[Clamav-users] 0.95.3 clamav-milter
Greetings all, I've finally upgraded to 0.95.3 from 0.94 and I have a question regarding the new clamav-milter due to the lack of information regarding it. Is the old milter string for sendmail still to be used? INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m;C:30s;E:10m')dnl define(`confINPUT_MAIL_FILTERS', `clamav') Or is "define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')" to be used in its place. Currently the milter is set to drop infected messages. The systems maillog records who sent the message and what the infection/virus was, but it doesn't record who it was sent to. Additionally when the clamav-milter.log is used, it does log who the message was intended for, but lists the local name rather than the address (johnk instead of some_addr...@mydomain.com) I was wondering if anyone knows of a fix for this. Ken ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] WARNING: Suspicious recipient address blocked
Alan Stern wrote: > There's certainly something wrong here. The open and close bracket > characters ('[' and ']', items 19 and 21) can indeed be part of a valid > email address. For example: [EMAIL PROTECTED] > There's a difference between "[EMAIL PROTECTED]" which would be invalid and [EMAIL PROTECTED] which should be translated via DNS. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
It may be just me, but I think this topic has been beaten to death :-\ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
Dennis Peterson wrote: > And to follow up on the earlier > point about Windows systems not being the sole source of spam/virus > distribution, > > Two minutes to hack a Mac and it's now available to generate spam and > become a drone to spread malware for other Macs or Windows systems. > > It wouldn't even necessarily require a compromised system. All it would take is a user with too much free time on their hands. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
>>> It's not unthinkable, there actually are places where microsoft software >>> is not used. >>> >> Doesn't matter - there's no reason to suspect that all viruses originate >> from Windows. Could I have your outgoing smtp IP please? >> > > Wow - as a long term IT professional I thought I'd heard it all but this > takes the cake. In all the past waves of viruses we've seen, they have > been analyzed in depth and found to be 100% windows. If you have some > evidence to the contrary feel free to share. > > A non-windows email virus is the kind of "man bites dog" story that > would cause quite the buzz... > Erm, I don't believe that is what he said. He said, (in relation to not scanning outgoing mail), to think or believe that "ALL" viruses "originate" from windows machines/users was incorrect. This assumption would mean that nobody would ever send a virus laden message from any OS other than Windows. He's right of course, the thought alone is dangerous for any administrator to entertain. JMO ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 90.1 isn't detecting attachments -- partially fixed
Matthias Häker wrote: Bit Fuzzy schrieb: I'm hoping somebody can shed some light on what we're seeing. We've been using ClamAV since version: 85.1 and have had nothing but good things to say about it. That is until we updated to version 90.1 Since the update any and all messages containing infected attachments including the provided test files pass through undetected. Running "clamscan -r -l scan.txt clamav-0.90.1" manually works fine. The issue seems to be limited to mail scanning We scan messages through procmail and trashscan maybe is something like the Problem with clamassassin in the trashcan script have a look at http://lists.jameslick.com/pipermail/clamassassin-announce/2007-February/30.html Matthias Matthias, Your suggestion was actually more helpful than I first thought. For those using trashscan (if any besides me) the following strings will need to be modified: Old: --disable-summary New: --no-summary Old: --unarj=[path]New: --arj=[path] Old: --zoo=[path] New: --unzoo=[path] Though MSRBL images are still not being detected Ken ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 90.1 isn't detecting attachments
Matthias Häker wrote: Bit Fuzzy schrieb: I'm hoping somebody can shed some light on what we're seeing. We've been using ClamAV since version: 85.1 and have had nothing but good things to say about it. That is until we updated to version 90.1 Since the update any and all messages containing infected attachments including the provided test files pass through undetected. Running "clamscan -r -l scan.txt clamav-0.90.1" manually works fine. The issue seems to be limited to mail scanning We scan messages through procmail and trashscan maybe is something like the Problem with clamassassin in the trashcan script have a look at http://lists.jameslick.com/pipermail/clamassassin-announce/2007-February/30.html Matthias Thanks for the suggestion Matthias. No, Trashscan didn't use the --mbox switch (or atleast my setup doesn't) Ken ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav 90.1 isn't detecting attachments
I'm hoping somebody can shed some light on what we're seeing. We've been using ClamAV since version: 85.1 and have had nothing but good things to say about it. That is until we updated to version 90.1 Since the update any and all messages containing infected attachments including the provided test files pass through undetected. Running "clamscan -r -l scan.txt clamav-0.90.1" manually works fine. The issue seems to be limited to mail scanning We scan messages through procmail and trashscan Any ideas? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
My god! This topic hasn't been killed yet?!? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: To ClamAV Developers: donation question
In other words, you are looking for a tax write off. If so, is that a crime? Or for that matter wrong? I think not The truth of the matter is in a business setting (especially in a Corporate setting) you "need" to be able to show where funds are going. If we don't get a receipt (or at least an itemized invoice), you don't get paid. It's that simple. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] bash script to split mbox file and scan individual messages
the circumstances arose where mail folders are kept from a pre-clamav time, or there was an issue with the clamav setup at the time, or clamav was not scanning incoming mail but was scanning files, etc. can happen. happened to me. from looking at the mailing list and the faq, it does happen. I have to say that while I commend your sharing of a concept/idea, it does appear that it's not very viable. As for the situation, we've been using ClamAV for going on 3 years now, and I have never (I repeat never) seen this occur. Outside of a poor configuration/implementation that is. true enough. best it to catch it inline. but if not then what. that is what i wanted to help. If you're looking for redundancy a simple .procmailrc rule via trashscan or what ever would be more effective I'd think. This would verify that messages are clean "before" it gets delivered to the recipients mailbox. (This is what it appears you're trying to address) , man. if pawing thru old mboxes is not your bag, then delete the message and move on. it may be helpful to someone else True enough, however, it's best not to need to go "pawing" through old mboxes in the first place ;) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [ [Clamav-users] custom signatures not working]
- Original Message - From: "Steve Basford" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Tuesday, February 28, 2006 1:07 PM Subject: Re: [Fwd: Re: [Clamav-users] custom signatures not working] > Some example sigs... Note the case of the text > > Sig eg 1: > > Html.Phishing.Pay.Gen017.Sanesecurity.06022800:3:*:646561722070617970616c206 d656d626572 > > > Note: type 3 is used (HTML) which means the file is normalised > > so : 646561722070617970616c206d656d626572 is (dear paypal member) > > will match: Dear PayPal Member > and : Dear Paypal member > and : dear paypal member > and : Dear PayPal Members > > Sig eg 2: > > Html.Phishing.Pay.Gen017.Sanesecurity.06022800:0:*:446561722050617950616c204 d656d626572 > Thanks for the help Steve. Well, I've noticed something that doesn't quite make sense Sending a message containing only "Dear PayPal Member" does not get flagged However, a message containing only "Dear PayPal Member" and a attachment (a simple blank txt file works) and message gets flagged as intended. In other words, the only time "Dear PayPal Member" gets detected is if there's an attachment, empty or otherwise ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Squirriel Mail clamav scanner
> There are modules to do imap from other servers, as well as pop...at > the user, not server level. I can very easily see a use for clam > scanning at the squirrelmail user level, just as you have the ability > to do spamassassin scanning at the user level. This is true. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Squirriel Mail clamav scanner
> i was wondering if anyone knows of a squirriel mail plugin using ClamAV > to scan e-mails? IMHO that would be over kill. Incomming messages will be scaned via ClamAV as should messages being sent. (depending on configuration) Squirrelmail does not change how mail is sent or received. It only provides a web interface to manage mail ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Maybe a virus Sober.P
> > "Now, a clever man would put the poison into his own goblet, because he > would know that only a great fool would reach for what he was given. I > am not a great fool, so I can clearly not choose the wine in front of > you. But you must have known I was not a great fool, you would have > counted on it, so I can clearly not choose the wine in front of me. " > Bonus points if you identify what it's from :-p Princess Bride.. I don't know which is worse The fact you posted it, or the fact I responded ;) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] M$ preparing AV software ?
- Original Message - From: "Thomas Cameron" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Wednesday, February 09, 2005 4:13 PM Subject: Re: [Clamav-users] M$ preparing AV software ? > I'm actually viewing it more as a tactic of MS buying and then closing up > shops that sell Linux products. Look at what they did with VirtualPC. The > first release after they bought it you couldn't load Linux in the virtual > machine. > > I'm wondering if that is what they are doing with all the AV purchases > they've done? > > Thomas > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Would that be suprising? They're buying up security related companies at a very quick pase. Buy a few that offer nothing to linux, and you've got protection from anti-competitive practices. Long story short. Windows has been called "a hackers door way into your computer". MS AV/Spybot utilities are sure to be labled "The Express Lane" Not too much longer all that'll be left for Windows PC's to do is Implode upon activation ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav as HTTP scanner?
> Linux vendors make from their product is in the sale of packaged > products or the sale of updates. Hmm, good point I didn't think of that ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV should not try to detectphishingandothersocial engineering attacks
I can't believe this one subject can create such a mess. > ClamAv is marketed as an antivirus tool. I think, as you say, there is a need for a generic anti-malware tool. But don't call it clamav. Not detecting phishing attempts, would be like allowing Trojans through as acceptable attachments. These aren't Nigerian scams, or viagara ads, there are emails designed right down to the linked site to obtain account information . Lets not forget that the "Phishing", and "Social Engineering" are 'Hacker' terms for methods of retrieving sensitive information, in the hopes to gain access to the account or desired target (network). With that in mind it seems to me these emails should be treated as seriously as Trojans are treated. The "phishing" e-mail's being detected (by all AV's I might add) should be kept out of the hands of those who need protecting (click happy users). This isn't Spam that by replying or clicking the included link you get added to a Spam list. It's the type of emails that come along indicating they're from "Citibank, Paypal, Ebay, CapitalOne, ETC". You click the link and 'HEY' what do you know, it looks identical to the site they "thought" they were going to, so they provide their credit card / account information for verification (like they'd think to verify the URL in their address bar) I'm sorry, but I personally know 7 people who fell prey to this practice, and I've gotten emails from users thanking us for the addition. Set it up as an option if needed, but as a network administrator, I'd rather be on the safe side and allow them to view the email held if they desire, than to find out that because it got through and put a hard working family in to financial turmoil. Just my 2 cents. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New virus/worm ???
- Original Message - From: "Michael Brennen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 09, 2004 1:58 PM Subject: [Clamav-users] New virus/worm ??? > > Just in the last few minutes I've started getting hit with several > copies of a a zip packaged exe file from widely varying sources. The > names are of the form 'price.*\.zip'. I've submitted a copy online > and it was accepted. Anyone else seeing this? > >-- Michael Yea, I've gotten atleast 22 of them in the past hour from the Mod_SSL lists If it's not one thing it's another :/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [clamav-users]stats about clamav
Nigel Horne wrote: On Tuesday 20 Jul 2004 17:23, Bit Fuzzy wrote: The download link seems to have been removed What download link? There never has been a download link, so I don't know why you say it's been removed. If you're after the software use the e-mail address at the top. -Nigel Nigel, > As at http://cgi.bandsman.co.uk/cgi-bin/virus/display.pl? --- >You'll see a link there to the script that generated the stats. <--- My apologies, it appears I had misunderstood your statement. BF --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [clamav-users]stats about clamav
Nigel Horne wrote: > I want to generate statistics about clamav : how many > requests or mails infected ? As at http://cgi.bandsman.co.uk/cgi-bin/virus/display.pl? You'll see a link there to the script that generated the stats. -Nigel The download link seems to have been removed --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Ethics Question
Damian Menscher wrote: On Wed, 9 Jun 2004, Tris Forster wrote: With a ridiculous number of Somefools arriving at our server daily I was trying to think of a proactive way do deal with them. One possible solution I came up with was sending winpopups to the offending IP informing them that they are infected (there's a pretty good chance they'll get through as the infected machine is most likely not firewalled). While the aim of doing this may be completely honourable, sending winpopups to a non-firewalled machine stinks of spamming and thus I am in two minds about putting it into practice We recently had our mailserver being repeatedly hit with virus traffic, which logs showed was coming mostly from a single IP. I contacted their ISP, and they really didn't care. So I sent a few popups to them, spaced several hours apart (so as not to be a nuisance) and the machine stopped its virus traffic in about 2 days. Automating this would be nice, but I didn't ever bother. Hard to imagine it breaking anything, though. And as long as it's sent in response to an attack (they punched you first!) and doesn't advertise anything, I don't think anyone could complain. Damian Menscher There's really no good way to handle this We've been sending emails for 2 solid months to Road Runner giving everything but the kitchen sink, and they yet are to do anything. (you'd think they'd at least contact their user(s) and inform them that their systems are infected) While we have though about creating a pop up on the offending machine, we opted not to due to potential legal issues (It considered a hack and thus could be illegal) At this point we are looking at 2 options. 1) Block offending IP's as they occur. -- Effective, but could be aggravating to potential customers 2) Warn the ISP in question, that if something isn't done soon, you're going to post their non-action along with email transcripts to the news media, whom have taken the position in the past that ISP's should be taking measures to keep the Internet (users) safe. -- Could be effective as well as in-effective. :( There's no easy way around this issue, so I guess what I'm trying to say, if a solution works for you go for it --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with False Positives for Oversized Zip.
- Original Message - From: "Dave Stocker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 11, 2004 12:30 PM Subject: [Clamav-users] Problems with False Positives for Oversized Zip. > Hi All, > > We have seen instances where we are sending out zip files which are > picked up as virus-Oversized Zip. > Can we disable this particular option without disabling scanning of > Archives? > Typical size ~ 15Mb before compression 600Kb after compression. > > Regards, > > Dave > Is it possible that the contents are infected? Just tested 2 zip'd files reg size 170MB compressed 43MB which went through fine. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Virus Alias Database
- Original Message - From: "Kevin Spicer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 11, 2004 3:01 AM Subject: RE: [Clamav-users] Re: Virus Alias Database > On Tue, 2004-05-11 at 00:58, Mitch (WebCob) wrote: > > I'm sure there are many (including myself) that could be convinced to host > > mirrors once the concept stabilizes... > > > > Or alternatively, you could allow download of the db and functions so people > > wouldn't have to keep hitting your server... > > Thats the better idea, although idealogically I'm all for open source I > have no intention of releasing the code that build the database. That > is for purely practical reasons, most of it works by crawling the > anti-virus vendors sites - as such if lots of people started to run it > there would be significant load on their sites, which not only > inconsiderate of us but also could lead to them blacklisting our IP's > and/or changing their page format to make it much harder to parse. That is a very valid point. However, I don't know if it'll be a problem as for the most part it does appear to fall within fair use, providing you keep a link with their description/alias to obtain additional information. They'd more than likely view it as a potential opportunity to get new customers. (free advertising) I stumbled across a site that had alias definitions cross referenced (clam, trend, McAfee, etc) but I can't remember what it was for the life of me. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: WORM_SWEN.A undetected
- Original Message - From: "Virgo Pärna" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 21, 2004 11:00 AM Subject: [Clamav-users] Re: WORM_SWEN.A undetected > On Wed, 21 Apr 2004 09:54:35 -0400, Bit Fuzzy <[EMAIL PROTECTED]> wrote: > > Hmmm, I wonder why mine didn't > > > > I guess, it's up to standard questions - what version, what does > the "sigtool --list-sigs | grep -i gibe" show, checking for incorrect > database path and so on... Having file as example would help:) > > what version clamav-0.67-1 > what does sigtool --list-sigs | grep -i gibe show Worm.Gibe.1 Worm.Gibe.B Worm.Gibe.F Worm.Gibe.F.UPX.2 Worm.Gibe.F.UPX.3 Worm.Gibe.F.UPX Worm.Gibe.F.dam Worm.Gibe.F Gibe.B-upx --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: WORM_SWEN.A undetected
Hmmm, I wonder why mine didn't My server passed it (clamav) but PC running Pc-Cillin caught it - Original Message - From: "Virgo Pärna" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 21, 2004 3:41 AM Subject: [Clamav-users] Re: WORM_SWEN.A undetected > On Tue, 20 Apr 2004 12:00:54 -0400, Bit Fuzzy <[EMAIL PROTECTED]> wrote: > > It appears ClamAV doesn't detect WORM_SWEN.A > > > > Yes it does. ClamAV actually detects 9 variants of Gibe virus. > And for me Soemfool is usually blocked by extention, so for my clamav > Gibe is actually most popular virus. > > -- > Virgo Pärna > [EMAIL PROTECTED] > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] WORM_SWEN.A undetected
It appears ClamAV doesn't detect WORM_SWEN.A I'll try to track down a signature for it, but since my PC Scanner removed it, it may be a while --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Names
While I can and do understand what Eric was saying, I have to agree with Erick. http://www.bitdefender.com/index.php - Bitdefender http://www.grisoft.com/us/us_index.php - AVG http://www.pandasoftware.com/home/ - Panda http://www.symantec.com/ - Norton http://us.mcafee.com/default.asp - Mcafee http://www.trendmicro.com - Trendmicro http://viruslist.com/eng/ -- Virus List While different, all have 1 thing in common with each other. CVID's (Common Virus Identifiers), granted some list "netsky" as worm-i/netsky, or w32/netsky, but in the end you (the user/administrator) know what was stopped, and thus have the ability to see what's being identified and or do research on what the virus/worm did (the function) Not complaining.. just expressing my 2 cents ;) - Original Message - From: "Eric Rostetter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 06, 2004 10:58 AM Subject: Re: [Clamav-users] Virus Names > Quoting Erick Perez - Vision Media <[EMAIL PROTECTED]>: > > > Question: > > If Worm.SomeFool is Netsky, then why is not labeled as netsky? > > Answer: > If netsky is Worm.SomeFool, then why is it not labeled as Worm.SomeFool? > > > Basically that's because the users keep complaning about the virus names > > that cannot be found anywhere else (like the virus databse from TrendMicro). > > If they want to use the name TrendMicro uses, then they should use the > TrendMicro software. > > > Thanks, > > Erick > > -- > Eric Rostetter > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Postmaster bounces and such.
This is true - Original Message - From: "jef moskot" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 21, 2004 2:21 PM Subject: Re: [Clamav-users] Postmaster bounces and such. > On Sun, 21 Mar 2004, Bit Fuzzy wrote: > > I notify the 'recipient' in the event the email in question was expected > > (part of a project, family / business correspondence etc). > > Again, you can safely dump the message if it's an automatically generated > worm. I can see some kind of notification for a Word file with macro > virus, but if you've got your nine millionth Bagle variant, there's no > reason to notify an uninvolved third party. > > That would be bad. > > Jeffrey Moskot > System Administrator > [EMAIL PROTECTED] > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Postmaster bounces and such.
Dropping isn't good or bad, however if you're not careful it could come around and bite you on the back side. I notify the 'recipient' in the event the email in question was expected (part of a project, family / business correspondence etc). Otherwise they could be wondering where their email is, and possibly look at it as a problem with their hosted service, which could affect your bottom line. I know if I was hosted, and the host was making decisions for me regarding how certain mail was handled I'd be looking for a new host. Just my 2 cents KenC - Original Message - From: "Jim Maul" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 21, 2004 11:00 AM Subject: Re: [Clamav-users] Postmaster bounces and such. > > When I say bounce I mean reject. We try not to accept them. But > > sometimes we end up accepting them and they will "bounce" back. If we > > warn sender we will often be sending messages to people who have been > > spoofed (it will always go to the sender's email address). If we warn > > recipient then they will flood us asking for information about email > > that has been sent to them. > > > > Rejection is fairly popular, but it is a game of hot potato. Someone's > > smtp server has the message and will need to deal with it. It is bad > > practice to drop messages in the round file and not tell anyone about > > it. > > > > If the message is created by a virus and spreading a virus, who would you > like to tell about it? I dont see why simply dropping it is bad in any > way. > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Updating ClamAv
First I'd like so say "GREAT PROGRAM!!!" I notice in my logs that main.cvd isn't (or hasn't) been updating is this normal? Also, I'm currently using ClamAV 0.67 should I upgrade to 0.70 etc as they become available? or will the updated functionality be included in my update process? Thanks in advance KenC --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Great surprise!!! CLAMAV is showing virus into Notepad.exe on Windows 98 CD provided by Microsoft.
Which versions are you seeing this under? I've tested notepad.exe from 98, ME, and XP Pro and show no virus result for it. It is possible that the files are indeed infected. My suggestion before writing it off as an error on ClamAV's part, is to take the win machine in question and perform a webscan via trendmicro, norton, or mcafee KenC - Original Message - From: "chirag gandhi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 15, 2004 11:01 AM Subject: [Clamav-users] Great surprise!!! CLAMAV is showing virus into Notepad.exe on Windows 98 CD provided by Microsoft. > I have successfully installed CLAMAV into my machine > into Linux and updated its virus database. For > checking it's efficiency I mounted my windows drive > and performed scanning on it using clamscan. > Surprisingly, I got a virus warning into notepad.exe > it was showing infected by W32.Ladmar.A. However, I am > already having Norton Corporate Edition with latest > updation installed into my windows. So, I went to > windows and checked notepad.exe for virus using > norton. Norton had not shown any virus, but CLAMAV is > showing into linux. I had also checked virus on > notepad.exe extracted from the Windows .cab file from > the CD provided by the Microsoft. Still CLAMAV is > showing virus warning. > > On the URL > > http://clamav.ozforces.com/database/viruses.db2 > > virus signature for W32.Ladmar.A is present into > notepad.exe. So, whether the virus present into > notepad.exe or CLAMAV's virus database contains wrong > signature. > > Thanks, > Chirag Gandhi > > > __ > Do you Yahoo!? > Yahoo! Mail - More reliable, more storage, less spam > http://mail.yahoo.com > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Trashscan Question
Never mind, I got it - Original Message - From: Bit Fuzzy To: [EMAIL PROTECTED] Sent: Sunday, March 07, 2004 10:56 PM Subject: [Clamav-users] Trashscan Question I have a question regarding Trashscan, and I'm hoping someone has tried this. Is it possible for trashscan to provide the name of the virus found in the notification email? I've tried contacting [EMAIL PROTECTED] regarding this issue, but the address is invalid.
[Clamav-users] Trashscan Question
I have a question regarding Trashscan, and I'm hoping someone has tried this. Is it possible for trashscan to provide the name of the virus found in the notification email? I've tried contacting [EMAIL PROTECTED] regarding this issue, but the address is invalid.