Re: [Clamav-users] Feedback on clamav + sanesecurity experience

2010-07-21 Thread Robert Schetterer
known domain in postfix etc) > > Thank's in advance. > Regards. > Laurence Moindrot > -- > University of Strasbourg > IT Service > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > ht

[Clamav-users] stopping Can't resolve LocalNet hostname unknown

2010-10-22 Thread Robert Schetterer
Hi, can i stop failure message Can't resolve LocalNet hostname unknown without loosing other usefull debug infos? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clama

Re: [clamav-users] ClamAV and Mal/Phish-A

2010-12-11 Thread Robert Schetterer
rding mail isnt a very good idea these days for serveral reasons ( spf etc ) if you have good connections to the postmasters of the forward reciept mail servers talk to them to trust your mails and dont scan them again in real there will be always such stuff ( false -positi

Re: [clamav-users] Clamd - false positives hash

2011-05-30 Thread Robert Schetterer
ehaviour? > > > Thank you. > > Best regards, > > Cássio > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml yes i confirm false positives with PUA.Script.PDF.

Re: [clamav-users] eicar-like phishing test signature?

2011-09-06 Thread Robert Schetterer
Am 06.09.2011 11:55, schrieb Matus UHLAR - fantomas: > Hello, > > does clamav include any signature used to test phishing mail? > there is gtube antispam test sig http://spamassassin.apache.org/gtube/ -- Best Regards MfG Robert Schetterer Germany/Mu

Re: [clamav-users] Phishing and ClamAV

2011-10-20 Thread Robert Schetterer
specially with clamav-milter this helps a lot rejecting pishing and spam on smtp income level -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

[clamav-users] ZIP/Bredolab.A!Camelot

2012-07-20 Thread Robert Schetterer
Hi, just was informed that some mails with ZIP/Bredolab.A!Camelot slipped through up2date clamav gateway , detected by Microsoft Forefront the sender is deutschepost.de ever someone an idea to that ? -- Best Regards MfG Robert Schetterer ___ Help us

Re: [clamav-users] ZIP/Bredolab.A!Camelot

2012-07-20 Thread Robert Schetterer
t update 2012-07-20 11:54 /var/lib/clamav/phish.ndb 2012-07-20 17:55 /var/lib/clamav/rogue.hdb -- Best Regards MfG Robert Schetterer ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [clamav-users] ZIP/Bredolab.A!Camelot

2012-07-20 Thread Robert Schetterer
Am 20.07.2012 18:02, schrieb Joel Esler: > On Jul 20, 2012, at 11:22 AM, Robert Schetterer wrote: > >> Hi, just was informed that some mails with >> ZIP/Bredolab.A!Camelot >> >> slipped through up2date clamav gateway , detected by >> Microsoft Forefront

Re: [clamav-users] ZIP/Bredolab.A!Camelot

2012-07-20 Thread Robert Schetterer
Am 20.07.2012 22:44, schrieb Robert Schetterer: > Am 20.07.2012 18:02, schrieb Joel Esler: >> On Jul 20, 2012, at 11:22 AM, Robert Schetterer >> wrote: >> >>> Hi, just was informed that some mails with >>> ZIP/Bredolab.A!Camelot >>> >>

Re: [clamav-users] ZIP/Bredolab.A!Camelot

2012-07-23 Thread Robert Schetterer
Am 20.07.2012 22:53, schrieb Robert Schetterer: > Am 20.07.2012 22:44, schrieb Robert Schetterer: >> Am 20.07.2012 18:02, schrieb Joel Esler: >>> On Jul 20, 2012, at 11:22 AM, Robert Schetterer >>> wrote: >>> >>>> Hi, just was informed

Re: [clamav-users] Is there a way to download old clamAV cvd file from 2007, 2009, 2011 etc.?

2013-02-04 Thread Robert Schetterer
included Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsra

[clamav-users] false postive Email.Trojan-393

2014-04-09 Thread Robert Schetterer
Hi, some users reported a false postive with Email.Trojan-393 is this wide known ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben

Re: [clamav-users] Clam AV Integration with Thunderbird

2017-01-08 Thread Robert Schetterer
in/clamav-faq > > http://www.clamav.net/contact.html#ml Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbau

Re: [clamav-users] Scanning IMAP traffic without user credential storage

2017-07-28 Thread Robert Schetterer
ng scan requests. > > Thanks & Regards. > reading this might help http://www.fim.uni-linz.ac.at/diplomarbeiten/Diplomarbeit_Macskasi.pdf Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz de

Re: [clamav-users] ClamAV Central Management tools

2018-10-16 Thread Robert Schetterer
gt; > http://www.clamav.net/contact.html#ml > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben

[Clamav-users] db.de.clamav.net Can't connect

2007-04-11 Thread Robert Schetterer
aily-3073.cdiff from db.de.clamav.net Apr 11 23:53:40 postmailer freshclam[28032]: Retrieving http://db.de.clamav.net/daily-3073.cdiff - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5

Re: [Clamav-users] db.de.clamav.net Can't connect

2007-04-11 Thread Robert Schetterer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jacusy schrieb: > Robert Schetterer schrieb: >> Hi @ll, >> since yesterday i have problems with update mirror >> db.de.clamav.net is this a known problem, should i change the mirror? > Form me db.at.clamav.net worked fine,

Re: [Clamav-users] Clamdmon.sh

2007-04-12 Thread Robert Schetterer
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > hi, it wasnt needed to monitor clamav in the past, your right monit does a very good job - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.sche

[Clamav-users] Phishing.Heuristics.Email.SpoofedDomain

2007-07-13 Thread Robert Schetterer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @ll can someone explain this virus type Phishing.Heuristics.Email.SpoofedDomain this mail looks good , on a first look, seems to be amazon promotion, also spf record are fine - -- Mit freundlichen Gruessen Best Regards Robert Schetterer

Re: [Clamav-users] Phishing.Heuristics.Email.SpoofedDomain

2007-07-13 Thread Robert Schetterer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Török Edvin schrieb: > On 7/13/07, Robert Schetterer <[EMAIL PROTECTED]> wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi @ll >> >> can someone explain this virus type &

Re: [Clamav-users] Phishing.Heuristics.Email.SpoofedDomain

2007-07-13 Thread Robert Schetterer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Török Edvin schrieb: > On 7/13/07, Robert Schetterer <[EMAIL PROTECTED]> wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi @ll >> >> can someone explain this virus type &

[Clamav-users] JS.Downloader-37 what is this

2008-01-17 Thread Robert Schetterer
Hi all, where can i find a description to JS.Downloader-37 some customer programmer says this is not really a virus or a security Problem if it so is there a way to make clamscan ignore such type of stuff -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria

Re: [Clamav-users] JS.Downloader-37 what is this

2008-01-17 Thread Robert Schetterer
aCaB schrieb: > Robert Schetterer wrote: >> Hi all, >> where can i find a description to JS.Downloader-37 >> some customer programmer says this is not really a virus >> or a security Problem >> if it so >> is there a way to make clamscan ignore such type o

[Clamav-users] Trojan.Downloader.JS.Agent-1 jquery.js java script lib

2008-04-06 Thread Robert Schetterer
security problem with it ? and where can i find related info too me it looks like false positve -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http

[Clamav-users] Description Trojan.VB-2953

2008-06-06 Thread Robert Schetterer
Hi @ll, where kann i find a description about Trojan.VB-2953 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Description Trojan.VB-2953

2008-06-06 Thread Robert Schetterer
Robert Schetterer schrieb: > Hi @ll, > where kann i find > a description about Trojan.VB-2953 > sorry i slipped into German should be where can i find a description about Trojan.VB-2953 -- Best Regards MfG Robert Schetterer Germany/Mu

Re: [Clamav-users] Description Trojan.VB-2953

2008-06-06 Thread Robert Schetterer
Ian Eiloart schrieb: > > --On 6 June 2008 11:03:22 +0200 Robert Schetterer <[EMAIL PROTECTED]> > wrote: > >> Robert Schetterer schrieb: >>> Hi @ll, >>> where kann i find >>> a description about Trojan.VB-2953 >>> >> s

Re: [Clamav-users] Description Trojan.VB-2953

2008-06-06 Thread Robert Schetterer
Dennis Peterson schrieb: > Robert Schetterer wrote: >> Ian Eiloart schrieb: >>> --On 6 June 2008 11:03:22 +0200 Robert Schetterer <[EMAIL PROTECTED]> >>> wrote: >>> >>>> Robert Schetterer schrieb: >>>>> Hi @ll, >>>>

Re: [Clamav-users] Large increase in mail viruses?

2008-08-01 Thread Robert Schetterer
t have > "fun" with my mail server. > > Frank > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml its the same here Email.Phishing.Bank-42 Email.PornTeaser-1 very

Re: [Clamav-users] commit many virus

2008-08-20 Thread Robert Schetterer
___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml http://cgi.clamav.net/sendvirus.cgi should work -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build

Re: [Clamav-users] Malware submission / Virustotal

2008-10-26 Thread Robert Schetterer
s in your mailserver in general to block incoming bots before getting to clamav-antivir stage that should raise down the maleware rate in any case so where do your info come from ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Malware submission / Virustotal

2008-10-26 Thread Robert Schetterer
Karsten Bräckelmann schrieb: > On Sun, 2008-10-26 at 10:22 +0100, Robert Schetterer wrote: >> Karsten Bräckelmann schrieb: >>> Recent flood of (German only?) Trojan.Agent malware, partly slipping by >>> ClamAV. So I now am submitting samples where I spot 'em... &g

Re: [Clamav-users] Sanesecurity.com download disabled

2008-12-11 Thread Robert Schetterer
s loadbalancing will solve your problem ( if you allready have mirrors ) as a workaround you may also use some loadbalancing software like balance on a root host to spread to mirrors what are doing with the script exactly? is it only for your website, and not for your clam db ? I download your antiv

Re: [Clamav-users] Sanesecurity Announcement

2008-12-14 Thread Robert Schetterer
; Thanks and sorry to let you all down. > > Steve > Sanesecurity > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml Hi Steve, mail to me offlist maybe i can help in m

Re: [Clamav-users] squid + clamd performance pointers anyone

2009-02-10 Thread Robert Schetterer
.sourceforge.net/ and clam beating others in performance without special performance tuning for squid after all questions related should go to the squid mail list -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Blog about the Active Malware Report System

2009-02-22 Thread Robert Schetterer
ww.sourcefire.com >> +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 >> >> ClamAV is a registered trademark of Sourcefire Inc. >> ___ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml >> >>

[Clamav-users] old milter with 0.95

2009-04-03 Thread Robert Schetterer
? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] old milter with 0.95 / test with 0.95 milter gave can't read SMFIC_BODYEOB reply packet header

2009-04-04 Thread Robert Schetterer
aCaB schrieb: > Robert Schetterer wrote: >> Hi,i noticed i have to update to 0.95 by security issuses >> but i dont wanna change milters on many mailsservers if not needed. >> Is there a chance using old clamav-milter setups ( i. with commandline >> options ) and clamd

[Clamav-users] test with 0.95 milter gave can't read SMFIC_BODYEOB reply packet header

2009-04-04 Thread Robert Schetterer
Robert Schetterer schrieb: > aCaB schrieb: >> Robert Schetterer wrote: >>> Hi,i noticed i have to update to 0.95 by security issuses >>> but i dont wanna change milters on many mailsservers if not needed. >>> Is there a chance using old clamav-milter setups ( i

Re: [Clamav-users] clamav-milter 0.95

2009-04-04 Thread Robert Schetterer
t; > > ... > > Randomly Generated Quote (1144 of 1520): > Talk does not cook rice. -Ancient Proverb > ___ > Help us build a comprehensive ClamAV guide: visit htt

Re: [Clamav-users] Safebrowsing db outdated?

2009-04-14 Thread Robert Schetterer
hensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml I was easter holidays? nobody worked ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clama

Re: [Clamav-users] "Virus Infected" Message for recipient

2009-04-29 Thread Robert Schetterer
elp us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] "Virus Infected" Message for recipient

2009-04-29 Thread Robert Schetterer
Robert Schetterer schrieb: > Hi, you can use > for send a message to i.e postmaster etc > > i.e in clamd.conf > > # Execute a command when virus is found. In the command string %v will > # be replaced with the virus name. > # Default: no > #VirusEvent /usr/local/bi

Re: [Clamav-users] "Virus Infected" Message for recipient

2009-04-29 Thread Robert Schetterer
Dennis Peterson schrieb: > Robert Schetterer wrote: > >> i apologize too for top posting *g >> >> > > And for failure to prune unnecessary parts of the message? > > dp > ___ > Help us build a comprehensive

[Clamav-users] unclear whitelist syntax clamav-milter an logging ClamAV 0.95.1

2009-04-30 Thread Robert Schetterer
he verbose clamav-milter.log or clamd.log or mail.log and headers show example mail from whitelisted was scanned i think its my fault with whitelist syntax can someone enlight me? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help

Re: [Clamav-users] unclear whitelist syntax clamav-milter an logging ClamAV 0.95.1

2009-04-30 Thread Robert Schetterer
Robert Schetterer schrieb: > Hi all > i have ClamAV 0.95.1 > Whitelist /etc/clamav-milter-whitelist > in /etc/clamav-milter.conf > > in Whitelist /etc/clamav-milter-whitelist > i have > i.e > "From:r...@example.server.com" > is this the right syntax ? (

Re: [Clamav-users] Question of clamav/clamav-milter

2009-06-05 Thread Robert Schetterer
rantined message in the "hold queue" (postfix 2.6 > or later). not true , works also with postfix 2.5.5 and maybe before ( not tested ) > > WBR > > G > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Question of clamav/clamav-milter

2009-06-05 Thread Robert Schetterer
Giorgio Bellussi schrieb: > Robert Schetterer wrote: >> Giorgio Bellussi schrieb: >>> James Kosin wrote: >>>> Giorgio Bellussi wrote: >>>>> Javier Lopez wrote: >>>>>> Hi community, >>>>>> >>>>>> >

Re: [Clamav-users] Did Clamd REALLY crash ?

2009-06-05 Thread Robert Schetterer
init with path /etc/init.d/clamd group virus check file clamavd_bin with path /usr/sbin/clamd group virus it also usefull with freshclam, postgrey, spamd, serveral milters monit can alert you via mail by doing actions, also does logging to syslog as well as clam should do it, so there shoul

Re: [Clamav-users] clamav and postfix setup options

2009-06-14 Thread Robert Schetterer
in a local mailbox but this isnt done anymore these days that are better solutions around, i only use it for internal low traffic mailservers which do getmail from outside mailservers i wouldnt recommend procmail anymore a better choice is i.e using dovecot lda and

Re: [Clamav-users] ClamAV update auf 0.95.2

2009-06-18 Thread Robert Schetterer
___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml Hallo Udo, da gab es ein Problem mit einer der Signaturen das bereits behoben sein sollte, du solltest hier englisch schreiben -- Best Regards MfG Robert Schetterer Ge

Re: [Clamav-users] clamav-milter with postfix

2009-06-22 Thread Robert Schetterer
the the infected email but not modify the SUBJECT: line? > > Thanks! > question of taste, i reject infected mails with the virus signature name but you may also quarantaine it in the hold queue for human inspection later -- Best Regards MfG Ro