At 05:51 PM 1/27/2005, you wrote:
I plan to setup a single box running FreeBSD, postfix, spamassassin,
amavisd and clam. What kind of box should I get. Currently I have two
boxes the first one is an Athlon running postfix and the second is RH with
amavisD and F-sesure it's a dual PIII the loads
> It's a great idea to have clamav-milter do it's own thing. BUT,
> what is its
> relationship with freshclam? In the clamav-milter -> clamd, you could be
> assured that clamd would always be aware of updates installed by
> freshclam.
> How does this work in the all milter, all the time, world?
Steven Stern said:
> It's a great idea to have clamav-milter do it's own thing. BUT, what is
> its
> relationship with freshclam? In the clamav-milter -> clamd, you could be
> assured that clamd would always be aware of updates installed by
> freshclam.
> How does this work in the all milter, all
It's a great idea to have clamav-milter do it's own thing. BUT, what is its
relationship with freshclam? In the clamav-milter -> clamd, you could be
assured that clamd would always be aware of updates installed by freshclam.
How does this work in the all milter, all the time, world?
--
Steve
Andrew Kaplan said:
> I plan to setup a single box running FreeBSD, postfix, spamassassin,
> amavisd and clam. What kind of box should I get. Currently I have two
> boxes the first one is an Athlon running postfix and the second is RH with
> amavisD and F-sesure it's a dual PIII the loads is betwee
Andrew Kaplan wrote:
I plan to setup a single box running FreeBSD, postfix, spamassassin, amavisd
and clam.
With spamassassin, that's hard.
You could get the best x86 server out there and still have high load
(e.g over 10)
What kind of box should I get. Currently I have two boxes the first one i
I plan to setup a single box running FreeBSD, postfix, spamassassin, amavisd
and clam. What kind of box should I get. Currently I have two boxes the first
one is an Athlon running postfix and the second is RH with amavisD and F-sesure
it's a dual PIII the loads is between 3 and 4 during the day.
Since ClamAV already has a naming scheme in place (Worm, Phishing, etc),
why not just add a config file option to disable each classification
(with all of them enabled by default)?
Voila! Admins who want to block everything can do so. Admin who only
want to block worms can do so. Admins who
Thank you Paul, I just made these changes to my clamd.conf, and
restarted clamd. Hopefully this will correct (work around?) the
problem! What do these settings mean (I haven't dug that far into the
source yet)?
-ed
On Thu, 27 Jan 2005 22:17:26 +0100, Paul Bijnens
<[EMAIL PROTECTED]> wrote:
> ex
exo dia wrote:
I am piping e-mail via procmail, I pipe the e-mail to clamdscan
through a shell script (no milter or anything being used.) This is
the original version of the script I am using:
http://www.everysoft.com/clamfilter.pl.txt
I noticed the same, using a similar perlscript via procmail.
I
I am piping e-mail via procmail, I pipe the e-mail to clamdscan
through a shell script (no milter or anything being used.) This is
the original version of the script I am using:
http://www.everysoft.com/clamfilter.pl.txt
Thank you!
-ed
On Thu, 27 Jan 2005 19:53:17 +, Trog <[EMAIL PROTECTED]
I apologize -- bad cut and paste in my first e-mail subject. This is
the error from my logs:
Thu Jan 27 11:28:12 2005 -> SelfCheck: Database status OK.
Thu Jan 27 11:50:15 2005 -> ERROR: ScanStream: accept() failed.
Thu Jan 27 11:57:43 2005 -> ERROR: ScanStream: accept() failed.
Thu Jan 2
On Thu, 27 Jan 2005 21:30:56 +0100 in
[EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]>
wrote:
> On Thu, 27 Jan 2005 14:29:06 -0600 (CST)
> Damian Menscher <[EMAIL PROTECTED]> wrote:
>
> > The simplest solution seems to be to write a wrapper around
> > freshclam.
>
> You can patch ClamAV to filt
On Thu, 27 Jan 2005 14:29:06 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> The simplest solution seems to be to write a wrapper around freshclam.
You can patch ClamAV to filter out all *Phishing* sigs in
libclamav/readdb.c. It should be simpler and more reliable solution.
--
oo
On Fri, 28 Jan 2005, Jason Haar wrote:
clamAV (like all other AVs) produces a report stating what the malware is. In
the case of Phishing, clamAV tags them as "*.Phishing.*".
So, change your "blocking agents" to ignore such matches Don't be
surprised if they don't have the option, but if
I don't understand what the fuss is.
clamAV (like all other AVs) produces a report stating what the malware
is. In the case of Phishing, clamAV tags them as "*.Phishing.*".
So, change your "blocking agents" to ignore such matches Don't
be surprised if they don't have the option, but if y
> On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
>
> >=20
> > We do a lot of on-line commerce. We cannot tolerate many false positives.
> > Phishing exploits are something we deal with through education first, and
> > filtering second. As phishers become more sophisticated and numerous
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 13:05 -0600, Damian Menscher wrote:
> Oh, ok. Apparently we have a different definition of plaintext. I
> generally take anything using only the lower 7 bits (ASCII table) to
> mean plaintext, and things that use the 8th bit to mean binary.
On Thu, 2005-01-27 at 11:44 -0800, exo dia wrote:
> Hello,
>
> The latest 0.81 release of clamav now displays "ERROR: ScanStream:
> accept() failed." errors in the logs for some incoming e-mails. For
> example if I send the "Test #6: Eicar virus embedded within another
> MIME segment" test from ht
On Thu, 2005-01-27 at 11:44 -0800, exo dia wrote:
> Hello,
>
> The latest 0.81 release of clamav now displays "ERROR: ScanStream:
> accept() failed." errors in the logs for some incoming e-mails. For
> example if I send the "Test #6: Eicar virus embedded within another
> MIME segment" test from ht
Hello,
The latest 0.81 release of clamav now displays "ERROR: ScanStream:
accept() failed." errors in the logs for some incoming e-mails. For
example if I send the "Test #6: Eicar virus embedded within another
MIME segment" test from http://www.webmail.us/testvirus it causes this
error, where with
> Hi all,
>
> When using clamav 0.81rc1 with amavisd-new I get these errors:
> Jan 22 12:05:22 donkeykong amavis[24030]: (24030-07) Mail::ClamAV
> av-scanner FAILED: statchkdir() only works if a database directory was
specified
> to new() at (eval 35) line 62.
>
> clamav is configured in amavis
On Thu, 27 Jan 2005 13:54:22 -0500 (EST) in
[EMAIL PROTECTED] jef moskot
<[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Jim Maul wrote:
> > What if the plumber and the mechanic work on it together? ;)
>
> What if the electrician goes to night school to learn ornithology?
Electrified owls?
--
On Thu, 2005-01-27 at 13:05 -0600, Damian Menscher wrote:
> Oh, ok. Apparently we have a different definition of plaintext. I
> generally take anything using only the lower 7 bits (ASCII table) to
> mean plaintext, and things that use the 8th bit to mean binary.
> Regardless of your definitio
On Thu, 2005-01-27 at 19:12, Kul wrote:
> Then the restart:
> Starting clamd: [ OK ]
> Starting clamav-milter: /usr/local/sbin/clamav-milter: --max-children must be
> given in internal mode
> [ ** ]
>
> Had to do a roll back to 0.80, but I can install 0.81 on the backup
> mailserver as nobo
> trying to start clamav-milter from 0.81 I get:
>
> Starting clamav-milter: /usr/sbin/clamav-milter: ScanMail not defined in
> /etc/clamd.conf (needed without --external)
What are your clamav-milter options?
> Petr
Hi Guys
Sorry this thread doesn't follow, I have just sbscribed here, and don
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 12:45 -0600, Damian Menscher wrote:
> Another is your assertion that my "initial assumptions" were incorrect
> when I suggested that phishing signatures were more likely to create
> false positives as a result of being more likely to be match
On Thu, 2005-01-27 at 12:45 -0600, Damian Menscher wrote:
> Another is your assertion that my "initial assumptions" were incorrect
> when I suggested that phishing signatures were more likely to create
> false positives as a result of being more likely to be matching
> plaintext. Which initial
On Thu, 27 Jan 2005, Jim Maul wrote:
> What if the plumber and the mechanic work on it together? ;)
What if the electrician goes to night school to learn ornithology?
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Thu, 2005-01-27 at 18:37, Kul wrote:
> > trying to start clamav-milter from 0.81 I get:
> >
> > Starting clamav-milter: /usr/sbin/clamav-milter: ScanMail not defined in
> > /etc/clamd.conf (needed without --external)
>
> What are your clamav-milter options?
>
> > Petr
>
> Hi Guys
> Sorry
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 12:32 -0600, Damian Menscher wrote:
> Seriously, that's an unfair question. When you're deleting people's
> email, how would they find out if there was a false positive? With
> spam, it's standard practice to review a junk-mail box for fals
The more tools that you have the likelihood of filtering it out increases.
Just because I run ClamAv on the mail exchanger does not mean I do not run
AV on our Exchange server and all of our desktop machines. Firewalls can do
IDS functions, AV applications for the desktop are now including Anti Sp
Damian Menscher wrote:
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
> We do a lot of on-line commerce. We cannot tolerate many false
positives.
> Phishing exploits are something we deal with through education
first, and
> filtering second. As phishers
On Thu, 2005-01-27 at 18:37 +, Kul wrote:
> > trying to start clamav-milter from 0.81 I get:
> >
> > Starting clamav-milter: /usr/sbin/clamav-milter: ScanMail not defined in
> > /etc/clamd.conf (needed without --external)
>
> What are your clamav-milter options?
>
Uncomment the ScanMail
On Thu, 2005-01-27 at 12:32 -0600, Damian Menscher wrote:
> >
> > And how many Phishing false positives have you had exactly?
>
> All of them. ;)
>
> Seriously, that's an unfair question. When you're deleting people's
> email, how would they find out if there was a false positive? With
> s
> trying to start clamav-milter from 0.81 I get:
>
> Starting clamav-milter: /usr/sbin/clamav-milter: ScanMail not defined in
> /etc/clamd.conf (needed without --external)
What are your clamav-milter options?
> Petr
Hi Guys
Sorry this thread doesn't follow, I have just sbscribed here, and dont have
On Thu, 2005-01-27 at 11:14 -0600, Damian Menscher wrote:
> On Thu, 27 Jan 2005, Jim Maul wrote:
> >
> > Is it causing you (or anyone for that matter) a problem by clamav catching
> > some phishing attempts as opposed to spamassassin catching them? Whats
> > really the issue here? You just dont
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
> We do a lot of on-line commerce. We cannot tolerate many false positives.
> Phishing exploits are something we deal with through education first, and
> filtering second. As phishers become more sophisticate
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
>
> We do a lot of on-line commerce. We cannot tolerate many false positives.
> Phishing exploits are something we deal with through education first, and
> filtering second. As phishers become more sophisticated and numerous false
> positi
On Thu, 27 Jan 2005 16:59:57 - in
[EMAIL PROTECTED] "Nigel Horne"
<[EMAIL PROTECTED]> wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of
> > [EMAIL PROTECTED]
>
> > If you have received this
> > communication in error, please notify me im
From:
http://www.infoworld.com/article/05/01/21/04FEphishing_1.html?source=NLC-WS2005-01-26
Phishers are employing increasingly sophisticated techniques, such as
malicious code buried in images, keystroke-logging applications that
download as soon as an e-mail is opened, and spoofed Web sites tha
You know, this gets old real quick!
Back when this debate first started (around November or so) I never
thought it would stop.
In November I decided to do 2 things 1 log what virus's were being
caught, where they were going, and what virus was detected.
Out of 446 detected viruses, 167 were phish
On Thu, 27 Jan 2005 11:59:24 -0600 (CST)
Michael Brennen <[EMAIL PROTECTED]> wrote:
>
> I've been running clamav for quite some time, generally following CVS.
> The build and install procedures are well established and have worked
> for a long time. After the latest CVS upgrade I'm suddenly gett
el
Jan 27 11:38:01 ... clamd[27135]: clamd daemon devel-20050127 (OS:
linux-gnu,ARCH: i386, CPU: i686)
# freshclam -V
ClamAV devel-20050127/689/Thu Jan 27 07:33:10 2005
# freshclam -v
Current working dir is /.../
Max retries == 5
ClamAV update process started at Thu Jan 27 11:49:0
Jim Maul wrote:
If my car is broken usually I take it to a mechanic. But if a friend of
mine who happens to be a plumber can fix it also, does it really matter
if I bring it to him instead? No.
-Jim
Ok, I took part in the previous discussion and I accept the developers
decision. But I just..
On Thu, 27 Jan 2005 11:27:48 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Tomasz Kojm wrote:
> > On Thu, 27 Jan 2005 Damian Menscher <[EMAIL PROTECTED]> wrote:
> >
> > > ...which is why, in my original email, I referred to things that
> > > propagate automatical
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 Damian Menscher <[EMAIL PROTECTED]> wrote:
> ...which is why, in my original email, I referred to things that
> propagate automatically without intervention from their author.
OK, so what about the trojans? ;-)
I take the somewhat-unusu
Sam said:
>
> Also to Damian: I understand what you are saying, but tend to agree more
> with Jim. What does it matter who catches it as long as it's caught?
The answer to this is simple: my policy for dealing with spam is quite
different than my policy for dealing with viruses. Spam is annoying,
On Thu, 27 Jan 2005 11:08:12 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> ...which is why, in my original email, I referred to things that
> propagate automatically without intervention from their author.
OK, so what about the trojans? ;-)
--
oo. Tomasz Kojm <[EM
Damian Menscher wrote:
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav
catching some phishing attempts as opposed to spamassassin catching
them? Whats really the issue here? You just dont believe clamav is
the right tool for that job, but
I am building clamav from src rpm from crash-hat. It build just fine
but i get the message:
configure: WARNING: ** This ClamAV installation may be linked against
configure: WARNING: ** a broken zlib version. Please DO NOT report any
configure: WARNING: ** stability problems to the Cl
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav catching
some phishing attempts as opposed to spamassassin catching them? Whats
really the issue here? You just dont believe clamav is the right tool for
that job, but is there REALLY a probl
> Ok, so its not a virus, and its not spam. So neither product should
> detect it your saying? How about both products detect it, we have
> overlap, and users are happy cause they dont have to deal with this crap
> in their inbox.
Personally, I'd love to have it as a config option in clamd.conf.
Nigel,
You are far too detailed.
Gord
CONFIDENTIALITY WARNING: The information in the e:mail is confidential and
privileged. It is intended only for the use of the individual or entity it
is addressed to. If the reader of this message is not the intended
recipient, or the authorized agent
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Tomasz Kojm wrote:
> >
> > Phishing IS NOT spam! Is that really so hard to understand?
>
> Phishing IS NOT a virus! Is that really so hard to understand?
95% of internet
Damian Menscher wrote:
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
Ok, so its not a virus, and its not spam. So neither product should
detect it your saying? How about both pro
On Jan 27, 2005, at 11:29 AM, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that
On Thu, 27 Jan 2005 10:57:27 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Tomasz Kojm wrote:
> >
> > Phishing IS NOT spam! Is that really so hard to understand?
>
> Phishing IS NOT a virus! Is that really so hard to understand?
95% of internet worms are not viru
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> [EMAIL PROTECTED]
> If you have received this
> communication in error, please notify me immediately by telephone or fax
> and delete all copies of the original message.
How can I do that if you don't q
Tomasz Kojm wrote:
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that really so hard to understand
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61
On Thu, 27 Jan 2005 17:40:25 +0100
Stefan Hornburg <[EMAIL PROTECTED]> wrote:
> Can you give me a pointer to how Phishing is defined and detected in
> the context of ClamAV ?
See http://www.antiphishing.org/
"What is Phishing?
Phishing attacks use 'spoofed' e-mails and fraudulent websites design
Hello,
I just wanted to give the team a big thank you. All I needed to do was
upgrade zlib and compile. Everything is working great.
Gord
CONFIDENTIALITY WARNING: The information in the e:mail is confidential and
privileged. It is intended only for the use of the individual or entity it
> I'm not sure how that could have happened. Did you choose cron in the
> debconf setup, or something else? I wouldn't mind getting to
> the bottom of this.
I really don't recall the setup process. I believe I visited
http://sial.org/howto/clamav/freshclam/ and took the following sentence
to he
On Thu, 27 Jan 2005 at 11:35:24 -0500, Don Levey wrote:
> [EMAIL PROTECTED] wrote:
> > On Thu, 2005-01-27 at 07:01 -0700, Craig Daters wrote:
> >>
> >> WORM_BAGLE.AZ is what Trend Net is referring to this as, there
> >> message to me this morning follows:
> >
> > It is detected by Clam as Trojan
On Thu, 27 Jan 2005 11:35:24 -0500 in
[EMAIL PROTECTED] "Don Levey"
<[EMAIL PROTECTED]> wrote:
> Hmm... Passed right through my setup, without detection.
And your setup is?
> Database updated as recently as 4:am today.
That's more than 7 *hours* ago...
--
Brian Morrison
bdm at fenrir dot
On Thu, 27 Jan 2005 17:29:05 +0100
Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005 11:27:00 -0500
> Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
>
> > Just my two cents - I agree with the other guy. CLAM should blocks
> > virii and worms, and leave SPAM to something else. Just th
On Thu, 27 Jan 2005 11:35:24 -0500
"Don Levey" <[EMAIL PROTECTED]> wrote:
> Hmm... Passed right through my setup, without detection.
> Database updated as recently as 4:am today.
So better update your software ASAP.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\.
[EMAIL PROTECTED] wrote:
> On Thu, 2005-01-27 at 07:01 -0700, Craig Daters wrote:
>> I'm thinking that someone has submitted this, and we already have the
>> update...but does anyone know for sure if we are safe from this.
>>
>> WORM_BAGLE.AZ is what Trend Net is referring to this as, there
>> mes
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
> Just my two cents - I agree with the other guy. CLAM should blocks
> virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that really so hard to understand?
--
oo
> > There was a discussion about this several months ago. Unfortunately,
> > many people (including part of the signature-generation team) are too
> > dogmatic about their feelings that "phishing is bad, so we should block
> > it" to look at it logically.
> Is it causing you (or anyone for that
> [sending notification to receiver]
> It's possible with Amavisd-new to do this,
But there is no way to do this [ send a message to the intended
recipient] via clamav-milter itself?
> but if it's wise??? It can
> confuse the receiver, so inform them good about this kind of messages
> (or make t
On Jan 27, 2005, at 10:33 AM, Tomasz Kojm wrote:
No problem. As a bonus we will create a signature for your domain name
;-)
Just kidding! Honest! I'd NEVER think of having Windows thought of as
a virus... :-)
___
http://lists.clamav.net/cgi-bin/mailma
On Thu, 2005-01-27 at 16:44 +0100, Paul Bijnens wrote:
> Trog wrote:
> > What software are you using to pass requests/data to clamd?
>
> clamscan-procfilter.pl, a little perlprog to be used in procmail
> essential boiling down to
> "cat themsg | clamdscan --stdout - > $tempfile",
> and examining $
On Thu, Jan 27, 2005 at 12:12:09PM -, Christopher Roberts said:
> > Check the value of "Checks" in /etc/clamav/freshclam.conf (defaults to
> > 12, I think)
>
> Thanks GC, you're a genius. Or perhaps I'm just stupid - I just never
> thought to read the error message that literally - it was set
On Thu, 2005-01-27 at 09:45 -0600, Sam wrote:
> (This is directed more at Trog than anyone...) So if one were to submit
> phishing attempts, what do you need? I don't think the virus submission
> page will allow one to submit something without an attachment?
>
> Do you need headers?
>
> Do you
On Thu, 27 Jan 2005, Jim Maul wrote:
> Is it causing you (or anyone for that matter) a problem by clamav
> catching some phishing attempts as opposed to spamassassin catching
> them? Whats really the issue here? You just dont believe clamav is the
> right tool for that job, but is there REALLY
Trog wrote:
What software are you using to pass requests/data to clamd?
clamscan-procfilter.pl, a little perlprog to be used in procmail
essential boiling down to
"cat themsg | clamdscan --stdout - > $tempfile",
and examining $tempfile for results.
--
Paul Bijnens, Xplanation
Damian Menscher wrote:
On Thu, 27 Jan 2005, Sam wrote:
I have yet another question. I have noticed Clam stopping (or at
least to me it appears to be stopping) various phishing attempts. Or am I
wrong?
If this is the case, I will start submitting phishing attemps I see (I
probably get 3 - 4 a day).
On Thu, 2005-01-27 at 16:19 +0100, Paul Bijnens wrote:
> Upgraded this morning to 0.81, and suddenly I have frequently the
> error message "ScanStream: accept() failed" in my logs.
>
> I have enable verbose logging, and notice that *most of the time*
> all is ok, but frequently there is an accept
Damian Menscher wrote:
Please don't. Phishing attempts do not automatically propagate (by
infecting a machine and being re-sent) and therefore are generally
one-time events. As such, they can be trivially changed to evade any
signature-based filter, which must obviously generate a signature
_
On Thu, 27 Jan 2005 10:32:55 -0500
Bart Silverstrim <[EMAIL PROTECTED]> wrote:
>
> On Jan 27, 2005, at 10:25 AM, Damian Menscher wrote:
>
> > There was a discussion about this several months ago.
> > Unfortunately, many people (including part of the
> > signature-generation team) are too dogmat
On Jan 27, 2005, at 10:25 AM, Damian Menscher wrote:
There was a discussion about this several months ago. Unfortunately,
many people (including part of the signature-generation team) are too
dogmatic about their feelings that "phishing is bad, so we should
block it" to look at it logically.
Ca
On Jan 27, 2005, at 10:13 AM, <[EMAIL PROTECTED]> wrote:
Craig Daters
Wow, that was some time ago, and TrendNet is only just now putting out
an update! That's scarry!
Thanks Trog
What concerns me (if it is true that ClamAV has detected this specific
variant since November) is that ClamAV is not per
On Thu, 27 Jan 2005, Sam wrote:
I have yet another question. I have noticed Clam stopping (or at
least to me it appears to be stopping) various phishing attempts. Or am I
wrong?
If this is the case, I will start submitting phishing attemps I see (I
probably get 3 - 4 a day).
Please don't. Phishing
>Randal, Phil:
>
>Hold on a minute there! ClamAV detects it because it matches an
>existing ClamAV virus pattern - that is serendipitous rather than
>malicious.
My apoligies if that is the case. However, I do know that Trend
detected this before the new definitions were released as well.
However
On Thu, 2005-01-27 at 09:13 -0600, [EMAIL PROTECTED] wrote:
> >Craig Daters
> >Wow, that was some time ago, and TrendNet is only just now putting out
> >an update! That's scarry!
> >
> >Thanks Trog
>
> What concerns me (if it is true that ClamAV has detected this specific
> variant since November)
[EMAIL PROTECTED] wrote:
>> Craig Daters
>> Wow, that was some time ago, and TrendNet is only just now putting
>> out an update! That's scarry!
>>
>> Thanks Trog
>
> What concerns me (if it is true that ClamAV has detected this
> specific variant since November) is that ClamAV is not
> performin
Upgraded this morning to 0.81, and suddenly I have frequently the
error message "ScanStream: accept() failed" in my logs.
I have enable verbose logging, and notice that *most of the time*
all is ok, but frequently there is an accept error:
Thu Jan 27 16:09:06 2005 -> Accepted connection on port 125
>Craig Daters
>Wow, that was some time ago, and TrendNet is only just now putting out
>an update! That's scarry!
>
>Thanks Trog
What concerns me (if it is true that ClamAV has detected this specific
variant since November) is that ClamAV is not performing due diligence
and sharing samples to prote
Trog: Thanks for the advice on the new releases.
I have yet another question. I have noticed Clam stopping (or at
least to me it appears to be stopping) various phishing attempts. Or am I
wrong?
If this is the case, I will start submitting phishing attemps I see (I
probably get 3 - 4 a day).
On Thu, 2005-01-27 at 08:25 -0600, Sam wrote:
> I do have a question on the upgrade(s): Is there typically a period of
> time where the old version will work alongside the new version? (I read
> the faq and saw the mention of missing viruses if one doesn't upgrade).
> The reason I ask is, in my
[EMAIL PROTECTED] wrote:
> Trog wrote:
>> It is detected by Clam as Trojan.Downloader.Small-165, which was
>> added on 8th Nov 2004 by Christoph.
>>
> Wow, that was some time ago, and TrendNet is only just now
> putting out an update! That's scarry!
>
> Thanks Trog
>
> --
> Craig Daters ([EMAIL
Hi List!
Please allow me to start by saying I'm relatively new here, having just
switched to clam from RAV. I'm very impressed with the responsiveness of
the Clam team, and with the Clam product. You guys do a great job.
I do have a question on the upgrade(s): Is there typically a period of
tim
Trog wrote:
It is detected by Clam as Trojan.Downloader.Small-165, which was added
on 8th Nov 2004 by Christoph.
Wow, that was some time ago, and TrendNet is only just now putting out
an update! That's scarry!
Thanks Trog
--
Craig Daters ([EMAIL PROTECTED])
Systems Administrator
West Press Print
On Thu, 2005-01-27 at 07:01 -0700, Craig Daters wrote:
> I'm thinking that someone has submitted this, and we already have the
> update...but does anyone know for sure if we are safe from this.
>
> WORM_BAGLE.AZ is what Trend Net is referring to this as, there message
> to me this morning follow
I'm thinking that someone has submitted this, and we already have the
update...but does anyone know for sure if we are safe from this.
WORM_BAGLE.AZ is what Trend Net is referring to this as, there message
to me this morning follows:
> As of January 27, 2005 1:42 AM PST (Pacific Standard Time/
Here are the upgrade instructions that I follow(ed)! These do work if
you follow them to the t! *oh ya ... Remember to backup your
Freshclam.conf and clamd.conf =P~
unpack the old distribution:
tar -zxf clamav-0.80.tar.gz
run configure
cd clamav-0.80
./configure
Unpack the
On Thu, 27 Jan 2005 13:42:12 +0100 Tomasz Kojm wrote:
> On Thu, 27 Jan 2005 13:37:33 +0100
> Frank Elsner <[EMAIL PROTECTED]> wrote:
>
> > > WARNING: Your ClamAV installation is OUTDATED - please update
> > > immediately! WARNING: Current functionality level = 3, required = 4
> > >
> > > This is
On Thu, 27 Jan 2005 13:57:30 +0100 in
[EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]>
wrote:
> > Won't your sheep(?) eat them?
>
> Actually it's a turtle. I really hate when people confuse it with
> a sheep! ;-)
OK, but turtles like flowers too don't they?
--
Brian Morrison
bdm at fenri
1 - 100 of 125 matches
Mail list logo