Re: [Clamav-users] Clam AV
Todd Haskins a écrit : I am runninning Rehat Linux 7.3 using Comunicate Pro as a mailserver. I am trying to install the lastest plugin and antivirus software. First I would like to uninstall all previous verions of the plugin and antivirus software, does someone have any ideas on removeing previous version before upgrading to lates verion. Since i'm sure you probably installed ClamAV from sources, Just type make uninstall in the source folder of ClamAV /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: [Clamav-users] Windows port ?
On Sun, 2004-09-19 at 22:14, [EMAIL PROTECTED] wrote: > Hi, > [...] > Looks like You don't want to compete with Windows Antivirus programs ;-) This would > be bad becouse I found mingw native windows port not very complicated. > > By the way - I checked some Backdoor (about 173 I have till now) and results are : > > Panda Antivirus : 164/173 identified > ClamAV CVS version: 58/173 identified > > > Sadly to say there is a long way ahead :-( (or maybe ClamAV is not against Backdoors > ?) > > Boguslaw Brandys > If you support or use ClamAV, I think you should post all those non-identified files to clamav maintainers. Do not forget, Clamav project needs contributors ! We cannot make signatures of viruses we don't have :) Best regards, Denis -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
On Mon, 2004-08-16 at 22:48, Mike Robinson wrote: > Ok, so we can't do that, but can you suggest a better method than > running freshclam every hour? I would think that the clamav development > team would be interested in doing a "push" to sites that wanted them, > because these are probably the same sites that update on an hourly basis > right now. > > Regards, > Mike > Hi Mike, Depends on your setup. If you're running a small-scale system, run it every 2 hours. If you have 500+ users, run it once an hour, but please dont run it on the hour. Best regards, Denis -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
On Mon, 2004-08-16 at 19:53, Mike Robinson wrote: > Why not just do what I've been working on. Just set up a procmail rule > that runs freshclam whenever you get a message from the clamav-virusdb > list. It should work just as good as the clamav team sending you a > virusdb "push" every time the database is updated. > > Regards, > Mike > You should not do that, here are two reasons: Firstly, there is a long delay between the moment when a maintainer do an update and the receive of the mail in clamav-virusdb. Often 2 or 3 hours. Sourceforge mailing lists are actually posting messages 2 hours after posting. Maintainer has also to make the announcement and complete the processing of the samples after the update. This can sometime take 1 hour. Secondly, you could have a problem receiving mails, Sourceforge could have difficulties, or we could forget to post the notification. Last point never happened, but who knows ... Best regards, Denis De Messemacker -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Sigtool Build Time
On Wed, 2004-07-28 at 17:15, Vernon A. Fort wrote: > I'm tring to understand the Build time string in the sigtoo -i daily.cvd > file: > > Build time: 27 Jul 2004 15-12 +0200 > > specifically with the 15-12 +0200. I want to convert this to Central > time (US), any pointers. > > Vernon > It means the signature was done at 3:12 pm (15:12) , in a GMT+2 zone. So 1:12pm GMT. Assuming Central Standard Time USA is GMT-5 in summer, it makes 8:12 am. see: http://wwp.greenwichmeantime.com/ /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Flase positive
On Mon, 2004-05-10 at 08:39, Kevin Spicer wrote: > I submitted a false positive of Joke.BinLaden last week (through the web > interface), but I haven't heard anything of it, and its not shown up in > the virusdb list. Should I resubmit? It will be removed from database soon. Thanks, /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] w32.netsky.x
On Tue, 2004-04-20 at 21:30, Daniel Corbe wrote: > Hey, > > I've got clamav installed on my mail server and am currently using it to > scan E-Mail for viruses. > > Today, my users are getting hammered with W32.Netsky.X and I don't see > that clamav's virus definitions have this one even after I do a freshclam. > > http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] > > Any help is appriciated. > > I added the definition for this virus this morning ... see in update announcement on virusdb .. Submission: 2743, 2746, 2747, 2748, 2749, 2751, 2752, 2753, 2755, 2756, Submission: 2757 Sender: Artur Miarecki, Tomasz Szyla, Krzysztof Raczkowski, Tomasz, Sender: Marcin Marszaek, Waldek, Konrad Korzeniowski, Michal Margula, Sender: Aleksander Dzierzanowski, Kamil, Miroslaw Jaworski Alias: W32/Netsky-Y (Sophos) Added: Worm.SomeFool.Y T. Papszun changed its name to Worm.Somefool.X two hours ago. Please subscribe to mailing list virus-db Best regards, /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Question on SomeFool Virus
On Tue, Apr 06, 2004 at 11:15:15AM +0100, Antony Stone wrote : > Sound like it's working then :) > > > Should I submit this? or just be thankful or both? > > No point submitting a virus which ClamAV already detects :) Be thankful the > team did a better job than Sophos & McAfee again. > > Regards, > > Antony. > Wow, it seems that Diego did a nice job with all those generic signatures. However, i do not agree completely with you. I think that every variant of a virus should have a signature in the database, even if it is already detected by some generic signature. Why ? Because if we have to remove the generic signature due to some false positives, the variant virus will no longer be detected. So, generic signatures are fine, but I think we should also have signatures for a maximum of variants. Just my two cents, /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Ladmar virus?
On Mon, Mar 15, 2004 at 10:01:00AM -0600, Keith Murphy wrote : > I'm suddenly seeing this: > > clamscan Notepad.exe > Notepad.exe: W32.Ladmar.A FOUND > > when run against C:\WINDOWS\Notepad.exe on several Win98 workstations. > I don't see any recent updates that involve this virus, but I'm dubious > about whether multiple workstations really are infected with this. A > recent McAfee doesn't detect anything either. > > Can't find *any* information about this virus on the web. > > Thanks for any help. > Please submit this executable in the web submission interface as 'false virus'. Then we will process it shortly. Thanks, /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner pgp0.pgp Description: PGP signature
Re: [Clamav-users] Re: Update (daily: 172)
On Tue, Mar 09, 2004 at 03:20:16PM +, Virgo Pärna wrote : > > What does this "specific sig." mean? It was probably virus > infected with virus. > Well, this version of SomeFool was detected by the generic signature of Magistr.A . We always prefer to have specific signatures for all variants. So if we have to remove or modify a generic signature, it will be still detected. For example, we have various signatures for each Bagle.* worms. Even if Diego managed to do generic ones, the sigs are still in the database. Best regards, /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Postfix gateway to clamav
On Fri, Feb 20, 2004 at 11:33:58PM +0100, Guillaume JULLIEN wrote : > Thanks for your answers. > > My MTA is Postfix (subject: ...) > More suggestions about a Postfix interface to ClamAV ? > > Niber > I did a Postfix + amavid-new + ClamAV mail gateway at work. Easy to configure (see howtos) and stable. You'll probably need backports for amavisd-new. /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Worm.SCO.A
On Wed, Jan 28, 2004 at 01:01:35PM -0300, Patricia Viana wrote : > Hi. [...] > It seams to be the same virus as MyDoom or Novarg. > Can anyone confirm this?! > > Thanks. > > > > Att, > > Patrícia Viana > Indeed, all those names belong to the same virus. please, configure your mail client to avoid html mails like yours. /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] type of viruses being added to database
On Mon, Jan 12, 2004 at 01:56:47PM -0500, jef moskot wrote : [...] > > Thanks, that puts things into a little perspective. > > I'm really just looking for a GENERAL idea. For example, if you had to > explain to the average user what sort of viruses were being added to the > database...is it MOSTLY new ones? MOSTLY old ones? About half and half? > > Would it be fair to say that when a new update comes out that it has > likely been triggered by a recent discovery? > We have mainly two types of contributors: - ISP or domain administrators. All those people send mainly new versions of virii. With their help, we have newest viruses in very short time. I think we can say that we have samples of new spreading virii in record times. An example ? When the Sober.C worm began to spread, we received about 4 submissions in some hours. And many more after it was added to the database. > Submissions: 315, 316, 317, 321 > Senders: Christian Kühn, Peter Surda, Joerg Seyfried, Andreas Grundler > Virus name: Sober.C > Added: Worm.Sober.C Since submissions are checked many times a day, I think we can say that new viruses that were sent to us are added to database on a 1 day delay. - Independant or personal contributors: Can send various types of viruses. New, old ones, unknown, Trojans, etc. Some of them are crawling the www to find the virii we don't have. Their contributions are important since they submit mainly more uncommon viruses that ISP do not often receive. There are actually a _balance_ between old and new viruses we receive. But, as said T. Papszun, the newests ones have all our attention and are processed in first. In conclusion, and to answer your question, we receive actually a majority of current worms,trojans and viruses that are still in activity. Those are analysed on a fifo base. At any time, if fast spreading new virus is received, it preempts the other submissions. Hope this mail answers your questions. /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam updates failing: sudden appearance of "ERROR: Verification: MD5 verification error."
On Sun, Jan 11, 2004 at 04:53:45PM -0800, OpenMacNews wrote : > hi, > > my db updates have *suddenly* stopped working after no prior problems > for ages. > > now, a: > >% /usr/local/clamav/bin/freshclam --log=/var/log/freshclam.log >--datadir=/var/clamav_db > > reports: > >ClamAV update process started at Sun Jan 11 16:50:28 2004 >Reading CVD header (main.cvd): OK >Downloading main.cvd [*] >ERROR: Verification: MD5 verification error. >Trying again... >ClamAV update process started at Sun Jan 11 16:50:54 2004 >Reading CVD header (main.cvd): OK >Downloading main.cvd [*] >ERROR: Verification: MD5 verification error. >Trying again... >ClamAV update process started at Sun Jan 11 16:51:06 2004 >Reading CVD header (main.cvd): OK >Downloading main.cvd [*] >ERROR: Verification: MD5 verification error. >Giving up... > > > > any ideas? > > richard As seen Mick Pollard, this problem was corrected with morning update. Best regards, /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users