Lilia -

Thanks for the update. We are still seeing the following get blocked though:


    Virus Urlhaus.Malware.364328-9787819-0:

https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.33.2-an+fx.xpi?filehash=sha256%3A5c3a5ef6f5b5475895053238026360020d6793b05541d20032ea9dd1c9cae451

This is with today's update.

Orion

On 2/8/21 10:39 AM, Lilia Gonzalez Medina wrote:
Hi Orion,

Apologies for taking too long to respond. After some tests I was able to reproduce the FPs and target type 3 LDB signatures for Urlhaus have been updated and published and should not alert on legitimate files anymore. Please update your ClamAV database and if you still have some issues please let me know.

Best regards,

Lilia Gonzalez
Malware Research Team
Cisco Talos



On Tue, Jan 12, 2021 at 12:54 PM Orion Poplawski <or...@nwra.com <mailto:or...@nwra.com>> wrote:

    Lilia -

       Odd, I see it:

    # https_proxy= curl -o ublock_origin-1.32.4-an+fx.xpi
    
'https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
    
<https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>'
    # clamscan ublock_origin-1.32.4-an+fx.xpi
    ublock_origin-1.32.4-an+fx.xpi: Urlhaus.Malware.364328-9787819-0 FOUND

    # clamscan --version
    ClamAV 0.103.0/26046/Mon Jan 11 05:34:14 2021

    # clamscan urlhaus-filter-online.txt
    urlhaus-filter-online.txt: Urlhaus.Malware.364328-9787819-0 FOUND

    ----------- SCAN SUMMARY -----------
    Known viruses: 8799521
    Engine version: 0.103.0
    Scanned directories: 0
    Scanned files: 1
    Infected files: 1
    Data scanned: 0.29 MB
    Data read: 0.14 MB (ratio 2.11:1)
    Time: 21.911 sec (0 m 21 s)
    Start Date: 2021:01:12 10:37:52
    End Date:   2021:01:12 10:38:14

    Other URLs:

         Virus Urlhaus.Malware.364328-9787819-0:
    https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>: 2
    Time(s)

    
https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
    
<https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>:
    2 Time(s)

    
https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt
    
<https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt>:
    1 Time(s)

    
https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
    
<https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>:
    1 Time(s)

    
https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
    
<https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>:
    1 Time(s)

    
https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
    
<https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>:
    1 Time(s)

    
https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt
    
<https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt>:
    1 Time(s)

    
https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
    
<https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>:
    1 Time(s)

    I've attached copies.

       Orion

    On 1/8/21 9:18 PM, Lilia Gonzalez Medina wrote:
     > Orion, I haven't been able to reproduce the FP with
     >
    
https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
    
<https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>.
     >
     >
    
<https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
    
<https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
     >
     > If you could send me the file that alerts with
     > Urlhaus.Malware.364328-9787819-0 I could look into it.
     >
     > Best regards,
     >
     > Lilia Gonzalez
     > Malware Research Team
     > Cisco Talos
     >
     > On Thu, Jan 7, 2021 at 12:00 PM Orion Poplawski <or...@nwra.com
    <mailto:or...@nwra.com>
     > <mailto:or...@nwra.com <mailto:or...@nwra.com>>> wrote:
     >
     >     Lilia -
     >
>       Virus database is updated daily and updated last night. Still seeing one
     >     this morning:
     >
     >         Virus Urlhaus.Malware.364328-9787819-0:
     >
     >
    
https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
    
<https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>:
     >     1 Time(s)
     >
     >     Though that is a different signature.
     >
     >     Orion
     >
     >     On 1/7/21 7:56 AM, Lilia Gonzalez Medina wrote:
     >     > Hi Orion!
     >     >
     >     > Those NBD signatures were updated at the beginning of the
    week and
     >     should not
     >     > FP anymore. Please update your ClamAV db and let us know if
    the issue
     >     persists.
     >     >
     >     > Best regards,
     >     >
     >     > Lilia Gonzalez
     >     >  Malware Research Team
     >     >  Cisco Talos
     >     >
     >     >
     >     > On Wed, Jan 6, 2021 at 4:59 PM Orion Poplawski
    <or...@nwra.com <mailto:or...@nwra.com>
     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>>
     >     > <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>>> wrote:
     >     >
     >     >     Lilia -
     >     >
     >     >       Thanks for the response.   We're seeing some others
    getting
     >     triggered as
     >     >     well:
     >     >
     >     >         Virus Urlhaus.Malware.490516-9766015-0:
     >     >            10.21.2.5
     >     >
    https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
>     >  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>: 2
     >     Time(s)
     >     >            10.21.2.5
     >     >
     >
    
https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
    
<https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
     >     >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>:
     >     >     2 Time(s)
     >     >            10.21.2.5
     >     >
     >
    
https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
    
<https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
     >     >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>:
     >     >     1 Time(s)
     >     >            10.21.2.5
     >     >
     >
    
https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
    
<https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
     >     >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt> >  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>:
     >     >     1 Time(s)
     >     >            10.21.2.5
     >     >
     >
    
https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt
    
<https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>>
     >     >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt> >  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>>>:
     >     >     1 Time(s)
     >     >
     >     >         Virus Urlhaus.Malware.161756-8797115-0:
     >     >            10.10.20.7
     >     >
     >
    
https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
    
<https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
     >     >
>   <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc> >  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>>:
     >     >     1 Time(s)
     >     >            10.11.1.3
     >     >
     >
    
https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
    
<https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
     >     >
>   <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc> >  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>>:
     >     >     1 Time(s)
     >     >
     >     >
     >     >     Orion
     >     >
     >     >     On 1/4/21 8:43 AM, Lilia Gonzalez Medina wrote:
     >     >     > Hi Orion!
     >     >     >
     >     >     > Thank you for reporting this. URLhaus is a partner
    that generates
     >     a list of
     >     >     > ClamAV signatures to target malicious URLs. Signature
     >     >     > Urlhaus.Malware.452652-9766253-0 looks for a
    malicious URL inside HTML
     >     >     > files, which is why it is alerting on the URLs you
    mentioned. We
     >     found these
     >     >     > FPs some weeks ago and added an extra check on new ClamAV
     >     signatures to
     >     >     > prevent them from alerting on legitimate URLhaus
    content. We are
     >     currently
     >     >     > updating older ClamAV signatures to ensure they don't
    FP on
     >     non-malicious
     >     >     > HTML files.
     >     >     >
     >     >     > Best regards,
     >     >     >
     >     >     > Lilia Gonzalez
     >     >     > Malware Research Team
     >     >     > Cisco Talos
     >     >     >
     >     >     > On Wed, Dec 23, 2020 at 1:11 PM Orion Poplawski
    <or...@nwra.com <mailto:or...@nwra.com>
     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>>
     >     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>>
     >     >     > <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>
     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>>>> wrote:
     >     >     >
     >     >     >     Can anyone give me some details about the
     >     >     Urlhaus.Malware.452652-9766253-0
     >     >     >     signature?  We're seeing following URLs trigger it:
     >     >     >
     >     >     >
     > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
>     >  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>
     >     >     >
>   <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt> >  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
>     >  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
    <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>>
     >     >     >
     >     >
     >
    
https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
    
<https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
     >     >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>
     >     >     >
     >     >
>    <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
     >     >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>>
     >     >     >
     >     >
     >
    
https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt
    
<https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>
     >     >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt> >  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>>
     >     >     >
     >     >
>    <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt> >  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>
     >     >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt> >  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>>>
     >     >     >
     >     >
     >
    
https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
    
<https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
     >     >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>
     >     >     >
     >     >
>    <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
     >     >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt> >  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>>
     >     >     >
     >     >
     >
    
https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
    
<https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
     >     >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt> >  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>
     >     >     >
     >     >
>    <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt> >  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
     >     >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt> >  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>>
     >     >     >
     >     >     >     Which seems to be the online update URLs for the
    urlhaus
     >     filter.  Does
     >     >     >     ClamAV
     >     >     >     deem urlhaus a bad actor?
     >     >     >
     >     >     >     Thanks,
     >     >     >       Orion
     >     >     >
     >     >     >     --
     >     >     >     Orion Poplawski
>     >     >     Manager of NWRA Technical Systems 720-772-5637
     >     >     >     NWRA, Boulder/CoRA Office             FAX:
    303-415-9702
     >     >     >     3380 Mitchell Lane or...@nwra.com
    <mailto:or...@nwra.com>
     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>>
     >     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>>
     >     >     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>
     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>>>
     >     >     >     Boulder, CO 80301 https://www.nwra.com/
    <https://www.nwra.com/>
     >     <https://www.nwra.com/ <https://www.nwra.com/>>
     >     >     <https://www.nwra.com/ <https://www.nwra.com/>
    <https://www.nwra.com/ <https://www.nwra.com/>>>
     >     >     >     <https://www.nwra.com/ <https://www.nwra.com/>
    <https://www.nwra.com/ <https://www.nwra.com/>>
     >     <https://www.nwra.com/ <https://www.nwra.com/>
    <https://www.nwra.com/ <https://www.nwra.com/>>>>
     >     >     >
     >     >     >     _______________________________________________
     >     >     >
     >     >     >     clamav-users mailing list
     >     >     > clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>
     >     <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>>
     >     <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>
    <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>>>
     >     >     <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>
     >     <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>>
     >     <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>
    <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>>>>
     >     >     >
    https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>
     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>>
     >     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>
     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>>>
>     >     >  <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>
     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>>
     >     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>
     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>>>>
     >     >     >
     >     >     >
     >     >     >     Help us build a comprehensive ClamAV guide:
     >     >     > https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>
     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>>
     >     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>
     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>>>
     >     >     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>
     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>>
     >     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>
     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>>>>
     >     >     >
     >     >     > http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>
     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>>
     >     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>
     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>>>
     >     >     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>
     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>>
     >     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>
     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>>>>
     >     >     >
     >     >     >
     >     >     > _______________________________________________
     >     >     >
     >     >     > clamav-users mailing list
     >     >     > clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>
     >     <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>>
     >     <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>
    <mailto:clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>>>
     >     >     >
    https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>
     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>>
     >     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>
     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
    <https://lists.clamav.net/mailman/listinfo/clamav-users>>>
     >     >     >
     >     >     >
     >     >     > Help us build a comprehensive ClamAV guide:
     >     >     > https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>
     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>>
     >     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>
     >     <https://github.com/vrtadmin/clamav-faq
    <https://github.com/vrtadmin/clamav-faq>>>
     >     >     >
     >     >     > http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>
     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>>
     >     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>
     >     <http://www.clamav.net/contact.html#ml
    <http://www.clamav.net/contact.html#ml>>>
     >     >
     >     >
     >     >     --
     >     >     Orion Poplawski
     >     >     Manager of NWRA Technical Systems          720-772-5637
     >     >     NWRA, Boulder/CoRA Office             FAX: 303-415-9702
     >     >     3380 Mitchell Lane or...@nwra.com <mailto:or...@nwra.com>
     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>>
     >     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>
    <mailto:or...@nwra.com <mailto:or...@nwra.com>>>
     >     >     Boulder, CO 80301 https://www.nwra.com/
    <https://www.nwra.com/>
     >     <https://www.nwra.com/ <https://www.nwra.com/>>
     >     >     <https://www.nwra.com/ <https://www.nwra.com/>
    <https://www.nwra.com/ <https://www.nwra.com/>>>
     >     >
     >     >
     >
     >
     >     --
     >     Orion Poplawski
     >     Manager of NWRA Technical Systems          720-772-5637
     >     NWRA, Boulder/CoRA Office             FAX: 303-415-9702
     >     3380 Mitchell Lane or...@nwra.com <mailto:or...@nwra.com>
     >     <mailto:or...@nwra.com <mailto:or...@nwra.com>>
     >     Boulder, CO 80301 https://www.nwra.com/ <https://www.nwra.com/>
     >     <https://www.nwra.com/ <https://www.nwra.com/>>
     >


-- Orion Poplawski
    Manager of NWRA Technical Systems          720-772-5637
    NWRA, Boulder/CoRA Office             FAX: 303-415-9702
    3380 Mitchell Lane or...@nwra.com <mailto:or...@nwra.com>
    Boulder, CO 80301 https://www.nwra.com/ <https://www.nwra.com/>



--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                 https://www.nwra.com/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to