On Thu, 04 Mar 2004 19:42:36 -0500
Tim B [EMAIL PROTECTED] wrote:
My most humble apologies. I accidentally sent a post I meant for
clamav-users to clamav-virusdb.
Don't worry - the virsdb@ list only accepts mails from the developers.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
On Thu, 04 Mar 2004 16:53:01 -0700
Shawn Michael [EMAIL PROTECTED] wrote:
I have looked far and wide for the answer to this (docs, comments in
source, and the list archives.) and so far I cannot find an answer.
The question is what kind of digital signature is used to verify the
That's a
On Thu, 04 Mar 2004 22:00:14 +0100
Frank Elsner [EMAIL PROTECTED] wrote:
Are you using the same log file for clamd and freshclam ?!
Yes.
That's a very bad idea.
Tell me why. Clamd and freshclam belong together so the logging of
both
should go to one file.
Two
On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote:
On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote:
Does this mean that 0.67 will now detect the the encrypted versions
regardless of password?
Yes.
But it's still usable only with full message scan?
--
Virgo Pärna
On Fri, 05 Mar 2004 08:40:25 +0100 Tomasz Kojm wrote:
On Thu, 04 Mar 2004 22:00:14 +0100
Frank Elsner [EMAIL PROTECTED] wrote:
Are you using the same log file for clamd and freshclam ?!
Yes.
That's a very bad idea.
Tell me why. Clamd and freshclam belong together so
On Fri, 2004-03-05 at 08:15, Virgo Pärna wrote:
On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote:
On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote:
Does this mean that 0.67 will now detect the the encrypted versions
regardless of password?
Yes.
But it's still
On Fri, 05 Mar 2004 08:38:48 +, Trog [EMAIL PROTECTED] wrote:
No, it'll match with just the encrypted zip file.
Right, disable-archive seems to do the magic...:)
--
Virgo Pärna
[EMAIL PROTECTED]
---
This SF.Net email is
Tomasz Kojm wrote:
Submission: n/a
Sender: Diego d'Ambra
Virus name: Worm.Bagle.Gen-zippwd
Notes: Generic signature to detect password-protected Bagle zip files
The signature matches encrypted zip files.
Does this mean you want submissions of encrypted zip archives if they
aren't getting caught?
On Fri, 2004-03-05 at 09:34, Franck wrote:
Tomasz Kojm wrote:
Submission: n/a
Sender: Diego d'Ambra
Virus name: Worm.Bagle.Gen-zippwd
Notes: Generic signature to detect password-protected Bagle zip files
The signature matches encrypted zip files.
Does this mean you want submissions
On Fri, 2004-03-05 at 09:34, Franck wrote:
Does this mean you want submissions of encrypted zip archives if they
aren't getting caught?
'Cause I'm getting hit by what Symantec identifies as Bagle.J in
encrypted archives that have slipped by Clam even with the newest
updates.
The message you
On Fri, 2004-03-05 at 01:15, Doug Hardie wrote:
I just uncommented the thread timeout the last time I restarted clamd
a couple minutes ago so I don't know what effect that will have.
ThreadTimeout isn't used in the current CVS version.
Here is some more information: After running with
Hi there,
I'm trying to get the clamav-milter to work with sendmail. I've made all
the required changes to the sendmail.cf file, but when I try to restart
sendmail, I get the error:
sendmail: WARNING: Xclmilter'': local socket name
/var/clamav/clmilter.sock' missing.
I've verified, and
There is problem with scanning attachment with milter
all message with attachment for clam are infected:
contained a virus and has not been delivered.
stream: (null) FOUND
mails without attachmets are ok ... :(
ClamAV version 0.65', clamav-milter version '0.60p under FreeBSD
I tried to follow the instructions at
http://www.mail-archive.com/clamav-users%40lists.sourceforge.net/
msg04589.html to install ClamAV.
When trying to 'make' GMP, I get the following error.
libtool: unrecognized option `--tag=CC'
and GMP fails to install. I have a feeling this problem is
On Friday 05 Mar 2004 11:14 am, Michael Eglit wrote:
There is problem with scanning attachment with milter
ClamAV version 0.65', clamav-milter version '0.60p under FreeBSD 4.9-STABLE
0.60p is old, what happens when you try an up to date version of the software?
-Nigel
--
Nigel Horne.
There was a problem with latest version - memory allocation problem ...
and I install latest version from FreeBSD ports
Nigel Horne wrote:
On Friday 05 Mar 2004 11:14 am, Michael Eglit wrote:
There is problem with scanning attachment with milter
ClamAV
On Fri, 05 Mar 2004 13:14:12 +0200
Michael Eglit [EMAIL PROTECTED] wrote:
There is problem with scanning attachment with milter
all message with attachment for clam are infected:
contained a virus and has not been delivered.
stream: (null) FOUND
mails without attachmets are
On Fri, 05 Mar 2004 09:34:55 +0100
Frank Elsner [EMAIL PROTECTED] wrote:
ACK. So I repeat my request for syslog logging support for freshclam.
OK, request accepted :-)
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
Trog wrote:
The message you just sent me got stopped:
VIRUS ALERT: Worm.Bagle.Gen-zippwd
Right. I'll be upgrading then :o)
Thanks for your time.
--
Regards
/Franck
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial
probably yes... but after restarting now it's working good
waiting for new "trouble"
Tomasz Kojm wrote:
On Fri, 05 Mar 2004 13:14:12 +0200
Michael Eglit [EMAIL PROTECTED] wrote:
There is problem with scanning attachment with milter
all message with attachment for clam
I'm trying to install ClamAV on my Fedora Core 1 server. I used yum to
install from the FC repository. It installed version 0.65. I noticed that
on the clamav site that the current release is 0.67 and I found reference to
Petr Kristof's repository (crash.fce.vutbr.cz) and I added that to my
We've been having some trouble with 0.67 crashing. I believe it has to
do with a mail loop created between hotmail and a forwarded local user
account.
Right before the crash all memory will be used. Before we started using
ulimits we would get:
Mar 4 14:34:33 minos kernel: Out of Memory: Killed
Henry Hartley wrote:
I'm trying to install ClamAV on my Fedora Core 1 server. I used yum to
install from the FC repository. It installed version 0.65. I noticed that
on the clamav site that the current release is 0.67 and I found reference to
Petr Kristof's repository (crash.fce.vutbr.cz) and
Can I set clam to scan incoming mail messages?
I use a clarkconnect 2.1 (redhat9) based firewall /gateway for a dsl modem.
It is not a mail server, jsut want to set clam to scan for
clients who use the gateway to access mail servers on pop or smtop
kevin
On Fri, Mar 05, 2004 at 08:38:48AM +, Trog wrote:
| On Fri, 2004-03-05 at 08:15, Virgo Prna wrote:
| On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote:
| On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote:
|
| Does this mean that 0.67 will now detect the the encrypted versions
|
Hello.
I run Clam AV on RedHat 6.2.
Some time after (about one hour) running clamav-milter is stop scanning with error:
2004-03-05 17:50:51 clamav-milter[24815]: clamfi_envfrom:
2004-03-05 17:50:51 clamav-milter[24812]: clamfi_envfrom:
2004-03-05 17:50:52
How do I tell if I have sendmail-devel installed. the clamav milter tells
me to ensure that it is there. I know I am using sendmail 8.12.5 but how do
I know if its devel? which sendmail and which sendmail-devel show nothing.
Eric
---
This
I'm also having the problem that Ron Snyder reported yesterday,
where clamscan will mark a file as OK, but if I extract the
attachment (just by base64-decoding it, NOT by unzipping it too),
then clamscan properly recognizes the virus (in this case, SCO.A).
Actually clamscan seems to be having this
If you are on an rpm based system (Mandrake, Fedora, etc), use:
# rpm -qa | grep -i sendmail
and look for a sendmail-devel package. If it's not there, you need to find
one that matches your version of sendmail. If sendmail came with your linux
distribution (assuming you are using linux) then
On Fri, 05 Mar 2004 at 10:57:12 -0800, Dominic Mazzoni wrote:
I'm also having the problem that Ron Snyder reported yesterday,
Ron's problem regarded milter if I saw correctly, so it may be something
diferent. Anyway...
where clamscan will mark a file as OK, but if I extract the
attachment
Tomasz Papszun wrote:
On Fri, 05 Mar 2004 at 9:26:31 -0800, Kevin BRown wrote:
jsut want to set clam to scan for
clients who use the gateway to access mail servers on pop or smtop
kevin
If by gateway you mean clients setting their gateway IP address to
your server/firewall, then
the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John
Vestrum
Sent: Friday, March 05, 2004 2:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] sendmail devel?
SNIP
soapbox On the other hand, remove sendmail and install Postfix instead.
Hi,
I'm testing clamd from CVS as of 2004-03-04
under Solaris 7 on Sparc with the following
basic config:
# clamav.conf
LogFile /var/adm/clamav/clamd.log
LogFileMaxSize 10M
LogTime
PidFile /var/adm/clamav/clamd.pid
TCPSocket 3310
TCPAddr 127.0.0.1
StreamSaveToDisk
StreamMaxLength 30M
MaxThreads
On Friday 05 March 2004 7:54 pm, Jim Maul wrote:
soapbox On the other hand, remove sendmail and install Postfix instead.
Or qmail. Both are more secure than sendmail.
Is this still true? I know sendmail had a bad history of security problems
in its early days (but then again it has been
This could end up being a long drawn out battle. I personally prefer
sendmail to any other MTA and have no security issues with it. Like any
other piece of software you install it must be maintained.
Sendmail offers everything I need in the virtual hosting environment that I
offer customers.
On Fri, 05 Mar 2004 at 10:57:12 -0800, Dominic Mazzoni wrote:
I'm also having the problem that Ron Snyder reported yesterday,
Ron's problem regarded milter if I saw correctly, so it may
be something
diferent. Anyway...
I thought it was milter related, but now I'm not sure. It may just be
Hi,
I run clamav on some higher-volume mail servers (scanning
a couple hundred thousand emails a day.) Let me begin by
saying that I've been very impressed at the quality of clamav;
it's fast and integrates well with amavisd-new. Updates seem
to be done well, and it compares favorably with the
It really depends on your distro. I'm going to presume you have Redhat or
similar flavor installed. If so you can do rpm -qa|grep sendmail and see if
sendmail dev is installed.
Carl
- Original Message -
From: Eric [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 05, 2004
On Friday 05 March 2004 8:22 pm, redragon wrote:
This could end up being a long drawn out battle.
That is not what I intended to start when I posted my question, and I hope it
doesn't happen.
I personally prefer
sendmail to any other MTA and have no security issues with it. Like any
other
On Fri, 5 Mar 2004, Antony Stone wrote:
On Friday 05 March 2004 7:54 pm, Jim Maul wrote:
soapbox On the other hand, remove sendmail and install Postfix instead.
Or qmail. Both are more secure than sendmail.
Is this still true? I know sendmail had a bad history of security problems
what pop3 is good for multiple domains? instead of qpopper
soapbox On the other hand, remove sendmail and install Postfix
instead.
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel
Antony Stone wrote:
On Friday 05 March 2004 7:54 pm, Jim Maul wrote:
soapbox On the other hand, remove sendmail and install Postfix instead.
Or qmail. Both are more secure than sendmail.
Is this still true? I know sendmail had a bad history of security problems
in its early
On Friday 05 March 2004 8:42 pm, Eric wrote:
what pop3 is good for multiple domains? instead of qpopper
Why does multiple or single domains matter to the POP3 server?
Handling domains is up to the receiving MTA - POP3 just deals with local
mailboxes.
(Or am I missing something about how
If you already have sendmail configured and working, why switch? I
agree that sendmail has had it's share of security holes, but in that
respect, it's like the Windows of MTAs: It was so widely used, it was
picked apart. I believe this made it stronger. I don't believe there is
any more
Ryan Moore wrote:
Dominic Mazzoni wrote:
I'm also having the problem that Ron Snyder reported yesterday,
where clamscan will mark a file as OK, but if I extract the
attachment (just by base64-decoding it, NOT by unzipping it too),
then clamscan properly recognizes the virus (in this case, SCO.A).
Why does multiple or single domains matter to the POP3 server?
The only thing I can imagine off the top of my head is user accounts -- if
you have [EMAIL PROTECTED] and [EMAIL PROTECTED], you need to make sure that
your POP3 server doesn't think they both necessarily use the same mailbox
b/c
I was missing some virus's until I upgraded from .65 to .67.
Bounce back zipped virus's were slipping by.
Dominic Mazzoni said:
Ryan Moore wrote:
Dominic Mazzoni wrote:
I'm also having the problem that Ron Snyder reported yesterday,
where clamscan will mark a file as OK, but if I extract the
Agreed, about 99% of it is preference and knowledge of what you use.
Postfix, exim (3 and 4), and sendmail all natively provide auth smtp and tls
as well as most any other feature the average admin uses.
Carl
- Original Message -
From: John Jolet [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
On Fri, 5 Mar 2004 16:54:12 -0300
Everton da Silva Marques [EMAIL PROTECTED] wrote:
Is ScanMail known to be unstable?
Yes, it is. It's very hard to parse all that broken messages.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\.
On Fri, 05 Mar 2004 at 12:49:45 -0800, Dominic Mazzoni wrote:
Ryan Moore wrote:
Try running 'clamscan --mbox email'
Oops, I didn't realize that.
Same problem:
clamscan --mbox email
email: OK
If it's with the current CVS version, you can submit a sample via our
submission WWW
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Antony
Stone
Sent: Friday, March 05, 2004 3:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] sendmail devel?
On Friday 05 March 2004 8:22 pm, redragon wrote:
This could end up being a long
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jeff
Ramsey
Sent: Friday, March 05, 2004 3:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] sendmail devel?
And while we're digging up old hatchets that have been buried long ago,
I use vi
uvscan is detecting zipped/passworded bagle zip's as
Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this?
-Eric
On Wed, 3 Mar 2004, Lucas Albers wrote:
Tomasz Papszun said:
WE ASK USERS TO NOT SUBMIT naked zip files IF their contents is DETECTED
as infected by ClamAV AFTER
Hello.
I need to correct reply form clamav-milter. I make
some overpatching and... And I get inoperative programm.
I add some debug messages to different functions and I
see what clamfi_envfrom called in unexpected time:
Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: centurion
Mar 6
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Hanford,
Seth
Sent: Friday, March 05, 2004 3:57 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] sendmail devel?
Why does multiple or single domains matter to the POP3 server?
The only thing I
On Fri, 2004-03-05 at 13:18, Sergey wrote:
Hello.
I run Clam AV on RedHat 6.2.
Some time after (about one hour) running clamav-milter is stop scanning with error:
For restore work I need to restart clamd and clamav-milter...
Have you any idea ?
What is important is how many file
Try running 'clamscan --mbox email'
Actually I should note that this almost completely fixes my
problem. Now it's catching 99% of my viruses. The only
question now is why it still misses 1 or 2 of them when
the virus is found when base64-decoding the attachment and
scanning that.
Thanks,
Dominic
On Friday 05 Mar 2004 6:18 pm, Sergey wrote:
For restore work I need to restart clamd and clamav-milter...
Have you any idea ?
Not unless you let us know the version of clamav-milter (clamav-milter --version)
and clamd and whether you can reproduce with the latest version from CVS.
-Nigel
--
Some pop3 services work of the system accounts (/etc/passwd) while others
are database driven and use a seperate system. The only thing you need to
make sure is that the pop3 system your using works on the same level that
your MTA does. qpopper, courier, ipop all seem to work off system user
On Friday 05 Mar 2004 9:47 pm, Dominic Mazzoni wrote:
Try running 'clamscan --mbox email'
Actually I should note that this almost completely fixes my
problem. Now it's catching 99% of my viruses. The only
question now is why it still misses 1 or 2 of them when
the virus is found when
On Fri, 5 Mar 2004 13:31:35 -0800 (PST)
[EMAIL PROTECTED] wrote:
uvscan is detecting zipped/passworded bagle zip's as
Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this?
Please don't top post.
That's not your uvscan but ClamAV detecting the worm.
--
oo.
Hi,
Is clamav catching this latest worm that has a password
protected zip file?
I've seen a bunch of these come through and it doesn't seem
like clamdscan has caught it. I don't have one of these
messages around to manually test it.
Thanks
Ricardo
Some pop3 services work of the system accounts (/etc/passwd) while
others
are database driven and use a seperate system. The only thing you need
to
make sure is that the pop3 system your using works on the same level that
your MTA does. qpopper, courier, ipop all seem to work off system
my apologies, it was almost 5pm on a friday and for some reason i asked if
sendmail supports maildirs. musta been a brain fart cause obviously thats
not the mta's job. Feel free to point and laugh.
Thanks
Jim
---
This SF.Net email is
El vie, 05-03-2004 a las 12:20, Eric escribió:
How do I tell if I have sendmail-devel installed. the clamav milter tells
me to ensure that it is there. I know I am using sendmail 8.12.5 but how do
I know if its devel? which sendmail and which sendmail-devel show nothing.
Eric
Hello:
If
On Fri, 5 Mar 2004 14:37:18 -0800 (PST)
ricardo [EMAIL PROTECTED] wrote:
Hi,
Is clamav catching this latest worm that has a password
protected zip file?
Yes, it is.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
On Mar 5, 2004, at 02:41, Trog wrote:
On Fri, 2004-03-05 at 01:15, Doug Hardie wrote:
I just uncommented the thread timeout the last time I restarted clamd
a couple minutes ago so I don't know what effect that will have.
ThreadTimeout isn't used in the current CVS version.
Here is some more
Hello,
I'm looking at implementing clamav for a somewhat large userbase. Due to
that, I need to run multiple clamds on seperate machines so as not to eat
all the resources on the main mail server. Think spamd/spamc...
From what I can tell, the client included with clamav does not allow for
To cheer everyone up (virus can be so depressing sometimes)
*points at Jim and laughs*
Carl
- Original Message -
From: Jim Maul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 05, 2004 4:44 PM
Subject: [Clamav-users] duh, ignore my last question
my apologies, it was
Jim Maul wrote:
my apologies, it was almost 5pm on a friday and for some reason i asked if
sendmail supports maildirs. musta been a brain fart cause obviously thats
not the mta's job. Feel free to point and laugh.
Thanks
Jim
Since we're sharing, I recently spent an hour trying to figure out why
On Friday 05 March 2004 09:30 pm, Starbane wrote:
Jim Maul wrote:
my apologies, it was almost 5pm on a friday and for some reason i asked
if sendmail supports maildirs. musta been a brain fart cause obviously
thats not the mta's job. Feel free to point and laugh.
Thanks
Jim
Since
On Saturday 06 March 2004 02:08, Nigel Horne wrote:
For restore work I need to restart clamd and clamav-milter...
Have you any idea ?
Not unless you let us know the version of clamav-milter (clamav-milter --version)
and clamd and whether you can reproduce with the latest version from CVS.
72 matches
Mail list logo