Re: [clamav-users] freshclam: Verification: Can't verify database integrity

On Mon, 2022-12-26 at 10:14 -0500, Jim Popovitch via clamav-users wrote: > On Mon, 2022-12-26 at 15:51 +0100, Matus UHLAR - fantomas wrote: > > On 25.12.22 16:16, Jim Popovitch via clamav-users wrote: > > > What the heck could be causing freshclam verification problems for the

Re: [clamav-users] freshclam: Verification: Can't verify database integrity

On Mon, 2022-12-26 at 15:51 +0100, Matus UHLAR - fantomas wrote: > On 25.12.22 16:16, Jim Popovitch via clamav-users wrote: > > What the heck could be causing freshclam verification problems for the > > past 2 days? I'm getting rate-limited over and over because freshclam

Re: [clamav-users] freshclam: Verification: Can't verify database integrity

On Mon, 2022-12-26 at 14:28 +, newcomer01 via clamav-users wrote: > i mean the default setting in freshclam.conf is set to every hour (12x > at day) will start an update process for virus databases ...  It's perfectly fine to have Checks set to any number less than 96. >  maybe you can sing

Re: [clamav-users] freshclam: Verification: Can't verify database integrity

On Mon, 2022-12-26 at 13:15 +, newcomer01 via clamav-users wrote: > you can try to delete all files in lib folder and start freshclam again. I tried that on the 24th, it had had no affect. > by the way: you should maximum once per day refresh your signature files > otherwise the cdn will blo

[clamav-users] freshclam: Verification: Can't verify database integrity

What the heck could be causing freshclam verification problems for the past 2 days? I'm getting rate-limited over and over because freshclam fails to verify daily.cvd (and then retries over and over). Is there a known problem with daily.cvd downloads being corrupt? Google says to "wget http://da

Re: [clamav-users] remove me

On Fri, 2022-09-09 at 12:29 +, Marc wrote: > > > > perhaps it could contain better unsubscribe info, the top-down link: > > https://docs.clamav.net/#mailing-lists-and-chat > > does not contain unsubscribe > > What about doing some sort of IQ test before users subscribe something > like 2+2=?

Re: [clamav-users] ClamAV is not respecting Phishing* settings.

On Thu, 2021-09-23 at 07:36 -0400, Maarten Broekman via clamav-users wrote: > To further Ged's point, these signatures that are hitting are extended > logical signatures. Phishing signatures have a very specific format > that are either solely looking at hostnames, host prefixes, link > destination

Re: [clamav-users] ClamAV is not respecting Phishing* settings.

On Thu, 2021-09-23 at 09:28 +0100, G.W. Haywood via clamav-users wrote: > > Why do you not want ClamAV to alert you to (what appear to me to be) > obvious scam emails? Because I have chosen to disable the Phishing* checks, per the ClamAV documentation, and apparently that isn't happening. I un

Re: [clamav-users] ClamAV is not respecting Phishing* settings.

On September 23, 2021 3:29:02 AM UTC, "Joel Esler (jesler)" wrote: >I am sure someone will respond about your particular issue, but are you saying >they are false positives? > >— >Sent from my  iPhone > >> On Sep 22, 2021, at 22:04, Jim Popovitch via clamav-u

[clamav-users] ClamAV is not respecting Phishing* settings.

ClamAV is not respecting Phishing* settings. clamd.conf: ... PhishingSignatures false PhishingScanURLs false Sep 20 15:32:35 mx1 postfix/cleanup[9328]: 4HCpSy4JbTzCqpv: milter- reject: END-OF-MESSAGE from unknown[103.195.186.145]: 5.7.1 Message infected with Email.Phishing.VOF1-632657

Re: [clamav-users] error code 429

On Sat, 2021-09-04 at 14:41 -0400, Paul Kosinski wrote: > > Not rate limited (as we only check about once per hour, from each of 3 > systems), but we're not getting updates. > Seeing similar here now that the (3rd) cool-down has expired. I'm starting to suspect this is a CloudFlare issue. Un

[clamav-users] error code 429

Add me to the 429 list. I have 3 clamav installations (Debian Bullseye). All 3 are on separate networks (in separate datacenters, at separate hosting providers) ~$ for m in mx1 mx2 mx3; do echo -n "$m: "; ssh $m grep ^Check /etc/clamav/freshclam.conf; done mx1: Checks 12 mx2: Checks 12 mx3:

[clamav-users] Can't query....

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > Jul 31 09:24:16 cav freshclam[3977]: Can't query > daily.25527.102.1.0.6810DA54.ping.clamav.net To me, "Can't" implies an inability to do something, generally this would therefore require action by someone else or something else. "I can't move t

[clamav-users] Fwd: Re: [Fwd: [sanesecurity] ...

Can someone set no-mail or unsubscribe this guy: "pupussec...@wanadoo.fr" . It is quite annoying to get his spam everytime I post to ClamAV. Thanks! -Jim P. 2015-08-07 12:36 GMT-04:00 Jean philippe Catteau no-re...@spamenmoins.com>: Bonjou

Re: [clamav-users] [Fwd: [sanesecurity] Hacking Team detection]

On Fri, Aug 7, 2015 at 12:39 PM, Gene Heskett wrote: > On Friday 07 August 2015 12:34:54 Jim Popovitch wrote: > >> clamscan --database=/tmp/hackingteam.hsb -ri / > > Chuckle, and will, on this system, take a loooggg time. :) :-) Here's an update to what

Re: [clamav-users] [Fwd: [sanesecurity] Hacking Team detection]

On Fri, Aug 7, 2015 at 12:20 PM, Steve Basford wrote: > You can also do a quick download/scan eg.. > > rsync -v rsync://rsync.sanesecurity.net/sanesecurity/hackingteam.hsb > clamscan --database=hackingteam.hsb To expand on that bit: rsync -v rsync://rsync.sanesecurity.net/sanesecurity/hackingtea

Re: [clamav-users] ClamAv updates not being published properly?

On Wed, May 28, 2014 at 4:39 AM, Randal, Phil wrote: > Oops, left off the latest version of patterns - 19041, allegedly, yet we're > stuck on 19037. Same here. DNS says 19037 is the latest: ~$ dig +short txt current.cvd.clamav.net "0.98.3:55:19037:1401269340:1:63:41971:241" -Jim P. __

Re: [clamav-users] Debian packaging

On Tue, Feb 11, 2014 at 11:06 AM, Andrew Kelly wrote: > > Nearly mid February 2014 now. 0.98.1 has been available for a > month already, and Debian is still stuck at 0.97.8. Welcome to Debian. ;-) If you want bleeding edge, don't use Debian Stable (use Debian Testing) > Is there any kind of for

Re: [clamav-users] Mirror issues

2011/10/23 Török Edwin : > On 10/23/2011 05:33 PM, Jim Popovitch wrote: >> Is it my lack of clue, or are there a fair amount of mirror issues today? > > I'm not seeing any issues with the mirror I use, what error messages do you > see? Specifically it was connection issues

[clamav-users] Mirror issues

Is it my lack of clue, or are there a fair amount of mirror issues today? -Jim P. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] clamav vs amavis (was: Where is the quanantine folder?)

On Sun, 2005-07-17 at 21:51 -0400, Ronny Nussbaum wrote: > In short: amavisd-new is an interface between a mail server (such as > Postfix), and content filters, such as Anti-Virus (ClamAV for > example), Spam Filtering (such as SpamAssassin), etc. > > It also does some filtering of its own, for ex

[Clamav-users] clamav vs amavis (was: Where is the quanantine folder?)

I use clamav, and know a bit about it but I know nothing about amavis. Can someone give me a quick list of how the two are related? Thanks, -Jim P. ___ http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter ignore from host y.y.y.y

Thanks Nigel, that works. -Jim P. On Fri, 2005-07-01 at 22:03 +0100, Nigel Horne wrote: > On Friday 01 Jul 2005 21:51, Jim Popovitch wrote: > > Sorry if this isn't appropriate for the clamav-users list, I couldn't > > easily locate a mailing list for clamav-milter. If y

[Clamav-users] clamav-milter ignore from host y.y.y.y

Sorry if this isn't appropriate for the clamav-users list, I couldn't easily locate a mailing list for clamav-milter. If you know of one please let me know. Is there a way to tell clamav-milter to ignore emails from a certain host or IP address? Thanks, -Jim P. __

Re: [Clamav-users] For those who submitted adware/spyware samples

On Fri, 2005-06-17 at 12:08 -0800, Matthew Schumacher wrote: > IMHO, anything malicious sent though email should be detected by the > virus scanner. I agree. What will it take for clamav to support all files/emails deemed malicious? -Jim P. ___ http

Re: [Clamav-users] How to use clamav-milter?

On Wed, 2005-06-15 at 14:22 -0700, Dennis Peterson wrote: > > clamd is useful for testing for viruses on the file system in addition to > any email viruses. clamav-milter handles only email. They are not > exclusive tools. ;-) OK, I understand their purposes, but maybe I (or maybe others) don't u

Re: [Clamav-users] How to use clamav-milter?

On Wed, 2005-06-15 at 13:16 -0400, Stephen Gran wrote: > > Correction: > clamav-milter _can_ connect to clamd ... So I can uninstall clamd and clamav-milter will still function? Why then is clamd a dependency for clamav-milter in rpm world? -Jim P. __

Re: [Clamav-users] How to use clamav-milter?

On Wed, 2005-06-15 at 19:53 +0300, Cevher wrote: > Two questions were related. In other words i said (wanted to say) "Shall > we use clamav-milter with clamd or without clamd?" clamav-milter connects to clamd to determine if an email contains a virus. -Jim ___

Re: [Clamav-users] Submissions (was Arrogance toward well-meaning participants (was: undetected malwares))

On Tue, 2005-06-07 at 15:28 +0200, Luca Gibelli wrote: > > Just for the records, last week we received 3484 samples and last month > we received +13k. Holy crap! Out of the +13k, how many (roughly) were legit, worthy, and/or contained usable data? On avergage are you getting good data to work w

Re: OT: gnupg (was: Re: [Clamav-users] clamav.net email addresses)

On Mon, 2005-06-06 at 20:21 -0400, Jim Popovitch wrote: > On Tue, 2005-06-07 at 01:59 +0200, guenther wrote: > > This got nothing to do with Evolution. In fact, there is no GnuPG key > > management in Evolution, it's just using gnupg. What you're after simply > > is

Re: OT: gnupg (was: Re: [Clamav-users] clamav.net email addresses)

On Tue, 2005-06-07 at 01:59 +0200, guenther wrote: > > What sort of gpg key is that. All the others there are plain text, but > > yours seems to be binary. I'm not an expert on gpg, so perhaps I am > > missing something regarding the difference. I'm just trying to add it > > to Evolution. Thx.

Re: [Clamav-users] clamav.net email addresses

On Mon, 2005-06-06 at 22:19 +0200, Tomasz Kojm wrote: > And then, oh well, I was never nice.. (and I'll > force my turtle to kill your goldfish if you call me nice). Turtle Lover! <-- :-) >oo. Tomasz Kojm <[EMAIL PROTECTED]> > (\/)\. http://www.ClamAV.net/gp

Re: [Clamav-users] clamav.net email addresses

On Mon, 2005-06-06 at 21:32 +0200, Luca Gibelli wrote: > Hello Jim Popovitch, > > > Who can have clamav.net email addresses? Are the open to anyone? I > > want to do some email filtering, but I find it ironic that in order to > > do this efficiently I would need

[Clamav-users] clamav.net email addresses

Who can have clamav.net email addresses? Are the open to anyone? I want to do some email filtering, but I find it ironic that in order to do this efficiently I would need to dump some emails from clamav.net -Jim P. ___ http://lurker.clamav.net/list/cl

Re: [Clamav-users] Re: javascript virus

On Tue, 2005-05-31 at 09:28 -0700, Dennis Peterson wrote: > Jim Popovitch said: > > > > > The javascript will run on any box, linux included. What it does > > (install .exe, etc.) is only unique to MS Windows. It does this by > > downloading this file: > >

Re: [Clamav-users] Re: javascript virus

On Tue, 2005-05-31 at 16:24 +0100, Bob Hutchinson wrote: > > I downloaded your zip file, neither clamscan or clamdscan found anything, > either before or after I unzipped it That was my experience too, and the reason behind my posting here. Should clam(d)scan be hitting on this? I think it shoul

Re: [Clamav-users] Re: javascript virus

On Tue, 2005-05-31 at 09:08 -0500, René Berber wrote: > Don't do this! Any wannabe-virus-builder-kid will want to get a hand on > samples > like this. Well, if they don't have it by now then they aren't educated enough to get it now. It doesn't make it truly newsworthy just because this is the

[Clamav-users] javascript virus

I have an HTML file that contains some bad javascript. While the javascript itself isn't malicious, what it does is. It begins a download process that eventually gives up your PC to others. Should clam(d)scan identify something like this as a virus? Here is a zipped copy of the virus: http://