[HLUG] clamav virus protection - is it working?

Andrew Hodgson andrew at hodgsonfamily.org
Sat Mar 4 18:43:23 GMT 2006 

Hi,

There is a plug-in for Squid that will put the file through another
program before giving the result to the user.  I tried this, but it made
browsing very slow indeed.

Also remember to cron fleshclam so you get regular updates.

Thanks.
Andrew.

-----Original Message-----
From: herefordshire-bounces at mailman.lug.org.uk
[mailto:herefordshire-bounces at mailman.lug.org.uk] On Behalf Of alabaster
Sent: 04 March 2006 18:40
To: Herefordshire Linux Users Group.
Subject: RE: [HLUG] clamav virus protection - is it working?


Hi Andrew,

That's a good site with a lot of types of files for burying viruses. I
ran them all and got a bit worried when I missed some. On inspection, it
includes some future threat types and some Outlook associated dangers. I
am pretty happy with what ClamAV is picking up this way.

Now to look into cron files so I can run regular scans of the disc.

By the way, any idea if there a way to scan downloads automatically or
will I have to do a manual check on each download before using it?

regards

Gordon
 
On Tue, 2006-02-28 at 09:15 +0000, Andrew Hodgson wrote:
> Hi,
> 
> A good virus sender site is:
> 
> http://www.declude.com/Articles.asp?ID=99
> 
> This allows you to send a variety of Eicar files encoded in different
> formats - not all virus checkers will be able to look at all the
formats,
> but the majority should test OK.
> 
> There is also a spam tester, but it isn't really designed for
Spamassassin.
> 
> Thanks.
> Andrew.
> 
> -----Original Message-----
> From: herefordshire-bounces at mailman.lug.org.uk
> [mailto:herefordshire-bounces at mailman.lug.org.uk] On Behalf Of
alabaster
> Sent: 27 February 2006 23:33
> To: Herefordshire Linux Users Group.
> Subject: Re: [HLUG] clamav virus protection - is it working?
> 
> Hi John,
> 
> I checked the web site and created an antivirus test file eicar.com,
> sent it to myself and the filter calling clamscan picked it up and put
> it in the virus folder. So it works. Great.
> 
> Regards
> 
> Gordon
> 
> On Mon, 2006-02-27 at 09:14 +0000, John Hedges wrote:
> > Hi Gordon
> > 
> > You can get a test virus from:
> > 
> > http://www.eicar.org/anti_virus_test_file.htm
> > 
> > Cheers
> > 
> > John
> > 
> > On Sun, Feb 26, 2006 at 06:23:27PM +0000, alabaster wrote:
> > > Hi Andrew,
> > > 
> > > Thanks for the reply. I have re-read the articles in light of your
> > > comments to try to see where I go next. One article says "... you
can
> > > also use it as a drop-in virus checker for an email client like
KMail or
> > > Evolution, by simply filtering through the clamav command."
> > > 
> > > I am using Evolution Mail, and I have set a filter to pipe the
incoming
> > > message to clamscan - (man clamscan suggested use of -, which
seems to
> > > scan just the piped file whereas leaving this off results in
scanning
> > > all of home) and if the return code is > 0 move file to folder
virus. 
> > > 
> > > As an alternative I have set up a script clammail to scan the
inbox, so
> > > I can doublecheck in case of problems.
> > > 
> > > Does this seem right to you? If so, all I need now is a mail
message
> > > with a virus in to prove it works!
> > > 
> > > 
> > > 
> > > Regards
> > > 
> > > Gordon
> > > 
> > > On Mon, 2006-02-20 at 08:02 +0000, Andrew Hodgson wrote: 
> > > > Hi,
> > > > 
> > > > ClamAV will not scan your mail in this way - the Clamd daemon is
to
> scan
> > > > specific files when they pass through the daemon, it is not an
on
> access
> > > > scanner.  To do ClamAV for mail, you need a plug-in to an MTA or
MUA
> that
> > > > will pass the mail through ClamAV.  I only have experience with
MTA
> > > > scanning.
> > > > 
> > > > Thanks.
> > > > Andrew.
> > > > 
> > > > -----Original Message-----
> > > > From: herefordshire-bounces at mailman.lug.org.uk
> > > > [mailto:herefordshire-bounces at mailman.lug.org.uk] On Behalf Of
> alabaster
> > > > Sent: 19 February 2006 23:39
> > > > To: Herefordshire Linux Users Group.
> > > > Subject: [HLUG] clamav virus protection - is it working?
> > > > 
> > > > I recently installed clamav after reading about it in LFX mag.
in the
> > > > hope that it will scan my mail for viruses. I can do a scan of
my home
> > > > page with eg
> > > > 
> > > > clamscan -r -l scan.txt /home/gordon
> > > > 
> > > > and I even found a virus in a deleted spam mail message, so
something
> is
> > > > working.
> > > > 
> > > > I have modified both clamd.conf and freshclam.conf along the
lines in
> > > > the LFX article to create specific log files.
> > > > 
> > > > I did a manual database update and then started freshclam -d to
update
> > > > it regularly. I expected to see this as a service "freshclam"
but
> could
> > > > not see it?
> > > > 
> > > > I also started clamd and can see this as a service.
> > > > 
> > > > I read the documentation and there was a lot I just did not
understand
> > > > but I think I got the main bits. The rest seemed to be other
options
> and
> > > > features possibly related to running servers!
> > > > 
> > > > My problem is that I am not sure if clamav is going to scan my
> incoming
> > > > (or outgoing) emails. How can I check? 
> > > > 
> > > > Regards
> > > > 
> > > > Gordon
> > > > 
> > > > 
> > > > 
> > > > 
> > > > _______________________________________________
> > > > Herefordshire mailing list
> > > > Herefordshire at mailman.lug.org.uk
> > > > http://mailman.lug.org.uk/mailman/listinfo/herefordshire
> > > > 
> > > > 
> > > >
**********************************************************************
> > > > This email and any files transmitted with it are confidential
and
> > > > intended solely for the use of the individual or entity to whom
they
> > > > are addressed. If you have received this email in error please
notify
> > > > the system manager.
> > > > 
> > > > allpay.net Limited, Fortis et Fides, Whitestone Business Park,
> Whitestone, Hereford, HR1 3SE. Telephone: 0870 243 3434, Fax: 0870 243
6041.
> Website: www.allpay.net Email: enquiries at allpay.net
> > > >
**********************************************************************
> > > > 
> > > > 
> > > > _______________________________________________
> > > > Herefordshire mailing list
> > > > Herefordshire at mailman.lug.org.uk
> > > > http://mailman.lug.org.uk/mailman/listinfo/herefordshire
> > > 
> > > 
> > > _______________________________________________
> > > Herefordshire mailing list
> > > Herefordshire at mailman.lug.org.uk
> > > http://mailman.lug.org.uk/mailman/listinfo/herefordshire
> > 
> > _______________________________________________
> > Herefordshire mailing list
> > Herefordshire at mailman.lug.org.uk
> > http://mailman.lug.org.uk/mailman/listinfo/herefordshire
> 
> 
> _______________________________________________
> Herefordshire mailing list
> Herefordshire at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/herefordshire
> 
> 
> _______________________________________________
> Herefordshire mailing list
> Herefordshire at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/herefordshire


_______________________________________________
Herefordshire mailing list
Herefordshire at mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/herefordshire

More information about the Herefordshire mailing list