Missed Viruses?

Does IronPort have any mechanism to report missed viruses, something along the lines of [email protected]?
We have IronPort C660s on our perimeter and Exchange 2007 running ForeFront and occasionally ForeFront will detect an e-mail with a virus that went through our C660s undetected. We are currently only running the Sophos engine, not McAfee, not Virus Oubreak Filters. I think I asked our Sales Rep for a price quote on McAfee and the VOF but I about fainted at the price.
Jason

Hello Jason,
You can always submit a sample to Sophos - KB article - http://tinyurl.com/ykpm39.
To get any additional information about why this message was passed or other, please open a support request with Cisco IronPort Customer Support with a sample message (File if any) for deeper inspection.
Best,
Kishore

Similar Messages

Best Substitute for Virus Indigo in Logic?

Really would miss Virus Indigo which I use in PT if I went to Logic 8. Is there anything out there that captures the Virus sounds that can be used in Logic?
Thanks
Tom

you should look into ReFX Vanguard.
http://www.refx.net/?page=Vanguard
i think theres even a virus soundset out there somewhere for it.

Error in Reporting Tool : Resource Staistics Report

Hi All,
I have a problem in KM Reporting section.I have been trying for a long time but couldnt arrive at the soln.
Resource Statistics Report :
I create an instant report by clicking on the start button and configure the necessary
details such as Scope [Location of the resources] and other necessary parameters.
After entering all the details, i click on "start" button to begin the Resource Statistics report. The main page of the Resource Statistics Report displays status of the current
report as running.
Here comes the issue..
When i click on the link of the report created instantly, it says "Item not found"
Item not found
/reporting/reports/Content Management/Tools/resource.statistics/1136468617109.xml
The item you are attempting to access is not available. Check that the name or link is correct. You might also check whether the associated repository is currently accessible.
If i refresh the page , the report itself is missing.
Note: If i dont select "List Matching Items " in the parameter list of the report, it gives me a report without listing items.
The same case applies for other reports like "Approval Maintenance Report".
Kindly help.
Thanks in advance,
venkat.

Hi Detlev,
Thanks for your reply.
I am in KMC SP12..
I am doubting whether it would be an installation issue or so..
However i cannot confirm with the same because Time Based Publishing Report is working fine.
For your info:
List of Reports -
Status
Resource Statistics :Item Not found /Report missing
Approval Maintenance:Item Not found /Report missing
Time Based Publishing: Working Fine
Resource Lock Report : Item Not found /Report missing
Virus Scan Report : Error in Execution
Portal Activity Report : Inappropriate result or "0" items found
Kindly Help.
Thanks in advance,
venkat.
Message was edited by: venkat ramana

Looking for a new antivirus for solution for small businesses

here is the link if you want to check it out
https://www.avast.com/avast-for-business

We are currently using Vipre Business Premium at 15-20 of our small business sites and have had many issues with both support and missed viruses/malware. Does anyone have any suggestions for a great product with great support? Sites range from 10 users to 100 users.
Thank You
This topic first appeared in the Spiceworks Community

Window list

hi
my problem is that i want to get the window list in director
means i want to know whihc applications are running and i
want to get list of these running application window
thx reply me fast

Hi Lukewig,
You are right they must be opened some where in my system,
but the list it gives me is too long. Here i am giving you what i
write to get window list in BuddyAPI:
wlist = baWindowList("","", false)
put wlist
[395282, 395284, 4064222, 15598522, 4915774, 65688, 4129430,
65670, 196682, 131192, 65672, 196680, 196678, 393684, 196664,
3539406, 3998288, 5243462, 1835468, 918128, 1573928, 1115364,
3736526, 1639216, 1704724, 2425724, 9175970, 1639010, 65676,
.............., 65674]
After getting this list i use the following code to get the
window captions:
wlist = baWindowList("","", false)
put wlist
repeat with aWindow in wList
if baWindowInfo(aWindow,"title")="" then next repeat
put baWindowInfo(aWindow, "title")
end repeat
--Which gives me:
[65670, 131192, 196682, 65672, 196680, 196678, 393684,
196664, 395282, 395284, 4064222, 15598522, 4915774, 65688, 4129430,
3539406, 3998288, 5243462, 1835468, 918128, 1573928, 1115364,
3736526, 1639216, 1704724, 2425724, 9175970, 1639010, 65676,
1443022, ............, 65674]
--"SysFader"
-- "SysFader"
-- "SysFader"
-- "SysFader"
-- "list - Director MX 2004"
-- "Buddy API"
-- "Timer"
-- "Helix DSWnd"
-- "Messages.log - Notepad"
-- "Untitled - Notepad"
-- "CleanUp Application"
-- "CleanUp Application"
-- "screen-capturing"
-- "Acrobat IEHelper"
-- "Tooltips"
-- "Acrobat IEHelper"
-- "Acrobat IEHelper"
-- "DDE Server Window"
-- "CwndSessionMonitor"
-- "Acrobat IEHelper"
-- "__RNWK__DeviceEventNotification_WindowName_wmdm_device"
-- "HXEngineCommInternal"
-- "MessageBouncer"
-- "Acrobat IEHelper"
-- "Notification Wnd for RNAdmin"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNMSGRAbsConnWindow"
-- "Download Accelerator Plus - DAP"
-- "Dummy Video Parent"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "MSNMSGRAbsConnWindow"
-- "MSNUnnamedWindow"
-- "MSNUnnamedWindow"
-- "DDE Server Window"
-- "MSNUnnamedWindow"
-- "MCI command handling window"
-- "NetscapeDispatchWnd"
-- "XPCOM:EventReceiver"
-- "ymsgr-tray-wnd"
-- "VPIPCLINK"
-- "Scan"
-- "SMax4PNP"
-- "SoundMax4"
-- "ccApp"
-- "Connections Tray"
-- "Dialog"
-- "DAPDownloadManager"
-- "Power Meter"
-- "Missing Virus Definitions"
-- "MS_WebcheckMonitor"
-- "Symantec AntiVirus"
-- "InterBase Server"
-- "InterBase Guardian"
-- "SysFader"
-- "Adobe - Lingo - Mozilla Firefox"
-- "Now Playing"
-- "RealPlayer: 01 - Chand Sifarish - ApniISP.Com"
-- "xtras"
-- "wndxtra"
-- "Program Manager"
You see, how long the list is and what if i now go to detect
windows from my selected list, it off course will take a lot of
memory resources.
Well, besides this i also give a try to mcProFusion to do the
same:
profusion xtra result
program=mcWindowGetList()
put program
-- "list - Director MX 2004
Buddy API
Messages.log - Notepad
Untitled - Notepad
Buddy API Pricing - Microsoft Internet Explorer
Adobe - Lingo - Mozilla Firefox
RealPlayer: 01 - Chand Sifarish - ApniISP.Com
xtras
wndxtra
Program Manager
And this is giving me a short of only those windows which are
presently running on a user system and which a user can see as
well.
So, can you tell me any way to use this buddyAPI to get a
short list of only viewable/presently running window's captions ??
Thanks a lot anyways.
Regards,
Amir

Can't install Elements 12. Running Windows Vista 32 bit. Turned off virus software and firewall. Get message: Installer failed to initialize.This could be due to a missing file!!

Running Windows Vista 32 bit. Turned off virus software and firewall. Get message: Installer failed to initialize.This could be due to a missing file!!

Error "Installer Failed to Initialize" | Install desktop application | Windows

I have not been able to find any information re: the Flashback virus and Apple remedies on the Apple website. Am I missing something?

I have not been able to find any information re: the Flashback virus on the Apple website. Has Apple put out anything on this?

The ‘Flashback Trojan’:
A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The most recent versions bypass any user action and automatically installs itself after an affected website is visited.
http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
(Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.")
Flashback Trojan - Prevention of infection:
In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Safari Preferences/General to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.
The Flashback Trojan does not affect PPC (non-Intel) Macs, nor has it been noted to affect users running Tiger OS 10.4.11 or Leopard OS 10.5.8.
Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection, and works for all users of OS X from Tiger upwards:
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
How to get it:
https://store.opendns.com/get/home-free
Flashback Trojan - Detection and Removal
Users with Intel Macs running Snow Leopard OS 10.6 or Lion OS 10.7 should ensure that they have downloaded all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.
New Macs running Lion do not have either Flash Player nor Java installed. If you running Lion and have not already downloaded and installed Java, you should download the ‘Flashback malware removal tool’ from Apple: http://support.apple.com/kb/HT5246 (356KB) which includes the same code as the Java update that plugged a security hole which allowed the malware to automatically install itself without admin authorization.
You can also use this to check whether you have been infected (for Intel Macs only) and remove it if required:
http://www.macupdate.com/app/mac/42571/anti-flashback-trojan
Flashback Trojan - Detection, and how to remove (with caution) if you are running other browsers than Safari:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

When i ran itunes latest update i got a virus from it and now itunes will not open as it says files are missing. i was able to get rid of the virus.

When I ran an itunes update yesterday it downloaded a virus with it. Was able to remove the virus but itunes will not run now as it says certain files are misssing. What do I do now?

Where did you download the update from?
You may have to uninstall iTunes and re-install it from apple.com/itunes
Here is the article for uninstalling iTunes for Windows XP: http://support.apple.com/kb/ht1925
And the article for Windows Vista/7: http://support.apple.com/kb/ht1923

Password issue - disks missing and can't install new anti-virus -- HELP!!!

Hi,
I've got a Mac Mini and since I moved it appears I lost the Mac disks. I've got some serious issues with the Mini's web-browsing slowing down, maybe virus issues and I need to renew my subscription to my anti-virus to hopefully correct the issue. It appears that I need to know the password, which I never set, but I need one to log-in.
What I understand is that I can reset the password to be able to install my anti-virus, but what I'm seeing is that I can't do it without the disks. How in the world do I correct this issue??? You help will be greatly appreciated.
Thanks,
JimBo

Welcome to Apple Discussions!
There are two issues here, the first being your password. If you can't remember your password and really do need to reset it, you will need your MacOS disk. If you have lost this, it would be wise to get a replacement - you can get these from Apple. Since there are other occasions you might need the original install disk, it's not just for an occasional password reset that you would do well to have one on hand.
It's not clear, however, in this situation why you would suddenly need a password. You say you did not originally set one, which is unlikely since it's one of the first steps in the initial set up of the system. It is of course possible to set a blank password, in which case the password will remain blank of course. The password would be required every time a major install or update was being run.
The second issue is the web-browser slowing down and your thought that this may be virus issues. This is highly unlikely. While there are a few potential Trojans which can gain access to MacOS, none seem to be in wide circulation. There are no viruses. More likely if you're noticing performance issues in your web browser is that you are suffering something more akin to cache issues or possibly a small amount of free drive space. Depending on which antivirus product you already have, it may even be that which is the cause, since this type of software typically adds considerable load to the CPU when running.
That isn't to say antivirus software is a bad idea, because it is better to be prepared than taken by surprise and have no defensive software in the event that MacOS becomes targeted. It's also beneficial to have it if your Mac is in a mixed environment where otherwise you could pass infections unknowingly to Windows systems.
In this situation I would be inclined to do some basic system maintenance using a tool such as YASU, but even that would require your password in order to run. As such, I would first try to clear your browser caches (in Safari, you'll find 'Empty Cache' halfway down the Safari menu) and obtain a replacement install disk from Apple to enable you to get full control of your system if indeed you have a password set and don't know what it is.

There seems to be a visual problem on all webpages, links are missing or invisible, no color on a normally colored page and other visual bits messed up. Tried upgrading and checked all addons and plug ins. Ran virus scans.

Running Mozilla Firefox 3.6.8 on a Toshiba Satellite laptop
MS Windows XP Media Center Edition Version 2002 Service pack 3
The problem started about 2 to 3 weeks ago

See:
*http://kb.mozillazine.org/Website_colors_are_wrong
*http://kb.mozillazine.org/Websites_look_wrong

I purchased an album on iTunes. During the download, my computer restarted after a virus scan. When I got back on iTunes to retrieve the download, some of the songs were missing. So, now I have all but two songs on an album that I have already payed for.

Any suggestions? Other than just buying the last few songs, which I'd like to avoid. The whole getting charged twice for the same item is not ideal.

Store > Check for available downloads
tt2

Where's my missing hard drive space?

I posted earlier about this, it may be a bit off topic but if anyone can offer a clue, I would appreciate it.
I got my win 7 upgrade and was waiting until vista started giving me headaches or the win7 service pack1 came out to upgrade...vista got me to upgrade today and I have to admit it was much less painful than i anticipated.
My question is about the missing hard drive space on my Idea center K230 on the box and on the side of the comp it claims a 640 HD (it claims in small print that up to 18gb may be used for the service partition) I questioned this when i first got it and even after deleting all the preloaded crap it was still saying 540 available out of 580GB....then I read that Lenovo has a huge partition for backup. So when I do my upgrade to win 7- 64 bit, I do a clean install and delete the smaller partition and reformat and expand the larger but before installing the new OS it says I have 596 available, so where the hell is the other 44GB of hard drive...did Lenovo rip us off and put 600GB hard drives in the K230's or is there a hidden partition still left that I cant find?
I am running everything off of my 596GB C: drive, I have my virus stuff and video card extras loaded, everything from the upgrade and 21 available patches and new drivers for most of my stuff....right now I am at at 575gb available and if i can ever find a printer driver that works I will create a backup point or disc from there, whatever win 7 allows. I never wanted the Lenovo one button back up and thought it was stupid to put a big glowing button on the keyboard that wipes your system back to when it came out of the box...I had nightmares of someone getting curious and going "what does this button do?"
.I notice I have a program files folder and a program files (x86) folder with a bunch of redundant files. what's the deal with this is Lenovo still hiding a backup program (maybe in that hidden partition?) that fills my hard drive twice as fast or is there a purpose for the file copies?
Any info on the above questions would be appreciated, and for those of you just looking for upgrade info I have good news, when you finally get your win7 upgrade disc it is the easiest windows installation ever, almost copmpletely automated, and very fast. So far the only sticking point is finding a printer driver, but I have 3 printers i can try, maybe one is supported.

Hi wise2u!
You can read all the details about how storage manufacturers use multiples of 1000 to measure disk space, and Windows reports it in multiples of 1024, and there is some overhead for Windows, or you can just use this rule of thumb from wikipedia:
A general rule of thumb to quickly convert the manufacturer's hard disk capacity to the standard Microsoft Windows formatted capacity is 0.93*capacity of HDD from manufacturer for HDDs less than a terabyte and 0.91*capacity of HDD from manufacturer for HDDs equal to or greater than 1 terabyte.
0.93 * 640GB = 595GB, which is about what you're seeing.
I don't work for Lenovo. I'm a crazy volunteer!

After upgrade to 10.10, can't send email (SMTP cert. error). On previous version running on another machine, can still send find. This new version is missing the "Usual Ports" checkbox option. Can someone please help?

I just upgraded to 10.10. On the mail program, one of my accounts is having an issue sending email. I am getting the following error message:
The certificate for this server is invalid.
Select a different outgoing mail server from the list below or click Try Later to leave the message in your Outbox until it can be sent.
But on another machine running Mavericks, I can still continue to send email. The same is try from my iPhone 5S.
On that machine running Mavericks the SMTP is configured as SSL and for "Usual Ports" (25, 465, 587) but THIS OPTION IS MISSING ON THE NEW VERSION. On the new version I have tried configuring the port to 25 and then 465 and 587 with no success. I have used the Network Utility to see if my provider is blocking me -- it is not. I have no third-party software on this machine (anti virus). I can receive email fine. On the new Yosemitie Mail there are new checkbox options of Automatically check my settings and Allow unsecure connections. I tried to uncheck SSL for SMTP but then it says it cannot send securely my passowrd and i need to check the option "Allow to send unsecurely". I did that but the same error message keeps appearing. So I have tried nearly everything I have been able to, all to no avail. Please can somebody help?

Thanks for your reply. Yes, it is a POP account. Incoming mail is fine. My port for incoming is also 110. But the outgoing port should be 587 (or 24, 465 and 587 as on Mavericks' "Usual Ports" option). I am using the same configuration across three different devices and only the machine running Yosemite is having issues. I notice in the new version of Mail there is no longer the "Usual Ports" option. I am not sure this is the culprit or not. But the fact is no matter how I configure it, it will not send mail for these particular servers. I have multiple clients and only one is affected, meaning I can send email from other email addresses (different hosting contracts) on Yosemite but on this one particular one I cannot.

I can't update Fiefox since update 10.o1 or 10.02. Every time I try to I get the same message, "7 - ZIP File is missing" I don't know how or where to correct this problem. I'd really appreciate any help that corrects this problem. Thanks sovery much,

Missing "7-Zip File"
Hello,
I haven't been able to update Firefox since 10.01 or 10.02 because every time I try I get the same message the "7-ZIP File" is missing. Then the update fails. I've submitted this problem to Mozilla Firefox and, got an immediate reply of " they are researching your problem".
Well, you can tell how long that has been. Is there anything I can do, or any where I can go to get the file I need?
Any constructive help would be very much appreciated! I'm not sure If I'll ever be able to find where this is located. But I do appreciate help just the same.

It is possible that your anti-virus software is corrupting the downloaded files or otherwise interfering with downloading files by Firefox. 
Disable your anti-virus software temporarily to see if that makes installing work.
Download a fresh Firefox copy and save the file to the desktop.
*Firefox 11.0.x: http://www.mozilla.org/en-US/firefox/all.html
Uninstall your current Firefox version, if possible.
*Do NOT remove personal data when you uninstall the current version or you lose your bookmarks and other data because all profile folders will be removed.
Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
*It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
*http://kb.mozillazine.org/Uninstalling_Firefox
Your bookmarks and other profile data are stored elsewhere in the Firefox Profile Folder and won't be affected by a reinstall, but make sure that you do not select to remove personal data if you uninstall Firefox.
*http://kb.mozillazine.org/Profile_folder_-_Firefox
*http://kb.mozillazine.org/Profile_backup
*http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Clean_reinstall

ClamAV fails to scan for viruses in emails [CLAWS MAIL]

I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Here's my clamd.conf:
## Please read the clamd.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
#ExtendedDetectionInfo yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# Only load the official signatures published by the ClamAV project.
# Default: no
OfficialDatabaseOnly yes
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/lib/clamav/clamd.sock
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
LocalSocketGroup clamav
# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660
# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 25M
#StreamMaxLength 10M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
#ReadTimeout 300
# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn't provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
# Keep this value low to prevent clamd hanging
# Default: 500
#SendBufTimeout 200
# Maximum number of queued items (including those being processed by MaxThreads threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
# Default: 100
#MaxQueue 200
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath ^/proc/
#ExcludePath ^/sys/
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Scan files and directories on other filesystems.
# Default: yes
#CrossFilesystems yes
# Perform a database check.
# Default: 600 (10 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# Detect Possibly Unwanted Applications.
# Default: no
#DetectPUA yes
# Exclude a specific PUA category. This directive can be used multiple times.
# See http://www.clamav.net/support/pua for the complete list of PUA
# categories.
# Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
#ExcludePUA PWTool
# Only include a specific PUA category. This directive can be used multiple
# times.
# Default: Load all categories (if DetectPUA is activated)
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes
## Executable files
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite. If you turn off this option, the original files will still be
# scanned, but without additional processing.
# Default: yes
#ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
## Documents
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanOLE2 yes
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros no
# This option enables scanning within PDF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
#ScanPDF yes
## Mail files
# Enable internal e-mail scanner.
# If you turn off this option, the original files will still be scanned, but
# without parsing individual messages/attachments.
# Default: yes
#ScanMail yes
# Scan RFC1341 messages split over many emails.
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#ScanPartialMessages yes
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockCloak no
# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
# scan-time.
# When disabled, virus/phish detected by heuristic scans will be reported only at
# the end of a scan. If an archive contains both a heuristically detected
# virus/phish, and a real malware, the real malware will be reported
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found first,
# the scan is interrupted immediately, regardless of this config option.
# Default: no
#HeuristicScanPrecedence yes
## Data Loss Prevention (DLP)
# Enable the DLP module
# Default: No
#StructuredDataDetection yes
# This option sets the lowest number of Credit Card numbers found in a file
# to generate a detect.
# Default: 3
#StructuredMinCreditCardCount 5
# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxx-yy-zzzz
# Default: yes
#StructuredSSNFormatNormal yes
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxxyyzzzz
# Default: no
#StructuredSSNFormatStripped yes
## HTML
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
#ScanHTML yes
## Archives
# ClamAV can scan within archives and compressed files.
# If you turn off this option, the original files will still be scanned, but
# without unpacking and additional processing.
# Default: yes
#ScanArchive yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
## Limits
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
#MaxScanSize 150M
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Note: setting this limit too high may result in severe damage to the system.
# Default: 16
#MaxRecursion 10
# Number of files to be scanned within an archive, a document, or any other
# container file.
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10000
#MaxFiles 15000
## Clamuko settings
# Enable Clamuko. Dazuko must be configured and running. Clamuko supports
# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
# is the preferred option. For more information please visit www.dazuko.org
# Default: no
#ClamukoScanOnAccess yes
# The number of scanner threads that will be started (DazukoFS only).
# Having multiple scanner threads allows Clamuko to serve multiple
# processes simultaneously. This is particularly beneficial on SMP machines.
# Default: 3
#ClamukoScannerCount 3
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M
# Set access mask for Clamuko (Dazuko only).
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line. (Dazuko only)
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
# Default: disabled
#ClamukoExcludePath /home/bofh
# With this option you can whitelist specific UIDs. Processes with these UIDs
# will be able to access all files.
# This option can be used multiple times (one per line).
# Default: disabled
#ClamukoExcludeUID 0
# With this option enabled ClamAV will load bytecode from the database.
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
# Default: yes
#Bytecode yes
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
# This value is only available if clamav was built with --enable-debug!
# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
# insert runtime safety checks for bytecode loaded from other sources
# Paranoid - don't trust any bytecode, insert runtime checks for all
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
# Note that by default only signed bytecode is loaded, currently you can only
# load unsigned bytecode in --enable-debug mode.
# Default: TrustSigned
#BytecodeSecurity TrustSigned
# Set bytecode timeout in miliseconds.
# Default: 5000
# BytecodeTimeout 1000
My freshclam.conf:
## Please read the freshclam.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
#LogTime yes
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Use system logger (can work together with UpdateLogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# This option allows you to save the process identifier of the daemon
# Default: disabled
#PidFile /var/run/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
#AllowSupplementaryGroups yes
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# WARNING: Do not touch it unless you're configuring freshclam to use your
# own database verification domain.
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# You can use db.XY.ipv6.clamav.net for IPv6 connections.
#DatabaseMirror db.XY.clamav.net
# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5
# With this option you can control scripted updates. It's highly recommended
# to keep it enabled.
# Default: yes
#ScriptedUpdates yes
# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no
# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb
# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd
# Send the RELOAD command to clamd.
# Default: no
NotifyClamd /etc/clamav/clamd.conf
# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command
# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command
# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60
# Timeout in seconds when reading from database server.
# Default: 30
#ReceiveTimeout 60
# With this option enabled, freshclam will attempt to load new
# databases into memory to make sure they are properly handled
# by libclamav before replacing the old ones.
# Default: yes
#TestDatabases yes
# When enabled freshclam will submit statistics to the ClamAV Project about
# the latest virus detections in your environment. The ClamAV maintainers
# will then use this data to determine what types of malware are the most
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
#SubmitDetectionStats /path/to/clamd.conf
# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
# your IP address to determine the geographical origin of the malware
# reported by your installation. If this installation is mainly used to
# scan data which comes from a different location, please enable this
# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
# of the country of origin.
# Default: disabled
#DetectionStatsCountry country-code
# This option enables support for our "Personal Statistics" service.
# When this option is enabled, the information on malware detected by
# your clamd installation is made available to you through our website.
# To get your HostID, log on http://www.stats.clamav.net and add a new
# host to your host list. Once you have the HostID, uncomment this option
# and paste the HostID here. As soon as your freshclam starts submitting
# information to our stats collecting service, you will be able to view
# the statistics of this clamd installation by logging into
# http://www.stats.clamav.net with the same credentials you used to
# generate the HostID. For more information refer to:
# http://www.clamav.net/support/faq/faq-cctts/
# This feature requires SubmitDetectionStats to be enabled.
# Default: disabled
#DetectionStatsHostID unique-id
# This option enables support for Google Safe Browsing. When activated for
# the first time, freshclam will download a new database file (safebrowsing.cvd)
# which will be automatically loaded by clamd and clamscan during the next
# reload, provided that the heuristic phishing detection is turned on. This
# database includes information about websites that may be phishing sites or
# possible sources of malware. When using this option, it's mandatory to run
# freshclam at least every 30 minutes.
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
# database and its updates but all the contents are provided under Google's
# terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
# and http://safebrowsing.clamav.net for more information.
# Default: disabled
#SafeBrowsing yes
# This option enables downloading of bytecode.cvd, which includes additional
# detection mechanisms and improvements to the ClamAV engine.
# Default: enabled
#Bytecode yes
# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors. Here you can find a list of available databases:
# http://www.clamav.net/download/cvd/3rdparty
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2
Any help is much appreciated.

MatejLach wrote:
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

Missed Viruses?

Similar Messages

Maybe you are looking for