Yes. Debian packages are built with yara support. Scott K
On February 6, 2019 5:22:48 PM UTC, Arnaud Jacques <webmas...@securiteinfo.com> wrote: >Hello Andrew, > >I use clamav provided by debian 8.11 : >dpkg -l|grep clam >ii clamav 0.100.2+dfsg-0+deb8u1 amd64 >anti-virus utility for Unix - command-line interface >ii clamav-base 0.100.2+dfsg-0+deb8u1 all > >anti-virus utility for Unix - base package >ii clamav-daemon 0.100.2+dfsg-0+deb8u1 >amd64 anti-virus utility for Unix - scanner daemon >ii clamav-freshclam 0.100.2+dfsg-0+deb8u1 >amd64 anti-virus utility for Unix - virus database update >utility >ii clamdscan 0.100.2+dfsg-0+deb8u1 amd64 >anti-virus utility for Unix - scanner client >ii libclamav7 0.100.2+dfsg-0+deb8u1 amd64 >anti-virus utility for Unix - libraryrt >ii libclamunrar7 0.99-0+deb8u3 >amd64 anti-virus utility for Unix - unrar support > >How to know if it is compiled with yara support ? clamscan --debug does > >not seem to provide the information. > >On >https://buildd.debian.org/status/package.php?p=clamav&suite=jessie-security, > >there is "no logs" for amd64 >o.O >Other log files seems to show Debian compiles with yara support. >For example : >https://buildd.debian.org/status/fetch.php?pkg=clamav&arch=i386&ver=0.100.2%2Bdfsg-0%2Bdeb8u1&stamp=1540398955&raw=0 > >Le 06/02/2019 à 17:32, Andrew Williams a écrit : >> Hey Arnaud, >> >> I recently noticed a bug that causes .pwdb files to not be loaded >from >> the db directory when ClamAV is compiled without Yara support. Is >> your ClamAV built with Yara support, and if not, can you try >compiling >> with Yara support and see whether this fixes the issue for you? This > >> issue will be fixed in an upcoming release. >> >> Thanks, >> >> -Andrew >> Research Engineer >> Malware Research Team >> >> On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques >> <webmas...@securiteinfo.com <mailto:webmas...@securiteinfo.com>> >wrote: >> >> Hello, >> >> It seems .pwdb files does not work since version 0.100.2 (may be >> since >> 0.100.0). >> It has this format : >> >> cat passwords.pwdb >> ZipPasswordInfected;Engine:51-255;0;infected >> >> This file is in ClamAV databases directory (/var/lib/clamav/) and >> ClamAV >> does not detect malwares when Zip is protected by the "infected" >> password. Manually unzipped, ClamAV is enable to detect the >malware. >> >> Is the format of .pwdb files has changed since 0.100.x ? >> Is it still supported on recent ClamAV version ? >> >> -- >> Cordialement / Best regards, >> >> Arnaud Jacques >> Gérant de SecuriteInfo.com >> >> Téléphone : +33-(0)3.44.39.76.46 >> E-mail : a...@securiteinfo.com <mailto:a...@securiteinfo.com> >> Site web : https://www.securiteinfo.com >> Facebook : >> https://www.facebook.com/pages/SecuriteInfocom/132872523492286 >> Twitter : @SecuriteInfoCom >> >> Securiteinfo.com >> La Sécurité Informatique - La Sécurité des Informations. >> 266, rue de Villers >> 60123 Bonneuil en Valois >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net ><mailto:clamav-users@lists.clamav.net> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
