Hi Sebastian, here on Ubuntu LTS i have the same issue.
Check the permission for: - /etc/init.d/clamav-deamon - /etc/init.d/clamav-freshclam By unknown reasons, they have the wrong permission by default. It must have 0755, then it works well! kind greetings Marc Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Sebastian <mailto:sebast...@debianfan.de> Gesendet / Sent: Donnerstag, Dezember 21, 2023 um 10:04 (at 10:04 AM) +0100 Betreff / Subject: [clamav-users] Clamav does not recognize known viruses
Good morning, I use clamav with the additional signatures from securiteinfo. ClamAV 0.103.10/27129/Wed Dec 20 10:38:37 2023 Some time ago clamav was due for an update - since then it has recognized almost nothing. I start the scan with: clamscan -i --move=/home/virusverdacht/erkannt /home/virusverdacht /etc/clamav/freshclam.conf: [...] DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate true LogTime true Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav DNSDatabaseInfo current.cvd.clamav.net ConnectTimeout 30 ReceiveTimeout 0 TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no Bytecode true NotifyClamd /etc/clamav/clamd.conf # Check for new database 24 times a day Checks 24 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2 DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malware.expert.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxxx/securiteinfo.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo.ign2 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxx/javascript.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/spam_marketing.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfohtml.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfoascii.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfoandroid.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfoold.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfopdf.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo0hour.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo.mdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo.yara DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxx /securiteinfo.pdb [...] /etc/clamav/clamav.conf [...] LogFile /var/log/clamav.log LogTime yes LogSyslog yes LogFacility LOG_LOCAL2 PidFile /var/amavis/clamd.pid DatabaseDirectory /var/clamav OfficialDatabaseOnly no LocalSocket /var/amavis/clamd LocalSocketMode 660 FixStaleSocket yes DetectPUA yes IncludePUA Spy IncludePUA Scanner IncludePUA RAT AlgorithmicDetection yes ScanPE yes ScanELF yes DetectBrokenExecutables yes ScanOLE2 yes ScanPDF yes ScanMail yes ScanPartialMessages yes PhishingSignatures yes PhishingScanURLs yes PhishingAlwaysBlockSSLMismatch no PhishingAlwaysBlockCloak no HeuristicScanPrecedence yes StructuredDataDetection yes StructuredMinCreditCardCount 5 StructuredMinSSNCount 5 StructuredSSNFormatNormal yes StructuredSSNFormatStripped yes Bytecode yes [...] I suspect he ignores the additional signatures. But where is the mistake here? greeting Sebastian _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat