On 22.4.2010 6:03, Steve Wray wrote:
> Robert Wyatt wrote:
>> Simon Hobson wrote:
>> Well, it's not the only defense that I can think of. For exactly how
>> long had this message appeared before the ClamAV engine actually died?
>>
>> LibClamAV Warning: **
On 20.7.2010 21:35, Laurence MOINDROT wrote:
> Hi Everyone,
>
> We are currently using clamav (0.96.1), spamassassin (3.3.1),
> greylisting (4.2.5) and sendmail (8.14.4) on our mailserver's cluster
>
> We would appreciate any feedback on your experience using clamav with
> sanesecurity.
>
I use
30.10.2012 13:01, Zoltan Gyula Beck kirjoitti:
> Dear list members,
>
> for various reasons I've to mark some mime type files as virus/infected.
> It is possible this? If yes, how can I do this? For example all EXE, BAT,
> BIN (linux binaries), etc...
>
> Best Regards,
> Zoltan Beck
You might w
These rules must have a common signature? Old downloads suddenly trigger
positives.
Alkuperäinen viesti / Orig.Msg.
Aihe: Anacron job 'cron.weekly' on whirlwind
Päiväys:Sun, 25 Nov 2012 09:01:19 +0200 (EET)
Lähettäjä: Anacron
Vastaanottaja: r...@jarif.iki.fi
06.12.2012 19:44, franckm kirjoitti:
> Is it possible to have clamd (clamav deamon) watch a specific folder (and
> only that one) and automatically scan the files as they are dropped into it?
>
I'm afraid it is not possible with clamd alone. You need a separate
daemon watching the folder(s) and the
06.12.2012 20:44, Dennis Peterson kirjoitti:
> On 12/6/12 10:30 AM, TR Shaw wrote:
>> Linux, bsd unix and MacOSX all support directory/folder changed actions.
>>
>> Tom
>>
>> On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote:
>>
>>> 06.12.2012 19:44
On 2015-06-21 12:22, Simon Hobson wrote:
M.hafez wrote:
can i install the mail server (win or Linux based ) and the clamav
in different machine, that may allow me to filter more than one mailer
server using the same Clamav machine.
In principle yes, though it very much depends on how you ar
I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot recognizes
them as Win32/Bredolab!Generic but ClamAV does not.
I tried to post one to ClamAV site, but it was said to be recognized already.
I have
ClamAV 0.95.2/9826/Wed Sep 23 14:06:01 2009
main.cvd is up to date
>> -Original Message-
>> From: clamav-users-boun...@lists.clamav.net
>> [mailto:clamav-users- boun...@lists.clamav.net] On
>> Behalf Of Jari Fredriksson
>> Sent: Wednesday, September 23, 2009 9:14 AM
>> To: ClamAV Users
>> Subject: [Clamav-us
>> I get lots of 'invoices' from DHL containing a zipped
>> trojan. F-Prot recognizes them as Win32/Bredolab!Generic
>> but ClamAV does not.
>
> Hi,
>
> Just in case this helps block them... I've been detecting
> these for a while if its the same sort of fake invoices
> I've been receiving here,
> Jari Fredriksson wrote:
>
>>
>> Then I decided SaneSecurity is not worth it, as
>> SpamAssassin catches those too, and has less false
>> positives.
>>
>> SaneSecurity triggers way too often when some dumb user
>> pastes a spam into his mail, or
> On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari
> Fredriksson wrote:
>>> Jari Fredriksson wrote:
>>>
>>>>
>>>> Then I decided SaneSecurity is not worth it, as
>>>> SpamAssassin catches those too, and has less false
>>>>
>>
>> I don't run ClamAV via SpamAssassin. I have it called by
>> amavisd-new, which does what it does: quarantine.
>
> Sure hope your not using heuristics, phishing and/or
> safebrowsing options in ClamAV if you feel that way.
>
I use amavisd-new default options, have not touched those.
Anywa
> On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari
> Fredriksson wrote:
>>>
>>> Ehm, were you scoring SaneSecurity hits like one is
>>> supposed to, or just plain rejecting with them? Sounds
>>> like the latter.
>>>
>>
>> I don&#x
> At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote:
>> >>
>>>> I don't run ClamAV via SpamAssassin. I have it called
>>>> by amavisd-new, which does what it does: quarantine.
>>>
>>> Sure hope your not using heuristics, phishing a
>>
>> This is what I found about Phishing and Heuristics.
>> Dangerous? When I review the quaratine anyway.
>
> No more than sanesecurity rules and alot more than my
> winnow_malware.hdb which would have caught your virus.
>
> Point being you might just want to consider what you have
> running..
> Jari Fredriksson wrote:
>
>> I give rat's ass to WinNow. If I would have been
>> interested in SaneSecurity or WinNow I would have
>> installed those again, and tested with them.
>>
>
> Don't let it fall through the cracks that people here are
&
> I am a tad confused about your reporting comment as the
> clamav web reporting mechanism works fine at least for me
> and you can also
> report via virustotal as well.
>
> Anyway glad your happy with your config.
>
> Tom
>
> btw its winnow as in to remove the wheat from the chaff
> and has
>
>> Seems to work. I just got this:
>>
>> --
>> A virus was found: W32/Downldr3.GW
>>
>> Banned name: .exe,.exe-ms,open.exe
>> Scanners detecting a virus: F-PROT Antivirus for UNIX,
>> BitDefender
>>
>> Content type: Virus
>> Internal reference
> Hello Jari,
>
>> clamav NOW detects that even without pua, things updated.
>> But the older DHL-incoices. No. Not even with
>> detect-pua=yes.
>
> what does the form answer you when you try to submit it?
> It should reject it with a message.
>
> That message can help us to track down the issu
> On 2009-09-24 16:01, Jari Fredriksson wrote:
>>> Hello Jari,
>>>
>>>
>>>> clamav NOW detects that even without pua, things
>>>> updated. But the older DHL-incoices. No. Not even with
>>>> detect-pua=yes.
>>>>
>&g
>> The second symptom is from not running clamd, or having
>> a wrong path to clamav's config file in freshclam.conf.
>> If you don't have clamd running (which I recommend),
>> comment out the
>> NotifyClamd
>> or make sure the argument to NotifyClamd correctly
>> points to clamd's config file.
>> From: ja...@iki.fi
>> To: clamav-users@lists.clamav.net
>> Date: Sun, 27 Sep 2009 22:55:31 +0300
>> Subject: Re: [Clamav-users] nonblock_connect: connect
>> timing out (30 secs)
>>
The second symptom is from not running clamd, or having
a wrong path to clamav's config file in freshcl
>>>
>>> Hello,
>>>
>>> But do I really need clamd??
>>> As far as I can tell, clamd "only" gives me on-access
>>> protection, right?
>>>
>>> Thank you
>>> Agostinho
>>>
>>
>> No, clamd does not give to transparent backgroup
>> protection, like the Windows antivirus tools to. It is a
>> daemoni
15.10.2009 14:55, Tom Shaw kirjoitti:
The samples I have of that one are being detected by ClamAV standard
sigs as Trojan.Peed-477. Wonder why you and some others didn't detect it
with standard sigs? Could this be a problem? Do you have samples that
were undetectable?
Tom
Undetected Outlo
Undetected IRS scam variant.
http://www.iki.fi/jarif/malware/tax-statement.exe
--
http://www.iki.fi/jarif/
A classic is something that everyone wants to have read
and nobody wants to read.
-- Mark Twain, "The Disappearance of Literature"
pgptHhkej7lOn.pgp
Description: PGP sig
15.10.2009 16:47, Tom Shaw kirjoitti:
At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_6GorA2txt0CVliaTmJuBPNhCIqDzZA"
Content-Disposition: inline
Undetected IRS
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that is does not recognise this
http://www.iki.fi/jarif/malware/FILE_UPS_c380a16.zip
That's an UPS fraud, W32/Bredolab.D.gen!Eldorado by F-Prot.
--
http://www.iki.fi/jarif/
An exotic journey in downtown Newark is in
15.10.2009 17:24, Jari Fredriksson kirjoitti:
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that is does not recognise this
http://www.iki.fi/jarif/malware/FILE_UPS_c380a16.zip
That's an UPS fraud, W32/Bredolab.D.gen!Eldorado by F-Prot.
Uh. The poin
16.10.2009 10:42, Steve Basford kirjoitti:
I'd use:
phish.ndb
rougue.hdb
winnow_malware_links.ndb
winnow_malware.hdb
Thanks, I have implemented these now with SaneSecurity Script 1.
--
http://www.iki.fi/jarif/
Alas, how love can trifle with itself!
-- William Shakespeare,
This may or may not be an amavisd-new question, but I start here.
---
A virus was found: W32/Bredolab!Generic
Banned name: .exe,.exe-ms,DHL_print_label_107f1.exe
Scanners detecting a virus: F-PROT Antivirus for UNIX, BitDefender
C
23.10.2009 17:25, Jari Fredriksson kirjoitti:
>
> This may or may not be an amavisd-new question, but I start here.
>
Now things changed a bit. That was detected, but with a MIME error.
Cheers.
--
A virus was fo
26.10.2009 13:43, Tomasz Kojm kirjoitti:
> On Fri, 23 Oct 2009 17:25:36 +0300
> Jari Fredriksson wrote:
>
>> This may or may not be an amavisd-new question, but I start here.
> [...]
>> This DHL payload is only malware which behaves like this for me. Any ideas?
>
26.10.2009 19:45, Török Edwin kirjoitti:
> On 2009-10-23 19:46, Jari Fredriksson wrote:
>> 23.10.2009 17:25, Jari Fredriksson kirjoitti:
>>
>>> This may or may not be an amavisd-new question, but I start here.
>>>
>>>
>>
>> Now th
On 9.12.2009 20:13, Török Edwin wrote:
> On 2009-12-07 19:21, Sundara Kaku wrote:
>> Hi,
>>
>> I have a special requirement where I want to scan downloaded pages from
>> website for phishing detection, ex: i use httracker to download a website or
>> wget to download a particular website and i wa
On 7.3.2010 5:57, Steve Holdoway wrote:
> I'm trying to set up a system where I have a remote clamd that my mail
> server uses, as it's a low spec machine and not really up to it. I'm
> running clmd 0.95.3 - out of lenny volatile on the server end, and
> clamav-milter 0.95 built from source.
>
>
On 7.3.2010 5:57, Steve Holdoway wrote:
> I'm trying to set up a system where I have a remote clamd that my mail
> server uses, as it's a low spec machine and not really up to it. I'm
> running clmd 0.95.3 - out of lenny volatile on the server end, and
> clamav-milter 0.95 built from source.
>
>
37 matches
Mail list logo
