Re: [Clamav-users] 0.96.1 Daemon permissions on Mac OS 10.6.4?

ove) if not as owner _clamav. Check your config files. If you manually need to run use sudo freshclam Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475 (cell/voice mail,pager) US sky

Re: [Clamav-users] byte code compiler configure issues

At 6:06 AM -0700 5/3/10, Jim Preston wrote: Tom Shaw wrote: At 5:48 AM -0700 5/3/10, Jim Preston wrote: Dennis Peterson wrote: On 5/2/10 8:14 AM, Tom Shaw wrote: Trying now let you know in about 10 10.5.8 right now. 10.6 after we get this working Tom I was able to compile .96 in Snow

Re: [Clamav-users] byte code compiler configure issues

At 5:48 AM -0700 5/3/10, Jim Preston wrote: Dennis Peterson wrote: On 5/2/10 8:14 AM, Tom Shaw wrote: Trying now let you know in about 10 10.5.8 right now. 10.6 after we get this working Tom I was able to compile .96 in Snow Leopard with no modification. dp Hi Dennis, Did not know

Re: [Clamav-users] byte code compiler configure issues

At 12:27 PM -0700 5/2/10, Dennis Peterson wrote: On 5/2/10 8:14 AM, Tom Shaw wrote: Trying now let you know in about 10 10.5.8 right now. 10.6 after we get this working Tom I was able to compile .96 in Snow Leopard with no modification. Thanks Dennis. I had no problems for ClamAV (did

Re: [Clamav-users] byte code compiler configure issues

At 6:07 PM +0300 5/2/10, Török Edwin wrote: We're getting closer. T Thanks, Edwin. That worked. Installed and tried to get version but got: $ /usr/local/clamav/bin/clambc-compiler -v clang -cc1 version 1.1 based upon llvm 2.7 hosted on i386-apple-darwin9 re2c: error: cannot re-open error: re2

Re: [Clamav-users] byte code compiler configure issues

At 6:07 PM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 05:33 PM, Tom Shaw wrote: At 4:46 PM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 04:44 PM, Tom Shaw wrote: At 10:45 AM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 12:49 AM, Tom Shaw wrote: At 10:52 PM +0300 5/1/10

Re: [Clamav-users] byte code compiler configure issues

At 4:46 PM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 04:44 PM, Tom Shaw wrote: At 10:45 AM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 12:49 AM, Tom Shaw wrote: At 10:52 PM +0300 5/1/10, Török Edwin wrote: Please run 'make VERBOSE=1', and paste the output.

Re: [Clamav-users] byte code compiler configure issues

At 10:45 AM +0300 5/2/10, Török Edwin wrote: On 05/02/2010 12:49 AM, Tom Shaw wrote: At 10:52 PM +0300 5/1/10, Török Edwin wrote: Please run 'make VERBOSE=1', and paste the output. llvm[3]: Compiling version.c for Release build Thanks, please 'git pull' and try build

Re: [Clamav-users] byte code compiler configure issues

orted only once /Users/tshaw/Sites/clamav/clamav-bytecode-compiler/llvm/lib/Target/ClamBC/version.c:4: error: for each function it appears in.) make[3]: *** [/Users/tshaw/Sites/clamav/clamav-bytecode-compiler/obj/lib/Target/ClamBC/Release/version.o] Error 1 make[2]: *** [ClamBC/.makeall] Error 2 mak

Re: [Clamav-users] byte code compiler configure issues

At 2:40 PM +0300 5/1/10, Török Edwin wrote: On 05/01/2010 02:20 PM, Tom Shaw wrote: llvm[3]: Compiling ClamBCOptimizers.cpp for Release build /Users/tshaw/Sites/clamav/clamav-bytecode-compiler/clamav-bytecode-compiler/llvm/lib/Target/ClamBC/ClamBCModule.cpp: In member function 'virtual

Re: [Clamav-users] byte code compiler configure issues

At 8:52 AM +0300 5/1/10, Török Edwin wrote: On 05/01/2010 01:17 AM, Tom Shaw wrote: I have the following configure problem: $ cd obj && ../llvm/configure --enable-optimized --enable-targets=host-only --disable-bindings --prefix=/usr/local/clamav configure: WARNING: Unknown

[Clamav-users] byte code compiler configure issues

I have the following configure problem: $ cd obj && ../llvm/configure --enable-optimized --enable-targets=host-only --disable-bindings --prefix=/usr/local/clamav configure: WARNING: Unknown project (clamdriver) won't be configured automatically configure: WARNING: Unknown project (ifacegen) wo

[Clamav-users] Missed detection

I have a md5 based signature, winnow.malware.2015, that I created from a file ./malware/style25.dat-4mmrTv The signature is: 23848f3f080237b7e2d2313496f4c00f:3680:winnow.malware.2015 I can see its in my clam sigs by: $ sigtool --list-sigs=/usr/local/share/clamav/winnow_malware.hdb | grep "wi

Re: [Clamav-users] ***** SPAM ***** ***** SPAM ***** Re: 0.96rc1 LibClamAV Warning: JIT not compiled in

At 2:46 PM -0600 3/12/10, George R. Kasica wrote: We've compiled and are running here as well with Red Hat EL4 (gcc 3.4.6-11.el4_8.1) and Red Hat EL5 (gcc 4.1.2-46.el5_4.2) both of which are the latest released versions of gcc from Red Had RPMs and are seeing the same JIT failures...how new are y

[Clamav-users] FYI

Link to 0.95.3 on http://www.clamav.net/download/sources/ actually goes to 0.96rc1 Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Bad link on site to 0.96RC1

At 12:39 AM +0100 3/11/10, Luca Gibelli wrote: Hello Tom, The link on http://www.clamav.net/ to 0.96.rc1 actually downloads 0.95.3. both links on www.clamav.net and www.clamav.net/download/sources work correctly for me. Thanks Luca. It must have been fixed because my first download was ab

[Clamav-users] Bad link on site to 0.96RC1

The link on http://www.clamav.net/ to 0.96.rc1 actually downloads 0.95.3. It should be http://sourceforge.net/projects/clamav/files/clamav/0.96rc1/clamav-0.96rc1.tar.gz/download Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.c

[Clamav-users] quick question on freshclam

I want to change how I run freshclam on OSX from running as a deamon to running periodically using launchd. Unfortunately, freshclam's returning of 1 when no updates were required causes issues with launchd since it thinks freshclam exited abnormally and attempts to respawn. Now, I can easil

Re: [Clamav-users] clamav syslog and cron

. Should I approach this in a different way like using clamscan instead? It does not look like clamscan can write to syslog but I could be wrong. Tim Why don't you just get rid of --fdpass and run the cron job as root? Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx:

Re: [Clamav-users] TargetType

Vulnerability Research Team SOURCEfire Tel: 1(410)423-4764 email: <mailto:alain.zidoue...@sourcefire.com>alain.zidoue...@sourcefire.com On Sat, Feb 13, 2010 at 7:30 PM, Tom Shaw <<mailto:ts...@oitc.com>ts...@oitc.com> wrote: Pardon me, Alain, but I did say I did due diligen

Re: [Clamav-users] TargetType

On 02/16/2010 09:15 PM, Tom Shaw wrote: At 4:15 PM + 2/16/10, Steve Basford wrote: > Attached document? I did not see an attachment. Can you send a link? Is this the TargetType you are after... 2.3.4 Extended signature format The extended signature format allows

Re: [Clamav-users] TargetType

At 4:15 PM + 2/16/10, Steve Basford wrote: > Attached document? I did not see an attachment. Can you send a link? Is this the TargetType you are after... 2.3.4 Extended signature format The extended signature format allows for specification of additional information such as a target

[Clamav-users] TargetType

How does one determine what TargetType ClamAV will assign to a file or attachment? I have been all through the docs and wiki and can find no specifics. Any and all help is appreciated. Tom ___ Help us build a comprehensive ClamAV guide: visit http:

Re: [Clamav-users] ExcludePath, defining absolute path

At 6:11 AM + 12/16/09, dev.ad...@ntlworld.com wrote: Hi, I know this is an old topic that seems to have caused some problems in the past and has apparently been fixed in version .3, but I still can't get it to work. I'm using OSX and I would like to scan the boot volume but one of the direc

Re: [Clamav-users] Phishing detection on downloaded pages

At 9:31 PM +0200 12/11/09, Török Edwin wrote: On 2009-12-11 21:14, Tom Shaw wrote: At 3:53 PM +0200 12/10/09, Török Edwin wrote: >> On 2009-12-10 15:41, Sundara Kaku wrote: The heuristic phishing detector only works on emails correctly, not websites by design, hence there is no po

Re: [Clamav-users] Phishing detection on downloaded pages

At 3:53 PM +0200 12/10/09, Török Edwin wrote: On 2009-12-10 15:41, Sundara Kaku wrote: Hi, As you mentioned "clamav would scan the mail".. means..can i add downloaded webpage as attachment to email with (javamail api) and save that mail as eml file and send this file for scanning.. is

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

At 3:04 PM +0100 12/3/09, Jan Pieter Cornet wrote: On Tue, Nov 24, 2009 at 04:17:50PM -0400, Robin wrote: I am administering 7 Debian based LAMP servers and am working to get anti-virus to scan uploads as they happen. Since I am a lone sheep in the Microsoft wild of a larger organization I n

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

environment with over 200 computers. We've used Symantec AV for 5 years now." opened by Robert Tana. Thanks. On 03.12.2009 / 08:10:30 -0500, Tom Shaw wrote: At 3:50 PM +0300 12/3/09, Anatoly Pugachev wrote: >Someone with linkedin account, could be interested in commenting the

Re: [Clamav-users] How does Clam stand up to Commercial A/V?

At 3:50 PM +0300 12/3/09, Anatoly Pugachev wrote: Someone with linkedin account, could be interested in commenting the following discussion http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=10222162&gid=107486 Anatoly Whats the group's name? Tom __

Re: [Clamav-users] ClamAV Memory Usage

At 12:39 AM + 12/2/09, Gordan Bobic wrote: Hi, Can anyone explain why clamd 0.95.3 might use 190MB of RAM after 5 days of light usage (few hundred emails)? It is the single biggest process on my mail servers, and I'm not convinced it's size is reasonably justifiable. The database files un

Re: [Clamav-users] Clamd & Clamav yield different results

At 12:57 PM -0800 11/29/09, Dennis Peterson wrote: James Babcock wrote: Thanks so much for the prompt response. I have an Intel iMacŠ running Mac OS 10-6-2 plus mall updates. Using Mac's "Terminal" option, I found no MAN pages you suggest. I am beginning to think that As a clamav user, I nee

Re: [Clamav-users] Clamd & Clamav yield different results

At 11:57 AM -0600 11/29/09, James Babcock wrote: Thanks so much for the prompt response. I have an Intel iMacŠ running Mac OS 10-6-2 plus mall updates. Using Mac's "Terminal" option, I found no MAN pages you suggest. I am beginning to think that As a clamav user, I need a Linux version running

[Clamav-users] Detection Reporting

I have been looking at performing a single freshclam update and then distributing that update internally but I cannot find how to report detections from all the internal systems. Anyone have an idea on what I am missing? Tom ___ Help us build a comp

Re: [Clamav-users] SubmitDetectionStats Error

At 2:16 PM +0100 11/21/09, Luca Gibelli wrote: Hello, > FYI, I'm still getting the submission error. > ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance it looks like it will need some more time. I hope it will be back online by monday. The service

Re: [Clamav-users] SubmitDetectionStats Error

At 11:14 AM +0100 11/20/09, Luca Gibelli wrote: Hello Greg, FYI, I'm still getting the submission error. ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance it looks like it will need some more time. I hope it will be back online by monday. Pardon thi

Re: [Clamav-users] [Bulk] Re: Quarantine issue with new 0.95.x clamav-milter

At 6:28 PM -0500 11/9/09, Jerry wrote: On Mon, 09 Nov 2009 18:08:10 -0500 Michael Orlitzky replied: Jerry wrote: > > You don't want to bounce the message, yet you are telling the sender > that it was not delivered. That is inconsistent. Why not simply > send a notice to the email originat

Re: [Clamav-users] load issues due to sanesecurity signatures

At 9:32 PM +0530 11/3/09, Avinash wrote: Hi everyone, Thanks for the quick response. We are using the below 6 sanesecurity files. junk.ndb phish.ndb scam.ndb spear.ndb lott.ndb spam.ldb Some more info: I tried with adding these files one by one to clamd database, junk.ndb is causing more loa

Re: [Clamav-users] load issues due to sanesecurity signatures

At 4:10 PM -0600 11/2/09, Noel Jones wrote: On 11/2/2009 1:42 PM, Avinash wrote: Hi everyone, We are using Sanesecurity signatures in clamd for scanning mails. Recently we are seeing some load issues on clamd server due to sanesecurity signatures (load is automatically decreasing when the sanes

[Clamav-users] Whoops where is 0.95.3 src?

At 1:12 PM -0400 10/28/09, Tom Shaw wrote: Link of website goes to SF and there there is the sig but not the gz'd source. Please help, Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/suppo

[Clamav-users] where is 0.93 src?

Link of website goes to SF and there there is the sig but not the gz'd source. Please help, Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] APER

At 7:02 AM -0700 10/22/09, John Rudd wrote: Hope I haven't missed this one being discussed... but ... APER is a project hosted at Google Code (Anti-Phishing Email Reply) that tracks From, Reply-to, and Body URLs that match known phishing attacks. There are a few examples for how to use it ... b

Re: [Clamav-users] Some Virus not detected by Clamav

At 5:21 PM +0200 10/16/09, Jose-Marcio Martins da Cruz wrote: Tom Shaw wrote: As long as you don't obfuscate the url my scripts will isolate the url or the attached malware and process. Nice ! Can I send one URL per line ? I have 20 undetected virus. Yes it strips out all urls just

Re: [Clamav-users] Some Virus not detected by Clamav

At 8:14 AM -0700 10/16/09, Dennis Peterson wrote: Tom Shaw wrote: Tom Shaw wrote: If you submit a file to virus-samp...@oitc.com I'll process it for winnow_malware.hdb and at the same time send it to the ClamAV malware signature team and virustotal to check if others can detect. I

Re: [Clamav-users] Some Virus not detected by Clamav

Tom Shaw wrote: If you submit a file to virus-samp...@oitc.com I'll process it for winnow_malware.hdb and at the same time send it to the ClamAV malware signature team and virustotal to check if others can detect. If you submit a url to malware to virus-samp...@oitc.com I'lldo

Re: [Clamav-users] Some Virus not detected by Clamav

Tom Shaw wrote: Just to clarify winnow_malware.hdb is designed to detect malware payloads. Thus, it is effective in an email system only when the payload is attached (such as a dropper, etc). It is also very effective when used in file system/download checking scenarios. Thanks to Dennis

Re: [Clamav-users] Some Virus not detected by Clamav

At 8:42 AM +0100 10/16/09, Steve Basford wrote: > The script I use has a bit more finesse than this simple overview. I use a randomizer to prevent this process from running at the same minute past the hour Note there's a *tiny* chance if the script runs at 10.07 and then 11.03, you'll get t

Re: [Clamav-users] Some Virus not detected by Clamav

At 5:24 PM +0300 10/15/09, Jari Fredriksson wrote: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_T3prA2NkQhJdMqo4E_3U4WfuiiDVVM" Content-Disposition: inline Does ClamAV somehow dedicate to email format (base64) or how it is possible that i

Re: [Clamav-users] Some Virus not detected by Clamav

At 1:23 PM +0100 10/15/09, Steve Basford wrote: > Undetected Outlook Express malware: h t t p :/ / www.iki.fi/jarif/malware/install.zip That's one of 'em: Sanesecurity.Rogue.736.UNOFFICIAL FYI Official ClamAV sigs now detect as Trojan.Inject-2443 I just noticed that my winnow.malware.75

Re: [Clamav-users] Some Virus not detected by Clamav

At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_6GorA2txt0CVliaTmJuBPNhCIqDzZA" Content-Disposition: inline Undetected IRS scam variant. http://www.iki.fi/jarif/malware/tax-statement.exe -

Re: [Clamav-users] Some Virus not detected by Clamav

At 3:14 PM +0300 10/15/09, Jari Fredriksson wrote: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_20nrA2UWvqBocwzbhDgZQrQ22plLxr" Content-Disposition: inline 15.10.2009 14:55, Tom Shaw kirjoitti: The samples I have o

Re: [Clamav-users] Some Virus not detected by Clamav

At 1:23 PM +0100 10/15/09, Steve Basford wrote: > Undetected Outlook Express malware: h t t p :/ / www.iki.fi/jarif/malware/install.zip That's one of 'em: Sanesecurity.Rogue.736.UNOFFICIAL Well that one didn't get detected by standard ClamAV. Must be running multiple payloads That one

Re: [Clamav-users] Some Virus not detected by Clamav

ndetectable? Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475 (cell/voice mail,pager) US skypeline: 321-622-9098 Text Paging: http://www.oitc.com/Pager/sendmessage.html AIM/iChat: tr

Re: [Clamav-users] Some Virus not detected by Clamav

At 10:28 AM +0200 10/13/09, Jose-Marcio Martins da Cruz wrote: Hello, I have 49 virus (2 kinds only) received at our mailserver last night which weren't detected by ClamAV, but are detected by most other antivirus available at www.virustotal.com The name of the virus, as detected by Sophos a

[Clamav-users] IRS Scam

Just a heads up on this piece of malware as you may have read about this in Computerworld or another news source. winnow sigs distributed as part of sanesecurity have been detecting the scam email as well as their changing payloads housed on fast flux domains for almost 2 weeks See: http://w

Re: [Clamav-users] DHL invoices

At 9:53 AM -0400 9/24/09, Tom Shaw wrote: At 2:19 PM +0100 9/24/09, Steve Basford wrote: > Yeah, we already know that. Can you please cut&paste the full message returned by the form? Thanks, Hi Luca, I've *just* uploaded 4 copies of the dhl invoice malware that have been mis

Re: [Clamav-users] DHL invoices

At 2:19 PM +0100 9/24/09, Steve Basford wrote: > Yeah, we already know that. Can you please cut&paste the full message returned by the form? Thanks, Hi Luca, I've *just* uploaded 4 copies of the dhl invoice malware that have been missed by up-to-date official sigs. These were blocked using

Re: [Clamav-users] DHL invoices

At 12:20 AM +0300 9/24/09, Jari Fredriksson wrote: >> This is what I found about Phishing and Heuristics. Dangerous? When I review the quaratine anyway. No more than sanesecurity rules and alot more than my winnow_malware.hdb which would have caught your virus. Point being you might jus

Re: [Clamav-users] DHL invoices

At 11:31 PM +0300 9/23/09, Jari Fredriksson wrote: > At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote: >> I don't run ClamAV via SpamAssassin. I have it called by amavisd-new, which does what it does: quarantine. Sure hope your not using heuristics, phishing and/or safebrowsing op

Re: [Clamav-users] DHL invoices

At 10:42 PM +0300 9/23/09, Jari Fredriksson wrote: > On Wed, Sep 23, 2009 at 08:11:41PM +0300, Jari Fredriksson wrote: Ehm, were you scoring SaneSecurity hits like one is supposed to, or just plain rejecting with them? Sounds like the latter. I don't run ClamAV via SpamAssassin. I hav

Re: [Clamav-users] DHL invoices

At 10:39 PM +0300 9/23/09, Jari Fredriksson wrote: >> I don't run ClamAV via SpamAssassin. I have it called by amavisd-new, which does what it does: quarantine. Sure hope your not using heuristics, phishing and/or safebrowsing options in ClamAV if you feel that way. I use amavisd-new d

Re: [Clamav-users] DHL invoices

At 8:11 PM +0300 9/23/09, Jari Fredriksson wrote: > On Wed, Sep 23, 2009 at 07:07:53PM +0300, Jari Fredriksson wrote: Jari Fredriksson wrote: Then I decided SaneSecurity is not worth it, as SpamAssassin catches those too, and has less false positives. SaneSecurity triggers way too of

Re: [Clamav-users] DHL invoices

At 3:09 PM +0100 9/23/09, Steve Basford wrote: > I get lots of 'invoices' from DHL containing a zipped trojan. F-Prot recognizes them as Win32/Bredolab!Generic but ClamAV does not. Hi, Just in case this helps block them... I've been detecting these for a while if its the same sort of fake

Re: [Clamav-users] Submission policies

Giampaolo If you want some extra coverage you might try the signatures at http://sanesecurity.com. Besides all the great rules there, our winnow signatures, which are included, detect malware not yet in clamav as well as urls to malware. Current direct signatures are mapped to other AV syste

Re: [Clamav-users] Signature/Weirdness

At 2:00 PM -0700 9/14/09, Bill Landry wrote: > At 12:59 PM -0700 9/14/09, Bill Landry wrote: Tom Shaw wrote: I am running ClamAV 0.95.2/9806/Mon Sep 14 14:37:58 2009 when I run clamscan on a file I get no detection yet when I submit the same file to virustotal (0.94.1/20090912) I

Re: [Clamav-users] Signature/Weirdness

At 12:59 PM -0700 9/14/09, Bill Landry wrote: Tom Shaw wrote: I am running ClamAV 0.95.2/9806/Mon Sep 14 14:37:58 2009 when I run clamscan on a file I get no detection yet when I submit the same file to virustotal (0.94.1/20090912) I get Trojan.Zbot-4583 detected. My clamav install has

[Clamav-users] Signature/Weirdness

I am running ClamAV 0.95.2/9806/Mon Sep 14 14:37:58 2009 when I run clamscan on a file I get no detection yet when I submit the same file to virustotal (0.94.1/20090912) I get Trojan.Zbot-4583 detected. My clamav install has been operating fine for months on OSX 10.5. Ideas? Tom _

Re: [Clamav-users] clamd 0.95.2 unrar

OK Got it fixed. Looks like incompatibilities of libraries. All is fine now. Thanks for your help pointing me in the right direction. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] clamd 0.95.2 unrar

a quick sudo ldconfig ( and some distros require that you explicitly include /usr/local/lib in your /etc/ld.so.conf - or /etc/ld.so.cond.d/.conf ) just to update the system catalogs... hth, Steve On Thu, 2009-07-09 at 18:14 -0400, Tom Shaw wrote: I searched the archive and could not find a sol

Re: [Clamav-users] clamd 0.95.2 unrar

At 3:20 PM -0700 7/9/09, MrC wrote: On 7/9/2009 3:14 PM, Tom Shaw wrote: I searched the archive and could not find a solution. I have been running without unrar support for a bit because I didn't have time to run this down. I compiled 0.95.2 from source and it has been running flawlessly

[Clamav-users] clamd 0.95.2 unrar

I searched the archive and could not find a solution. I have been running without unrar support for a bit because I didn't have time to run this down. I compiled 0.95.2 from source and it has been running flawlessly yet I get this warning: LibClamAV Warning: Cannot dlopen libclamunrar_iface:

[Clamav-users] List bounces

I did my due diligence and emailed clamav-users-requ...@lists.clamav.net?subject=help and got the email contact of the owner of the list and emailed clamav-users-ow...@lists.clamav.net and have received no response. Every time I post to this list I receive a "no such user here" response for c

Re: [Clamav-users] Signature dups

At 11:05 PM +0200 6/30/09, Tomasz Kojm wrote: On Tue, 30 Jun 2009 11:26:25 -0700 "Bill Landry" wrote: So if I were to include a signature in my 3rd party database, and then a few days later ClamAV adds the same signature to the official signature database, that is not your problem, but rath

[Clamav-users] Signature dups

Does freshclam or clam on load/reload look for and remove dup signatures? Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

[Clamav-users] Zeus .bin files

Just a question on signatures... Does the signature team not do Zeus/ZBot configuration files? We have submitted a number (20+) of ".bin" files over the last 6-8 weeks but have yet to see these files detected using "Official" signatures. Should we not submit these files? Tom _

Re: [Clamav-users] question about Clamav anti virus for old mac OS 9.2

.geckoandfly.com/2009/03/19/download-the-best-mac-os-x-anti-spyware-and-anti-virus-software-for-free/ I have to say you might be better off just hiring a local Mac guy for a couple of hours to make this painless. Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.

Re: [Clamav-users] question about Clamav anti virus for old mac OS 9.2

At 8:04 PM -0400 6/22/09, John Jasen wrote: >Tom Shaw wrote: > >> You could copy your MS Word files to an OSX machine and check them. >> You could search on eBay for an old AV program that worked on OS 8/9. >> You could email the suspect file(s) to virustotal so chec

Re: [Clamav-users] question about Clamav anti virus for old mac OS 9.2

At 2:41 PM +0100 6/22/09, off...@jimrailton.com wrote: >Hi there. I did read the archives and couldn't find anything about my >query. > >We have two older macs, a G3 running OS 8.6 and a G4 running 9.2. I believe >we have a microsoft word virus that I would like to get rid of. Is there a >versio

Re: [Clamav-users] ClamAV update auf 0.95.2

At 10:26 PM +0200 6/20/09, Udo Stifter wrote: >Am 2009-06-18 10:04, Tom Shaw schrieb: > > > At 1:35 AM +0200 6/18/09, Udo Stifter wrote: > > > >Hallo, > > > > > > > >zur Zeit nutze ich ClamAV 0.95.1 auf meinem PowerMac G4 (933 MHz, > > >

Re: [Clamav-users] ClamAV update auf 0.95.2

At 1:35 AM +0200 6/18/09, Udo Stifter wrote: >Hallo, > >zur Zeit nutze ich ClamAV 0.95.1 auf meinem PowerMac G4 (933 MHz, >1.25 GB SDRAM, Mav OS X 10.4.11). >Seit einigen Tagen meldet freshclam folgende Fehler: >-- >ClamAV update process started at Wed Jun 17 21

Re: [Clamav-users] freshclam permissions on database directory

At 7:24 AM -0700 6/11/09, Dennis Peterson wrote: >Tom Shaw wrote: > >> >> Under OSX you should not run freshclam as a deamon but as a periodic >> process run by launchd as _clamav:_clamav. Likewise for clamd. THis >> allows for automatic process restart by

Re: [Clamav-users] freshclam permissions on database directory

At 7:03 AM -0700 6/11/09, Dennis Peterson wrote: >Ian Cheong wrote: >> I've just done a clean (previous uninstall) default (configure;make;install >> with no options) install of clamAV0.95.2 on MacOS10.5.7. Running freshclam >> generates the following errors. >> >> ERROR: chdir_tmp: Can't creat

Re: [Clamav-users] freshclam permissions on database directory

At 10:07 AM +1000 6/11/09, Ian Cheong wrote: >I've just done a clean (previous uninstall) default (configure;make;install >with no options) install of clamAV0.95.2 on MacOS10.5.7. Running freshclam >generates the following errors. > >ERROR: chdir_tmp: Can't create directory >./clamav-f6cd08cec8c728

Re: [Clamav-users] VIRUS? PHISH? "Western Union Transfer MTCN: 0258258718"

At 10:04 AM -0400 5/12/09, Charles Gregory wrote: >Greetings! > >Received the following e-mail that looks like a phishing attempt, >with an attached zipped .exe file ... > >I've saved the file to: > http://www.hwcn.org/~cgregory/virus/MTCN_INVOICE.zip > >I don't have the facilities to test any

Re: [Clamav-users] Question about Phish heuristic

At 4:03 PM -0700 4/29/09, MrC wrote: >I submitted what I considered to be a FP on > >Phishing.Heuristics.Email.SpoofedDomain > >Submission-ID: 7705854 >Sender: Me >Submission notes: not a false positive >Added: No > >which was not considered a FP. The code below is what trigger

[Clamav-users] 0.95.1 universal installer for Mac OSX Leopard available

Now available: http://www.oitc.com/ctw/clamav/ Enjoy, Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Help with signatures.pdf

Edwin, Thank you very much for clarifying! At 7:04 PM +0300 4/26/09, Török Edwin wrote: >On 2009-04-26 18:21, Tom Shaw wrote: > >Would be nice to have a wildcard that allowed a range of >> matching like regex *{6,8} >> > >There are already range wildcards: {6

[Clamav-users] Help with signatures.pdf

.ndb questions TargetType is confusing and very unclear. Type 2 What exactly is type 2. I first read this ad thought it was OLE executables but further reading indicates it might also include Excel, Word VB and other Microsoft files. True? Are they normalized? Type 3 What exac

Re: [Clamav-users] Suggestion

At 3:18 PM +1200 4/18/09, Jason Haar wrote: >Tom Shaw wrote: >> What I would like (and I think that others that submit malware files >> to clamav.net would like) is for clamav.net to provide a method for >> us to programmatically query to determine if either 1) the file

Re: [Clamav-users] Error while loading shared libraries on PowerMac G5 running Yellow Dog Linux release 4.1

Vincent Can't comment on Yellow Dog but using gcc 4.2, clamav 0.95.1 works fine under OSX 10.4 and 10.5. I had problems with gcc 3.4. Hope this helps Tom At 3:31 PM -0700 4/17/09, Vincent Li wrote: >Hello, > >I have been running clamav version <= 0.94 years on my Power Mac G5 with >yellowdog l

[Clamav-users] Suggestion

Currently, I am tracking 233 files containing malware that have been submitted both directly to clamav.net and virustotal.com and yet continue not to show up in the signature database so that they can be detected. My scripts check them frequently against the current clamav databases using 0.95.

Re: [Clamav-users] Email.Phishing.DblDom-59

At 1:12 PM +0200 4/17/09, Wolfgang Cernohorsky wrote: >Suntower West wrote: >> Hi, >> >> I'm getting a positive for this in a Eudora mailbox (which is >> basically just an ASCII file.) However, when I scan the same file >> with Comodo it comes up as clean. > >Today clamav found the same in >"cl

Re: [Clamav-users] Email.Phishing.DblDom-59

Suntower, Its just a detection of a probable phishing link in an email. There is no virus in there just a phish. Tom At 5:33 PM -0700 4/16/09, Suntower West wrote: >Hi, > >I'm getting a positive for this in a Eudora mailbox (which is >basically just an ASCII file.) However, when I scan the sam

Re: [Clamav-users] clamd didnt act on SIGTERM

At 5:13 PM +0200 4/4/09, Claus Atzenbeck wrote: >Hi all: > >I'm running ClamAV 0.95 on Mac OS 10.5.6 (installed via Fink). clamd >runs in the background. > >On shutdown clamd seems not to quit. I experience a delay/timeout right >after the machine shuts down, then the machine says > > clamd d

Re: [Clamav-users] clamd didn't act on SIGTERM

?id=1441). I created from source and with my own launchd plists Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475(cell/voice mail,pager) Text Paging: http://www.oitc.com/Pager/send

Re: [Clamav-users] Probelm with clamdscan in ClamAV 0.95

At 7:41 AM -0600 4/1/09, s...@softhome.net wrote: >I had no problem in installing ClamAV 0.95 on my Macintosh with OS X 10.4.11 >like before. Also with earlier versions after running freshclam I used to >get the confirmation 'Clamd successfully notified about the update.' I am >getting the same res

Re: [Clamav-users] WARNING: Your ClamAV installation is OUTDATED!

At 2:20 PM +0100 3/31/09, Thomas Nguyen Van wrote: >Afternoon, > >It seems to be very common this error message however, I googled it >but never found a solution to fix it. > >Sorry to disturb you with this but do you have any suggestion ? > >Thanks in advance > >Below some details about my machin

[Clamav-users] clamscan and no google

I am running 0.95 and have google safe browsing db loaded but I want to scan some data using clamscan and disable google. Can that be done? Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] test for SafeBrowsing?

someone at Google had the foresight to provide a test-URL. Dan Try echo -e "From test\n\ntest\n" | /usr/local/bin/clamdscan --no-summary --infected - Tom -- Tom Shaw - Chief Engineer, OITC , http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714,

[Clamav-users] What's the turnaround for new signatures?

What's the turnaround for new signatures? I submitted these 7 days ago both directly and via virustotal (see below) yet today my clamd 0.94.2 (main 50 daily 9149) doesn't detect new copies arriving. Tom Complete scanning result of "/Flash_Adobe11.exe", processed in VirusTotal at 03/16/2009 22

Re: [Clamav-users] ClamAV and VirusTotal

At 8:35 PM +0100 3/19/09, Julio Canto wrote: >Sarocet escribió: >> Julio Canto wrote: >>> Paul Whelan escribió: >>> must be the clamwin version then which is a strange 'official channel'. >>> Hi again, >>> You're wrong assuming that, th

  1   2   >