I have a a jpeg file, i tried to scan by clamdscan,
it said exploit jpeg found, whereas clamscan said it is clean.
I tried to scan by Norton and Macafee, all said it
is clean.
result are as below.
[EMAIL PROTECTED] /home/chiahow/test]#
clamdscan/home/chiahow/test/WNKNOT4793_MP_xxx.jpg:
Hello,
I'm seeing from yesterday that the windows version (devel-20041205) of
the clam scanner doesn't like very much the last daily.cvd file. I don't
read any report, I just see it not responding :? Any clue about this?
--
Regards,
Julio Canto
Hispasec Sistemas
http://www.hispasec.com
Thanks for all those who sent sample files to [EMAIL PROTECTED] after
receiving this warning:
LibClamAV Warning: Unsupported multipart format `knowbot' - report to
[EMAIL PROTECTED]
This has been address in the development release and will be in 0.81.
We don't need any further samples. You can
On Wed, 2004-12-15 at 14:35 +0100, R Jansen wrote:
Hi All,
On a FreeBSD 4.10 server I'm running:
ClamAV devel-20041215/630/Tue Dec 14 23:26:33 2004
ClamAV version devel-20041215, clamav-milter version 0.80t
Which is built from the devel-port: clamav-devel-20041201.tar.gz
Lately
Hi
Does someone know how to contact Stephen Gran, the debian package
maintainer for clamav?
There has been a bugfix recently, which prevents seg-fauls by simple mails.
I'd like to ask, when this will be included in the debian-sarge
distribution, and how I could help.
Regards,
Steffen
I am trying to install clamav-0.80 on Redhat Linux 9,
sendmail 8.13.
I am following installation as per docs on web site.
using
###
bzip2-devel-1.0.2-8.i386.rpm clamav-0.80.tar.gz
sendmail-devel-8.12.8-9.90.i386.rpm
##
as suggested in the list.
compiling with
./configure
On Wed, 2004-12-15 at 13:57, ads nat wrote:
I tried to locate /var/run/clamd.sock. it is not
present. But I ckecked that in /etc/clamd.conf.
Any clue appreciated for going ahead.
Check the clamd log file (enable logging in clamd.conf if you haven't),
I suspect clamd isn't starting for some
On Wed, 2004-12-15 at 05:57 -0800, ads nat wrote:
I am trying to install clamav-0.80 on Redhat Linux 9,
sendmail 8.13.
I am following installation as per docs on web site.
using
###
bzip2-devel-1.0.2-8.i386.rpm clamav-0.80.tar.gz
sendmail-devel-8.12.8-9.90.i386.rpm
Hey folks,
I'm working on a new server, and things are running beautifully. I
did, however, notice something I thought was a little odd...
I wrote a pair of shell scripts that will email me an alert when
freshclam updates the database successfully, and also if it fails. I
tested, and it
On Wed, 2004-12-15 at 14:52, ads nat wrote:
[EMAIL PROTECTED] clamav-0.80]# clamdscan -l scan.txt
clamav-0.80
How is clamd, running as user clamav, supposed to access the directory
clamav-0.80 when it is owned by root?
clamd can only scan files the user it is running as has read permissions
On Wed, 2004-12-15 at 15:09, ads nat wrote:
still getting some Access problem.
##
[EMAIL PROTECTED] clamav-0.80]# clamdscan -l scan.txt test
/root/clamav-0.80/test: Access denied. ERROR
/root/clamav-0.80/test: OK
Let me try a different approach:
don't scan files under the /root
--- Nigel Horne [EMAIL PROTECTED] wrote:
On Wednesday 15 Dec 2004 14:28, ads nat wrote:
--- Nigel Horne [EMAIL PROTECTED] wrote:
The clues are all in these 2 lines.
Wed Dec 15 19:40:34 2004 - Running as user
clamav
(UID 501, GID 501)
Wed Dec 15 19:40:35 2004 - ERROR:
Hello
I read that clamav it detecting phishing mails too
(which is, IMOH, a great feature not a fault).
Now o wonder if would someone be so kind and give me a hint how to use
clamav (togehter with squid?) to scan http-streams?
Does this make sense at all?
(Meaning: will clamav detect bad
to increase the timeout setting in the Xclmilter line of
your sendmail.cf file.
you may also need to change the values of MaxConnectionQueueLength,
ReadTimeout and MaxThreads in your clamd.conf file.
tayfun
R Jansen wrote:
Hi All,
On a FreeBSD 4.10 server I'm running:
ClamAV devel-20041215/630/Tue Dec
On Wed, 15 Dec 2004 14:07:30 + in [EMAIL PROTECTED] Nigel
Horne [EMAIL PROTECTED] wrote:
Any clue appreciated for going ahead.
!?
What is your User directive in clamd.conf?
It's likely to be a user which (correctly) doesn't have write
permission on /var/run.
Do this:
mkdir
--- Trog [EMAIL PROTECTED] wrote:
On Wed, 2004-12-15 at 15:09, ads nat wrote:
still getting some Access problem.
##
[EMAIL PROTECTED] clamav-0.80]# clamdscan -l scan.txt
test
/root/clamav-0.80/test: Access denied. ERROR
/root/clamav-0.80/test: OK
Let me try a
O.K. sorry for doing something wrong.
I agree, i am new to clamav so confusion in
understanding permissions.
As directed I am trying to scan directory having user
clamav. In clamd.conf User clamav is set.
drwxr-xr-x3 clamav clamav 4096 Dec 15
21:27 test
I don't know why it gives
--- Ralph Angenendt [EMAIL PROTECTED] wrote:
ads nat wrote:
--- Ralph Angenendt [EMAIL PROTECTED]
wrote:
ads nat wrote:
/root/clamav-0.80/test: Access denied. ERROR
Please guide.
Again: DON'T SCAN ANYTHING UNDER /root/ - USER
CLAMAV *CANNOT* GO THERE.
Please
ads nat wrote:
ads nat wrote:
/root/clamav-0.80/test: Access denied. ERROR
Please guide.
In this situation can you please guide me which
directory I should check with clamdscan?
Bad question.
clamdscan (note the d in the middle) just gives instructions
to the background process clamd to scan this
Hi
I came across a .eml file once again, that causes a segfault in clamd.
However, since I had that issue a few days ago and the clamav team corrected
that bug aleady, I did not post a bug report.
However, since about a week, my mail servers are configured NOT to use
ScanMail.
If I use clamscan
[EMAIL PROTECTED](aCaB) 15.12.04 16:12
http://www.clamav.net/3rdparty.html
Thanks.
In the really meanwhile long long linear list of mail scanners
I only see the (non GPLed) DansGuardian Anti-Virus Patch.
Do you mean that?
AFAIK is DansGuardian payware except for private use.
And there is
ads nat wrote:
--- Ralph Angenendt [EMAIL PROTECTED] wrote:
ads nat wrote:
--- Ralph Angenendt [EMAIL PROTECTED]
wrote:
ads nat wrote:
/root/clamav-0.80/test: Access denied. ERROR
Please guide.
Again: DON'T SCAN ANYTHING UNDER /root/ - USER
CLAMAV *CANNOT* GO THERE.
Please read up on users,
At 08:32 AM 12/15/2004, you wrote:
I do not understand that, since I have ScanMail option DISABLED in
clamd.conf
i have a question in this regard, as it's bugged me for a while (ever since
my qmail-scanner debug logs indicated that clamd no longer accepts
arguments on the command line, but
[EMAIL PROTECTED] wrote:
At 08:32 AM 12/15/2004, you wrote:
I do not understand that, since I have ScanMail option DISABLED in
clamd.conf
i have a question in this regard, as it's bugged me for a while (ever
since my qmail-scanner debug logs indicated that clamd no longer accepts
arguments on
The scan results below are false positivesfor Exploit.IFrame.Gen.
I ran a Clamav scan inside the Windows 2000 Vmware machine and it came back clean --zero viruses-- whereas the external scan (of the vmdk file) detected the virus! The other Vmware machines (see below) that came back with
On Wed, 15 Dec 2004 09:08:51 -0800 in
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
so, if the default is enabled, and #ScanMail is commented out in the
default file, how do you disable it?
man clamscan will reveal all.
--
Brian Morrison
bdm at fenrir dot org dot uk
GnuPG key ID
Steffen Heil wrote:
Hi
Maybe I am wrong, but I always assumes, the option to be DIABLED, if the
directive is commented out (or missing at all) and only ENABLED, if the
directive is there (and uncommented).
However, if I am wrong on this, this would explain my problems. But then,
what to do folks?
Hi
I ran a Clamav scan inside the Windows 2000 Vmware machine and it came
back clean --zero viruses-- whereas the external scan (of the vmdk file)
detected the virus!
This does not tell you, that the is no virus fragment left in unallocated
slack space in the virtual file system.
If the virus
Hi
so, if the default is enabled, and #ScanMail is commented out in the
default file, how do you disable it?
man clamscan will reveal all.
No.
We ARE NOT talking about clamscan, we are talking about clamd/clamdscan.
Come on guys, ...
Regards,
Steffen
smime.p7s
Description: S/MIME
There is Safesquid and SquidClamAV_Redirector. (scavr)
I use scavr with squid for a school district with great success. Neither
Dansguardian or Safesquid can handle very heavy loads in my experience.
--
Russel Oliver
[EMAIL PROTECTED]
http://www.techsane.com
At 11:44 AM 12/9/2004, Paul Theodoropoulos wrote:
0.75.1 was built on freebsd 5.2, gcc 3.3.3, and ran for months with never
a hint of unhappiness. no crashes that i ever recall happening.
0.80 was built on freebsd 5.2, gcc 3.3.3, five days ago, and crashes many
times a day.
i'm still having
Steffen Heil schrieb:
Hi
Maybe I am wrong, but I always assumes, the option to be DIABLED, if the
directive is commented out (or missing at all) and only ENABLED, if the
directive is there (and uncommented).
However, if I am wrong on this, this would explain my problems. But then,
what to do
On December 15, 2004 08:57 am, Rainer Zocholl wrote:
In the really meanwhile long long linear list of mail scanners
I only see the (non GPLed) DansGuardian Anti-Virus Patch.
Do you mean that?
AFAIK is DansGuardian payware except for private use.
Please do at least the bare minimum research
At 09:16 AM 12/15/2004, you wrote:
How to disable default enabled options was explained on this list a
while back. I think it was posted by tomasz but i dont remember what the
answer was. Sorry.
thanks. i would submit that something as fundamental and important as how
to disable non-argument
At 09:39 AM 12/15/2004, you wrote:
At 09:16 AM 12/15/2004, you wrote:
How to disable default enabled options was explained on this list a
while back. I think it was posted by tomasz but i dont remember what the
answer was. Sorry.
thanks. i would submit that something as fundamental and
On Wed, 2004-12-15 at 09:31 -0800, [EMAIL PROTECTED] wrote:
At 11:44 AM 12/9/2004, Paul Theodoropoulos wrote:
0.75.1 was built on freebsd 5.2, gcc 3.3.3, and ran for months with never
a hint of unhappiness. no crashes that i ever recall happening.
0.80 was built on freebsd 5.2, gcc 3.3.3,
Brian Morrison wrote:
On Wed, 15 Dec 2004 09:08:51 -0800 in
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
so, if the default is enabled, and #ScanMail is commented out in the
default file, how do you disable it?
man clamscan will reveal all.
I fail to see how man clamscan will show anything
Freddie Cash wrote:
you're definition of heavy load.
As stated in my post in my experience.
For the record, we have four schools with a total of about 1700
computers accessing one proxy server across our wan. The server is a
Dell 2650 quad 2 GHz with a gig of ram. We are supposed to get new
Good point. I think I'm going to exclude .vmdk files and rely on scans inside the virtual machines.
From: "Steffen Heil" [EMAIL PROTECTED]
Reply-To: ClamAV users ML [EMAIL PROTECTED]
To: "'ClamAV users ML'" [EMAIL PROTECTED]
Subject: AW: AW: [Clamav-users] VMWARE and False positives?
Date: Wed,
On Wed, 15 Dec 2004 14:22:52 -0500 in [EMAIL PROTECTED] Jim Maul
[EMAIL PROTECTED] wrote:
Just for the record, I guess i do need glasses. Its right there in
man clamdscan.
And for the record I managed to get confused about clamscan/clamdscan
too. It's only one letter I know, but it's
On Wed, Dec 15, 2004 at 09:39:14PM +0100, Steffen Heil said:
Hi
Which bug in particular? Do you want to open a bug in the BTS about it,
so you are notified when a new version is uploaded that closes it? I may be
misremebering, but I don't remember the segfault in question.
This one:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of C. Bensend
Sent: Wednesday, December 15, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] How does freshclam execute OnUpdateExecute
program?
Hey folks,
I'm working on a new server,
This is the way I do it:
OnUpdateExecute BASH_ENV=~clamav/.bashrc HOME=~clamav
/usr/local/bin/propagate_bd_clamav.sh | mail [EMAIL PROTECTED] -s Freshclam
update $HOSTNAME
OnErrorExecute tail /var/log/clamav/freshclam.log | mail [EMAIL PROTECTED] -s
Freshclam error $HOSTNAME
On Wed, 2004-12-15 at 08:18, Ng Chia How wrote:
I have a a jpeg file, i tried to scan by clamdscan, it said exploit
jpeg found, whereas clamscan said it is clean.
I tried to scan by Norton and Macafee, all said it is clean.
result are as below.
As you've already been informed after you
Yeah, thank you very much.
I just need to kill clamd and restart it, and it just works.
On Wed, 2004-12-15 at 08:18, Ng Chia How wrote:
I have a a jpeg file, i tried to scan by clamdscan, it said exploit
jpeg found, whereas clamscan said it is clean.
I tried to scan by Norton and Macafee, all
On Wed, 2004-12-15 at 13:46 +, Nigel Horne wrote:
On Wed, 2004-12-15 at 14:35 +0100, R Jansen wrote:
Hi All,
On a FreeBSD 4.10 server I'm running:
ClamAV devel-20041215/630/Tue Dec 14 23:26:33 2004
ClamAV version devel-20041215, clamav-milter version 0.80t
Which is built from
On Wed, Dec 15, 2004 at 02:44:42PM +0100, Steffen Heil wrote:
Hi
Does someone know how to contact Stephen Gran, the debian package
maintainer for clamav?
Maintainer: Stephen Gran [EMAIL PROTECTED]
Bye,
gc :-)
___
--- Trog [EMAIL PROTECTED] wrote:
On Wed, 2004-12-15 at 13:57, ads nat wrote:
I tried to locate /var/run/clamd.sock. it is not
present. But I ckecked that in /etc/clamd.conf.
Any clue appreciated for going ahead.
Check the clamd log file (enable logging in
clamd.conf if you
--- Nigel Horne [EMAIL PROTECTED] wrote:
The clues are all in these 2 lines.
Wed Dec 15 19:40:34 2004 - Running as user clamav
(UID 501, GID 501)
Wed Dec 15 19:40:35 2004 - ERROR: Socket file
/var/run/clamd.sock could not be bound: Permission
denied
--- Trog [EMAIL PROTECTED] wrote:
On Wed, 2004-12-15 at 14:52, ads nat wrote:
[EMAIL PROTECTED] clamav-0.80]# clamdscan -l scan.txt
clamav-0.80
How is clamd, running as user clamav, supposed to
access the directory
clamav-0.80 when it is owned by root?
clamd can only scan files
ads nat wrote:
--- Trog [EMAIL PROTECTED] wrote:
On Wed, 2004-12-15 at 15:09, ads nat wrote:
still getting some Access problem.
##
[EMAIL PROTECTED] clamav-0.80]# clamdscan -l scan.txt
test
/root/clamav-0.80/test: Access denied. ERROR
/root/clamav-0.80/test: OK
Let me try a different
--- Ralph Angenendt [EMAIL PROTECTED] wrote:
ads nat wrote:
/root/clamav-0.80/test: Access denied. ERROR
Please guide.
Again: DON'T SCAN ANYTHING UNDER /root/ - USER
CLAMAV *CANNOT* GO THERE.
Please read up on users, groups and file
permissions.
Ralph
ATTACHMENT part 1.2
ads nat wrote:
--- Ralph Angenendt [EMAIL PROTECTED] wrote:
ads nat wrote:
/root/clamav-0.80/test: Access denied. ERROR
Please guide.
Again: DON'T SCAN ANYTHING UNDER /root/ - USER
CLAMAV *CANNOT* GO THERE.
Please read up on users, groups and file
permissions.
In this
Thanks friends.
great help.
__
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
ads nat wrote:
/root/clamav-0.80/test: Access denied. ERROR
Please guide.
Again: DON'T SCAN ANYTHING UNDER /root/ - USER CLAMAV *CANNOT* GO THERE.
Please read up on users, groups and file permissions.
Ralph
pgpng73VI7LPq.pgp
Description: PGP signature
Steffen Heil schrieb:
Hi
I came across a .eml file once again, that causes a segfault in clamd.
However, since I had that issue a few days ago and the clamav team corrected
that bug aleady, I did not post a bug report.
However, since about a week, my mail servers are configured NOT to use
On Wed, Dec 15, 2004 at 05:32:58PM +0100, Steffen Heil wrote:
Hi
Maintainer: Stephen Gran [EMAIL PROTECTED]
How did you get that?
apt-cache showpkg clamav did not show something like this for me...
---
[EMAIL PROTECTED]:~$ apt-cache show clamav
Package: clamav
Priority: optional
Section:
--- Trog [EMAIL PROTECTED] wrote:
On Wed, 2004-12-15 at 15:09, ads nat wrote:
still getting some Access problem.
##
[EMAIL PROTECTED] clamav-0.80]# clamdscan -l scan.txt
test
/root/clamav-0.80/test: Access denied. ERROR
/root/clamav-0.80/test: OK
Let me try a
Jim Maul wrote:
Brian Morrison wrote:
On Wed, 15 Dec 2004 09:08:51 -0800 in
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
so, if the default is enabled, and #ScanMail is commented out in the
default file, how do you disable it?
man clamscan will reveal all.
I fail to see how man clamscan will
On Wed, Dec 15, 2004 at 02:44:42PM +0100, Steffen Heil said:
Hi
Does someone know how to contact Stephen Gran, the debian package
maintainer for clamav?
There has been a bugfix recently, which prevents seg-fauls by simple mails.
I'd like to ask, when this will be included in the
Hi
Which bug in particular? Do you want to open a bug in the BTS about it,
so you are notified when a new version is uploaded that closes it? I may be
misremebering, but I don't remember the segfault in question.
This one:
Tue Dec 7 23:10:36 GMT 2004 (njh)
and MaxThreads in your clamd.conf file.
tayfun
R Jansen wrote:
Hi All,
On a FreeBSD 4.10 server I'm running:
ClamAV devel-20041215/630/Tue Dec 14 23:26:33 2004
ClamAV version devel-20041215, clamav-milter version 0.80t
Which is built from the devel-port: clamav-devel-20041201.tar.gz
Lately
Hi
The two things that can be done in exiscan to avoid this are:
This unpacks before giving to clam, so a bug in the unpacker isn't
triggered:
demime = *
(or use the mime acl for this)
Nope.
I HAVE acl_smtp_mime as well as demime = *, but in the
/var/spool/exim4/scan/msgID folder there are
63 matches
Mail list logo