Quoting Bill Randle [EMAIL PROTECTED]:
On Thu, 2004-06-17 at 19:16, Michael D. Crawford wrote:
I think the virus that's assaulting me is what this
page calls the PE_ZAFI.B virus:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.BVSect=T
The clamav database lists a virus
On Friday 18 June 2004 06:29 am, Jim Maul wrote:
Its also interesting to note that even before clamav detected zafi it
was being
blocked by qmail-scanner:
Jun 15 12:25:19 external qmail-scanner[29017]:
Policy:Bad_MIME_Break:RC:0(24.188.90.209):SA:1(10.5/5.0): 2.184665 18140
[EMAIL
I've been using formail, procmail and clamav to
disinect a 200 MB mailbox, and since last night it's
only processed 80 MB of mail so far. It's a 350 Mhz
box that I'm running it on, and clamav must be pretty
CPU intensive.
Somebody tipped me off to the following procmail
config, which filters on
On Fri, 18 Jun 2004 at 15:08:32 -0700, Michael D. Crawford wrote:
I've been using formail, procmail and clamav to
disinect a 200 MB mailbox, and since last night it's
only processed 80 MB of mail so far. It's a 350 Mhz
That's a very slow progress! I suspect you use clamscan. So clamscan is
Somebody yesterday said to use formail to convert
maildirs back to mbox format. I've looked at the
formail man page and I can't figure out how to do it.
Can you tell me?
I've successfully used a tool called yammc.pl to
convert my mailboxes to maildir. There are several
programs that claim to
On Thu, 17 Jun 2004, Michael D. Crawford wrote:
Somebody yesterday said to use formail to convert
maildirs back to mbox format. I've looked at the
formail man page and I can't figure out how to do it.
May I humbly re-suggest my method posted April 8 ?
cat mbox | formail -s procmail -m
I think the virus that's assaulting me is what this
page calls the PE_ZAFI.B virus:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.BVSect=T
The clamav database lists a virus called Worm.Zafi.B.
I'm still working on downloading my mailbox. I copied
it to my home
On Thu, 2004-06-17 at 19:16, Michael D. Crawford wrote:
I think the virus that's assaulting me is what this
page calls the PE_ZAFI.B virus:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.BVSect=T
The clamav database lists a virus called Worm.Zafi.B.
I'm still
In the last two days I have received five hundred
megabytes of spam. I'm pretty sure it's mostly
viruses.
I'd like to find a way to delete individual
virus-infected messages from my mailbox, but the
clamscan --mbox command stops scanning upon finding
the first virus, and if I use the --remove
Quoting Michael D. Crawford [EMAIL PROTECTED]:
In the last two days I have received five hundred
megabytes of spam. I'm pretty sure it's mostly
viruses.
I'd like to find a way to delete individual
virus-infected messages from my mailbox, but the
clamscan --mbox command stops scanning upon finding
On Wed, 16 Jun 2004 at 7:40:38 -0700, Michael D. Crawford wrote:
[...]
What I think would work would be to unpack my mailbox
file into a directory of individual messages, one in
each file, and use clamscan --mbox --remove on that
directory, and then collect all the messages back into
an
On Wed, 16 Jun 2004, Michael D. Crawford wrote:
I'd like to find a way to delete individual
virus-infected messages from my mailbox, but the
formail / procmail . I sent a detailed method for doing this to the list in
the begining of April, check the archives.
On Wed, Jun 16, 2004 at 07:40:38AM -0700, Michael D. Crawford wrote:
What I think would work would be to unpack my mailbox
file into a directory of individual messages, one in
each file, and use clamscan --mbox --remove on that
directory, and then collect all the messages back into
an
Jim Maul wrote:
Quoting Michael D. Crawford [EMAIL PROTECTED]:
In the last two days I have received five hundred
megabytes of spam. I'm pretty sure it's mostly
viruses.
I'd like to find a way to delete individual
virus-infected messages from my mailbox, but the
clamscan --mbox command stops
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 16 June 2004 11:09 am, Bert Koelewijn wrote:
Oh, come on! This is just shortcoming of ClamAV. Why have a --mbox
option if you can't identify the infected email?! RAV did this better.
The idea wasn't to do an entire file, it was to do
This is a good reason to use maildirs.
Jim
Oh, come on! This is just shortcoming of ClamAV. Why have a --mbox option
if you can't identify the infected email?! RAV did this better.
Bert
So? Last time I checked RAV wasn't exactly free.
If it's not done in CVS yet then I suppose it might get done
Quoting B. van Ouwerkerk [EMAIL PROTECTED]:
This is a good reason to use maildirs.
Jim
Oh, come on! This is just shortcoming of ClamAV. Why have a --mbox
option if you can't identify the infected email?! RAV did this
better.
Bert
So? Last time I checked RAV wasn't exactly free.
If it's not done
I read in the FAQ that you don't have an option to
disinfect files, only to report on or delete them. I
would think it wouldn't be too hard to disinfect a
mailbox file though.
This might help clean out your mailbox.
cc -o clamfilter clamfilter.c
mv /var/mail/mybox mybox
./clamfilter mybox
FWIW, I would go for a solution with procmail :-)
Just curious, if clamav was running on the server, how did the infected
message
get into the mbox in the first place?
Jim
Clamav is not the same as clamav-milter :) so if someone prefers not to use
milter or whatever to get viri before they hit
B. van Ouwerkerk wrote:
This is a good reason to use maildirs.
Jim
Oh, come on! This is just shortcoming of ClamAV. Why have a --mbox
option if you can't identify the infected email?! RAV did this better.
Bert
So? Last time I checked RAV wasn't exactly free.
If it's not done in CVS yet then I
Quoting B. van Ouwerkerk [EMAIL PROTECTED]:
FWIW, I would go for a solution with procmail :-)
Just curious, if clamav was running on the server, how did the
infected message
get into the mbox in the first place?
Jim
Clamav is not the same as clamav-milter :) so if someone prefers not to use
Bert Koelewijn wrote:
B. van Ouwerkerk wrote:
This is a good reason to use maildirs.
Jim
Oh, come on! This is just shortcoming of ClamAV. Why have a --mbox
option if you can't identify the infected email?! RAV did this better.
Bert
So? Last time I checked RAV wasn't exactly free.
If it's not
Just curious, if clamav was running on the server, how did the infected
message get into the mbox in the first place?
I've experienced this problem before when a new worm hits before Clam has
can detect it. Usually no more than a few infected messages get through
before Clam catches up. I'd
The viruses seem to be addressed to all the
permutations of the alphabet in the username, with the
domain always being goingware.com. Perhaps this was
meant to deliver the virus all to different people,
instead my personal email is being DOSed by this
virus.
Ask your hosting provider (or do it
Clamav is not the same as clamav-milter :) so if someone prefers not to use
milter or whatever to get viri before they hit the users mailbox they get
the mail into the mailbox. I'm running clamav-milter and find it s cool..
Ah...im running qmail so there is no milter. All this milter talk is
25 matches
Mail list logo
