Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Thu, 29 Dec 2016 07:55:26 -0800 


Am 29.12.2016 um 16:15 schrieb Kris Deugau:

Groach wrote:

  If I could exclude the Clam default
signatures and just continue to use Sane then I would and then I could
turn back on quarantining to make our systems safe again.


You can;  turn off freshclam and delete the stock signature files.

Also make sure that you don't use the --official-db-only option to
clamscan, or have the OfficialDatabaseOnly option set in clamd.conf.

I was investigating using clamd with just a select set of
custom/third-party signatures for another segment of mail filtering and
this worked just fine.

So long as you have at least one signature file (and I think at least
one signature;  never tested quite that far), clamd will start up quite
happily



better solution - since i have to feed two cland instances (one scored 
and the other bsides scoring in SpamAssassin unconditional in the 
clamav-milter after spamass-milter) i changed the complete logic to 
download updates in a different folder and fill the sig-folders for 
clamd with hardlinks



voila instead 2 clamd instances with 400 MB RAM now one with 400 and the 
other with 40 MB - 99% is caught b the first one, adds 5.5 points to the 
spamassassin-score and most cases have enough other scorings to reach 
the 8.0 sa-milter-reject score



from July to now 48 hits and likely the would have been caught by 
sanesecurity too, only the first hit is logged



cat clamscan.log | grep FOUND | grep  -v UNOFFICIAL | grep -v 
Heuristics.Phishing.Email.SSL-Spoof | grep -v Heuristics.OLE2 | grep -v 
Heuristics.Safebrowsing | grep -v Eicar-Test | grep -v 
Heuristics.Encrypted | wc -l

48


Thu Sep 22 19:21:36 2016 -> stream(127.0.0.1@31701): 
Pdf.Malware.Agent-1698531(22de8171028faf80d14de53e055e2ddf:599666) FOUND
Fri Oct  7 16:45:04 2016 -> stream(127.0.0.1@31271): 
Pdf.Malware.Agent-1709179(3b20801242cd7e7e941e8d76a0dddaea:294532) FOUND
Sun Oct  9 19:06:42 2016 -> stream(127.0.0.1@31058): 
Doc.Dropper.Agent-1699052(68b26613b35db9afafb1fc647c56bbc9:300621) FOUND
Thu Oct 13 09:46:11 2016 -> stream(127.0.0.1@31031): 
Doc.Dropper.Agent-1737217(08d69e9953e35c44c5787237b18fb49e:461568) FOUND
Fri Oct 14 07:22:33 2016 -> stream(127.0.0.1@31871): 
Pdf.Malware.Agent-1766342(ca005ff260fefde2d400fcc1f4e8f967:1016310) FOUND
Thu Oct 27 04:51:40 2016 -> stream(127.0.0.1@31526): 
Pdf.Malware.Agent-1698589(19397927151f6619c5f988a2db68ee08:537318) FOUND
Thu Oct 27 08:11:32 2016 -> stream(127.0.0.1@31048): 
Pdf.Malware.Agent-1698589(71acd385c84c99ee05a42cfc2ec90728:537324) FOUND
Thu Oct 27 17:37:39 2016 -> stream(127.0.0.1@31504): 
Pdf.Malware.Agent-1788565(08f29ce88878b4c9c238ec01cc6130da:913407) FOUND
Thu Oct 27 17:40:42 2016 -> stream(127.0.0.1@31929): 
Pdf.Malware.Agent-1788565(1fbb604fa838f427198251d1c7fec306:913433) FOUND
Thu Oct 27 17:48:30 2016 -> stream(127.0.0.1@31928): 
Pdf.Malware.Agent-1788565(128498d13b68f9917957ff69360a58d7:913409) FOUND
Thu Oct 27 17:51:46 2016 -> stream(127.0.0.1@31965): 
Pdf.Malware.Agent-1788565(a92425ae5ac9dbfeec70587af369ccc6:913220) FOUND
Thu Oct 27 17:52:08 2016 -> stream(127.0.0.1@31381): 
Pdf.Malware.Agent-1788565(18a53ed9dbfbf41a249fdc44dd0730a5:913477) FOUND
Thu Oct 27 18:01:44 2016 -> stream(127.0.0.1@31382): 
Pdf.Malware.Agent-1788565(6c8ccadbff7bd80f641147f6efca67b9:913450) FOUND
Thu Oct 27 18:06:53 2016 -> stream(127.0.0.1@31142): 
Pdf.Malware.Agent-1788565(8098ab704930237d778c79402d4380be:913431) FOUND
Thu Oct 27 18:09:17 2016 -> stream(127.0.0.1@31374): 
Pdf.Malware.Agent-1788565(ed77b00b9160a03f30cec7683ddb8c10:913440) FOUND
Thu Oct 27 18:10:26 2016 -> stream(127.0.0.1@31161): 
Pdf.Malware.Agent-1788565(602b7640af223e18ed9048c6e19db94f:913420) FOUND
Thu Oct 27 18:11:01 2016 -> stream(127.0.0.1@31232): 
Pdf.Malware.Agent-1788565(4d52eecd6163806b66a4074ac41891c9:913446) FOUND
Thu Oct 27 18:13:02 2016 -> stream(127.0.0.1@31257): 
Pdf.Malware.Agent-1788565(68ee922f39ab01e899945199b3e68cb4:913368) FOUND
Thu Oct 27 18:13:36 2016 -> stream(127.0.0.1@31676): 
Pdf.Malware.Agent-1788565(1add8331f8d88088e96fd295575fe1a0:913171) FOUND
Thu Oct 27 18:13:45 2016 -> stream(127.0.0.1@31478): 
Pdf.Malware.Agent-1788565(c72f150823faf2cd01ed738c3bf5ae28:913362) FOUND
Thu Oct 27 18:15:01 2016 -> stream(127.0.0.1@31019): 
Pdf.Malware.Agent-1788565(d56e53d28faeb8ffe32be8b7a14b2aa5:913364) FOUND
Thu Oct 27 18:16:24 2016 -> stream(127.0.0.1@31965): 
Pdf.Malware.Agent-1788565(87b36a7683eefe518b060282723dd05e:913371) FOUND
Thu Oct 27 18:18:16 2016 -> stream(127.0.0.1@31004): 
Pdf.Malware.Agent-1788565(ea210b20c40233beef96cd2b48c9962d:913356) FOUND
Thu Oct 27 18:18:28 2016 -> stream(127.0.0.1@31300): 
Pdf.Malware.Agent-1788565(24804e2eff8dbabdca30e89fe0cbb829:913404) FOUND
Thu Oct 27 18:37:42 2016 -> stream(127.0.0.1@31811): 
Pdf.Malware.Agent-1788565(743666d3e66e6399b825d1f45cea7dad:913406) FOUND
Thu Oct 27 18:39:08 2016 -> stream(127.0.0.1@31368): 
Pdf.Malware.Agent-1788565(52118a5a430bc9ffe57bccef7bd9ae8a:913430) FOUND
Thu Oct 27 18:47:38 2016 -> stream(127.0.0.1@31547): 
Pdf.Malware.Agent-1788565(9007e05af404bf6055359a88cf3f9732:913406) FOUND
Thu Oct 27 18:49:26 2016 -> stream(127.0.0.1@31436): 
Pdf.Malware.Agent-1788565(9050a87079c3d91d8b9e9d07784b6e00:913448) FOUND
Thu Oct 27 18:50:32 2016 -> stream(127.0.0.1@31465): 
Pdf.Malware.Agent-1788565(73c6500c27c5abce373feb3eeec6502c:913423) FOUND
Thu Oct 27 18:55:48 2016 -> stream(127.0.0.1@31691): 
Pdf.Malware.Agent-1788565(3f02e65d65c517ec05773e004b27299d:913453) FOUND
Thu Oct 27 18:59:39 2016 -> stream(127.0.0.1@31540): 
Pdf.Malware.Agent-1788565(35c4c00ed9f56674a65e430e2b0cfccc:913473) FOUND
Thu Oct 27 18:59:48 2016 -> stream(127.0.0.1@31470): 
Pdf.Malware.Agent-1788565(aeaad3c37bf27cf8173ac1aa25b98a36:913394) FOUND
Thu Oct 27 19:03:29 2016 -> stream(127.0.0.1@31375): 
Pdf.Malware.Agent-1788565(336a179bdccb92ca0dd9218e642fb49f:913215) FOUND
Thu Oct 27 19:03:56 2016 -> stream(127.0.0.1@31460): 
Pdf.Malware.Agent-1788565(be07046c71ee7b34820c075768bd1016:913413) FOUND
Thu Oct 27 19:14:55 2016 -> stream(127.0.0.1@31266): 
Pdf.Malware.Agent-1788565(4f75acd16b10e9f90ab07784a66a8c1d:913438) FOUND
Mon Oct 31 20:40:56 2016 -> stream(127.0.0.1@31449): 
Pdf.Malware.Agent-1741231(55746ac0c8154fe686fe8e99b91a7b55:98849) FOUND
Mon Oct 31 20:43:58 2016 -> stream(127.0.0.1@31571): 
Pdf.Malware.Agent-1741231(d983e98217bf78977beaa9b3a1438449:98873) FOUND
Mon Oct 31 20:45:27 2016 -> stream(127.0.0.1@31596): 
Pdf.Malware.Agent-1741231(c0b188fdc2aab568647fa51a2b9f7569:98849) FOUND
Wed Nov  2 15:44:23 2016 -> stream(127.0.0.1@31795): 
Pdf.Malware.Agent-1698589(7e83090811ecd5f1aa045ca076593451:537289) FOUND
Wed Nov  2 20:18:23 2016 -> stream(127.0.0.1@31788): 
Pdf.Malware.Agent-1698589(74b2c925344d6edc28c50fa9efabbe1c:537296) FOUND
Fri Nov  4 01:56:30 2016 -> stream(127.0.0.1@31579): 
Pdf.Malware.Agent-1709179(02b97eaa45d8d71df17e17cefc519ac5:338060) FOUND
Tue Nov 15 06:02:05 2016 -> stream(127.0.0.1@31105): 
Doc.Dropper.Agent-1774758(a2fd95bfb223628eba16f1741bf6acd2:123607) FOUND
Mon Nov 28 12:31:07 2016 -> stream(127.0.0.1@31031): 
Doc.Dropper.Agent-1813643(18c052da5f826af729b9c59cd841d14e:64121) FOUND
Mon Dec  5 12:29:23 2016 -> stream(127.0.0.1@31318): 
Doc.Dropper.SocialEngineering-1(4487f00f06ec3ef770741368b61d41a7:130973) 
FOUND
Mon Dec  5 13:09:19 2016 -> stream(127.0.0.1@31387): 
Doc.Dropper.SocialEngineering-1(1c3df5deec6bc73b1707296412b3d228:131036) 
FOUND
Tue Dec  6 13:34:27 2016 -> stream(127.0.0.1@31682): 
Doc.Dropper.SocialEngineering-1(bce5dcd80e08dc9994eace3448d7088d:154647) 
FOUND
Tue Dec  6 14:56:46 2016 -> stream(127.0.0.1@31938): 
Pdf.Malware.Agent-1771490(2f5f5b6156c10f120e041edc37be7493:75625) FOUND



_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


























					Reply via email to