Lately I am receiving a lot of Spams originating within MS
networks with attached PDF's that basically contain an image with a
link.
The body of the message is 7-8 random words such as: moka bu fyno da
zosi ku xiqy zy
These prove particularly difficult to filter and I'm thinking maybe
running
: 0.87 Recommended version: 0.87.1
DON'T PANIC! Read http://www.clamav.net/faq.html
What's happening, because I update the system:
clamav-0.87-1.fc5
clamav-update-0.87-1.fc5
clamav-data-0.87-1.fc5
clamav-lib-0.87-1.fc5
0.87-1 != 0.87.1-1
--
best regards
q
.
--
best regards
q#
___
http://lurker.clamav.net/list/clamav-users.html
12:29 f783d7be test.txt
0 Stored 68 0% 10-19-04 12:29 6851cf3c eicar.com
Demo des ct Emailcheck (www.heisec.de)
--- ------
0 73 0%2 files
--
best regards
q
:58 empty.txt
--- ------
00 0%1 file
--
best regards
q#
___
http://lurker.clamav.net/list/clamav-users.html
SUMMARY ---
Known viruses: 37224
Engine version: devel-20050727
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 1.536 sec (0 m 1 s)
Can I say it's a bug?
--
best regards
q#
___
http://lurker.clamav.net/list
viruses by default. If there is an option to turn
this on, fine, but this is pushing the envelope a bit too far for me.
Of course, but as you can see, I've created my own signature for empty
file in zip-file and it doesn't work.
--
best regards
q
On Wed, Jul 27, 2005 at 08:13:15PM +0100, Matt Fretwell wrote:
q# wrote:
Of course, but as you can see, I've created my own signature for empty
file in zip-file and it doesn't work.
One might surmise, then, that you have not created it correctly?
Don't ask me, check it. If you find
On Wed, Jul 27, 2005 at 12:31:45PM -0700, [EMAIL PROTECTED] wrote:
q# wrote:
$ echo 'Zip.Empty:0:*:0:0::0:1:1' ./local/empty.zmd
Checking the documentation:
http://www.clamav.net/doc/latest/signatures.pdf
This is the Extended signature format
Zip.Empty - name of malware
0
On Wed, Jul 27, 2005 at 12:54:30PM -0700, [EMAIL PROTECTED] wrote:
q# wrote:
Wrong signature format: zmd != ndb
Alright - where's the documentation of the zmd database format?
Does sigtool --list-sigs | grep Zip.Empty have any output? That should at
least verify whether the sig
Hi,
I've found in my squid log CAB[1] file which clamav can't unpack properly.
Tested on stable (0.86.1) and devel (20050714). When cabextract'ed this
file clamav finds trojan properly.
References
1. http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB
--
best regards
q#
LibClamAV
On Thu, Jul 14, 2005 at 12:55:18PM -0500, Ken Jones wrote:
On Thu, July 14, 2005 11:59, q# wrote:
Hi,
I've found in my squid log CAB[1] file which clamav can't unpack properly.
Tested on stable (0.86.1) and devel (20050714). When cabextract'ed this
file clamav finds trojan properly
not support V3.
How I solve the problem of scan v3 Rar archives?
With Clamscan I have --unrar option, but in Clamd this option is not
available.
Pretty sure that clamd from 0.84 supports RAR v3 archive scanning.
Only CVS support it currently.
--
best regards
q
)
WARNING: Your ClamAV installation is OUTDATED - please update
immediately!: 24 Time(s)
[...]
Could you provide output from:
$ ldd `which clamscan`
$ ldd `which freshclam`
$ freshclam --version
--
best regards
q#
___
http://lurker.clamav.net/list/clamav
to be ok, but why I have different # of Known viruses
on 0.83 and devel?
--
best regards
q#
___
http://lurker.clamav.net/list/clamav-users.html
=111315452919008w=2
http://marc.theaimsgroup.com/?l=openbsd-portsm=111315511409111w=2
--
best regards
q#
___
http://lurker.clamav.net/list/clamav-users.html
I tried to submit a virus file at the web page but I get the message
below.
I have two different ClamAV installations (Solaris 9 and Fedora C 3)
both with the latest engine+database, but none of those is detecting the
virus:
# clamscan -V
ClamAV 0.83/724/Fri Feb 25 00:55:18 2005
# clamscan
he just wanna say thank you.
think he loves us all, like jacko ;)
greetings
andy
--free your mind, use open source
http://www.mono-project.com
ASCII ribbon campaign ( )
- against HTML email X
vCards / \
Autoresponder I guess...
--
Guillaume Arcas
[EMAIL PROTECTED] wrote:
Freshclam via cron
What sort of update intervals are people using, and can someone show me a
working crontab entry? I've tried calling freshclam like this via a crontab
entry
06 0 * * * /usr/local/bin/freshclam
BUt it doesn't seem to work. Which means I'm probably
Dale Walsh wrote:
[snip]
I can't understand why everyone runs this through cron when it doesn't
eat much memory or cpu cycles when run as a daemon?
If freshclam fails as a daemon you would not know it. If it fails as a
cron job, then cron will let you know something is wrong.
Of course
Let me try to help, I'll translate to spanish Tomasz's answer.
Tomasz Kojm wrote:
On Tue, 22 Feb 2005 19:16:33 -0600
Instituto de Ingenieria Unix [EMAIL PROTECTED] wrote:
Hello:
Thanks for the URL, I tested to the server who has clamav and step
all the tests. But I even have a problem, when
Hi,
Small typo in ``Trojan.Quickbrowse-1'' signature name.
--
best regards
q#
--- daily.dbMon Feb 21 14:09:04 2005
+++ daily.db.newMon Feb 21 14:12:08 2005
@@ -956,7 +956,7 @@
Trojan.Lazzar-1
(Clam
On Sat, Feb 19, 2005 at 09:07:05PM +0100, q# wrote:
[...]
So I want create those sigs but my skillindex is at 0% level :/ Can
users who have experience with catching and creating malware sigs point
me to useful docs/tools?
From Google:
http://www.antionline.com/showthread.php?s=threadid=262455
biggest problem is to: how to catch evil code inside binary
file.
--
best regards
q#
___
http://lurker.clamav.net/list/clamav-users.html
Hi
When I compile clamav-devel-20040506 I obtain:
undefined reference to `messageAddLineAtTop'
If I compile clamav-devel-20040505 version everything works fine.
Is a clamav-devel-20040506 error or I am doing something wrong.
Regards
Germán González
25 matches
Mail list logo