On 5/3/10 9:43 AM, Bill Landry wrote:
If you are seeing three copies of each unofficial database, then you have
a problem somewhere.
This topic is really OT for the ClamAV mailing list.
My net nanny buzzer went off.
dp
___
Help us build a comprehe
On 5/3/10 8:45 AM, Simon Hobson wrote:
It's actually more efficient than that !
It uses something similar to a rolling checksum to find throughout the
file. So in principal, you can add a short bit to the front of a large
file, or even chop a file up into chunks and rearrange them, and it will
On 5/3/10 8:45 AM, Alex wrote:
Hi,
Dennis Peterson wrote:
Rsync is able to transfer only the differences between two files provided a
version of the file being
transferred exists on the source and the destination. In addition, rsync will
not transfer anything if it
determines there are no cha
On Mon, May 3, 2010 8:45 am, Alex wrote:
> Hi,
>
> Dennis Peterson wrote:
>> Rsync is able to transfer only the differences between two files
>> provided a version of the file being
>> transferred exists on the source and the destination. In addition, rsync
>> will not transfer anything if it
>> de
Chris Meadors wrote:
Rsync treats all files as binary. When finding changes it splits a file
into blocks, computes a checksum for each block and performs a
comparison between the sending and receiving side. Then it only sends
the blocks which have changed.
When dealing with a text file which
Hi,
Dennis Peterson wrote:
> Rsync is able to transfer only the differences between two files provided a
> version of the file being
> transferred exists on the source and the destination. In addition, rsync will
> not transfer anything if it
> determines there are no changes between the two fil
On Mon, 2010-05-03 at 05:53 -0700, Jim Preston wrote:
> Dennis Peterson wrote:
> >
> > Rsync is able to transfer only the differences between two files
> > provided a version of the file being transferred exists on the source
> > and the destination. In addition, rsync will not transfer anything
Dennis Peterson wrote:
Rsync is able to transfer only the differences between two files
provided a version of the file being transferred exists on the source
and the destination. In addition, rsync will not transfer anything if
it determines there are no changes between the two files.
Denni
On 5/2/10 9:59 AM, Alex wrote:
Hi,
Why are some of the databases duplicated in the clamav root dir and
also in the unofficial-dbs/ss-dbs directory, such as
winnow_malware.hdb?
The rsync protocol only downloads the changes between the local and remote
files, so the local file much be available
On 5/2/2010 9:59 AM, Alex wrote:
Hi,
Why are some of the databases duplicated in the clamav root dir and
also in the unofficial-dbs/ss-dbs directory, such as
winnow_malware.hdb?
The rsync protocol only downloads the changes between the local and remote
files, so the local file much be availab
Hi,
>> Why are some of the databases duplicated in the clamav root dir and
>> also in the unofficial-dbs/ss-dbs directory, such as
>> winnow_malware.hdb?
>
> The rsync protocol only downloads the changes between the local and remote
> files, so the local file much be available comparison. The
> u
On 5/1/2010 8:19 PM, Alex wrote:
Hi,
These are *NOT* Sanesecurity distributed scripts, so please do not add them
to the Sanesecurity section of the script's config file. MBL already has a
Okay, got it. It wasn't clear to me that it was an "MBL" db, and the
reference in the sanesecurity datab
Hi,
> These are *NOT* Sanesecurity distributed scripts, so please do not add them
> to the Sanesecurity section of the script's config file. MBL already has a
Okay, got it. It wasn't clear to me that it was an "MBL" db, and the
reference in the sanesecurity database section also includes info on
On 5/1/2010 1:01 PM, Bill Landry wrote:
On 5/1/2010 12:38 PM, Alex wrote:
Hi,
sent 34 bytes received 1932 bytes 786.40 bytes/sec
total size is 27032205 speedup is 13749.85
Connection to ns.km33603.keymachine.de 87.118.124.191 failed - Trying
next mirror site...
Looks to me like the rsync succ
On 5/1/2010 12:38 PM, Alex wrote:
Hi,
sent 34 bytes received 1932 bytes 786.40 bytes/sec
total size is 27032205 speedup is 13749.85
Connection to ns.km33603.keymachine.de 87.118.124.191 failed - Trying
next mirror site...
Looks to me like the rsync succeeded, since it received the filelist
Hi,
>> sent 34 bytes received 1932 bytes 786.40 bytes/sec
>> total size is 27032205 speedup is 13749.85
>> Connection to ns.km33603.keymachine.de 87.118.124.191 failed - Trying
>> next mirror site...
>>
>> Looks to me like the rsync succeeded, since it received the filelist
>> and actually rece
>> If you still have a copy of the headers & body, could you send me a
>> sample:
>
> Attachment sent.
Thanks for the sample Alex.
It's already being detected as:
Sanesecurity.Malware.8830.UNOFFICIAL
So, you should already be covered :)
Cheers,
Steve
Sanesecurity
>> I meant that the other day there was a URL in the body of an email
>> that passed through as ham when in fact it ended in 'ecard.exe' and,
>> should the recipient download it, would be shown to be a trojan.
>> Doesn't clamav block stuff like this, I thought?
>
> If you still have a copy of the h
> I meant that the other day there was a URL in the body of an email
> that passed through as ham when in fact it ended in 'ecard.exe' and,
> should the recipient download it, would be shown to be a trojan.
> Doesn't clamav block stuff like this, I thought?
Hi Alex,
If you still have a copy of th
Hi,
>> Will amavisd now also pass to it HTML files to scan for bad URLs
>> within HTML and other email threats?
>
> I don't understand your question, but most likely it depends on your you
> have configured amavisd.
I meant that the other day there was a URL in the body of an email
that passed th
>>> Why, are you blocking outbound rsync traffic? If so, after 3 years of
>>> maintaining this script and many
>>> thousands of users, this is the first time I've heard this request.
>>
>> Some of do this by default - set an outbound policy of block and allow
>> specific traffic that's allowed.
FWIW, we have the same setup where I am. The last place I was at the network
guys were planning to do the same thing.
--Bryan
-- Bryan Blackwell --
Unix Systems Engineer
br...@skiblack.com
On Apr 28, 2010, at 4:54 PM, Simon Hobson wrote:
>> Why, are you blocking outbound rsync traffic? If s
Bill Landry wrote:
Why, are you blocking outbound rsync traffic? If so, after 3 years
of maintaining this script and many thousands of users, this is the
first time I've heard this request.
Some of do this by default - set an outbound policy of block and
allow specific traffic that's allowe
Hi,
> If you run rsync manually and then run the script after, you'll no doubt
> get a block from the server...as some mirrors only allow one rsync hit per
> hour...
>
> Just to try this out...
>
> 1. run the above rsync command manually
> 2. run the above rsync command *again*, manually
Yes, tha
On 4/28/2010 6:01 AM, Alex wrote:
Hi,
The rsync mirror are defined in the script, not the config file. However,
you can find the full list of mirrors by executing:
host rsync.sanesecurity.net
It might be worth mentioning this in the docs so other people can
properly configure their
> No, I can run rsync right afterwards and it succeeds, like this:
>
> # rsync -v rsync://ns.km33603.keymachine.de/sanesecurity/
>
> Here's the output from the clamav-unofficial-sigs.sh script immediately
> after:
Hi Alex,
If you run rsync manually and then run the script after, you'll no doubt
g
Hi,
> The rsync mirror are defined in the script, not the config file. However,
> you can find the full list of mirrors by executing:
>
> host rsync.sanesecurity.net
It might be worth mentioning this in the docs so other people can
properly configure their firewall if necessary.
>> Connection t
On 4/27/2010 11:53 PM, Alex wrote:
Hi,
I've done some research on the best way to integrate it, but hoped
someone could point me to a current document that outlines how to do
this and help me answer some of my questions.
The best way to integrate them is to follow the instructions
Hi,
>> I've done some research on the best way to integrate it, but hoped
>> someone could point me to a current document that outlines how to do
>> this and help me answer some of my questions.
>
> The best way to integrate them is to follow the instructions at Steve's
> web site (Sane Security).
>
> Hi,
>
>
> I've done some research on the best way to integrate it, but hoped
> someone could point me to a current document that outlines how to do
> this and help me answer some of my questions.
The best way to integrate them is to follow the instructions at Steve's
web site (Sane Security
Hi,
I'm using sa-v3.2.5 and amavisd with clamav-0.96 and it appears to be
working properly. clamdcheck periodically sends the eicar virus test
and clamd reports that it found it properly.
What is the best procedure for now integrating the sanesecurity
signatures? Are these ready for use on a prod
31 matches
Mail list logo
