You should set it to ignore if you don’t want to use it. Sent from my iPad
> On Dec 30, 2020, at 20:16, Orion Poplawski <or...@nwra.com> wrote: > > So that is a apparently a malicious site as determined by Urlhaus and is on > their filter list. But how is it useful as a ClamAV signature? You are not > going to be filtering URLs with ClamAV, right? And now it's blocking these > emails because it contains this string. > > Orion > >> On 12/23/20 11:26 AM, eric-l...@truenet.com wrote: >> Here's the signature decoded: >> # sigtool --find-sig Urlhaus.Malware.452652-9766253-0 | sigtool --decode-sig >> VIRUS NAME: Urlhaus.Malware.452652-9766253-0 >> FUNCTIONALITY LEVEL: >=48 >> TARGET TYPE: HTML >> OFFSET: * >> DECODED SIGNATURE: >> aboveandbelow.com.au/cgi-bin/http://secure-web.cisco.com/1KrQhTpf_T45-vt4iCCgGBG_B9HfPxndZIsK-RNNU240xHur5EpPitlcpr-g4xr_1ClENrrHXqFpa9ownLxSrggMUNPXDwPkKvA-yYoVYza3qde66kaQD3D5MMIZHJhNw2M7aGNhvNnsJj9dxx_whQnUKqYBHUhdN5D9otZenUiDioNMzDh7JlhxlY_EHrn5FPAxwX5hgZ5FksNn2K2spCpJ2gbOH34iTuV-EUEWe1yiiPX3IKOSppTgUVUpAbYzUXhkk-Vgl69yFT2EHT_971C9v_amTov_HfvkglOTCUKuQSOqLzobqHkncsLkVUZAg/http%3A%2F%2Fsites%2Fb4q7eajmmm2moxgkq%2F >> >> Sincerely, >> >> Eric Tykwinski >> TrueNet, Inc. >> P: 610-429-8300 >> >> -----Original Message----- >> From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of >> Orion Poplawski >> Sent: Wednesday, December 23, 2020 1:11 PM >> To: ClamAV users ML <clamav-users@lists.clamav.net> >> Subject: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0 >> >> Can anyone give me some details about the Urlhaus.Malware.452652-9766253-0 >> signature? We're seeing following URLs trigger it: >> >> https://secure-web.cisco.com/1pR2NXdSHo9SticWKbaZbeF2X0uiBYXQnBkhgJSkyIewWwKwN4nWs3wp_vvLNDZahf6WsTI6WMinVkBhq3_k8SaxXdDw6Lk2G2vHrIiSIPoDPYsk-2TulvM3152rtCCaFlCSOeTtsiIEIPmOVmjcI5SP26xMEf49zs3d2FxYoU2mOWIRmnDCMoOJRaYhFdqjlKOitFN-QE1ePaWCrT5Lc8gW9uTzg3lLjVrNi9hXisbC5o4r1xgiwfb886ET-hIqRDS1emF7n4FWreLJnqxFEy0idUWkB-9lbsILUO-w565JaNGjgiaYmM2VHn4l_YQVa/https%3A%2F%2Fcurben.gitlab.io%2Fmalware-filter%2Furlhaus-filter-online.txt >> https://secure-web.cisco.com/1otQBBMC_uiSZtPh_m0t3sYEgtt3-512a-K0LFu1gURgkL9fIQCCGzzqWeXU8uS_0Dgay8vOxMH-YpnmNykB-3nii54nEQwBRJmpCfmg5q1xxqBpTOJ16LI1aclckhUzDYYS675GGEVOHMkGQq6Gj8PlIKZmSWL8H8fr4OZJFC2Gai2yNGAXGw16Th6DqzBlkURTINsDgiKvYJiQifBtbYFQXE_Znk6hSzT8gzURARMMppP8ItevTmGW7Gw9Ov9cXkv07L8P0-JVXxl2TGbLpdtZH2ZpoHTMk7-iLSGiNoRH_GI_s8g0En2pQtr4ug4Oa/https%3A%2F%2Fraw.githubusercontent.com%2Fcurbengh%2Furlhaus-filter%2Fmaster%2Furlhaus-fil >> ter-online.txt >> https://secure-web.cisco.com/1CFBzUu9M23G0m16tDV1V4WsBOtgzq-D4CIdrKttdcl46NHJ0nPLEwkUy1-TjeJvVHg7Vb-o85yKPa2MhiLJdm0V0uondQRk_v1ifUjfriNEVkwVzvmnEpl78rdMnVdf8RjzT-g99Rf9borvu1iozTMxf1QBJ6D0EGa09ss1JY8ILhLoR_15e8JvRI9pvWXrajawbwRQCPg0mlniNLcn6N53sBdl6TXNK9-Bh_zVGdQSfYSVVQSp0jK0R87P1VnSOc0uEG3Nw5DXD04ANDx1bu0PTHIRrJUrLAs9jDFfD3uIbzpvXhyTaO5miaXEKel5r/https%3A%2F%2Fgitcdn.xyz%2Fcdn%2Fcurbengh%2Furlhaus-filter%2Fc499fcbe5e95f61bbe889f4e3a19d >> 5d2e877e120/urlhaus-filter-online.txt >> https://secure-web.cisco.com/1mcKjtVAcoLvjdBzJ0-IO9RmIe9KNLGT1haB2pa-G-2YryqQsagx6LU6dLjSsj82_6gn5pDG_-z0u3jyazJXTk6yDAZNaM-tOB9eCoqrFMp6L2wyawDkhhkVgA8X-iQj0Y1FPDm0RjniktIszu27yKGQ4pLctIXCA3tDkezC-bhywIijWdblAC1kP6ZvPuVfUTOGOOMhdU_fHvejAtdi4Gj0dD88bm0HsR6sTfHTmhoaw9F_aUKa3a_oxj_5CnfB2-heiHWADdbjo_-rK3xFF59rmucVbC4QAleL-5NcWbrW85t26RJOLdbmmlpTPGG_i/https%3A%2F%2Fcdn.statically.io%2Fgl%2Fcurben%2Furlhaus-filter%2Fmaster%2Furlhaus-filter-onl >> ine.txt >> https://secure-web.cisco.com/1BEcuZi_34vlCSCmEJgNc-FoxYbN_h-2eVornjdwNeab642SBdYLwl5VlwCvKZmAkaxSjZO8kwcecfeb3Alt92c5jeQl2kwrJ8aoGHif-jIqXSX_l2tbwOEcpT6I_eKPmDt9mjZVFd4EdTHYhOrsAUlOndx2euYAIhSMbWCKsBtgM6Wswz5PGhMyNx-5Z2EDAEJaKaKDZncfX3nEbSyRp03X9YmlKI08USc4pItrCEZrPl25O97UatMjBGeVC_s0ILvHYTTf9r33G7e020fIpLJNV_pqfNwm1Qwm0Y0AZXSh1_4zkI0vp41YlFKHsxnen/https%3A%2F%2Fcdn.jsdelivr.net%2Fgh%2Fcurbengh%2Furlhaus-filter%2Furlhaus-filter-online.tx >> t >> >> Which seems to be the online update URLs for the urlhaus filter. Does >> ClamAV deem urlhaus a bad actor? >> >> Thanks, >> Orion >> >> -- >> Orion Poplawski >> Manager of NWRA Technical Systems 720-772-5637 >> NWRA, Boulder/CoRA Office FAX: 303-415-9702 >> 3380 Mitchell Lane or...@nwra.com >> Boulder, CO 80301 >> https://secure-web.cisco.com/12_oK30bNVh164TB1FFZKiuvoSE69HpE3_Fnjs3nUZi7AfimV1olRKsCQl2sQEbx9Nb-Z_QZOS3rfbi0nh5Wb-x1q96tO94N16peUh0B66x9Plv7t7dVPCL4b-bkseFfYmRFSYOHwgnIB4cRkMAuRY1loryvxw6WVbIUy0JMhMql254oVvMSVbEzHlzp9kco1VPj4FAeKZB68Dan_qfjZvuDs0ijIy9sKvfqxxA6rEvKMHO-qlUPp6xojP2s0wH6hBCuiCs1hat6YzSKY2KFXuziXuLJiUEN7tAYeyoohQJsVQF3cAakOC7tOI3VrhLrm/https%3A%2F%2Fwww.nwra.com%2F >> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://secure-web.cisco.com/1I6wUbROPft0npsgpFm06ly2G0AT8RL034kt0yavtEUjJadbLD0PBKW576ruHUgpzWEKg_CPFHr_njOE2Y_Kzre-fBfl8cmdJT0Cx5aDz3rxcxkJZen-Nrw1-HFRk_QDk3OpUW1jeakh_Pr0O7RT60BYdCr-RV3x-jmtNXy9qtuhj58D9eAk3t5p-q1mfmjxFZueBV3QiHTRgqwZ86WbukzgT2sE_eikWrcBfdhZJ2j4TdhEgDBAAHjG9eYye9URVGA7IGndvYlQr7GO_lVNPAD0KGlTD8WpVC7TyyhvpQA_c-j0665AFKeSL9-Lu4obb/https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://secure-web.cisco.com/1GWYRV-jJ5H1vfUAt2cjX4cEtMkS4bKR-Y5pIH9S6Ue_AFu8G5liS-y3pfMKTVT2xn7l5Lmkde5iRLoJgnDhgqyQh_Lj9jm3tk7gPAEf5lBbrY7FsoHQUKjPAw8dZpu4RDU0EsJfiZUtmgC7hEz5VQWkmtJPgBqTrPYoziYKUC4Ef3M9FHbU-1rM82UyB-DJ9nB81Dmpgx3S_iTwub3TDhTgqN7fl1mwVZykTeu4zO8CLGgYpm6xL4vDukC0seNRPaZ7SF-akPwCOuIMwdzBd7ghPQkusqAdr3Juy-VnSYJhHDPYjV_bRqkscDL12ARIO/https%3A%2F%2Fgithub.com%2Fvrtadmin%2Fclamav-faq >> >> http://secure-web.cisco.com/1rJnlxfZrPLU3O9kU2NMWxVhD9eeBsZJaE3dIhCjph1secM8Ma9m08hbtej_oi-kr8wUBqXLIRTIwUAhEXf5pYueNGTrRq_Oun6jFDRgGDnicobM4tpBnIoQvg_0XnmPBFOj_XuDs-yuCu5wIIASS4owZwGSiFfE47C1HWmTQ4XQrqlwYp6OPqY9przSoEtHOJzIgIytxUz5-iIGKTj-wBGXpxHN3LyoX6MVR_rOa8_4bHsmx2AVku_UDWldcdsSYjUjxNC0ZMhuVKLyakVBIPFqKxGiScVvpVKVQYG0AWIOlptyt22ThwcEnRBy5Eg9P/http%3A%2F%2Fwww.clamav.net%2Fcontact.html%23ml >> >> >> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://secure-web.cisco.com/1I6wUbROPft0npsgpFm06ly2G0AT8RL034kt0yavtEUjJadbLD0PBKW576ruHUgpzWEKg_CPFHr_njOE2Y_Kzre-fBfl8cmdJT0Cx5aDz3rxcxkJZen-Nrw1-HFRk_QDk3OpUW1jeakh_Pr0O7RT60BYdCr-RV3x-jmtNXy9qtuhj58D9eAk3t5p-q1mfmjxFZueBV3QiHTRgqwZ86WbukzgT2sE_eikWrcBfdhZJ2j4TdhEgDBAAHjG9eYye9URVGA7IGndvYlQr7GO_lVNPAD0KGlTD8WpVC7TyyhvpQA_c-j0665AFKeSL9-Lu4obb/https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://secure-web.cisco.com/1GWYRV-jJ5H1vfUAt2cjX4cEtMkS4bKR-Y5pIH9S6Ue_AFu8G5liS-y3pfMKTVT2xn7l5Lmkde5iRLoJgnDhgqyQh_Lj9jm3tk7gPAEf5lBbrY7FsoHQUKjPAw8dZpu4RDU0EsJfiZUtmgC7hEz5VQWkmtJPgBqTrPYoziYKUC4Ef3M9FHbU-1rM82UyB-DJ9nB81Dmpgx3S_iTwub3TDhTgqN7fl1mwVZykTeu4zO8CLGgYpm6xL4vDukC0seNRPaZ7SF-akPwCOuIMwdzBd7ghPQkusqAdr3Juy-VnSYJhHDPYjV_bRqkscDL12ARIO/https%3A%2F%2Fgithub.com%2Fvrtadmin%2Fclamav-faq >> >> http://secure-web.cisco.com/1rJnlxfZrPLU3O9kU2NMWxVhD9eeBsZJaE3dIhCjph1secM8Ma9m08hbtej_oi-kr8wUBqXLIRTIwUAhEXf5pYueNGTrRq_Oun6jFDRgGDnicobM4tpBnIoQvg_0XnmPBFOj_XuDs-yuCu5wIIASS4owZwGSiFfE47C1HWmTQ4XQrqlwYp6OPqY9przSoEtHOJzIgIytxUz5-iIGKTj-wBGXpxHN3LyoX6MVR_rOa8_4bHsmx2AVku_UDWldcdsSYjUjxNC0ZMhuVKLyakVBIPFqKxGiScVvpVKVQYG0AWIOlptyt22ThwcEnRBy5Eg9P/http%3A%2F%2Fwww.clamav.net%2Fcontact.html%23ml >> > > > -- > Orion Poplawski > Manager of NWRA Technical Systems 720-772-5637 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane or...@nwra.com > Boulder, CO 80301 > https://secure-web.cisco.com/12_oK30bNVh164TB1FFZKiuvoSE69HpE3_Fnjs3nUZi7AfimV1olRKsCQl2sQEbx9Nb-Z_QZOS3rfbi0nh5Wb-x1q96tO94N16peUh0B66x9Plv7t7dVPCL4b-bkseFfYmRFSYOHwgnIB4cRkMAuRY1loryvxw6WVbIUy0JMhMql254oVvMSVbEzHlzp9kco1VPj4FAeKZB68Dan_qfjZvuDs0ijIy9sKvfqxxA6rEvKMHO-qlUPp6xojP2s0wH6hBCuiCs1hat6YzSKY2KFXuziXuLJiUEN7tAYeyoohQJsVQF3cAakOC7tOI3VrhLrm/https%3A%2F%2Fwww.nwra.com%2F > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://secure-web.cisco.com/1I6wUbROPft0npsgpFm06ly2G0AT8RL034kt0yavtEUjJadbLD0PBKW576ruHUgpzWEKg_CPFHr_njOE2Y_Kzre-fBfl8cmdJT0Cx5aDz3rxcxkJZen-Nrw1-HFRk_QDk3OpUW1jeakh_Pr0O7RT60BYdCr-RV3x-jmtNXy9qtuhj58D9eAk3t5p-q1mfmjxFZueBV3QiHTRgqwZ86WbukzgT2sE_eikWrcBfdhZJ2j4TdhEgDBAAHjG9eYye9URVGA7IGndvYlQr7GO_lVNPAD0KGlTD8WpVC7TyyhvpQA_c-j0665AFKeSL9-Lu4obb/https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users > > > Help us build a comprehensive ClamAV guide: > https://secure-web.cisco.com/1GWYRV-jJ5H1vfUAt2cjX4cEtMkS4bKR-Y5pIH9S6Ue_AFu8G5liS-y3pfMKTVT2xn7l5Lmkde5iRLoJgnDhgqyQh_Lj9jm3tk7gPAEf5lBbrY7FsoHQUKjPAw8dZpu4RDU0EsJfiZUtmgC7hEz5VQWkmtJPgBqTrPYoziYKUC4Ef3M9FHbU-1rM82UyB-DJ9nB81Dmpgx3S_iTwub3TDhTgqN7fl1mwVZykTeu4zO8CLGgYpm6xL4vDukC0seNRPaZ7SF-akPwCOuIMwdzBd7ghPQkusqAdr3Juy-VnSYJhHDPYjV_bRqkscDL12ARIO/https%3A%2F%2Fgithub.com%2Fvrtadmin%2Fclamav-faq > > http://secure-web.cisco.com/1rJnlxfZrPLU3O9kU2NMWxVhD9eeBsZJaE3dIhCjph1secM8Ma9m08hbtej_oi-kr8wUBqXLIRTIwUAhEXf5pYueNGTrRq_Oun6jFDRgGDnicobM4tpBnIoQvg_0XnmPBFOj_XuDs-yuCu5wIIASS4owZwGSiFfE47C1HWmTQ4XQrqlwYp6OPqY9przSoEtHOJzIgIytxUz5-iIGKTj-wBGXpxHN3LyoX6MVR_rOa8_4bHsmx2AVku_UDWldcdsSYjUjxNC0ZMhuVKLyakVBIPFqKxGiScVvpVKVQYG0AWIOlptyt22ThwcEnRBy5Eg9P/http%3A%2F%2Fwww.clamav.net%2Fcontact.html%23ml
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
