RE: [Clamav-users] OT: American date format (was: [EMAIL PROTECTED])
(I still don't understand why the Americans put the month in front of the day -- it makes no logical sense other than to be different from/than everyone else). Have a nice day .. uuuggghhh It's written as it's spoken, I think. Today's date is 'January 19th, 2006,' not '19 January, 2006' or '2006, January, 19.' ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report infected mail to the user
You have no idea where the report is going. You certainly have no reason to believe it is going to the sender. You should disable this feature. Sounds like he wants to inform the recipient, not the sender. Hi, you got a mail from so and so, but it had a virus, so I deleted it. If you're actually expecting mail from so-and-so, please give them a call and let them know that they might have a virus. Otherwise, go about your day. Still probably bad form, as you'd be spamming the living daylights out of the poor recipient. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] test virus # 14 - my setup or something else?
It caught the other 24. Is there something special about the TNEF file that needs to be configured in clamd.conf or clamsmtpd.conf to scan that or is it something else. Microsoft TNEF is neither a transport, nor neutral, nor encoding, nor a format. Discuss. You need to decode TNEFs with something else before passing them to Clam. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Virus Tests from www.testvirus.org
I am only trying to understand if it is possible to do with a single program (clamav-milter) the job of two programs (clamav-milter and noattach). Ideally, you wouldn't be using clamav-milter; you'd be using a milter that does content filtering (amavis?), and as part of that content filtering, may or may not wind up passing the message onto clam for scanning. I, for example, use qmail-scanner, which passes messages to clamav, passes messages to spamassassin, and so on, but also lets me define attachments that I simply won't accept, such as, say, .vbs. Muskoka.com 115 Manitoba Street Bracebridge, Ontario P1L 2B6 (705)645-6097 Muskoka.com is pleased to announce New High Speed Services please visit http://www.muskoka.com/services.htm for more information ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Downloading clam virus definition files automatically
Uhhh... but then what do you think someone providing such service would be liable for then? Unable to download an update? Or not being updated as soon as an update arrives? Pretty hard one because you connection might be temporarily down, a temporarily routing problem might exist somewhere between you and the server supposed to update your server. BigCorp contracts with you, ClamAVUpdates, for X amount of money per month for virus updates. ClamAVUpdates.com goes down for twenty minutes. During that twenty minutes, a new virus comes out, and BigCorp gets infected with it. BigCorp then turns around and sues ClamAVUpdates for not fufilling their end of the contract. Yes, said contract probably included the standard 'best effort' clauses, or maybe it's not even your fault; but this is an important point, so I'm going to put it in it's own paragraph. You're still going to wind up in court. Court is expensive. So, liability insurance. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Downloading clam virus definition files automatically
Any reason why that percentage should be less than 100? Cost of bandwidth, cost of equipment, and cost of administrating the purchase/access system? --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Downloading clam virus definition files automatically
Any reason why that percentage should be less than 100? Cost of bandwidth, cost of equipment, and cost of administrating the purchase/access system? Welcome to the area of open source... Open source is all well and good, but bandwidth still costs. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Downloading clam virus definition files automatically
Cost of bandwidth, cost of equipment, and cost of administrating the purchase/access system? And liability insurance. Aye, good point. Especially if you're going to be hoping to sell to corporate clients. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] My.Doom.o
I like virii - it sounds important and like something that can be on the ER equivalent for geeks... Perhaps, but if you were to actually pluralize it using Latin rules, the result would be 'viri.' --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OT: Virus page almost ready to go
Suggestions, critique, etc are welcomed. It looks great! About the only thing I'd add is a list of offending IPs with # of hits. Drillable stats would be nice, too; maybe import the log into a dbm or something every night --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OT: Virus page almost ready to go
Drillable stats would be nice, too; maybe import the log into a dbm or something every night That is already available, all the information is stored in MySQL. Hrm. I'll slink back into my hole, now. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OT: Question Re: possibly infected W2K Server
http://housecall.trendmicro.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shaun T. Erickson Sent: Tuesday, June 01, 2004 10:08 AM To: [EMAIL PROTECTED] Subject: [Clamav-users] OT: Question Re: possibly infected W2K Server Is there anything free that I can use to scan a possibly infected Windows 2000 Server system. Norton's Internet Security says it's trying to DoS my Windows clients, on port 1433. The server is sending MSSQL_Null_Packet_DoS from port 445. I need to know the state of this system, asap. -ste --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] pretty basic question - clamscan vs clamdscan
thanks. i suspect my invocation needs to be different - when i switch from clamscan to clamdscan, messages are processed - for example - rather than taking 10 seconds, 20 seconds, etc with clamscan, they claim 'ok' in .1 seconds, .7 seconds, etc - which doesn't seem possible. Actually, that's exactly the point, and sounds about right. Try scanning something with a virus, using clamdscan, and ensure that it finds it. Muskoka.com 115 Manitoba Street Bracebridge, Ontario P1L 2B6 (705)645-6097 Muskoka.com is pleased to announce New High Speed Services please visit http://www.muskoka.com/services.htm for more information --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clean Viruses?
I think he might mean 'clean up a machine which is wormed/rooted.' The answer, of course, is 'reformat, reinstall from original media, and restore known good backups.' -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Antony Stone Sent: Monday, November 03, 2003 6:43 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Clean Viruses? On Monday 03 November 2003 10:42 pm, Mark wrote: Cleaning is one of the most needed functions I think. Please can you explain why you think this? I agree that ten years ago it was worthwhile removing the bootsector viruses from floppies, or some of the .exe trojans which would add themselves to executables, but these days it seems to me that if you receive a virus, that is all you receive, and there is nothing left if you clean it. What viruses do you currently receive which can be cleaned from a file which is useful afterwards? Regards, Antony. -- If books were designed by Microsoft, the Anarchist's Cookbook would explode when you read it. - Mark W Schumann Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] New db container
Ok, so you already have apache bound to port 80. How do you bind the rsync server to port 80 as well? As a client, you're not running an rsync server, you're running an rsync client. Muskoka.com 115 Manitoba Street Bracebridge, Ontario P1L 2B6 (705)645-6097 Muskoka.com is pleased to announce New High Speed Services please visit http://www.muskoka.com/services.htm for more information --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: Re[2]: [clamav-users] qmail-scanner
Just specify them when you compile. qmail-scanner ./configure --admin virusadmin \ --domain mydomain.net \ --scanners clamscan,verbose_spamassassin \ --debug no \ --install \ --notify recips \ --log-details syslog Then, modify qmail-scanner-queue.pl or whatever it's called to use clamdscan instead of clamscan, make sure you're running clamd, and you're golden. If you're using vpopmail, you'll need a --use-vpop yes somewhere in there. -Original Message- From: Lucas Valdeón [mailto:[EMAIL PROTECTED] Sent: Friday, July 04, 2003 8:49 AM To: Antony Stone Subject: Re[2]: [clamav-users] qmail-scanner Hola Antony, I send you as attached. Thank you, Lucas Friday, July 4, 2003, 2:24:47 PM, you wrote: AS On Friday 04 July 2003 1:10 pm, Lucas Valdeón wrote: Hola Nicholas, This is what I did, but qmail-scanner does not detect spamassasin. Clam and spammassasin are both in /opt partition, but in messages headers only appears spamassasin info, nothing about clam. Received: (qmail 15991 invoked by uid 1007); 4 Jul 2003 12:02:31 - Received: from localhost [127.0.0.1] by openx.xxx.xx with SpamAssassin (2.55 1.174.2.19-2003-05-19-exp); Fri, 04 Jul 2003 14:02:32 +0200 From: Servicom [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: *SPAM* Fwd: $1000.00 FREE - $100,000 JACKPOTS - CASINO ONLINE.. fyvn Date: Fri, 4 Jul 2003 14:02:25 +0200 Message-Id: [EMAIL PROTECTED] X-Spam-Flag: YES X-Spam-Status: Yes, hits=5.0 required=4.0 tests=AWL,FWD_MSG,HTML_20_30,HTML_IMAGE_ONLY_06, HTML_IMAGE_RATIO_04,HTML_MESSAGE,IN_REP_TO, MAILTO_TO_SPAM_ADDR,REFERENCES,SUBJ_FREE_CAP, SUBJ_HAS_UNIQ_ID,TRACKER_ID version=2.55 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) MIME-Version: 1.0 My configuration seems to work, but clam info is not in header. Is this an error ? AS Try cutting and pasting the following three lines, join them together (with AS no spaces inserted) and sending it as an attachment to an email through the AS system and see if you get anything out of ClamAV as a result: AS [EMAIL PROTECTED] AS (P^)7CC)7}$EICAR-STANDARD- AS ANTIVIRUS-TEST-FILE!$H+H* AS I split them up because otherwise they get detected as the Eicar test string AS by the scanner on this mailing list and you wouldn't get to see it at all :) AS Regards, AS Antony. AS -- AS Wanted: telepath. You know where to apply. AS - AS To unsubscribe, e-mail: [EMAIL PROTECTED] AS For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] FortNight virus
With my database updated Wedensday, Jun 4th at 1800 hours, this fortnight.eml doesn't get tripped by clamdscan. clamdscan fortnight.eml /home/admin/fortnight.eml: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.024 sec (0 m 0 s) -Original Message- From: Fajar Arief Nugraha [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 5:55 AM To: [EMAIL PROTECTED] Subject: Re: [clamav-users] FortNight virus I sent it to [EMAIL PROTECTED] You could also see it here : http://antispam.or.id/fortnight.eml Diego d'Ambra wrote: Could you drop me a mail sample - I will then take a look at it. Please upload the sample to a web-site to prevent other scanners from stopping your mail. Best regards, Diego d'Ambra ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] clamscan clamd
Did both report having scanned the same files/number of files? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, May 01, 2003 1:42 PM To: [EMAIL PROTECTED] Subject: Re: [clamav-users] clamscan clamd Thank you! Ok, so that brings me to the question of what would be the advantage of using clamdscan/clamd versus simply using clamscan. I ran a simple test to compare the performance. I ran clamdscan 5 times on the clamscan install directory, got an average of 2.22 seconds Then I ran clamscan 5 times on the same directory, with an average of 1.18 seconds, basically twice as fast! So should clamdscan+clamd only be used in scenarios where I have a central clamav server? Because it seems the regular clamscan is much faster. Ricardo On Thu, 01 May 2003 10:01:09 +0200 Andreas Schmitz wrote: [EMAIL PROTECTED] wrote: If that's the case, then what is the client program for clamd? Is it clamuko? I didn't quite understand. clamdscan is the client programm, which need clamd. Best Regards -- Andreas Schmitz AS-DataService http://www.as-dataservice.de Kastanienallee 24 D-54662 Speicher Tel.: (0 65 62) 93 05 17 Fax: (0 65 62) 93 05 18 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Ust-IdNr.: DE211466407 Handelsregister: HRA 1869 - Amtsgericht Bitburg http://www.as-dataservice.de - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] is this list alive? ;-)
Checking for a new database - started at Thu Apr 24 14:33:15 2003 Database updated (containing in total 7770 signatures). (Just installed ClamAV last Thursday) Note, also, that the simple expedient of adding .vbs and .js to your 'automatically deny' list will stop the vast majority of what passes for 'viruses' these days; added bonus of stopping the new ones that crop up every once in a while. Muskoka.com 115 Manitoba Street Bracebridge, Ontario P1L 2B6 (705)645-6097 Muskoka.com is pleased to announce New High Speed Services please visit http://www.muskoka.com/services.htm for more information -Original Message- From: Robert Harrison [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2003 10:29 AM To: [EMAIL PROTECTED] Subject: Re: [clamav-users] is this list alive? ;-) Checking for a new database - started at Sat Nov 30 04:00:00 2002 viruses.db2 is up to date. Database updated (containing in total 7295 signatures). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]