Re: [clamav-users] Whitelisting extensions for virus scan

2018-10-30 Thread Tilman Schmidt 
Am 29.10.18 um 17:33 schrieb Kris Deugau:
> Tilman Schmidt wrote:
>> Am 26.10.18 um 15:34 schrieb Johnny Time:
>>> For exemple, we wanted to authorize only a white list which contains
>>> *.doc,*.xls,*.pdf and ban the others extensions.
>>
>> Surely you meant to write "*.docx,*.xlsx,*.pdf"?
>> *.doc and *.xls are the old, malware-prone MS-Office filetypes.
>> You don't want to let those pass, at least not without rigorous
>> examination.
> 
> In my experience, the new ones aren't any better.

The "*m" ones (with macros) certainly aren't, but the "*x" ones (without
macros) have so far never caused any trouble at our site.
So we put mails with *.doc, *.xls, *.docm and *.xlsm attachments in
quarantine, only releasing them upon request after manual inspection,
but let *.docx and *.xlsx pass if the ClamAV scan turns up clean.

T.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Whitelisting extensions for virus scan

2018-10-30 Thread Kris Deugau 

Tilman Schmidt wrote:

Am 29.10.18 um 17:33 schrieb Kris Deugau:

Tilman Schmidt wrote:

Am 26.10.18 um 15:34 schrieb Johnny Time:

For exemple, we wanted to authorize only a white list which contains
*.doc,*.xls,*.pdf and ban the others extensions.


Surely you meant to write "*.docx,*.xlsx,*.pdf"?
*.doc and *.xls are the old, malware-prone MS-Office filetypes.
You don't want to let those pass, at least not without rigorous
examination.


In my experience, the new ones aren't any better.


The "*m" ones (with macros) certainly aren't, but the "*x" ones (without
macros) have so far never caused any trouble at our site.
So we put mails with *.doc, *.xls, *.docm and *.xlsm attachments in
quarantine, only releasing them upon request after manual inspection,
but let *.docx and *.xlsx pass if the ClamAV scan turns up clean.


I don't care enough to dig up what the formal spec (such as may exist) 
for these files is, but I see a regular trickle of .docx and a handful 
of .xlsx files that pop up a warning in OpenOffice about macros.  I 
don't think I've seen any .docm or .xlsm for a while.


Personally I'd be quite happy to ban them all outright, but customers 
get a little grouchy when they can't send or receive documents to their 
contacts...


We scan them all, quarantine the ones that hit a signature, add local 
signatures as malicious examples get reported, use a handful of 
third-party signatures, and advise customers to make sure they keep an 
up-to-date antivirus package on their system - if only to make sure 
they're also protected against non-email malware.


-kgd
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Structuring instream calls to clamd

2018-10-30 Thread Micah Snyder (micasnyd) 
Hi Alex,

I don't like seeing a well researched question go un-answered, though I don't 
have a very good answer for you.  We don't have any documentation from any 
previous work to say if there is an optimum chunk size for TCP sockets or unix 
sockets.

Intuitively, if you're using a TCP socket, particularly if sending over the 
network (hopefully using an encrypted SSH tunnel) then chunking will probably 
be done for you, and if you do chunking then ensuring that your chunk size is 
lower than the MTU for the TCP/IP stack may prevent you from sending ittybitty 
chunks every other packet.

If you're using a unix local socket, I really don't know if chunking buys you 
anything.  If you do end up doing some testing, it would be interesting to find 
out what you learn.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 29, 2018, at 3:32 PM, Wreschnig, Alexander Scott 
mailto:as...@pitt.edu>> wrote:

I have what is hopefully a quick question regarding clamd. What’s a good method 
for determining ideal chunk sizes when streaming data to the daemon over a 
socket connection? Or should I ignore chunking altogether and just stream one 
big contiguous file?

The background: I’ve developed a very simple plugin for an unrelated 
application that sends user-uploaded files of varying formats to clamd over a 
socket for some basic virus scanning. At the moment, and based on some of the 
clamd documentation, it loops over each file grabbing small chunks at a time 
and streams each of those chunks to clamd. It’s working fine, so I can in 
theory leave it exactly as-is. But I used an arbitrary value for chunk size and 
as I’m looking more closely I’m having a hard time finding documentation on how 
this works or what my chunk size should be (beyond the maximum chunk size, 
which I can see is StreamMaxLength). For reference, from man clamd:

“The stream is sent to clamd in chunks, after INSTREAM, on the same socket on 
which the command was sent. This avoids the overhead of establishing new TCP 
connections and problems with NAT. The format of the chunk is: '' 
where  is the size of the following data in bytes expressed as a 4 byte 
unsigned integer in network byte order and  is the actual chunk. 
Streaming is terminated by sending a zero-length chunk. Note: do not exceed 
StreamMaxLength as defined in clamd.conf […]”

StreamMaxLength, on the other hand, is documented as

“[…] This option allows you to specify the upper limit for data size that will 
be transfered to remote daemon when scanning a single file. It should match 
your MTA's limit for a maximum attachment size.”

Looking at this combination I’m wondering if, since I’m only worrying about 
attachments (which by definition shouldn’t be larger than maximum attachment 
size), there’s another good reason to chunk things up or if I should just 
stream everything in one go.

Sorry if there’s an obvious answer staring at me and I’m not seeing it—I swear 
I looked! And thanks for any advice.

—
Alex Wreschnig

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Structuring instream calls to clamd

2018-10-30 Thread Wreschnig, Alexander Scott 
Thanks for the response, Micah. If the benefits are, indeed, unclear, then I 
probably won't be futzing much with a perfectly functional implementation in 
the near future--but if I do any experiments, I'll be sure to share the results.

- Alex

From: clamav-users  on behalf of Micah 
Snyder (micasnyd) 
Sent: Tuesday, October 30, 2018 1:08:08 PM
To: ClamAV users ML
Subject: Re: [clamav-users] Structuring instream calls to clamd

Hi Alex,

I don't like seeing a well researched question go un-answered, though I don't 
have a very good answer for you.  We don't have any documentation from any 
previous work to say if there is an optimum chunk size for TCP sockets or unix 
sockets.

Intuitively, if you're using a TCP socket, particularly if sending over the 
network (hopefully using an encrypted SSH tunnel) then chunking will probably 
be done for you, and if you do chunking then ensuring that your chunk size is 
lower than the MTU for the TCP/IP stack may prevent you from sending ittybitty 
chunks every other packet.

If you're using a unix local socket, I really don't know if chunking buys you 
anything.  If you do end up doing some testing, it would be interesting to find 
out what you learn.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 29, 2018, at 3:32 PM, Wreschnig, Alexander Scott 
mailto:as...@pitt.edu>> wrote:

I have what is hopefully a quick question regarding clamd. What’s a good method 
for determining ideal chunk sizes when streaming data to the daemon over a 
socket connection? Or should I ignore chunking altogether and just stream one 
big contiguous file?

The background: I’ve developed a very simple plugin for an unrelated 
application that sends user-uploaded files of varying formats to clamd over a 
socket for some basic virus scanning. At the moment, and based on some of the 
clamd documentation, it loops over each file grabbing small chunks at a time 
and streams each of those chunks to clamd. It’s working fine, so I can in 
theory leave it exactly as-is. But I used an arbitrary value for chunk size and 
as I’m looking more closely I’m having a hard time finding documentation on how 
this works or what my chunk size should be (beyond the maximum chunk size, 
which I can see is StreamMaxLength). For reference, from man clamd:

“The stream is sent to clamd in chunks, after INSTREAM, on the same socket on 
which the command was sent. This avoids the overhead of establishing new TCP 
connections and problems with NAT. The format of the chunk is: '' 
where  is the size of the following data in bytes expressed as a 4 byte 
unsigned integer in network byte order and  is the actual chunk. 
Streaming is terminated by sending a zero-length chunk. Note: do not exceed 
StreamMaxLength as defined in clamd.conf […]”

StreamMaxLength, on the other hand, is documented as

“[…] This option allows you to specify the upper limit for data size that will 
be transfered to remote daemon when scanning a single file. It should match 
your MTA's limit for a maximum attachment size.”

Looking at this combination I’m wondering if, since I’m only worrying about 
attachments (which by definition shouldn’t be larger than maximum attachment 
size), there’s another good reason to chunk things up or if I should just 
stream everything in one go.

Sorry if there’s an obvious answer staring at me and I’m not seeing it—I swear 
I looked! And thanks for any advice.

—
Alex Wreschnig

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net

[clamav-users] ClamAV 0.101.0 beta has been posted!

2018-10-30 Thread Joel Esler (jesler) 
Welcome to the ClamAV 0.101.0 beta!

Important notes about this release:


• Changes to the libclamav API:
• Those who build applications around our shared library will need to change 
how they declare and pass scanning options to libclamav. Please take a look at 
the change to our example 
code
 for details.
• Many of the scanning option #defines have changed. These can be found in our 
clamav.h 
header.
• The libclamav version number has changed.
• Some of the clamd config and clamscan command line option names have changed. 
The original versions will still work for a time, but eventually they will be 
deprecated. These options in question are detailed in the 
NEWS 
document.
• A new sub-signature type called "Byte Compare". Byte Compare sub-signatures 
can be used to evaluate a numeric value at a given offset from the start of 
another (matched) sub-signature within the same logical signature. That 
numerical value may be interpreted from signed ascii decimal, unsigned ascii 
hex, or unsigned binary data relative to a match offset. Your participation in 
testing this feature during our beta period will be greatly appreciated. For 
details, see the signature writing 
documentation.
• Changes to our documentation. Documentation is now in Markdown and should be 
easier to navigate and easier to contribute to.
• Support for extraction/scanning of RAR v5.x archives.


For additional details on changes in 0.101, please read the notes in our 
NEWS 
document.

Thank you in advance for participating in the ClamAV 0.101 beta! Bugs should be 
brought to our attention via the clamav-devel mailing 
list or via 
bugzilla.

You may download the ClamAV 0.101.0 beta at the usual location on 
ClamAV.net.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] How do I know when new versions contain .conf file changes?

2018-10-30 Thread Brian Fluet 
I use ClamAV for Win32 and am wondering if there is a way to tell 
when an update contains a change to either of the .conf files so as 
to know when it's ok to stay with the existing ones.

Thanks.

Brian Fluet




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How do I know when new versions contain .conf file changes?

2018-10-30 Thread Eric Tykwinski 
My suggestion would be to check out the release notes on GitHub for your
specific version:
https://github.com/Cisco-Talos/clamav-devel/commits/rel/0.100

Depends though on if you are running Talos, or ClamWin.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Brian Fluet
> Sent: Tuesday, October 30, 2018 4:23 PM
> To: clamav-users@lists.clamav.net
> Subject: [clamav-users] How do I know when new versions contain .conf file
> changes?
> 
> I use ClamAV for Win32 and am wondering if there is a way to tell
> when an update contains a change to either of the .conf files so as
> to know when it's ok to stay with the existing ones.
> 
> Thanks.
> 
> Brian Fluet
> 
> 
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"

2018-10-30 Thread Doug Ingham 
Hi all,
 For some reason, clamdscan is returning a permissions error for files it
has read access to.

I've copied some output below to help show the situation...

==
root@arquivos0:/var/www# grep User /etc/clamav/clamd.conf
User clamav

root@arquivos0:/var/www# grep clamav /etc/group
www-data:x:33:clamav
clamav:x:121:

root@arquivos0:/var/www# ls -ld nc_data/
drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/

root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf
nc_data/
/var/www/nc_data: lstat() failed: Permission denied. ERROR
--- SCAN SUMMARY ---
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

root@arquivos0:/var/www# sudo -u clamav ls nc_data/
[correct directory contents listed]

root@arquivos0:/var/www# ls -al /var/log/clamav/
total 20
drwxr-xr-x  2 clamav clamav45 Out 30 12:29 .
drwxrwxr-x 16 root   syslog  4096 Out 30 15:41 ..
-rw-r-  1 clamav adm10914 Out 30 17:12 clamav.log
-rw-r-  1 clamav adm 2352 Out 30 15:17 freshclam.log

root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf
/var/log/clamav/
/var/log/clamav: lstat() failed: Permission denied. ERROR
--- SCAN SUMMARY ---
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
==

To quote Aristotle, "WTF?"

Any help appreciated!

-- 
Doug
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"

2018-10-30 Thread SCOTT PACKARD 
You'd want to:
ls -ld /
ls -ld /var
ls -ld /var/www
l s-ld /var/www/nc_data
and make sure user www-data has at least read and execute permissions to the 
parent directories.
You probably have removed read and execute from other, so clamdscan can't go 
down in the
directory hierarchy to get to /var/www/nc_data/.

Regards, Scott


From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Doug Ingham
Sent: Tuesday, October 30, 2018 2:23 PM
To: clamav-users@lists.clamav.net
Subject: [External] [clamav-users] Clam user has read permissions, but I still 
get "lstat() failed: Permission denied"

Hi all,
 For some reason, clamdscan is returning a permissions error for files it has 
read access to.
I've copied some output below to help show the situation...

==
root@arquivos0:/var/www# grep User /etc/clamav/clamd.conf
User clamav

root@arquivos0:/var/www# grep clamav /etc/group
www-data:x:33:clamav
clamav:x:121:

root@arquivos0:/var/www# ls -ld nc_data/
drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/

root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf 
nc_data/
/var/www/nc_data: lstat() failed: Permission denied. ERROR
--- SCAN SUMMARY ---
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
root@arquivos0:/var/www# sudo -u clamav ls nc_data/
[correct directory contents listed]

root@arquivos0:/var/www# ls -al /var/log/clamav/
total 20
drwxr-xr-x  2 clamav clamav45 Out 30 12:29 .
drwxrwxr-x 16 root   syslog  4096 Out 30 15:41 ..
-rw-r-  1 clamav adm10914 Out 30 17:12 clamav.log
-rw-r-  1 clamav adm 2352 Out 30 15:17 freshclam.log

root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf 
/var/log/clamav/
/var/log/clamav: lstat() failed: Permission denied. ERROR
--- SCAN SUMMARY ---
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
==
To quote Aristotle, "WTF?"

Any help appreciated!

--
Doug
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How do I know when new versions contain .conf file changes?

2018-10-30 Thread Brian Fluet 
Thanks for the url to the release notes.

I'm using the Win32 package from clamav.net in conjunction with 
Mercury Mail Transport System which passes messages to clamd.  

--
Brian Fluet


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"

2018-10-30 Thread Scott Kitterman 
Apparmor/SE Linux is another possibility.

Scott K

On October 30, 2018 9:29:28 PM UTC, SCOTT PACKARD  
wrote:
>You'd want to:
>ls -ld /
>ls -ld /var
>ls -ld /var/www
>l s-ld /var/www/nc_data
>and make sure user www-data has at least read and execute permissions
>to the parent directories.
>You probably have removed read and execute from other, so clamdscan
>can't go down in the
>directory hierarchy to get to /var/www/nc_data/.
>
>Regards, Scott
>
>
>From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
>Behalf Of Doug Ingham
>Sent: Tuesday, October 30, 2018 2:23 PM
>To: clamav-users@lists.clamav.net
>Subject: [External] [clamav-users] Clam user has read permissions, but
>I still get "lstat() failed: Permission denied"
>
>Hi all,
>For some reason, clamdscan is returning a permissions error for files
>it has read access to.
>I've copied some output below to help show the situation...
>
>==
>root@arquivos0:/var/www# grep User /etc/clamav/clamd.conf
>User clamav
>
>root@arquivos0:/var/www# grep clamav /etc/group
>www-data:x:33:clamav
>clamav:x:121:
>
>root@arquivos0:/var/www# ls -ld nc_data/
>drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/
>
>root@arquivos0:/var/www# clamdscan -v
>--config-file=/etc/clamav/clamd.conf nc_data/
>/var/www/nc_data: lstat() failed: Permission denied. ERROR
>--- SCAN SUMMARY ---
>Infected files: 0
>Total errors: 1
>Time: 0.000 sec (0 m 0 s)
>root@arquivos0:/var/www# sudo -u clamav ls nc_data/
>[correct directory contents listed]
>
>root@arquivos0:/var/www# ls -al /var/log/clamav/
>total 20
>drwxr-xr-x  2 clamav clamav45 Out 30 12:29 .
>drwxrwxr-x 16 root   syslog  4096 Out 30 15:41 ..
>-rw-r-  1 clamav adm10914 Out 30 17:12 clamav.log
>-rw-r-  1 clamav adm 2352 Out 30 15:17 freshclam.log
>
>root@arquivos0:/var/www# clamdscan -v
>--config-file=/etc/clamav/clamd.conf /var/log/clamav/
>/var/log/clamav: lstat() failed: Permission denied. ERROR
>--- SCAN SUMMARY ---
>Infected files: 0
>Total errors: 1
>Time: 0.000 sec (0 m 0 s)
>==
>To quote Aristotle, "WTF?"
>
>Any help appreciated!
>
>--
>Doug
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"

2018-10-30 Thread Doug Ingham 
 >and make sure user www-data has at least read and execute permissions

If www-data didn't have r/w access to that directory, my site would be
broken!

>From the (redacted) comand output I copied above:
>> root@arquivos0:/var/www# sudo -u clamav ls nc_data/
>> [correct directory contents listed]

I do normally mount /var noexec, however I had to remount it exec when I
ran dpkg-reconfigure, so that's not it. I've just tested it with /tmp also
mounted exec, however that still didn't fix the problem.

> Apparmor/SE Linux is another possibility.
Neither are installed on this server.

BTW, I'm running Ubuntu 16.04 & ClamAV 0.100.2/25075/Mon.

-- 
Doug
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"

2018-10-30 Thread Scott Kitterman 
On Tuesday, October 30, 2018 07:01:40 PM Doug Ingham wrote:
>  >and make sure user www-data has at least read and execute permissions
> 
> If www-data didn't have r/w access to that directory, my site would be
> broken!
> 
> From the (redacted) comand output I copied above:
> >> root@arquivos0:/var/www# sudo -u clamav ls nc_data/
> >> [correct directory contents listed]
> 
> I do normally mount /var noexec, however I had to remount it exec when I
> ran dpkg-reconfigure, so that's not it. I've just tested it with /tmp also
> mounted exec, however that still didn't fix the problem.
> 
> > Apparmor/SE Linux is another possibility.
> 
> Neither are installed on this server.
> 
> BTW, I'm running Ubuntu 16.04 & ClamAV 0.100.2/25075/Mon.

Did you explicitly remove Apparmor?  It's shipped by default in Ubuntu and the 
Ubuntu clamav has an Apparmor profile included.

Scott K

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How do I know when new versions contain .conf file changes?

2018-10-30 Thread Eric Tykwinski 
Brian,

That would be Cisco direct, so the URL would be fine. 
ClamWin has some modifications, though I don’t know how much they differ.

I’ve got an Exchange MTA running Jam software, and I think they use clamwin, 
but I rely on them for updates which are usually several versions behind.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Oct 30, 2018, at 5:31 PM, Brian Fluet  wrote:
> 
> Thanks for the url to the release notes.
> 
> I'm using the Win32 package from clamav.net in conjunction with 
> Mercury Mail Transport System which passes messages to clamd.  
> 
> --
> Brian Fluet
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml