Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

(no subject)

 

 

First page Previous page 1 2 3 4 5 6 7 8 Next page Last page  View All ClamAV users RSS feed   Index | Next | Previous | View Threaded


lobredor at telered

Aug 1, 2003, 11:55 AM

Post #1 of 181 (9160 views)
Permalink
(no subject)

Lucas G. Obredor
Sistemas División Banda Ancha
Tel. 4469-7455 Int. 2130


njh at bandsman

Sep 23, 2003, 2:06 PM

Post #2 of 181 (9000 views)
Permalink
RE: (no subject) [In reply to]

From what I gather from google, signal 6 is the Abort trap. why is it
doing that ?

Can I see the output of stdout/stderr please.

-Nigel


newsgroup at auratia

Sep 24, 2003, 5:43 AM

Post #3 of 181 (9008 views)
Permalink
RE: (no subject) [In reply to]

how do i go abt doing that ? not too good on all these things... in
process of learning ..
--
Fear not death itself, but how death would come.

<quote who="Nigel Horne">
>>From what I gather from google, signal 6 is the Abort trap. why is it
> doing that ?
>
> Can I see the output of stdout/stderr please.
>
> -Nigel
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Clamav-users mailing list
> Clamav-users [at] lists
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>


njh at bandsman

Sep 24, 2003, 8:42 AM

Post #4 of 181 (9009 views)
Permalink
Re: (no subject) [In reply to]

On Wednesday 24 Sep 2003 1:41 pm, Christopher Tan wrote:
> how do i go abt doing that ? not too good on all these things... in
> process of learning ..

What operating system are you running? What command did you use to start clamd?

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh [at] despammed http://www.bandsman.co.uk


newsgroup at auratia

Sep 24, 2003, 11:30 AM

Post #5 of 181 (9020 views)
Permalink
Re: (no subject) [In reply to]

command :
/usr/local/sbin/clamd --config-file=/usr/local/etc/clamav.conf
/usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock

OS : freebsd 4.9 pre-release
clamav 20020829

--
Fear not death itself, but how death would come.

<quote who="Nigel Horne">
> On Wednesday 24 Sep 2003 1:41 pm, Christopher Tan wrote:
>> how do i go abt doing that ? not too good on all these things... in
>> process of learning ..
>
> What operating system are you running? What command did you use to start
> clamd?
>
> -Nigel
>
> --
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK. ICQ#20252325
> njh [at] despammed http://www.bandsman.co.uk
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Clamav-users mailing list
> Clamav-users [at] lists
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>


njh at bandsman

Sep 24, 2003, 11:40 AM

Post #6 of 181 (8984 views)
Permalink
Re: (no subject) [In reply to]

On Wednesday 24 Sep 2003 7:28 pm, Christopher Tan wrote:
> command :
> /usr/local/sbin/clamd --config-file=/usr/local/etc/clamav.conf
> /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock

In that case stdout and stderr will be on the terminal that you were at when you typed in the command.

> OS : freebsd 4.9 pre-release
> clamav 20020829

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh [at] despammed http://www.bandsman.co.uk


newsgroup at auratia

Sep 24, 2003, 11:53 AM

Post #7 of 181 (9012 views)
Permalink
Re: (no subject) [In reply to]

it didnt show anything .. ps -aux | grep clam showed both the processes
running, but it wasnt filtering anyhting .. killed both the procs and
restarted it ... been working since then. clamd.log didnt show any signs
of probs .

out of curiosity, i made clean in the 20030829 folder stopped all
processes , then downloaded the new clamav-devel-20030924.tar.gz and did
the installation ..but clamd -V still shows it as 20030829, why does it
still show as this ?
--
Fear not death itself, but how death would come.

<quote who="Nigel Horne">
> On Wednesday 24 Sep 2003 7:28 pm, Christopher Tan wrote:
>> command :
>> /usr/local/sbin/clamd --config-file=/usr/local/etc/clamav.conf
>> /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock
>
> In that case stdout and stderr will be on the terminal that you were at
> when you typed in the command.
>
>> OS : freebsd 4.9 pre-release
>> clamav 20020829
>
> -Nigel
>
> --
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK. ICQ#20252325
> njh [at] despammed http://www.bandsman.co.uk
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Clamav-users mailing list
> Clamav-users [at] lists
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>


tk at lodz

Feb 10, 2004, 5:08 AM

Post #8 of 181 (9011 views)
Permalink
Re: (no subject) [In reply to]

On Tue, 10 Feb 2004 12:05:04 +0100
Balzi Andrea <andrea.balzi [at] arthis> wrote:

> Hi
>
> I'm a new user.
> I've install by a debian package from this source "deb
> http://clamav.catt.com/debian stable main".
> I'm using exim-4.30 with exiscan-acl patch on a debian stable.
>
> 2004-02-10 11:48:05 1AqVQu-0001B0-5g malware acl condition: clamd:
> ClamAV returned
> /var/spool/exim/scan/1AqVQu-0001B0-5g/1AqVQu-0001B0-5g-00000.zip: File
> size limit exceeded. ERROR

This is already fixed in CVS. You can wait for a stable version - we're
going to release 0.66 in a few hours.

Best regards,
Tomasz Kojm
--
oo ..... tkojm [at] clamav www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Tue Feb 10 14:02:44 CET 2004


njh at bandsman

Feb 26, 2004, 3:44 PM

Post #9 of 181 (9019 views)
Permalink
RE: (no subject) [In reply to]

> From: clamav-users-admin [at] lists
It fails and leaves me with this error in my /var/log/messages
>
> Feb 26 14:50:45 xcon5 clamav-milter: ClamAv: Unable to bind to port
> /var/run/clmilter.sock: Address already in use

Try adding FixStaleSocket in clamav.conf.

> Marc S. Brooks

-Nigel


scott.deacon at sympatico

Feb 26, 2004, 7:28 PM

Post #10 of 181 (8997 views)
Permalink
RE: (no subject) [In reply to]

On Thu, 2004-02-26 at 18:33, Nigel Horne wrote:
> > From: clamav-users-admin [at] lists
> It fails and leaves me with this error in my /var/log/messages
> >
> > Feb 26 14:50:45 xcon5 clamav-milter: ClamAv: Unable to bind to port
> > /var/run/clmilter.sock: Address already in use
>
> Try adding FixStaleSocket in clamav.conf.
>
> > Marc S. Brooks
>
> -Nigel
>

Typically a permissioning problem IF you are running as non-root.


Antony at Soft-Solutions

Aug 12, 2004, 3:29 AM

Post #11 of 181 (9012 views)
Permalink
Re: (no subject) [In reply to]

On Wednesday 11 August 2004 9:13 pm, junkmail [at] phoenix-blaze wrote:

> Hi,
>
> I was wondering prior to version .05 (feb 10, 2004) what the real virus
> installed with mail clam av was.

Please can you rephrase your question?

Version 0.05 of what?
ClamAV does not install any viruses.

Regards,

Antony.

--
"640 kilobytes (of RAM) should be enough for anybody."

- Bill Gates

Please reply to the list;
please don't CC me.



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users [at] lists
https://lists.sourceforge.net/lists/listinfo/clamav-users


junkmail at phoenix-blaze

Aug 12, 2004, 7:07 AM

Post #12 of 181 (9046 views)
Permalink
Re: Mail-ClamAV installed virus [In reply to]

Hi,
Sorry for he confusion. The virus I'm referring to is found in a CPAN
module archive Mail-ClamAV-0.01.tgz < Mail-ClamAV-0.05.tgz
http://www.cpan.org/modules/by-authors/id/S/SA/SABECK/

The change log in 0.05 mentions that the "real" virus was replaced by the
ecair virus signature. A virus scan of the file virus.eml will show up
positive.

I understand the chances of someone on a windows machine downloading the
old version of the file, unarchiving it, and then opening the virus.eml and
executing the update.exe attachment is pretty minuet. This is really more
for documentation purposes, and I just wanted to verify if the Swen virus
contained within the email was a wild and unmodified one.


If this is the wrong list to post this or these CPAN modules have nothing
to do with the clamav project I apologize for the interruption.

Thanks for your help.

Ted


> On Wednesday 11 August 2004 9:13 pm, junkmail [at] phoenix-blaze wrote:
>
>> Hi,
>>
>> I was wondering prior to version .05 (feb 10, 2004) what the real
>> virus installed with mail clam av was.
>
> Please can you rephrase your question?
>
> Version 0.05 of what?
> ClamAV does not install any viruses.
>
> Regards,
>
> Antony.
>
> --
> "640 kilobytes (of RAM) should be enough for anybody."
>
> - Bill Gates
>
> Please reply to the
> list;
> please don't
> CC me.
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Clamav-users mailing list
> Clamav-users [at] lists
> https://lists.sourceforge.net/lists/listinfo/clamav-users





-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users [at] lists
https://lists.sourceforge.net/lists/listinfo/clamav-users


trog at uncon

Aug 12, 2004, 7:18 AM

Post #13 of 181 (8981 views)
Permalink
Re: Mail-ClamAV installed virus [In reply to]

On Thu, 2004-08-12 at 15:07, junkmail [at] phoenix-blaze wrote:

>
> If this is the wrong list to post this or these CPAN modules have nothing
> to do with the clamav project I apologize for the interruption.

The second of those two options.

-trog
Attachments: signature.asc (0.18 KB)


niek at packetstorm

Sep 7, 2004, 9:07 AM

Post #14 of 181 (8970 views)
Permalink
Re: (no subject) [In reply to]

You start a new message by replying to a very old one.
Don't do this.

You send html formatted to a mailing list.
Don't do this, see the nomime url in my sig.

On 9/7/2004 5:19 PM +0200, Erick Dantas Rotole wrote:

> Postfix, clamav, amavisd-new and spamassassin is not detecting the virus
> W32/Zafi.b [at] M <mailto:W32/Zafi.b [at] M> detected by mcafee.
> I discovered that clamav already detect this virus. What is happening?
>
>
>
> Thanks

Are you using the latest clamav version (0.75.1) ?
If so, are you definitions up to date ?

Maybe clamav doesn't detect it, because mcafee already detected it
and removed the virus from the email ?

If the above do not apply, read the FAQ on http://www.clamav.net
to check out what you can do next (have it scanned online, submit the sample.

Regards,
Niek Baakman
--
_______________________________________________________________________
Read about mime: http://www.geoapps.com/nomime.shtml
Read about quoting: http://www.netmeister.org/news/learn2quote.html
Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Clamav-users mailing list
Clamav-users [at] lists
https://lists.sourceforge.net/lists/listinfo/clamav-users


niek at packetstorm

Sep 7, 2004, 10:09 AM

Post #15 of 181 (8970 views)
Permalink
Re: (no subject) [In reply to]

On 9/7/2004 6:07 PM +0200, Niek wrote:

> You start a new message by replying to a very old one.
> Don't do this.

Sorry, this was not the case.
My mua seems to be threading messages with the same subject.

Regards,
Niek Baakman
--
_______________________________________________________________________
Read about mime: http://www.geoapps.com/nomime.shtml
Read about quoting: http://www.netmeister.org/news/learn2quote.html
Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Clamav-users mailing list
Clamav-users [at] lists
https://lists.sourceforge.net/lists/listinfo/clamav-users


sdimoff at usnetworksinc

Oct 5, 2004, 6:17 AM

Post #16 of 181 (8945 views)
Permalink
RE: (no subject) [In reply to]

I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
antivirus failed miserably.


--------------------

I ran the above tests from gfi.com also, and I caught 11 of them. I'm also
running CLAMD (0.75.1) with the --mbox option. (ScanMail option in
clamav.conf)

Steve

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


njh at bandsman

Oct 5, 2004, 6:17 AM

Post #17 of 181 (8913 views)
Permalink
Re: (no subject) [In reply to]

On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> Hi all

> I too ran the tests from testvirus.org, this second test was ok, only two
> got through.

Two will get through (24 and 25), but since they don't contain any virus there's
nothing to find and therefore nothing to stop.

> Brent Clark

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh [at] despammed http://www.bandsman.co.uk
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


njh at bandsman

Oct 5, 2004, 6:22 AM

Post #18 of 181 (8903 views)
Permalink
Re: (no subject) [In reply to]

On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.

You haven't said what version of clamAV you're using, so I can't advise you.

> Brent Clark

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh [at] despammed http://www.bandsman.co.uk
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


sasab at pixteam

Oct 5, 2004, 6:28 AM

Post #19 of 181 (8936 views)
Permalink
Re: (no subject) [In reply to]

Hi, I use 0.75.1 .. test with testvirus.org are full ok but with gfi.com/emailsecuritytest are failed eicar.com and hide.hta in fact the attached pass through mail server and it arrive on mail client, but the file but gfi-test.txt not is created on pc.

----------

Salvatore.

----- Original Message -----
From: "Nigel Horne" <njh [at] bandsman>
To: "ClamAV users ML" <clamav-users [at] lists>
Sent: Tuesday, October 05, 2004 3:22 PM
Subject: Re: [Clamav-users] (no subject)


> On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> > Hi all
> >
> > I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> > antivirus failed miserably.
>
> You haven't said what version of clamAV you're using, so I can't advise you.
>
> > Brent Clark
>
> -Nigel
>
> --
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK. ICQ#20252325
> njh [at] despammed http://www.bandsman.co.uk
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>
---
[This E-mail scanned for viruses by Declude Virus]

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


njh at bandsman

Oct 5, 2004, 6:30 AM

Post #20 of 181 (8907 views)
Permalink
Re: (no subject) [In reply to]

On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.

What do you mean by "failed miserably". I can only assume you mean that 100%
of the emails got through.

I've just tried this test. Some exploits that actually contain no malicious code so
there's nothing to worry about got through (by definition clamAV only
traps malicious code). With latest development version
in a configuration of sendmail->clamav-milter->clamd everything else was trapped,
i.e. I got lots of emails like this:

The message i95DOMK8008397 sent from <emailtesting [at] gfi> to
<njh [at] bandsman>
contained GFI.VBS.Test and has not been delivered.

The infected machine is likely to be here:
from localhost.localdomain ([192.168.1.132]) by S44374 with Microsoft SMTPSVC(6.0.3790.0);
Tue, 5 Oct 2004 15:23:47 +0200

> Brent Clark

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh [at] despammed http://www.bandsman.co.uk
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


bclark at eccotours

Oct 5, 2004, 6:33 AM

Post #21 of 181 (8938 views)
Permalink
RE: (no subject) [In reply to]

Hi

mail:~# clamscan -V
clamscan / ClamAV version 0.75-1
mail:~#


Im using this with my Exim Mail server

Thanks for your help
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


math at mlists

Oct 5, 2004, 7:21 AM

Post #22 of 181 (8925 views)
Permalink
Re: (no subject) [In reply to]

Brent Clark wrote:

> Hi
>
> mail:~# clamscan -V
> clamscan / ClamAV version 0.75-1
> mail:~#
>
>
> Im using this with my Exim Mail server
>

Remember that a lot of the GFI tests are for Outlook vulnerablities, no
malicious code per se. How many did you trap?

Matt
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Jose-Marcio.Martins at ensmp

Oct 5, 2004, 7:41 AM

Post #23 of 181 (8905 views)
Permalink
Re: (no subject) [In reply to]

Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.
> I too ran the tests from testvirus.org, this second test was ok, only two
> got through.
>
> Could someone please share some help with this,

Both gfi and antivirus.org have some tests which are theorical tests
using some malformed MIME tags and trying to detect if the scanner is
able to detect some tricks.

I don't know what's about testvirus.org, but behind gfi, there is a
software editor trying to say : Na, na, na, the antivirus you're using
is vulnerable, but not the mine one.

But some of this "vulnerabilities" are more theorical vulnerabilities
than something you can really find in the wild.

Best regards

Jose-Marcio

>
> Kind Regards
> Brent Clark


--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06 mailto:Jose-Marcio.Martins [at] ensmp

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


bclark at eccotours

Oct 5, 2004, 7:43 AM

Post #24 of 181 (8924 views)
Permalink
RE: (no subject) [In reply to]

> Remember that a lot of the GFI tests are for Outlook vulnerablities, no
>malicious code per se. How many did you trap?

Only 6
Which I suppose aint to bad, but still.
But your right, because 5 were (more an Exim issue):

========================================================================
2004-10-05 13:48:22 1CEnnq-0001aT-Fv demime acl condition: 'message/partial'
MIME type
2004-10-05 13:48:22 1CEnnq-0001aT-Fv H=(name) [ipaddress] U=root
F=<emailtesting [at] gfi> rejected after DATA: This message contains
malformed MIME (demime acl condition: 'message/partial' MIME type).
=========================================================================

and 6 got through.

Kind Regards
Brent Clark

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


shane.wise at nashvilleweather

Oct 5, 2004, 7:52 AM

Post #25 of 181 (8924 views)
Permalink
Re: (no subject) [In reply to]

I just ran it against mine (.80rc3) and it worked pretty good...I did
have the 2 come through...however I had 5 of them that I was getting the
stream: Bad format or broken data ERROR message on them and my server
was rejecting with a Milter: data, reject=451 4.3.2 Please try again
later...

Dunno what is up with that really...and I am curious if others are
rejecting some as well with the same error.

Shane

Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.
> I too ran the tests from testvirus.org, this second test was ok, only two
> got through.
>
> Could someone please share some help with this,
>
> Kind Regards
> Brent Clark
>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

First page Previous page 1 2 3 4 5 6 7 8 Next page Last page  View All ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.