Kevin Spicer wrote:
>
> they have to follow each other fffe denotes the start of a jpeg comment
> field and the following two bytes indicate its length. The exploit is
> to specify a length of zero or one byte. Inside a jpeg file the
> sequence fffe _always_ indicates the start of a comment, th
On Sat, 2004-09-18 at 06:25, Matt wrote:
> One last question, do the fffe 000(0|1) bytes
> always have to follow each other for this exploit, or is this just a pure
> example of the possibility of this exploit?
they have to follow each other fffe denotes the start of a jpeg comment
field and the f
* Sandeep Agarwal <[EMAIL PROTECTED]>:
> hello list,
>
> I have recently installed ClamAV on my Linux box, it
> is working fine, but when i tested my mail server
> against virus attach (http://www.testvirus.org/), it
> successfully blocked 21 out 25 different ways of
> sending virus which indeed i
On Sat, Sep 18, 2004 at 07:13:53PM +1000, Robert S said:
> Stephen,
>
> Just one small problem - I got an "error state" message when I rebooted my
> machine and logcheck sent a message to root immediately after reboot. I
> think that the init scripts need to be in the correct order to avoid this.
On Saturday 18 Sep 2004 13:24, Sandeep Agarwal wrote:
> hello list,
>
> I have recently installed ClamAV on my Linux box, it
> is working fine, but when i tested my mail server
> against virus attach (http://www.testvirus.org/), it
> successfully blocked 21 out 25 different ways of
> sending virus
hello list,
I have recently installed ClamAV on my Linux box, it
is working fine, but when i tested my mail server
against virus attach (http://www.testvirus.org/), it
successfully blocked 21 out 25 different ways of
sending virus which indeed is a good result, but was
unable to block test number
im using qmail, is it possible to put clamav on a separate box or it
just complicate things. Anyone care to provide links / howto on how i
go about it. Thanks.
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins
> 0xFFFE is the comment Marker in a JPEG. So it's not that bad to
> detect. It ist followed by the length field. With is where the
> Problem occures. So you have to detect the following sequence from
> the beginning of the JPEG.
>
> ffd8 <- SoI marker
> ffe0 <- APP0 marker
> 0010 <- lenght of APP0
Trog wrote:
You can limit the number of concurrent threads, and hence memory by
using the MaxThreads directive. That also limits the number of
concurrent scans.
I did. MaxThreads 32
This clamd has been running for 7 hours, on a not-so-busy maliserver.
PID USERNAME LWP PRI NICE SIZE RES STATE
Also make sure you have FixStaleSocket set in clamav.conf - it should be
by default. Let me know if you have problems after doing this - I don't
run it that wat myself, all the work was done for someone who did want
to run it under daemon. Since I haven't gotten a bug report from them
recently, I
10 matches
Mail list logo
