Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

> Hi there, > > On Tue, 6 Jul 2021, Joe Acquisto-j4 wrote: >> On Tue, 6 Jul 2021, G.W. Haywood wrote: >> > On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote: >> > >> > > Just FYI: this is the first time I remember seeing openSUSE >> &g

Re: [clamav-users] Fw: openSUSE-SU-2021:2242-1: important: Security update for clamav-database

> Hi there, > > On Tue, 6 Jul 2021, Paul Kosinski via clamav-users wrote: > >> Just FYI: this is the first time I remember seeing openSUSE >> notifying something about ClamAV. >> >> Begin forwarded message: >> >> Date: Mon, 5 Jul 2021 15:17:01 +0200 (CEST) >> From: opensuse-secur...@opensuse.

Re: [clamav-users] Heuristics, only on or off?

> On Tuesday, March 23, 2021 at 5:02 PM, G.W. Haywood wrote: >> On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote: >> >> > In log find (snipped) >> >> Full marks for reading your logs. :) >> >> > ". . .infected by Heuristics.OLE2.Conta

[clamav-users] Heuristics, only on or off?

In log find (snipped) ". . .infected by Heuristics.OLE2.ContainsMacros.VBA" and ". . .infected by Heuristics.Phishing.Email.SpoofedDomain" I love the first one but loathe the second one. Is there some secret sauce to allow discriminating between them? joe a __

Re: [clamav-users] invoking clamav-milter

> Is the only way to specify clamav-milter, using postfix, via the main.cf, > or can it alternately be specified in master.cf? > > While this might seem, to the mavens, to be a postfix question, since I > as a non-maven, am not clear as to the difference between "filters" and > "milters" (mail

[clamav-users] invoking clamav-milter

Is the only way to specify clamav-milter, using postfix, via the main.cf, or can it alternately be specified in master.cf? While this might seem, to the mavens, to be a postfix question, since I as a non-maven, am not clear as to the difference between "filters" and "milters" (mail filters), I j

Re: [clamav-users] Clamav-milter finds postive, goes to hold queue

> Perhaps you should look into MailScanner and MailWatch. Mailscanner (package > for Suse available) will handle the interaction with spamassassin and clamd > (as well as other A/V solutions) and MailWatch provides a nice GUI for > quarantine and archive. Once set they just work. > > Rick > Th

Re: [clamav-users] Clamav-milter finds postive, goes to hold queue

> On 2/24/21 6:26 AM, Joe Acquisto-j4 wrote: >> For now I will settle on a cron job script that peeks at the hold queue >> every so often and alerts someone (me) with an alert. > > *nod*nod* > > I have a daily cron job that runs a script which shows me: > >

Re: [clamav-users] Clamav-milter finds postive, goes to hold queue

. . . > This has probably drifted as far OT for this list as it should go. > Welcome to the delights of running your own mail server. I've been > doing it for over a quarter of a century, and I wouldn't have it any > other way, but it ain't all roses. Perhaps you could share with us > why you fee

Re: [clamav-users] Clamav-milter finds postive, goes to hold queue

>> Citeren Joe Acquisto-j4 : >> >>> Another question from the peanut gallery (a kids TV show reference from >>> the 1950's. Which should tell you something) . . . >>> >>> With a local test email EICAR is detected and fed back to post

Re: [clamav-users] Clamav-milter finds postive, goes to hold queue

> Citeren Joe Acquisto-j4 : > >> Another question from the peanut gallery (a kids TV show reference from >> the 1950's. Which should tell you something) . . . >> >> With a local test email EICAR is detected and fed back to postfix. >> Ends up in hold

[clamav-users] Clamav-milter finds postive, goes to hold queue

Another question from the peanut gallery (a kids TV show reference from the 1950's. Which should tell you something) . . . With a local test email EICAR is detected and fed back to postfix. Ends up in hold queue as you would expect as per below as /var/log/mail says: (snipped) "postfix/cleanup[

Re: [clamav-users] clamav-milter start or restart changes owner/group

> Citeren Joe Acquisto-j4 : > >>>> Citeren "G.W. Haywood via clamav-users" : >>>> >>>>> Hi there, >>>>> >>>>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote: >>>>> >>>>>> Seems s

Re: [clamav-users] clamav-milter start or restart changes owner/group

> >>> Citeren "G.W. Haywood via clamav-users" : >>> >>>> Hi there, >>>> >>>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote: >>>> >>>>> Seems starting or restarting clamav-milter (systemctl restart

Re: [clamav-users] clamav-milter start or restart changes owner/group

>> Citeren "G.W. Haywood via clamav-users" : >> >>> Hi there, >>> >>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote: >>> >>>> Seems starting or restarting clamav-milter (systemctl restart >>>> clamav-mil

Re: [clamav-users] clamav-milter start or restart changes owner/group

> Citeren "G.W. Haywood via clamav-users" : > >> Hi there, >> >> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote: >> >>> Seems starting or restarting clamav-milter (systemctl restart >>> clamav-milter.service) >>> changes owner

Re: [clamav-users] clamav-milter start or restart changes owner/group

> Hi there, > > On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote: > >> Seems starting or restarting clamav-milter (systemctl restart > clamav-milter.service) >> changes owner and group of /var/run/clamav-milter.socket to root which make > the >> socket inaccessi

[clamav-users] clamav-milter start or restart changes owner/group

Seems starting or restarting clamav-milter (systemctl restart clamav-milter.service) changes owner and group of /var/run/clamav-milter.socket to root which make the socket inaccessible to postfix (at least). I found some reference to a similar concern dated 2009 and 2013. Does not appear rel

Re: [clamav-users] ClamAVPlugin

> Greetings > > Seems time to address this > . . . > 6. What happens if you mail to yourself something containing the EICAR test file? Check all your log files as well as looking for mail headers etc. >>> >>> That has proven difficult as every place I have an email client out

Re: [clamav-users] ClamAVPlugin

Greetings Seems time to address this . . . 6. What happens if you mail to yourself something containing the >>> EICAR test file? Check all your log files as well as looking >>> for mail headers etc. >> >> That has proven difficult as every place I have an email client out in >> the great

Re: [clamav-users] ClamAVPlugin

> Hi there, > > On Mon, 22 Feb 2021, Joe Acquisto-j4 wrote: > >> myhost:~ # cp eicar.txt /etc/ >> >> then this worked:: >> >> myhost:~ # clamdscan /etc/eicar.txt >> /etc/eicar.txt: Eicar-Signature FOUND > > You have clamd working. :) >

Re: [clamav-users] ClamAVPlugin

. . >> 3. Can you scan things with the 'clamdscan' command? Note the 'd' in >> 'clamdscan'. Don't use 'clamscan', because that doesn't use clamd. > > myhost:~ # clamdscan eicar.txt > /root/eicar.txt: lstat() failed: Permission denied. ERROR > >> Well an obvious issue, rights. I had the test

Re: [clamav-users] ClamAVPlugin

>> Hi there, >> >> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote: . . . > >> 2. Can you get clamd to reply to a PING? Here's my laptop talking to my >> clamd server, you might want to use a Unix socket, or IP 127.0.0.1 >> and port 3310 dep

Re: [clamav-users] ClamAVPlugin

> Hi there, > > On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote: > >> As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided >> as was suggested earlier. >> >> I think I followed and have stuff running. Working is another question. > > A

Re: [clamav-users] ClamAVPlugin

>> Hi there, >> >> On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote: >>> On Fri, 19 Feb 2021, G.W. Haywood wrote: >>> >>>> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter >>> >>> I used the same search text and di

Re: [clamav-users] ClamAVPlugin

> Hi there, > > On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote: >> On Fri, 19 Feb 2021, G.W. Haywood wrote: >> >>> https://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter >> >> I used the same search text and did not turn up that link via googl

Re: [clamav-users] ClamAVPlugin

. . . >> It all looks good from here: >> , which is where I got it >> (and where it comes from). All the links work, and match my memory of >> things. >> >> Just cleaned and re-built it - I'm on Solaris - and it works fine. >> >> ./configure

Re: [clamav-users] ClamAVPlugin

> Hi there, > > On Sat, 20 Feb 2021, Joe Acquisto-j4 wrote: >>> On Fri, 19 Feb 2021, G.W. Haywood wrote: >>> >>> Postfix can use milters, so clamav-milter which comes with ClamAV >>> might make sense. . . . . >> >> This is the approach

Re: [clamav-users] ClamAVPlugin

> On 21/02/2021 15:25, Joe Acquisto-j4 wrote: > [SNIP] >> >> I guess I missed how "simple" clamsmtp is to use, as I got the impression >> it had to be compiled. When it gave me errors on make, I put it aside. My >> admittedly limited search skill mu

Re: [clamav-users] ClamAVPlugin

> On 21/02/2021 11:49, Joe Acquisto-j4 wrote: > [SNIP] >> >> For whatever reasons, I am finding it difficult to tease out how to > correctly >> insert clamav-milter into postfix. Seems all my internet searches so far >> turn up stuff that is suggestive, yet, n

Re: [clamav-users] ClamAVPlugin

> Hi there, > > On Fri, 19 Feb 2021, Joe Acquisto-j4 wrote: >>> On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote: >>> >>>> Any pointers for using the ClamAVPlugin? >>> >>> Could you flesh that out a bit? >> >> Sorry I did not

Re: [clamav-users] ClamAVPlugin

> Citeren Joe Acquisto-j4 : > >> Sorry I did not think to explain properly. Using Postfix and Spamassassinm >> on an OpenSuse version of Linux (15.1 or something) wanting to add AV >> scanning to incoming mail. Started attempting Sophos for Linux (savd ?) >&

Re: [clamav-users] ClamAVPlugin

> Hi there, > > On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote: > >> Any pointers for using the ClamAVPlugin? > > Could you flesh that out a bit? >. . . > One of the things I do is scan stuff using my own Perl milter, but it > never occurred to me that I n

[clamav-users] ClamAVPlugin

Any pointers for using the ClamAVPlugin? States one needs to install "File::Scan::ClamAV" which I find, It appears this must be complied and should "magically work". Instructions seem written for someone that knows how it works. I guess I need a tutorial on using perl as well. _

[clamav-users] adding additional database

looking for how to add additional (3rd party?) database(s) to clamav install. For some reason my search skills have evaporated. Or I pissed off the search engine genie . . . ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.cl

Re: [clamav-users] xlsm files

>>> > Hi there, > > On Tue, 22 Dec 2020, G.W. Haywood via clamav-users wrote: > >> If you try to stop evrything with signatures etc. > > Something went wrong with the connection between my brain and my > keyboard there, sorry. I meant to write ... > > If you try to stop everything with signatu

Re: [clamav-users] [External] xlsm files

>>On 12/22/2020 5:51 PM, Joe Acquisto-j4 wrote: >> Quite new to clamav. Using with Spamassassin on Linux and it appears to > scan properly and detects EICAR as an attachment. >> >> For last several weeks have been getting SPAM with xlsm file attached, > cla

[clamav-users] xlsm files

Quite new to clamav. Using with Spamassassin on Linux and it appears to scan properly and detects EICAR as an attachment. For last several weeks have been getting SPAM with xlsm file attached, claiming to be invoice or payment receipt or whatever. "Please open" sort of messages. Since these

Re: [clamav-users] Attempting to add CLAMAV using ClamavPlugin to Postfix/Spamassassin

>>> > Hi there, > > On Wed, 2 Dec 2020, Joe Acquisto-j4 wrote: > >> Comparing headers of varioius email, I suspect a virus is being >> detected but not "scored". Probably a simple configuration issue, >> Below is what I see in headers of scan

[clamav-users] Attempting to add CLAMAV using ClamavPlugin to Postfix/Spamassassin

My first foray into AV scanning my SoHo system is underway. I believe I have stumbled my way into adding the AV bits, without actually breaking what was working. Comparing headers of varioius email, I suspect a virus is being detected but not "scored". Probably a simple configuration issue, B