Thx G.W. and J.R for your answers. Yes i deleted the line in /etc/clamav/freshclam.conf ~2 weeks ago already, before it was:
DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net DatabaseCustomURL http://www.securiteinfo.com/get/signatures/(removed for mailing list)/securiteinfo.hdb DatabaseCustomURL http://www.securiteinfo.com/get/signatures/(removed for mailing list)/securiteinfo.ign2 DatabaseCustomURL http://www.securiteinfo.com/get/signatures/(removed for mailing list)/javascript.ndb #DatabaseCustomURL http://www.securiteinfo.com/get/signatures/(personal url path here, removed)/securiteinfohtml.hdb ##deleted this line completely DatabaseCustomURL http://www.securiteinfo.com/get/signatures/(removed for mailing list)/securiteinfoascii.hdb DatabaseCustomURL http://www.securiteinfo.com/get/signatures/(removed for mailing list)/securiteinfoold.hdb DatabaseCustomURL http://www.securiteinfo.com/get/signatures/(removed for mailing list)/securiteinfopdf.hdb > Perhaps freshclam simply replaced the deleted database, did you check? Yes, the file is not re-created in /var/lib/clamav/securiteinfohtml.hdb But even with server reboot the signatures from that file are still hitting, for example: Wed, 01 Jan 2020 21:45:17 CET Clamd: msg-137649-12.html was infected: SecuriteInfo.com.HTML-8188.UNOFFICIAL Update: Ohh, just while writhing this mail i searched for "HTML-8188" in any file at /var/lib/clamav/* and now I see the javascript.ndb is containing this Signature too. My fault! My guess Signatures named with HTML-* are from securiteinfohtml.hdb ... Sorry! root@XXX01:/var/lib/clamav# grep -Ri HTML-8188 * javascript.ndb:SecuriteInfo.com.HTML-8188:3:*:2f2f636c636b2e7275 javascript.ndb:SecuriteInfo.com.HTML-8188:3:*:2f2f7777772e6d617a696e67657267696a6f6e2e636f6d All good :-) Going to remove javascript.ndb too. Sorry again. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
