Hi, Can clamav detected those virus that is
protected by a password in a zipped file?
Thanks
Hi!
I am using clamav/sendmail to scan mail for viruses.
I'd like to know whether is it possible to disable sending of notification
to sender of incomming mail about the virus in the e-mail.
As you know - viruses are using fake addreses, so the person in from field
could be not gilty at all.
J
According to http://www.gietl.com/test-clamav/
File is valid, and was successfully uploaded. clamav scans the file ...
Clamav-Output:/tmp/php3ttpQi: Worm.Bagle.A3 FOUND
And found something: Worm.Bagle.A3
But localy the clamscan dont remove the virus is let it spread over the
network
does any1 kno
Sorry, might not be the correct mailing list to post but any comments
are greatly appreciated.
I have successfully configured MailScanner with ClamAV-0.65. Tested it
with some of the known viruses like Mydoom and it was indeed detecting
it. Unfortunately, the new variant of virus (Worm.Bagle) w
Hello!
I have the problem that clamd sometimes crashes. I use ClamAV version
0.66 with clamav-milter version '0.66m' and sendmail 8.12.10 on Solaris
8.
In the clamd.log file I found the following messages:
Tue Mar 2 02:45:38 2004 -> SelfCheck: Database status OK.
Tue Mar 2 02:53:48 2004 -> ERRO
SO there is any possible way to make local clamscan to detect the virus
that i ask about cause seem to know about it
if so please give me some ideas
thanks
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web
/clamav-auto-build/clamav-devel-20040301/clamd'
What does a 386 binary doing here? Surely my gcc can't produce that?
Sure enough, I found these files on source tarball:
./clamd/dazukoio.o
./clamd/dazukoio_compat12.o
Deleted these files, and clamav compiles OK.
Regar
On Tue, Mar 02, 2004 at 12:00:28PM +0800, Me Its said:
> I am using debian - sid, but I got error when I apt-get upgrade, when
> it tries to install the new ClamAV
>
> Setting up clamav-base (0.67-5) ...
> dirname: too few arguments
> Try `dirname --help' for more information.
> dpkg: error proce
On Tue, Mar 02, 2004 at 12:00:28PM +0800, Me Its wrote:
| I am using debian - sid, but I got error when I apt-get upgrade, when
| it tries to install the new ClamAV
| What should I do next ?
Look for a related bug report on http://bugs.debian.org. If there is
none, report the bug. At any rate,
On Mar 1, 2004, at 11:00 PM, Me Its wrote:
I am using debian - sid, but I got error when I apt-get upgrade, when
it tries to install the new ClamAV
Sounds like something is odd. I just did that myself and now:
# dpkg --list | grep clamav
ii clamav 0.67-5 Antivirus scanner for Uni
I am using debian - sid, but I got error when I apt-get upgrade, when
it tries to install the new ClamAV
Setting up clamav-base (0.67-5) ...
dirname: too few arguments
Try `dirname --help' for more information.
dpkg: error processing clamav-base (--configure):
subprocess post-installation script
On Mon, Mar 01, 2004 at 09:52:25PM -0500, Frank DeChellis DSL said:
> On Mon, 1 Mar 2004, Stephen Gran wrote:
> > On Mon, Mar 01, 2004 at 03:47:57PM -0500, Frank DeChellis DSL said:
> > > Hi.
> > >
> > > We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
> > > server. I just setup
I have those settings in there but there seems to be no communication
between the 2 units. Is there an ACL entry for exim?
Is there a way to tell if the 2 systems are talking?
Thanks
Frank
On Mon, 1 Mar 2004, Stephen Gran wrote:
> Date: Mon, 1 Mar 2004 20:37:53 -0500
> From: Stephen Gran <[EM
On Mon, Mar 01, 2004 at 09:06:12PM +0100, Erik Corry wrote:
| On Mon, Mar 01, 2004 at 05:31:35PM +0700, Fajar A. Nugraha wrote:
| > Bill Taroli wrote:
| > However, judging from the fact that it IS spreading in my network now,
| > some people tend to do exactly that.
|
| Kaspersky have added the
On Mon, Mar 01, 2004 at 03:47:57PM -0500, Frank DeChellis DSL said:
> Hi.
>
> We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
> server. I just setup clamav on a separate server.
>
> How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
> configuration to us
>Please post an example of the bounce message, then I can see where it's coming from.
>-Nigel
Hi Nigel,
From: MAILER-DAEMON
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Virus intercepted
A message you sent to [EMAIL PROTECTED] contained a virus and has not been delivered.
stream: Worm.Bagl
On Mon, 1 Mar 2004 11:01:19 -0800 (PST)
Ninetwoaccord <[EMAIL PROTECTED]> wrote:
> I scanned manually using clamscan -v yep.msg (the
You must enable ScanMail in clamav.conf (for clamd) and use --mbox in
clamscan.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\.
On Mon, 1 Mar 2004, Frank DeChellis DSL wrote:
> Hi.
>
> We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
> server. I just setup clamav on a separate server.
>
> How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
> configuration to use clam off another s
Nope not a typo, an overlook. Thank you VERY much for
taking the time to read my post. Freshclam was running
24 times a day, and it stopped on the 23rd. Ran the
update and it detected the virus.
Thanks again for your time. Now to find out why it
stopped on the 23rd...
Ian
--- Patrik Nilsson <[E
On Mon, Mar 01, 2004 at 09:06:12PM +0100, Erik Corry wrote:
> On Mon, Mar 01, 2004 at 05:31:35PM +0700, Fajar A. Nugraha wrote:
> > Bill Taroli wrote:
> >
> > >Perhaps a silly question... if the .ZIP attachment is passworded, how
> > >are the target users supposed to be opening them and getting i
At 11:01 2004-03-01 -0800, Ninetwoaccord wrote:
I checked to make sure I have been updating my
definitions correctly and I have. Last update was Mon
Feb 23 at 15:04:35 2004. (This morning)
Was that a typo?
If not - Feb 23 was monday last week, not this morning...
Patrik
---
Hello Kristof, thank you VERY much for your response.
I tried what you suggested and it did not find the
virus. I also have mail scanning on.
One other person replied and requested I send them the
.zip file and clamAV did not detect it as
worm.somefool.B
This is what they detected:
The virus de
Hi.
We are running Exim 4.2 with Exiscan and SpamAssassin on a separate
server. I just setup clamav on a separate server.
How do I structure av_scanner = clamd:/var/run/clamd.ctl line in my exim
configuration to use clam off another server?
What do I enter in my clamav.conf to give another serv
Ninetwoaccord wrote:
I wanted to make sure my archive scanning settings
were correct for clamd. I searched these email
archives and found that Archive support should be
turned on (it was) as well as StreamSaveToDisk (it
wasn't). I tested with StreamSaveToDisk and it still
did not find the virus.
is
On Mon, 01 Mar 2004 14:43:27 +0100
Kristof Hardy <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Clamd (v067-1) on our CGPro just reported:
> Mon Mar 1 14:16:10 2004 -> /tmp/cgpavyuPWe6: Suspected.Zip FOUND
>
> Now, I have searched the mailing list archives and did a "sigtool
> --list-sigs | grep -i Susp
On Mon, Mar 01, 2004 at 05:31:35PM +0700, Fajar A. Nugraha wrote:
> Bill Taroli wrote:
>
> >Perhaps a silly question... if the .ZIP attachment is passworded, how
> >are the target users supposed to be opening them and getting infected?
> >Has the password been included in the email in which the
On Mon, Mar 01, 2004 at 05:53:59PM +0100, Thomas Lamy wrote:
> >But my local copy is not working. I checked the syslog and it says
> >nothing other then the message is clean. Any ideas where to start
> >checking?
>
> What is your exact setup, i.e. what is the "glue" between your mailer
> and clam
Hello, I have just joined the email list and would
like to thank everyone in advance for their help. I
have searched the archives and google until my eyes
have hurt and have waited about 10 days before
escelating my issue to this list.
Here is my issue. I have setup
Postfix/Amavis-new/ClamAV/Spam
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Marc Brooks
>
> Is it possible to turn off the e-mail notification that is
> returned to the
> user (who sent the virus)?
>
> Running Clamav 0.67 w/ milter on FreeBSD 4.7
Yup - don't use --bounce
cat filename | clamdscan -
Marc Cuypers [EMAIL PROTECTED] wrote:
> Hi,
>
> I'm running clamav 0.60 on Debian.
>
> Can I 'cat' a file to clamdscan, or must it be a physical file on the disk?
>
> Thanks for your time,
>
> --Marc
>
>
>
> ---
Hello All,
Is it possible to turn off the e-mail notification that is returned to the
user (who sent the virus)?
Running Clamav 0.67 w/ milter on FreeBSD 4.7
Marc S. Brooks
Programmer/Systems Admin
975 Andreasen
Escondido, CA 92029
760-740-2625 ph
760-740-2643 fx
-
Peter McCreath wrote:
--- Loren Salsgiver <[EMAIL PROTECTED]> wrote: >
Norton AntiVirus removed the attachment:
bill.zip.
>>The attachment was infected with the
[EMAIL PROTECTED] virus.
>>
This seems to be common, can anyone help?
Loren
I;m having the same problem, it always seems to be
Bse
On Monday 01 Mar 2004 4:55 am, Stevens, John wrote:
> Hi All,
> I have clamd and clamav-milter (0.67-1) on my two mail gateways, and am
> really happy with the performance and detection rates. Job well done to
> the devs. The only problem I have at the moment is getting alerted to a
> virus detect
Matthew Daubenspeck wrote:
I am using the backported.org package of ClamAV:
$ clamscan --version
clamscan / ClamAV version 0.67+CVS20040221
So far clam has been catching 90% of the viruses that are sent to the
server, but it has missed a few others. I downloaded the specific virus
itself and tried
On Mon, 01 Mar 2004 at 8:18:25 -0600, Joe Kletch wrote:
> >sigtool --list-sigs
>
> Does not work on my install. Is the best way to get this corrected to
> upgrade Clam 0.67?
>
> mail burtonmayer.com $ clamd -V
> clamd / ClamAV version 0.65
>
Please, don't "top-post".
Yes.
--
Tomasz Papszu
On Mon, 2004-03-01 at 10:37, Philipp Grosswiler wrote:
> Well, this happened about 2-3 times (before, I was not able to use gdb). But
> I am using the current CVS snapshot (20040229) and it is working great until
> now. I didn't have any crashes since then. Could be that it is already
> solved in t
--- Loren Salsgiver <[EMAIL PROTECTED]> wrote: >
>>Norton AntiVirus removed the attachment:
> bill.zip.
> >>The attachment was infected with the
> [EMAIL PROTECTED] virus.
> >>
>
> This seems to be common, can anyone help?
>
> Loren
>
>
>
I;m having the same problem, it always seems to be
B
I am using the backported.org package of ClamAV:
$ clamscan --version
clamscan / ClamAV version 0.67+CVS20040221
So far clam has been catching 90% of the viruses that are sent to the
server, but it has missed a few others. I downloaded the specific virus
itself and tried to submit it using the on
Joe Kletch wrote:
sigtool --list-sigs
Does not work on my install. Is the best way to get this corrected to
upgrade Clam 0.67?
mail burtonmayer.com $ clamd -V
clamd / ClamAV version 0.65
It can't hurt anyway to upgrade to v0.67-1. Maybe try finding it with
'whereis sigtool' (or 'locate sigtool')
On Mon, 2004-03-01 at 14:04, Loren Salsgiver wrote:
> Set your thread timeout to zero. Setting this to any other value causes
> users with dialup connections to timeout while sending attachments, in
> addition my seg faults are gone. This is the best reason to do this,
> I've been running for
sigtool --list-sigs
Does not work on my install. Is the best way to get this corrected to
upgrade Clam 0.67?
mail burtonmayer.com $ clamd -V
clamd / ClamAV version 0.65
Thanks!
Joe Kletch
On Mar 1, 2004, at 7:43 AM, Kristof Hardy wrote:
sigtool --list-sigs
---
>>Norton AntiVirus removed the attachment: bill.zip.
>>The attachment was infected with the [EMAIL PROTECTED] virus.
>>
This seems to be common, can anyone help?
Loren
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and depl
Set your thread timeout to zero. Setting this to any other value causes
users with dialup connections to timeout while sending attachments, in
addition my seg faults are gone. This is the best reason to do this,
I've been running for 4 days now without a single crash, previoiusly I
was resta
Hi,
Clamd (v067-1) on our CGPro just reported:
Mon Mar 1 14:16:10 2004 -> /tmp/cgpavyuPWe6: Suspected.Zip FOUND
Now, I have searched the mailing list archives and did a "sigtool
--list-sigs | grep -i Suspected" but could not find this anywhere.
Any idea what this might be?
Ps, Bagle.A3 now als
On Monday 01 March 2004 1:23 pm, Adrian Gurbina (main) wrote:
> i allways run clamd with freshclam so i;m updated all the time i got some
> problem with a virus is : [EMAIL PROTECTED]
> is not reconised by clamscan
> I find it out using NAV/Symantec
> What shall i do?
Submit a sample of the virus
i allways run clamd with freshclam so i;m updated all the time i got some
problem with a virus is : [EMAIL PROTECTED]
is not reconised by clamscan
I find it out using NAV/Symantec
What shall i do?
---
SF.Net is sponsored by: Speed Start Your Li
Hi,
I'm running clamav 0.60 on Debian.
Can I 'cat' a file to clamdscan, or must it be a physical file on the disk?
Thanks for your time,
--Marc
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web service
On Mon, 2004-03-01 at 10:37, Philipp Grosswiler wrote:
> Hello Trog.
>
> > The libpthread thread manager seg faulted. I've never seen that happen
> > before. I guess that would be either a bug in libpthread or some very
> > bad memory corruption somewhere.
>
> Well, this happened about 2-3 tim
Jose Marcio Martins da Cruz schrieb:
Hello,
libclamav has three functions to scan an object : cl_scanbuff,
cl_scandesc and cl_scanfile. Only cl_scanbuff doesn't have the parameter
"options". What kind of objects are scanned by cl_scanbuff ?
Memory buffers. This needs no "options", as it is s
Hello,
libclamav has three functions to scan an object : cl_scanbuff,
cl_scandesc and cl_scanfile. Only cl_scanbuff doesn't have the parameter
"options". What kind of objects are scanned by cl_scanbuff ?
Thanks,
Jose-Marcio
--
---
Bill Taroli,
BT> Perhaps a silly question... if the .ZIP attachment is passworded, how
BT> are the target users supposed to be opening them and getting infected?
BT> Has the password been included in the email in which the .ZIP was attached?
Perhaps the password is in the message :
"Open my co
Hello Trog.
> The libpthread thread manager seg faulted. I've never seen that happen
> before. I guess that would be either a bug in libpthread or some very
> bad memory corruption somewhere.
Well, this happened about 2-3 times (before, I was not able to use gdb). But
I am using the current CV
On Mon, 1 Mar 2004, Ola Thoresen wrote:
> Mon, 01 Mar 2004 at 09:06 GMT "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote
>
>
> > Since the password is the same, hopefully it won't take virus db team
> > long to update the signature.
> > However what IF:
> >
> > - there's a new virus
> > - the vir
Bill Taroli wrote:
Perhaps a silly question... if the .ZIP attachment is passworded, how
are the target users supposed to be opening them and getting infected?
Has the password been included in the email in which the .ZIP was
attached?
No, silly me. I forgot to mention that the password is inc
Mon, 01 Mar 2004 at 09:06 GMT "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote
> Since the password is the same, hopefully it won't take virus db team
> long to update the signature.
> However what IF:
>
> - there's a new virus
> - the virus just passes known (detected) worm, in a zip file
> -
Perhaps a silly question... if the .ZIP attachment is passworded, how
are the target users supposed to be opening them and getting infected?
Has the password been included in the email in which the .ZIP was attached?
Fajar A. Nugraha wrote:
Fajar A. Nugraha wrote:
So far (I only have two diffe
> > Hi all at clamav-users:
> >
> > I am in the same situation as Jim, the only test failed is #17. Any
hints ?
> >
> > All mail scanned with clamdscan with ScanMail and ScanArchive active,
> > running Win32 Clamav-devel 20040219.
> >
> > Has this been corrected in last CVS ? I can send the specifi
Fajar A. Nugraha wrote:
So far (I only have two different samples now) the password is the
same : 31517.
Update : I just got another sample with different password (submission
number 1534).
Should I start blocking .zip files too?
Regards,
Fajar A. Nugraha
On Sun, 2004-02-29 at 17:55, Philipp Grosswiler wrote:
> OK, now I got something for you... but could be that the problem is already
> solved in the latest CVS version... just that the latest CVS is not working
> for me (see my earlier post about readdb()).
>
> (gdb) continue
> Continuing.
> [New
Hi,
Recently (starting 15.00 +07.00 GMT) our network is infected by yet
another mass-mailing worm.
I already submitted this worm as submission number 1530. ClamAv hasn't
detected it yet.
The thing is, after I manually unpack the zip file (which contains a
.scr), the .scr was recognized as Worm
Ignasi Prat schrieb:
On Friday 27 February 2004 10:27 pm, Bryce wrote:
Test # 17, 8, 5, 4, and 2 are making it through. I am using version
What can I do to prevent this?
Binhex was added in 0.67, so all binhex encoded e-mails will get through
unless you upgrade.
-Nigel
I guess that answers my que
> >>On Friday 27 February 2004 10:27 pm, Bryce wrote:
> >>
> >>
> >>>Test # 17, 8, 5, 4, and 2 are making it through. I am using version
.65.
> >>>What can I do to prevent this?
> >>>
> >>>
> >>
> >>Binhex was added in 0.67, so all binhex encoded e-mails will get through
> >>unless you upgrade.
> >
62 matches
Mail list logo
