Re: [Clamav-users] Clam AV

2004-12-09 Thread Denis De Messemacker 
Todd Haskins a écrit :
I am runninning Rehat Linux 7.3 using Comunicate Pro as a mailserver. I am trying to install the lastest plugin and antivirus software. First I would like to uninstall all previous verions of the plugin and antivirus software, does someone have any ideas on removeing previous version before upgrading to lates verion.
Since i'm sure you probably installed ClamAV from sources, Just type
make uninstall
in the source folder of ClamAV
/ddm
--
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED] http://www.e-labs.org
[EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Re: [Clamav-users] Windows port ?

2004-09-19 Thread Denis De Messemacker 
On Sun, 2004-09-19 at 22:14, [EMAIL PROTECTED] wrote:
> Hi,
> 

[...]

> Looks like You don't want to compete with Windows Antivirus programs ;-) This would 
> be bad becouse I found mingw native windows port not very complicated.
> 
> By the way - I checked some Backdoor (about 173 I have till now) and results are :
> 
> Panda Antivirus : 164/173 identified
> ClamAV CVS version: 58/173 identified
> 
> 
> Sadly to say there is a long way ahead :-( (or maybe ClamAV is not against Backdoors 
> ?)
> 
> Boguslaw Brandys 
> 

If you support or use ClamAV, I think you should post all those
non-identified files to clamav maintainers.

Do not forget, Clamav project needs contributors ! We cannot make
signatures of viruses we don't have :)

Best regards,

Denis 

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}

2004-08-17 Thread Denis De Messemacker 
On Mon, 2004-08-16 at 22:48, Mike Robinson wrote:
> Ok, so we can't do that, but can you suggest a better method than
> running freshclam every hour?  I would think that the clamav development
> team would be interested in doing a "push" to sites that wanted them,
> because these are probably the same sites that update on an hourly basis
> right now.
>  
> Regards,
> Mike
> 

Hi Mike,

Depends on your setup.  If you're running a small-scale system, run it
every 2 hours.  If you have 500+ users, run it once an hour, but please
dont run it on the hour.

Best regards,

Denis

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}

2004-08-16 Thread Denis De Messemacker 
On Mon, 2004-08-16 at 19:53, Mike Robinson wrote:
> Why not just do what I've been working on.  Just set up a procmail rule
> that runs freshclam whenever you get a message from the clamav-virusdb
> list.  It should work just as good as the clamav team sending you a
> virusdb "push" every time the database is updated.
> 
> Regards,
> Mike
> 

You should not do that, here are two reasons:

Firstly, there is a long delay between the moment when a maintainer do
an update and the receive of the mail in clamav-virusdb. Often 2 or 3
hours. Sourceforge mailing lists are actually posting messages 2 hours
after posting. Maintainer has also to make the announcement and complete
the processing of the samples after the update. This can sometime take 1
hour.

Secondly, you could have a problem receiving mails, Sourceforge could
have difficulties, or we could forget to post the notification. Last
point never happened, but who knows ...

Best regards, 

Denis De Messemacker

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Sigtool Build Time

2004-07-28 Thread Denis De Messemacker 
On Wed, 2004-07-28 at 17:15, Vernon A. Fort wrote:
> I'm tring to understand the Build time string in the sigtoo -i daily.cvd 
> file:
> 
> Build time: 27 Jul 2004 15-12 +0200
> 
> specifically with the 15-12 +0200.   I want to convert this to Central 
> time (US), any pointers.
> 
> Vernon
> 

It means the signature was done at 3:12 pm (15:12) , in a GMT+2 zone.
So 1:12pm GMT.

Assuming Central Standard Time USA is GMT-5 in summer, it makes 8:12 am.

see:
http://wwp.greenwichmeantime.com/


/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Flase positive

2004-05-11 Thread Denis De Messemacker 
On Mon, 2004-05-10 at 08:39, Kevin Spicer wrote:
> I submitted a false positive of Joke.BinLaden last week (through the web
> interface), but I haven't heard anything of it, and its not shown up in
> the virusdb list.  Should I resubmit?

It will be removed from database soon.
Thanks,

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] w32.netsky.x

2004-04-20 Thread Denis De Messemacker 
On Tue, 2004-04-20 at 21:30, Daniel Corbe wrote:
> Hey,
> 
> I've got clamav installed on my mail server and am currently using it to 
> scan E-Mail for viruses.
> 
> Today, my users are getting hammered with W32.Netsky.X and I don't see 
> that clamav's virus definitions have this one even after I do a freshclam.
> 
> http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
> 
> Any help is appriciated.
> 
> 

I added the definition for this virus this morning ... see in update
announcement on virusdb ..

Submission: 2743, 2746, 2747, 2748, 2749, 2751, 2752, 2753, 2755, 2756,
Submission: 2757
Sender: Artur Miarecki, Tomasz Szyla, Krzysztof Raczkowski, Tomasz,
Sender: Marcin Marszaek, Waldek, Konrad Korzeniowski, Michal Margula, 
Sender: Aleksander Dzierzanowski, Kamil, Miroslaw Jaworski
Alias: W32/Netsky-Y (Sophos)
Added: Worm.SomeFool.Y


T. Papszun changed its name to Worm.Somefool.X two hours ago.

Please subscribe to mailing list virus-db

Best regards,

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] Question on SomeFool Virus

2004-04-07 Thread Denis De Messemacker 
On Tue, Apr 06, 2004 at 11:15:15AM +0100, Antony Stone wrote :
> Sound like it's working then :)
> 
> > Should I submit this? or just be thankful or both?
> 
> No point submitting a virus which ClamAV already detects :)   Be thankful the 
> team did a better job than Sophos & McAfee again.
> 
> Regards,
> 
> Antony.
> 

Wow, it seems that Diego did a nice job with all those generic
signatures.

However, i do not agree completely with you. I think that every variant
of a virus should have a signature in the database, even if it is
already detected by some generic signature.

Why ? Because if we have to remove the generic signature due to some
false positives, the variant virus will no longer be detected.

So, generic signatures are fine, but I think we should also have signatures
for a maximum of variants.

Just my two cents,

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Ladmar virus?

2004-03-15 Thread Denis De Messemacker 
On Mon, Mar 15, 2004 at 10:01:00AM -0600, Keith Murphy wrote :
> I'm suddenly seeing this:
> 
> clamscan Notepad.exe
> Notepad.exe: W32.Ladmar.A FOUND
> 
> when run against C:\WINDOWS\Notepad.exe on several Win98 workstations. 
> I don't see any recent updates that involve this virus, but I'm dubious 
> about whether multiple workstations really are infected with this.  A 
> recent McAfee doesn't detect anything either.
> 
> Can't find *any* information about this virus on the web.
> 
> Thanks for any help.
> 

Please submit this executable in the web submission interface as 'false
virus'. Then we will process it shortly.

Thanks,

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Re: Update (daily: 172)

2004-03-09 Thread Denis De Messemacker 
On Tue, Mar 09, 2004 at 03:20:16PM +, Virgo Pärna wrote :
> 
>  What does this "specific sig." mean? It was probably virus
> infected with virus. 
> 

Well, this version of SomeFool was detected by the generic signature of
Magistr.A .

We always prefer to have specific signatures for all variants. So if we
have to remove or modify a generic signature, it will be still detected.

For example, we have various signatures for each Bagle.* worms.
Even if Diego managed to do generic ones, the sigs are still in the
database.

Best regards,

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Postfix gateway to clamav

2004-02-20 Thread Denis De Messemacker 
On Fri, Feb 20, 2004 at 11:33:58PM +0100, Guillaume JULLIEN wrote :
> Thanks for your answers.
> 
> My MTA is Postfix (subject: ...)
> More suggestions about a Postfix interface to ClamAV ?
> 
> Niber
> 

I did a Postfix + amavid-new + ClamAV mail gateway at work. Easy to
configure (see howtos) and stable.

You'll probably need backports for amavisd-new.

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Worm.SCO.A

2004-01-30 Thread Denis De Messemacker 
On Wed, Jan 28, 2004 at 01:01:35PM -0300, Patricia Viana wrote :
> Hi.

[...]

> It seams to be the same virus as MyDoom or Novarg.
> Can anyone confirm this?!
>  
> Thanks.
>  
>  
> 
> Att,
> 
> Patrícia Viana
> 

Indeed, all those names belong to the same virus.

please, configure your mail client to avoid html mails like yours.

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] type of viruses being added to database

2004-01-12 Thread Denis De Messemacker 
On Mon, Jan 12, 2004 at 01:56:47PM -0500, jef moskot wrote :

[...]

> 
> Thanks, that puts things into a little perspective.
> 
> I'm really just looking for a GENERAL idea.  For example, if you had to
> explain to the average user what sort of viruses were being added to the
> database...is it MOSTLY new ones?  MOSTLY old ones?  About half and half?
> 
> Would it be fair to say that when a new update comes out that it has
> likely been triggered by a recent discovery?
> 

We have mainly two types of contributors:

- ISP or domain administrators. All those people send mainly new
  versions of virii. With their help, we have newest viruses in very
  short time. I think we can say that we have samples of new spreading
  virii in record times. An example ? When the Sober.C worm began to
  spread, we received about 4 submissions in some hours. And many more
  after it was added to the database.

  > Submissions: 315, 316, 317, 321
  > Senders: Christian Kühn, Peter Surda, Joerg Seyfried, Andreas Grundler
  > Virus name: Sober.C
  > Added: Worm.Sober.C

  Since submissions are checked many times a day, I think we can say
  that new viruses that were sent to us are added to database on 
  a 1 day delay.

- Independant or personal contributors:
  Can send various types of viruses. New, old ones, unknown, Trojans,
  etc. Some of them are crawling the www to find the virii we don't
  have. Their contributions are important since they submit mainly more
  uncommon viruses that ISP do not often receive.

There are actually a _balance_ between old and new viruses we receive.
But, as said T. Papszun, the newests ones have all our attention and are
processed in first.

In conclusion, and to answer your question, we receive actually a
majority of current worms,trojans and viruses that are still in activity.
Those are analysed on a fifo base.
At any time, if fast spreading new virus is received, it preempts the 
other submissions.

Hope this mail answers your questions.

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam updates failing: sudden appearance of "ERROR: Verification: MD5 verification error."

2004-01-12 Thread Denis De Messemacker 
On Sun, Jan 11, 2004 at 04:53:45PM -0800, OpenMacNews wrote :
> hi,
> 
> my db updates have *suddenly* stopped working  after no prior problems 
> for ages.
> 
> now, a:
> 
>% /usr/local/clamav/bin/freshclam --log=/var/log/freshclam.log 
>--datadir=/var/clamav_db
> 
> reports:
> 
>ClamAV update process started at Sun Jan 11 16:50:28 2004
>Reading CVD header (main.cvd): OK
>Downloading main.cvd [*]
>ERROR: Verification: MD5 verification error.
>Trying again...
>ClamAV update process started at Sun Jan 11 16:50:54 2004
>Reading CVD header (main.cvd): OK
>Downloading main.cvd [*]
>ERROR: Verification: MD5 verification error.
>Trying again...
>ClamAV update process started at Sun Jan 11 16:51:06 2004
>Reading CVD header (main.cvd): OK
>Downloading main.cvd [*]
>ERROR: Verification: MD5 verification error.
>Giving up...
> 
> 
> 
> any ideas?
> 
> richard

As seen Mick Pollard, this problem was corrected with morning update.

Best regards,

/ddm

-- 
Denis De Messemacker
GnuPG Key-ID: 0x02787880
[EMAIL PROTECTED]   http://www.e-labs.org
[EMAIL PROTECTED]   http://www.ClamAV.net - A GPL virus scanner


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users