Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-18 Thread Helmut Schneider 
Helmut Schneider wrote:

> Lynn Duerksen wrote:
> 
>>> Thats the point, if clamav would have detected the virus in
>>> the original mail I wouldn't have posted here... :)
>> 
>> I am experiencing similar problems on my OpenBSD 3.4 box and was
>> wondering if there has been any resolution on this issue.
> 
> I'm using 3.4, too.

Seems signature update 187 solved the issue, thanks to Diego d'Ambra.


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-17 Thread Lynn Duerksen 


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Helmut Schneider
> Sent: Wednesday, March 17, 2004 2:40 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
> INFECTED (Worm.Bagle.Gen-rarpwd)
> 
> Lynn Duerksen wrote:
> 
> >> Thats the point, if clamav would have detected the virus in the 
> >> original mail I wouldn't have posted here... :)
> > 
> > I am experiencing similar problems on my OpenBSD 3.4 box and was 
> > wondering if there has been any resolution on this issue.
> 
> I'm using 3.4, too.
> 
> 
I installed the latest csv and everything seems to work ok.  I feed a
saved-infected message and amavisd-new reported in the log:

Mar 17 13:38:17 TECHGATE1 amavis[8104]: (08104-04) INFECTED
(Worm.Bagle.Gen-rarpwd),
<[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]>, quarantine virus-20040317-133817-08104-04,
Message-ID: <[EMAIL PROTECTED]>, Hits: -

So it looks like were good to go!

Thanks to the Clamav team for the hardwork.

L A Duerksen



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-17 Thread Helmut Schneider 
Lynn Duerksen wrote:

>> Thats the point, if clamav would have detected the virus in
>> the original mail I wouldn't have posted here... :)
> 
> I am experiencing similar problems on my OpenBSD 3.4 box and was
> wondering if there has been any resolution on this issue.

I'm using 3.4, too.


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-16 Thread Lynn Duerksen 
> 
> Fajar A. Nugraha wrote:
> 
> > Helmut Schneider wrote:
> > 
> >>> seems that the clamav Port (0.67-1) has problems with RAR Files 
> >>> (e.g.
> >>> Bagle.N):
> >> 
> >> To avoid missunderstandings, I know the file is pwd, but 
> clamav does 
> >> not recognize the virus within the archive (maybe a DB problem)...
> >> 
> > Sometimes the signatures were created using the complete mail, so 
> > clamscan won't recognize the attachment alone but it will recognize 
> > the complete mail.
> > 
> > If you use clamscan, you can work around RAR errors using
> > --unrar[=FULLPATH]   Enable support for 
> .rar files
> > 
> > But since the RARs are password-protected, it's useless.
> > My suggestion is try feeding the complete virus mail to clamscan 
> > (instead of just the attachment), and see if it works.
> 
> Thats the point, if clamav would have detected the virus in 
> the original mail I wouldn't have posted here... :)
> 


I am experiencing similar problems on my OpenBSD 3.4 box and was
wondering if there has been any resolution on this issue.

I have an OpenBSD 3.3 stable box running in parallel with the OpenBSD
3.4 box that has caught the Worm.Bagle.Gen-rarpwd.

3.3 box running amavisd-new-20030616-p2 
patched to allow scanning of full message
clamav-0.67-1
unrar-2.50

3.4 box running amavisd-new-20030616-p8
/etc/amavisd.conf settings
$keep_decoded_original_re = new_RE(
qr'^MAIL$',   # retain full original message for virus checking
clamav-0.67-1
unrar-3.20beta3

Don't know if any of this information helps but only solution I have
right now is to ban all ".rar" files on the 3.4 box.

Thanks

L. A. Duerksen




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-16 Thread Helmut Schneider 
Fajar A. Nugraha wrote:

> Helmut Schneider wrote:
> 
>> Thats the point, if clamav would have detected the virus in the
>> original mail I wouldn't have posted here... :) 
>> 
> Aaah :)
> 
> In that case,
> test the original mail (not just the attachments) on
> http://www.gietl.com/test-clamav/.
> If it's not detected, submit it to
> 
> http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi

done.

Thanks, Helmut


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-16 Thread Fajar A. Nugraha 
Helmut Schneider wrote:

Thats the point, if clamav would have detected the virus in the original mail I wouldn't have posted here... :)

 

Aaah :)

In that case,
test the original mail (not just the attachments) on 
http://www.gietl.com/test-clamav/.
If it's not detected, submit it to

http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi

Judging form the last updates clamav *might* detect it now.

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-16 Thread Helmut Schneider 
Fajar A. Nugraha wrote:

> Helmut Schneider wrote:
> 
>>> seems that the clamav Port (0.67-1) has problems with RAR Files
>>> (e.g. 
>>> Bagle.N):
>> 
>> To avoid missunderstandings, I know the file is pwd, but clamav does
>> not recognize the virus within the archive (maybe a DB problem)... 
>> 
> Sometimes the signatures were created using the complete mail, so
> clamscan won't recognize the attachment alone but it will recognize
> the complete mail.
> 
> If you use clamscan, you can work around RAR errors using
> --unrar[=FULLPATH]   Enable support for .rar files
> 
> But since the RARs are password-protected, it's useless.
> My suggestion is try feeding the complete virus mail to clamscan
> (instead of just the attachment), and see if it works.

Thats the point, if clamav would have detected the virus in the original mail I 
wouldn't have posted here... :)


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-15 Thread Fajar A. Nugraha 
Helmut Schneider wrote:

seems that the clamav Port (0.67-1) has problems with RAR Files (e.g.
Bagle.N): 
   

To avoid missunderstandings, I know the file is pwd, but clamav does not recognize the virus within the archive (maybe a DB problem)...

 

Sometimes the signatures were created using the complete mail, so 
clamscan won't recognize the attachment alone but it will recognize
the complete mail.

If you use clamscan, you can work around RAR errors using
   --unrar[=FULLPATH]   Enable support for .rar files
But since the RARs are password-protected, it's useless.
My suggestion is try feeding the complete virus mail to clamscan 
(instead of just the attachment), and see if it works.

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

2004-03-15 Thread Helmut Schneider 
Helmut Schneider wrote:

> seems that the clamav Port (0.67-1) has problems with RAR Files (e.g.
> Bagle.N): 

To avoid missunderstandings, I know the file is pwd, but clamav does not recognize the 
virus within the archive (maybe a DB problem)...

Please do not feed my mailbox, Swen already got that job


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users