirror. >> Then those freshclams should be able to use .cdiff files also. >> The problem is that if incremental update fails [*], they will look >> for a .cvd file, so you would need the master freshclam to download >> a .cvd anyway. >> >> I think it is much simpler, if you just set up all freshclams to use >> a caching proxy, that way: >> - you don't waste public mirrors bandwidth, since each DB update is >> downloaded only once for the entire network >> - you don't waste public mirror bandwidth by downloading a .cvd file >> each time >> - it will work even if a .cdiff fails to be applied [*] >> >> [*]: incremental update can fail if your DB is too old, and not all >> .cdiffs are available anymore from the mirrors, or due to a corrupted >> download If it were me, I would use either the latest version of Windows that your can get, or use FreeBSD to handle the job. -- Jerry [EMAIL PROTECTED] The Tree of Learning bears the noblest fruit, but noble fruit tastes bad. signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Submitting malware attachments or full email?
On Tue, 2008-12-02 at 10:10 +0100, Tomasz Kojm wrote: > On Tue, 02 Dec 2008 00:59:01 +0100 > Karsten Bräckelmann <[EMAIL PROTECTED]> wrote: FWIW, detected as Trojan.Invo-13 and Trojan.Downloader-60790. Which (again) raises the question why that variation, for what appears to be a single malware. > > Should I submit the entire, original email, or the attachment only? > > The entire email is usually most useful to us. Thanks, Tomasz. I kind of went paranoid, given the scary report recently referred in my OP. -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Usage of the ClamAV-Logo
Sven, I am sorry it has taken so long for me to reply to this. > I'm going to write a clamav-related article in my blog and I want > to use the ClamAV-Logo to illustrate the entry. > I found no licensing or usage information about the logo on the > clamav-homepage, faqs or in the archive and so I'm asking here for > permission to use the logo or for a contact I can ask for > permission. I am looking into this question right now so your timing was interesting, hence the delay. I wanted to ensure that I had the correct information for you. I still don't have the definitive answer, as soon as I have that I will post a follow-up here. In the meantime I wanted you to have something and to know that I haven't ignored your request. For now you may like to know that it the likely usage of ClamAV and the logo are those that you'd be likely to do anyway: 1) Use the letters TM after the first usage of ClamAV. 2) The A and V should be upper case, thus "ClamAV". 3) You must reference Sourcefire as the owner of the ClamAV name and logo in a manner that is satisfactory to Sourcefire. > Ciao, > Sven Rütz <[EMAIL PROTECTED]> Hope that helps you. Feel free to contact me directly if you want. Regards, -Nigel Horne -- Nigel Horne, [EMAIL PROTECTED] Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +44 1226 241048 or +1 706 705 4022 FAX: +44 870 705 9334 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Usage of the ClamAV-Logo
This is interesting. I will need to change the logo for the ClamAV live cd then :-(. On Wed, Dec 3, 2008 at 3:03 PM, Nigel Horne <[EMAIL PROTECTED]> wrote: > Sven, > > I am sorry it has taken so long for me to reply to this. > > > I'm going to write a clamav-related article in my blog and I want > > to use the ClamAV-Logo to illustrate the entry. > > I found no licensing or usage information about the logo on the > > clamav-homepage, faqs or in the archive and so I'm asking here for > > permission to use the logo or for a contact I can ask for > > permission. > > I am looking into this question right now so your timing was interesting, > hence the delay. > > I wanted to ensure that I had the correct information for you. I still > don't > have the definitive answer, > as soon as I have that I will post a follow-up here. In the meantime I > wanted you to have something > and to know that I haven't ignored your request. > > For now you may like to know that it the likely usage of ClamAV and the > logo > are those that you'd > be likely to do anyway: > > 1) Use the letters TM after the first usage of ClamAV. > 2) The A and V should be upper case, thus "ClamAV". > 3) You must reference Sourcefire as the owner of the ClamAV name and logo > in > a manner that is satisfactory > to Sourcefire. > > > Ciao, > > Sven Rütz <[EMAIL PROTECTED]> > > Hope that helps you. Feel free to contact me directly if you want. > > Regards, > > -Nigel Horne > > -- > Nigel Horne, [EMAIL PROTECTED] > Director of Product Management (ClamAV), Sourcefire, > http://www.sourcefire.com > +44 1226 241048 or +1 706 705 4022 FAX: +44 870 705 9334 > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- http://www.volatileminds.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] How to mirror the signatures?
* Do not Cc: me, because I READ THIS LIST, if I write here * *Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe* Hello, I am working from A Mobile-Office with several Servers and workstations and I have the need to install clamav on each of them. My problem is, that the signatures are heavy and I am on GSM/GPRS/UMTS and want o avoid downloading the stuff several times. So, now I like to know, how to mirror the signatures so I can update my Computers from one of my Intranet-Servers? Note: I am using Debian GNU/Linux Etch. Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamstats
I'm a bit confused. Looking at my clamstats for 30 Nov I see: Last Database UpdateSun Nov 30 23:32:57 2008 Total viruses detected 407 Total Database Signatures 469,236 for 1 Dec: Last Database UpdateMon Dec 1 23:11:34 2008 Total viruses detected 413 Total Database Signatures 31,346 In the script I run there is this line: if (/main\.(?:cvd|inc).+\(version:\s(\d+),\ssigs:\s(\d+),/) { #print "MAIN: $2\n"; $fcmainversion = $1; $fcmaincount = $2; Up until today the first line read: if (/main\.(?:cld|inc).+\(version:\s(\d+),\ssigs:\s(\d+),/) { and was giving total sigs as shown on 30 Nov, on 1 Dec the total dropped as shown. I just went in and changed :cld to :cvd which brought the total sigs back to what I imagine is the correct amount. Last Database UpdateWed Dec 3 21:24:51 2008 Total viruses detected 429 Total Database Signatures 470,759 Seems like every month or so I have to make the change from either cld to cvd or cvd to cld. What, if anything, could be the reason for this? -- Chris KeyID 0xE372A7DA98E6705C pgpkUsa3f1ZI9.pgp Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml