Hi Will
Given that CentOS 6.x use SysVInit rather than systemd, I think you're probably
looking at something that's not entirely compatible with your needs.
For CentOS 6.x you need:
clamav
clamav-db
at minimum; if you want to be able to do daemon-based scanning (e.g. for a mail
system) then y
amav-users on behalf of Graeme
Fowler via clamav-users
Reply to: ClamAV users ML
Date: Tuesday, 19 May 2020 at 07:42
To: Bud Rozwood via clamav-users
Cc: Graeme Fowler
Subject: Re: [clamav-users] Possible threat in thunderbird?
They'll keep on coming back, that's your Gmail message
They'll keep on coming back, that's your Gmail message cache directory that
Thunderbird keeps a local copy in.
Most of them are fairly low risk email borne hazards that are likely being
detected months or years after delivery.
You can always look at the quarantine folder to see what the message
You wrote
> Sorry for sounding so naive and confused with this, I am actually confused
> whether my clamav is working or not.
If you haven't told it to do anything, then yes it's working but it's not
actually doing anything.
clamd is a daemon; you need to use the 'clamdscan' tool to ask it to s
As with any system, really.
Start with "where do files change via arbitrary user activity?"
* /home
* /tmp, /var/tmp (if different)
Then consider "which applications is the system running that could write
arbitrary data and to where?"
* webserver vhost document roots, if you're running PHP
Howdy
So... clamd@scan is a system service which is used on RedHat derived systems
via variants of the EPEL packed version of ClamAV.
By itself it does nothing. You need to tell it what to do by use of the
clamdscan binary, which passes file contents/file names/file descriptors
(depending on c
On 30/10/2019, 12:43, "clamav-users on behalf of Steffen Sledz"
wrote:
> Here "the expression" matches in all.tar, but not in allaa, not in allab, and
> not in allac. Hmmm again?
>
> For me this is confusing!
If you look back at the response from Al Varnell, you'll see that the decoded
signat
On 12/08/2019, 16:21, "Nick Howitt" wrote:
>
> Then you can't start clamd on installation?
Run a postinstall scriptlet that calls freshclam as part of the package
installer, perhaps?
Graeme
___
clamav-users mailing list
clamav-users@lists.clama
> Is there any user document that shows how to load YARA rules in ClamAV ?
https://www.clamav.net/documents/using-yara-rules-in-clamav
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
clamconf will show you what you want (with a lot more detail if required):
[graeme@whelk ~]$ clamconf -n | egrep 'version.+sigs'
bytecode.cld: version 328, sigs: 94, built on Wed Jan 2 14:42:37 2019
daily.cld: version 25469, sigs: 1587497, built on Mon Jun 3 08:59:22 2019
main.cvd: version 58, s
On 13/05/2019, 15:57, Avinash Sonawane wrote:
> Of course, at scanning time those signs/dbs need to be in memory. At
> scanning time not *all the time*. e.g. I am expecting an email at 6 PM.
> I don't mind clamd taking that much of a memory *at* 6 PM and then
> release it. I find it absolutely inco
Thanks; I'm well aware of that.
I can well understand the rationale behind the signature - however it looks
like the code is established in normal usage. The user in question requested a
more recent copy of the template sheet they work with from the upstream
organisation, which too was blocked
.
Unfortunately I cannot send the file as it contains some fairly sensitive
information :(
Graeme
--
Graeme Fowler
Senior IT Services Specialist / LU Postmaster, Systems Infrastructure, IT
Services
Loughborough University
___
clamav-users mailing list
On Mar 27, 2019, at 11:07, G.W. Haywood wrote:
> On that day's numbers it looks like ClamAV is rejecting about 5% of
> rejected mail. Here, in fifteen months, it's rejected _less_ than
> 0.0002% (although I'll grant that both are likely poor statistics).
Hello, fellow Loughborough graduate :)
We
Have emailed you off-list.
Graeme
From: Joel Esler (jesler)
Sent: 25 March 2019 22:08
To: ClamAV users ML
Cc: Graeme Fowler
Subject: Re: [clamav-users] Are signatures for Windows only?
That’s super interesting. I’d be interested in what the 6500
*decloaks*
We (Loughborough University) use ClamAV on our inbound and outbound mail
servers, in front of and after Office 365 mailboxes. It sits in the middle of a
fairly complex set of moving parts - another AV product, DNS blacklists, file
hash checks, local 'reputation', several anti-spam to
Not milter, but Exim calls ClamAV using the SCAN command when using a UNIX
socket, or zINSTREAM for TCP sockets.
I've got 3 'clusters' (loosely coupled groups, more accurately) VMs of
differing roles with slightly differing setups here at Loughborough Uni.
* CentOS 6 MX servers with a smal
17 matches
Mail list logo
