Re: Thoughts about finding viruses in email inboxes
- From: Ray Parrish <crp@xxxxxxx>
- Date: Sun, 05 Apr 2009 00:00:54 -0700
David M. Karr wrote:
Leonard Chatagnier wrote:I just had a look at those instructions, and if you followed them to the
--- On Sat, 4/4/09, David M. Karr <davidmichaelkarr@xxxxxxxxx> wrote:I followed the instructions at
From: David M. Karr <davidmichaelkarr@xxxxxxxxx>I'm not real sure what you are looking for but I know that NoOP is gone for the weekend, sailing, and wont be back until Monday. If you are looking for the cli commands for BD they are:
Subject: Re: Thoughts about finding viruses in email inboxes
To: "Ubuntu user technical support, not for general discussions" <ubuntu-users@xxxxxxxxxxxxxxxx>
Date: Saturday, April 4, 2009, 6:07 PM
<div id=yiv1158907843><!DOCTYPE html PUBLIC
"-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
NoOp wrote:
<blockquote type="cite">
<pre>On 03/29/2009 12:13 PM, David M. Karr wrote:
</pre>
<blockquote type="cite">
<pre>Ok, I can see that there's one detail
that I didn't specifically say
here. I thought it was obvious, so I didn't mention
it. I think it
wasn't obvious to some of you.
I'm not having trouble with clamav telling me what FILE
a virus is in.
The report is clear on that. The problem is that the IMAP
INBOX file is
a formatted file containing many email messages. What
I'm looking for
is some sort of ability to introspect into the mailbox
format in the
clamav report so that I can tell which email message
contains the
virus. I certainly am not going to run clamav in
"auto-remove" mode, as
it would remove my entire inbox.
</pre>
</blockquote>
<pre>
David, BitDefender for Unices, at least on POP3 mailbox
files, will tell
you the exact msg number, the subject of the email(s), and
the time
stamp on the email(s) within the file. I expect that it
will do the same
for an IMAP file. I don't have an IMAP so I can't
test.
I just test scanned an email archive with both clamav and
BitDefender;
result was that clamav identified 4 issues that supposedly
contained:
'Phishing.Heuistics.Email.SpoofedDomain and
Email.Phishing.DblDom-138' no trojans or viri found.
ClamAV entirely
missed trojan signatures in the files. Further, clamav
didn't provide
any further information beyond the file location and the
above.
BitDefender not only properly found folders with a trojan
signature
('Trojan.Iframe.AV'), but also identified exactly
which emails within
the 17+MB file were at issue. I was then able to open up
the file in
gedit, identify the the emails within the file by subject
& time stamp,
and edit them out by hand. I could have of course opened
the file in
SeaMonkey (my email client) and deleted them that way as I
know the
exact msg numbers, subjects and times. I happen to know
exactly what the
trojan signatures were/are in the archived email file as
they were
emails that I had sent/received regarding that particular
Iframe
exploit, so there was no false positive.
I very much recommend exploring BitDefender - see my post
to Leonard in
this thread for links etc. You can use cli or gui, set cron
scans, scan
incoming on Evolution, Pine, etc., use scripts, scan across
Samba, etc.
It's (IMO) worth a look. 32bit and 64bit versions are
available.
Disclaimer: I also use BD comercial licenses to scan
Windows servers for
my customers for years, and my personal use machines (linux
and
windows); beyond that I've no other relationship with
BD.
</pre>
</blockquote>
I accidentally lost the reply you added after this, but I
read it in
the archives.<br>
<br>
As I suspected, there seems to be some issue with the
variation of
BitDefender that I installed. I followed the
instructions at <<a rel="nofollow"
target="_blank"
href="http://download.bitdefender.com/repos/#";>http://download.bitdefender.com/repos/#</a>>,
but I don't have a "BitDefender" entry in
"Applications"->"System
Tools", and I don't have a "bdgui"
executable. The following is the
contents of "/opt/BitDefender/bin":<br>
<br>
davidkarr@davidkarr-desktop$ ls
/opt/BitDefender/bin<br>
./
bdcharts* bdlived*
bdmond* bdsafe.bin* bdsu*<br>
../
bdcourier*
bdlogd* bdqmail*
bdscand*
common-setup.sh*<br>
bd*
bdemagentd*
bdmaild* bdregd*
bdsmtpd*
mail-setup.sh*<br>
bdcgated* bdemclientd* bdmilterd*
bdsafe@ bdsnmpd*<br>
<br>
I have no "update-menus" executable (I looked
everywhere), if that's
relevant.<br>
<br>
bdscan for the cli and
bdgui for the gui but starting it from the cli. The menu item for BDSCAN is called Antimalware Scanner and just below the main title is Bit Defender Scanner greyed out. It had a red icon globe that is serated. At least that is how it appears on my Intrepid Kubuntu desktop using the 64 bit version. Use the above cli commands with the --help option to see what the available options are or read the manuals.
I'm not sure but it appears that you downloaded BD from their site. You can download it from ubuntu by adding the following to your sources.list or in software sources:
deb http://download.bitdefender.com/repos/deb/ bitdefender non-free
I can attest that BD is significantly faster scanning than clamscan is as NoOp pointed out. HTH.
Leonard Chatagnier
lenc5570@xxxxxxxxxxxxx
<http://download.bitdefender.com/repos/#> , which references the line
you refer to. It didn't give me any of the command-line tools.
letter, all you have installed so far is the email scanning portion of
Bit Defender. I don't know how hung up you are on using the command
line, and apt-get, but my recommendation would be to open Synaptic
Package Manager from your System, Administration menu, and use it to get
the rest of the Bit Defender packages.
With Synaptic, you can use it's Search box to search on "Title Only"
[which is fastest] for the string "bd" since all of their packages seem
to start with those two letters, then check mark all of the matching
packages, that say they are part of Bit Defender in their descriptions.
Next just click "Apply" to get the install under way.
I'm pretty sure that the same sources.list in use by apt-get, is used by
Synaptic, so the Bit Defender repository should already be enabled, and
upon starting up Synaptic does a repository update immediately, so the
package list it uses is always up to date when you begin using it.
Once the installation completes, you will be able to select any of the
Bit Defender packages installed, and then select their "Installed Files"
tab to see where everything has been put. That comes in pretty handy
when the occasional poorly written package doesn't install itself to the
menu as it should.
The other day I installed two GUI front ends for the nmap networking
security tool, and neither of them installed themselves to the menu, so
I had to do that part for them.
Hope this helps!
Later, Ray Parrish
--
Human reviewed index of links about the computer
http://www.rayslinks.com
Poetry from the mind of a Schizophrenic
http://www.writingsoftheschizophrenic.com/
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- References:
- Re: Thoughts about finding viruses in email inboxes
- From: Leonard Chatagnier
- Re: Thoughts about finding viruses in email inboxes
- From: David M. Karr
- Re: Thoughts about finding viruses in email inboxes
- Prev by Date: Re: Notebook video card help
- Next by Date: Re: Volume control on panel no longer has effect [SOLVED]
- Previous by thread: Re: Thoughts about finding viruses in email inboxes
- Next by thread: Re: Thoughts about finding viruses in email inboxes
- Index(es):
Relevant Pages
|
