should I worry if it's not present?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@c
one should reasonably still be affected
> by the vulnerabilities.
>
> I am curious though - what are your MaxFileSize / MaxScanSize
> settings? I wonder if you're seeing timeouts with the default settings
> or if you increased them.
MaxFileSize 100M
MaxScanSize 200M
M
led to run: Exceeded
time limit
is this a bad Bytecode rule?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.
> - Sanesecurity (https://sanesecurity.com) provider default
> configuration overhaul. Switch to a less congested mirror site,
> add/remove several signature URLs.
Thanks for that!
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz |
way as to be usable
from withn clamav (1.3.0)?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
ht
gt; page<https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.2.0-rc>.
https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.2.0-rc2
returns a 404.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalid
strotate
if [ -d /run/systemd/system ]; then
systemctl -q is-active clamav-freshclam && systemctl kill
--signal=SIGHUP clamav-freshclam || true
else
invoke-rc.d clamav-freshclam reload-log > /dev/null ||true
fi
endscript
}
--
Ralf Hildebra
* Al Varnell via clamav-users :
> Sent from my iPad
>
> On Sep 12, 2023, at 01:29, Ralf Hildebrandt via clamav-users
> wrote:
> > should sigtool --decode-sigs really throw an error in that case?
>
> Perhaps not, but it's been the case for as long as I've
kages from clamav.net:
# dpkg -l |fgrep clam
ii clamav 1.2.0-1 amd64 ClamAV open source email, web, and end-point
anti-virus toolkit.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
opline.malware.redirect.ecpms.net.720".
What does this have to do with CVE-2023-20032?
# sigtool
--find-sigs=sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720 |
sigtool --decode-sig
VIRUS NAME: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720
DECODED SIGNATURE:
sue (since amavis does the unpacking)
More logging is needed for the message in question.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 45
ot;Non-LTS feature releases will be allowed access to download
signatures until at least four (4) months after the next-next feature
release is published."
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1.
How are the updates done?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://ww
een this, too?
I've seen this with 1.1.0-1 as well. Maybe they're related to the
"pattern issue" I posted a while ago
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hinde
]: LibClamAV Warning: cli_ac_addsig: cannot use
filter for trie
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450
tc/clamav/clamd.conf /usr/local/etc/clamd.conf
service clamav-freshclam restart
service clamav-daemon restart
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Be
* JOHN URBAN :
> Not quite as easy to set up as I made it sound, as lots of pieces and people
> involved but that is exactly one of the tests we hope to run today; thanks!
Yes, ths sounds like hours of fun :/
But the insight gained will be rewarding :)
--
Ralf Hildebrandt
C
ailing:
strace --failed-only $program
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@char
interesting. I'm using the *.deb from
> > http://www.clamav.net/downloads/production/clamav-1.0.0-rc.linux.x86_64.deb
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgd
>
> https://github.com/Cisco-Talos/clamav/issues/736
Ah, interesting. I'm using the *.deb from
http://www.clamav.net/downloads/production/clamav-1.0.0-rc.linux.x86_64.deb
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benj
0:19 2022 -> main.cld database is up-to-date (version: 62, sigs:
6647427, f-level: 90, builder: sigmgr)
Thu Oct 27 11:00:19 2022 -> bytecode.cld database is up-to-date (version: 333,
sigs: 92, f-level: 63, builder: awillia2)
Thu Oct 27 11:00:19 2022 -> ------
gt; bytecode.cvd database is up-to-date (version: 333,
sigs: 92, f-level: 63, builder: awillia2)
Fri Oct 28 09:07:10 2022 -> --
Still failing.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin
clamdscan -V /tmp/LPBB0010-10.pdf
ClamAV 0.105.1/26663/Mon Sep 19 09:56:35 2022
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel.
it finds an email containing a BASE64 encoded "readme.exe"
using the content type "audio/x-wav"... Maybe this helps:
VIRUS NAME: Win.Trojan.N-68
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
REMOVED A MIME BOUNDARY HERE
Content-Type: audio/x-wav;
name="readme.exe&
* Ralf Hildebrandt via clamav-users :
> Today I installed 0.105.0 to test the new fuzzy image signatures.
I'm a moron: "Added image fuzzy hash sub-signatures for logical
signatures" -- thus it must be an LDB file :/
> Alas, I started up my trusty editor an genera
dir: error loading database
/var/lib/clamav/rezeptfrei.hdb
ERROR: Malformed database
So what IS the correct syntax?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 B
main.cld
ERROR: listdb: Error listing database /var/lib/clamav/main.cld
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.
mav.so.9
/usr/local/lib/libclammspack.so
/usr/local/lib/libclammspack.so.0
/usr/local/lib/libclamunrar.so
/usr/local/lib/libclamunrar.so.5
/usr/local/lib/libclamunrar_iface.so
/usr/local/lib/libclamunrar_iface.so.9
/usr/local/lib/libfreshclam.so
/usr/local/lib/libfreshclam.so.2
Ralf Hildeb
* Vladislav Kurz via clamav-users :
> How about just making the file empty?
I think this causes an error in clamav/clamd
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm
> > I usually rebuild from a recent debian source (hah!)
>
> that's what I recommend.
>
> with changing version to something lower than 0.103 e.g. 0.103~backport
> - it gets upgraded to ubuntu-provided version when it's available.
Same here.
Ralf Hildebrand
t; Do you want to take care of it since now (forever)?
>
> It is possible, but it should be easier to backport clamav e.g. version
> 0.103 from hirsute. That way, when newer version appears in ubuntu
> repository, it may get upgraded so you won't have to care.
I usually rebu
arser while extracting
objects.
Sep 18 11:47:55 proxy-cbf-1 clamd[791]: LibClamAV Error:
pdf_find_and_extract_objs: Timeout reached in the PDF parser while extracting
objects.
What is the timeout value?
Can it be configured?
Is there any way of preserving the files for further analysis?
00020819---C000-0046}" anywhere
1: contain "CallByName" anywhere
2: contain "ThisWorkbook" anywhere
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburg
Sanesecurity and to lesser extent SecuriteInfo).
The only offical "hit" in the top 25 is "Win.Downloader.WannaMine-6442440-2"
I see the extensibility as a major advantage. Just the other day I
created a set of patterns to detect EPOCH3 EMOTET files.
But to some extent I agre
quot;
Remove autotools generated files, add autogen.sh
26 days ago
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@
63, builder: raynman)
Tue Jul 28 18:00:53 2020 -> daily.cld updated (version: 25887, sigs: 3681654,
f-level: 63, builder: raynman)
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburg
ED SUBSIGNATURE:
words(85
So, as you can see the signature consists of 6 subsignatures numbered
0-5, ll of which must match. It sort-of looks highly specific to me.
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin
* Cliff Hayes via clamav-users :
> I have a daily cron job that runs around 3am that:
> - shuts down clamd
> - runs freshclam
> - starts clamd
Why?
freshclam usually runs all the time, updating and signalling clamd on
demand.
But you do have a point...
Ralf Hildebr
; Would you, and others here, be interested in installing a ClamAV
> snap in the future?
That definitely sounds interesting!
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de
achments and
usually scans the whose mail "as is" and the text parts and
attachments sperately.
> As clam* can also do URL checks and stuff, also mails withouth attachments
> can be infected.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@ch
trol were to
> list the specific site where the malware was reportedly found, rather
> than condemning the entire sub-domain.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de
this is not a false
> positive.
>
> There is no reason to believe that the Google infrastructure doesn't
> host malware. In case you still don't want or can't block such domain,
> we advise you to whitelist it before applying our block lists."
Fucking idiots.
do anymore. Is it worth it to keep malwarepatrol?
I'm wondering this as well. That stuff pops up every other day.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgd
* Paul Stead :
> Yet another Malwarepatrol FP:
>
> MBL_14437114 - https://drive.google.com
That's a recurring FP. Happens every week.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://
* Philip :
> Has this been released yet by the major Distros? I'm using Debian 9 and
> can't get any higher than 0.99.x
Debian has 0.100:
https://packages.debian.org/buster/clamav
I used that source package to rebuild for my Ubuntu installaions.
--
Ralf Hildebrandt
mav/clamd.ctl
PONG
# echo RELOAD | socat - /var/run/clamav/clamd.ctl
RELOADING
# echo PING | socat - /var/run/clamav/clamd.ctl
# echo PING | socat - /var/run/clamav/clamd.ctl
PONG
Yeah!
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.de
trying to parse the logfile?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
sig
* Joel Esler (jesler) :
> You're right. That's my fault. I'll correct that here in a second after I
> read through all the emails in my ClamAV folder.
OK, tomorrow then :)
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@cha
* Reindl Harald :
>
>
> Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt:
> > * maxal :
> > > nobody of clamav/cisco reading this list?
> >
> > It's 7:45AM on the east coast
>
> so what - i don't get how such updates slip through at all - i
* lukn :
> As ClamAV/Thalos is owned by Cisco I assume all ClamAV employees are
> located in Silicon Valley area and therefore still enjoying a good
> Californian night's sleep.
Or maybe in Philadelphia.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
* maxal :
> nobody of clamav/cisco reading this list?
It's 7:45AM on the east coast.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 1220
> Arguably if a bug in the signatures can lead to such massive problems
> then that is in itself a bug in the software, which might be (but
> apparently so far isn't) fixed in a later version.
Amen to that.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
548fe87bc9a454486cbe37d5c89b.tmp (deleted)
lrwx-- 1 root root 64 Jan 26 10:38 995 ->
/tmp/clamav-0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted)
...
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://
* Reindl Harald :
> sounds like an issue with the official signatures given that you are not the
> first reporter and that we don't use them and have no problems
Thought so. Must be a recent signature in daily.cvd.
--
Ralf Hildebrandt Charite Universitätsmed
* Karl Pielorz :
> This ends up with a lot of wedged mail processes (and we slowly run out of
> fd's as the process table fills up).
Same here on Ubuntu 16.04 with official patterns.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...
0.838784 952 881 fcntl
...
-- --- --- -
100.00 195.366582 47161 total
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de
0 0 480 futex
0.000.00 0 1 restart_syscall
-- --- --- - - ----
100.000.103050 3803012 total
--
Ralf Hildebrandt Charite Universitätsmedizi
* ANANT S ATHAVALE :
> Hi List,
>
> One of the .pptx file which was attached is getting detected as VIRUS:
> Win.Exploit.CVE_2016_3301-6210129-0. As it is a official document and can't
> to uploaded for submission. How to manually verify?
What do you want to verify?
t this, could anyone comment?
They probably mean the exploit code used in operation Grizzly Steppe
ATP 29, APT 28, Cozybear, Fancybear, Sandworm, Sofacy etc.
https://www.dhs.gov/news/2016/12/30/executive-summary-grizzly-steppe-findings-homeland-security-assistant-secretary
--
Ralf Hi
* Bengt H. :
> Unsubscribe please
List-Unsubscribe:
<http://lists.clamav.net/cgi-bin/mailman/options/clamav-users>,
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.c
* Ralf Hildebrandt :
> * Al Varnell :
> >
> > On Wed, Nov 30, 2016 at 02:33 AM, Ralf Hildebrandt wrote:
> > >
> > > * Al Varnell :
> > >> Has anybody submitted a PDF yet?
> > >
> > > Of course.
> >
> > Hash?
>
&
* Al Varnell :
>
> On Wed, Nov 30, 2016 at 02:33 AM, Ralf Hildebrandt wrote:
> >
> > * Al Varnell :
> >> Has anybody submitted a PDF yet?
> >
> > Of course.
>
> Hash?
8d62c398679ab6c7b85749eacf7a9a80
--
Ralf Hildebrandt Cha
* Al Varnell :
> Has anybody submitted a PDF yet?
Of course.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzw
dy did a FP report. It happened with PDFs from "Springer
Medical". had to diable that signature.
> I hope there are some additional FP-Reports from other people regarding this
> virus to review this signature.
Yep.
--
Ralf Hildebrandt Charite Universitätsmedizin
can together with clamd eliminated the long startup time.
> does it provide any added features or functionality not already present
> with freshclam + clamscan running on-demand from cronjobs?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@c
* Joel Esler (jesler) :
>
>
> http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
Are these signatures already active?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.c
rom freshclam?
> All of them are failing since last night on all of our servers.
>
> Probed are:
> 178.63.73.246
> 84.39.110.99
> 88.198.17.100
http://lutz.donnerhacke.de/Blog/ClamAV-aktualisiert-sich-nicht-mehr
--
Ralf Hildebrandt Charite Universitätsmedizi
> 2. Up to now, I never got a notification, although "Notify me" was checked.
Indeed. I also submitted quite a lot of malware and never got a
notification (in years!)
> 3. Why shall we not post more than two sample files per day ?
I also wondered about that.
--
Ralf Hil
* Gene Heskett :
> > It's an UNOFFICIAL pattern, not a core clamav pattern
>
> Still, is it not un-needed noise?
It's obviously a FP, but calling it un-needed noise is a bit off. If
the pattern were correct and would find a real virus, is it not
un-needed noise?
IAL FOUND
> /home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL FOUND
> /home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL FOUND
>
> But https://virustotal.com thinks otherwise.
It's an UNOFFI
st since you don't have
valgrind
installed
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT
* Константин Белозеров :
> Errors are listed in log file.
Would you mind pasting them here?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Ber
* Константин Белозеров :
> Hello.
>
> Error when building from source anti-virus in the operating system
> GNU/Linux Debian 7.1 Performed make check VG=1. But to no avail.
But which error are you getting?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
r
* Joel Esler :
> Please run Freshclam. This has already been cleared up.
Thanks for the heads up. Time to release stuff from the quarantine.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
h
0165).
>
> Anyone else seeing this?
Yes, I'm also seeing a lot of FP's for BC.Exploit.CVE_2012_0184
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgda
own"
and a subsequent error page from varnish. Setting it to "delete", "on"
or "truncate" make the page http://cgi.clamav.net/sendfp.cgi work
again. Only "off" causes the page to fail.
--
Ralf Hildebrandt Charite Universitätsmedizi
ol: max-age=0
Connection: keep-alive
answer:
HTTP/1.1 503 Service Unavailable
Server: Varnish
Content-Type: text/html; charset=utf-8
Retry-After: 5
Content-Length: 284
Accept-Ranges: bytes
Date: Fri, 04 May 2012 10:29:21 GMT
X-Varnish: 221993613
Age: 0
Via: 1.1 varnish
Connection: close
--
Ral
software which
> receives the requests cannot pass them to the right server instance
> because your client has not told it which one it wants to talk to.
It's not a client issue. It depends on my source IP.
--
Ralf Hildebrandt Charite Universitätsmedizin B
orking and unfortunately your admin is not willing to
check the logs to see whats being logged for my source IP.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm
vice Unavailable.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +4
* Ralf Hildebrandt :
> * Török Edwin :
>
> > Can you try flushing your varnish cache, and trying again?
>
> It's your varnish cache :) (we don't have any here)
>
> I already restarted my squid servers, no change. It's very odd.
Now I emptied my c
* Török Edwin :
> Can you try flushing your varnish cache, and trying again?
It's your varnish cache :) (we don't have any here)
I already restarted my squid servers, no change. It's very odd.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hild
tion: close
... remained of page sent correctly ...
The FP submission page used to work for us uptill now. Hm.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30,
GMT
X-Varnish: 216808379
Age: 0
X-Cache: MISS from proxy-cvk-1
Via: 1.1 varnish, 1.0 proxy-cvk-1 (squid/3.1.19-20120412-r10444)
Connection: close
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";
Maintenance
Under maintenance. Try again later.
Connection closed by fo
* Török Edwin :
> On 04/19/2012 04:10 PM, Ralf Hildebrandt wrote:
> >
> >> I just tested and it worked fine for me.
> >>
> >> What's exactly the problem on your side?
> >
> > I keep getting:
> >
> > Under maintenance. Try again
> I just tested and it worked fine for me.
>
> What's exactly the problem on your side?
I keep getting:
Under maintenance. Try again later.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin
* Török Edwin :
> On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote:
> > Is there an alternative way of submitting FP's?
> >
>
> Are you using this page?
> http://www.clamav.net/lang/en/sendvirus/submit-fp/
Yep.
--
Ralf Hildebrandt Chari
Is there an alternative way of submitting FP's?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +
/local/share/clamav/local.ign2
> > BC.Exploit.CVE_2011_3412
>
> The entry is not complete. The correct one is:
>
> BC.Exploit.CVE_2011_3412.{CVE_2011_3412}
After applying your fix, correct?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.de
* Jan-Pieter Cornet :
> I haven't got any experience with IRIX, but I do wonder: why are you
> using tits for testing purposes? That seems inappropriate.
No, he's using un-tits. Everything but tits. E.g. a canary would be an
un-tit. Like an undead is anything but dead.
PS ;-)
___
t emit a line number. Fields are not seperated with : but with ;
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
G
* Bill Maidment :
> > What am I doing wrong here? Running clamv 0.97.3
>
> It's the same story here. We've had to switch off all bytecode rules in
> the conf file. Not ideal.
Sound like one cannot whitelist a bytecode signature?
--
Ralf Hildebrandt
* Alain Zidouemba :
> Ralf,
>
> We got your FP reports and will address them today.
Thanks :) But the original question remains in case I need to
whitelist a signature.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus
c5aab:1317888) FOUND
What am I doing wrong here? Running clamv 0.97.3
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt.
* Török Edwin :
> On 2011-06-29 17:01, Michael Scheidell wrote:
> >
> >
> > On 6/29/11 9:24 AM, Michael Scheidell wrote:
> >> Ok, so not just me.
> >>
> >> I am going to ask Ralf Hildebrandt what version of os he is using.
> >> maybe w
digits in Subject or Body)
You'd probably need to use amavisd-new
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ral
e.clamav.net 85.255.112.204:
>
> $ nslookup database.clamav.net 85.255.112.204
> Server: 85.255.112.204
> Address: 85.255.112.204#53
Why don't you ask your ISP?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berl
* Dennis Peterson <[EMAIL PROTECTED]>:
> > My point was that it's ten times as big as it should be
>
> Which begs the question: How big should it be, and why is that size
> better than the one it is?
>
Size matters not!
--
Ralf Hildebrandt (i.A. des IT-Zentr
ted.
0.90: 11.575.374
0.91: 13.026.634
0.92: 16.134.725
0.93: 20.247.322
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962
IT-Zen
> ' followed by the address in question,
> i've tried a number of addresses manually but anything containing | has the
> same problem.
Please do show the logs.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin Berlin
1 - 100 of 139 matches
Mail list logo