-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I came across this paper which could be useful. Here it is:
http://www.fsl.cs.sunysb.edu/docs/avfs-security04/index.html#tthFtNtAAB
On Oct 16, 2007, at 3:10 PM, Sean McGlynn wrote:
> Thank you for your reply.
>
> I appreciate your point, but in our
Sean McGlynn wrote:
> Just to be certain (It's not my first day with Linux, but I'm still
> relatively new
> to it), you mean NFS as in Network File System, as in mounting a remote file
> system on the Linux server, correct? If correct, then no, NFS is not
> involved.
> Both the directory bei
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dennis Peterson wrote:
> Sean McGlynn wrote:
>> Dennis,
>>
>> Thank you for taking the time to reply.
>>
>> Yes, I am running the scan as root.
>>
>> Sean
>>
>>
>
> Is the home directory mounted?
>
> Dennis
On 10/16/07, Sean McGlynn <[EMAIL PROTECTED]> wrote:
> Just to be certain (It's not my first day with Linux, but I'm still
> relatively new to it), you mean NFS as in Network File System, as in mounting
> a remote file system on the Linux server, correct? If correct, then no, NFS
> is not invol
Thank you for your reply.
I appreciate your point, but in our environment the directories being scanned
are user directories where only data files are stored. There is no risk to
applications or other running processes.
- Original Message
From: Derick Centeno <[EMAIL PROTECTED]>
To:
Just to be certain (It's not my first day with Linux, but I'm still relatively
new to it), you mean NFS as in Network File System, as in mounting a remote
file system on the Linux server, correct? If correct, then no, NFS is not
involved. Both the directory being scanned and the destination di
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Having a script parse the log file is not the problem. The
documentation addressing the details of Clamav explain clearly that
removing the infected file or files are the difficulty especially as
the infected files may be key components or data
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Sean:
My own experience with Clamav has been that it clearly identifies the
location of a virus during a scan. However if you want to know the
details of file access (who or what did something unusual and when)
you may be better off with hav
Dennis Peterson wrote:
> Sean McGlynn wrote:
>> The directory I am trying to scan is mounted, as is the directory to where I
>> want the infected files moved, if I am understanding your question.
>>
>> Thanks again.
>
> User root is frequently (and correctly) prohibited from deleting files from
Sean McGlynn wrote:
> The directory I am trying to scan is mounted, as is the directory to where I
> want the infected files moved, if I am understanding your question.
>
> Thanks again.
User root is frequently (and correctly) prohibited from deleting files from NFS
mounted sources. There are m
The directory I am trying to scan is mounted, as is the directory to where I
want the infected files moved, if I am understanding your question.
Thanks again.
- Original Message
From: Dennis Peterson <[EMAIL PROTECTED]>
To: ClamAV users ML
Sent: Tuesday, October 16, 2007 2:30:09 PM
Su
Dennis Peterson wrote:
> Sean McGlynn wrote:
>> Dennis,
>>
>> Thank you for taking the time to reply.
>>
>> Yes, I am running the scan as root.
>>
>> Sean
>>
>>
>
> Is the home directory mounted?
>
Should have said "NFS mounted".
dp
___
Help us build
Sean McGlynn wrote:
> Dennis,
>
> Thank you for taking the time to reply.
>
> Yes, I am running the scan as root.
>
> Sean
>
>
Is the home directory mounted?
Dennis
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http:/
Hello!
Is it possible to create new .cvd files from older
.cvd files, using the appropriate .cdiff files?
If this is not possible (with .cdiff files), do u
think that we can somehow create a binary diff file
from the two .cvd versions (old against new)?
Thanks
ilias
___
Dennis,
Thank you for taking the time to reply.
Yes, I am running the scan as root.
Sean
- Original Message
From: Dennis Peterson <[EMAIL PROTECTED]>
To: ClamAV users ML
Sent: Tuesday, October 16, 2007 2:17:38 PM
Subject: Re: [Clamav-users] eicar Identified But Not Moved
Sean McGlyn
Sean McGlynn wrote:
> Hello,
>
> I am testing clamscan, and running the following command:
>
> clamscan -r --move=/var/log/clam/infected -l /var/log/clam/dailyclamscanSPM
> /home/justlgn/test/eicar.com
>
> The results indicate "can't open file," and that no infected files were
> found. The cl
Hello,
I am testing clamscan, and running the following command:
clamscan -r --move=/var/log/clam/infected -l /var/log/clam/dailyclamscanSPM
/home/justlgn/test/eicar.com
The results indicate "can't open file," and that no infected files were found.
The clam log file shows that the file was id
I read in another post that the only way to quarantine an infected file that is
discovered during an on access scan (i.e. via Clamuko) it to write a script
that would parse the log file for the location of the infected file and then
move it or delete it as desired. Is this correct? If not, wha
Hello,
I am looking for better information when notified by ClamAV that a virus has
been detected. Thus far I have VirusEvent /bin/echo "VIRUS ALERT: ClamAV found
%v." | /bin/mail -s "ClamAV Virus Detection" -r ClamAV [EMAIL PROTECTED], which
basically tells me that a particular virus was dete
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
fchan wrote:
> Hi,
> Maybe it just me but I noticed that the clamav definitions are still
> at 4540 dated 14 October 2007 0143 UTC or has the virus writers has
> called a truce.
>
No, this is probably the LULL before the STORM.
- -James
-BEGIN P
Hi,
Maybe it just me but I noticed that the clamav definitions are still
at 4540 dated 14 October 2007 0143 UTC or has the virus writers has
called a truce.
Regards,
Frank
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
ht
А под какую ось и под какой MTA?
2007/10/16, oboltus <[EMAIL PROTECTED]>:
>
> Hello!
> I address with a question, the answer on which could not find in FAQ.
> whether can clamav check on viruses outcoming mail? If yes, as it to
> realize?
> thank you in advance.
> mailto:[EMAIL PROTECTED]
>
>
On 10/16/07, oboltus <[EMAIL PROTECTED]> wrote:
> Hello!
> I address with a question, the answer on which could not find in FAQ. whether
> can clamav check on viruses outcoming mail? If yes, as it to realize?
> thank you in advance.
Yes - the solution of course will depend on your mail server, wh
Hello!
I address with a question, the answer on which could not find in FAQ. whether
can clamav check on viruses outcoming mail? If yes, as it to realize?
thank you in advance.
mailto:[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: vis
24 matches
Mail list logo