Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Andrew McGlashan Sat, 02 Apr 2016 21:27:07 -0700

Hi Alain,

[sorry, I didn't realize we have Al and Alain]


On 3/04/2016 12:59 PM, Al Varnell wrote:
> Sorry, I should have added:
> 
> sigtool --version /usr/local/clamXav/share/clamav/
> ClamAV 0.99.1/21484/Fri Apr  1 13:09:25 2016

After update to 7.10 (Wheezy latest) and with wheezy-updates in
sources.list [actually /etc/apt/sources.d/file.list] now:

# sigtool --find Email.Phishing.DblDom-60
[main.ndb] Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d


# echo -n 'Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d' |
sigtool --decode-sigs
VIRUS NAME: Email.Phishing.DblDom-60
TARGET TYPE: MAIL
OFFSET: *
DECODED SIGNATURE:
/[dot]paypal[dot]com


I've got directories which have paypal in the name, so that is likely
why I'm seeing these; when backups see those files changed with reports
coming from rsync output.

It might be something that I would like to disable, particularly if it
has been removed from newer installations.


# tail -33 clamav.log
Sun Apr  3 13:54:49 2016 -> +++ Started at Sun Apr  3 13:54:49 2016
Sun Apr  3 13:54:49 2016 -> clamd daemon 0.99 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Sun Apr  3 13:54:49 2016 -> Log file size limited to 4294967295bytes.
Sun Apr  3 13:54:49 2016 -> Reading databases from /var/lib/clamav
Sun Apr  3 13:54:49 2016 -> Not loading PUA signatures.
Sun Apr  3 13:54:49 2016 -> Bytecode: Security mode set to "TrustSigned".
Sun Apr  3 13:55:02 2016 -> Loaded 4297386 signatures.
Sun Apr  3 13:55:05 2016 -> LOCAL: Unix socket file
/var/run/clamav/clamd.ctl
Sun Apr  3 13:55:05 2016 -> LOCAL: Setting connection queue length to 15
Sun Apr  3 13:55:05 2016 -> Limits: Global size limit set to 104857600
bytes.
Sun Apr  3 13:55:05 2016 -> Limits: File size limit set to 26214400 bytes.
Sun Apr  3 13:55:05 2016 -> Limits: Recursion level limit set to 16.
Sun Apr  3 13:55:05 2016 -> Limits: Files limit set to 10000.
Sun Apr  3 13:55:05 2016 -> Limits: MaxEmbeddedPE limit set to 10485760
bytes.
Sun Apr  3 13:55:05 2016 -> Limits: MaxHTMLNormalize limit set to
10485760 bytes.
Sun Apr  3 13:55:05 2016 -> Limits: MaxHTMLNoTags limit set to 2097152
bytes.
Sun Apr  3 13:55:05 2016 -> Limits: MaxScriptNormalize limit set to
5242880 bytes.
Sun Apr  3 13:55:05 2016 -> Limits: MaxZipTypeRcg limit set to 1048576
bytes.
Sun Apr  3 13:55:05 2016 -> Limits: MaxPartitions limit set to 50.
Sun Apr  3 13:55:05 2016 -> Limits: MaxIconsPE limit set to 100.
Sun Apr  3 13:55:05 2016 -> Limits: PCREMatchLimit limit set to 10000.
Sun Apr  3 13:55:05 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
Sun Apr  3 13:55:05 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
Sun Apr  3 13:55:05 2016 -> Archive support enabled.
Sun Apr  3 13:55:05 2016 -> Algorithmic detection enabled.
Sun Apr  3 13:55:05 2016 -> Portable Executable support enabled.
Sun Apr  3 13:55:05 2016 -> ELF support enabled.
Sun Apr  3 13:55:05 2016 -> Mail files support enabled.
Sun Apr  3 13:55:05 2016 -> OLE2 support enabled.
Sun Apr  3 13:55:05 2016 -> PDF support enabled.
Sun Apr  3 13:55:05 2016 -> SWF support enabled.
Sun Apr  3 13:55:05 2016 -> HTML support enabled.
Sun Apr  3 13:55:05 2016 -> Self checking every 3600 seconds.


# tail freshclam.log
Sun Apr  3 13:54:45 2016 -> --------------------------------------
Sun Apr  3 13:54:45 2016 -> freshclam daemon 0.99 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Sun Apr  3 13:54:45 2016 -> ClamAV update process started at Sun Apr  3
13:54:45 2016
Sun Apr  3 13:54:45 2016 -> WARNING: Your ClamAV installation is OUTDATED!
Sun Apr  3 13:54:45 2016 -> WARNING: Local version: 0.99 Recommended
version: 0.99.1
Sun Apr  3 13:54:45 2016 -> DON'T PANIC! Read
http://www.clamav.net/support/faq
Sun Apr  3 13:54:45 2016 -> main.cvd is up to date (version: 57, sigs:
4218790, f-level: 60, builder: amishhammer)
Sun Apr  3 13:54:45 2016 -> daily.cld is up to date (version: 21484,
sigs: 83932, f-level: 63, builder: neo)
Sun Apr  3 13:54:45 2016 -> bytecode.cvd is up to date (version: 275,
sigs: 45, f-level: 63, builder: amishhammer)
Sun Apr  3 13:54:45 2016 -> --------------------------------------


Again, those are after the latest Debian updates for my Wheezy version.

Thanks
AndrewM

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Email.Phishing.DblDom-60 -- issue

Reply via email to