On Tue, 20 Jan 2004 09:01:40 +0100, Tomasz Kojm wrote:
> On Mon, 19 Jan 2004 23:32:07 -0700
> Tommy McNeely <[EMAIL PROTECTED]> wrote:
>
>> Ouch... ok, so does anyone know if I installed gcc and used that if the
>> problem goes away (I am not using 64bit mode on the Sun
>
> Yeah, that should help
Hi Guys,
I spent some time in the list archives looking for an answer on this and I
may of missed it. Has the issue of Clamav missing known and detected (when
in binary form anyway) virii when they are attached to an email (mime
encoded), mbox or Maildir, been solved?
Just curious.
Shawn
--
Hi,
I am using clamdscan with qmail in conjuction with dot-qmail files.
I have in .qmail
| /usr/local/bin/clamdscan -; [ $? != 1 ] || exit 99
./Maildir/
# ps aux | grep clamd
root 7967 0.0 4.2 29396 10776 ? S20:54 0:00 clamd
When I send a eicar test vrus it was caught properly
Build of clamav-0.65 on OSX 10.1.4 dies in the following manner:
/usr/bin/ld: warning unused multiple definitions of symbol _optarg
"link editor" definition of _optarg in section (__DATA,__common)
/usr/lib/libSystem.dylib(getopt.o) unused definition of _optarg
/usr/bin/ld: warning unused multiple
hmm
yes clamav does detect Bagle now, but when we first got hit with Bagle
it was undetected for about 2 hours...
(i.e. clamav virus db was about 2 hours behind our first sighting of
it). I was just wondering how to
add virus signatures to our own database immediately (the signatures.pdf
file sa
Has anyone noticed that enabling the LogSyslog option causes everything
to be logged twice? Or is it just something odd on my machine (sample
below)?
Jan 20 00:11:02 gateway clamd[19226]: Reading databases from
/var/lib/clamav
Jan 20 00:11:02 gateway clamd[19226]: Reading databases from
/var/l
jonathan soong wrote:
i think you can also transform the CVD file into a human readable thing?
i'm not sure, but if you do: sigtool --unpack-current daily.cvd
you get a human readable viruses.db, i'm not sure where this is
actually generated from? (your system or the online database?)
does anyon
i think you can also transform the CVD file into a human readable thing?
i'm not sure, but if you do: sigtool --unpack-current daily.cvd
you get a human readable viruses.db, i'm not sure where this is actually
generated from? (your system or the online database?)
does anyone know where?
cheers
Kevin Hanser wrote:
With the release of thei Bagle/Beagle/whatever worm, I was asked to
check if our scanner (clamav) was updated to catch it. In previous
versions of ClamAV, when the virus definition file was plaintext, that
was easy for me as I would just grep the virus file and see if the
On Tue, 20 Jan 2004 12:52:25 +0100
Laurent Wacrenier <[EMAIL PROTECTED]> wrote:
> > > Without saying 'stream: VIRUSNAME FOUND'? That's bad.
> >
> > No, it won't do that !
>
> As far I guess "stream:" is the "file name". What if the file name
> containts ": " or if the virus string contraints "F
Title: Message
With the release of
thei Bagle/Beagle/whatever worm, I was asked to check if our scanner (clamav)
was updated to catch it. In previous versions of ClamAV, when the virus
definition file was plaintext, that was easy for me as I would just grep the
virus file and see if the vir
Hi,
Just to let you know, I am receiving these errors:
ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from database.clamav.net (209.204.175.217)
ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from database.clamav.net (195.70.36.141)
ERROR: Malform
Le Mar 20 jan 09:01:29 2004, Jim Ramsay écrit:
> >I like that, it's probably less ambiguous than SHUTDOWN.
>
> Um... I think I meant that SHUTDOWN is less ambiguous than QUIT.
Probably true if you don't know the shutdown(2) system call who
half-close a socket :-)
> "What, me fail English? That
Jim Ramsay wrote:
I like that, it's probably less ambiguous than SHUTDOWN.
Um... I think I meant that SHUTDOWN is less ambiguous than QUIT.
"What, me fail English? That's unpossible!"
--
Jim Ramsay
---
The SF.Net email is sponsored by Eclips
Tomasz Kojm wrote:
On Mon, 19 Jan 2004 08:46:36 -0600
Jim Ramsay <[EMAIL PROTECTED]> wrote:
1 - I expected to be able to do multiple commands per TCP session...
for example:
Done (grab the latest version from CVS) - you can start a clamd session
with SESSION and finish it with END:
Excellent! I'l
Le Mar 20 jan 11:23:35 2004, Tomasz Kojm écrit:
> > IMHO, the main misfit of the STREAM command is the random TCP
> > port. You have to open your firewall to allow any connection to any
> > port from clamd clients to servers.
>
> Today night, I will add an option that will allow to limit the port
Le Mar 20 jan 11:27:27 2004, Tomasz Kojm écrit:
> > > PING/PONG is useless. It could have been better if the server had
> > > send a banner at connection startup.
> >
> > Good point - that's much better for determining server state upon
> > connection. This banner should also include the clamd v
On Tue, 2004-01-20 at 11:12, Fajar A. Nugraha wrote:
> Kevin Spicer wrote:
>
> >I guess it depends on how much mail you handle! To put mine in
> >perspective I'm talking a daily load of only about 7000 messages of
> >which only about 3-4000 will be incoming. So probably about 1% of
> >incoming m
Kevin Spicer wrote:
I guess it depends on how much mail you handle! To put mine in
perspective I'm talking a daily load of only about 7000 messages of
which only about 3-4000 will be incoming. So probably about 1% of
incoming mail is Bagle (thats pretty much in line with the figures
message lab
On Mon, 19 Jan 2004 23:32:07 -0700
Tommy McNeely <[EMAIL PROTECTED]> wrote:
> Ouch... ok, so does anyone know if I installed gcc and used that if
> the problem goes away (I am not using 64bit mode on the Sun
Yeah, that should help.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PRO
On Mon, 19 Jan 2004 10:56:48 -0600
Jim Ramsay <[EMAIL PROTECTED]> wrote:
> > PING/PONG is useless. It could have been better if the server had
> > send a banner at connection startup.
>
> Good point - that's much better for determining server state upon
> connection. This banner should also inc
On Mon, 19 Jan 2004 08:46:36 -0600
Jim Ramsay <[EMAIL PROTECTED]> wrote:
> I was a bit confused when I first tried writing a script to connect to
>
> clamd 0.65 on a remote server and do scanning via the STREAM command:
>
> 1 - I expected to be able to do multiple commands per TCP session...
> f
On Mon, 19 Jan 2004 17:02:44 +0100
Laurent Wacrenier <[EMAIL PROTECTED]> wrote:
> IMHO, the main misfit of the STREAM command is the random TCP
> port. You have to open your firewall to allow any connection to any
> port from clamd clients to servers.
Today night, I will add an option that will a
23 matches
Mail list logo