>That is because there is *NO* A record only a TXT record exists for the >"current.cvd.clamav.net".
>After thinking about this critically, in my opinion, it doesn't really >matter... since nobody is trying to resolve the A record only getting >the TXT record for it. >-- >greg folkert - systems administration and support Ok thanks. I am a noob, and got the impression that the TTL on that TXT record influenced database update frequency. On my local instance of DNSmasq, the cached result is: # current.cvd.clamav.net. 0 IN A 67.215.65.132 I guess I just have fun barking up trees. (there are lots of them! ;) Peace, Jim A. On Wed, Jun 19, 2013 at 6:00 AM, <clamav-users-requ...@lists.clamav.net>wrote: > Send clamav-users mailing list submissions to > clamav-users@lists.clamav.net > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > or, via email, send a message with subject or body 'help' to > clamav-users-requ...@lists.clamav.net > > You can reach the person managing the list at > clamav-users-ow...@lists.clamav.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of clamav-users digest..." > > Today's Topics: > > 1. OpenDNS (Jim Alles) > 2. Re: Availability of virus pettern for solaris (Dennis Peterson) > 3. Re: OpenDNS (Greg Folkert) > 4. Re: Availability of virus pettern for solaris (Alain Zidouemba) > 5. Re: Availability of virus pettern for solaris (Dennis Peterson) > 6. Re: Availability of virus pettern for solaris (Joel Esler) > 7. Re: Availability of virus pettern for solaris (Greg Folkert) > 8. Re: Availability of virus pettern for solaris (Dennis Peterson) > 9. Re: Availability of virus pettern for solaris (T. Habich) > 10. Re: Availability of virus pettern for solaris (Joel Esler) > 11. Re: Availability of virus pettern for solaris > (Christopher X. Candreva) > 12. Re: Availability of virus pettern for solaris (Rick Macdougall) > > > ---------- Forwarded message ---------- > From: Jim Alles <kb3...@gmail.com> > To: clamav-users@lists.clamav.net > Cc: > Date: Tue, 18 Jun 2013 10:18:00 -0400 > Subject: [clamav-users] OpenDNS > I have found that *OpenDNS <http://www.opendns.com/support/cache/ > >*resolves > *current.cvd.clamav.net* to their server at > > - 67.215.65.132 > > Updates work, but the TTL is set to 0 by them. > > I have opened a ticket to them. > > > Jim Alles > an Untangle user. > > > > ---------- Forwarded message ---------- > From: Dennis Peterson <denni...@inetnw.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 07:52:38 -0700 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On 6/14/13 8:40:16PM, Benny Pedersen wrote: > >> Toni Habich skrev den 2013-06-13 13:56: >> >>> is there any virus or common malware for solaris at all? >>>> >>> i don't know. and that's the point. so I ask again - are there any virus >>> patterns for solaris 10 in the clamav pattern db??? >>> >> >> first define what is a virus on solaris, is it elf or something else ? >> >> The answer to the OP's question, paraphrased, 'are there any signatures > in the ClamAV db files that address Solaris 10 exploits?', is a simple > yes/no. The Sourcefire people can answer. Perhaps detecting it is as simple > as them having included "Solaris" in the signature name which would allow > sigtool to reveal it. Perhaps not. > > dp > > > > ---------- Forwarded message ---------- > From: Greg Folkert <g...@donor.com> > To: clamav-users@lists.clamav.net > Cc: > Date: Tue, 18 Jun 2013 10:52:42 -0400 > Subject: Re: [clamav-users] OpenDNS > On Tue, 2013-06-18 at 10:18 -0400, Jim Alles wrote: > > I have found that *OpenDNS <http://www.opendns.com/support/cache/ > >*resolves > > *current.cvd.clamav.net* to their server at > > > > - 67.215.65.132 > > > > Updates work, but the TTL is set to 0 by them. > > > > I have opened a ticket to them. > > That is because there is *NO* A record only a TXT record exists for the > "current.cvd.clamav.net". > > After thinking about this critically, in my opinion, it doesn't really > matter... since nobody is trying to resolve the A record only getting > the TXT record for it. > -- > greg folkert - systems administration and support > web: donor.com > email: g...@donor.com > phone: 877-751-3300 x416 > direct: 616-328-6449 (direct dial and fax) > "It's always too early to quit." > -- Norman Vincent Peale > > > > > ---------- Forwarded message ---------- > From: Alain Zidouemba <azidoue...@sourcefire.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 11:08:57 -0400 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > As Joel Esler mentioned before, there are signatures for UNIX malware in > the official ClamAV DB. > > - Alain > > > > ---------- Forwarded message ---------- > From: Dennis Peterson <denni...@inetnw.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 12:22:52 -0700 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On 6/18/13 8:08 AM, Alain Zidouemba wrote: > >> As Joel Esler mentioned before, there are signatures for UNIX malware in >> the official ClamAV DB. >> >> - Alain >> > > > You would think such a simple question would have a simple answer. UNIX is > not Solaris. Solaris is one of a few UNIX's around. Are the UNIX signatures > for Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there are > or not to someone seeking Solaris 10 information, actually. Are there any > for Solaris 10? > > dp > > > > ---------- Forwarded message ---------- > From: Joel Esler <jes...@sourcefire.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 15:30:01 -0400 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On Jun 18, 2013, at 3:22 PM, Dennis Peterson <denni...@inetnw.com> wrote: > > > On 6/18/13 8:08 AM, Alain Zidouemba wrote: > >> As Joel Esler mentioned before, there are signatures for UNIX malware in > >> the official ClamAV DB. > >> > >> - Alain > > > > > > You would think such a simple question would have a simple answer. UNIX > is not Solaris. Solaris is one of a few UNIX's around. Are the UNIX > signatures for Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if > there are or not to someone seeking Solaris 10 information, actually. Are > there any for Solaris 10? > > UNIX is not Solaris. Solaris is a UNIX. If a piece of malware or PUA, > etc, can be installed and ran on Unix or any of the variants (including > Solaris) you mentioned above, then yes, we ship detection for it. > > Are they tagged specifically "Solaris"? No. We tag malware with what it > affects and the family. For example, Win.Trojan.Whatever. ("Whatever" > being the name of the Trojan, that runs on Windows). We don't tag stuff as > "WinXP.Trojan.Whatever". > > > > -- > Joel Esler > Senior Research Engineer, VRT > OpenSource Community Manager > Sourcefire > > > ---------- Forwarded message ---------- > From: Greg Folkert <g...@donor.com> > To: clamav-users@lists.clamav.net > Cc: > Date: Tue, 18 Jun 2013 15:35:05 -0400 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On Tue, 2013-06-18 at 12:22 -0700, Dennis Peterson wrote: > > On 6/18/13 8:08 AM, Alain Zidouemba wrote: > > > As Joel Esler mentioned before, there are signatures for UNIX malware > in > > > the official ClamAV DB. > > > > > > - Alain > > > > > > You would think such a simple question would have a simple answer. UNIX > is not > > Solaris. Solaris is one of a few UNIX's around. Are the UNIX signatures > for > > Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there are > or not to > > someone seeking Solaris 10 information, actually. Are there any for > Solaris 10? > > > > dp > > How about you download the signatures, decompress them and quickly scan > them yourself? It seems as though this is a simple thing to do. Yes? I > mean you probably already have the files local in your installation... > why does someone else have to do something for you? > > Why all the noise? I don't think Joel's answer was specific enough for > you... as Joel Esler responded earlier: > > There are patterns for almost all operating systems in the > ClamAV db. > > Why is it lately a lot of people (in many many disciplines) just want an > ANSWER and don't want to understand how to get the answer... themselves? > > I'll be quiet now. > -- > greg folkert - systems administration and support > web: donor.com > email: g...@donor.com > phone: 877-751-3300 x416 > direct: 616-328-6449 (direct dial and fax) > "It's always too early to quit." > -- Norman Vincent Peale > > > > > ---------- Forwarded message ---------- > From: Dennis Peterson <denni...@inetnw.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 12:53:36 -0700 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On 6/18/13 12:35 PM, Greg Folkert wrote: > >> On Tue, 2013-06-18 at 12:22 -0700, Dennis Peterson wrote: >> >>> On 6/18/13 8:08 AM, Alain Zidouemba wrote: >>> >>>> As Joel Esler mentioned before, there are signatures for UNIX malware in >>>> the official ClamAV DB. >>>> >>>> - Alain >>>> >>> >>> >>> You would think such a simple question would have a simple answer. UNIX >>> is not >>> Solaris. Solaris is one of a few UNIX's around. Are the UNIX signatures >>> for >>> Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there are >>> or not to >>> someone seeking Solaris 10 information, actually. Are there any for >>> Solaris 10? >>> >>> dp >>> >> >> How about you download the signatures, decompress them and quickly scan >> them yourself? It seems as though this is a simple thing to do. Yes? I >> mean you probably already have the files local in your installation... >> why does someone else have to do something for you? >> >> Why all the noise? I don't think Joel's answer was specific enough for >> you... as Joel Esler responded earlier: >> >> There are patterns for almost all operating systems in the >> ClamAV db. >> >> Why is it lately a lot of people (in many many disciplines) just want an >> ANSWER and don't want to understand how to get the answer... themselves? >> >> I'll be quiet now. >> >> > Does "almost all operating systems" include Solaris 10? I've done my > homework and know the answer, actually. Did that years ago. I think unless > you know the the signature name by policy specifically indicates an OS > family and specific version you can't assume anything about the names and > where the signatures apply. That's why Sourcefire is the best group to ask > the question about Solaris 10, specifically. Why the noise? Nobody answered > the question. Those answers were noise. I don't have any particular > interest in the answer but did want to help get the OPs exact question > answered. And maybe I'm just bored, too. With retirement comes a lot of > free time. Or maybe this exchange will help people be better communicators. > No guarantees. > > The answer is no, but Sourcefire can validate that. > > dp > > > > ---------- Forwarded message ---------- > From: "T. Habich" <elbenchi...@googlemail.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 22:03:27 +0200 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > hello, > > so could we all qalm down, please. the intention for my question was an > plausible explanation for the security requirement of using a virus scanner > on a normal solaris that doesn't work as a mail or samba server... > so i will have a look at the clamav pattern db to extract the unix > specific patterns. > > thx > > > > Greg Folkert <g...@donor.com> schrieb: > > >On Tue, 2013-06-18 at 12:22 -0700, Dennis Peterson wrote: > >> On 6/18/13 8:08 AM, Alain Zidouemba wrote: > >> > As Joel Esler mentioned before, there are signatures for UNIX > >malware in > >> > the official ClamAV DB. > >> > > >> > - Alain > >> > >> > >> You would think such a simple question would have a simple answer. > >UNIX is not > >> Solaris. Solaris is one of a few UNIX's around. Are the UNIX > >signatures for > >> Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there > >are or not to > >> someone seeking Solaris 10 information, actually. Are there any for > >Solaris 10? > >> > >> dp > > > >How about you download the signatures, decompress them and quickly scan > >them yourself? It seems as though this is a simple thing to do. Yes? I > >mean you probably already have the files local in your installation... > >why does someone else have to do something for you? > > > >Why all the noise? I don't think Joel's answer was specific enough for > >you... as Joel Esler responded earlier: > > > > There are patterns for almost all operating systems in the > > ClamAV db. > > > >Why is it lately a lot of people (in many many disciplines) just want > >an > >ANSWER and don't want to understand how to get the answer... > >themselves? > > > >I'll be quiet now. > >-- > >greg folkert - systems administration and support > >web: donor.com > >email: g...@donor.com > >phone: 877-751-3300 x416 > >direct: 616-328-6449 (direct dial and fax) > >"It's always too early to quit." > > -- Norman Vincent Peale > > > >_______________________________________________ > >Help us build a comprehensive ClamAV guide: visit > >http://wiki.clamav.net > >http://www.clamav.net/support/ml > > -- > Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail > gesendet. > > > ---------- Forwarded message ---------- > From: Joel Esler <jes...@sourcefire.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 16:23:46 -0400 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On Jun 18, 2013, at 3:53 PM, Dennis Peterson <denni...@inetnw.com> wrote: > > > Does "almost all operating systems" include Solaris 10? > > If I would have written back and said "ClamAV's db includes detection for > malware on all operating systems" someone would have wrote back and said > "all operating systems? srsly? 4real? all?" > > Sorry if I wasn't super clear. > > J > > > ---------- Forwarded message ---------- > From: "Christopher X. Candreva" <ch...@westnet.com> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: > Date: Tue, 18 Jun 2013 16:34:53 -0400 (EDT) > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On Tue, 18 Jun 2013, Joel Esler wrote: > > > If I would have written back and said "ClamAV's db includes detection for > > malware on all operating systems" someone would have wrote back and said > > "all operating systems? srsly? 4real? all?" > > OK, who has some old Apple ][ boot sector viruses so we can actually claim > all ? > > ========================================================== > Chris Candreva -- ch...@westnet.com -- (914) 948-3162 > WestNet Internet Services of Westchester > http://www.westnet.com/ > > > > ---------- Forwarded message ---------- > From: Rick Macdougall <ri...@ummm-beer.com> > To: clamav-users@lists.clamav.net > Cc: > Date: Tue, 18 Jun 2013 16:49:47 -0400 > Subject: Re: [clamav-users] Availability of virus pettern for solaris > On 2013-06-18 4:34 PM, Christopher X. Candreva wrote: > >> On Tue, 18 Jun 2013, Joel Esler wrote: >> >> If I would have written back and said "ClamAV's db includes detection for >>> malware on all operating systems" someone would have wrote back and said >>> "all operating systems? srsly? 4real? all?" >>> >> >> OK, who has some old Apple ][ boot sector viruses so we can actually claim >> all ? >> >> > I actually do but I have no way to read the old disks. Even then, they > might not still be readable after all this time. > > Rick > > > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
