[Clamav-users] virus not detected
Hi, Me and many friends here are troubled by a new virus which has attachments like Video_part.mim, Attachment.hqx etc. We are getting this since last 36 hours and a friend submitted a few samples to clamav interface 7 hours back. Symantech detects it since today morning, but clamav is still not detecting it. I am very much troubled by this. Can someone suggest a solution to this please since we all are getting many virues regularly? I heard that many other companies are also troubled by this new menance. With warm regards, -Payal ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] virus not detected
On Wed, Jan 18, 2006 at 07:04:27PM +0200, Cevher wrote: > You can create a temporary signature... Please tell me how. I read signatures.pdf but ... $ sigtools --md5 virus_file > temp.hdb What do I do after that? I use clamd, so do I need to restart it? With warm regards, -Payal ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] virus not detected
On Wed, Jan 18, 2006 at 12:11:19PM -0500, Chris Conn wrote: > update your defs, version 1245 gets it. I updated and it was found. But that is weird, I always update every 1 hour and just a few mins back I manually tried to update, but the virus was not detected and now it is. I am interested in making a temporary sig myself. Any help on this? With warm regards, -Payal ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] virus not detected
On Wed, Jan 18, 2006 at 06:22:38PM +0100, Niek wrote: > The update was released a few minutes after you started this thread :) But on my friends amchine she still get, # freshclam ClamAV update process started at Wed Jan 18 22:59:58 2006 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES See the FAQ at http://www.clamav.net/faq.html for an explanation. main.cvd is up to date (version: 35, sigs: 41649, f-level: 6, builder: tkojm) daily.cvd is up to date (version: 1244, sigs: 840, f-level: 6, builder: sven) And she has just flused her dns cache too. What is wrong for her case? > The pdf explains how to create your own signatures. > Afaik you place them in the "DatabaseDirectory" (which is defined in > clamd.conf). Yes thanks a lot. Placing it properly, did work. With warm regards, -Payal ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] virus not detected
On Wed, Jan 18, 2006 at 06:11:13PM +, Stephen Gran wrote: > She doesn't have version 1245, as explained earlier. She probably has > a > DNS server returning the wrong version, and she should look into why > that is. Maybe one of her forwarders caches too long or something. But she was using her own dns server without any forwarder at all. With warm regards, -Payal ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clam antivirus testimony
Hi, I love clam antivirus. It has caught many of Sobig virus on my server. Does anyone has report on how it competes against commercial viruscanner and is anyone using it on a production server? Thanks a lot and bye. With warm regards, -Payal -- "Visit GNU/Linux Success Stories" http://payal.staticky.com Guest-Book Section Updated. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam antivirus testimony
On Mon, Sep 15, 2003 at 10:32:43AM -0700, Scott Kveton wrote: > > I love clam antivirus. It has caught many of Sobig virus on my server. > > Does anyone has report on how it competes against commercial viruscanner > > and is anyone using it on a production server? > > We use clamav in addition to Norton Anti-virus on our Exchange servers. > We relay all of the mail to our Exchange servers through our Linux > machines first with clamav + amavisd-new + spamassassin in between. > > Over a million messages a day and no complaints: > > http://www.net.oregonstate.edu/cgi-bin/mailgraph.cgi Wowww!!! that is great. But are the viruses caught by clamscan or Norton? Can I just use clamscan? Do you personally recommend it? Thanks a lot and bye. With warm regards, -Payal > > --- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam antivirus testimony
On Mon, Sep 15, 2003 at 09:19:25PM -0700, Scott Kveton wrote: > > > We use clamav in addition to Norton Anti-virus on our Exchange servers. > > > We relay all of the mail to our Exchange servers through our Linux > > > machines first with clamav + amavisd-new + spamassassin in between. > > > > > > Over a million messages a day and no complaints: > > > > > > http://www.net.oregonstate.edu/cgi-bin/mailgraph.cgi > > > > Wowww!!! that is great. But are the viruses caught by clamscan or > > Norton? > > Can I just use clamscan? > > Do you personally recommend it? > > Everything in the above graph was caught with clamav ... I don't have > any statistics on Norton AV v. clamav. I actually use clamd and connect > to it out of amavisd-new ... I have clamscan as the backup but never go > to it as clamd hasn't failed on me yet. I LOVE CLAMD. But can you give some rough stats/estimates about viruses which escaped from clamd but were caught by Norton? Thanks. -Payal > I highly recommend clamav. > > Scott :-) -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] updates download
Hi, Is it possible to download the updates manually and transfer therm on floppy or CD to a machine which does not have internet access but just local LAN access? If yes, how to do it? With warm regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Exclude file (Was: clam antivirus testimony)
On Mon, Sep 15, 2003 at 10:46:27AM -0700, Chris de Vidal wrote: > --- Payal Rathod <[EMAIL PROTECTED]> wrote: > > I love clam antivirus. It has caught many of Sobig virus on my server. > > Does anyone has report on how it competes against commercial viruscanner > > and is anyone using it on a production server? > > I'm using it in production (200GB Samba servers with 100-500,000 files) and > other than false positives and the file access error I mentioned earlier today, > it's been great! What? You mean I can use clam otherthan for mail scanning??? I thought clamscan was always used with integration with qmailscanner, amavis, mailscanner or similar tools. -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] logging viruses report
Hi, I am scanning a big disk. How do I save the names of infected files to a file? With warm regards, -Payal -- "Visit GNU/Linux Success Stories" http://payal.staticky.com Guest-Book Section Updated. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] running for qmail
Hi, Does anyone have an idea if it is possible to use clamav directly from a dot-qmail file or maybe with maildrop (i.e. without using any virus handler)? Can someone hint on this? I have user level access to the system. With warm regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] running for qmail
On Mon, Sep 22, 2003 at 03:26:02PM -0500, Tom Walsh wrote: > > I have written a shell script wrapper for clamscan (more specifically > clamdscan/clamd) that I call from maildrop... If you want to see the > maildrop script message me offline as it isn't 100% relevant to this list. I will check the wrapper NOW :) Can you please mail me the script you ar taking about? Thanks a lot and bye. With warm regards, -Payal -- "Visit GNU/Linux Success Stories" http://payal.staticky.com Guest-Book Section Updated. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] adding a signature
Hi, A friend sent me a sample old virus which is not detected by clamscan. I want to add that viruses signature in my copy of clamscan. [He has already sent a copy to clamscan]. How to do it? I read the docs and tried to follow them, but I was getting nowhere. With warm regards, -Payal -- "Visit GNU/Linux Success Stories" http://payal.staticky.com Guest-Book Section Updated. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] adding a signature
On Sat, Oct 04, 2003 at 08:16:38PM +0200, Tomasz Kojm wrote: > > Hi, > > A friend sent me a sample old virus which is not detected by clamscan. I > > want to add that viruses signature in my copy of clamscan. [He has > > already sent a copy to clamscan]. How to do it? > > I read the docs and tried to follow them, but I was getting nowhere. > > sigtool -c some_anti_virus_scanner_that_detects_the_virus -f infected.file -s > unique_antivirus_output_(eg. the virus name) > > Warning: This may be illegal with some scanners. Please check the license of >your scanner. > > Edit infected.file.sig and add VirusName= before the hex string. Now rename > it to somename.db and put to the clamav database directory. It works. It works wonderfully. Thanks a lot. With warm regards, -Payal > > Best regards, > Tomasz Kojm > -- > oo. [EMAIL PROTECTED] > (\/)\. http://www.konarski.edu.pl/~zolw > \..._ I nie zapomnij kliknac w brzuszek... > //\ /\\ <- C. Amboinensiswww.pajacyk.pl > > > --- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users -- "Visit GNU/Linux Success Stories" http://payal.staticky.com Guest-Book Section Updated. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] strange logs
Hi, I use qmail-scanner and clamcan. Recently, in my qmail-scanner logs I received strange logs like, Mon, 08 Dec 2003 11:59:56 +0530 [EMAIL PROTECTED] [EMAIL PROTECTED] Regarding activation Report of 8.12.03 Oversized Zip clamscan: 0.65. People at qmail-scanner that it is not qmail-scanner issue, they say that the file is blocked by clamscan and wit exits with "virus" error code. Can you tell me what is wrong? I don't want to block files like this, I just want to block viruses. Any hints on this? With warm regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] strange logs
On Fri, Dec 12, 2003 at 02:47:22AM +, Payal Rathod wrote: > People at qmail-scanner that it is not qmail-scanner issue, they say > that the file is blocked by clamscan and wit exits with "virus" error > code. Can you tell me what is wrong? > > I don't want to block files like this, I just want to block viruses. > Any hints on this? Payal why don't you read the archvies before posting :) Well, I got the general idea. But I am not getting what difference will it make to change, #define ZIPOSDET 20 to say 70 What does this signify? Assume I have a large log file of 100Mb and zip zips it to 15Mb will it be rejected because the compression ration is 85%? Thanks a lot and bye. -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] strange logs
On Fri, Dec 12, 2003 at 11:49:20AM +0100, Tomasz Papszun wrote: > On Fri, 12 Dec 2003 at 3:39:16 +0000, Payal Rathod wrote: > > > > Well, I got the general idea. But I am not getting what difference will > > it make to change, > > #define ZIPOSDET 20 to say 70 > > > > What does this signify? Assume I have a large log file of 100Mb and zip > > zips it to 15Mb will it be rejected because the compression ration is > > 85%? > > No, it wouldn't. Because 100 MB / 15 MB ~= 6.67 compression ratio only. So, what is the safe ratio I should keep? Right now I have it from 20 to 70. Is it Ok? -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav vs. other virus scanners
Hi all, Recently I noticed that Norton AV clears more than 60,000 viruses, maybe other virus scanners also have similar numbers, why do we have a very less number? Is it because we do not have big database or we protect against new viruses only and keep new definition updated? I personally had no problems, cos' I have saved few viruses to test with clamav and it detected them all. But then I have a LAN of only few machines. Do other people with big setups and budget prefer commercial antiviruses to clamav? Also, is clamav a bit worried that once the database grows big it will consume more memory and create other problems. Thanks. Regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] database not being updated
Hi, On one machine where I had forgotten to update the database for 2 months, I am getting and error, # freshclam Current working dir is /usr/local/share/clamav Checking for a new database - started at Fri Jan 9 08:30:45 2004 Connected to clamav.elektrapro.com. Reading md5 sum (viruses.md5): OK Reading md5 sum (viruses2.md5): OK ERROR: Can't open new file ./36eb2f105cde6e69 to write open: Permission denied ERROR: Can't download viruses.db from clamav.elektrapro.com Checking for a new database - started at Fri Jan 9 08:30:46 2004 Connected to clamav.ozforces.com. Reading md5 sum (viruses.md5): OK Reading md5 sum (viruses2.md5): OK ERROR: Can't open new file ./57663653efc556b7 to write open: Permission denied ERROR: Can't download viruses.db from clamav.ozforces.com Checking for a new database - started at Fri Jan 9 08:30:47 2004 Connected to clamav.essentkabel.com. Reading md5 sum (viruses.md5): ... What is the cause and solution of this? With warm regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] pretty basic question - clamscan vs clamdscan
On Fri, Jan 09, 2004 at 11:09:34AM -0800, [EMAIL PROTECTED] wrote: > thanks. i suspect my invocation needs to be different - when i switch from > clamscan to clamdscan, messages are processed - for example - rather than > taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 > seconds, .7 seconds, etc - which doesn't seem possible. I missed the first few mails, but if you are worried if your mails are really scanned and if you are using qmail and qmail-scanner then you might want to look at headers to verify. -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam updates failing: sudden appearance of "ERROR: Verification: MD5 verification error."
On Mon, Jan 12, 2004 at 03:30:07PM +1100, Mick Pollard wrote: > FWIW I am getting the same errors. Fresh install on a devl box. > Clam 0.65 running : /usr/bin/freshclam -d -c 2 -l /var/log/freshclam.log I updated my definitions just 1 mins back. They seem ok. -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 error ?
On Sat, Jan 17, 2004 at 01:36:51AM +0100, Tomasz Kojm wrote: > On Sat, 17 Jan 2004 01:21:02 +0100 > Peter Bonivart <[EMAIL PROTECTED]> wrote: > > > Isn't it time to stop supporting the old db format? Version 0.65 has > > been out for two months now and lot's of people seem to have > > "problems" when they keep both the db and the cvd files. > > We have to announce it officially but the old format will be dropped > very soon. If I have an old install, what do I do? Should I re-install my av? Thanks and eagerly waiting for an reponsde on this. -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ERROR: Can't connect to clamd.
Hi, I cannot seem to get clamdscan to work. I did, [EMAIL PROTECTED] root]# clamd [EMAIL PROTECTED] root]# echo $? 0 [EMAIL PROTECTED] root]# ps waux | grep clam root 27470 0.0 0.2 3536 632 pts/0D19:18 0:00 grep clam [EMAIL PROTECTED] root]# clamdscan 1 connect(): Connection refused ERROR: Can't connect to clamd. --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) What is wrong? Thanks a lot for the help in advance and bye. With warm regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] finding viruses in email : please help
Hi, I am using clamdscan with qmail in conjuction with dot-qmail files. I have in .qmail | /usr/local/bin/clamdscan -; [ $? != 1 ] || exit 99 ./Maildir/ # ps aux | grep clamd root 7967 0.0 4.2 29396 10776 ? S20:54 0:00 clamd When I send a eicar test vrus it was caught properly, but when I sent a Sobig virus and others they were not caught at all and were delivered normally. I have the latest virus definitions with me. What is wrong here? Please suggest someway. It is harrassing. With warm regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] finding viruses in email : please help
On Wed, Jan 21, 2004 at 09:38:17AM +0100, Thomas Lamy wrote: > > > You need to enable at least the "ScanMail" and "ScanArchive" directives > in /usr/local/etc/clamav.conf (or whereever that file resides). I did it. Stopped clamd. Restarted it. Still no luck. Same problem. Where exactly is the problem? Thanks, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] finding viruses in email : please help
On Wed, Jan 21, 2004 at 06:52:57AM +0100, Tomasz Kojm wrote: > Take a look at contrib/trashscan and use it instead of clamdscan in > .qmail. It needs procmail, which I don't use. Also logger [???] What is wrong with calmdscan? It caught eicar properly. With regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users