Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Sat, 02 Apr 2016 20:56:53 -0700 

Hi Al,

On 3/04/2016 12:34 PM, Alain Zidouemba wrote:
> Are you up to date with your signatures? Email.Phishing.DblDom-60 was
> removed on 4/1/2016.

Okay, using older Wheezy, not yet updated to 7.10 ... that will probably
update things.
  [doing the update to 7.10 now]

Also added in missing wheezy/updates entry for apt-get

   deb http://mirror.aarnet.edu.au/debian/     wheezy-updates main
contrib non-free



Before the update, the logs show the following:

# cat clamav.log
Sun Apr  3 06:53:25 2016 -> SelfCheck: Database status OK.
Sun Apr  3 07:54:33 2016 -> SelfCheck: Database status OK.
Sun Apr  3 08:54:51 2016 -> SelfCheck: Database status OK.
Sun Apr  3 09:56:15 2016 -> SelfCheck: Database status OK.
Sun Apr  3 10:56:21 2016 -> SelfCheck: Database status OK.
Sun Apr  3 11:58:40 2016 -> SelfCheck: Database status OK.
Sun Apr  3 13:00:37 2016 -> SelfCheck: Database status OK.


# tail freshclam.log
Sun Apr  3 12:26:22 2016 -> --------------------------------------
Sun Apr  3 13:26:22 2016 -> Received signal: wake up
Sun Apr  3 13:26:22 2016 -> ClamAV update process started at Sun Apr  3
13:26:22 2016
Sun Apr  3 13:26:22 2016 -> WARNING: Your ClamAV installation is OUTDATED!
Sun Apr  3 13:26:22 2016 -> WARNING: Local version: 0.98.7 Recommended
version: 0.99.1
Sun Apr  3 13:26:22 2016 -> DON'T PANIC! Read
http://www.clamav.net/support/faq
Sun Apr  3 13:26:22 2016 -> main.cvd is up to date (version: 57, sigs:
4218790, f-level: 60, builder: amishhammer)
Sun Apr  3 13:26:22 2016 -> daily.cld is up to date (version: 21484,
sigs: 83932, f-level: 63, builder: neo)
Sun Apr  3 13:26:22 2016 -> bytecode.cvd is up to date (version: 275,
sigs: 45, f-level: 63, builder: amishhammer)
Sun Apr  3 13:26:29 2016 -> --------------------------------------


So, the signatures appear to be up to date from those logs.

> FYI:
> 
> $ echo -n 'Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d' | sigtool
> --decode-sigs
> VIRUS NAME: Email.Phishing.DblDom-60
> TARGET TYPE: MAIL
> OFFSET: *
> DECODED SIGNATURE:
> /[dot]paypal[dot]com

Just to clarify, this queries the sigs, it doesn't change them, is that
right?


Thanks
AndrewM

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to