Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-07 Thread G.W. Haywood via clamav-users 

Hi there,

On Wed, 7 Jul 2021, Andrew C Aitchison via clamav-users wrote:

> > On Tue, 6 Jul 2021, G.W. Haywood wrote:
>
> https://marc.info/?l=clamav-users&m=162429486707369&w=2


I have no idea why Ged pointed you at the marc.info archive rather than
 https://lists.clamav.net/pipermail/clamav-users/2021-June/011372.html
which is the same message on the official clamav archive (which I find easier 
to read), or the blog post

 https://blog.clamav.net/2021/06/clamav-01033-patch-release.html
which Joel's email was repeating.


Sorry, I didn't realize it was going to be an issue and it's noted.  I
very much prefer the MARC user interface, but it's not important which
of the archives is given for a link in a mail.  The point of the link
was that there had been an announcement on this mailing list, as well
as the blog post.  It might be easy to miss a blog post.  After all of
this I'm still unsure that there's been any answer to my question.


All three have rather longer lines than are convenient on a small screen.


Nothing less than 1600 wide will do for me now I'm afraid. :)  Come to
think of it, wasn't this why HTML was invented?  I remember complaining
to one of the guys at a Yahoo company in the very early 2000s that they
were backing HTML into a corner.  Plus ça change...

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-07 Thread Andrew C Aitchison via clamav-users 

On Wed, 7 Jul 2021, Joe Acquisto-j4 wrote:

> On Tue, 6 Jul 2021, Joe Acquisto-j4 wrote:
> > On Tue, 6 Jul 2021, G.W. Haywood wrote:
> > > On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote:
> > >
> > > > Just FYI: this is the first time I remember seeing openSUSE
> > > > notifying something about ClamAV.
> > >
> > > Looks like this is OpenSUSE's response to the recent announcement 

of

> > > ...
> > > https://blog.clamav.net/2021/06/clamav-eol-of-0100x-versions.html
> > > ...
> > > No wonder Joel's been tearing his hair out.
> >
> > Is there a concern for those running  ClamAV 0.103.2?
>
> You mean apart from those listed in the announcements?
>
> https://marc.info/?l=clamav-users&m=162429486707369&w=2
>
> --
>
> 73,
> Ged.

I found that link to be virtually unreadable from [attachment #5)] and 

below.

I think attachment #5 is just an html version of the part above.

I have no idea why Ged pointed you at the marc.info archive rather than
  https://lists.clamav.net/pipermail/clamav-users/2021-June/011372.html
which is the same message on the official clamav archive (which I find 
easier to read), or the blog post

  https://blog.clamav.net/2021/06/clamav-01033-patch-release.html
which Joel's email was repeating.

All three have rather longer lines than are convenient on a small screen.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-07 Thread G.W. Haywood via clamav-users 

Hi there,

On Wed, 7 Jul 2021, Joe Acquisto-j4 wrote:


On Tue, 6 Jul 2021, Joe Acquisto-j4 wrote:

On Tue, 6 Jul 2021, G.W. Haywood wrote:

On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote:


Just FYI: this is the first time I remember seeing openSUSE
notifying something about ClamAV.


Looks like this is OpenSUSE's response to the recent announcement of
...
https://blog.clamav.net/2021/06/clamav-eol-of-0100x-versions.html
...
No wonder Joel's been tearing his hair out.


Is there a concern for those running  ClamAV 0.103.2?


You mean apart from those listed in the announcements?

https://marc.info/?l=clamav-users&m=162429486707369&w=2


I found that link to be virtually unreadable from [attachment #5)] and below.


It's just an email.  It looks a lot like emails look when you don't
have some dreadful graphical mail client to spoon-feed it to you, and
to embellish/hide/bowdlerize bits of it, and send tracking information
all over the planet, and occasionally crash, and sometimes if the mail
is malicious, even to compromise your workstation in the process.

As you say, there is a link to a rendered version of the HTML for you
to view if you wish.  But it shouldn't really be necessary:


The link seems to work to open a readable page.  Soon as I wake up I
will give it a deeper read, but it appears to not be urgent ...


Since I'm sure you were subscribed to this list at the time, a copy of
the email in question was sent to you just after our Summer Solstice.


Received: from internet-MTA by mail
 with Novell_GroupWise; Wed, 07 Jul 2021 07:21:28 -0400
Message-Id: <60E555F102850006C82A@mail>
X-Mailer: Novell GroupWise Internet Agent 12.0.2


Is your mail client really ten years old?

https://groupwise.software.informer.com/versions/
https://www.cvedetails.com/vulnerability-list/vendor_id-20/product_id-589/Novell-Groupwise.html

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-07 Thread Joe Acquisto-j4 


> Hi there,
> 
> On Tue, 6 Jul 2021, Joe Acquisto-j4 wrote:
>> On Tue, 6 Jul 2021, G.W. Haywood wrote:
>> > On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote:
>> >
>> > > Just FYI: this is the first time I remember seeing openSUSE
>> > > notifying something about ClamAV.
>> >
>> > Looks like this is OpenSUSE's response to the recent announcement of
>> > ...
>> > https://blog.clamav.net/2021/06/clamav-eol-of-0100x-versions.html 
>> > ...
>> > No wonder Joel's been tearing his hair out.
>>
>> Is there a concern for those running  ClamAV 0.103.2?
> 
> You mean apart from those listed in the announcements?
> 
> https://marc.info/?l=clamav-users&m=162429486707369&w=2 
> 
> -- 
> 
> 73,
> Ged.

I found that link to be virtually unreadable from [attachment #5)] and below.

The link seems to work to open a readable page.  Soon as I wake up I will give 
it a deeper read, but it appears to 
not be urgent, for my case.
  



-- 



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-07 Thread G.W. Haywood via clamav-users 

Hi there,

On Tue, 6 Jul 2021, Joe Acquisto-j4 wrote:

On Tue, 6 Jul 2021, G.W. Haywood wrote:
> On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote:
>
> > Just FYI: this is the first time I remember seeing openSUSE
> > notifying something about ClamAV.
>
> Looks like this is OpenSUSE's response to the recent announcement of
> ...
> https://blog.clamav.net/2021/06/clamav-eol-of-0100x-versions.html
> ...
> No wonder Joel's been tearing his hair out.

Is there a concern for those running  ClamAV 0.103.2?


You mean apart from those listed in the announcements?

https://marc.info/?l=clamav-users&m=162429486707369&w=2

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-06 Thread Joe Acquisto-j4 


> Hi there,
> 
> On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote:
> 
>> Just FYI: this is the first time I remember seeing openSUSE
>> notifying something about ClamAV.
>> 
>> Begin forwarded message:
>>
>> Date: Mon,  5 Jul 2021 15:17:01 +0200 (CEST)
>> From: opensuse-secur...@opensuse.org 
>> To: opensuse-security-annou...@opensuse.org 
>> Subject: openSUSE-SU-2021:2242-1: important: Security update for 
>> clamav-database
>>
>>
>>   openSUSE Security Update: Security update for clamav-database
>> 
> _
> _
>>
>> Announcement ID:openSUSE-SU-2021:2242-1
>> Rating: important
>> References: #1084929
>> Affected Products:
>>openSUSE Leap 15.3
>> 
> _
> _
>>
>>   An update that contains security fixes can now be installed.
>>
>> Description:
>>
>>   This update for clamav-database fixes the following issues:
>>
>>   Changes in clamav-database:
>>   - database refresh on 2021-07-05 (bsc#1084929)
>> [...]
>> References:
>>
>>   https://bugzilla.suse.com/1084929 
>> [...]
> 
> Looks like this is OpenSUSE's response to the recent announcement of
> the pending EOL of 0.100.x:
> 
> https://blog.clamav.net/2021/06/clamav-eol-of-0100x-versions.html 
> 
> I can't be sure because I can't view the bugzilla ref (nice one, SUSE)
> and from my other searches I can't make head nor tail of what they've
> been doing with the 'Leap' versions but it *looks* like, well, nothing
> since March 2019:
> 
> https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html 
> 
> For example scroll down to OpenSUSE at
> 
> https://repology.org/project/clamav/versions 
> 
> No wonder Joel's been tearing his hair out.
> 
> -- 
> 
> 73,
> Ged.

Is there a concern for those running  ClamAV 0.103.2?




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-06 Thread G.W. Haywood via clamav-users 

Hi there,

On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote:


Just FYI: this is the first time I remember seeing openSUSE
notifying something about ClamAV.

Begin forwarded message:

Date: Mon,  5 Jul 2021 15:17:01 +0200 (CEST)
From: opensuse-secur...@opensuse.org
To: opensuse-security-annou...@opensuse.org
Subject: openSUSE-SU-2021:2242-1: important: Security update for clamav-database


  openSUSE Security Update: Security update for clamav-database
__

Announcement ID:openSUSE-SU-2021:2242-1
Rating: important
References: #1084929
Affected Products:
   openSUSE Leap 15.3
__

  An update that contains security fixes can now be installed.

Description:

  This update for clamav-database fixes the following issues:

  Changes in clamav-database:
  - database refresh on 2021-07-05 (bsc#1084929)
[...]
References:

  https://bugzilla.suse.com/1084929
[...]


Looks like this is OpenSUSE's response to the recent announcement of
the pending EOL of 0.100.x:

https://blog.clamav.net/2021/06/clamav-eol-of-0100x-versions.html

I can't be sure because I can't view the bugzilla ref (nice one, SUSE)
and from my other searches I can't make head nor tail of what they've
been doing with the 'Leap' versions but it *looks* like, well, nothing
since March 2019:

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

For example scroll down to OpenSUSE at

https://repology.org/project/clamav/versions

No wonder Joel's been tearing his hair out.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

2021-07-05 Thread Paul Kosinski via clamav-users 
Just FYI: this is the first time I remember seeing openSUSE notifying something 
about ClamAV.


Begin forwarded message:

Date: Mon,  5 Jul 2021 15:17:01 +0200 (CEST)
From: opensuse-secur...@opensuse.org
To: opensuse-security-annou...@opensuse.org
Subject: openSUSE-SU-2021:2242-1: important: Security update for clamav-database


   openSUSE Security Update: Security update for clamav-database
__

Announcement ID:openSUSE-SU-2021:2242-1
Rating: important
References: #1084929 
Affected Products:
openSUSE Leap 15.3
__

   An update that contains security fixes can now be installed.

Description:

   This update for clamav-database fixes the following issues:

   Changes in clamav-database:
   - database refresh on 2021-07-05 (bsc#1084929)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended 
installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2021-2242=1



Package List:

   - openSUSE Leap 15.3 (noarch):

  clamav-database-202107050018-3.480.1


References:

   https://bugzilla.suse.com/1084929



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: Freshclam ERROR: Initialization error! WARNING: Ignoring deprecated option

2021-07-02 Thread TH123 via clamav-users 

> Attn: G.W. Haywood
>
> I just received your reply. Thanks. I posted my fix before I received your 
> quick answer. I am a beginner at Clamav and have just begun to use it in the 
> terminal. Thanks again for your input.
>
> ‐‐‐ Original Message ‐‐‐
>
> On Friday, July 2nd, 2021 at 2:07 PM, G.W. Haywood cla...@jubileegroup.co.uk 
> wrote:
>
> > Hi there,
> >
> > On Fri, 2 Jul 2021, TH123 via clamav-users wrote:
> >
> > > On Fri, 2 Jul 2021, G.W. Haywood wrote:
> > >
> > > > On Friday, July 2nd, 2021 at 1:06 PM, TH123 round12...@protonmail.com 
> > > > wrote:
> > > >
> > > > > I'm having a problem with freshclam.
> > > > >
> > > > > $ sudo freshclam
> > > > >
> > > > > WARNING: Ignoring deprecated option SafeBrowsing at 
> > > > > /etc/clamav/freshclam.conf:22
> > > > >
> > > > > ERROR: /var/log/clamav/freshclam.log is locked by another process
> > > > >
> > > > > ...
> > > > >
> > > > > ...
> > > > >
> > > > > Do you already have a freshclam daemon running?
> > > > >
> > > > > ...
> > >
> > > Thanks for any consideration of the problem, but I found the solution.
> > >
> > > sudo freshclam command is used for updating your antivirus database,
> > >
> > > which cannot be run while another instance (auto update) is already
> > >
> > > running.
> >
> > That's right. If that doesn't sound like what I said, you need to
> >
> > think a bit more about what you're doing.
> >
> > 73,
> >
> > Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: Freshclam ERROR: Initialization error! WARNING: Ignoring deprecated option

2021-07-02 Thread G.W. Haywood via clamav-users 

Hi there,

On Fri, 2 Jul 2021, TH123 via clamav-users wrote:

On Fri, 2 Jul 2021, G.W. Haywood wrote:
> On Friday, July 2nd, 2021 at 1:06 PM, TH123  wrote:
> >
> > I'm having a problem with freshclam.
> >
> > $ sudo freshclam
> > WARNING: Ignoring deprecated option SafeBrowsing at 
/etc/clamav/freshclam.conf:22
> > ERROR: /var/log/clamav/freshclam.log is locked by another process
> > ...
> ...
> Do you already have a freshclam daemon running?
> ...

Thanks for any consideration of the problem, but I found the solution.

sudo freshclam command is used for updating your antivirus database,
which cannot be run while another instance (auto update) is already
running.


That's right.  If that doesn't sound like what I said, you need to
think a bit more about what you're doing.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: Freshclam ERROR: Initialization error! WARNING: Ignoring deprecated option

2021-07-02 Thread TH123 via clamav-users 
Thanks for any consideration of the problem, but I found the solution.

sudo freshclam command is used for updating your antivirus database, which 
cannot be run while another instance (auto update) is already running.

Stop auto uptade process: sudo /etc/init.d/clamav-freshclam stop

Run manual update: sudo freshclam

Re-Start auto update process: sudo /etc/init.d/clamav-freshclam start

I found this on: 
https://askubuntu.com/questions/880253/sudo-freshclam-not-working-error-cant-open-var-log-clamav-freshclam-log-in-a#880282

Thanks again.

‐‐‐ Original Message ‐‐‐
On Friday, July 2nd, 2021 at 1:06 PM, TH123  wrote:

>> Attn: Clamav-users
>>
>> I'm having a problem with freshclam.
>>
>> $ sudo freshclam
>> WARNING: Ignoring deprecated option SafeBrowsing at 
>> /etc/clamav/freshclam.conf:22
>> ERROR: /var/log/clamav/freshclam.log is locked by another process
>> ERROR: Problem with internal logger (UpdateLogFile = 
>> /var/log/clamav/freshclam.log).
>> ERROR: initialize: libfreshclam init failed.
>> ERROR: Initialization error!
>> $
>>
>> This happened after an OS update. I have Pop! OS (version of Ubuntu) and it 
>> is 20.04. Before the update, everything was working fine. I purged all files 
>> related to clamav and freshclam and reinstalled with no change.
>>
>> Any advice is appreciated.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: Freshclam ERROR: Initialization error! WARNING: Ignoring deprecated option

2021-07-02 Thread G.W. Haywood via clamav-users 

Hi there,

On Fri, 2 Jul 2021, TH123 via clamav-users wrote:


I'm having a problem with freshclam.

$ sudo freshclam
WARNING: Ignoring deprecated option SafeBrowsing at 
/etc/clamav/freshclam.conf:22
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = 
/var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
$



This happened after an OS update. I have Pop! OS (version of Ubuntu)
and it is 20.04. Before the update, everything was working fine. I
purged all files related to clamav and freshclam and reinstalled
with no change.


Presumably you're not asking about the warning, but about the errors.

Do you already have a freshclam daemon running?  It would not be at
all unusual for an OS would start one at boot.  Use 'top' or 'ps' or
whatever tool you're familiar with to check for the existence of a
freshclam process.  If you have one running already you can either let
it do its job, or kill it and start another one.

If that doesn't seem to be the problem let us know.  See mail of mine
to this list in the last day or so for a bit more about freshclam, or
Read The Fine Manual.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fw: Freshclam ERROR: Initialization error! WARNING: Ignoring deprecated option

2021-07-02 Thread TH123 via clamav-users 
> Attn: Clamav-users
>
> I'm having a problem with freshclam.
>
> $ sudo freshclam
> WARNING: Ignoring deprecated option SafeBrowsing at 
> /etc/clamav/freshclam.conf:22
> ERROR: /var/log/clamav/freshclam.log is locked by another process
> ERROR: Problem with internal logger (UpdateLogFile = 
> /var/log/clamav/freshclam.log).
> ERROR: initialize: libfreshclam init failed.
> ERROR: Initialization error!
> $
>
> This happened after an OS update. I have Pop! OS (version of Ubuntu) and it 
> is 20.04. Before the update, everything was working fine. I purged all files 
> related to clamav and freshclam and reinstalled with no change.
>
> Any advice is appreciated.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: ClamAV HTML RealURL DisplayURL failed

2020-08-24 Thread G.W. Haywood via clamav-users 

Hi there,

It has been a little difficult to make sense of your posts.  Be aware
that not everyone will be using the same kind of mail client and that
on my screen things might not look the same as they do on yours.  If
your English is not sufficiently good to explain your problem, perhaps
before you post here you can find a native English speaker to whom you
can try to explain it.

Joel asked you about the file type, but it seems that you did not
understand the question.  For more information, see the ClamAV
documentation for writing signatures at

https://www.clamav.net/documents/creating-signatures-for-clamav

See also the 'sigtool' output in my message below.

On Mon, 24 Aug 2020, shishab...@vollbio.de wrote:


clamscan doesn't identify cases where (real_URL != displayable_URL) as virus
automatically by using the urlhaus.ndb: https:// 
urlhaus.abuse.ch/downloads/urlhaus.ndb - the urlhaus.ndb is not generated as 
*.pdb file https:// urlhaus.abuse.ch/api/


My clamd server does not seem to agree with you.

I picked a URLhaus signature at random and created a file for testing.
Note that in the output shown below I have obscured the URL itself by
substituting "" in place of the "http", and by wrapping the two
dots in [square brackets].  I also removed my bash prompt's context.
Those are the only changes I've made in the output.

Here's the .ndb file:

8<--
$ ls -l /var/lib/clamav/databases/urlhaus.ndb 
-rw-r--r-- 1 clamav clamav 823898 Aug 24 12:20 /var/lib/clamav/databases/urlhaus.ndb

8<--

Here's a more or less random URLhaus signature:

8<--
$ sigtool --datadir=/var/lib/clamav/databases -fURLhaus.22877 | sigtool 
--decode-sigs
VIRUS NAME: URLhaus.22877
FUNCTIONALITY LEVEL: >=48
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
://www[.]allloveseries[.]com/Jun2018/Invoices/
8<--

Here's a test file:

8<--
$ cat test2.txt
This is a text file containing a bare URL.



8<--

Let's see if clamd finds it:

8<--
$ file test2.txt
test2.txt: HTML document, ASCII text
$ clamdscan --config-file=/etc/mail/clamav/clamd.conf ~/test2.txt
/home/ged/test2.txt: Urlhaus.Malware.22877-7132725-0 FOUND

--- SCAN SUMMARY ---
Infected files: 1
Time: 0.025 sec (0 m 0 s)
8<--

Yes, it did.

Now I remove one character from the HTML tag:

8<--
$ vi test2.txt
$ cat test2.txt
This is a text file containing a bare URL.

' character.

Fix the broken tag, add some junk for "display URL".

8<--
$ vi test2.txt
$ cat test2.txt
This is a text file contianing a bare URL.

silly_link

8<--

Let's see if clamd finds it now:

8<--
$ clamdscan --config-file=/etc/mail/clamav/clamd.conf ~/test2.txt
/home/ged/test2.txt: Urlhaus.Malware.22877-7132725-0 FOUND

--- SCAN SUMMARY ---
Infected files: 1
Time: 0.012 sec (0 m 0 s)
8<--

Yes it does.

The opening HTML tag must be complete, but there is no need even for a
display URL to exist and the closing tag ("") need not be present.

So at least on my system clamdscan and clamd are behaving as I expect.


is the real_URL directly in the HTML Mail wrote, clamscan dedect it correctly.
Can anyone tell me, where is my settingsproblem to find?


I have very little experience of the URLhaus signatures, but from my
understanding of the way in which these things work I do not see how
the "display URL" could have had the effect which you described.

It is not clear to me that you have explained the problem adequately.
Perhaps you are trying to fix it before you have actually found it.

Note that if the target file type is 'HTML' (see the 'sigtool' output
above) clamd MUST recognize the file or stream as being of type HTML
for the signature to be applied during a scan.  This may be the issue
you're having, rather than a problem with the real/displayed URLs.

Note also that some mail clients with graphical interfaces will do the
strangest things with _any_ text in a message which looks like a URL.
Sometimes, if the mail client tries to be too 'helpful', it can be
difficult to express these issues clearly in an email.

--

73,
Ged.

___

clamav-users mailing list

[clamav-users] Fw: ClamAV HTML RealURL DisplayURL failed

2020-08-24 Thread shishabert 
Hi,
 
clamscan doesn't identify cases where (real_URL != displayable_URL) as virus
automatically by using the urlhaus.ndb: https:// 
urlhaus.abuse.ch/downloads/urlhaus.ndb - the urlhaus.ndb is not generated as 
*.pdb file https:// urlhaus.abuse.ch/api/ 
 
is the real_URL directly in the HTML Mail wrote, clamscan dedect it correctly.
Can anyone tell me, where is my settingsproblem to find?
 
BR, Bert
> 
> > Gesendet: Mittwoch, 29. Juli 2020 um 15:54 Uhr
> > Von: shishab...@vollbio.de
> > An: clamav-users@lists.clamav.net
> > Betreff: [clamav-users] ClamAV HTML RealURL DisplayURL failed
> >
> > Hi,
> > 
> > what do you mean with "writing your rule"?
> > 
> > amavis works fine - i put the realURL in the body of mail and he alerts me. 
> > he alterted me too, when I use the the badevil-link e.g. "https[:// 
> > bad-boy-link[.com/path/to/location/" in my yara-rule and take in my 
> > mail-body with an hyperlink (realURL: "https[:// 
> > bad-boy-link[.com/path/to/location/" / displayURL: "https[:// 
> > I-am-so-innocent[.com/click-me/"). Only ClamAV do not find or does not 
> > recognize, if the link are hyperlink:
> > 
> > clamscan -d /var/lib/clamav/urlhaus.ndb --debug --max-filesize=0 
> > /root/_test/BadMessages.msg 2> test.txt
> > 
> > LibClamAV debug: searching for unrar, user-searchpath: /usr/lib64
> > LibClamAV debug: unrar support loaded from 
> > /usr/lib64/libclamunrar_iface.so.9.0.4 libclamunrar_iface_so_9_0
> > LibClamAV debug: Initialized 0.102.2 engine
> > LibClamAV debug: Initializing phishcheck module
> > LibClamAV debug: Phishcheck: Compiling regex: ^ 
> > *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
> > LibClamAV debug: Phishcheck module initialized
> > LibClamAV debug: Bytecode initialized in interpreter mode
> > LibClamAV debug: Initializing engine->root[0]
> > LibClamAV debug: Initializing AC pattern matcher of root[0]
> > LibClamAV debug: cli_initroots: Initializing BM tables of root[0]
> > LibClamAV debug: Initializing engine->root[1]
> > LibClamAV debug: Initializing AC pattern matcher of root[1]
> > LibClamAV debug: cli_initroots: Initializing BM tables of root[1]
> > LibClamAV debug: Initializing engine->root[2]
> > ...
> > ...
> > ...
> > LibClamAV debug: /var/lib/clamav/urlhaus.ndb loaded
> > LibClamAV debug: Loaded 155 filetype definitions
> > LibClamAV debug: Using filter for trie 0
> > LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 82 (reloff: 1, absoff: 0) BM 
> > sigs: 5360 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 
> > 251 
> > LibClamAV debug: Using filter for trie 1
> > LibClamAV debug: Matcher[1]: PE: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 
> > 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > LibClamAV debug: Matcher[2]: OLE2: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[3]: HTML: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Using filter for trie 4
> > LibClamAV debug: Matcher[4]: MAIL: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[6]: ELF: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Using filter for trie 7
> > LibClamAV debug: Matcher[7]: ASCII: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[10]: PDF: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[11]: FLASH: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[12]: JAVA: AC sigs: 0 (reloff: 0, absoff: 0) BM 
> > sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 
> > (ac_only mode)
> > LibClamAV debug: Matcher[13]: INTERNAL: AC sigs: 0 (reloff: 0, absoff: 0) 
> > BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 
> > 0 (ac_only mode)
> > LibClamAV debug: Matcher[14]: OTHER: AC

Re: [clamav-users] FW: How to programmatically determine if I have latest clamd software

2020-06-11 Thread Rick Cooper 
You misunderstand what I meant, that was an example of how it works not an 
example to use in your dashboard. In my case if freshclam fails it sends me an 
email (another script trigger in the .conf file) and if it sees an outdated 
clam version it also sends me an email with the info from the log I showed you 
the first time. In your case I would think you would just parse the current 
version and recommended version and write them to a data file to be used by 
your dashboard and it would only be updated when the version changes, wouldn't 
make sense to query when the information change can be triggered by freshclam 
it's self anytime it updates. Freshclam it's self can trigger notice when there 
is an update issue.
 
Rick

  _  

From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Cliff via clamav-users
Sent: Wednesday, June 10, 2020 8:42 PM
To: 'ClamAV users ML'
Cc: cha...@afo.net
Subject: [clamav-users] FW: How to programmatically determine if I have latest 
clamd software



Thanks.

I also have a similar cron script that updates clam daily.

What I’m looking for is a way to double check in case the script encounters a 
problem and cannot notify.

Unfortunately, your method using freshclam takes about 20 seconds, which is too 
long for a dashboard.

What I am looking for is a very quick way to determine if clam software is out 
of date.

I already know how to get the version on the server: Clamscan -V

I guess freshclam is the only way, but it has to do a bazillion things before 
it gives an answer.

I Was hoping for a quick way to ping somewhere and get the most recent version 
for comparison.

But I guess I’ll have to pull in the whole downloads page and read the version 
off that ☹

 

From: Rick Cooper  
Sent: Wednesday, June 10, 2020 7:21 PM
To: 'ClamAV users ML' 
Cc: cha...@afo.net
Subject: RE: [clamav-users] How to programmatically determine if I have latest 
clamd software

 

look in the man page for freshclam:

--on-outdated-execute=COMMAND
Execute COMMAND when freshclam reports outdated version. In the command string 
%v will be replaced by the new version number.

 

in the config file OnOutdatedExecute

 

I have a script that sends me an email when freshclam sees the new version, and 
it's not talking about the DB version

 

you will also see log lines like this even when the dbs are up todate:

 

Your ClamAV installation is OUTDATED!
Local version: x.xxx.x Recommended version: y.yyy.y
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

Where x is the current version and y is the newest version

 

A very simple way to check is: freshclam --on-outdated-execute=">&2 echo %v" > 
/dev/null

which would return the new version if outdated and nothing otherwise.

 

My script parses the log and gets the Local version line for the email

 

Rick

 

  _  

From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Cliff via clamav-users
Sent: Wednesday, June 10, 2020 5:02 PM
To: clamav-users@lists.clamav.net
Cc: cha...@afo.net
Subject: [clamav-users] How to programmatically determine if I have latest 
clamd software

I am building a php dashboard.

I would like to be able to ping my servers and get notified if clamd software 
(not signatures) is out of date.

This is for situations where my normal update process breaks for whatever 
reason.

Is there a command that will give me a yes/no answer?

If not, is there a URL I can ping to return the latest version number?  Then I 
can run clamscan -V and compare the two.

 


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW: How to programmatically determine if I have latest clamd software

2020-06-10 Thread Richard via clamav-users 


> Date: Wednesday, June 10, 2020 19:42:18 -0500
> From: Cliff via clamav-users 
> 
> I also have a similar cron script that updates clam daily.
> 
> What I’m looking for is a way to double check in case the script
> encounters a problem and cannot notify.
> 
> Unfortunately, your method using freshclam takes about 20 seconds,
> which is too long for a dashboard.
> 
> What I am looking for is a very quick way to determine if clam
> software is out of date.
> 

The current version can be gotten from the dns txt record of

  current.cvd.clamav.net

The command:

  dig +short current.cvd.clamav.net txt

will return the one line with that information, which (after a little
parsing) you can then compare with the version that your machines are
running.



 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] FW: How to programmatically determine if I have latest clamd software

2020-06-10 Thread Cliff via clamav-users 
Thanks.

I also have a similar cron script that updates clam daily.

What I’m looking for is a way to double check in case the script encounters a 
problem and cannot notify.

Unfortunately, your method using freshclam takes about 20 seconds, which is too 
long for a dashboard.

What I am looking for is a very quick way to determine if clam software is out 
of date.

I already know how to get the version on the server: Clamscan -V

I guess freshclam is the only way, but it has to do a bazillion things before 
it gives an answer.

I Was hoping for a quick way to ping somewhere and get the most recent version 
for comparison.

But I guess I’ll have to pull in the whole downloads page and read the version 
off that ☹

 

From: Rick Cooper  
Sent: Wednesday, June 10, 2020 7:21 PM
To: 'ClamAV users ML' 
Cc: cha...@afo.net
Subject: RE: [clamav-users] How to programmatically determine if I have latest 
clamd software

 

look in the man page for freshclam:

--on-outdated-execute=COMMAND
Execute COMMAND when freshclam reports outdated version. In the command string 
%v will be replaced by the new version number.

 

in the config file OnOutdatedExecute

 

I have a script that sends me an email when freshclam sees the new version, and 
it's not talking about the DB version

 

you will also see log lines like this even when the dbs are up todate:

 

Your ClamAV installation is OUTDATED!
Local version: x.xxx.x Recommended version: y.yyy.y
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

Where x is the current version and y is the newest version

 

A very simple way to check is: freshclam --on-outdated-execute=">&2 echo %v" > 
/dev/null

which would return the new version if outdated and nothing otherwise.

 

My script parses the log and gets the Local version line for the email

 

Rick

 

  _  

From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Cliff via clamav-users
Sent: Wednesday, June 10, 2020 5:02 PM
To: clamav-users@lists.clamav.net  
Cc: cha...@afo.net  
Subject: [clamav-users] How to programmatically determine if I have latest 
clamd software

I am building a php dashboard.

I would like to be able to ping my servers and get notified if clamd software 
(not signatures) is out of date.

This is for situations where my normal update process breaks for whatever 
reason.

Is there a command that will give me a yes/no answer?

If not, is there a URL I can ping to return the latest version number?  Then I 
can run clamscan -V and compare the two.

 


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW:

2018-04-25 Thread Paul Kosinski 
When I tried to specify a limit beyond 4 GB using the "--max-filesize"
or "--max-scansize" options, clamscan didn't allow it. Has that been
fixed in the new ".100" release?


On Wed, 25 Apr 2018 10:53:28 +
Richard Tappenden  wrote:

> Hey guys - can you answer a couple of questions? 
> 
> Can we configure clamd to scan *any* file type/extension, or does it
> only scan certain ones? 
> 
> Can we increase max size beyond 4gb? 
> 
> Is scanning on a mounted drive/network share feasible, and what are
> the effects on performance? 
> 
> TIA :)
> 
> Richard Tappenden | Principal Developer
> Huddle – Transform the way you work!
> 
> richard.tappen...@huddle.com | T: +44 (0)8709 772 212
> 
> 
> 
> Ninian Solutions Ltd (trading as Huddle) is registered in England &
> Wales at Aldgate Tower, 2 Leman Street, London, UK (company number
> 05777111) and its U.S subsidiary Huddle Inc., a Delaware Corporation,

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW:

2018-04-25 Thread Alberto José García Fumero 
El mié, 25-04-2018 a las 10:53 +, Richard Tappenden escribió:
> Hey guys - can you answer a couple of questions? 
> 
> Can we configure clamd to scan *any* file type/extension, or does it
> only scan certain ones? 
> 
> Can we increase max size beyond 4gb? 
> 
> Is scanning on a mounted drive/network share feasible, and what are
> the effects on performance? 
> 
> TIA :)
> 
> Richard Tappenden | Principal Developer
> Huddle – Transform the way you work!
> 
> richard.tappen...@huddle.com | T: +44 (0)8709 772 212
> 

Hi.

At least in Linux, is possible to scan remote, mounted drives using
ClamAV. It is irrelevant if they are Windows or Linux filesystems. I
have no experience with Mac.

You need the smbnetfs. After installing it, and chosing the convenient
user for the interaction, you have to create in its directory a .smb
textfile. I must contain a copy of your local /etc/smb.conf file and a
copy of the /etc/smbnetfs.conf.

Let's suppose that the chosen user is root, and that you'll mount the
remote drives under /media (or /mnt, as you like). Open a console, and
in the user directory type
smbnetfs mounting-point (smbnetfs /media)
or
smbnetfs -o mounting-point

if the mounting point is currently used.

Then you'll have under /media the structure of the remote drives and
workstations in the network. Now you can launch
clamscan -r workstation

and you'll can scan the shared drives. At least on Debian 7.x it works.

I hope this will help. 
-- 
M.Sc. Alberto García Fumero
Usuario Linux 97 138, registrado 10/12/1998
http://interese.cubava.cu
No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo
que pones en esas horas.




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW:

2018-04-25 Thread Al Varnell 
On Wed, Apr 25, 2018 at 03:53 AM, Richard Tappenden wrote:
> Hey guys - can you answer a couple of questions? 
> 
> Can we configure clamd to scan *any* file type/extension, or does it only 
> scan certain ones? 

There are a very few that are excluded, those where infections have never been 
reported. I believe these to be the only ones:

daily.ftm (IGNORED)
0:0:2e524d46:Real Media File:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:48692e20546869732069732074686520716d61696c2d73656e64:Qmail 
bounce:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:494433:MP3:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:4f676753:Ogg Stream:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:fffb90:MP3:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:5349502d48495420285349502f48:SIP log:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:53594d430100:SYM DATFILE:CL_TYPE_ANY:CL_TYPE_IGNORED
1:0,128:2f5247420a49440a:PDF 
image:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:377f0682002de218:SQLite WAL:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:377f0683002de218:SQLite WAL:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:53514c69746520666f726d6174203300:SQLite database:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:d9d505f920a163d7:SQLite journal:CL_TYPE_ANY:CL_TYPE_IGNORED

> Can we increase max size beyond 4gb? 

Possibly, if you have sufficient RAM to accommodate it, but as clearly 
announced in the conf:
"Note: disabling this limit or setting it too high may result in severe damage 
to the system."
where the default is 25M.

Not sure about other platforms, but there has never been an MacOS infection 
found in large files.

> Is scanning on a mounted drive/network share feasible, and what are the 
> effects on performance? 

Done that often, but too many variables to predict performance effects. You'll 
just have to try it with your setup to answer that one.

> TIA :)
> 
> Richard Tappenden

-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW:

2018-04-25 Thread Maarten Broekman 
ClamAV can scan any type of file. That said, it can unpack certain kinds of 
archives and scan the files inside. Also, ClamAV signatures can be written for 
specific kinds of files (PE files, text, etc) and they will only be used for 
those types.

I haven’t tried increasing the size beyond that so I can’t say.

Scanning on network drives incurs the same read penalty that all network drive 
access does. There is nothing special about scanning that incurs anything 
additional.

Sincerely,
Maarten

Sent from a tiny keyboard

> On Apr 25, 2018, at 06:53, Richard Tappenden  
> wrote:
> 
> Hey guys - can you answer a couple of questions? 
> 
> Can we configure clamd to scan *any* file type/extension, or does it only 
> scan certain ones? 
> 
> Can we increase max size beyond 4gb? 
> 
> Is scanning on a mounted drive/network share feasible, and what are the 
> effects on performance? 
> 
> TIA :)
> 
> Richard Tappenden | Principal Developer
> Huddle – Transform the way you work!
> 
> richard.tappen...@huddle.com | T: +44 (0)8709 772 212
> 
> 
> 
> Ninian Solutions Ltd (trading as Huddle) is registered in England & Wales at 
> Aldgate Tower, 2 Leman Street, London, UK (company number 05777111) and its 
> U.S subsidiary Huddle Inc., a Delaware Corporation, at 156 2nd Street, San 
> Francisco, CA, U.S. 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] FW:

2018-04-25 Thread Richard Tappenden 
Hey guys - can you answer a couple of questions? 

Can we configure clamd to scan *any* file type/extension, or does it only scan 
certain ones? 

Can we increase max size beyond 4gb? 

Is scanning on a mounted drive/network share feasible, and what are the effects 
on performance? 

TIA :)

Richard Tappenden | Principal Developer
Huddle – Transform the way you work!

richard.tappen...@huddle.com | T: +44 (0)8709 772 212



Ninian Solutions Ltd (trading as Huddle) is registered in England & Wales at 
Aldgate Tower, 2 Leman Street, London, UK (company number 05777111) and its U.S 
subsidiary Huddle Inc., a Delaware Corporation, at 156 2nd Street, San 
Francisco, CA, U.S. 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW: ClamAV - Open Source License

2017-11-29 Thread Kevin Kretz 
The first sentence on the the "About" page on clamav.net, which is the first 
response when googling "clamAV license": 

"ClamAV ® is an open source (GPL) anti-virus engine" 


From: "Peggy Anstett"  
To: "clamav-users"  
Sent: Wednesday, November 29, 2017 12:57:33 PM 
Subject: [clamav-users] FW: ClamAV - Open Source License 

Hi, does anyone know which open source license ClamAV is licensed under? Thanks 
in advance! 

Peggy Anstett | Relativity 
Paralegal, Transactions and Corporate 

direct: +1 (312) 676-5068 
mobile: +1 (650) 338-8240 

relativity.com<http://www.relativity.com/> 

From: Peggy Anstett 
Sent: Tuesday, November 21, 2017 11:47 AM 
To: 'clamav-users@lists.clamav.net'  
Subject: ClamAV - Open Source License 

Hi there, 

Can you please advise which open source license the ClamAV library is licensed 
under? The documentation is somewhat confusing. 

Thank you! 

Peggy Anstett | Relativity 
Paralegal, Transactions and Corporate 

direct: +1 (312) 676-5068 
mobile: +1 (650) 338-8240 

relativity.com<http://www.relativity.com/> 

___ 
clamav-users mailing list 
clamav-users@lists.clamav.net 
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users 


Help us build a comprehensive ClamAV guide: 
https://github.com/vrtadmin/clamav-faq 

http://www.clamav.net/contact.html#ml 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] FW: ClamAV - Open Source License

2017-11-29 Thread Peggy Anstett 
Hi, does anyone know which open source license ClamAV is licensed under? Thanks 
in advance!

Peggy Anstett | Relativity
Paralegal, Transactions and Corporate

direct: +1 (312) 676-5068
mobile: +1 (650) 338-8240

relativity.com

From: Peggy Anstett
Sent: Tuesday, November 21, 2017 11:47 AM
To: 'clamav-users@lists.clamav.net' 
Subject: ClamAV - Open Source License

Hi there,

Can you please advise which open source license the ClamAV library is licensed 
under? The documentation is somewhat confusing.

Thank you!

Peggy Anstett | Relativity
Paralegal, Transactions and Corporate

direct: +1 (312) 676-5068
mobile: +1 (650) 338-8240

relativity.com

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] FW: clamav-users Digest, Vol 150, Issue 18

2017-05-19 Thread outre...@epsilon.com 
Hi Al,

Thanks for your input, I will send you a sample.

Paypal sends campaigns for all their EMEA countries via our platform, so there 
are several sending domains used. Do I need to send a sample for each domain? 

Many thanks,

Anne-Sophie
--

Message: 11
Date: Thu, 18 May 2017 04:19:54 -0700
From: Al Varnell 
To: ClamAV users ML 
Subject: Re: [clamav-users] Mail from Paypal wrongly identified as
phishing by ClamAv
Message-ID: 
Content-Type: text/plain; charset="us-ascii"

This can be whitelisted by associating whatever foreign URL is being used 
within these messages with paypal domains, but you need to submit a sample to 
 so that it can be taken care of.

-Al-

On Thu, May 18, 2017 at 03:41 AM, outre...@epsilon.com wrote:
> 
> Hello,
> 
> Mail from our client Paypal is being wrongly flagged as phishing by ClamAv.
> 
> We get this type of bounce erros:
> 554 Your email was rejected because it contains the 
> Heuristics.Phishing.Email.SpoofedDomain virus
> 
> Mailing IPs: 142.54.244. [96-110]
> Mailing domains:mail.paypal.at, mail.paypal.nl, mail.paypal.com, 
> mail.paypal.pl Date of issue: 09 May 2017
> 
> Please make the necessary changes to your product ASAP.
> 
> These emails are legitimate, sent to optin customers of Paypal, and 
> authenticate with SPF, DKIM and DMARC.
> 
> 
> Please contact me if you need any additional information.
> 
> Regards,
> 
> Anne-Sophie Marsh, Sr Email Deliverability Manager EMEA
> T   +44 2086143219   M +44 7469352383   Epsilon, 67 Broad Street, Teddington 
> TW11 8QZ, UK  epsilon.com
> [http://help.epsilon.com/images/logo.png]
*
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW: Problem with setup

2016-05-25 Thread Michael D. L. 



On 05/25/2016 11:06 AM, Philip Andersson wrote:



I got some new information. The test files came from cybercom and all other 
test files they sent to us was blocked. I think that clamd removes the virus 
and reports OK back and translates the stream from PDF 1.4 to PDF 1.5. Because 
if I open the two files in hexeditors their headers is not the same and the row 
containing the virus is gone. Could clamd have done this?
  



That sounds unlikely, as ClamAV can't disinfect files - and surely 
wouldn't start converting between PDF formats.


The age of the virus doesn't matter - it should be detected regardless 
of method.


You should look into making a debug-plugin, to get some more information 
about what happens, when the file is injected into the ClamAV-Daemon.


Best regards
  Michael


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FW: Problem with setup

2016-05-25 Thread Philip Andersson 



I got some new information. The test files came from cybercom and all other 
test files they sent to us was blocked. I think that clamd removes the virus 
and reports OK back and translates the stream from PDF 1.4 to PDF 1.5. Because 
if I open the two files in hexeditors their headers is not the same and the row 
containing the virus is gone. Could clamd have done this? 
 
> From: philip.andersson...@live.se
> To: clamav-users@lists.clamav.net
> Date: Wed, 25 May 2016 08:54:55 +0200
> Subject: [clamav-users] FW:  Problem with setup
> 
> > From: philip.andersson...@live.se
> > To: clamav-users@lists.clamav.net
> > Date: Tue, 24 May 2016 19:17:42 +0200
> > Subject: Re: [clamav-users] Problem with setup
> > 
> > The Eicar virus is stopped, a colleague of mine tested it, but this pdf 
> > virus is still slinking through CVE-2010-1240. 
> > 
> > I know that this virus is old but because of old systems on end users it is 
> > still a risk. It picks it up in clamdscan though as noted before. Cant see 
> > socket output right now but the regular output is dead silent. Only start 
> > up things and database updates. The last row is the clamdscan output. Runs 
> > the same output-file.
> >  
> > Tue May 24 12:45:30 2016 -> +++ Started at Tue May 24 12:45:30 2016
> > Tue May 24 12:45:30 2016 -> Received 0 file descriptor(s) from systemd.
> > Tue May 24 12:45:30 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: 
> > x86_64, CPU: x86_64)
> > Tue May 24 12:45:30 2016 -> Log file size limited to 104857600 bytes.
> > Tue May 24 12:45:30 2016 -> Reading databases from 
> > /program/clamav_new/database
> > Tue May 24 12:45:30 2016 -> Not loading PUA signatures.
> > Tue May 24 12:45:30 2016 -> Bytecode: Security mode set to "TrustSigned".
> > Tue May 24 12:45:38 2016 -> Loaded 4383889 signatures.
> > Tue May 24 12:45:39 2016 -> TCP: Bound to [0.0.0.0]:3310
> > Tue May 24 12:45:39 2016 -> TCP: Setting connection queue length to 200
> > Tue May 24 12:45:39 2016 -> LOCAL: Unix socket file /tmp/clamd.socket
> > Tue May 24 12:45:39 2016 -> LOCAL: Setting connection queue length to 200
> > Tue May 24 12:45:39 2016 -> Limits: Global size limit set to 104857600 
> > bytes.
> > Tue May 24 12:45:39 2016 -> Limits: File size limit set to 41943040 bytes.
> > Tue May 24 12:45:39 2016 -> Limits: Recursion level limit set to 16.
> > Tue May 24 12:45:39 2016 -> Limits: Files limit set to 1.
> > Tue May 24 12:45:39 2016 -> Limits: MaxEmbeddedPE limit set to 10485760 
> > bytes.
> > Tue May 24 12:45:39 2016 -> Limits: MaxHTMLNormalize limit set to 10485760 
> > bytes.
> > Tue May 24 12:45:39 2016 -> Limits: MaxHTMLNoTags limit set to 2097152 
> > bytes.
> > Tue May 24 12:45:39 2016 -> Limits: MaxScriptNormalize limit set to 5242880 
> > bytes.
> > Tue May 24 12:45:39 2016 -> Limits: MaxZipTypeRcg limit set to 1048576 
> > bytes.
> > Tue May 24 12:45:39 2016 -> Limits: MaxPartitions limit set to 50.
> > Tue May 24 12:45:39 2016 -> Limits: MaxIconsPE limit set to 100.
> > Tue May 24 12:45:39 2016 -> Limits: MaxRecHWP3 limit set to 16.
> > Tue May 24 12:45:39 2016 -> Limits: PCREMatchLimit limit set to 1.
> > Tue May 24 12:45:39 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
> > Tue May 24 12:45:39 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
> > Tue May 24 12:45:39 2016 -> Archive support enabled.
> > Tue May 24 12:45:39 2016 -> Algorithmic detection enabled.
> > Tue May 24 12:45:39 2016 -> Portable Executable support enabled.
> > Tue May 24 12:45:39 2016 -> ELF support enabled.
> > Tue May 24 12:45:39 2016 -> Mail files support enabled.
> > Tue May 24 12:45:39 2016 -> OLE2 support enabled.
> > Tue May 24 12:45:39 2016 -> PDF support enabled.
> > Tue May 24 12:45:39 2016 -> SWF support enabled.
> > Tue May 24 12:45:39 2016 -> HTML support enabled.
> > Tue May 24 12:45:39 2016 -> XMLDOCS support enabled.
> > Tue May 24 12:45:39 2016 -> HWP3 support enabled.
> > Tue May 24 12:45:39 2016 -> Self checking every 600 seconds.
> > Tue May 24 12:55:54 2016 -> SelfCheck: Database status OK.
> > Tue May 24 13:13:18 2016 -> SelfCheck: Database status OK.
> > Tue May 24 13:23:18 2016 -> SelfCheck: Database status OK.
> > Tue May 24 13:33:18 2016 -> SelfCheck: Database status OK.
> > Tue May 24 13:43:18 2016 -> SelfCheck: Database status OK.
> > Tue May 24 13:53:18 2016 -> SelfCheck: Database status OK.
> > Tue May 24 13:58:29 2016 -> /nfshome/66118710/clam/cyberco

[clamav-users] FW: Problem with setup

2016-05-24 Thread Philip Andersson 
> From: philip.andersson...@live.se
> To: clamav-users@lists.clamav.net
> Date: Tue, 24 May 2016 19:17:42 +0200
> Subject: Re: [clamav-users] Problem with setup
> 
> The Eicar virus is stopped, a colleague of mine tested it, but this pdf virus 
> is still slinking through CVE-2010-1240. 
> 
> I know that this virus is old but because of old systems on end users it is 
> still a risk. It picks it up in clamdscan though as noted before. Cant see 
> socket output right now but the regular output is dead silent. Only start up 
> things and database updates. The last row is the clamdscan output. Runs the 
> same output-file.
>  
> Tue May 24 12:45:30 2016 -> +++ Started at Tue May 24 12:45:30 2016
> Tue May 24 12:45:30 2016 -> Received 0 file descriptor(s) from systemd.
> Tue May 24 12:45:30 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, 
> CPU: x86_64)
> Tue May 24 12:45:30 2016 -> Log file size limited to 104857600 bytes.
> Tue May 24 12:45:30 2016 -> Reading databases from 
> /program/clamav_new/database
> Tue May 24 12:45:30 2016 -> Not loading PUA signatures.
> Tue May 24 12:45:30 2016 -> Bytecode: Security mode set to "TrustSigned".
> Tue May 24 12:45:38 2016 -> Loaded 4383889 signatures.
> Tue May 24 12:45:39 2016 -> TCP: Bound to [0.0.0.0]:3310
> Tue May 24 12:45:39 2016 -> TCP: Setting connection queue length to 200
> Tue May 24 12:45:39 2016 -> LOCAL: Unix socket file /tmp/clamd.socket
> Tue May 24 12:45:39 2016 -> LOCAL: Setting connection queue length to 200
> Tue May 24 12:45:39 2016 -> Limits: Global size limit set to 104857600 bytes.
> Tue May 24 12:45:39 2016 -> Limits: File size limit set to 41943040 bytes.
> Tue May 24 12:45:39 2016 -> Limits: Recursion level limit set to 16.
> Tue May 24 12:45:39 2016 -> Limits: Files limit set to 1.
> Tue May 24 12:45:39 2016 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
> Tue May 24 12:45:39 2016 -> Limits: MaxHTMLNormalize limit set to 10485760 
> bytes.
> Tue May 24 12:45:39 2016 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
> Tue May 24 12:45:39 2016 -> Limits: MaxScriptNormalize limit set to 5242880 
> bytes.
> Tue May 24 12:45:39 2016 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
> Tue May 24 12:45:39 2016 -> Limits: MaxPartitions limit set to 50.
> Tue May 24 12:45:39 2016 -> Limits: MaxIconsPE limit set to 100.
> Tue May 24 12:45:39 2016 -> Limits: MaxRecHWP3 limit set to 16.
> Tue May 24 12:45:39 2016 -> Limits: PCREMatchLimit limit set to 1.
> Tue May 24 12:45:39 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
> Tue May 24 12:45:39 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
> Tue May 24 12:45:39 2016 -> Archive support enabled.
> Tue May 24 12:45:39 2016 -> Algorithmic detection enabled.
> Tue May 24 12:45:39 2016 -> Portable Executable support enabled.
> Tue May 24 12:45:39 2016 -> ELF support enabled.
> Tue May 24 12:45:39 2016 -> Mail files support enabled.
> Tue May 24 12:45:39 2016 -> OLE2 support enabled.
> Tue May 24 12:45:39 2016 -> PDF support enabled.
> Tue May 24 12:45:39 2016 -> SWF support enabled.
> Tue May 24 12:45:39 2016 -> HTML support enabled.
> Tue May 24 12:45:39 2016 -> XMLDOCS support enabled.
> Tue May 24 12:45:39 2016 -> HWP3 support enabled.
> Tue May 24 12:45:39 2016 -> Self checking every 600 seconds.
> Tue May 24 12:55:54 2016 -> SelfCheck: Database status OK.
> Tue May 24 13:13:18 2016 -> SelfCheck: Database status OK.
> Tue May 24 13:23:18 2016 -> SelfCheck: Database status OK.
> Tue May 24 13:33:18 2016 -> SelfCheck: Database status OK.
> Tue May 24 13:43:18 2016 -> SelfCheck: Database status OK.
> Tue May 24 13:53:18 2016 -> SelfCheck: Database status OK.
> Tue May 24 13:58:29 2016 -> /nfshome/66118710/clam/cybercom_pentest2.pdf: 
> Win.Trojan.MSShellcode-7(0fefca28d5c5509397979d86c4e8d1cb:95307) FOUND
>  
> Output from clamdscan:
> $/program/clamav_new/clamav/bin/clamdscan -c 
> /program/clamav_new/clamav/etc/clamd-A1.conf 
> /nfshome/66118710/clam/cybercom_pentest2.pdf 
> /nfshome/66118710/clam/cybercom_pentest2.pdf: Win.Trojan.MSShellcode-7 FOUND
>  
> --- SCAN SUMMARY ---
> Infected files: 1
> Time: 0.047 sec (0 m 0 s)
> 
>  
> > To: clamav-users@lists.clamav.net
> > From: cla...@cosis.dk
> > Date: Tue, 24 May 2016 16:52:22 +0200
> > Subject: Re: [clamav-users] Problem with setup
> > 
> > 
> > 
> > On 05/24/2016 04:29 PM, Philip Andersson wrote:
> > > I know that the setup have work before, but the test virus is new and the 
> > > clamav version is new. The plugins is written by me and used in small MTS 
> > > application.
> > >   
> > > I am not reading the log-file but the output stream from clamd, its two 
> > > different things.
> > >   
> > > I just wonder how the clamd is missing a virus that clamdscan picks up 
> > > when using the same settings and same database.
> > > Is there a difference in the way they work?
> > >   
> > >   
> > > _
> > You could have saved us all a lot of time,

[clamav-users] Fw: important message

2016-02-25 Thread lists 
Hello!

 

New message, please read 

 

li...@kratzt.net

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: important message

2016-01-28 Thread Benny Pedersen 

On 2016-01-28 19:50, Al Varnell wrote:

Yet another malware site.

Can we get this guy off the list please.


+

add sanesecurity sigs to maillist server could help even more
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: important message

2016-01-28 Thread Al Varnell 
Yet another malware site.

Can we get this guy off the list please.

-Al-

On Jan 28, 2016, at 10:40 AM, li...@kratzt.net wrote:

> Hello!
> 
> 
> 
> New message, please read 
> 
> 
> 
> li...@kratzt.net


smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fw: important message

2016-01-28 Thread lists 
Hello!

 

New message, please read 

 

li...@kratzt.net

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: important message

2016-01-10 Thread Al Varnell 
WARNING!

VirusTotal check of URL shows that Avira and BitDefender detect it as a Malware 
Site 


and download is detected by Kaspersky as HEUR:Trojan.Script.Generic
.

-Al-

On Sun, Jan 10, 2016 at 12:37 AM, li...@kratzt.net wrote:
> 
> Hello!
> 
> 
> 
> New message, please read 
> 
> 
> 
> li...@kratzt.net


smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fw: important message

2016-01-10 Thread lists 
Hello!

 

New message, please read 

 

li...@kratzt.net

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fw: RE: Re: clamdscan t...

2015-11-23 Thread Steve Basford 

On Mon, November 23, 2015 4:18 pm, Matus UHLAR - fantomas wrote:
> seems that someone with ***idiotic antispam rules** has subscribed to this
> list...

aka how to let a user down gently... :)

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fw: RE: Re: clamdscan t...

2015-11-23 Thread Matus UHLAR - fantomas 

seems that someone with idiotic antispam rules has subscribed to this list...

- Forwarded message from Jean philippe Catteau  
-

Received: from behost5.spamenmoins.net (behost5.spamenmoins.net [80.67.189.171])
by fantomas.fantomas.sk (8.14.4/8.14.4/Debian-4) with ESMTP id 
tANGFqQ3001436
for ; Mon, 23 Nov 2015 17:15:57 +0100
To: uh...@fantomas.sk
Subject: RE: Re: [clamav-users] clamdscan t...
From: Jean philippe Catteau 
Date: Mon, 23 Nov 2015 17:15:51 +0100 (CET)

[deleted]

Hello, Jean philippe Catteau   here,

To cope with high amounts of spam mail, I have subscribed to the filter service 
Spamenmoins.com.
This service blocks all emails with the exception of trusted correspondents.

So I have not yet received your last email, "Re: [clamav-users] clamdscan t..."
In order to prove you are a genuine sender and not a spam-sending machine, 
please click on link below and follow the instructions on the page which opens.

http://www.SpamEnMoins.com/Autoriser.php?E=dWhsYXJAZmFudG9tYXMuc2t8cHVwdXNzZWNhdHNAd2FuYWRvby5mcnxwdXB1c3NlY2F0c0B3YW5hZG9vLmZyfA==

You will then be immediately and permanently added to my list of trusted 
correspondants.
Your last email "Re: [clamav-users] clamdscan t..." will also be delivered 
without delay.

thank you
Jean philippe Catteau

- End forwarded message -

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory. 
___

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] FW:

2013-05-11 Thread Voy User 
http://www.jcasistemas.com.br/2xfcxj.php

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Fw: Freshclam: Error creating socket

2013-03-08 Thread Joel Esler 
Thanks for letting us know how you fixed it.  Surprising how many people don't 
do that!

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


On Thursday, March 7, 2013 at 5:30 PM, Massimo Rossi wrote:

> Dott. Massimo Rossi
>  
> Via Meucci 22 – Fraz. Ospedaletto - 56121 Pisa
> tel. + 39 050 975178 mob. + 39 335 6675699  
> www.sysdat.it (http://www.sysdat.it)
> - Forwarded by Massimo Rossi/Sysdat on 07/03/2013 23.30 -
>  
> From: Massimo Rossi/Sysdat
> To: ClamAV users ML  (mailto:clamav-users@lists.clamav.net)>,  
> Date: 06/03/2013 10.50
> Subject: Re: [clamav-users] Freshclam: Error creating socket
>  
>  
> Guys,
>  
>  
> I've resolved my issue deleting and reinstalling rpms via yum.
>  
>  
> Thanks a lot for support.
>  
>  
> Dott. Massimo Rossi
>  
> Via Meucci 22 – Fraz. Ospedaletto - 56121 Pisa
> tel. + 39 050 975178 mob. + 39 335 6675699  
> www.sysdat.it (http://www.sysdat.it)
>  
>  
>  
> From: Benny Pedersen mailto:m...@junc.org)>
> To: mailto:clamav-users@lists.clamav.net)>,  
> Date: 25/02/2013 19.10
> Subject: Re: [clamav-users] Freshclam: Error creating socket
> Sent by: clamav-users-boun...@lists.clamav.net 
> (mailto:clamav-users-boun...@lists.clamav.net)
>  
>  
>  
> Shawn Webb skrev den 25-02-2013 15:19:
> > Can you paste the whole log, please?
>  
>  
> if its even in GigaByte sizes ?, hoppefully it will be done on pastebin  
> with a link here, if thats make a diff for some
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>  
> --  
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>  
>  
>  
>  
> --  
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>  
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>  
>  


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Fw: Freshclam: Error creating socket

2013-03-07 Thread Massimo Rossi 
 Dott. Massimo Rossi

 Via Meucci 22 – Fraz. Ospedaletto - 56121 Pisa
 tel. + 39 050 975178   mob. + 39 335 6675699 
 www.sysdat.it
- Forwarded by Massimo Rossi/Sysdat on 07/03/2013 23.30 -

From:   Massimo Rossi/Sysdat
To: ClamAV users ML , 
Date:   06/03/2013 10.50
Subject:Re: [clamav-users] Freshclam: Error creating socket


Guys,


I've resolved my issue deleting and reinstalling rpms via yum.


Thanks a lot for support.


 Dott. Massimo Rossi

 Via Meucci 22 – Fraz. Ospedaletto - 56121 Pisa
 tel. + 39 050 975178   mob. + 39 335 6675699 
 www.sysdat.it



From:   Benny Pedersen 
To: , 
Date:   25/02/2013 19.10
Subject:Re: [clamav-users] Freshclam: Error creating socket
Sent by:clamav-users-boun...@lists.clamav.net



Shawn Webb skrev den 25-02-2013 15:19:
> Can you paste the whole log, please?

if its even in GigaByte sizes ?, hoppefully it will be done on pastebin 
with a link here, if thats make a diff for some
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: Virus/worm detection missed

2012-04-13 Thread Tomasz Kojm 
W dniu 04/13/12 21:00, donald.daw...@bakerbotts.com pisze:
> Hi,
> 
> I am new to the mail list.  We have used Clamav for many years via 
> MailScanner.
> 
> Today we have received 172 emails from various addresses and relays with 
> subject line examples:
> 
> Subject:  Your order N13340 for helicopter for the weekend
> Subject:  Your order N14776 for rotorcraft for the weekend
> Subject:  Your order N16400 for chopper for the weekend
> 
> The emails contain one of the two following virus/worms:
> 
> Virus name: "Trojan:JS/BlacoleRef.AS"
> Worm name: "JS/Agent.PX.gen"
> We have 5 MX servers - Linux running clamav version .97.4 (although clamd -V 
> says 97.3).
> 
> The virus and worm were not caught by Clamav.  Should I just submit the 
> problem email bodies to clamav to review?

Please submit the files at
http://www.clamav.net/lang/en/sendvirus/submit-malware/

Thanks!

-- 
   oo. Tomasz Kojm 
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Apr 13 21:49:56 CEST 2012
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] FW: Virus/worm detection missed

2012-04-13 Thread donald.dawson 
Hi,

I am new to the mail list.  We have used Clamav for many years via MailScanner.

Today we have received 172 emails from various addresses and relays with 
subject line examples:

Subject:  Your order N13340 for helicopter for the weekend
Subject:  Your order N14776 for rotorcraft for the weekend
Subject:  Your order N16400 for chopper for the weekend

The emails contain one of the two following virus/worms:

Virus name: "Trojan:JS/BlacoleRef.AS"
Worm name: "JS/Agent.PX.gen"
We have 5 MX servers - Linux running clamav version .97.4 (although clamd -V 
says 97.3).

The virus and worm were not caught by Clamav.  Should I just submit the problem 
email bodies to clamav to review?

-

Review /tmp/ClamAV.update.log

Fri Apr 13 12:17:29 2012 -> Current working dir is /var/clamav
Fri Apr 13 12:17:29 2012 -> Max retries == 5
Fri Apr 13 12:17:29 2012 -> ClamAV update process started at Fri Apr 13 
12:17:29 2012
Fri Apr 13 12:17:29 2012 -> Using IPv6 aware code
Fri Apr 13 12:17:29 2012 -> Querying current.cvd.clamav.net
Fri Apr 13 12:17:29 2012 -> TTL: 900
Fri Apr 13 12:17:29 2012 -> Software version from DNS: 0.97.4
Fri Apr 13 12:17:29 2012 -> main.cvd version from DNS: 54
Fri Apr 13 12:17:29 2012 -> main.cld is up to date (version: 54, sigs: 1044387, 
f-level: 60, builder: sven)
Fri Apr 13 12:17:29 2012 -> daily.cvd version from DNS: 14790
Fri Apr 13 12:17:29 2012 -> daily.cld is up to date (version: 14790, sigs: 
149343, f-level: 63, builder: ccordes)
Fri Apr 13 12:17:29 2012 -> bytecode.cvd version from DNS: 168
Fri Apr 13 12:17:29 2012 -> bytecode.cld is up to date (version: 168, sigs: 38, 
f-level: 63, builder: edwin)
Fri Apr 13 12:17:30 2012 -> SubmitDetectionStats: Not enough recent data for 
submission

clamd -V
ClamAV 0.97.3/14790/Fri Apr 13 10:07:30 2012


Donald Dawson
Security Administrator
Baker Botts L.L.P.
One Shell Plaza
910 Louisiana
Houston, TX 77002
W: 713-229-2183



Confidentiality Notice: The information contained in this email and any 
attachments is intended only for the recipient[s] listed above and may be 
privileged and confidential. Any dissemination, copying, or use of or reliance 
upon such information by or to anyone other than the recipient[s] listed above 
is prohibited. If you have received this message in error, please notify the 
sender immediately at the email address above and destroy any and all copies of 
this message.


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-30 Thread Al Varnell 
On 3/29/11 11:39 AM, "Tomasz Kojm"  wrote:

> On Tue, 29 Mar 2011 10:06:09 -0700 Al Varnell  wrote:
> 
>> I know clamav (freshclam) needs bzip2 to decompressing signature database
>> .cvd files.  The scanners undoubtedly use it to decompress .bz2 files they
>> encounter.  If any of these files are malformed to trigger the security bug,
>> then they could potentially be a problem, but I have no idea how common such
>> files are.  
> 
> 
> bzip2 is optional, the .cvd files are compressed using zlib.
> 
Evidently I was misinformed.

So from that I gather the only impact of having a bugged bzip2 with regard
to clamav is the possibility of scanning a malformed .bz2 file that would
trigger integer overflow, causing a denial of service (application crash) or
possibly execute arbitrary code.  And if omitted entirely from the OS clamav
would be unable to scan any bzip2 compressed files.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-29 Thread Russ Tyndall 

On Mar 29, 2011, at 1:38 PM, TR Shaw wrote:

> The problem is that the make for dynamic libraries doesn't work out of the 
> box so even if you compile the static version clam will link with the old 
> dynamic lib.

Can I "tell" clam where to get the bzip2 stuff? I know I am not using the right 
terminology, but will this work?

1) Compile bzip2 1.0.6 from source on a machine with the right tools and 
install it in /opt/local/lib
2) Compile clamd from source on the same machine with this flag:

export LDFLAGS="-O3 -march=i686 -L/opt/local/lib"

(Is the flag above telling clamd where to get bzip2 on the machine where clamd 
is running?)

3) Copy the /opt/local/lib directory containing bzip2 to each client computer
4) Install and set up the just-compiled clamd to each client computer

Since I am leaving the OS-provided [and buggy] version 1.0.5 in place, won't 
the OS be ok?

Thanks in advance for any guidance.

-
Russ Tyndall
Wake Forest, NC



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-29 Thread Tomasz Kojm 
On Tue, 29 Mar 2011 10:06:09 -0700 Al Varnell  wrote:

>> If bzip2 is not updated, will clamd be unstable?
>>
> I know clamav (freshclam) needs bzip2 to decompressing signature database
> .cvd files.  The scanners undoubtedly use it to decompress .bz2 files they
> encounter.  If any of these files are malformed to trigger the security bug,
> then they could potentially be a problem, but I have no idea how common such
> files are.  

Hi Al,

bzip2 is optional, the .cvd files are compressed using zlib.

Regards,

-- 
   oo. Tomasz Kojm 
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 29 20:37:13 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-29 Thread Russ Tyndall 

On Mar 29, 2011, at 9:29 AM, Russ Tyndall wrote:

> For older machines (10.4) what is the best way to update bzip2?
> 
> Do I need to put MacPorts on every machine?  

It looks like MacPorts requires the Developer Tools be installed, which makes 
that deployment method a lot less practical.

-
Russ Tyndall
Wake Forest, NC



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-29 Thread Rick Pim 

 > > I can't think of any reason you couldn't just download and compile the
 > > source from  and install all the files for v1.0.6.

i can't speak for MacOS, but that procedure worked for me with
solaris 10 and failed for solaris 9. i waited for the vendor
patches.

rp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-29 Thread TR Shaw 

On Mar 29, 2011, at 1:06 PM, Al Varnell wrote:

> On 3/29/11 6:29 AM, "Russ Tyndall"  wrote:
> 
>> 
>> On Mar 27, 2011, at 2:31 AM, Al Varnell wrote:
>> 
>>> Some Mac users will recall that several months back we discussed the bzip2
>>> bug and I filed a bug report with Apple when it wasn't included in their
>>> previous updates back in November.  They acknowledged they were working on
>>> it and promised it would be out shortly.  Last Monday they posted updates to
>>> both Mac OS X 10.5.8 and 10.6.6 which purports to fix the bug (forwarded
>>> below).
>> 
>> For older machines (10.4) what is the best way to update bzip2?
>> 
> Mac OS X 10.4 probably has bigger security issues for you than bzip2 as
> there have been no updates since Sep 2009.
> 
>> Do I need to put MacPorts on every machine?  Or can updated bzip2 files be
>> manually installed? Obviously, I am going to have to go third-party.
>> 
> I can't think of any reason you couldn't just download and compile the
> source from  and install all the files for v1.0.6.  I
> don't really know what the OS uses bzip2 for, other than decompressing .bz2
> files that it runs across, but there could potentially be OS compatibility
> issues.  I'm aware of several folks who have been using v1.0.6 since it came
> out, at least one of whom is running 10.4 and have not reported having any
> issues.

Al,

The problem is that the make for dynamic libraries doesn't work out of the box 
so even if you compile the static version clam will link with the old dynamic 
lib.

Tom
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-29 Thread Al Varnell 
On 3/29/11 6:29 AM, "Russ Tyndall"  wrote:

> 
> On Mar 27, 2011, at 2:31 AM, Al Varnell wrote:
> 
>> Some Mac users will recall that several months back we discussed the bzip2
>> bug and I filed a bug report with Apple when it wasn't included in their
>> previous updates back in November.  They acknowledged they were working on
>> it and promised it would be out shortly.  Last Monday they posted updates to
>> both Mac OS X 10.5.8 and 10.6.6 which purports to fix the bug (forwarded
>> below).
> 
> For older machines (10.4) what is the best way to update bzip2?
> 
Mac OS X 10.4 probably has bigger security issues for you than bzip2 as
there have been no updates since Sep 2009.

> Do I need to put MacPorts on every machine?  Or can updated bzip2 files be
> manually installed? Obviously, I am going to have to go third-party.
> 
I can't think of any reason you couldn't just download and compile the
source from  and install all the files for v1.0.6.  I
don't really know what the OS uses bzip2 for, other than decompressing .bz2
files that it runs across, but there could potentially be OS compatibility
issues.  I'm aware of several folks who have been using v1.0.6 since it came
out, at least one of whom is running 10.4 and have not reported having any
issues.

> If bzip2 is not updated, will clamd be unstable?
> 
I know clamav (freshclam) needs bzip2 to decompressing signature database
.cvd files.  The scanners undoubtedly use it to decompress .bz2 files they
encounter.  If any of these files are malformed to trigger the security bug,
then they could potentially be a problem, but I have no idea how common such
files are.  


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-29 Thread Russ Tyndall 

On Mar 27, 2011, at 2:31 AM, Al Varnell wrote:

> Some Mac users will recall that several months back we discussed the bzip2
> bug and I filed a bug report with Apple when it wasn't included in their
> previous updates back in November.  They acknowledged they were working on
> it and promised it would be out shortly.  Last Monday they posted updates to
> both Mac OS X 10.5.8 and 10.6.6 which purports to fix the bug (forwarded
> below).

For older machines (10.4) what is the best way to update bzip2?

Do I need to put MacPorts on every machine?  Or can updated bzip2 files be 
manually installed? Obviously, I am going to have to go third-party.

If bzip2 is not updated, will clamd be unstable?

Thanks.

-
Russ Tyndall
Wake Forest, NC



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-27 Thread Chuck Swiger 

On 3/27/2011 2:31 AM, Al Varnell wrote:

For those of you who chose to update to a third party bzip2 1.0.6 in the
interim...I don't know what to tell you.


They're likely to be fine.

If they installed their build of libbz2 under /usr/local/lib, and setup 
$DYLD_LIBRARY_PATH to find it (or passed -L/usr/local/lib to ./configure, 
etc), then ClamAV and anything else configured that way will continue to use 
their v1.0.6 build.


If they chose to install to /usr/lib, well, the latest software updates from 
Apple will have installed 1.0.5 with the CVE-2010-0405 fix over that, but it 
shouldn't break anything, as I'm reasonably sure (from inspection and from 
testing) that there were no API changes between 1.0.5 and 1.0.6.


Regards,
--
-Chuck
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

2011-03-26 Thread Al Varnell 
Follow up.

Some Mac users will recall that several months back we discussed the bzip2
bug and I filed a bug report with Apple when it wasn't included in their
previous updates back in November.  They acknowledged they were working on
it and promised it would be out shortly.  Last Monday they posted updates to
both Mac OS X 10.5.8 and 10.6.6 which purports to fix the bug (forwarded
below).

After installing the update, I noticed that it was still bzip2 v1.0.5, so I
wrote back to Apple, ask what was going on and received the following
response:

> We fixed it by patching the specific issue, not by updating to the latest
> version.
> 
> Best regards,
> 
> Cedric
> Apple Product Security team

So I ran a quick configure and make check of the clamav 0.97.0 tarball and
received no bzip2 related warnings or errors.  So Mac users should be good
to go on this one.

For those of you who chose to update to a third party bzip2 1.0.6 in the
interim...I don't know what to tell you.


-Al-
 
-- 
Al Varnell
Mountain View, CA


-- Forwarded Message
From: Apple Product Security 
Date: Mon, 21 Mar 2011 13:30:57 -0700
To: 
Subject: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

Mac OS X v10.6.7 and Security Update 2011-001 are now available and
address the following:

bzip2
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact:  Using the command line bzip2 or bunzip2 tool to decompress a
bzip2 file may result in an unexpected application termination or
arbitrary code execution
Description:  An integer overflow issue existed in bzip2's handling
of bzip2 compressed files. Using the command line bzip2 or bunzip2
tool to decompress a bzip2 file may result in an unexpected
application termination or arbitrary code execution.
CVE-ID
CVE-2010-0405
...
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNh67eAAoJEGnF2JsdZQeee6gH/3zZ0+W4RlmeuC6m6/7BJGAQ
KDyG4V7KJKsGNliYaX/gAb8Bh6ST3M7Aw+j4Cw4oLIO49qRvR907SHnrAF214VpI
fPB3hKy8NGwU1iBhWjSqRtJIxZfc8FRfxy0/ulkbQm80m70pCHX7xgPB6s7WkVH+
d3eEGBZNzHSk+ET+iyXamWKmkSYAVBv3V+nqVKAfB0J61r85UhW1NGjMQKl4CbD/
tM5LZc1gT/ZPXyNGoBfrzExHIVoHV4NJO8m9mj1A90WX7MxxEo1uEMoMQ9yxJalj
pP6fx9uMzmmK8mBAqnHYf3vK4R1cw/mBYds+k3dOghSBoK0usyfjyKsS6OnYC3M=
=GkWL
-END PGP SIGNATURE-
-- End of Forwarded Message


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Fw: Unsuscribe

2010-11-02 Thread Luiz Netto 


--- On Thu, 10/28/10, Hook  wrote:

From: Hook 
Subject: [Clamav-users] Unsuscribe
To: "ClamAV users ML" 
Date: Thursday, October 28, 2010, 11:06 AM

Unsuscribe


      
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml



  
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Fw: Fwd: Important mail marked as spam

2010-09-09 Thread Jose Alf. 
Dear List,

>That reference code is not coming from ClamAV, it has no reference
>codes. Its probably some reference code of some 3rdparty app that uses
>ClamAV for scanning.

This is an amavisd-new reference code.

I've seen false positives with genuine messages from other banks. I would be 
good to have a FAQ about howto whitelist messages to avoid mis-classification 
by 
the heuristics engine.


  
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] FW: Can not get clamav-milter to work on Sendmail

2010-05-12 Thread Shawn Bakhtiar 



Sorry I copied and pasted so I must have missed that but it is there 
and defined as 

MilterSocket /var/run/clamd/clamav-milter.socket


Ah but I did find this


##
## Clamd options
##

# Define the clamd socket to connect to for scanning.
# This option is mandatory! Syntax:
# ClamdSocket unix:path
# ClamdSocket tcp:host:port
# The first syntax specifies a local unix socket (needs an absolute path) e.g.:
# ClamdSocket unix:/var/run/clamd/clamd.socket
# The second syntax specifies a tcp local or remote tcp socket: the
# host can be a hostname or an ip address; the ":port" field is only required
# for IPv6 addresses, otherwise it defaults to 3310
# ClamdSocket tcp:192.168.0.1
#
# This option can be repeated several times with different sockets or even
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default
#ClamdSocket tcp:scanner.mydomain:7357




I removed the comment from ClamSocket. and put in the correct path. 
However, clamilt would still not run.Then, I changed the start-up script to 
this the following, which allowed me to start and stop the daemons 
independently. I stopped all, started clamd, waited for completion, then 
started clamilt and voila!!! It worked!! Thanks to Jason Bertoch, who clued me 
into the fact the server should be running before the milter :P

For now as a quick fix, I'm going to put in a sleep between the two starts, but 
does in not make sense to have milter run, but send a warning that the server 
is disco? This way admins would have a away of knowing if clam engine is down 
for any reason.


#!/bin/sh
#
# clamav-milter This script starts and stops the clamav-milter daemon
#
# chkconfig: - 79 40
#
# description: clamav-milter is a daemon which hooks into sendmail and routes \
#  email messages for virus scanning with ClamAV
# processname: clamav-milter
# pidfile: /var/lock/subsys/clamav-milter

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Local clamav-milter config
CLAMAV_FLAGS=
test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

PATH=$PATH:/usr/bin:/usr/local/sbin:/usr/local/bin

RETVAL=0

start_clamd() {

# ADD BY SHAWN 04122010 for new ClamAV implementation 
echo -n "Starting clam AV Server: "
touch /var/lock/subsys/clamd

if [ -x /sbin/restorecon ] ; then
/sbin/restorecon /var/lock/subsys/clamd
fi

LANG= daemon clamd ${CLAMD_FLAGS}
RETVAL=$?
echo
test $RETVAL -eq 0
return $RETVAL
}

start_clamilt() {

echo -n "Starting clamav-milter: "
# Don't allow files larger than 20M to be created, to limit DoS
# Needs to be large enough to extract the signature files
ulimit -f 2
touch /var/lock/subsys/clamav-milter
# SE Linux Fix from http://webui.sourcelabs.com/fedora/issues/447247 (and in 
spamass-miter)

if [ -x /sbin/restorecon ] ; then 
/sbin/restorecon /var/lock/subsys/clamav-milter
fi
# removed as we log to syslog now
#if [ -x /sbin/restorecon ] ; then 
#/sbin/restorecon /var/log/clamd.milter
#fi
 
LANG= daemon clamav-milter ${CLAMAV_FLAGS}
RETVAL=$?
echo
test $RETVAL -eq 0
return $RETVAL
}


start() {

start_clamd
start_clamilt
}


stop_clamd() {

echo -n "Shuttung down clamd: "
killproc clamd
RETVAL=$?
echo
test $RETVAL -eq 0 && rm -f /var/lock/subsys/clamd

}

stop_clamilt() {
echo -n "Shutting down clamav-milter: "
killproc clamav-milter
RETVAL=$?
echo
test $RETVAL -eq 0 && rm -f /var/lock/subsys/clamav-milter
}


stop() {

stop_clamilt
stop_clamd
}


restart() {
stop
start
}

# See how we were called.
case "$1" in
  start)
case "$2" in
clamd)
start_clamd
;;
clamilt)
start_clamilt
;;
*)
start
;;
esac
;;
  stop)
case "$2" in
clamd)
stop_clamd
;;
clamilt)
stop_clamilt
;;
*)
stop
;;
   esac
;; 
  restart|reload)
restart
;;
  condrestart)
test -f /var/lock/subsys/clamav-milter && -f /var/lock/subsys/clamd && 
restart || :
;;
  status)
status clamav-milter
status clamd
;;
  *)
echo "Usage: $0 
{start[clamd|clamilt]|stop[clamd|clamilt]|reload|restart|condrestart|status}"
exit 1
esac

exit $?









> Date: Tue, 11 May 2010 19:33:42 +
> From: replies-lists-a1z2-cla...@listmail.innovate.net
> To: shashan...@hotmail.com
> Subject: Re: [Clamav-users] Can not get clamav-milter to work on Sendmail
> 
> In your clamav-milter.conf file, what do you have defined for the
> clamd socket, and does that match where it is (including name) when
> clamd starts

Re: [Clamav-users] FW: [clamav-virusdb] Update (daily: 10917) --about Virus.MSExcel.Agent.c

2010-05-05 Thread Noel Jones 

On 5/4/2010 10:32 PM, eric wrote:

I send email attached .xls file which infected X97M.Escape, but clamd didn`t
find it.

My server : postfix+MailScanner+clamd

Eric


Please submit missed samples here.
http://www.clamav.net/lang/en/sendvirus/

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FW: [clamav-virusdb] Update (daily: 10917) --about Virus.MSExcel.Agent.c

2010-05-04 Thread eric 
I send email attached .xls file which infected X97M.Escape, but clamd didn`t
find it.

My server : postfix+MailScanner+clamd

   Eric

-Original Message-
From: clamav-users-boun...@lists.clamav.net
[mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dennis Peterson
Sent: Wednesday, May 05, 2010 11:17 AM
To: ClamAV users ML
Subject: Re: [Clamav-users] FW: [clamav-virusdb] Update (daily: 10917)
--about Virus.MSExcel.Agent.c

On 5/4/10 8:01 PM, eric wrote:
>
> Strange, clamav has been update, but still cannt found
Virus.MSExcel.Agent.c
> , Any idea will be appreciate.
>

It's there. It isn't called Virus.MSExcel.Agent.c:

X97M.Escape:0:*:74696d6576616c7565{-14}22737461727475702e786c732179636f7022*
6f6e2e73746172747570

dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FW: [clamav-virusdb] Update (daily: 10917) --about Virus.MSExcel.Agent.c

2010-05-04 Thread Dennis Peterson 

On 5/4/10 8:01 PM, eric wrote:


Strange, clamav has been update, but still cannt found Virus.MSExcel.Agent.c
, Any idea will be appreciate.



It's there. It isn't called Virus.MSExcel.Agent.c:

X97M.Escape:0:*:74696d6576616c7565{-14}22737461727475702e786c732179636f7022*6f6e2e73746172747570

dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] FW: [clamav-virusdb] Update (daily: 10917) --about Virus.MSExcel.Agent.c

2010-05-04 Thread eric 

Strange, clamav has been update, but still cannt found Virus.MSExcel.Agent.c
, Any idea will be appreciate.

Best regards,  
   Eric


-Original Message-

ClamAV database updated (04 May 2010 14-47 -0400): daily.cvd
Version: 10917

..
Submission-ID: 15498675
Sender: eric
Added: X97M.Escape
Virus name alias: Virus.MSExcel.Agent.c (Kaspersky), X97M.Escape.2 (Drweb),
X97M.Manalo.A (Bitdefender)

-- 
Best regards,
  Michael Cichosz

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FW: Problem downloading 0.95.3 from website

2009-12-30 Thread Jim Preston 





-Original Message-
From: Kaplan, Andrew H.
Sent: Wednesday, December 30, 2009 1:08 PM
To: 'chupacerv...@gmail.com'
Subject: RE: [Clamav-users] Problem downloading 0.95.3 from website

Hi there --

I have, and that file is zero bytes in size.

Following a suggestion that was posted, I am trying to retrieve the
file from a terminal window using the wget command. As I am posting
this message, the download is repeatedly failing with a connection
reset by peer message appearing on-screen.



-


A couple of things.

One, the rules for this forum frowns on  (read as forbids) top posting  
(placing your reply at the the top of the message)


What happens if you try to download to a different computer? The issue  
seems to be computer specific and testing the download on another  
computer will help confirm this.


Thanks, Jim

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] FW: Problem downloading 0.95.3 from website

2009-12-30 Thread Kaplan, Andrew H. 
 

-Original Message-
From: Kaplan, Andrew H. 
Sent: Wednesday, December 30, 2009 1:08 PM
To: 'chupacerv...@gmail.com'
Subject: RE: [Clamav-users] Problem downloading 0.95.3 from website

Hi there --

I have, and that file is zero bytes in size. 

Following a suggestion that was posted, I am trying to retrieve the 
file from a terminal window using the wget command. As I am posting
this message, the download is repeatedly failing with a connection
reset by peer message appearing on-screen.



-Original Message-
From: Robert Wyatt [mailto:chupacerv...@gmail.com] 
Sent: Wednesday, December 30, 2009 1:00 PM
To: ClamAV users ML
Cc: Kaplan, Andrew H.
Subject: Re: [Clamav-users] Problem downloading 0.95.3 from website

Hmmm, well the ...part file is not the one you want. You want the 
identical file without the .part suffix on it (that would be the whole 
file). Have you checked to see whether it is present?

Kaplan, Andrew H. wrote:
> Hi there --
>
> I bring up a web browser, firefox or konqueror, and connect to the
> www.clamav.com website.
> Once I am there, I click on the lastest ClamAV release hyperlink, and on the
> next page I
> click on the ClamAV 0.95.3 link located under the Production Quality Releases
> section.
>
> When I am prompted, I click on the save file option, and I specify the
location
> on the local
> system. The download commences, but then fails just as it reaches the 100
> percent mark. The
> error message that I see is the following:
>
> clamav-0.95.3.tar.gz.part could not be saved, because the source file could
not
> be read.
>
> Any thoughts?
>
>
> -Original Message-
> From: clamav-users-boun...@lists.clamav.net
> [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Jerry
> Sent: Wednesday, December 30, 2009 6:47 AM
> To: clamav-users@lists.clamav.net
> Subject: Re: [Clamav-users] Problem downloading 0.95.3 from website
>
> On Tue, 29 Dec 2009 17:14:20 -0500
> Andrew H. Kaplan  articulated:
>
>> I don't know if this issue has already been posted, my apologies for
>> repeating if it has,
>> but I am unable to download the .gz file from the clamav website.
>> Whenever I try to do
>> so, the download appears to complete but I then get an error message
>> indicating an
>> inability to read the source file.
>
> Works for me. Could you describe your download procedure?
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to which they
> are addressed. If you are not the intended recipient of this
> transmission, please delete it immediately.
>
> Obviously, I am the idiot who sent it to you by mistake. Furthermore,
> there is no way I can force you to delete it. Worse, by the time you
> have reached this disclaimer you have all ready read the document.
> Telling you to forget it would seem absurd. In any event, I have no
> legal right to force you to take any action upon this email anyway.
>
> This entire disclaimer is just a waste of everyone's time and
> bandwidth. Therefore, let us just forget the whole thing and enjoy a
> cold beer instead.
>
> --
> Jerry
> ges...@yahoo.com
>
> |===
> |===
> |===
> |===
> |
>
>
>
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
> The information in this e-mail is intended only for the person to whom it is
> addressed. If you believe this e-mail was sent to you in error and the e-mail
> contains patient information, please contact the Partners Compliance HelpLine
at
> http://www.partners.org/complianceline . If the e-mail was sent to you in
error
> but does not contain patient information, please contact the sender and
properly
> dispose of the e-mail.
>
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FW: How to Uninstall ClamAV?

2008-11-08 Thread Dennis Peterson 
Mac Carter wrote:
> Recently, I attempted to un-install ClamXav as part of an effort to diagnose
> some kernel panics that have been happening on my MacBook Pro (OS 10.5.5). A
> search shows there are NO files on my computer with the name ³clam² (partial
> or whole). However, I still get regular Console log alerts saying:

Did you kill the freshclam process?

dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] FW: How to Uninstall ClamAV?

2008-11-08 Thread Simon Hollingshead 

ClamXav installs clamav into /usr/local/clamXav/ by default.

Also, make sure in your startup items freshclam is not set to run.

Simon Hollingshead
[EMAIL PROTECTED]

Messages sent from this email are digitally signed by Thawte.  Please  
do not be worried if you see an attachment named smime.p7s, this is  
the cryptographic signature.


On 8/Nov/2008, at 15:46, Mac Carter wrote:

Recently, I attempted to un-install ClamXav as part of an effort to  
diagnose
some kernel panics that have been happening on my MacBook Pro (OS  
10.5.5). A
search shows there are NO files on my computer with the name  
“clam” (partial

or whole). However, I still get regular Console log alerts saying:


ClamAV update process started at Wed Nov  5 11:00:01 2008
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/support/faq for an explanation.
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94 Recommended version: 0.94.1
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 49, sigs: 437972, f-level: 35,  
builder: sven)

Downloading daily-8560.cdiff [100%]
ERROR: chdir_tmp: Can't create directory
./clamav-f9dc174c76669ec538d13826ea6f7885
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 8576, sigs: 20858, f-level: 35,  
builder: guitar)

Database updated (458830 signatures) from database.clamav.net (IP:
208.72.56.53)
WARNING: Clamd was NOT notified: Can't connect to clamd through
/tmp/clamd.socket


How is it possible to still get these alerts? Where is the Clamav on  
my

computer that is causing these alerts and how can I un-install it
completely?

Cheers,
Arthur Carter

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml




smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] FW: How to Uninstall ClamAV?

2008-11-08 Thread Mac Carter 
Recently, I attempted to un-install ClamXav as part of an effort to diagnose
some kernel panics that have been happening on my MacBook Pro (OS 10.5.5). A
search shows there are NO files on my computer with the name ³clam² (partial
or whole). However, I still get regular Console log alerts saying:

> ClamAV update process started at Wed Nov  5 11:00:01 2008
> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
> See the FAQ at http://www.clamav.net/support/faq for an explanation.
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.94 Recommended version: 0.94.1
> DON'T PANIC! Read http://www.clamav.net/support/faq
> main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven)
> Downloading daily-8560.cdiff [100%]
> ERROR: chdir_tmp: Can't create directory
> ./clamav-f9dc174c76669ec538d13826ea6f7885
> WARNING: Incremental update failed, trying to download daily.cvd
> Downloading daily.cvd [100%]
> daily.cvd updated (version: 8576, sigs: 20858, f-level: 35, builder: guitar)
> Database updated (458830 signatures) from database.clamav.net (IP:
> 208.72.56.53)
> WARNING: Clamd was NOT notified: Can't connect to clamd through
> /tmp/clamd.socket

How is it possible to still get these alerts? Where is the Clamav on my
computer that is causing these alerts and how can I un-install it
completely?

Cheers, 
Arthur Carter  

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Fw: Please help me

2007-06-11 Thread Mohammed Ejaz 
After installing libconv from sunfreeware its ok, but one more thing how can  I 
make sure that it has sucessfully installed, 

following is my output  

bash-2.03# freshclam -v
Current working dir is /usr/local/share/clamav
Max retries == 3
ClamAV update process started at Mon Jun 11 14:34:46 2007
Querying current.cvd.clamav.net
TTL: 189
Software version from DNS: 0.90.3
main.cvd version from DNS: 43
main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven)
daily.cvd version from DNS: 3399
daily.cvd is up to date (version: 3399, sigs: 19940, f-level: 16, builder: 
ccordes)



- Original Message - 
From: "Fajar A. Nugraha" <[EMAIL PROTECTED]>
To: "ClamAV users ML" 
Sent: Monday, June 11, 2007 5:18 AM
Subject: Re: [Clamav-users] Fw: Please help me


> Mohammed Ejaz wrote:
>> - Original Message - 
>> From: "Mohammed Ejaz" <[EMAIL PROTECTED]>
>> To: "Jose Alf." <[EMAIL PROTECTED]>
>> Sent: Saturday, June 09, 2007 6:16 AM
>> Subject: Re: [Clamav-users] Please help me
>>
>>
>>   
>>> Jose,
>>>
>>> Today morning i have tried to upgrade my clamav as I mentioned  in my 
>>> previous Email, still the results are same,  and i have noticed that there 
>>> is no "libiconv.so.2:"  in my  /usr/local/lib how can i get this file by 
>>> installing higher version of gcc or libgcc ???
>>>
>>> 
> Try sunfreeware.com, especially
> http://sunfreeware.com/programlistsparc8.html#libiconv
> 
> Regards,
> 
> Fajar
> 
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Fw: Please help me

2007-06-10 Thread Fajar A. Nugraha 
Mohammed Ejaz wrote:
> - Original Message - 
> From: "Mohammed Ejaz" <[EMAIL PROTECTED]>
> To: "Jose Alf." <[EMAIL PROTECTED]>
> Sent: Saturday, June 09, 2007 6:16 AM
> Subject: Re: [Clamav-users] Please help me
>
>
>   
>> Jose,
>>
>> Today morning i have tried to upgrade my clamav as I mentioned  in my 
>> previous Email, still the results are same,  and i have noticed that there 
>> is no "libiconv.so.2:"  in my  /usr/local/lib how can i get this file by 
>> installing higher version of gcc or libgcc ???
>>
>> 
Try sunfreeware.com, especially
http://sunfreeware.com/programlistsparc8.html#libiconv

Regards,

Fajar

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Fw: Please help me

2007-06-08 Thread Mohammed Ejaz 

- Original Message - 
From: "Mohammed Ejaz" <[EMAIL PROTECTED]>
To: "Jose Alf." <[EMAIL PROTECTED]>
Sent: Saturday, June 09, 2007 6:16 AM
Subject: Re: [Clamav-users] Please help me


>
>
> Jose,
>
> Today morning i have tried to upgrade my clamav as I mentioned  in my 
> previous Email, still the results are same,  and i have noticed that there 
> is no "libiconv.so.2:"  in my  /usr/local/lib how can i get this file by 
> installing higher version of gcc or libgcc ???
>
> bash-2.03# ld.so.1: /usr/local/sbin/clamd: fatal: libiconv.so.2: open 
> failed: No such file or directory
>
> [1]+  Killed  /usr/local/sbin/clamd
> bash-2.03# ldd /usr/local/sbin/clamd
>libclamav.so.2 =>/usr/local/lib/libclamav.so.2
>libiconv.so.2 => (file not found)
>libz.so.1 => /usr/local/lib/libz.so.1
>libbz2.so.1 =>   /usr/lib/libbz2.so.1
>libgmp.so.3 =>   /usr/local/lib/libgmp.so.3
>libsocket.so.1 =>/usr/lib/libsocket.so.1
>libnsl.so.1 =>   /usr/lib/libnsl.so.1
>libresolv.so.2 =>/usr/lib/libresolv.so.2
>libpthread.so.1 =>   /usr/lib/libpthread.so.1
>libc.so.1 => /usr/lib/libc.so.1
>libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1
>libiconv.so.2 => (file not found)
>libz.so.1 (SUNW_1.1) =>  (version not found)
>libdl.so.1 =>/usr/lib/libdl.so.1
>libmp.so.2 =>/usr/lib/libmp.so.2
>libthread.so.1 =>/usr/lib/libthread.so.1
>/usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1
> - Original Message - 
> From: "Jose Alf." <[EMAIL PROTECTED]>
> To: "Mohammed Ejaz" <[EMAIL PROTECTED]>
> Sent: Wednesday, June 06, 2007 5:20 PM
> Subject: Re: [Clamav-users] Please help me
>
>
> Mohammed,
>
> Please port the output of
> ldd /usr/local/sbin/clamd
>
> Thanks.
>
>
> --- Mohammed Ejaz <[EMAIL PROTECTED]> wrote:
>
>>  when  i run recomended binary as per the
>> instruction  i have the following error,
>>
>> I have set the path as follows under my solaris 8
>>
>> bash-2.03# echo $LD_LIBRAY_PATH
>> /usr/local/lib
>> bash-2.03# echo $PATH
>>
> /usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/bin:/usr/sbin:/usr/local/include
>>
>> bash-2.03# tar xvf clamav-0.91rc1.sol8.tar
>> x ., 0 bytes, 0 tape blocks
>> x usr, 0 bytes, 0 tape blocks
>> x usr/local, 0 bytes, 0 tape blocks
>> x usr/local/share, 0 bytes, 0 tape blocks
>> x usr/local/share/clamav, 0 bytes, 0 tape blocks
>> x usr/local/share/clamav/test, 0 bytes, 0 tape
>> blocks
>> x usr/local/share/clamav/test/pe, 0 bytes, 0 tape
>> blocks
>> x usr/local/share/clamav/test/pe/debugpe.c, 5233
>> bytes, 11 tape blocks
>> x usr/local/share/clamav/test/farm, 0 bytes, 0 tape
>> blocks
>> x usr/local/share/clamav/test/farm/farm.c, 8356
>> bytes, 17 tape blocks
>> x usr/local/share/clamav/test/mbox, 0 bytes, 0 tape
>> blocks
>> x usr/local/share/clamav/test/mbox/debugm.c, 1713
>> bytes, 4 tape blocks
>> x usr/local/share/clamav/test/clam-v2.rar, 350
>> bytes, 1 tape blocks
>> x usr/local/share/clamav/test/clam-v3.rar, 364
>> bytes, 1 tape blocks
>> x usr/local/share/clamav/test/README, 170 bytes, 1
>> tape blocks
>> x usr/local/share/clamav/test/clam.cab, 621 bytes, 2
>> tape blocks
>> x usr/local/share/clamav/test/clam.exe, 544 bytes, 2
>> tape blocks
>> x usr/local/share/clamav/test/clam.zip, 404 bytes, 1
>> tape blocks
>> x usr/local/share/clamav/test/clam.exe.bz2, 348
>> bytes, 1 tape blocks
>> x usr/local/share/clamav/test/libclamav, 0 bytes, 0
>> tape blocks
>> x usr/local/share/clamav/test/libclamav/libclamav.c,
>> 6650 bytes, 13 tape blocks
>> x usr/local/share/man, 0 bytes, 0 tape blocks
>> x usr/local/share/man/man1, 0 bytes, 0 tape blocks
>> x usr/local/share/man/man1/clamscan.1, 8005 bytes,
>> 16 tape blocks
>> x usr/local/share/man/man1/freshclam.1, 3622 bytes,
>> 8 tape blocks
>> x usr/local/share/man/man1/sigtool.1, 2346 bytes, 5
>> tape blocks
>> x usr/local/share/man/man1/clamdscan.1, 1690 bytes,
>> 4 tape blocks
>> x usr/local/share/man/man1/clamconf.1, 731 bytes, 2
>> tape blocks
>> x usr/local/share/man/man5, 0 bytes, 0 tape blocks
>> x usr/local/share/man/man5/clamd.conf.5, 9401 bytes,
>> 19 tape blocks
>> x usr/local/share/man/man5/freshclam.conf.5, 4840
>> bytes, 10 tape blocks
>> x usr/local/share/man/man8, 0 bytes, 0 tape blocks
>> x usr/local/share/man/man8/clamd.8, 2294 bytes, 5
>> tape blocks
>> x usr/local/share/man/man8/clamav-milter.8, 13862
>> bytes, 28 tape blocks
>> x usr/local/lib, 0 bytes, 0 tape blocks
>> x usr/local/lib/pkgconfig, 0 bytes, 0 tape blocks
>> x usr/local/lib/pkgconfig/libclamav.pc, 275 bytes, 1
>> tape blocks
>> x usr/local/lib/libclamav.so.2.0.4, 1145449 bytes,
>> 2238 tape blocks
>> x usr/local/lib/libclamav.so.2 symbolic link to
>> libclamav.so.2.0.4
>> x usr/local/lib/libclamav.so symbolic link to
>> libclamav.so.2.0.4
>> x usr/local/lib/libclamav.la, 977 bytes, 2 tape
>> blocks
>> x usr/local/lib/libclamav.a, 12

Re: [Clamav-users] Fw: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90

2007-02-17 Thread Luca Gibelli 

Hello Bill,

> I received this from the mimedefang list and I've applied the patch. Now pdfs 
> can be
> sent and received OK.
> 
> This is only a workaround, but it may help others until it gets sorted out.

Thanks, I added a reference on http://wiki.clamav.net/Main/UpgradeNotes090

I also encourage everybody to post more feedback on that page. 

Best regards

-- 
Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit 
[Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg


signature.asc
Description: Digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Fw: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90

2007-02-17 Thread Bill Maidment 
I received this from the mimedefang list and I've applied the patch. Now pdfs 
can be
sent and received OK.

This is only a workaround, but it may help others until it gets sorted out.

Cheers
Bill

-- Forwarded Message ---
From: Martin Blapp <[EMAIL PROTECTED]>
To: mimedefang@lists.roaringpenguin.com
Sent: Sat, 17 Feb 2007 08:39:19 +0100 (CET)
Subject: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90

Hi David,

If you use mimedefang 2.61 and clamd 0.90 together you will soon notice
a lot of errors in your maillog:

> Feb 15 19:05:45 filter1 mimedefang.pl[80173]: l1FI5gps090153: Clamd returned 
> error: Zip module failure

For this kind of error we have a fallback to clamscan in your config files.
Unfortunalty the fallback doesn't work anymore, because the clamav folks
have removed the --mbox option.

And I found other mails failing with this error:

> Feb 16 21:34:18 filter1 mimedefang.pl[80173]: l1GKY0OX024228: Clamd returned 
> error: Not supported data format

Nice. After adding "Not supported data format" to the zip regex, the mails
were checked sucessfully by clamscan instead of tempfailing. I guess we need 
this workaround too.

Martin

--- mimedefang.pl.in.orig   Thu Jan 18 15:43:12 2007
+++ mimedefang.pl.inSat Feb 17 08:29:06 2007
@@ -3669,7 +3669,7 @@

  # Run clamscan
  my($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} . " --mbox --stdout 
--disable-summary
--infected $path 2>&1");
+   run_virus_scanner($Features{'Virus:CLAMAV'} . " --stdout 
--disable-summary --infected
$path 2>&1");
  if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
  }
@@ -3693,7 +3693,7 @@

  # Run clamscan
  my($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --mbox --stdout 
--disable-summary
--infected ./Work 2>&1");
+   run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --stdout 
--disable-summary
--infected ./Work 2>&1");
  if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
  }
@@ -4506,10 +4506,10 @@
md_syslog('err', "$MsgID: Clamd returned error: $err_detail");
# If it's a zip module failure, try falling back on clamscan.
# This is despicable, but it might work
-   if ($err_detail =~ /zip module failure/i &&
+   if ($err_detail =~ /(?:zip module failure|Not supported data 
format)/i &&
$Features{'Virus:CLAMAV'}) {
my ($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --unzip 
--mbox --stdout
--disable-summary --infected $CWD/Work 2>&1");
+   run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --unzip 
--stdout --disable-summary
--infected $CWD/Work 2>&1");
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : 
$code);
}
@@ -4603,10 +4603,10 @@
md_syslog('err', "$MsgID: Clamd returned error: $err_detail");
# If it's a zip module failure, try falling back on clamscan.
# This is despicable, but it might work
-   if ($err_detail =~ /zip module failure/i &&
+   if ($err_detail =~ /(?:zip module failure|Not supported data 
format)/i &&
$Features{'Virus:CLAMAV'}) {
my ($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --unzip 
--mbox --stdout
--disable-summary --infected $CWD/Work 2>&1");
+   run_virus_scanner($Features{'Virus:CLAMAV'} . " -r --unzip 
--stdout
--disable-summary --infected $CWD/Work 2>&1");
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : 
$code);
}

Martin Blapp, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
--
ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH
Phone: +41 61 826 93 00 Fax: +41 61 826 93 01
PGP: 
PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E
--
--- End of Forwarded Message ---


--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

--- mimedefang.pl.in.orig   Thu Jan 18 15:43:12 2007
+++ mimedefang.pl.inSat Feb 17 08:29:06 2007
@@ -3669,7 +3669,7 @@
 
 # Run clamscan
 my($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} . " --mbox --stdout 
--disable

[Clamav-users] FW: [ GLSA 200501-46 ] ClamAV: Multiple issues

2005-02-01 Thread Jon Dossey 

Just wanted to make sure everyone was aware of this.  If you're not
running 0.81, now is a good time to upgrade!

> -Original Message-
> From: Sune Kloppenborg Jeppesen [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 31, 2005 1:42 PM
> To: [EMAIL PROTECTED]
> Cc: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com;
security-
> [EMAIL PROTECTED]
> Subject: [ GLSA 200501-46 ] ClamAV: Multiple issues
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> Gentoo Linux Security Advisory   GLSA
200501-46
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
>
http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> 
>   Severity: Normal
>  Title: ClamAV: Multiple issues
>   Date: January 31, 2005
>   Bugs: #78656, #79194
> ID: 200501-46
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> 
> Synopsis
> 
> 
> ClamAV contains two vulnerabilities that could lead to Denial of
> Service and evasion of virus scanning.
> 
> Background
> ==
> 
> ClamAV is an antivirus toolkit. It includes a multi-threaded daemon
and
> a command line scanner.
> 
> Affected packages
> =
> 
>
---
>  Package   /  Vulnerable  / Unaffected
>
---
>   1  app-antivirus/clamav   <= 0.80>= 0.81
> 
> Description
> ===
> 
> ClamAV fails to properly scan ZIP files with special headers
> (CAN-2005-0133) and base64 encoded images in URLs.
> 
> Impact
> ==
> 
> By sending a base64 encoded image file in a URL an attacker could
evade
> virus scanning. By sending a specially-crafted ZIP file an attacker
> could cause a Denial of Service by crashing the clamd daemon.
> 
> Workaround
> ==
> 
> There is no known workaround at this time.
> 
> Resolution
> ==
> 
> All ClamAV users should upgrade to the latest version:
> 
> # emerge --sync
> # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.81"
> 
> References
> ==
> 
>   [ 1 ] CAN-2005-0133
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0133
>   [ 2 ] ClamAV Release Announcement
> http://sourceforge.net/forum/forum.php?forum_id=440649
>   [ 3 ] Secunia SA13900
> http://secunia.com/advisories/13900/
> 
> Availability
> 
> 
> This GLSA and any updates to it are available for viewing at
> the Gentoo Security Website:
> 
>   http://security.gentoo.org/glsa/glsa-200501-46.xml
> 
> Concerns?
> =
> 
> Security is a primary focus of Gentoo Linux and ensuring the
> confidentiality and security of our users machines is of utmost
> importance to us. Any security concerns should be addressed to
> [EMAIL PROTECTED] or alternatively, you may file a bug at
> http://bugs.gentoo.org.
> 
> License
> ===
> 
> Copyright 2005 Gentoo Foundation, Inc; referenced text
> belongs to its owner(s).
> 
> The contents of this document are licensed under the
> Creative Commons - Attribution / Share Alike license.
> 
> http://creativecommons.org/licenses/by-sa/2.0


__

"The information transmitted is intended only for the person or entity to 
which it is addressed and may contain confidential, proprietary, and/or 
privileged material.  Any review, retransmission, dissemination or other 
use of, or taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is prohibited.  
If you received this in error, please contact the sender and delete 
the material from all computers."
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Fw: malware acl condition: unable to connect to sophie UNIX socket (/var/run/sophie). errno=2

2004-09-24 Thread Brian Morrison 
On Fri, 24 Sep 2004 15:07:38 +0200 in
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:

>  Cannot get my clamav intergrated with EXIM - whenever I enable clamd
>  scanning via. EXIM4s ACL I get a "451 Temporary local problem -
>  please try later" error from EXIM. As soon as I comment out the
>  following section in my EXIM4 config file, everything works.:
> 
> # GIMM - Reject viral content.
>  deny  message = This message contains malware ($malware_name)
>  demime = *
>  malware = *

You need an av_scanner directive in exim4.conf, there seem to be two
possibilities one of which needs to be uncommented and to match the
clamav.conf settings.

Clamav also needs to be able to read the directories where Exim puts the
temporary files for mail, I run Exim as user mail and clamav is a member
of the mail group.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Fw: malware acl condition: unable to connect to sophie UNIX socket (/var/run/sophie). errno=2

2004-09-24 Thread michael . gimm 

Hi there

Cannot get my clamav intergrated with EXIM - whenever I enable clamd scanning via. EXIM4s ACL I get a "451 Temporary local problem - please try later" error from EXIM. As soon as I comment out the following section in my EXIM4 config file, everything works.:

   # GIMM - Reject viral content.
deny  message = This message contains malware ($malware_name)
demime = *
malware = *

If i take a look in my /var/log/maillog i get this message when I enable clamav scanning:

--
2004-09-16 16:27:28 exim 4.34 daemon started: pid=8359, -q30m, listening for SMTP on port 25 (IPv6 and IPv4)
2004-09-16 16:27:28 Start queue run: pid=8360
2004-09-16 16:27:28 End queue run: pid=8360
2004-09-16 16:28:01 1C7xEh-0002As-L5 malware acl condition: unable to connect to sophie UNIX socket (/var/run/sophie). errno=2
2004-09-16 16:28:01 1C7xEh-0002As-L5 H=localhost (test) [127.0.0.1] F=<[EMAIL PROTECTED]> temporarily rejected after DATA
2004-09-16 16:28:04 SMTP call from localhost (test) [127.0.0.1] dropped: too many unrecognized commands (last was "ÿôÿý")
--

I can't see any refrences to a /var/run/sophie in any files in /etc ??

I'm running Debian Sarge with these sw levels:

ii  clamav 0.75.1-4   Antivirus scanner for Unix
ii  clamav-base0.75.1-4   Base package for clamav, an anti-virus utili
ii  clamav-daemon  0.75.1-4   Powerful Antivirus scanner daemon
ii  clamav-freshcl 0.75.1-4   Downloads clamav virus databases from the In
ii  libclamav1 0.75.1-4   Virus scanner library
ii  exim4-base 4.34-4 EXperimental Internal Mailer -- a Mail Trans
ii  exim4-config   4.34-4 Debian configuration for exim4
ii  exim4-daemon-h 4.34-4 Exim (v4) with extended features, including

My exim & clamav conf files are attached.

Please advice.


Best regards

Michael L Gimm
(See attached file: conf.zip)
<>

[Clamav-users] FW: Virus W32.Erkez.B@mm getting through

2004-06-21 Thread Michael St. Laurent 
Michael St. Laurent <> wrote:
> The Norton Antivirus running on our mail server is catching the virus
> "[EMAIL PROTECTED]" which appears to be getting past Clamav. 

Please disregard.  The autoupdater was not working.  Erkez is detected by
Clamav as "Zafi".  My mistake.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FW: Getting "functionality level = 1, required = 2" with 0.70

2004-05-05 Thread Michael St. Laurent 
Michael St. Laurent <> wrote:
> I have clamav-0.70 (the release version) installed but I'm seeing
> "Current functionality level = 1, required = 2" in the log file. 

  Nevermind, I found the problem.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-23 Thread Stephen Gran 
On Thu, Apr 22, 2004 at 02:24:17AM -0500, Jon Roland said:
> B. van Ouwerkerk wrote:
> >I've seen a message to this list about a GUI to maintain Clamav.
> 
> What I'm calling for is not just a GUI to set up and maintain clamav, 
> but a more comprehensive setup/maintenance utility for the complete 
> package of MUA (Mozilla by default), fetchmail, sendmail, procmail, 
> milter, clamav, and spamassassin, or variants for some of these, like 
> postfix or qmail. In other words, something that will enable Windows 
> users to make an easy transition to Linux and adopt it for the critical 
> application of email. That means they should be totally relieved of the 
> need to know or provide anything but the name of their incoming and 
> outgoing mail servers, account name, and password, to set up email 
> service that filters out almost all spam, viruses, and virus warnings 
> silently, putting the rest into their inboxes and without further 
> intervention (other than "training" the system to more accurately 
> filter, and diversion of messages to folders on the MUA). Virus 
> databases should be updated automatically and silently.
> 
> If members of this list are serious about getting Linux to displace 
> Windows, this is critical.

If it bugs you that much, write one.  This is open source, volunteer
driven work.  If you see something that you think needs doing, do it.
THe list you're sending to is for people interested in clamav, and
telling them that they must also write and maintain a utility that you
want isn't exactly fair.  Look into webmin and other similar things if
you like, or start from scratch.  I am happy with vim, but whatever
works for you.

-- 
 --
|  Stephen Gran  | Art is a lie which makes us realize the |
|  [EMAIL PROTECTED] | truth.   -- Picasso |
|  http://www.lobefin.net/~steve | |
 --


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread B. van Ouwerkerk 

Doubtful.  There will always be diversity in computing, and as long as 
users don't care one way or the other, Windows will always exist and 
probably will hold the desktop for a LNG time.  Which is fine.
The user only asks if he/she can do whatever needed on the OS that runs on 
the desktop. They don't really care how it's called.

An OS, any OS, is a tool nothing more, nothing less.



B. 



---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread Jon Roland 
Bart Silverstrim wrote:
On Apr 22, 2004, at 1:03 PM, Jon Roland wrote:

As for Linux and Windows, eventually "there can be only one". I prefer 
it be Linux or its descendant.
As for Chevy and Ford, eventually "there can be only one".  I prefer it 
be Chevy or its descendant.
Operating systems are more like railroad tracks than railroad cars. Once 
there were different grade tracks, but now variant-grade tracks survive 
in only a few specialized situations, like mines and amusement parks.

Once there were DC electric transmission lines. Remember beta, or OSI, 
or vinyl, or CP/M. Yes, there will be diversity in computer choices, but 
the implementation will become automated,just as much programming has 
already become modularized and abstracted using IDEs, class libraries 
and GUI program generators. How many program in binary or assembler any 
more?

Most of the application software I used to write doesn't get written 
anymore. It's mostly just modified or reused. Sysadms should not count 
on having a job for more than a few more years. What can be automated 
will be automated, and that means almost everything.

-- Jon


Starflight Corporation7793 Burnet Road #37, Austin, TX 78757
512/374-9585 www.the-spa.com/jon.roland/  [EMAIL PROTECTED]

---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread Bart Silverstrim 
On Apr 22, 2004, at 1:03 PM, Jon Roland wrote:


As for Linux and Windows, eventually "there can be only one". I prefer 
it be Linux or its descendant.

As for Chevy and Ford, eventually "there can be only one".  I prefer it 
be Chevy or its descendant.

Doubtful.  There will always be diversity in computing, and as long as 
users don't care one way or the other, Windows will always exist and 
probably will hold the desktop for a LNG time.  Which is fine.  
I don't ~want~ Linux abstracted for "ease of use" until it no longer 
works :-)

-Bart



---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread Jon Roland 
B. van Ouwerkerk wrote:

This goes well beyond the perpose of this list. Would be nice if you 
want to use Linux on the desktop. Perhaps you can create a sort of 
windows installer look-alike and have it install everything needed. So, 
if you have some time left..
Not beyond the purpose of this list if this message eventually reaches 
and inspires a frustrated or time-limited user who is also a competent 
programmer who wants to build his reputation. Alas, as much fun as it 
would be to do it myself, after a heart attack and a stroke the days of 
life I have left are too few and precious to spend them doing things 
just for fun. Someone will eventually do it, so it might as well be 
someone on this list or someone to whom the suggestion is forwarded from 
this list.

As for Linux and Windows, eventually "there can be only one". I prefer 
it be Linux or its descendant.

-- Jon


Starflight Corporation7793 Burnet Road #37, Austin, TX 78757
512/374-9585 www.the-spa.com/jon.roland/  [EMAIL PROTECTED]

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread B. van Ouwerkerk 
At 02:24 22-04-2004 -0500, you wrote:
B. van Ouwerkerk wrote:
I've seen a message to this list about a GUI to maintain Clamav.
What I'm calling for is not just a GUI to set up and maintain clamav, but 
a more comprehensive setup/maintenance utility for the complete package of 
MUA (Mozilla by default), fetchmail, sendmail, procmail, milter, clamav, 
and spamassassin, or variants for some of these, like postfix or qmail. In 
other words, something that will enable Windows users to make an easy 
transition to Linux and adopt it for the critical application of email.
This goes well beyond the perpose of this list. Would be nice if you want 
to use Linux on the desktop. Perhaps you can create a sort of windows 
installer look-alike and have it install everything needed. So, if you have 
some time left..

If members of this list are serious about getting Linux to displace 
Windows, this is critical.
Knowing both worlds :-) I don't see Linux replacing Windows in the near 
future. Most business apps will not run. Yes you can probably replace those 
but thirth parties still require windows.



B. 



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread Fajar A. Nugraha 
Jon Roland wrote:

If members of this list are serious about getting Linux to displace 
Windows, this is critical.

IMHO, I don't think this is what we're discussing in this list.

--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread Jon Roland 
B. van Ouwerkerk wrote:
I've seen a message to this list about a GUI to maintain Clamav.
What I'm calling for is not just a GUI to set up and maintain clamav, 
but a more comprehensive setup/maintenance utility for the complete 
package of MUA (Mozilla by default), fetchmail, sendmail, procmail, 
milter, clamav, and spamassassin, or variants for some of these, like 
postfix or qmail. In other words, something that will enable Windows 
users to make an easy transition to Linux and adopt it for the critical 
application of email. That means they should be totally relieved of the 
need to know or provide anything but the name of their incoming and 
outgoing mail servers, account name, and password, to set up email 
service that filters out almost all spam, viruses, and virus warnings 
silently, putting the rest into their inboxes and without further 
intervention (other than "training" the system to more accurately 
filter, and diversion of messages to folders on the MUA). Virus 
databases should be updated automatically and silently.

If members of this list are serious about getting Linux to displace 
Windows, this is critical.

-- Jon


Starflight Corporation7793 Burnet Road #37, Austin, TX 78757
512/374-9585 www.the-spa.com/jon.roland/  [EMAIL PROTECTED]

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-22 Thread B. van Ouwerkerk 
At 14:49 21-04-2004 -0500, you wrote:
FYI. This is my last submission to the Mozilla Bugzilla that partially 
addresses the needs of newbies who want a user-friendly gui or wizard to 
set up and configure everything, requiring the user only to make choices 
among easily-understood menu options.
I've seen a message to this list about a GUI to maintain Clamav.

A perl script taking user input (shell) and writing the config file to disc 
would help?

Simply telling newbies to "learn Linux" doesn't suffice. We need to 
provide solutions for non-techies (which, though we might not admit it, 
are also likely to be useful to techies).
I hope none of the techies are looking forward to an introduction on how to 
use either vi(m) or pico :-)

If you dive into the water that doesn't mean you can swim, you'll have to 
learn it first..
Now why should it be so much different if someone tries to use a computer 
or an OS?

AFAIK all docs are pretty clear. I found the .pdf files very helpful in 
order to get going with Clamav. I did find a few things missing from the 
clamdoc.pdf (in the chapter about clamav-milter). I'm going to write a few 
mods and mail it to the maintainer of that doc so he can compile a new version.



B.  



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-21 Thread Jon Roland 
FYI. This is my last submission to the Mozilla Bugzilla that partially 
addresses the needs of newbies who want a user-friendly gui or wizard to 
set up and configure everything, requiring the user only to make choices 
among easily-understood menu options.

Simply telling newbies to "learn Linux" doesn't suffice. We need to 
provide solutions for non-techies (which, though we might not admit it, 
are also likely to be useful to techies).

--Jon

 Original Message 
Subject: [Bug 105169] Filter for Attachments
Date: Wed, 21 Apr 2004 12:26:36 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
http://bugzilla.mozilla.org/show_bug.cgi?id=105169





--- Additional Comments From [EMAIL PROTECTED]  2004-04-21 
12:26 PDT ---
After further research I have found that what seems to be needed is a 
convenient
way to integrate Mozilla, at least on Linux/Unix machines, to tools like 
Clamav
(for virus filtering), spamassassin (for spam filtering), and milter, 
and for
those of us who run local client machines that access a remote ISP's mail
server,  a quick way to set up to locally use fetchmail, sendmail, 
procmail, and
anything else needed for a complete solution. See
http://www.constitution.org/comp/linux.htm for links to these and 
related tools.
At this point I haven't figured out how to connect Mozilla to fetchmail 
for the
first step, and I propose that Mozilla account setup at least offer that 
option
as part of a setup wizard or list of options, which should ultimately 
enable the
novice user to set up those tools with little more difficulty than now 
attends
setting up email retrieval directly from an ISP's POP server. The wizard 
should
download, install, and configure all the above utilities to receive 
updates of
the virus db, have spamassassin learn to recognize spam from clicking 
the junk
button, edit the conf files, and leave the overall operation of Mozilla mail
appearing to work the same way, except that the spam and viruses no longer
appear in the Inbox (and hopefully also no more of the warning messages that
"you sent a virus-infected message" when you did not -- standard prepended
strings like "[infected mail]" or "[returned mail]" that could be 
filter-moved
to the Junk or Bounce folder would help a lot for that).

--
Configure bugmail: http://bugzilla.mozilla.org/userprefs.cgi?tab=email
--


Starflight Corporation7793 Burnet Road #37, Austin, TX 78757
512/374-9585 www.the-spa.com/jon.roland/  [EMAIL PROTECTED]

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FW: Source RPM for ClamAV-0.70-rc anyone?

2004-04-14 Thread Michael St. Laurent 
Michael St. Laurent <> wrote:
> Does anyone know where a Source RPM for ClamAV-0.70-rc might be found?

Never mind, I managed to roll my own.  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Fw: CLAMAV LOG ANALYZER

2004-01-30 Thread Tomasz Kojm 
Begin forwarded message:

Date: Fri, 30 Jan 2004 14:21:30 -0500
From: "Vijay Sarvepalli" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: CLAMAV LOG ANALYZER


I have developed a log analyzer to graphical view virus data for AV
engine loggers
currently supported for 
CLAMAV
RAV
VEXIRA

I am working on porting it to Fprot soon.  The works are at
http://pandaemail.sourceforge.net/av-tools/

I use clamav-milter and use the quarantine manager also, that I wrote
simple shell script.  You are welcome to post these information to your
site as well.


Vijay


Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED] www.ClamAV.net
 (\/)\. http://www.clamav.net/gpg/tkojm.gpg
\..._   0DCA5A08407D5288279DB43454822DC8985A444B
  //\   /\  Fri Jan 30 23:31:37 CET 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Fw: Debian Linux + Sendmail + clamav-milter: don't work - what's wrong?

2003-11-24 Thread Michael V. Khaletsky 
>From: "Alex Ballos" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: Re: [Clamav-users] Debian Linux + Sendmail + clamav-milter: don't
work - what's wrong?
>Date: Fri, 21 Nov 2003 18:09:30 +0200
>Reply-To: [EMAIL PROTECTED]
>
>Just check the /etc/mail/sendmail.cf
>
>for
>
>O InputMailFilters=clmilter
>Xclmilter, S=local:/var/run/clamav/clmilter.sock, F=R, T=S:4m;R:4m;E:4m
>#
>

These entries in my sendmail looked like above mentioned
but not the same. There were:

O InputMailFilters=clmilter
Xclmilter, S=local:/var/run/clmilter.sock, F=, T=S:4m;R:4m


I just rewrote these entries according to your instruction:

O InputMailFilters=clmilter
Xclmilter, S=local:/var/run/clamd/clmilter.sock, F=R, T=S:4m;R:4m;E:4m

and restarted Sendmail.

Nothing happened.
All goes as if without Clamav at all.

M. Khaletsky

==
This is the continuation of the the message:
==
From: "Michael V. Khaletsky" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Fri, 21 Nov 2003 18:29:19 +0300
Subject: [Clamav-users] Debian Linux + Sendmail + clamav-milter: don't
work - what's wrong?
Reply-To: [EMAIL PROTECTED]

Hello again.
I have Debian Linux with Sendmail
Trying to install Clamav-milter into Sendmail.

1. Configure clamav
1.1. configure --sysconfdir=/etc --enable-milter
1.2. make
1.3. make install

2. Configure clamav.conf:
2.1. Comment line #Example
2.1. Uncomment next lines:
LocalSocket /var/run/clamd.sock
 ScanMail
 StreamSaveToDisk
3. Run clamd

clamd

4. clamd.log tells:
Fri Nov 21 17:44:37 2003 -> +++ Started at Fri Nov 21 17:44:37 2003
Fri Nov 21 17:44:37 2003 -> Log file size limited to 1048576 bytes.
Fri Nov 21 17:44:37 2003 -> Verbose logging activated.
Fri Nov 21 17:44:37 2003 -> Running as user clamav (UID 29335, GID
11001)
Fri Nov 21 17:44:37 2003 -> Reading databases from
/usr/local/share/clamav
Fri Nov 21 17:44:38 2003 -> Protecting against 17977 viruses.
Fri Nov 21 17:44:38 2003 -> Unix socket file
/var/run/clamd/clamd.sock
Fri Nov 21 17:44:38 2003 -> Setting connection queue length to 30
Fri Nov 21 17:44:38 2003 -> Listening daemon: PID: 18203
Fri Nov 21 17:44:38 2003 -> Maximal number of threads: 10
Fri Nov 21 17:44:38 2003 -> Archive: Archived file size limit set to
10485760 bytes.
Fri Nov 21 17:44:38 2003 -> Archive: Recursion level limit set to 5.
Fri Nov 21 17:44:38 2003 -> Archive: Files limit set to 1000.
Fri Nov 21 17:44:38 2003 -> Archive support enabled.
Fri Nov 21 17:44:38 2003 -> RAR support disabled.
Fri Nov 21 17:44:38 2003 -> Mail files support enabled.
Fri Nov 21 17:44:38 2003 -> ThreadWatcher: Started in process 18205
Fri Nov 21 17:44:38 2003 -> Self checking every 3600 seconds.
Fri Nov 21 17:44:38 2003 -> Timeout set to 500 seconds.
Fri Nov 21 17:44:38 2003 -> SelfCheck: Database status OK.
Fri Nov 21 17:44:38 2003 -> SelfCheck: Integrity OK

5. Start clamav-milter:
/usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock

6. recompile sendmail.cf and restart sendmail
6.1. add entries into sendmail.mc:

INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clmilter.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')
6.2. recompile and reinstall sendmail.cf
6.3 restart sendmail

And ...
NOTNING HAPPENS
"X-Virus-Scanned" is absent in e-mail headers.



"netstat -a" output (portion):

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags   Type   State I-Node Path
unix  2  [ ACC ] STREAM LISTENING 519
/var/run/mysqld/mysqld.sock
unix  2  [ ACC ] STREAM LISTENING 760260
/var/run/clamd/clamd.sock
unix  10 [ ] DGRAM262/dev/log
unix  2  [ ACC ] STREAM LISTENING 1114
/tmp/.font-unix/fs7100
unix  2  [ ACC ] STREAM LISTENING 760434
/var/run/clmilter.sock
unix  3  [ ] STREAM CONNECTED 763272
unix  3  [ ] STREAM CONNECTED 763271
unix  2  [ ] DGRAM761668
unix  2  [ ] DGRAM760432
unix  2  [ ] DGRAM760249
unix  2  [ ] DGRAM736785
unix  3  [ ] STREAM CONNECTED 723456
unix  3  [ ] STREAM CONNECTED 723455
unix  3  [ ] STREAM CONNECTED 681555
unix  3  [ ] STREAM CONNECTED 681554
unix  3  [ ] STREAM CONNECTED 681553
unix  3  [ ] STREAM CONNECTED 681552
unix  3  [ ] STREAM CONNECTED 681549
un

[Clamav-users] FW: Freshclam bad viruses.db2 db checksum

2003-08-14 Thread Spicer, Kevin 
Theres a thread over on the MailScanner mailing list which suggests there may be a 
problem with the viruses.db2 file on clamav.elektrapro.com.  I've included part of the 
thread below...

NTIN Page Guy wrote:
> Hello Matthew,
> 
> I had to change my mirror for ClamAV this morning as well.  It
> checked for updates at 6:18am CST with no error, when it checked
> again at 8:18am CST it was reporting a bad checksum for viruses.db2
> 
> I changed my mirror and all is well again.  I guess they have a
> corrupt file up on the mirror clamav.elektrapro.com
> 
>  Thursday, August 14, 2003, you wrote:
> 
> 
>> After a change to mirrors.txt works for me too.
> 
>> Thanks for the heads up.
> 
>> Regards,
> 
>> ---
>> Matthew
> 
> 
> 
> 
>> Brent 
>> Sent by: MailScanner mailing list 
>> 08/14/2003 10:01 AM Please respond to MailScanner mailing list
> 
> 
>> To: [EMAIL PROTECTED]
>> cc:
>> Subject:Re: Freshclam bad viruses.db2 db checksum
> 
> 
>> Yes that mirror works for me now as well.
> 
> 
>> From: MailScanner mailing list [mailto:[EMAIL PROTECTED]
>> On Behalf Of Spicer, Kevin Sent: Thursday, August 14, 2003 9:51 AM
>> To: [EMAIL PROTECTED]
>> Subject: Re: Freshclam bad viruses.db2 db checksum
> 
>> seems to be working fine for me (using clamav.ozforces.com)
>> -Original Message-
>> From: Brent 
>> Sent: 14 August 2003 14:36
>> To: [EMAIL PROTECTED]
>> Subject: OT: Freshclam bad viruses.db2 db checksum
>> Just a FYI for anyone using clamav at the moment.  :
> 
>> freshclam
>> Current working dir is /usr/local/share/clamav
>> Checking for a new database - started at Thu Aug 14 09:30:13 2003
>> Connected to clamav.elektrapro.com.
>> Reading md5 sum (viruses.md5): OK
>> viruses.db is up to date.
>> Reading md5 sum (viruses2.md5): OK
>> Downloading viruses.db2
>>  done
>> ERROR: The checksum of viruses.db2 database isn't ok. Please check it
>> yourself or try again.
> 
>> The other mirrors seem to have the same issue.
> 
>> Brent
> 
> 
> 



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FW: Freshclam bad viruses.db2 db checksum

2003-08-14 Thread Spicer, Kevin 
Theres a thread over on the MailScanner mailing list which suggests there may be a 
problem with the viruses.db2 file on clamav.elektrapro.com.  I've included part of the 
thread below...

NTIN Page Guy wrote:
> Hello Matthew,
> 
> I had to change my mirror for ClamAV this morning as well.  It
> checked for updates at 6:18am CST with no error, when it checked
> again at 8:18am CST it was reporting a bad checksum for viruses.db2
> 
> I changed my mirror and all is well again.  I guess they have a
> corrupt file up on the mirror clamav.elektrapro.com
> 
>  Thursday, August 14, 2003, you wrote:
> 
> 
>> After a change to mirrors.txt works for me too.
> 
>> Thanks for the heads up.
> 
>> Regards,
> 
>> ---
>> Matthew
> 
> 
> 
> 
>> Brent 
>> Sent by: MailScanner mailing list 
>> 08/14/2003 10:01 AM Please respond to MailScanner mailing list
> 
> 
>> To: [EMAIL PROTECTED]
>> cc:
>> Subject:Re: Freshclam bad viruses.db2 db checksum
> 
> 
>> Yes that mirror works for me now as well.
> 
> 
>> From: MailScanner mailing list [mailto:[EMAIL PROTECTED]
>> On Behalf Of Spicer, Kevin Sent: Thursday, August 14, 2003 9:51 AM
>> To: [EMAIL PROTECTED]
>> Subject: Re: Freshclam bad viruses.db2 db checksum
> 
>> seems to be working fine for me (using clamav.ozforces.com)
>> -Original Message-
>> From: Brent 
>> Sent: 14 August 2003 14:36
>> To: [EMAIL PROTECTED]
>> Subject: OT: Freshclam bad viruses.db2 db checksum
>> Just a FYI for anyone using clamav at the moment.  :
> 
>> freshclam
>> Current working dir is /usr/local/share/clamav
>> Checking for a new database - started at Thu Aug 14 09:30:13 2003
>> Connected to clamav.elektrapro.com.
>> Reading md5 sum (viruses.md5): OK
>> viruses.db is up to date.
>> Reading md5 sum (viruses2.md5): OK
>> Downloading viruses.db2
>>  done
>> ERROR: The checksum of viruses.db2 database isn't ok. Please check it
>> yourself or try again.
> 
>> The other mirrors seem to have the same issue.
> 
>> Brent
> 
> 
> 



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] FW: Freshclam bad viruses.db2 db checksum

2003-08-14 Thread Tomasz Papszun 
On Thu, 14 Aug 2003 at 15:48:42 +0100, Spicer, Kevin wrote:

> Theres a thread over on the MailScanner mailing list which suggests
there may be a problem with the viruses.db2 file on
clamav.elektrapro.com.  I've included part of the thread below...
> 
[...]

It's already corrected. MD5 sum was wrong somehow.
Thanks for letting us know.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[clamav-users] Fw: OpenBSD Port Updated: clamav

2003-07-19 Thread Flinn Mueller 
Please test for 3.3-current.  It builds and runs fine on 3.1
I've updated 0.60 with some various bug fixes.  Many thanks for
everyone who sent feedback.  I've update the latest snapshot
(20030719)
port.

Changes
After many requests I finally put a default clamav.conf in
{SYSCONFDIR}.
Updated mirrors.
Patched my name mispelling in the docs.
Patch clamav.conf for OpenBSD specific stuff
Added a local socket.
Fixed permission issues on the virus db directory

Porthome:
http://activeintra.net/openbsd/article.php?id=5

 Regards,
Flinn


clamav-devel.tgz
Description: Binary data


clamav.tgz
Description: Binary data
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [clamav-users] FW: ezmlm warning

2003-06-24 Thread Stefke 

For the record, I know what's happening, just don't like it !!!

-Original Message-
From: Stefke [mailto:[EMAIL PROTECTED] 
Sent: dinsdag 24 juni 2003 17:05
To: [EMAIL PROTECTED]
Subject: [clamav-users] FW: ezmlm warning


Help 

Stefaan 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: dinsdag 24 juni 2003 16:47
To: [EMAIL PROTECTED]
Subject: ezmlm warning


Hi! This is the ezmlm program. I'm managing the [EMAIL PROTECTED]
mailing list.


Messages to you from the users mailing list seem to
have been bouncing. I've attached a copy of the first bounce message I
received.

If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the users mailing list, without further
notice.


I've kept a list of which messages from the users mailing list have 
bounced from your address.

Here are the message numbers:

   1143
   1155

--- Enclosed is a copy of the bounce message I received.

Return-Path: <>
Received: (qmail 30478 invoked for bounce); 12 Jun 2003 22:58:25 -
Date: 12 Jun 2003 22:58:25 -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: failure notice

Hi. This is the qmail-send program at elektra.elektrapro.com. I'm afraid I
wasn't able to deliver your message to the following addresses. This is a
permanent error; I've given up. Sorry it didn't work out.

<[EMAIL PROTECTED]>:
62.72.99.50 failed after I sent the message.
Remote host said: 552-MessageWall: Message score (1) has reached or exceeded
maximum (1):
552-1 MIME/REJECT: Message has an attachment with a filename not
accepted at this address ('SELIC.TXT.exe' contains '.exe')
552 MessageWall: This message is being rejected



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[clamav-users] FW: ezmlm warning

2003-06-24 Thread Stefke 
Help 

Stefaan 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: dinsdag 24 juni 2003 16:47
To: [EMAIL PROTECTED]
Subject: ezmlm warning


Hi! This is the ezmlm program. I'm managing the [EMAIL PROTECTED]
mailing list.


Messages to you from the users mailing list seem to
have been bouncing. I've attached a copy of the first bounce message I
received.

If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the users mailing list, without further
notice.


I've kept a list of which messages from the users mailing list have 
bounced from your address.

Here are the message numbers:

   1143
   1155

--- Enclosed is a copy of the bounce message I received.

Return-Path: <>
Received: (qmail 30478 invoked for bounce); 12 Jun 2003 22:58:25 -
Date: 12 Jun 2003 22:58:25 -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: failure notice

Hi. This is the qmail-send program at elektra.elektrapro.com. I'm afraid I
wasn't able to deliver your message to the following addresses. This is a
permanent error; I've given up. Sorry it didn't work out.

<[EMAIL PROTECTED]>:
62.72.99.50 failed after I sent the message.
Remote host said: 552-MessageWall: Message score (1) has reached or exceeded
maximum (1):
552-1 MIME/REJECT: Message has an attachment with a filename not
accepted at this address ('SELIC.TXT.exe' contains '.exe')
552 MessageWall: This message is being rejected



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Fw: Fw: Fw: En: Uma Fabula do Cotidiano

2003-06-05 Thread Ronan Lucio 
Tomasz,

I'm sorry. Please, forget the previous message.

I don't know how the virus passed throught the
anti-virus, but, when I tryed to send you, the
anti-virus blocked the message.

May by it was in the mail queue before I update
the database.

Ronan

On Thu, 5 Jun 2003 18:11:32 -0300
Ronan Lucio <[EMAIL PROTECTED]> wrote:

> Tomasz,
> 
> On Thu, 5 Jun 2003 17:16:46 +0200 (CEST)
> Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> 
> > > Hello,
> > > 
> > > I often receiving this virus, today and my viruses.db
> > > is updated.
> >  
> > No, your database isn't up to date.
> 
> Thank you very much, after I update the viruses database,
> it started detecting Sobig.C and Bugbear.B viruses, but,
> the attached virus still continue passing thought the anti-virus.
> 
> 
> # freshclam 
> Checking for a new database - started at Thu Jun  5 18:06:04 2003
> Current working dir is /usr/local/share/clamav
> Connected to clamav.elektrapro.com.
> Reading md5 sum (viruses.md5): OK
> viruses.db is up to date.
> Reading md5 sum (viruses2.md5): OK
> viruses.db2 is up to date.
> 
> 
> Thank's
> Ronan
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Fw: Fw: Fw: En: Uma Fabula do Cotidiano

2003-06-05 Thread Ronan Lucio 
Tomasz,

On Thu, 5 Jun 2003 17:16:46 +0200 (CEST)
Tomasz Kojm <[EMAIL PROTECTED]> wrote:

> > Hello,
> > 
> > I often receiving this virus, today and my viruses.db
> > is updated.
>  
> No, your database isn't up to date.

Thank you very much, after I update the viruses database,
it started detecting Sobig.C and Bugbear.B viruses, but,
the attached virus still continue passing thought the anti-virus.


# freshclam 
Checking for a new database - started at Thu Jun  5 18:06:04 2003
Current working dir is /usr/local/share/clamav
Connected to clamav.elektrapro.com.
Reading md5 sum (viruses.md5): OK
viruses.db is up to date.
Reading md5 sum (viruses2.md5): OK
viruses.db2 is up to date.


Thank's
Ronan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Fw: Fw: Fw: En: Uma Fabula do Cotidiano

2003-06-05 Thread Tomasz Kojm 
> Hello,
> 
> I often receiving this virus, today and my viruses.db
> is updated.
 
No, your database isn't up to date.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] FW: failure notice

2003-02-19 Thread Daniel Wiberg 
Just an install should do it, qmail-scanner needs it to handle 
attachments correctly.

BR,
Daniel Wiberg
tech mail wrote:

sorry, found reformine in 1.52...but now what?  just an install of Maildrop?
or do you just do something with reformine?
-Original Message-
From: tech mail [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 5:02 PM
To: '[EMAIL PROTECTED]'
Subject: [clamav-users] FW: failure notice


Man sometimes I feel real stupid...

What does this mean:

reformime from Maildrop 1.3.8+ 

I downloaded the latest Maildrop do I just run the install or do I have to
do something else?  I noticed that version 1.4 has reformine and version
1.52 does not.
Any help...thanks

-Original Message-
From: tech mail [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 4:26 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [clamav-users] Installation and configuration questions
Dan..thanks for the information. You saved me a lot of time toying with
AMAVIS and the daemon.
Thanks!

-Original Message-
From: Daniel Wiberg [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 4:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [clamav-users] Installation and configuration questions
Hi!

I have answered your questions further down.

tech mail wrote:

 

I am rather new to all of this, so I apologize...

Couple quick questions surrounding getting this up and running.
I would like to use it with qmail-scanner.
   

Works perfect for me.

 

I have completed the install of clam-av itself, and am trying to figure out
if I need to install the AMaViS package to get this to work with the
clam-av/qmail-scanner set-up.
   

Nope.

 

Also, does the integration with qmail-scanner require the clam-av daemon to
be running? I can't seem to find the answer there.
   

Nope, qmail-scanner uses clamscan.

 

lastly, I placed freshclam -d -c 2 -l /var/log/clam-update.log in the
rc.local (redhat 7.3), but it doesnt seem to be doing the trick
   

Don't know, I run it from crontab.

Hope I could help.

BR,
Daniel Wiberg
--
www.wiberg.nu
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [clamav-users] FW: failure notice

2003-02-18 Thread tech mail 
sorry, found reformine in 1.52...but now what?  just an install of Maildrop?
or do you just do something with reformine?


-Original Message-
From: tech mail [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 5:02 PM
To: '[EMAIL PROTECTED]'
Subject: [clamav-users] FW: failure notice




Man sometimes I feel real stupid...

What does this mean:

reformime from Maildrop 1.3.8+ 

I downloaded the latest Maildrop do I just run the install or do I have to
do something else?  I noticed that version 1.4 has reformine and version
1.52 does not.

Any help...thanks


-Original Message-
From: tech mail [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 4:26 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [clamav-users] Installation and configuration questions


Dan..thanks for the information. You saved me a lot of time toying with
AMAVIS and the daemon.

Thanks!


-Original Message-
From: Daniel Wiberg [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 4:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [clamav-users] Installation and configuration questions


Hi!

I have answered your questions further down.

tech mail wrote:

>I am rather new to all of this, so I apologize...
>
>Couple quick questions surrounding getting this up and running.
>I would like to use it with qmail-scanner.
>
Works perfect for me.

>I have completed the install of clam-av itself, and am trying to figure out
>if I need to install the AMaViS package to get this to work with the
>clam-av/qmail-scanner set-up.
>  
>
Nope.

>Also, does the integration with qmail-scanner require the clam-av daemon to
>be running? I can't seem to find the answer there.
>  
>
Nope, qmail-scanner uses clamscan.

>lastly, I placed freshclam -d -c 2 -l /var/log/clam-update.log in the
>rc.local (redhat 7.3), but it doesnt seem to be doing the trick
>
Don't know, I run it from crontab.

Hope I could help.

BR,
Daniel Wiberg
--
www.wiberg.nu


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[clamav-users] FW: failure notice

2003-02-18 Thread tech mail 


Man sometimes I feel real stupid...

What does this mean:

reformime from Maildrop 1.3.8+ 

I downloaded the latest Maildrop do I just run the install or do I have to
do something else?  I noticed that version 1.4 has reformine and version
1.52 does not.

Any help...thanks


-Original Message-
From: tech mail [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 4:26 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [clamav-users] Installation and configuration questions


Dan..thanks for the information. You saved me a lot of time toying with
AMAVIS and the daemon.

Thanks!


-Original Message-
From: Daniel Wiberg [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 4:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [clamav-users] Installation and configuration questions


Hi!

I have answered your questions further down.

tech mail wrote:

>I am rather new to all of this, so I apologize...
>
>Couple quick questions surrounding getting this up and running.
>I would like to use it with qmail-scanner.
>
Works perfect for me.

>I have completed the install of clam-av itself, and am trying to figure out
>if I need to install the AMaViS package to get this to work with the
>clam-av/qmail-scanner set-up.
>  
>
Nope.

>Also, does the integration with qmail-scanner require the clam-av daemon to
>be running? I can't seem to find the answer there.
>  
>
Nope, qmail-scanner uses clamscan.

>lastly, I placed freshclam -d -c 2 -l /var/log/clam-update.log in the
>rc.local (redhat 7.3), but it doesnt seem to be doing the trick
>
Don't know, I run it from crontab.

Hope I could help.

BR,
Daniel Wiberg
--
www.wiberg.nu


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[clamav-users] FW: anyone could answer my question?

2003-01-15 Thread Shazad Malik 





Hello -


If i cant compile the kernel as I am using the standard RedHat 7.3 kernel, so I cant 
install Clamuko!


But with freshclam i can download the latest signatures and run clamscan with the "/" 
argument to scan the entire system.

Is this solution the best way around if I cant get a deamon running as I cant compile 
a new kernel.


Cheers, 
shazad.

  1   2   >