Re: [clamav-users] - Can't connect to UNIX, socket /var/run/clamav/clamd.ctl
Paolo De Michele skrev den 2013-11-01 01:08: how can I fix it? freshclam -D show us the error in case its stock, delete the mirrors.dat file in databasedir maybe even delete all content of that dir except main.* and daily.* ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] - Can't connect to UNIX, socket /var/run/clamav/clamd.ctl
Paolo De Michele skrev den 2013-11-01 16:59: honestly, I do not think that increasing my VPS to 1gb of ram solve the situation hmp how can I fix it? try another vps ? btw swap can be on a swap file, not just a special swap partion other then that you can try resolve clamd to max 1 threads, so it uses less ram, there is póssible other ways of reduce ram usage, but unless some create a ticket for this it will not be solved ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] virusnames .UNOFFICIAL
Andreas Schulze skrev den 2013-11-05 14:20: we use clamav with local created pattern. Detected content is marked with "virusname.UNOFFICIAL". That confuses some people here. clamav is opensource so patch will be welcommed :=) I think about a local patch to clamav to change the string UNOFFICIAL. Would it make sense to make the extension string configurable via clamd.conf? Did somone already implemented such feature? would make more sense to have documented how to build own cvd signature files, but the abouve would be nice aswell, i think it would be nice to see something like ... in that format as standard, that would also help out lowmem sites that does not want to use full signatures in main.cvd pua catagoring it more could extend this ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] sigwhitelist.ign2 whitelist not working
lcon...@go2france.com skrev den 2013-11-11 20:39: freebsd FreeBSD mx1.hctc.net 7.2-RELEASE clamav-0.95.1 (yeah, I know) need to whitelist: report them to sanesecuity maillist, not clamav maillist since its unofficial sigs :) ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] sigwhitelist.ign2 whitelist not working
Andreas Schulze skrev den 2013-11-12 09:58: But it looks like clamav does not load/use/recognize all entries: $ clamscan --debug /tmp/falsepositive 2>&1 | grep -e 'local.ign2' -e 'Ignoring signature' LibClamAV debug: /var/lib/clamav/local.ign2 loaded LibClamAV debug: Ignoring signature Eicar-Test-Signature Any hints/ideas? dont know if its that the whitelist for this signature should be whitelisted with the old whitelist format ? if its not this then i am lost aswell ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] System plays the "William Tell Overture"
Michael Orlitzky skrev den 2013-11-27 02:27: Do you have any asshole friends who've used your PC lately? we all have one :) This sounds like the answer to the question, "I have my buddy Dave's computer for the next five minutes, what's the most annoying thing I could do?" FAQ: Q: if non root users plays anouing sounds A: init 1 (as root user, note this must be done in tty0) does the sound still play ? if yes, you are rooted with some bios or centos hack if no see what non root tasks plays ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] how to reduce memory
黄海涛 skrev den 2013-12-13 15:12: hi when virus database(main.cvd & daily.cvd) is loader which consumers 206M memory, is there any way to reduce memory, such as by using simplified version of virus database (Does small virus database exist?) or by filtering some lowerly-graded sig,or by editing clamav.conf ? simplest is to add more ram, other ways costs signatures, and you will loose if there is virus in less signatures slipping through another way could be to only load daily, not main ? i am open to talk about how memory limit could be done, since the database would extend more in future, and its would be best to have a solution before all just stopping using main :( ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] some questions about virus databas
黄海涛 skrev den 2013-12-17 09:52: what is the difference between main.cvd and daily.cvd? main.cvd does not being updated daily basicly what is the meaning of daily? signatures will be in this file first please introduce each of virus database. it will take me longer to write then to read wiki What size will daily.cvd be in one year? it could be small as a blueray disk :) Is signatures classified? yes, its is, but there is not yet one to get low mem scanning safely yet If yes, what do it has? in what way ? I'm going to filter signatures whose level is low when loading main.cvd because the memory is too little. now i have more qeustions then you, since i dont know what you mean here ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] clam av Red Hat installation
Joshua Soulwin Malayappan skrev den 2013-12-24 06:29: I got the below error Failed dependencies: libz.so.1(ZLIB_1.2.0.2)(64bit) is needed by clamd-0.98-2.el6.rf.x86_64. report this here is fine, but it does not solve redhat dependice hell with precompiled problems, so report it to redhat bugzilla would help more if you are the first to report it, others running redhat enterprise would thank you for this ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] the relationship between offset(signature in main.mdb) and time(signature be added to main.mdb)
黄海涛 skrev den 2013-12-30 15:47: Is it rigth that the signature whose offset is farther is newer in main.mdb (mian.cvd) or daily.mdb(daily.cvd)? i dont understand your queststion ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain false-positive
On 2014-02-02 18:43, Alex wrote: The heuristics engine is only used for selected financial institution domains (currently 263) listed in daily.pdb as H: It looks like I only have daily.cld. Can you explain what you mean here? cd /tmp && sigtool --unpack-current=daily there you find what you have ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Block all "EXE/SRC" or MS-EXE/DLL file
On 2014-02-13 10:48, Sim wrote: Which is the best solution/way to block all EXE/executable files? http://sanesecurity.com/foxhole-databases/ or submit samples to clamav http://www.clamav.net/lang/en/sendvirus/ ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Block all "EXE/SRC" or MS-EXE/DLL file
On 2014-02-13 11:29, Jesse Nicholson wrote: Need to write an anti virus that uses the NIST NSRL database and operate it as a white list based AV. The db contains some 100 million hashes of known good binary files. I tried to crowd fund to do this but no one was interested. it would be silly to load such big db, better would be to check signed headers in exe files, eg when you download exe files that is an installer, it mostly says this is a known publisher or not :=) clamav should just check this info, think about how pgp mail works ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] fireclam log
On 2014-02-14 09:36, Steve Basford wrote: There is an option to contact the author for support/suggestions... why cant clamdscan not use a running clamd socket to check files instead of load db itself ?, why had sorcefire not make that possible ? does clamwin create a clamd socket ? if so it should work transperant on linux and windows for this fireclam plugin i olso think clamwin have onaccess scanning pr default, and linux can have it aswell so fireclam is not need then ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Block all "EXE/SRC" or MS-EXE/DLL file
On 2014-02-14 10:01, Steve Basford wrote: Just a POC ;) share somewhere how to build this 2 files ? i still have less then 2GB ram on my mailserver, so using it will be lots of more ram needed foxhole uses less ram to do basicly the same ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Finding infections in a tar-ball
Mischa Coenen skrev den 2014-04-11 10:31: Anybody advice what could be the issue? if its not in tarball one would use --recursive if subdirs would be scanned aswell, if you see this is not working in archive files that clamav can unpack then its imho a bug so try scan a tarball with --recursive ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Silly question - clamav - linux viruses?
Dave Shevett skrev den 2014-04-17 16:46: But, can I say "clamav does not scan for linux viruses" or is that not true? there is talented fools on every distros whats the point of tripwire when upstream management md5 sum there installs ? okay windows have there problems aswell to allow unsigned installs to be allowed, but in linux its still need atleast root access to let this happend elf scanner in clamav might be waste of resources ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] FP-Report: Email.Trojan-417
Sending the jpg file is not an option without puting it in a zip archive first? It does not pay of to compress jpg without jpg tools, that sayed if it just to get single attachment on mail it still make sense to use zip for a container file Dont know a solution else -- Sendt fra min Android telefon med K-9 Mail. Undskyld hvis jeg er lidt kortfattet. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] reported before, makes no sense
Gene Heskett skrev den 2014-05-16 06:38: Can we please get this FP removed? 3dr party sigs does not make sense to blame on clamav maillist ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] reported before, makes no sense
Gene Heskett skrev den 2014-05-16 08:03: On Friday 16 May 2014 00:59:44 Al Varnell did opine And Gene did reply: UNOFFICIAL means it did not come from ClamAV® Now what? Shut down my daily scan? clamconf | grep -i database make sure this dir does not contain unofficial sigs not possible to check ? maybe just restart clamd ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Tips for low memory systems
Michael Heuberger skrev den 2014-05-28 03:47: Too bad :( apt-get source clamav -b possible ask for maintainer support on lunchpad ? come on :=) ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] build a CVD file using sigtool
On 2. jun. 2014 13.36.42 CEST, Andreas Schulze >what's wrong here --build=database dont include subdir there -- Sendt fra min Android telefon med K-9 Mail. Undskyld hvis jeg er lidt kortfattet. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] build a CVD file using sigtool
On 2. jun. 2014 13.36.42 CEST, Andreas Schulze wrote: >Hello, > >we are creating signatures mostly using procedures described in >~clamav-src/docs/signatures.pdf >The resulting files *.hdb, *ign2, *db are copied to a clamav datadir >and used by clamav. >Thats fine. > >As far as I understand I could combine these files to a custom CVD. >For that reason I tried this procedure: > >$ install -d /tmp/testing && cd /tmp/testing >$ echo testing > COPYING > >$ sigtool --md5 /etc/issue > issue.hdb use --build=issue.cud then build is only include files based on basename and you tryed load db.* in next line retry and see it works note the issue.info file when created thanks for helping me solve it > >$ cat issue.hdb >174fd67875b42f41746ea8ae50f9b4b7:28:issue > >$ install -d out > >$ SIGNDUSER=me sigtool --unsigned --datadir=. --build out/db.cud >--max-bad-sigs 0 --cvd-version 1 >WARNING: build: Signatures in out/db db files: 0, loaded by libclamav: >1 >LibClamAV Error: cl_cvdhead: Can't open file ./out/db.cud >Version number: Total sigs: 1 >New sigs: 1 >Created out/db.cud > >$ sigtool --unsigned --info out/db.cud >File: out/db.cud >Build time: 02 Jun 2014 13:20 +0200 >Version: 1 >Signatures: 1 >Functionality level: 77 >Builder: me >Verification: Unsigned container > >... looks good, but I cannot use the file: > >$ clamscan --database=out/ /etc/issue >LibClamAV Error: cli_tgzload: Slash separators are not allowed in CVD >LibClamAV Error: Can't load out/db.cud: Malformed database >LibClamAV Error: cli_loaddbdir(): error loading database out/db.cud >ERROR: Malformed database > >--- SCAN SUMMARY --- >Known viruses: 0 >Engine version: 0.98.4-rc1 >Scanned directories: 0 >Scanned files: 0 >Infected files: 0 >Data scanned: 0.00 MB >Data read: 0.00 MB (ratio 0.00:1) >Time: 0.002 sec (0 m 0 s) > > >what's wrong here > >Btw: could someone explain the difference between cvd, cld and cud ? > >Thanks, >Andreas -- Sendt fra min Android telefon med K-9 Mail. Undskyld hvis jeg er lidt kortfattet. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] building a cud file
On 18. jun. 2014 20.51.50 CEST, Steve Basford wrote: >Hi All, > >I'm playing with .cud file creation from a couple of files... > >testdb folder > >COPYING >testdb.hdb >testdb.ndb > > >set SIGNDUSER=me >sigtool --datadir=testdb --build=testdb.cud --unsigned --cvd-version 1 Change --datadir to . It must imho be issued in the datadir else it will include subdirs into the cud file, with is invalid Please confirm its working if using --datadir=. But fails its subdir > >WARNING: build: Signatures in testdb db files: 2674, loaded by >libclamav: >5348 >Total sigs: 5348 >New sigs: 5271 >Created testdb.cud > >I can see testdb.cud and testdb.info... > >but... > >clamscan --database=testdb.cud >LibClamAV Error: cli_cvdload: Corrupted CVD header >LibClamAV Error: Can't load testdb.cud: Malformed database >LibClamAV Error: cli_loaddbdir(): error loading database testdb.cud >ERROR: Malformed database > > >Has anyone who has got this working, do a quick how-to? Sigtool is also unable to unpack it Did you test with 0.98.4 or 0.98.3 ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Bad detection rate
On 23. jun. 2014 19.36.58 CEST, Steve Basford wrote: > >Sanesecurity.Malware.23787.ZipHeur >Added: 23 Jun 2014 09:32:40 UT I have a dream on virustotal start using 3dr party clamav signatures ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] db.sk connectivity?
On 17. jul. 2014 12.04.58 CEST, Matus UHLAR - fantomas wrote: >it seems db.sk.clamav.net has connectivity issues, the transfer goes >horribly slow. should not being a problem being slow imho :) >is there a possibility to detect this so freshclam will switch to other >mirror? OR, can I tell freshclam to switch? only by choice another country mirror, each country is round- robin dns selected, ironical nearest country is not always fastest one, here in danmark i have seing au being faster then dk to devs: can freshclam log speed last time used in mirrors.dat so it could select fastest mirror based on last time connect ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] ClamAV®: The new ClamAV.net is here!
On 4. sep. 2014 07.54.34 Andreas Schulze wrote: It's handy to point a user to the official Website to proof that he's running outdated viresscanner. Freshclam gives a warning of outdates here just fine, does not need external tools to tell me that, are admins so dump todays ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Where can I download the daily.cvd and main.cvd files
Run freshclam ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why are the ClamAV team so slow at creating signatures ?
On October 6, 2014 3:37:34 PM Tim Smith wrote: > are you really trying to compare response times from PAID sollutions to the free/community maintened ones ? Of course not, the paid solutions will always be better. Dream on, my commodore 64 is the best 8bit computer ever not needing antivirus at all, restarting it cleans any virus for free, sorry could not resists But three days to get some definitions pushed out for a zero-day is a bit on the slow side, you must agree ! You are free to define opensource as you wish, but call paid prebuildt software always better is not correct, but mostly just marketing What other av product can you make your own virus signatures with, not usefull, hmm ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why are the ClamAV team so slow at creating signatures ?
On October 6, 2014 4:21:58 PM Tim Smith wrote: Seriously, why should I mess around with creating virus signatures, its a waste of my time. Well sayed, this maillist here is not waste of your time, can you pay back now ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: What is the signature count?
On October 10, 2014 8:05:11 AM Prasanna Lotke wrote: Can anyone tell me how many signatures does Clam virus database have? Or how many malwares can it detect? Try run freshclam ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: What is the signature count?
On October 10, 2014 9:05:47 AM "Steve Basford" wrote: Total: 249,167 Recalc that ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Amavis or ClamAV?
On November 7, 2014 9:13:31 PM Edgar Pettijohn wrote: It looks like I finally got my config working correctly, however I now see the following errors. You have it poosible working in a insecure way, read the url below, for a solution that does not use 777 permissions Clamav user is a member of Amavis group and permisions for directory above are 777. Any hints? Dont use chmod 777 ever anywhere http://unix.stackexchange.com/questions/91874/postfix-amavis-new-clamav-permission-denied-error ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Amavis or ClamAV? [SOLVED?]
On November 7, 2014 10:02:48 PM Edgar Pettijohn wrote: I didn't notice the "/parts" above and changed permissions and that seems to have fixed things. Sorry for the noise. Amavis does not reuse parts dirs, so its not a fix what you did ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter & logrotation
Use logrotate in clamav-milter, not external logrotate, then you dont need to restart ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter & logrotation
Andreas Schulze skrev den 2014-11-18 08:16: But notthing for rotation. what version do you have ? clamconf please, possible upgrade config files if you have oldconfig ? :=) imho clamconf can create updated new default confs clamav 0.98.4 sure have logrotate here ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Clamsubmit option -p
Is the help text correct ? Fase possitive ? If running clamsubmit do i need to extract content first with eg ripmine if content is in email or does clamsubmit self do all this ? What is a fp and fn ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Sigtool :(
I cant figure out how to build cud files yet with 0.98.5 Is there a guide somewhere for this ? It fails with build name, and sigtool interactive ask for the build name, but fails to build with the type answer :( Env variables is not explained anywhere ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamsubmit option -p
On 1. dec. 2014 15.58.15 Shawn Webb wrote: No need to extract files prior to submission, though it would certainly accelerate analysis if you did. The acronym "FP" means "False Positive"--a file that erroneously caused ClamAV to report a virus. The acronym "FN" means "False Negative"--a file that was erroneously reported as clean by ClamAV. Thanks now i know the diffrence, will submit some fn, currently only detected with foxhole, but i think the real virus/malware should be detected undepended of archive extension ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] url scanner
On 18. dec. 2014 15.30.08 polloxx wrote: Since more and more malware is not attached to a mail but only an url to it, detecting it is challenge. Is there any good url scanner avalable for Clamav? Squidclamav via icap in squid, then safebrowsing comes more to mind ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Custom clamav rule to block exe and scr files in archive.
Virgo Pärna skrev den 2015-02-05 09:46: Recently I have received some viruses that have scr inside zip arhcive inside zip archive. And also there have been some cab's containing exe files. google foxhole clamav Since I have already blocked exe and scr files in exim mime check I did try to search Google for blocking those files inside archives. And since I did not have mutch success with it, I decided to post sample rules here. this is a foxhole rule snippet :=) my question will be what happen in clamav if scr is double packed with zip ? so the first unzip will be another zip file, that contains the scr file, hopefully foxhole rules do test it or clamav unpack all ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Custom clamav rule to block exe and scr files in archive.
Virgo Pärna skrev den 2015-02-05 13:59: Well, foxhole is something I never thought to Google:) +1 Clamav does unpack archives recursively up to 16 levels (by default). yep, it just create another problem, zip bomps For clamd it is set with MaxRecursion configuration value, for clamscan with --max-recursion=N command line switch. So that rule matches still. unless the scr is nasted 17 times in zip so i think foxhole need to test if zip contains another zip, when --max-recursion=1 And I do doubt, that such viruses are hidden deeper. I would at least think, that odds of users accidentally executing such file would decrease with deeper nesting. if just end users did not press to see attachment from unknown senders, it would be less of a problem, and if microsoft blocks installers or exe files from unknown signers when users running administrator mode, it would make a big diffrence i try to defend developpers to not create clamav as a elf installer :=) there is lots of such badnees already ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)
Daniel Spies skrev den 2015-02-22 01:42: Any help is greatly appreciated. LocalNet localdomain PS: why does 127.0.0.1 not resolve ? post /etc/hosts for more help :=) is the client ip in clamav-milter really in local domain ip listed ? host 127.0.0.2 host 127.0.1.1 host 192.168.1.1 if this ips resolves to local (TLD), then clamav-milter will not scan check whitelist sender in clamav milter conf if its just to have system users not scanned, if its users that have @ in username use smtp auth ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)
Daniel Spies skrev den 2015-02-22 02:28: Maybe LocalNet is the wrong option (?) but how else would I stop clamav-milter from scanning outgoing e-mail then? in postfix master.cf: for the pickup add -o non_smtpd_milters= eg no milter for this service or much better dont add milters in main.cf, but only in master.cf for the incomming service port 25 note check man resolv.conf for inet6, and or /etc/gai.conf eg make sure ipv4 first for non routeble ips ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)
Daniel Spies skrev den 2015-02-22 03:19: Yes, but I have (still) enabled sending e-mail to port 25. This would only work for submission (see my other e-mail). yes i remember that problem here aswell, so far i think postfix does not honner it to disable smtp auth on port 25 while have it enabled on other ports :( atleast i see AUTH discarded in skip ehlo prefer to keep STARTTLS on :=) but postfix keep AUTH, dont flame me, but test it, if 3 or more can confirm it then we can possible report this problem on postfix maillist note check man resolv.conf for inet6, and or /etc/gai.conf eg make sure ipv4 first for non routeble ips Do you mean I should add IPv4 addresses first to the LocalNet option? if its more simple to make all ipv6 addresses resolve with local TLD no problem :=) ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] format of current.cvd.clamav.net
On February 24, 2015 10:27:47 AM Andreas Schulze wrote: Hello, could somebody explain the meaning of the field in the mentioned TXT record ? $ dig current.cvd.clamav.net txt +short "0.98.6:55:20101:1424766540:1:63:43056:246" Field1: 0.98.6 -> current software version Field2: 55 -> ? Field3: 20101 -> current pattern number Filed4: 1424766540 -> timestamp for what ? field2 is signed version number of main.cvd field4 is unixtime of buildtime sigtool --info /path/to/main.cvd ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Unsubscribing From Update List?
Shawn Reynolds skrev den 2015-03-09 03:16: How do I unsubscribe from the ClamAV update list? I currently have about 80 emails of it in my inbox, and it is keeping me from important e-mails. press the last link on every here gives you a nice webpage that holds info on what maillists exists, then select the one you dont want to be on an select unsubscribe but imho you have more problems then just subscribe and or unsubscribe, here i have around 5 mails and still can find your mail, folders :=) sadly maillist owners forbid reply private :( ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam failing
James Brown skrev den 2015-03-12 00:04: Freshclam keeps failing for me. I delete the Mirrors.dat file and try again. Sometime it works, sometimes it claims that all of the mirrors are not synchronised. freshclam --list-mirrors try change mirror country temporary, but mirror admins would solve from the --list-mirrors ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] daily.ftm
Steve Basford skrev den 2015-06-19 12:39: daily.ftm seems to be out-of-sync with the latest filetypes_int.h okay Eg, 4546492050415254 is missed and a few of the newer ones. i miss dokumention of daily.ftm does it overlab with sanesecurity.ftm ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Question
Gene Heskett skrev den 2015-06-30 15:26: Do I need to restart freshclam, or whatever to bring that setting in? imho its just so 2x each day you check dns for updatees, http servers is only abused if dns says you are behind latest in dns yes freshclamd need to be restarted if conf are edited/changed ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] [Fwd: [sanesecurity] Hacking Team detection]
Gene Heskett skrev den 2015-08-07 18:39: On Friday 07 August 2015 12:34:54 Jim Popovitch wrote: clamscan --database=/tmp/hackingteam.hsb -ri / Chuckle, and will, on this system, take a loooggg time. :) rsync is slow first time, 2nd download is faster btw extradatabase is for signed 3rd party signatures, with imho is not even close to work still :( ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] [Fwd: [sanesecurity] Hacking Team detection]
Scott Kitterman skrev den 2015-08-08 00:34: 0.99 isn't released yet, so of course it's not in wheezy. It is in Experimental where it belongs. No yelling needed. freshclam.conf have more options on fetch 3dr party sigs, but since its entirely http is not gpg checked, so if it really did that, it would be very cool check clamconf output on how to configure freshclam would be a good start, but i would as much hope to see extradatabase begin to get stable, and olso hope that sig creators can use sigtool to build cvd self signed i cant see why it should not be supported ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV Update Authenticity?
Thomas Peterson skrev den 2015-08-11 21:59: Is there a method to authenticate ClamAV updates? I see that GnuPG can be used to verify the signature of the ClamAV installation, what about the virus database updates. I use ClamAV completely offline and do not have the ability to connect directly to any network for updates. I use a machine with internet access to download the updates and then transfer them manually. If anyone has any ideas on how to authenticate ClamAV database updates, please let me know. if you use official signatures thay are digital signed, if you use 3dr party signature it must be gpg signed there is download scripts that automate this, ironical http://sanesecurity.com/ is a wordpress site that is infacted with mailware popups :( i have reported this before but maybe only me that can see the fun in it ? on that site check usage menu still need help ask for this here again ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning Win32 Volumes
J skrev den 2015-08-18 21:18: I haven't been able to find this answer in the archives. Can I scan WinXP archive drives for malware with ClamAV running on my Ubuntu laptop and find any viruses, bots, or whatever? With ClamAV, I'll just have to delete the infected files, correct? No cleaning? https://www.google.dk/search?q=clamwin clamwin can use clamav signatures ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] PUA.Script.PDF.EmbeddedJS-1
aklist skrev den 2015-09-02 00:37: Hi All: A PDF attachment to an email was scanned by clamAV and found to have the following virus: PUA.Script.PDF.EmbeddedJS-1 PUA is not a false possitive I googled around on this and found some reports that it's a false positive. see above I'm still running 0.96.1 on MacOS 10.6.8, and I realize that it is out of date, but I was curious if later versions of clamAV would also flag this virus? check clamd.conf and set DetectPUA to NO since its default NO you have edit it already ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] PUA.Script.PDF.EmbeddedJS-1
Al Varnell skrev den 2015-09-02 02:28: Of course, chances are extremely high that even a malicious javascript would be Windows based and no threat to a Mac, but that’s probably beside the point. and javascript does not work on mac ? possible ignore me :=) ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] DB update and clamav-milter delay
On September 29, 2015 10:16:13 AM Marco wrote: 2015-09-29T01:03:53.151179+02:00 av2 clamd[15201]: Database correctly reloaded (5342845 signatures) as i see you use alot of 3rd party sigs Is there a way to speed up this phase? Maybe putting the db files into a RAM fs? waste of ram more help give clamconf on pastebin with a link here is your main and daily uncompressed or compressed ? cvd vs cld files to developpers make a option in sigtool to resave cld to cvd and visa versa, this vill speed up reloads, eg cvd files makes reload slow, but cld fast as possible ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] DB update and clamav-milter delay
On September 29, 2015 1:55:47 PM Andreas Schulze wrote: I see it relaxed because I *do run* one of these mirrors and I make sure to not bother other mirrors that way... +1, our point is more do not use freshclam from cronned shell, but when its local mirror it will miss dns data update to tell freshclamd to get new sigs, chicken and eg problem that only can be solved with freshclam in crontabs ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] DB update and clamav-milter delay
On September 30, 2015 9:12:01 AM Marco wrote: I have daily.cld time saver since its uncompressed main.cvd time waster since it compressed to get the uncompressed main.cld find a older main.cvd and freshclam update it with scriptedupdates yes, when its main.cld you no longer use time to unpress data ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Interesting report from clamscan after adding new database
On October 15, 2015 5:04:36 PM Gene Heskett wrote: So they will be gone from tomoorows scan report. no backup ? Clamav user list, comments please? foxhole is 0day signatures, so you find files that match it in localhost does not mean its virus ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Interesting report from clamscan after adding new database
Gene Heskett skrev den 2015-10-15 17:27: Ok, but how do I keep clamscan from using it, when its clamdscan, scanning the incoming mail via this recipe in my .procmailrc add --official-db-only=yes to clamscan or for clamdscan search for this option in clamd.conf more info in man clamscan VIRUS=|clamdscan --stdout - that needs it far worse? The last hit it found was on September 8th. if you dont like to have pittza from danmark yes :=) eg if your goal is to keep clean email from tarballs with source codes or patches keep it as is, you know where the source is anyway, no need for anyone to send it via email so for email keep settings as you have, but for scaanning local ignore 3dr party sigs ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Interesting report from clamscan after adding new database
Gene Heskett skrev den 2015-10-15 17:32: Amanda will have them yet for about 29 more days. But they are very very old, with lots newer versions readily downloadable. so amanda is not usefull here Can freshclam be used to keep it up to date? If so, how? yes, but in case dns is spoffed you get unsigned signatures that is not possible to gpg verify, dont download things that is not signed, hopefully freshclam will use https with dane tls in future, if that happens we can get rid of bash :=) ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] some clamd.conf issues
Michael K. skrev den 2016-01-11 13:14: the file "clamd.conf" is owned by "root" - this is not correct? maybe you have a old clamav installed with a new systemrc ? anyway try see clamconf with list all valid config entrys ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav-milter crash
i have seen it do this so many times now that i like to know if its just me that use it or its known problem upgrade to 0.99 does not help, currently on the stable gentoo 0.98.7 is there a github version of clamav ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter crash
On 2016-01-26 16:46, Steven Morgan wrote: If this is still a problem with the most current software on github, please create a bug report at http://bugzilla.clamav.net. Please attach samples that result in the crash. this is the hard part if not recieved i have added clamav- now to fidonet overlay on gentoo layman -a fidonet emerge --autounmask-write =clamav- etc-update emerge -av clamav would be good if other gentoo fellows help debug clamav-milter ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fw: important message
On 2016-01-28 19:50, Al Varnell wrote: Yet another malware site. Can we get this guy off the list please. + add sanesecurity sigs to maillist server could help even more ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Non-repudiation
On 2016-01-29 09:27, Steve Basford wrote: As Sanesecurity have been doing this for 10 years this year, hopefully the GPG key can be trusted ;) will extradatabasee ever be used in freshclam :( will unofficial ever go away :( thanks for the github link btw, seems i can finaly stay with clamav-milter, just little unsure how to make a gdb backtrace in case it fails, what i only test now is that clamav-milter do not crash its now 3 year since main.cvd is updated ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Non-repudiation
On 2016-01-29 23:28, Al Varnell wrote: Not sure how you would arrive at that conclusion. SaneSecurity is not affiliated with Cisco/SourceFire/ClamAV. sadly true :( hopefully all 3dr party sigs will be sourcefire signed oneday until then gpg works ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ScanOLE2 yes disables macro virus detection
On 2016-02-08 22:26, Steven Morgan wrote: I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to investigate and track the issue. Plz sign up for an account at https://bugzilla.clamav.net and send me the user id and I will CC you on the bug. Once that is done, I will need for you to attach your signatures and sample files to the bug report. arg :( clamav is on github, so there is 2 bugtrackers ? You are not authorized to access bug, graet way to say we dont want your bugs https://github.com/vrtadmin/clamav-devel/issues ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No supported database files found
On 9. mar. 2016 15.56.30 farbod emami wrote: please help Run freshclam If it fails, what settings are shown in clamconf Dont post clamconf here, if need more help pastebin it and share link to it ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.
On 8. mar. 2016 04.00.59 "Joel Esler (jesler)" wrote: http://blog.clamav.net/2016/03/clamav-will-release-new-maincvd-and.html The estimated size of these files are 100 MB and 10 MB respectively. Daily 115M Main 156M Bytecode 402K All in uncompressed size, so the estinated is compressed ? I think about memory usage in future aswell ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why did you block me clamAV page??
On 2016-03-13 14:41, Jaroslav Fojtik wrote: ould you tell me any idea how to undo this. speculation: that ip is used more then from you eq its a isp NAT connection that is from cloudflare is seen as heavy single user :( years ago all mailservers used pop-before-smtp to allow authed mail senders, it just had the exact same problem you possible have here ask your isp if you are using shared nated ip setup, if so ask them for help to possible get one that is not nated, if thats not possible ask your isp to let cloudflare know its nated ip so cloudflare can take this into account for limits best solution could be ipv6 aswell hopefully clamav.net dont mind have ipv6 webservers sorry if im out of track ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why does this happen?
On 2016-03-16 23:30, Scott Galambos wrote: I had to completely restart the server, not just restart the daemons for some reason. Its off now and not scanning encrypted PDF's. glad you found the issues about it another time you can make a new default config from clamconf -g clamd.conf >/tmp/clamd.conf and then diff this with your own config to see if new or settings is changed or missing in your own config Thank you. no problem ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why does this happen?
On 2016-03-16 23:04, Steven Morgan wrote: server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf testfile.pdf /temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND Why? How do I stop this? is clamconf saying this clamd.conf is default config ? is there diff results from using clamscan --config foo and clamdscan --config foo ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Locky Dridex plan
one more reason to use gentoo where i created a github master trunk ?, now i just emerge @live-rebuild to get the latest stable clamav nothing happens if users dont notifify maintainers of precompiled problems ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] zip, rar, jar, ... how to delete all exe's and others files?
On 2016-04-14 16:15, Kris Deugau wrote: Does anyone have any examples of valid signatures for the .cdb sigfiles? http://sanesecurity.com/foxhole-databases/ "whatever"), but based on what I've tried so far that's apparently not valid. yes i have hard to get more info on cdb format files aswell, seems undokumted as is The only thing I want to match on is the name of the files in the archive. .zmd and .rmd still work for that. take one or more of the foxhole databases, and possible if succes share that signature here, it might be usefull for more then one i prefer 0day signatures in this wondorfull world of malwares ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV - References
On 2016-04-19 01:33, Paul Kosinski wrote: "However, as a bank, our security department do not like to use such free opensource initiatives." 1: clamav is open source 2: clamav does not need cisco signatures what to loose here ? if banks would compiled clamav self, and add own trusted signatures there would be no loose anywhere compareing to closed source alternatives i still dont get it :( ftw: clamav-milter can run in tag only mode so later processing can use that tags for more in deep trouble problem resolving but clamav it self will not remove virus either its just a very powerfull scanning engine ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV - References
On 2016-04-19 14:15, Leonardo Rodrigues wrote: My personal experience show that when IT teams cames with these 'we don't like free/open source software', it actually means they will NOT accept that solution, no matter how much data you gather to prove that that would be a great solution. indeed, its free so it must be very bad since alternatives cost money but i say that clamav engine does not forbid to remove cisco signatures and build own signature databases, if such signatures turns out to be very good signatures banks can submit them to cisco so it can be in daily. database later here i have learned enough to make my own local.cud database file with all my own signatures in, i keep that private since its of no use outside of localhost ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav users break dkim signed mails
so if yahoo.com users subscribe thay will later be unsubscribed as long as clamav users break dkim i see forward to have this solved aswell for yahoo.com users its not a option for me to ask yahoo.com to fix there dmarc, but please check my dmarc fail or pass, where did it break ? hopefully mailadmins wake up ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav users break dkim signed mails
On 2016-05-30 03:30, Dennis Peterson wrote: Mail list servers and dkim are generally poorly compatible. I'm not aware of a way to send a signed message to a list then have the list resend it to all members while preserving the dkim signature. There's been no shortage of debate on the topic. Both yahoo and smtp are in a death spiral anyway so it probably won't matter soon. if yahoo users start asking why thay cant stay on maillists with dmarc reject if possible there is some admins on both clamav.org and yahoo.com that learn new things of what not to do yahoos fault is to use dmarc reject on things that is public usage in life but if both parties does not care much on this prolem it will not be fixed i hate to see my dkim fails on maillists when its not my fault CC: to you so you can test how bad my setup is ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav users break dkim signed mails
On 2016-05-30 08:07, Andreas Schulze wrote: It's simply a matter of doing it. Don't hurt: see http://dovecot.org/list/dovecot/2014-June/096547.html and Timo can reject html mails in mailmanger, no need to break dkim/dmarc ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav users break dkim signed mails
On 2016-05-30 08:11, Dennis Peterson wrote: That is an unacceptable hack (removes functionality) for an unacceptable hack (DKIM). have you ever seen my dmarc pass ? if there is more then one way to make it, users choice the incorrect way ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fake mp3, real malware.
On 2016-06-06 18:12, Steven Morgan wrote: Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582. You are not authorized to access bug #11582. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fake mp3, real malware.
On 2016-06-06 21:39, Steven Morgan wrote: Sorry, try it now. solved https://bugzilla.clamav.net/show_bug.cgi?id=11156 fail ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 20:40, Joel Esler (jesler) wrote: http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html what ExtraDatabase is it in freshclam ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 21:11, Joel Esler (jesler) wrote: what ExtraDatabase is it in freshclam ? It’s not. It’s in the regular daily.cvd that you download from us. silly imho :( ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 21:30, Joel Esler (jesler) wrote: Why would it be silly to make life easier for millions of users? its is since users want choices why is SafeBrowsing not on pr default ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 21:52, Joel Esler (jesler) wrote: Nothing prevents anyone from using 3rd party sigs. We just want to incorporate 3rd party sigs into the official repo, for more coverage, for more users. If ClamAV has, say, 10M users, how many of those 10M do you suppose also run 3rd party sigs? I’d say less that 5%. marketing stats On Jul 13, 2016, at 3:36 PM, Axb wrote: My guess is that Benny doens't really mean "silly" but probably is his "special" way of saying that it would be nice to be able to opt-in to third party sigs. bravo 5% understand me :( ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 22:13, Joel Esler (jesler) wrote: All third party signatures have the name of the third party submitter in the signature itself. For example: * Win.Malware.Agent4285353149/CRDF-1 I understand what you are saying Benny, however, we’re rather err on the side of shipping more detection to protect users. just dont call it 3dr party then ExtraDatabase would have worked aswell ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 22:21, Joel Esler (jesler) wrote: It basically has to do with our how signature system works. so its complicated ? i still like to know why its 3rd party, and why its not just added in ExtraDatabase marketing stats dont intrest me SafeBrowsing is a option, why is 3dr party forced ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav-milter feature requst
make it possible to have policy banks in clamav-milter so eq one can have 3dr party signatures that just add header like it would do when accept virus, but lets be creative possible aswell make a PUA.pattern to accept or deny as virus so one policy bank for officiel signatures, and upto a random number of other policy banks as users see fit for there needs if that is aswell will be supported in clamd socket it will save alot of workarounds i think would it be possible to see that ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter feature requst
On 2016-08-04 19:15, G.W. Haywood wrote: make it possible to have policy banks in clamav-milter ... Are you sure that you mean clamav-milter? its what sendmail uses imho ? and if it happens there it works just what amavisd do with make some virus signature over to spam signature to be processed in spamscanner like spamasssassin reason for this is that make this clamav signature is that its more ram effitive then make native spamasssasin rules xsing fingers to see updates comming ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] daily sig 22066 and kaspersky site Html.Exploit.CVE_2016_3326-3
On 2016-08-11 10:18, ancien compte wrote: i'v forgot :) wget -qO- http://www.kaspersky.fr/internet-security/ | clamscan - stdin: Html.Exploit.CVE_2016_3326-3 FOUND hopefully thay read it here sooneer or later ? :=) i am not good at france so hopefully there webmaster can recieve mail ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] LibClamAV Error: yyerror(): test.yar line 6 undefined identifier "filename"
On 2016-08-11 19:32, Axb wrote: In that post aithor states: "I created some YARA rules that use the external variable „filename“ to work. LOKI and THOR use the „filename“ and other external variables by default." hmm... now how the heck do we get to happen with ClamAv? :) .. talking to myself... +1 try see foxhole rules, imho it can match filenames and sizes, but i wish it was more dokumented also logical signatures in clamav is very simple, just wish it was more dokumented try compiled yara rules with clamav, not source rules, dont know if that makes a diffrence for clamav ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Canot get to Virus Definition
On 2016-08-17 20:25, Young, Timothy R (IS) wrote: We operate in a classified environment and do not have internet access. So, we are limited to downloading and burning to DVD. so burn more then one DVD pr day ? what is the security of that ? thoos usb sticks where you are downloading, use freshclamd there as Joel tells you, and share that datafiles localy possible setup local mirror as described in docs ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Time to remove 209.198.147.20 from db.us RR
On 2016-09-13 23:18, Ted Hatfield wrote: I was unaware that server was still in the list. I sent an email last year asking to remove it. drop the dns hostname, hopefully clamav team does not use ip addresses :( think about dual stacking ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] bugzilla security certificate
Steve Basford skrev den 2016-12-07 17:42: Just a quick one... in case it confuses visitors to Bugzilla... +1 Going to https://bugs.clamav.net/ well spotted ssl error Firefox reports: "bugs.clamav.net uses an invalid security certificate. The certificate is only valid for bugzilla.clamav.net Error code: SSL_ERROR_BAD_CERT_DOMAIN" hopefully clamav.net knows how to make it right You can bypass the warning if desired. worst advise you ever have giving here ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] bugzilla security certificate
Joel Esler (jesler) skrev den 2016-12-07 18:10: Thanks Steve, I’ve opened a ticket for review. using http:// redirect to the one that works, nice :=) simply kill that dns is the fastest solutiion ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav-milter and unofficial sigs
is it possible currently to accept 3dr party virus in clamav-milter ? eq: OnUnofficial Accept where default is Rejct like OnInfected ? this will make clamav-milter more flexible using currently here clamav from github head ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?
On December 29, 2016 13:06:51 "Steve Basford" wrote: https://bugs.clamav.net/show_bug.cgi?id=11708 still ssl error ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
