On Mon, 26 Jan 2004, Kevin Spicer wrote:
On Mon, 2004-01-26 at 23:19, Rick Macdougall wrote:
McAfee has picked it up and is calling it MyDOOM.
Symantec are calling it [EMAIL PROTECTED]
And Kaspersky don't seem to have any name or even any kind of information
for it.
--
Tim Wilde
[EMAIL
I got bizarre errors with my last two posts, so here goes again. Sorry
if this double-posts...
On Jan 23, 2004, at 10:28 AM, OpenMacNews wrote:
given the flurry of discussion re: clamav on OSX, i though i'd just
offer as an fyi, 0.65 builds/runs flawlessly for me
on OSX 10.2.x 10.3.x on a
given the flurry of discussion re: clamav on OSX, i though i'd just
offer as an fyi, 0.65 builds/runs flawlessly for me
on OSX 10.2.x 10.3.x on a variety of stock upgraded boxes.
I can confirm that it builds fine on 10.3.
As I understand it, Apple fully supported pthreads as of 10.2.
On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
Any suggestions? It finds other virii fine when they are still encoded,
maybe the definitions need to be added for its MIME version?
Please forward an *original* copy (hmm, that's a contradiction in terms)
of the e-mail to me at [EMAIL
On Tuesday 27 Jan 2004 7:46 am, Jay wrote:
I seem to be having some virii sneaking past my clamAV net. they
all come as bounces from a remote qmail server that has it's own sender
envelope with headers and a message containing a reason for the mail
getting rejected with something like:
Thank,
Os: Linux ReHat 9.0
MTA: Sendmail 8.12.10 ( with cyrus, inflex, spamassassin )
Clamav: 0.65 ( and 0.60 )
my english isn't good :( but clamd.log only say:
Mon Jan 26 10:52:24 2004 - Accepted connection on port 32313, fd 5
Mon Jan 26 10:52:49 2004 - Accepted connection on port
Quoting Jo Mills [EMAIL PROTECTED]:
Dear All,
I just (09:00 hrs GMT, Mon 26th Jan 2004) downloaded the latest
tarball to try out the OLE2 / VBA stream stuff on our file server.
/configure seemed to go OK, I then tried make and got:
In file included from scanners.c:39:
This new Mimail variant looks nasty - does anyone know if the following
information is true ? and, if so, presumably we need more than just a
pattern update to catch this one!
Thanks,
Andy
; The most important modification in Mimail.q are the polymorphic
; encryption keys inbuilt to fool
Hi all,
I administer a Linux file server and have just installed Clam with
Clamuko to scan the file shares. If I drop a virus onto a share from a
remote computer, clamd.log successfully says that the virus has been
found.
However, I'm trying to get Clam to then e-mail me that the virus has
been
On Tue, 27 Jan 2004 at 10:49:45 +, Andy Fiddaman wrote:
This new Mimail variant looks nasty - does anyone know if the following
information is true ? and, if so, presumably we need more than just a
pattern update to catch this one!
Thanks,
Andy
; The most important modification
Andy Fiddaman wrote the following on 01/27/2004 11:49 AM :
This new Mimail variant looks nasty - does anyone know if the following
information is true ? and, if so, presumably we need more than just a
pattern update to catch this one!
Thanks,
Andy
; The most important modification in Mimail.q
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this happening?
Cheers
Brian
--
Brian J Read
Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this happening?
Cheers
Brian
Which
Hi,
I call spamc from amavisd-new. amavisd-new has an option to not send notification
based on a regexp.
How are you using clam ??
Regards
Mick Pollard ( lunix )
snip
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|Bagle|yaha|braid|sobig|fizzer|palyh|peido|holar'i
,
Nigel,
I have several examples of this. Even with older virii.
Would you be interested in them as well?
Shawn
On Tue, 27 Jan 2004 08:52:58 + Nigel Horne [EMAIL PROTECTED]
exclaimed:
On Tuesday 27 Jan 2004 3:11 am, McKeever Chris wrote:
Any suggestions? It finds other virii fine
Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this happening?
I'm using
At 14:57 27/01/2004, you wrote:
Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this
Hi list,
We are running clamav-0.54. This morning, we add an attack of the new virus
Worm.SCO.A, and our mail server didn't catch up with the virus because
freshclam failed at updating the database.
Each day, we have a database update scheduled at 8:00AM, via crontab, like
this -
0 8 * * *
On Tuesday 27 Jan 2004 4:14 pm, McKeever Chris wrote:
Nigel - thanks for the reply - I didnt have an original, because they do
get caught by the second filter... I will play around with it and see if I
can..however, I sent you an attached file witht the virus that does get
through clam
I'd
it finds it fine when it is still an attachment, or after the file has been extracted
from the email?
---
Chris McKeever
If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com
http://www.prupref.com
On Tue, 27 Jan 2004 09:24 ,
El mar, 27-01-2004 a las 11:21, McKeever Chris escribió:
it finds it fine when it is still an attachment, or after the file has been
extracted from the email?
When the file is still attached
Only last night i update virus dB with freshclam, an this morning
another update.
Grettings.
I have checked the archives and got a tip that sendmail may not have
installed libmilter even though I compiled and built it with the appropriate
flags. So I manually ran ./Build ./Build install in the libmilter src and
it is now installed. I checked the configure logs and the appropriat flags
Since the SCO virus has a list of common first names it couples with domains
it finds, one of our employees, [EMAIL PROTECTED] got a bunch of
undeliverable bounces back (unknown users, etc.). These bounces contain the
full virus in the form of the complete source of the original email dumped at
On Tuesday 27 January 2004 09:16 am, Nigel Horne wrote:
On Tuesday 27 Jan 2004 4:14 pm, McKeever Chris wrote:
Nigel - thanks for the reply - I didnt have an original, because they do
get caught by the second filter... I will play around with it and see if
I can..however, I sent you an
Brian Read wrote the following on 01/27/2004 01:53 PM :
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender with a notification.
As the reply to is spoofed, this makes no sense at all (and i am
getting lots of bounces). How do we
On Tue, 27 Jan 2004, Matthew Trent wrote:
Since the SCO virus has a list of common first names it couples with domains
it finds, one of our employees, [EMAIL PROTECTED] got a bunch of
undeliverable bounces back (unknown users, etc.). These bounces contain the
full virus in the form of the
On Tuesday 27 Jan 2004 5:32 pm, james nelson wrote:
Yet after a make, make install still now clamav-milter...
Which operating system?
Which version of clamAV?
Which version of clamav-milter?
I am lost.
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.
Hello,
I recently installed clamav-0.65 from the prebuilt binaries for fedora
core 1. The installation was smooth. I've integrated the clamav milter
into sendmail and it is definately checking email for virii. However, the
email is not quarantined or removed, even if it contains a virus. I'm
I don't want to labour the point, but let me make this clear.
ClamAV DOES find SCO.a in attachments.
ClamAV DOES NOT find viruses in bounce message bodies, all of the examples being
posted are of bounces. Bounce messages do not have attachments, though they ofteb
look like they do. This is a
Try clamscan rather than clamdscan. I was having a similar problem and
it started working when I used clamscan rather than clamdscan. I
assumed it was a config issue on my part, but
On Tue, 2004-01-27 at 12:05, Erik Bourget wrote:
I have no idea how this mail got so messed up, heh. I
Hi,
Don't you need the ScanMail option in your clamd.conf file to correctly
scan emails?
Regards,
Rick
Erik Bourget wrote:
I have no idea how this mail got so messed up, heh. I guess I'll try again.
Hey,
Clam does catch other viruses but is failing to catch this sco.a thing for
some
On Tuesday 27 January 2004 10:38 am, Christopher X. Candreva wrote:
On Tue, 27 Jan 2004, Matthew Trent wrote:
Since the SCO virus has a list of common first names it couples with
domains it finds, one of our employees, [EMAIL PROTECTED] got a bunch
of undeliverable bounces back (unknown
I take that back -- one of my users just sent me a bounce with the full
virus in it.
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
I got clamd+clamav-milter working on my Redhat 9 mail server and it is
blocking all of the latest worms. My question is this.
Does clamav-milter delete these emails or move them to some quarantine
directory. I am using a default rpm install from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/
Hi,
I'am using qmail 1.03, qmail-scanner 1.16 and spamassasin 2.60 on
mandrake 9.0.
Everything worked fine (It detected some viruses).
Today I upgraded from 0.60 to 0.65. I just deleted old databses and ran
: ./configure; make; make install
Then I restarted the computer.
And now I send mail
Quoting [EMAIL PROTECTED]:
Hi All,
I'm using ClamAV + MD 2.39 at my Mail Server, and experiencing some
problems with clamd here:
in general it works fine, but sometimes it dies with this error in log file:
Tue Jan 27 09:58:59 2004 - /var/spool/MIMEDefang/mdefang-
On Tuesday 27 January 2004 11:12 am, Nigel Horne wrote:
I don't want to labour the point, but let me make this clear.
ClamAV DOES find SCO.a in attachments.
ClamAV DOES NOT find viruses in bounce message bodies, all of the examples
being posted are of bounces. Bounce messages do not have
Hi,
I'am using qmail 1.03, qmail-scanner 1.16 and spamassasin 2.60 on
mandrake 9.0.
Everything worked fine (It detected some viruses).
Today I upgraded from 0.60 to 0.65. I just deleted old databses and ran
: ./configure; make; make install
Then I restarted the computer.
And now I send mail
Richard,
I had this very problem today on a fedora box. By default, with those
rpm's, it doesn't seem to do anything. The virus is detected, but the
email is allowed to pass through. I messed with this for a few hours and
could not get it to do anything with the email.
So, I just finished
Title: http file uploads PHP Clamav
Does anyone know how to use clamscan to scan http web uploads on and Apache/PHP server ?
Many Thanks
David
Which operating system? RedHat 9
Which version of clamAV? 0.65
Which version of clamav-milter? Included with clamav 0.65
Sendmail version 8.12.11
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools
Trying to re-compile on FreeBSD 4.7 w/ milter
# ./configure --prefix=/usr/local --enable-milter
It fails with the error messages below.
Any help or suggestions would be great.
checking build system type... i386-unknown-freebsd4.7
checking host system type... i386-unknown-freebsd4.7
checking
Hi
Is it normal that an output like lsof |grep clamd gives more and more
rows like this...
clamd 19624 _clamd 33r VDIR0,0512 150257
/usr/local/share/clamav
I have had clamd started since 12 of january. But every time I check the
lsof |grep clamd I have some more rows
On Tue, Jan 27, 2004 at 08:29:29PM +0100, Peter Jamri?ko wrote:
Today I upgraded from 0.60 to 0.65. I just deleted old databses and ran
: ./configure; make; make install
Then I restarted the computer.
And now I send mail with test1 file (this file comes with clamav) as
attachment from
I'm using 0.65 + postfix and all the bounces passed thru clam.
Regards
Thiago
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Trent
Sent: Tuesday, January 27, 2004 5:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] SCO virus not
On Tue, 27 Jan 2004 at 12:53:54 +, Brian Read wrote:
I am getting lots of these, and clamav is detecting them fine, but it
clearly is trying to email back the sender with a notification.
As the reply to is spoofed, this makes no sense at all (and i am getting
Sure!
lots of bounces).
Hi,
I found it. (probably).
On some different mailing-list I found, that it may be problem of
softlimit.
I change it to a bit higher value and it works now.
Are you using softlimit ?
I have it here: /var/qmail/supervise/qmail-smtpd/run
Actually I don't know how big it should be. I will play
Walgamotte, David wrote the following on 01/27/2004 09:20 PM :
Does anyone know how to use clamscan to scan http web uploads on and
Apache/PHP server ?
Many Thanks
David
Depends on what you want exactly.
The easiest way is to modify the php code handling file uploads, pass
the whole file
On Tue, 27 Jan 2004 12:18:11 -0700
[EMAIL PROTECTED] wrote:
I also figured out that the cause for this error is damaged ZIP
archive.
So there's no problem - clamd properly recognized and logged it.
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED] www.ClamAV.net
Jason Holland wrote:
Richard,
I had this very problem today on a fedora box. By default, with those
rpm's, it doesn't seem to do anything. The virus is detected, but the
email is allowed to pass through. I messed with this for a few hours and
could not get it to do anything with the email.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello
(I sent a version of this a few days ago, but got messages back saying it
could not yet be delivered; I've not seen it reach the list, but apologies if
this is a repeat.)
I am finding that when freshclam updates the database and clamd
On Tue, 27 Jan 2004 11:28:03 -0700
[EMAIL PROTECTED] wrote:
I'm using ClamAV + MD 2.39 at my Mail Server, and experiencing some
problems with clamd here:
in general it works fine, but sometimes it dies with this error in log
file: Tue Jan 27 09:58:59 2004 - /var/spool/MIMEDefang/mdefang-
On Tue, 27 Jan 2004 20:29:29 +0100
Peter Jamriko [EMAIL PROTECTED] wrote:
27/01/2004 20:20:47:5486: run /usr/local/bin/clamscan -r
--tempdir=/var/spool...
Try to run this (exactly the same) command from cmd line and see what
happens.
Best regards,
Tomasz Kojm
--
oo.
On Tue, 27 Jan 2004 13:14:42 -0500
Brian Bruns [EMAIL PROTECTED] wrote:
Hello,
The --remove and --move options in clamscan and clamdscan do not
appear to be working in the latest CVS build as of about 5 minutes
ago.
They work only in clamscan and are not yet implemented in clamdscan (and
Hi,
I found it. (probably).
On some different mailing-list I found, that it may be problem of
softlimit.
I change it to a bit higher value and it works now.
Are you using softlimit ?
I have it here: /var/qmail/supervise/qmail-smtpd/run
Actually I don't know how big it should be. I will play
On Tuesday 27 Jan 2004 7:36 pm, Mailing Lists wrote:
Does clamav-milter delete these emails or move them to some quarantine
directory. I am using a default rpm install from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/
That depends in whether or not you're using either of the flags
I am running:
clamd / ClamAV version 0.65
ClamAV version 0.65, clamav-milter version 0.60p
on FreeBSD. I'm having a problem were clamav-milter often times
out:
Jan 27 13:53:06 net sm-mta[92538]: i0RKqYOj092538: Milter (clamav): timeout befo
re data read
Jan 27 13:53:06 net sm-mta[92538]:
Quoting Tomasz Kojm [EMAIL PROTECTED]:
On Tue, 27 Jan 2004 12:18:11 -0700
[EMAIL PROTECTED] wrote:
I also figured out that the cause for this error is damaged ZIP
archive.
So there's no problem - clamd properly recognized and logged it.
But why clamd dies then? If it's a damaged zip
Hello,
I was looking for a way to set up a cron job to, once per day, scan only
files that have changed in the last day. find works pretty well for that,
but the question is how to get the data to clamscan. My first thought was
xargs, but xargs isn't the most consistent when dealing with
On 2004-01-27, Walgamotte, David wrote:
Does anyone know how to use clamscan to scan http web uploads on and
Apache/PHP server ?
Maybe this will help: http://software.othello.ch/mod_clamav/
s.
--
(0 Jakub Jankowski [url]: s.atn.pl Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]:
On Tuesday 27 Jan 2004 6:52 pm, Jason Holland wrote:
I recently installed clamav-0.65 from the prebuilt binaries for fedora
core 1.
I don't know where you got pre-built ones from - I didn't do it so I can't
vouch for what's in it.
Anyway 0.65 does not support quarantine - 0.66 will. For a
In the recent slashdot post about av software spamming with replies
(http://ask.slashdot.org/article.pl?sid=04/01/27/2145223), there was an idea
about av databases containing a boolean flag that would say 'this worm fakes
from:, dont bother with bounces' or 'this worm has a valid from, send
On Tue, 27 Jan 2004 [EMAIL PROTECTED] wrote:
But why clamd dies then? If it's a damaged zip archive it should skip it, not
die, isn't it?
I just got two of these today that caused clamd to die, too. Haven't been
able to debug since the offending messages seem to have diappeared. Just
As the reply to is spoofed, this makes no sense at all (and i am getting
lots of bounces). How do we stop this happening?
if it's clamav-milter:
- do away with the smfi_setreply statement (at or near line 1524)
- set 'rc = SMFIS_DISCARD;' (instead of SMFID_REJECT) (at or near line
1522)
Not that I am aware of. Iinstalled sendmail from the src files not an RPM
- Original Message -
From: Nigel Horne [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 27, 2004 4:52 PM
Subject: Re: [Clamav-users] RE: Clamav-milter not installing
On Tuesday 27 Jan 2004 8:15
On Jan 23, 2004, at 10:28 AM, OpenMacNews wrote:
given the flurry of discussion re: clamav on OSX, i though i'd just
offer as an fyi, 0.65 builds/runs flawlessly for me
on OSX 10.2.x 10.3.x on a variety of stock upgraded boxes.
I can confirm that it builds find on 10.3.
i can't say i agree
66 matches
Mail list logo