Re: [clamav-users] Fwd: Re: Clamav File - Virus detected by Microsoft Defender
> Has the computer ever suffered from malware? Yes. ;P https://mastodont.cat/@alejandroindependiente 29 de noviembre de 2020 1:22, "G.W. Haywood via clamav-users" escribió: > Hi there, > > On Sat, 28 Nov 2020, Alejandro Hernández via clamav-users wrote: > >> The 'clamav tmp file' detected by M-Defender was: >> file: >> C:\Users\Alejandro\AppData\Local\Temp\ClamWinPortableTemp\clamav-04c260ec0d7bc2675378f5ead51c44d0.00 >> 01648.clamtmp >> >> Detected: Trojan:Win32/Wacatac.C!ml > > Now I think I understand. > > It appears that you ran ClamWinPortable, which produced some temporary > files and left them lying around in the filesystem. ClamAV does use > the filesystem for temporary storage, so that isn't very surprising. > > Windows Defender then found something in one of these temporary files. > > It's possible that this is a 'false positive'. False positives are > not uncommon. Or it might be that ClamWin really did find something > nasty, and left some evidence in its temporary directory. I know very > little about how ClamWin behaves. > > But one of the tricks that malware authors get up to is disguising the > files that they create in your filesystem as something else. So if it > seems likely that the temporary file really was created by ClamWin (it > should for example have a timestamp at a time when ClamWin was running) > and wasn't created by malware (which I think is unlikely but possible) > then the simplest thing to do would be to delete it. If you are going > to remove ClamWin 0.99.4 and install 0.103 the you can probably delete > everything relating to ClamWinPortable anyway. You might want first > to upload the file to VirusTotal or Jotti's virus scan to see if the > dozen or more other virus scanners they use think it's a problem. > > https://virustotal.com > https://virusscan.jotti.org > > Has the computer ever suffered from malware? > > -- > > 73, > Ged. > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: Re: Clamav File - Virus detected by Microsoft Defender
I'm sorry for the inconveniences. The 'clamav tmp file' detected by M-Defender was: file: C:\Users\Alejandro\AppData\Local\Temp\ClamWinPortableTemp\clamav-04c260ec0d7bc2675378f5ead51c44d0.1648.clamtmp Detected: Trojan:Win32/Wacatac.C!ml https://mastodont.cat/@alejandroindependiente 28 de noviembre de 2020 13:50, "G.W. Haywood via clamav-users" escribió: > Hi there, > > On Sat, 28 Nov 2020, Andrew C Aitchison via clamav-users wrote: > >> On Sat, 28 Nov 2020, G.W. Haywood via clamav-users wrote: >>>>> But FWIW AFAICT you did not, as seemingly claimed by Mr. Walter H, >>> send 40MBytes of attachments to this mailing list. :) >> >> I received a message matching that description >> and I find it in the archive at: >> https://lists.clamav.net/pipermail/clamav-users/2020-October/010095.html >> >> I was surprised that the list delivered it. > > Thanks for the pointer, and I stand corrected - I should have checked > the online archives. I've just checked our logs again, as I thought > that perhaps I'd missed a rejection. But that message was definitely > never offered to our servers. If it had been, then on grounds of size > alone it would have been rejected. A little odd, and a pity that this > isn't the same thread, but I'm not going to lose any sleep over it. > > More importantly as you say, it's rather surprising that an anti-virus > mailing list would send a message like that to *anyone* other than the > list's administrators. > > Micah? > > -- > 73, > Ged. > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Fwd: Re: Clamav File - Virus detected by Microsoft Defender
3. To which (.tmp) file do you refer? There was an image attached with the name. :D Note the most recent version of ClamWin announced at www.clamwin.com is 0.99.4 (released March 1st 2018). The current release of ClamAV is 0.103.0 (released September 14th 2020, available at www.clamav.net).:O Ok, now i'll try the 'clamav-0.103.0-win-x64-portable' :) https://mastodont.cat/@alejandroindependiente (https://mastodont.cat/@alejandroindependiente) Mensaje reenviado --- De: "G.W. Haywood via clamav-users" mailto:clamav-users@lists.clamav.net?to=%22G.W.%20Haywood%20via%20clamav-users%22%20)> Para: "Alejandro Hernández via clamav-users" mailto:clamav-users@lists.clamav.net?to=%22Alejandro%20Hern%C3%A1ndez%20via%20clamav-users%22%20)> CC: "G.W. Haywood" mailto:cla...@jubileegroup.co.uk?to=%22G.W.%20Haywood%22%20)> Enviado: 27 de noviembre de 2020 16:48 Asunto: Re: [clamav-users] Clamav File - Virus detected by Microsoft Defender Hi there, On Fri, 27 Nov 2020, Alejandro Hernández via clamav-users wrote: while I run a scan in 'portable clamwin', Microsoft Defender detects this (.tmp) file as a virus: 1. The 'portable clamwin' product is not ClamAV, although I believe it does use a scanning engine based on ClamAV's engine. If you have any questions about it, you probably need to ask at forum.clamwin.com. 2. Microsoft Defender is a Microsoft Product, if you have concerns about it, you should ask on a Microsoft support forum. I have no idea where that might be. 3. To which (.tmp) file do you refer? Is it normal? I can't say whether anything is normal or not until I fully understand the question. I should not be at all surprised to see different scan results from different scanning engines for the same scanned file. If you meant to ask why Microsoft Defender finds a virus but ClamWin does not, then that's a good question. The answer may be because no sample has yet been submitted for inclusion in the virus databases, or, if it has, either the team at Cisco/Sourcefire/Talos hasn't yet processed it or they screwed up (unlikely but it does happen); perhaps your ClamWin database hasn't been updated; or maybe the scanning engine in ClamWin is not capable of detecting the virus. Note the most recent version of ClamWin announced at www.clamwin.com is 0.99.4 (released March 1st 2018). The current release of ClamAV is 0.103.0 (released September 14th 2020, available at www.clamav.net). I can see no justification for using an anti-virus product when its provider apparently does not keep it up to date. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net (mailto:clamav-users@lists.clamav.net) https://lists.clamav.net/mailman/listinfo/clamav-users (https://lists.clamav.net/mailman/listinfo/clamav-users) Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq (https://github.com/vrtadmin/clamav-faq) http://www.clamav.net/contact.html#ml (http://www.clamav.net/contact.html#ml) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Clamav File - Virus detected by Microsoft Defender
Hi, while I run a scan in 'portable clamwin', Microsoft Defender detects this (.tmp) file as a virus: Is it normal? Thanks ;) https://mastodont.cat/@alejandroindependiente (https://mastodont.cat/@alejandroindependiente) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Fwd: Re: Fwd: Re: Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll
🤔 Im not sure. Last time, I did it through this option on the web: https://mastodont.cat/@alejandroindependiente (https://mastodont.cat/@alejandroindependiente) Mensaje reenviado --- De: "Richard Graham" mailto:rickhg1...@gmail.com?to=%22Richard%20Graham%22%20)> Para: "ClamAV users ML" mailto:clamav-users@lists.clamav.net?to=%22ClamAV%20users%20ML%22%20)> CC: "Alejandro Hernández" mailto:alejandroli...@disroot.org?to=%22Alejandro%20Hern%C3%A1ndez%22%20)> Enviado: 18 de noviembre de 2020 0:36 Asunto: Re: [clamav-users] Fwd: Re: Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll On Tue, Nov 17, 2020 at 10:07 PM Alejandro Hernández via clamav-users mailto:clamav-users@lists.clamav.net)> wrote: Here i 've just uploaded the file again to virustotal: https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/detection (https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/detection) N.B.: I'm not super familiar with VirusTotal configurations and reports. https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/details (https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/details) shows: > Last Submission 2019-10-29 12:38:01 Are you sure you uploaded your copy of the file? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Fwd: Re: Fwd: Re: Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll
I did this scan:
(directories hidden for privacy)
clamscan.exe command line: "...clamwinbinclamscan.exe" --tempdir
"...appdatalocaltempclamwinportabletemp" --keep-mbox --stdout
--database="...ClamWinPortableDatadb"
--log=...appdatalocaltempclamwinportabletemptmpqo1xft" --no-phishing-sigs
--no-phishing-scan-urls --debug --verbose --log=FILEclam --infected
--max-files=10018 --max-scansize=4096M --max-recursion=999
--max-filesize=4096M --show-progress --move="...ClamWinPortableDataquarantine"
--recursive --kill "C:Program Files (x86)Epic Games"
https://mastodont.cat/@alejandroindependiente
(https://mastodont.cat/@alejandroindependiente)
Mensaje reenviado ---
De: "Micah Snyder (micasnyd)" mailto:micas...@cisco.com?to=%22Micah%20Snyder%20(micasnyd)%22%20)>
Para: "ClamAV users ML" mailto:clamav-users@lists.clamav.net?to=%22ClamAV%20users%20ML%22%20)>
CC: "Alejandro Hernández" mailto:alejandroli...@disroot.org?to=%22Alejandro%20Hern%C3%A1ndez%22%20)>
Enviado: 17 de noviembre de 2020 22:44
Asunto: RE: [clamav-users] Fwd: Re: Fwd: Win.Trojan.Virut-375 FOUND in
libcef.dll
Because libcef.dll is a larger file, it won’t alert with the default
max-scansize and max-filesize settings. I am seeing the alert as well with the
settings increased.
❯ ~/.clamav/bin/clamscan
/mnt/c/Users/micah/Downloads/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe
--max-scansize=1000M --max-filesize=1000M
/mnt/c/Users/micah/Downloads/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe:
Win.Trojan.Virut-375 FOUND
Thanks for submitting the FP report. We’ll make sure the signature is
dropped or fixed.
-Micah
From: clamav-users mailto:clamav-users-boun...@lists.clamav.net)> On Behalf Of Alejandro
Hernández via clamav-users
Sent: Tuesday, November 17, 2020 1:06 PM
To: clamav-users@lists.clamav.net (mailto:clamav-users@lists.clamav.net)
Cc: Alejandro Hernández mailto:alejandroli...@disroot.org)>
Subject: [clamav-users] Fwd: Re: Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll
Here i 've just uploaded the file again to virustotal:
https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/detection
(https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/detection)
And uploaded to clamav false positive url again too:
https://www.clamav.net/reports/fp (https://www.clamav.net/reports/fp)
The file belongs to 'Epic Store Games' installation, on Windows 10.
This is the directory: C:Program Files (x86)Epic
GamesLauncherPortalExtrasOverlayWin32libcef.dll
I notified to Epic devs but everybody say is a false positive. is it?
By the way, VirusTotal dont recognize the file as a virus.
But using 'ClamWin', the virus is found.
ClamWin: 0.99.4
ClamAV: 0.99.4
VirusDBversion: main:59, daily: 25991
https://mastodont.cat/@alejandroindependiente
(https://mastodont.cat/@alejandroindependiente)
Mensaje reenviado ---
De: "G.W. Haywood via clamav-users" mailto:clamav-users@lists.clamav.net?to=%22g.w.%20haywood%20via%20clamav-users%22%20%3cclamav-us...@lists.clamav.net%3e)>
Para: "Alejandro Hernández via clamav-users" mailto:clamav-users@lists.clamav.net?to=%22alejandro%20hern%c3%a1ndez%20via%20clamav-users%22%20%3cclamav-us...@lists.clamav.net%3e)>
CC: "G.W. Haywood" mailto:cla...@jubileegroup.co.uk?to=%22g.w.%20haywood%22%20%3ccla...@jubileegroup.co.uk%3e)>
Enviado: 17 de noviembre de 2020 11:29
Asunto: Re: [clamav-users] Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll
Hi there, On Mon, Nov 16, 2020 at 1:16 PM Alejandro Hernández via
clamav-users wrote:
everybody says it is a false positive. Could you check it and tell
me? (I've send it you before but no feedback)
I've seen nothing from you on the ClamAV Users' mailing list. Exactly
when did you first send it, and to exactly what address? Perhaps you
can send a short test reply to this message with no attachments to see
if it gets through.
The file name which you mention does seem to have been associated with
a few false positive reports in the past but Mr. Graham has given good
advice that you should check it on one of the public sites which allow
you to scan a file using many different scanners, such as VirusTotal.
Be aware that even if you scan a file with thirty different scanners
it may still not be safe, because some threats will be so new that the
people who maintain the scanners will not yet have had time to update
them to recognize the threats. If you think there's a risk that this
might be the case then it might be worth waiting a week or two, then
submitting the file to the scanning service again. However most of
the files which cause false positives will be at leas
[clamav-users] Fwd: Re: Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll
Here i 've just uploaded the file again to virustotal: https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/detection (https://www.virustotal.com/gui/file/f2ed1af539f3c783ffe0661d773a8e307ca1601536459b9db24469ebd60a80fe/detection) And uploaded to clamav false positive url again too: https://www.clamav.net/reports/fp (https://www.clamav.net/reports/fp) The file belongs to 'Epic Store Games' installation, on Windows 10. This is the directory: C:Program Files (x86)Epic GamesLauncherPortalExtrasOverlayWin32libcef.dll I notified to Epic devs but everybody say is a false positive. is it? By the way, VirusTotal dont recognize the file as a virus. But using 'ClamWin', the virus is found. ClamWin: 0.99.4 ClamAV: 0.99.4 VirusDBversion: main:59, daily: 25991 https://mastodont.cat/@alejandroindependiente (https://mastodont.cat/@alejandroindependiente) Mensaje reenviado --- De: "G.W. Haywood via clamav-users" mailto:clamav-users@lists.clamav.net?to=%22G.W.%20Haywood%20via%20clamav-users%22%20)> Para: "Alejandro Hernández via clamav-users" mailto:clamav-users@lists.clamav.net?to=%22Alejandro%20Hern%C3%A1ndez%20via%20clamav-users%22%20)> CC: "G.W. Haywood" mailto:cla...@jubileegroup.co.uk?to=%22G.W.%20Haywood%22%20)> Enviado: 17 de noviembre de 2020 11:29 Asunto: Re: [clamav-users] Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll Hi there, On Mon, Nov 16, 2020 at 1:16 PM Alejandro Hernández via clamav-users wrote: everybody says it is a false positive. Could you check it and tell me? (I've send it you before but no feedback) I've seen nothing from you on the ClamAV Users' mailing list. Exactly when did you first send it, and to exactly what address? Perhaps you can send a short test reply to this message with no attachments to see if it gets through. The file name which you mention does seem to have been associated with a few false positive reports in the past but Mr. Graham has given good advice that you should check it on one of the public sites which allow you to scan a file using many different scanners, such as VirusTotal. Be aware that even if you scan a file with thirty different scanners it may still not be safe, because some threats will be so new that the people who maintain the scanners will not yet have had time to update them to recognize the threats. If you think there's a risk that this might be the case then it might be worth waiting a week or two, then submitting the file to the scanning service again. However most of the files which cause false positives will be at least weeks or months old, and often they will be several years old. If you can _reliably_ verify the age of the file, that will help you decide whether you need to wait some time and then do another scan. You cannot necessarily rely on the file's timestamp in the directory which contains it, any half-way competent malware author is capable of forging that, but if you have the file e.g. on a CD somewhere and you can check that it's a bit-for-bit copy of the one you're using on disc, that's a fair bet. If you do send a test reply please send it to the list, not directly to my clamav list address, as all mail sent directly to this address will be rejected. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net (mailto:clamav-users@lists.clamav.net) https://lists.clamav.net/mailman/listinfo/clamav-users (https://lists.clamav.net/mailman/listinfo/clamav-users) Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq (https://github.com/vrtadmin/clamav-faq) http://www.clamav.net/contact.html#ml (http://www.clamav.net/contact.html#ml) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] filename ignore uppercase
I try /\.exe$/i ?i.exe$ without success So the question is. How I set a a case-insensitivity flag for the expression in clamav? El 17/09/2013 14:51, Bowie Bailey escribió: On 9/17/2013 3:47 PM, Douglas Goddard wrote: On Tue, Sep 17, 2013 at 3:05 PM, Alejandro Rodriguez wrote: How I can ignore uppercase in a filename. Right now i´m using foxhole_all.cdb to block .exe files inside .zip archives However if the zip contain archive.EXE (in uppercase) the scan miss. Sanesecurity.Foxhole.Zip_exe:**CL_TYPE_ZIP:*:\.exe$:*:*:*:*:***:* It is a regular expression. So you could replace exe with something like (exe|EXE) to detect both uppercase and lowercase. Or you could do [eE][xX][eE], if you wanted to be really thorough. Isn't there a case-insensitivity flag for the expression? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] filename ignore uppercase
How I can ignore uppercase in a filename. Right now i´m using foxhole_all.cdb to block .exe files inside .zip archives However if the zip contain archive.EXE (in uppercase) the scan miss. Sanesecurity.Foxhole.Zip_exe:CL_TYPE_ZIP:*:\.exe$:*:*:*:*:*:* thx A ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How important are file extensions?
>> Does clamav have a mechanism to find out a file is an archive without >> relying on its extension? For example does it know it has to unzip a >> zipped file even if its extension was changed to a random one >> different than .zip ? > > ClamAV doesn't rely on file extensions. It uses magic numbers, special > signatures and heuristics to detect file types. Excellent. Thanks for the fast reply. -- Alejandro ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] How important are file extensions?
Hi, Does clamav have a mechanism to find out a file is an archive without relying on its extension? For example does it know it has to unzip a zipped file even if its extension was changed to a random one different than .zip ? Thanks, Alejandro ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] ClamAV error with cli_untgz
Dear all, I have a debian etch + postfix + spamassassin + clamav system, but when I run "/etc/init.d/clamav-daemon start" I get this error mesage and the daemon doesn't start at all: LibClamAV Error: wrote 0 instead of 512 (/tmp/clamav-67ea3a8be7a9faa9/main.ndb) cli_untgz: no space left on device LibClamAV error: cli_cvload (): can't unpack CVD file LibClamAV error: Can't load /var/lib clamav main.cvd: CVD extraction failure ERROR: CVD extarction failure My / fie system (when I suppose will be installed de CVD file) has 65MB free...is it enough ??? Or where will main.cvd file installed in order to make a new file partition and mount it in this place ??? What's wrong on my system ???? Really thanks, Alejandro ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Rewrite subject and remove virus questions
Nigel Horne wrote: Finally I could install my first mail server with sendmail+clamav+clamav-milter among others packages. Because I'm a newbie I have these two short questions: 1) Does clamav remove virus from mail messages or it just scan and warn about virus ??? You can have clamav-milter block the message or scan and warn (see below). The phrase "remove virus from mail messages" has no meaning. 2) How can I rewrite the subject of infected mails with a **VIRUS** banner in order to process them with Procmail ??? Look for the X-Virus-Status header; it isn't what you asked for, but it may produce the same effect for you. Really thanks !!! Alejandro -Nigel ___ http://lurker.clamav.net/list/clamav-users.html Ok...with remove I mean "disinfect"so does Clamav disinfect virus from into mail mesagges ??? Thanks again Alejandro ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Rewrite subject and remove virus questions
Dear all, Finally I could install my first mail server with sendmail+clamav+clamav-milter among others packages. Because I'm a newbie I have these two short questions: 1) Does clamav remove virus from mail messages or it just scan and warn about virus ??? 2) How can I rewrite the subject of infected mails with a **VIRUS** banner in order to process them with Procmail ??? Really thanks !!! Alejandro ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Some basic questions
Hi people, I have Sendmail + Clamav + Clamav-milter in order to scan virus in my mail server on Fedora Core 3. The antivirus system only checks for viruses in the incoming mail and NOT in the outgoing mail. Also if clamav detects a virus in any incoming mail, it discards it and I don't know where it puts the virus. I've read /etc/clamd.conf and /var/log/clamav/clamd.log but I don't see anything about this behavior. So I have these questions: 1) How can I tell clamav to check outgoing mails from my mail server ??? 2) How can I tell clamav to put the infected files in a given path of my file system (maybe /root/infections) ??? 3) How can I tell clamav to send alerts (through mails or wahetever) to postmaster or my linux user everytime it detects a virus in a mail ??? Thanks a lot, and sorry if my questions are basics, I'm newby. Alejandro ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Some clamav basic questions
Hi people, I have Sendmail + Clamav + Clamav-milter in order to scan virus in my mail server on Fedora Core 3. The antivirus system only checks for viruses in the incoming mail and NOT in the outgoing mail. Also if clamav detects a virus in any incoming mail, it discards it and I don't know where it puts the virus. I've read /etc/clamd.conf and /var/log/clamav/clamd.log but I don't see anything about this behavior. So I have these questions: 1) How can I tell clamav to check outgoing mails from my mail server ??? 2) How can I tell clamav to put the infected files in a given path of my file system (maybe /root/infections) ??? 3) How can I tell clamav to send alerts (through mails or wahetever) to postmaster or my linux user everytime it detects a virus in a mail ??? Thanks a lot, and sorry if my questions are basics, I'm newby. Alejandro ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] RV: Clamav's Clamd 0.81 stops from time to time with error:: clamd: unable to connect to UNIX socket /tmp/clamd
I were running Exiscan+Exim 4.43 and Clamav 0.80 in a Linux Redhat 9 box, but today I updated to Clamav 0.81, and from time (40 minutes avg) the clamd service stops, so I get the following error from exim clamd: unable to connect to UNIX socket /tmp/clamd It is courious, everything was fine, until I decided to upgrade ... I Hope that anybody can help me... Thanks in advance Alejandro Lengua ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] subsys locking with clamd
Did you comment the line in the clamav.conf that says "Example" ? (I think it's the 8th line) Maybe clamd deads when you invoke it, becuase that line is not commented. If you not comment that line, clamd will not start. Regards -Mensaje original- De: Nick Woolley [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 19 de noviembre de 2003 14:22 Para: [EMAIL PROTECTED] Asunto: [Clamav-users] subsys locking with clamd Hi, I am trying to install Clam AV 0.65 on a system running Red Hat 9. I have tried to install it using rpm versions of 0.54, 0.6 and 0.65. I have also tried tarballs of 0.6 and 0.54. Everything seems to install correctly, and clamscan and freshclam both function correctly. However, when I try to start the clamd daemon, with service clamd start, or clamd start it says ok, but when I check the service clamd status it says "clamd dead subsys locked". It appears to be starting, and then "subsys locking" immediately afterwards. I have tried rebooting my system, uninstalling and reinstalling and removing the /var/lock/subsys/clamd file. I'm out of ideas as to why this is happening. Is it something to do with my config file - although I have left that exactly as it came with clam. Any ideas? Thanks Nick --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.541 / Virus Database: 335 - Release Date: 14/11/2003 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 18/11/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 18/11/2003 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam problem
clamav. my clamav.conf is located in /usr/local/etc, I have moved the clamav.conf to /etc but it didn't work. The clamav user has this line in the /etc/passwd clamav:x:501:501::/no/home:/no/login Regards -Mensaje original- De: Odhiambo Washington [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 19 de noviembre de 2003 12:03 Para: [EMAIL PROTECTED] Asunto: Re: [Clamav-users] Freshclam problem * Alejandro Martinez <[EMAIL PROTECTED]> [20031119 18:01]: wrote: > Hi, I have a problem with freshclam. > I have compiled clamav without problmes on a Tawie 2.0 box. Clamd and > clamscan works fine, but I have a problem when I do a freshclam. The > message that I get is "Can't change dir to /usr/local/share/clamav". > > The /usr/local/share/clamav directory is owned by clamav, group clamav > with 755. The clamav version is 0.65 What user do you have in clamav.conf? cheers - wash +--+-+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +-+--+ "Oh My God! They killed init! You Bastards!" --from a /. post --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 18/11/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 18/11/2003 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam problem
Hi, I have a problem with freshclam. I have compiled clamav without problmes on a Tawie 2.0 box. Clamd and clamscan works fine, but I have a problem when I do a freshclam. The message that I get is "Can't change dir to /usr/local/share/clamav". The /usr/local/share/clamav directory is owned by clamav, group clamav with 755. The clamav version is 0.65 Thanks. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 18/11/2003 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
