On Sun, 2011-03-06 at 20:32 -0500, Alex wrote:
> > Every email has a unique-ish Message-Id. Proper MUAs, when replying,
> > will set the In-Reply-To header to the just replied-to message's
> > Message-Id, and likewise add it to the list in the References header.
>
> Yes, I understand this. I just
On Sun, 2011-03-06 at 17:52 -0500, Alex wrote:
> > In-Reply-To and References headers. Set when replying.
> >
> > guenther -- who has given up hoping long ago, that folks running mail
> > servers should understand mail headers
>
> I'm not sure if I should quit while I'm still behin
On Sun, 2011-03-06 at 17:22 -0500, Alex wrote:
> > There was some discussion about this particular signature on the
> > Sanesecurity list. Archives here:
> > http://news.gmane.org/gmane.comp.security.virus.clamav.sanesecurity
> Thanks everyone for the information. I thought for sure it was that I
On Sun, 2011-03-06 at 15:39 -0500, Alex wrote:
> Some time ago I posted a message requesting help tracking down a false
> positive, and trying to learn why it triggered. I have another one.
Yes, back in Sep 2010. A lot of people using threading and keeping an
archive are unlikely to ever read this
On Sun, 2010-05-23 at 17:43 +0300, Török Edwin wrote:
> > > If a file is determined to be clean, its MD5 is added to an in-memory
> > > cache.
> > > When scanning a new file, its MD5 is computed and looked up in the
> > > cache. If found, it is considered clean.
> > > On DB reload the entire cache
On Sun, 2010-05-23 at 10:21 +0300, Török Edwin wrote:
> > else
> > Scan it like it does now
> > ( with everything in the DB, I assume. )
> > }
>
> A simpler form of this is already implemented in 0.96 :)
>
> If a file is determined to be clean, its MD5 is added to an in-memory cache.
> Wh
On Mon, 2009-09-14 at 17:27 +0200, Wolfgang Breyha wrote:
> I'm running clamd with both official and sanesecurity sigs.
>
> Now I made a test with my virus archive and recognized that clamd prefers the
> sanesecurity sigs. Using only ClamAV original sigs I have ~3500 virus matches.
> Using both or
On Sat, 2009-02-21 at 02:57 +0100, chen wrote:
> Why don't this lists webmaster install a simple forum ?
Please don't hijack unrelated threads.
> Yes a link to unsubscribe this list would be welcome.
You just confirmed you don't read any of these posts. Not even the ones
clearly talking about th
On Fri, 2009-02-20 at 22:25 -0500, Gary L Burnore wrote:
> Laurens wrote:
> > I have been wanting to unsubscribe from this fucking thing for over a
> > year can not remember log in details etc and as a result I keep
> > getting this shit.
>
> Ok, someone's gotta say it, YOU are a fucking mor
On Thu, 2009-02-19 at 10:50 +, Ian Eiloart wrote:
> > http://www.clamav.net/support/ml
>
> Can we not have the list unsubscribe link in the footer, too? It's a legal
Maybe start by following the link you quoted... ;)
> requirement in the UK to have an easy to use mechanism to unsubscribe to
On Tue, 2008-12-02 at 10:10 +0100, Tomasz Kojm wrote:
> On Tue, 02 Dec 2008 00:59:01 +0100
> Karsten Bräckelmann <[EMAIL PROTECTED]> wrote:
FWIW, detected as Trojan.Invo-13 and Trojan.Downloader-60790.
Which (again) raises the question why that variation, for what appears
to be a si
Today started again what seems to establish itself as the Monday run [1]
of user-frightening malware attachments, properly phrased German. The
last one is exactly one week ago, and they appear to start after office
hours. *sigh*
Given the recent report on this list of malware submissions, where pa
On Tue, 2008-11-04 at 12:55 -0500, Jason Bertoch wrote:
> > Use the advanced search tab. Or select 'All' instead of 'Open Bugs'.
>
> I suppose I should have mentioned I tried that. Even with all components,
> versions, statuses, resolutions, severities, priorities, hardware, and OS's
> checked, a
On Sat, 2008-10-25 at 16:27 +0200, Karsten Bräckelmann wrote:
> Recent flood of (German only?) Trojan.Agent malware, partly slipping by
> ClamAV. So I now am submitting samples where I spot 'em...
FWIW, also reported by Heise (sorry, German only).
http://www.heise.de/security/n
On Sun, 2008-10-26 at 10:22 +0100, Robert Schetterer wrote:
> Karsten Bräckelmann schrieb:
> > Recent flood of (German only?) Trojan.Agent malware, partly slipping by
> > ClamAV. So I now am submitting samples where I spot 'em...
> >
> > By doing so, two ques
Recent flood of (German only?) Trojan.Agent malware, partly slipping by
ClamAV. So I now am submitting samples where I spot 'em...
By doing so, two questions came up:
(a) After testing the sample message with Virustotal, should I even
bother submitting it from clamav.net, too? If memory serve
On Thu, 2008-04-10 at 13:58 +0100, Greg Smith wrote:
> I am trying to scan files so that clam scans the entire file for all viruses
^
Smells like mbox.
> and doesnt stop at the first one it finds? Is this possible?
In that case, formail is your friend. If you're not abo
On Sat, 2008-01-26 at 10:29 +0100, Tomasz Kojm wrote:
> On Sat, 26 Jan 2008 01:20:26 +0100
> Karsten Bräckelmann <[EMAIL PROTECTED]> wrote:
>
> > $ cat test.ndb
> > local.test:4:0:{-4096}74657374
>
> It won't work because there's no 'sub-signatur
On Sun, 2008-01-27 at 16:44 -0500, xue wen wrote:
> The signature I have made up is like this:
>
> Worm.Yawen (Clam)=61*7c62
>
> where "617c62" means "a|b". Once I add the wildcard into this signature,
> there will be an error, no matter I put it into a .db or .ndb file. Is there
> something wron
On Sun, 2008-01-27 at 17:03 -0500, xue wen wrote:
> I just want to learn the format of ClamAV's signature. So I tried to build a
> signature containing a wildcard by myself. The example I used is as follows:
>
> I have made up a signature of: Worm.Yawen (Clam)=61*7c62
> where "617c62" means "a|b".
On Fri, 2008-01-25 at 18:41 -0800, Dennis Peterson wrote:
> Karsten Bräckelmann wrote:
> > On Fri, 2008-01-25 at 17:54 -0800, Dennis Peterson wrote:
> >> The sigs are full of unbound RE's. That's why scanning mbox mail files is
> >> pointless.
> >
>
On Fri, 2008-01-25 at 17:54 -0800, Dennis Peterson wrote:
> Karsten Bräckelmann wrote:
>
> > The main purpose was, to keep ClamAV from scanning the entire, possibly
> > large file (err, mail). And maybe even speed it up. It's good practice
> > to bound your REs or
So I finally got around to writing some (well, one for now ;) custom
signatures. There's currently a highly annoying, lame phishing attempt I
want to swat early.
Anyway, while playing with the sigs and trying some optimization, the
sig broke horribly for some weird reason. Please see below for a
s
Please resist the urge to top-post.
On Mon, 2007-12-17 at 15:52 -0800, fchan wrote:
> Hello,
> I'm on a MacBookPro running 10.4.11 with xcode
> 2.5 and I tried your suggestion "export
> CC=gcc-3.4" and I got this error:
The advice was rather specific to Debian. And actually started by
installin
On Mon, 2007-10-22 at 14:43 -0500, Noel Jones wrote:
> At 12:37 PM 10/22/2007, Karsten Bräckelmann wrote:
> >When using additional, third party signatures, is there any particular
> >order in the signatures?
>
> No particular order.
>
> >If both, the official as w
I seem to recall I have come across this before, but I just can't find
it. Maybe someone knows off-hand. :)
When using additional, third party signatures, is there any particular
order in the signatures? If both, the official as well as the third
party sigs match, which one is being reported?
k
On Mon, 2007-10-08 at 16:25 -0300, Joao S Veiga wrote:
> > Of course. However, I got the impression that neither of the recent
> > reporters does this additional step. Also, this gets even more annoying
> > (and maybe impossible) when dealing with PST files (which one of the OPs
> > does).
>
> Hi
On Mon, 2007-10-08 at 09:15 -0700, Dennis Peterson wrote:
> Karsten Bräckelmann wrote:
> >>> Another downside of this approach, together with ClamAV treating mbox
> >>> format files as text/plain is, that only the first hit will be reported.
> >> That
On Wed, 2007-10-03 at 18:31 -0500, René Berber wrote:
> Karsten Bräckelmann wrote:
> > Another downside of this approach, together with ClamAV treating mbox
> > format files as text/plain is, that only the first hit will be reported.
>
> That was made to improve performance,
On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
> Karsten Bräckelmann wrote:
Developers, read on. :)
> > Somewhat simplified, the signature reads "Subject with the string game"
> > and "an IP style http link".
> >
> > Scanning maildirs
On Tue, 2007-10-02 at 10:24 -0700, Dennis Peterson wrote:
> Can anyone offer a reason why the OP found a virus in the mbox file but not
> in the
> split out maildir messages? That kind of inconsistency is unsettling.
Rather easy I guess, given your analysis of the RE earlier. :)
Caveat: I have
On Wed, 2007-09-12 at 07:28 -0700, John Rudd wrote:
> (to the developers, not in answer to Burnie)
>
> See, the current name scheme needs to be fixed. And no one responded at
> all to my proposed scheme from a month or two ago.
Coincidentally, my very first question on this list years ago was a
On Tue, 2007-08-28 at 13:26 -0500, Bryan Johns wrote:
> On 8/28/07, Bowie Bailey <[EMAIL PROTECTED]> wrote:
> > I'm not worried about ClamAV being acquired. At the moment, everyone is
> > saying that there are no plans to change anything. As long as that
> > remains the case, the only difference
On Mon, 2007-08-06 at 13:47 -0400, Pedro Luis Domínguez Viqueira wrote:
> My fresclam say
>
> ERROR: Can't get information about db.us1.clamav.net: Host not found
Check your configuration. Where does that host name come from? There is
no surprise here, because -- as freshclam correctly told you -
On Fri, 2007-08-03 at 16:18 -0500, Daniel J McDonald wrote:
> I've had really good success with clamav for a few years now, but I've
> had a message stuck in my queue for a week:
> Aug 3 14:54:08 sa postfix/lmtp[25237]: 9A1381196:
> to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10025,
> dela
35 matches
Mail list logo