connect to download
the latest signature files?
I am running Red Hat Enterprise 7 and 8 as well as CentOS 7 and 8.
A million thanks,
John
Meaning does not lie in the work but instead in what you bring to the work
John D. McCarthy | Leidos
CISSP, MCSE, Security +, CCNA
Information Systems Security
In your freshclam.conf there is a path option - sometimes it goes straight into
/var/log for the freshclam.log
Make a /var/log/clamav and move the freshclam.log into that directory, make
sure your clam acc has proper perms, and try again.
-Original Message-
From: clamav-users On
| hunter.w...@ngc.com<mailto:hunter.w...@ngc.com>
[e2]
Submit a Ticket
here<https://ngsipprod.servicenowservices.com/esc?id=sc_cat_item_guide_id=a3e080ac1b072450c5c40d4be54bcbe8>
From: Joel Esler
Sent: Wednesday, June 29, 2022 10:05 AM
To: ClamAV users ML
Cc: West, Hunter D [US] (ES)
Subj
Hello,
I am unsure if I've come to the right place, but I need to install ClamAV
version .105. I work in a SAP environment with no internet connection to our
machines. The current version of ClamAV is .99 - I went to
https://dl.fedoraproject.org/pub/epel/7Server/x86_64/Packages/ to download
You mother fucker. Stop sending spam.
Thank you
Jayanth D
On Mon, Feb 25, 2019 at 4:43 AM Satwik B via clamav-users <
clamav-users@lists.clamav.net> wrote:
> Hello,
>
> I am trying to generate clamav signatures for a malware dataset that I
> have.
>
> Initially I have
On 10/27/17 4:09 PM, Emanuel wrote:
i use CentOS Linux release 7.3.1611 x86_64
/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.sock
User clamav
LocalSocketMode 660
AllowSupplementaryGroups yes
i solved this
On 10/03/2017 12:20 PM, Nymblewyke wrote:
Trying to trigger CLAMAV with an EICAR file for a test. The file reacts on a
windows machine, but on a redhat machine using clamav there is no trigger at
all. We are using the standard eicar text file. Any thoughts on where to look
for details on why
it to you. It would be great to get to the bottom of this before
releasing 0.99.3.
Thanks,
Steve
On Mon, Sep 25, 2017 at 8:11 PM, Michael D. <cla...@cosis.dk> wrote:
Hi Steven,
Tried running "clamdscan --reload" throughout the night - no segfaults so
far.
I have been running &q
eproduce the problem with 'clamdscan
--reload'?
Thanks,
Steve
On Sun, Sep 24, 2017 at 8:10 AM, Michael D. <cla...@cosis.dk> wrote:
Hi,
I twice tried to reach out to the ClamAV Developers regarding this error,
but been ignored.
Anyone?
Best regards
Michael
Latest segfaults since reboot
at 6 ip
7f3af21b41c5 sp 7ffe2c059ad8 error 4 in
libclamav.so.7.1.1[7f3af20f5000+1cf000]
Sep 24 13:42:53 Boomer kernel: clamd[22657]: segfault at 1c0d12b ip
7efbfdf2f1c5 sp 7fff0b092628 error 4 in
libclamav.so.7.1.1[7efbfde7+1cf000]
On 09/22/2017 05:50 PM, Michael D. wrote
On 06/30/2017 09:48 AM, Ravi Raj wrote:
Hi
I have read the documentation for clamav upgrading, when i run the
commands for upgrade i.e. 'freshclam' & 'freshclam -d' i get the
following Error output:
[root@localhost ~]# freshclam
ERROR: Please edit the example config file /etc/freshclam.
On 06/19/2017 07:49 PM, Bryan C. Everly wrote:
Hi all,
I am running Arch Linux with ClamAV 0.99.2 on a Thinkpad X1 Carbon
(Skylake) using xorg and Gnome3. Anyhow, I have the ScanOnAccess
stuff configured to where the system will detect any activity on my
EICAR test file.
My
rote:
> >
> > On Monday 24 April 2017 04:57:37 D wrote:
> >
> >> This was detected on Friday night and one email was dated in 2012.
> >>
> >> Previous week's scan was clean.
> >
> > Scans 2 days old were fine. But I've 2 more hits
This was detected on Friday night and one email was dated in 2012.
Previous week's scan was clean.
Could this be a false positive?
David
___
clamav-users mailing list
clamav-users@lists.clamav.net
Le mardi 3 janvier 2017, 05:14:52 CET Gene Heskett a écrit :
> > ERROR: VirusEvent: fork failed.
>
> I've no clue, never tried that. What I do for quaranteen is with a
> procmail script. Lemme see if I can find it. Yup, here are snippets.
I'm more interested in fixing this worrying "fork
Le mardi 3 janvier 2017, 10:31:51 CET Vladislav Kurz a écrit :
> > So I though that "VirusEvent" could be an appropriate way to do it. (Is
> > there any better way?)
>
> try using amavis together with your SMTP server. It has options to put
> mail into quarantine and to notify recipients, that
Hello,
I would like to keep emails detected as virus by ClamAV on the filesystem, in
order to be able to retrieve false-positive when users asks for them. After a
few days, a simple cronjob would remove them.
So I though that "VirusEvent" could be an appropriate way to do it. (Is there
any
ClamAV doesn't detect/protect against malware by default.
You need to add third-party databases like http://sanesecurity.com/
Works really well for me.
Cheers.
On 12/08/2016 05:53 PM, Matteo Dessalvi wrote:
Hi all.
In the last couple of days our Human Resources
have received a bunch of
Le lundi 28 novembre 2016, 10:28:03 CET Paul Kosinski a écrit :
> Of course, if anybody is able to find out what the magic filename is,
> they could mount a targeted attack.
Of course, but thanks for the warning.
> How are the PDFs generated? Would it be possible to attach a
> cryptographic
Le lundi 28 novembre 2016, 14:28:11 CET Steve Basford a écrit :
> I guess this *might* be an option.
Thanks for your reply and this idea.
> 1. Find something common in your pdf you want to "whitelist", say "Your
> company name or department", convert this to hex.
Let's say "My Safe PDF" →
Hello,
Is there any way to whitelist a file based on it's signature *and* it's
filename?
My case is about a legit PDF file embedding JavaScript sent by users by email.
Its signature is "PUA.Script.PDF.EmbeddedJavaScript", but its MD5 hash is
always different (probably because users are saving
On 05/25/2016 11:06 AM, Philip Andersson wrote:
I got some new information. The test files came from cybercom and all other
test files they sent to us was blocked. I think that clamd removes the virus
and reports OK back and translates the stream from PDF 1.4 to PDF 1.5. Because
if I open
On 05/24/2016 04:29 PM, Philip Andersson wrote:
I know that the setup have work before, but the test virus is new and the
clamav version is new. The plugins is written by me and used in small MTS
application.
I am not reading the log-file but the output stream from clamd, its two
On 05/24/2016 03:47 PM, Philip Andersson wrote:
Sorry for the confusion.
Here is what I am trying to do.
I have a java plugin installed to a message transferring system (MTS). The MTS checks incoming data and sends it to the right ip:port. The plugin is called if the message contains
On 05/24/2016 02:58 PM, Philip Andersson wrote:
Well my internet messages is sent through the address and port that is in the
config. So the file is sent from an url to clamd for virus check then forwarded
if clamd does not report a virus. But the file ends up on the machine anyway.
So i
On 05/24/2016 02:32 PM, Philip Andersson wrote:
Hello clam users,
I have a problem with my setup that creates a bit of a problem.
I have installed clamav99.2 with settings for my system from source, clamd runs fine with no error or warning output.
Database is up to date and freshclam
On 05/23/2016 03:52 PM, Steve Basford wrote:
Excellent - just installed it, and it's already working it's magic :)
The views and opinions expressed by Michael in the above post that
Sanesecurity possesses magic, are solely his own and do not necessarily
represent the views of the ministry of
On 05/23/2016 02:44 PM, C.D. Cochrane wrote:
Hi Michael and Michael,
You may want to look at sanesecurity[.]org. They have a supplemental ClamAV
database that
is supposed to be better at detecting the current scourge of ransomware and
malware. It
was recommended to me when I noted that
On 05/23/2016 01:43 PM, Michael Heseltine wrote:
Hello all,
I have recently modified my exim (4.82) configuration so that all
messages pass through clamav (0.99.2) first. Anything labeled as
malware should be rejected while the incoming SMTP connection is still
open (using an
Hi,
Hope it's the right list I'm posting to :)
Why is the Signature Database only updated every 4 hours? Every 15
minutes would make more sense, since Spammers move very fast pushing out
new version of Trojans and alike.
I've reported several Signatures/Files (via. the website), but they
Sorry about the misdirection on my greeting. It should have been:
"Thank you for the answer, AL!"
That's what happens when I'm writing a single message on two different
computers and alternating between mail program and mail webpage...
Às 18:24 de 17-02-2016, JD Ackle escreveu:
> Thank you for
Hello,
So... it seems I've been a "victim" of last week's False Positives...
First I got so many files on a Windows partition "infected" by the
Bancos trojan (detected by clamscan running from Linux) I quickly
concluded that particular Windows setup was gone. I just noticed someone
on the list
smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
/2014 9:40 AM, Alain Zidouemba wrote:
By using the tool freshclam that comes with ClamAV.
- Alain
On Tue, Sep 9, 2014 at 8:08 AM, McCarthy, John D.
john.d.mccar...@leidos.com wrote:
___
Help us build a comprehensive ClamAV guide:
https
These are government systems that either A: can only access certain sites or B:
have not internet connection (both or security reasons)
On 2014-09-09 17:28, McCarthy, John D. wrote:
A million thanks. This is what I needed. Many of my systems do not connect
to the internet. This should
Is clamav 0.97.4 supported for CentOS 5.6? I do not find it listed among the
supported linux platforms.
Thanks.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
I am experimenting with a python script which uses
http://xael.org/norman/python/pyclamd/ to scan blocks of data.
Here is my scenario, I read one block, ( 4096 bytes in my case ) from a
socket. I call pyclamd.scan_stream( block ), which I assume is in turn
calling either INSTREAM, or STREAM, (
Is there a way to exclude certain file extensions from the clam scanner?
We use a program that created .mat files, they seem to be automatically blocked.
___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
I am currently running ClamAV 0.83 with clamav-milter
and just recently received an infected email with a
zip attachment. Strange thing is that clamdscan does
not detect the virus while clamscan does.
# clamdscan error-mail_info.zip
/tmp/error-mail_info.zip: OK
--- SCAN SUMMARY
he just wanna say thank you.
think he loves us all, like jacko ;)
greetings
andy
--free your mind, use open source
http://www.mono-project.com
ASCII ribbon campaign ( )
- against HTML email X
vCards / \
Autoresponder I guess...
--
Guillaume Arcas
It seems that the same problems are reoccurring and I thought a 'What I
Know Is/Frequently Asked Question / WIKI-FAQ' page to house answers and
related information should be publicly available so I have established
what I think will be a useful resource for this.
Hello All
Thank you to all who helped previoously.
I just have the last question.
Using RH / qmail
I want to deliver spams to an [user]quarantine Maildir
I remember I saw it somewhere but don't find it again.
Spùeone could show me how and where implement this.
Thank you;
dANIEL
Trying to complete the installation of clamav. I want to configure the
clamav-milter (./configure --enable-milter) for email scanning. However,
during the configure, libmilter directory cannot be located. I can't find
it either...
What do I need to do?
Tom
[EMAIL PROTECTED]
libmilter directory does not exist. Maybe I am looking in the wrong
location. Where should libmilter directory be located?
Tom
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Trying to complete the installation of clamav. I want to configure the
clamav-milter (./configure --enable-milter)
Hello all.
I just upgraded to the new ClamAV 0.80. I use the
clamscan command along with the --leave-temps flag to
generate the main.db and daily.db files. I am using a
SMTP proxy spam program called ASSP that uses these db
files for preliminary virus detection. The
--leave-temps flag, which
Thanks for the great tip! The sigtool command works
beautifully. However, it does make me wonder if there
is a bug with the leave-temps flag.
Thanks again.
--- aCaB [EMAIL PROTECTED] wrote:
On 10/19/04 17:26, Pete D wrote:
Hello all.
I just upgraded to the new ClamAV 0.80. I use
, the amavisd/clamd does.
This is a bit off topic, but I noticed that there is a
clamav-milter for sendmail. Would using this simply
do away with having to use amavisd?
Thanks.
--- Tomasz Kojm [EMAIL PROTECTED] wrote:
On Tue, 19 Oct 2004 08:26:36 -0700 (PDT)
Pete D [EMAIL PROTECTED] wrote
On Oct 17, 2004, at 22:49, Tomasz Kojm wrote:
On Sun, 17 Oct 2004 21:36:22 -0500 (CDT)
Damian Menscher [EMAIL PROTECTED] wrote:
For those running 0.80rc4 or 0.80 final, you can catch all jpeg
exploits with the following signature (add it to a local.ndb file in
your database directory):
While I am very happy with clamav, I see room for expansion and
potential in a limited global environment.
Is it possible to have clamd on other servers utilize the db files on a
dedicated server in a local network?
I think that it makes sense to have the ability to use a single
instance of
While I am very happy with clamav, I see room for expansion and
potential in a limited global environment.
Is it possible to have clamd on other servers utilize the db files on a
dedicated server in a local network?
I think that it makes sense to have the ability to use a single
instance of
On Oct 12, 2004, at 23:47, Greg Deputy wrote:
I've been scanning the archives and have followed all suggestions there
that I can find, but still no luck.
I'm running clamav 0.80rc4 on fedora core 2. Just installed over rc3.
In the logs when the database update runs I have the very familiar
(after
On Oct 10, 2004, at 15:38, Steven Westbrook wrote:
Ok.. I don't see UnixSocket.
I've included my clamd.conf file...
thanks,
steve
--
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
#
How about telling us what app is trying to write to this file?
What is it's user ID?
What is it's group ID?
Biggest problem I've seen is that people are using amavisd and clamav
and these apps are controlled by different user/groups and this
conflict causes lots of problems.
If you have this
While this is good, it doesn't address the issue with the '-devel'
While reading deep into the source files and readme's, I came across
some information that had me examining the build process.
If a basic './configure' or './configure --prefix=/usr
--mandir=/usr/share/man --sysconfdir=/etc' is
Using your favorite editor, create the following patch file and save as
amavisd-212.patch
--- amavisd Mon Sep 27 18:47:15 2004
+++ amavisd Mon Sep 27 18:47:15 2004
@@ -11848,9 +11848,10 @@
Date: %d
From: %f
Subject: [? %#V
I concur with Bart, from following this thread, it appears that theft
is not the issue but interpretation of the license.
While the virii database is proprietary, it is licensed under the GPL
and from what I can tell, unless of course it carries it's own
independent license, giving credit
to www.mat.uni.torun.pl
Connecting to www.konarski.edu.pl
Reading md5 sum of database from www.konarski.edu.pl : OK
Downloading database from www.mat.uni.torun.pl done
ERROR: The checksum of downloaded database isn't ok. Please check it
yourself or try again.
--
Shajan D. Kay
WebCT / Systems Integrator
University
On Sep 15, 2004, at 01:48, Fajar A. Nugraha wrote:
D Walsh wrote:
I sat down in front of a Solaris 9 system, installed clamav as
instructed and yes indeed there appears to be a problem with the
implementation of free(), in 30 mins of sending e-mail from the EICAR
test site memory did climb
On Sep 14, 2004, at 03:38, Trog wrote:
On Tue, 2004-09-14 at 06:30, Meni Shapiro wrote:
Clamd works great for lots of people, but some have reported memory
leaks on latest stable (0.75.1),
which could cause your system to be out of memory.
A few people (out of the thousands who run ClamAV) have
On Sep 14, 2004, at 23:38, Fajar A. Nugraha wrote:
Nigel Horne wrote:
On Tuesday 14 Sep 2004 10:34, D Walsh wrote:
Would you consider the following a sign of a memory leak?
IDname user cpu threads real mem virtual mem
On Sep 13, 2004, at 03:03, Brian Morrison wrote:
On Sun, 12 Sep 2004 16:58:46 -0500 in [EMAIL PROTECTED]
Alex S Moore [EMAIL PROTECTED] wrote:
On Sun, 2004-09-12 at 14:58, Jeff Smelser wrote:
On Sunday 12 September 2004 02:52 pm, Björn Ketelaars wrote:
Out of curiosity; when is a development
On Sep 13, 2004, at 04:34, Trog wrote:
On Mon, 2004-09-13 at 09:24, D Walsh wrote:
They only problem with updating versions is when the tools required to
build the update change as well.
autoconf is only required to build devel/CVS versions.
I updated autocon to 2.59 (latest), ./configure went OK
On Sep 13, 2004, at 15:49, [EMAIL PROTECTED] wrote:
Hi.
I scanned the catched Virus files of the mailserverProxy which are
protected with some commercial stuff
So i get 300 Files which arent in the Clamav Virus Database, all
stuff seems to be known by other Anti Virus Companies.
Most stuff is
On Sep 13, 2004, at 15:30, [EMAIL PROTECTED] wrote:
Brad Morgan wrote:
Does anyone know if ClamAV has been packaged with any of the
Live Linux CDs?
I've got a Windows PC that keeps rebooting over and over and
we suspect a
virus. It would be nice to have a Live Linux CD with ClamAV that can
On Sep 12, 2004, at 02:35, Dave Filchak wrote:
ERROR: Can't open new file ./clamav-a088d48c982fbf38 to write
open: Permission denied
ERROR: Can't download main.cvd from 65.75.154.69
These look like permission errors, can't write to the folder or files.
-- Dale
On Sep 11, 2004, at 02:41, Rushan Sobar wrote:
Dear All,
my freshclam log show that my database contain
Received signal 14, wake up
ClamAV update process started at Mon Sep 6 20:22:55 2004
main.cvd is up to date (version: 26, sigs: 22925, f-level: 2, builder: tomek)
daily.cvd updated
On Sep 10, 2004, at 09:33, Stelian wrote:
Please help me, i have a very urgent problem.
I must provide a virus free mail service for my employer, and I must
do it fast or my job is on the line :)
We curently have about 6 POP3 acounts stored on our ISP server. The
viral trafic (incoming, of course)
On Sep 09, 2004, at 19:51, Erick Dantas Rotole wrote:
I am using Clamav, amavisd-new, spamassassin and postfix (all latest version and updated)but It doesn´t detect zafi. When i scan the infected file using clamscan --mbox, the virus is detected, but using amavisd-new with clamd as the primary
On Sep 10, 2004, at 13:32, Dennis Peterson wrote:
Dennis Peterson said:
A long time ago when I worked at a large aircraft company in Seattle I
helped
develop a DNS resource balancing methodology that evaluated system
load of
each
server being managed to determine that server's position in the DNS
In my attempt to correct the mandir in the configure script I
accidentally inserted a foreign character that caused this problem.
found by comparing changes between my modified and the unmodified
configure script.
---
This SF.Net email is
In an attempt to upgrade my server and make use of this software, I've
done the following:
cd /build
gnutar -xzvf clamav-0.75.1.tar.gz
mv ./clamav-0.75.1 ./clamav
cd clamav
./configure --prefix=/usr
sudo make
sudo make install build.txt
The program doesn't run, from what I can tell, the conf
Recall that I was asking the list recently how to deal
with getting 400 MB a day of the zafi.b virus in my
mailbox. I can filter out my mailbox with a procmail
script, followed by using clamscan and procmail, but
my hosting service isn't yet able to do it for me.
It turns out that they had
I
think that you should get more details about their
setup and then you
can search documentation and mailing lists of those
particular programs.
I don't know how they had it set up. I'll ask.
I don't normally do any kind of administration of the
hosting service's server. I'm just trying
I've been using formail, procmail and clamav to
disinect a 200 MB mailbox, and since last night it's
only processed 80 MB of mail so far. It's a 350 Mhz
box that I'm running it on, and clamav must be pretty
CPU intensive.
Somebody tipped me off to the following procmail
config, which filters on
Somebody yesterday said to use formail to convert
maildirs back to mbox format. I've looked at the
formail man page and I can't figure out how to do it.
Can you tell me?
I've successfully used a tool called yammc.pl to
convert my mailboxes to maildir. There are several
programs that claim to
I think the virus that's assaulting me is what this
page calls the PE_ZAFI.B virus:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.BVSect=T
The clamav database lists a virus called Worm.Zafi.B.
I'm still working on downloading my mailbox. I copied
it to my home
software that could do it?
I'm using clamscan version 0.70 on Debian testing for
PowerPC.
Thanks for any help you can give me.
Michael D. Crawford
[EMAIL PROTECTED]
^- a temporary email addr 'cuz I have too many
viruses in my real email inbox
Hi All
We would like to install ClamAV on a Virtuozzo VPS (virtual private server) from
SW-Soft, the makers of Plesk
Has anyone done this?
We were told that it should probably be okay unless it would attempt:
- install new kernel modules (to perform on-access scanning)
- work with ext2/ext3
Hi,
I have it working on a Virtuozzo VPS (Red Hat Linux) with no problems :)
Miguel
Hi Miguel
I'm assuming that you're talking about a totally default installation of ClamAV, no
special settings or other adjustments?
Many thanks :-)
--
Hi
I get this warning when compiling, but haven't been able to figure out why
it's there.
configure: WARNING: could not find TCP wrappers, support disabled
I'm trying to compile 0.70 on Debian stable.
Thanks
Lars
---
This SF.net email is
Thanks, everyone. These responses have given me a clue to continue with
the good fight.
Mike
Michael D. Bathrick
President
BerkshireNet, Inc
126 Fenn Street
Pittsfield, MA 01201
(413) 442-7805
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of SCHULZ
../mkinstalldirs /usr/local/man/man1
make[2]: Leaving directory
`/home/prez/clamav-0.60/clamav-milter'
make[1]: Leaving directory
`/home/prez/clamav-0.60/clamav-milter'
Any ideas?
Michael D. Bathrick
President
BerkshireNet, Inc
126 Fenn Street
Pittsfield, MA 01201
(413) 442-7805
Now, clamd has crashed and won't come back up. Since it isn't
volunteering any error messages on crash, can someone tell me where the
errors are logged?
Mike
Michael D. Bathrick
President
BerkshireNet, Inc
126 Fenn Street
Pittsfield, MA 01201
(413) 442-7805
-Original Message-
From
put the proper directory
in clamav.conf under DataDirectory, it still doesn't work. Does this
need special permissions, or am I reading this wrong?
Mike
Michael D. Bathrick
President
BerkshireNet, Inc
126 Fenn Street
Pittsfield, MA 01201
(413) 442-7805
in the src rpm, compilable for 8 and 9.
--
Roger D. Vargas
ICQ: 117641572
Linux user: 180787
* Tanto si piensas que puedes, como si piensas que no puedes, tienes razón *
Henry Ford
-
To unsubscribe, e-mail: [EMAIL PROTECTED
to support compressed archives. My
question is if using --mbox option clamscan can identify and extract
attachments.
--
Roger D. Vargas
ICQ: 117641572
Linux user: 180787
* Tanto si piensas que puedes, como si piensas que no puedes, tienes razón *
Henry Ford
?
--
Roger D. Vargas
ICQ: 117641572
Linux user: 180787
* Tanto si piensas que puedes, como si piensas que no puedes, tienes razón *
Henry Ford
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
Yup, Linux Format came with 0.23. All I upgraded was the virus database.
I'm getting the 0.53 version as I write.
Thanks!
--
Wes Peterson
Tomasz Kojm wrote:
On Sun, 03 Nov 2002 13:36:46 -0500
Wesley D. Peterson [EMAIL PROTECTED] wrote:
I just loaded Clamav from the Linux Format CD
89 matches
Mail list logo