On 04/30/2015 06:30 AM, Scott Kitterman wrote:
On Wednesday, April 29, 2015 07:57:28 PM Kees Theunissen wrote:
I didn't check ubuntu but most likely ubuntu has a "libclamunrar6"
package too as ubuntu is derived from debian.
And I don't know anything about clamav in fedora.
Yes. Ubuntu is
On 04/29/2015 06:41 PM, jose-marcio martins da cruz wrote:
On 04/29/2015 06:20 PM, René Bellora wrote:
...
linux 32bits also report the message clean (with "ArchiveBlockEncrypted
yes" in clamd.conf)
Hmmm...
On the Solaris boxes, there are libclamunrar* libraries, while there
On 04/29/2015 06:20 PM, René Bellora wrote:
El 29/04/15 a las 13:04, jose-marcio martins da cruz escibió:
Hello,
I'm getting different results when scanning a infected email message.
On a Sparc Solaris 10 (32 bits compiled), clamdscan tels me that the
message is inf
Hello,
I'm getting different results when scanning a infected email message.
On a Sparc Solaris 10 (32 bits compiled), clamdscan tels me that the
message is infected : "Heuristics.Encrypted.RAR FOUND"
Testing it on two 64 bits linux boxes (fedora and ubuntu), both tels me
that the message i
Is there a problem with database mirrors ?
The download behaviour I see from my side, since yesterday, when trying to get clamav databases
(main.cvd, daily.cvd, ...) is something like a 600 K/s pic for (probably) just a single packet, then
the download completely pauses during 15 seconds and I
Jan-Pieter Cornet wrote:
On 2011 Jan 3, at 1:46 , TR Shaw wrote:
On Jan 2, 2011, at 7:12 PM, Bob Traktman wrote:
Is there any reason not to keep ClamAv and Sophos Anti-Virus -- both active?
None whatsoever. Defense in depth is a good thing.
Probably not. However, a contemplation...
It's lik
Török Edwin wrote:
On 06/07/2010 08:32 PM, Alex wrote:
Hi,
What conditions could exist for freshclam to consume 1.5GB of RAM on Linux?
freshclam tries to load the database each time, and then frees it (in
0.96.1). I don't see anything wrong with the code, but that doesn't mean
its bug free.
www.clamav.net/support/ml
--
-------
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.fr
Ecole des Mines de Paris
60, bd Saint Michel 75272 - PARIS CEDEX 06
mailto:jose-marcio.m
Tom Shaw wrote:
At 5:21 PM +0200 10/16/09, Jose-Marcio Martins da Cruz wrote:
Tom Shaw wrote:
Yes it strips out all urls just don't send with a signature that
contains your home url or else it will get processed. Hopefully it will
not return malware so it will be discarded as
Tom Shaw wrote:
As long as you don't obfuscate the url my scripts will isolate the url
or the attached malware and process.
Nice ! Can I send one URL per line ? I have 20 undetected virus.
--
---
Jose Marcio MARTINS DA
Tom Shaw wrote:
If you submit a file to virus-samp...@oitc.com I'll process it for
winnow_malware.hdb and at the same time send it to the ClamAV malware
signature team and virustotal to check if others can detect.
If you submit a url to malware to virus-samp...@oitc.com I'lldownload
the ma
Tom Shaw wrote:
Just to clarify winnow_malware.hdb is designed to detect malware
payloads. Thus, it is effective in an email system only when the payload
is attached (such as a dropper, etc). It is also very effective when
used in file system/download checking scenarios.
Thanks to Dennis a
Hello Tom,
Tom Shaw wrote:
Jose,
If you use the unofficial signatures it might help you. See
http://www.sanesecurity.co.uk/databases.htm
One of my signatures, winnow_malware.hdb, detect numerous (over 3000 at
present) malware that are not yet detected in stock ClamAV sigs. The
current li
G.W. Haywood wrote:
Hi there,
Check the documentation on how to add your own signatures.
That way, it won't annoy you so much when you have to wait for people,
who already have too much work to do, to do some work for you. :)
Are you talking by yourself or on behalf of Clamav team ?
Ther
Hello,
I have 49 virus (2 kinds only) received at our mailserver last night
which weren't detected by ClamAV, but are detected by most other
antivirus available at www.virustotal.com
The name of the virus, as detected by Sophos are SophoMal/Bredo-A
(detected by 16/41) and Troj/Agent-LKL (de
Matus UHLAR - fantomas wrote:
On 10.10.09 13:56, Jose-Marcio Martins da Cruz wrote:
Is it useful to clamav people if I submit some samples ?
if you are sure that it's a virus or other malware and it's not detected,
apparently yes.
Yes. Virus total says... Detected by 14/4
Hello,
From time to time, there are some lots of the same virus which pass
through Clamav, although they are supposed to be detected.
E.g., at this moment, Trojan.Bredolab-144 are sometime detected, and
sometimes not. In the last days, it was Trojan.Peed-472.
Is it useful to clamav people
Jari Fredriksson wrote:
I have not tried virustotal.
I have the zip file and the extracted exe as well on disk, and clamscan does
NOT detect it.
I have F-Prot and BitDefender in my amavisd-new as well, and I have no problems detecting these.
The point in this post is that ClamAV website
Damian Menscher wrote:
> I am pleased to announce a new release of milter_watch, a utility
> designed to run out of cron to verify the correct functionality of
> spam- and virus-filtering milters (so they can be automatically
> restarted if they misbehave). Current users should read the
> document
What about version numbers ? What about ClamAV 1.0 ?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Nigel Horne wrote:
> Folks,
Hi Folk,
>
> I am pleased to let you know of a major new feature to be added to
> ClamAV. 0.95RC2 will be released next Monday, 16/3/09, which will
> include support for Google Safe Browsing.
Some questions :
* if I understood, freshclam will get the complete list
Henrik K wrote:
> On Fri, Mar 06, 2009 at 03:04:04PM +0100, Jose-Marcio Martins da Cruz wrote:
>> **
>> checking for gcc bug PR26763-2... ok, bug not present
>
>
>> checking for valid code generation of CLI_ISCONTAINED... configure:
>> er
Török Edwin wrote:
>
> What gcc version did you use? Did you set -mcpu flag?
SunStudio 12
160 - clamav/clamav-0.95rc1 > cc -V
cc: Sun C 5.9 SunOS_sparc 2007/05/03
with standard flags.
I don't have gcc installed at this computer. Well, it's there but I
don't use it.
>
> Looks like the Linux
: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 14.836 sec (0 m 14 s)
real 14.8
user 14.3
sys 0.4
-
---
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.fr
Ecole des Mines de Paris
60, bd
time /opt/clamav/bin/clamdscan -d path2database /dev/null
--
-----------
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.fr
Ecole des Mines de Paris
60, bd Saint Michel 75272 - PARIS CEDEX 06
mailto:jose-marcio.mart...@mines-paristech.fr
__
Török Edwin wrote:
> On 2009-03-04 21:53, Jose-Marcio Martins da Cruz wrote:
>>
>
> Was your clamd heavily loaded at that time?
No. This is a test server. Absolutely no load. It seemed to me that it
was the message which triggered the database update.
top load is some
Török Edwin wrote:
> On 2009-03-04 19:44, Dennis Peterson wrote:
>>>
>> Is there not a "nice" way to do this?
>
> 0.95rc1 does reload "nicer", in the sense that it accepts new
> connections while reloading the DB.
> Reloading the database should take about a second. Using anything less
> th
xemacs, gnuplot, pcre, dovecot, curl
There are surely many other more.
But sure, it's a question of "colours and tastes". 8-)
--
---
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.f
I had no answer about this. Can some one tell me if this should work ?
All information I've found seems to indicate that this clamd
configuration should be enough to disable phishing detection. Am I
missing something ?
Jose-Marcio Martins da Cruz wrote:
> There were some lng
Dennis Peterson wrote:
> Török Edwin wrote:
>> The problem is that the output from ./configure is lost after you
>> install ClamAV.
>
> That is absurd.
>
> ./configure |tee config.rpt
>
>> On 2009-03-02 01:41, Dennis Peterson wrote:
>>> but the objective of summaries is to
>>> provide self-hel
Nathan Brink wrote:
>>
> I don't think it is a good idea to add extra summary code to
> ./configure. I don't like it when other programs do this because it
> departs from the normal output of ./configure scripts. Maybe if a
> configure option --enable-all or --with-all was added, the config
__PRETTY_FUNCTION__ is a gcc extension. It doesn't exists under Sun
Studio CC compiler.
It's used inside clamdtop/clamdtop.c, macro EXIT_PROGRAM.
A lazy solution, which worked for me, is to launch configure this way :
./configure [options] CPPFLAGS="-D__PRETY_FUNCTION__=__func__"
Other solu
There were some lng threads about disable phishing detection with
clamav.
I'm trying to do so, but it continues to detect phishings
(Email.Phishing.Pay-31).
I have this at clamd.conf.
PhishingSignatures no
PhishingScanURLs no
PhishingAlwaysBlockSSLMismatch no
PhishingAlwaysBlockCloak no
Hello,
I have two suggestions :
* It could be interesting to add tcp_wrapper (or equivalent - not so
difficult to code it) support to clamd.
* When running configure, it could be interesting to display a summary
when it finishes : what libraries wasn't found, what's lacking, a
summary of wha
Török Edwin wrote:
>
> Thanks for the suggestion. I've opened an enhancement bug:
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1437
Nice ! 8-)
>
>
>> Either way, nCOMMANDS still remain interesting when using a telnet
>> client for, e.g., debug purposes.
>
> Yes, that is one of the rea
Török Edwin wrote:
> On 2009-02-28 12:18, Jose-Marcio Martins da Cruz wrote:
>> I see. Removing a '\n' when it's just before the '\0' may not be better
>> but doesn't harm. I'm wrong ?
>>
>
> As I said, that is a problem if the
Török Edwin wrote:
> On 2009-02-28 11:54, Jose-Marcio Martins da Cruz wrote:
>> Hello,
>>
>> At :
>>
>> https://wiki.clamav.net/Main/UpgradeNotes095
>>
>> I read :
>>
>> **
>> In clamd 0.95 it is
quot;. Does this means that in some future
release, the n prefix will no more be accepted ?
A suggestion : clamd could also accept commands terminated with "\n\0"
and remove the "\n" at the end of the command if present.
JM
--
-------
Török Edwin wrote:
> On 2009-02-27 22:58, McDonald, Dan wrote:
>> This is new. Is there another library that has been added to the
>> requirements?
>>
>> Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file
>> not found - unrar support unavailable
>>
>
> This is clamav's libc
William A Casey wrote:
> clamav-users,
>
> I am trying to find out if clamav has successfully been compiled on
> Solaris 2.5.1 and functions properly.
>
> Or if there is a document that says it is not supported, can't be done, or
> shouldn't be done.
Well ! Solaris 2.5.1 is more than 10 years
Brian Morrison wrote:
> On Wed, 20 Aug 2008 14:35:07 -0400 (EDT)
> Charles Gregory <[EMAIL PROTECTED]> wrote:
> So, given that you have to get the signature database somehow, how do
> you propose that it's done? I suppose that a version without this is
> possible, but suppose I then build it on my
Gregory Carter wrote:
> I totally agree, but I think after you pointed out 4(a), all the other
> issues cited simply makes further discussion pedantic.
Well, I'd like to add a remark. The discussion about all these issues
isn't pedantic, as long as...
...all of us have in mind that the goal of
ld a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
--
-------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkma
ptors
under the shell script which launches the daemon (clamd, I suppose) tape :
ulimit -S -n 1024
--
---
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
6
erable, but not the mine one.
But some of this "vulnerabilities" are more theorical vulnerabilities
than something you can really find in the wild.
Best regards
Jose-Marcio
Kind Regards
Brent Clark
--
-------
Jose Marcio MART
s,
Jose-Marcio
--
-------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michelhttp://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06 mailto:[
46 matches
Mail list logo
