On Friday 16 May 2014 02:36:28 Greg Folkert did opine And Gene did reply: > On Fri, 2014-05-16 at 02:03 -0400, Gene Heskett wrote: > > On Friday 16 May 2014 00:59:44 Al Varnell did opine > > > > And Gene did reply: > > > UNOFFICIAL means it did not come from ClamAVآ®. > > > > > > You need to take it up with whomever maintains the MBL database. > > > MalwarePatrol? <http://malwarepatrol.com.br/> > > > > I don't recall every subscribing to that service, and the clamav- > > unofficial sigs database is not installed, and never has been. > > > > Now what? Shut down my daily scan? > > Since the MalWarebytes signatures are not a defaulted thing... you have > either added them or you don't control you server doing the work.
No one has access to this machine but the wife, and she is best described as computer illiterate. > I seriously doubt someone would break in and *ADD* a malware detection > signature group to your Anti-virus package. You are probably going to > tell me, you've never had to put updates on you server either... > somehow they miraculously are up to date all the time. Not to any "3rd party" database. > > If you've never subscribed... then how is it they are active? > > Come on Gene, you are being in-genuine. The only thing running here that would modify it is freshclam, and I have to do that by hand because it won't run when the server is running. All installed on a Ubu 10.04.4 LTS but running a much newer PAE kernel I built myself since that fixed kernel, with the RTAI patchkit for running real time machinery is non PAE & runs itself into swap, gigabytes of it, in a weeks uptime. This 3.13.6 PAE kernel is up 28 days, no swap used. Currently running clamav 98.1. And sometimes its a month or more before I remember to go thru the monkey business of running freshclam. IMO the /etc/init.d/freshclam script needs help. Or does it... I just looked at the logs and freshclam is running fine. And the only thing its updateing are are Fri May 16 05:45:34 2014 -> Received signal: wake up Fri May 16 05:45:34 2014 -> ClamAV update process started at Fri May 16 05:45:34 2014 Fri May 16 05:45:34 2014 -> WARNING: Your ClamAV installation is OUTDATED! Fri May 16 05:45:34 2014 -> WARNING: Local version: 0.98.1 Recommended version: 0.98.3 Fri May 16 05:45:34 2014 -> DON'T PANIC! Read http://www.clamav.net/support/faq Fri May 16 05:45:34 2014 -> main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Fri May 16 05:45:34 2014 -> daily.cld is up to date (version: 18994, sigs: 955193, f-level: 63, builder: neo) Fri May 16 05:45:34 2014 -> bytecode.cld is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard) I wonder if its leftovers from an earlier version, I just found this in /var/log -rw-r----- 1 1002 adm 0 2013-08-25 07:50 clamav-unofficial-sigs.log -rw-r----- 1 nut adm 5348 2013-08-19 09:48 clamav-unofficial-sigs.log.1.gz -rw-r----- 1 nut adm 30209 2013-08-18 07:48 clamav-unofficial-sigs.log.2.gz -rw-r----- 1 nut adm 30892 2013-08-11 07:52 clamav-unofficial-sigs.log.3.gz -rw-r----- 1 nut adm 30966 2013-08-04 07:47 clamav-unofficial-sigs.log.4.gz Nuked. But these are present in the /var/lib/clamav, many with very old dates. gene@coyote:/var/lib/clamav$ ls -l total 354304 -rw-r--r-- 1 clamav clamav 345088 2014-02-05 13:40 bytecode.cld drwxr-xr-x 2 clamav clamav 4096 2014-03-23 07:54 clamav-2c00c5c2129988711737e93c020e28cf.tmp drwxr-xr-x 2 clamav adm 4096 2012-08-15 06:04 clamav-46760fb1e0747d92dd2203ce929dc31d drwxr-xr-x 3 clamav adm 4096 2013-04-21 07:49 clamav-8167662b749f8b202edfcf6bfa2e4fda -rw-r----- 1 clamav adm 556 2013-08-29 10:36 clamd.log -rw-r--r-- 1 clamav clamav 61116416 2014-05-15 23:44 daily.cld -rw-r--r-- 1 clamav adm 75964928 2013-05-03 13:17 daily.cld.broken -rw-r----- 1 clamav adm 534738 2014-05-15 21:37 freshclam.log -rw-r--r-- 1 clamav adm 52824 2012-07-09 06:48 honeynet.hdb -rw-r--r-- 1 clamav adm 5958972 2013-05-03 07:51 junk.ndb -rw-r--r-- 1 clamav adm 1151743 2013-05-03 22:53 jurlbl.ndb -rw-r--r-- 1 clamav adm 163468288 2014-01-27 09:35 main.cld -rw-r--r-- 1 clamav adm 30750647 2012-07-09 06:24 main.cvd.broken -rw-r--r-- 1 clamav adm 567741 2013-05-04 01:48 mbl.ndb JUST NUKED -rw------- 1 clamav adm 1196 2014-05-16 05:45 mirrors.dat -rw-r--r-- 1 clamav adm 3357382 2013-05-02 06:53 phish.ndb -rw-r--r-- 1 clamav adm 106552 2013-05-03 15:51 rogue.hdb -rw-r--r-- 1 clamav adm 9164 2012-06-19 04:56 sanesecurity.ftm -rw-r--r-- 1 clamav adm 1823865 2013-04-30 07:53 scam.ndb -rw-r--r-- 1 clamav adm 14773597 2013-05-03 12:48 securiteinfo.hdb -rw-r--r-- 1 clamav adm 57676 2012-03-02 07:22 spamimg.hdb -rw-r--r-- 1 clamav adm 724108 2012-07-09 06:48 vx.hdb -rw-r--r-- 1 clamav adm 1429116 2013-05-02 13:45 winnow_malware.hdb -rw-r--r-- 1 clamav adm 551664 2013-05-02 13:45 winnow_malware_links.ndb I'll see if the one I just nuked comes back. So I am not trying to pull your leg, but this is a very old install. It may have cruft I have long since forgotten. I will jump to 14.04.1 LTS when that respin becomes available. On a freshly formatted drive. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
