Re: [clamav-users] detecting executables named as text files as attachments in mails

Hello, I require to detect mails having executables for ex: exe files but named as .txt files Is it possible through clam? Yes. ClamAV does not rely on file extension. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a

Re: [clamav-users] Scanning multiple uploads at the same time

, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Writing signatures for ClamAV antivirus since 2006

Re: [clamav-users] Simple text email scan occasionally takes many minutes

s the minimum. 8Gb is even better. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Tw

Re: [clamav-users] Img.Packed.PngContainsDownloadCmd-6786216-0 virus definition

Hello, Img.Packed.PngContainsDownloadCmd-6786216-0 has been dropped. If you use the latest signatures from ClamAV official, you should not be worried about that. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a

Re: [clamav-users] Reference a normalized variable name without hardcoding a specific one?

Hello Kris, [...] > /(n\d+).htmldomstuff;function(\1);/ > > Do any of Clam's signature types support something like this? I use : 6e3?3?3? that matches n000, n003, n024, n781 ... -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3

Re: [clamav-users] Slow PDF Scanning pt 3.

! I'm waiting for that ! -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @Secur

Re: [clamav-users] official document for creating signatures ?

Le 30/03/2023 à 12:23, newcomer01 via clamav-users a écrit : Hello Arnaud, does this help? https://docs.clamav.net/manual/Signatures.html kind greetings Marc Thank you Marc ! Have a good day ! -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0

[clamav-users] official document for creating signatures ?

Hello, Where is the official document for creating signatures ? https://www.clamav.net/doc/latest/signatures.pdf -> 404 https://github.com/Cisco-Talos/clamav/blob/main/docs/signatures.pdf -> 404 -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone :

Re: [clamav-users] clamdscan: show clean files?

@sigil:/$ time find /usr/share/doc/texinfo -type f -exec clamdscan --fdpass --no-summary {} + | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real    0m0,343s user    0m0,004s sys 0m0,047s Disk cache hits. -- Cordialement / Best regards, Arnaud

Re: [clamav-users] clamdscan: show clean files?

Hello, However, this might work for you: find /tmp/files -type f -exec clamdscan --no-summary {} + Faster with parallel command : find /tmp/files -type f |parallel clamdscan --no-summary {} -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0

Re: [clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

://tracker.debian.org/pkg/clamav -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom

Re: [clamav-users] [EXTERNAL] Re: Off Line Signature updates.

, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Writing signatures for ClamAV antivirus since 2006

Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?

regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Writing signatures for ClamAV antivirus

Re: [clamav-users] ClamAV scan time improvement

y and subdirectories, I suggest the following : find /my_path -type f | parallel clamdscan -mi --fdpass --no-summary {} -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Fac

Re: [clamav-users] ClamAV on RHEL9 with FIPS enabled

Hello, Oct 24 12:07:45 rhel9test clamd[46661]: ERROR: Can't allocate memory You do not have enough RAM. Do you have, at leaset 8Gb ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web :

Re: [clamav-users] ClamAV-milter and JSON attachments

Hello Milos, infected by Archived_JS.UNOFFICIAL UNOFFICIAL means this signature has not been created by ClamAV official. You should find who published this signature, and ask them. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81

Re: [clamav-users] Getting 1020 error when curling

forward proxy and tried to curl myself, I got a 1020 error, When I do it with wget, I got 403 error. Any idea why ? Do not use curl. Do not use wget. Use freshclam. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a

Re: [clamav-users] FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).

t; ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-list

Re: [clamav-users] ignore yara rule

av-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInf

Re: [clamav-users] --config-file= bug

clamd daemon in memory. So I hope your settings in clamd_custom.conf about TCPSocket is different than 3310. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook

Re: [clamav-users] Malware found on datadog folder in centos. Is it false-positive?

regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Signatures for ClamAV antivirus : http

[clamav-users] ERROR: listdb: Error listing database /var/lib/clamav/daily.cvd

/var/lib/clamav/daily.cvd Tryed to delete /var/lib/clamav/daily.cvd then freshclam. Database test passed successfully. And still get the problem. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web :

Re: [clamav-users] IP List for Virus Definition Domain

all over the planet. Couldflare public IPs are avalaible : https://www.cloudflare.com/ips/ -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://ww

Re: [clamav-users] .cvd Downloads?

sible. Is there a way to get one's hands on these? https://packages.microsoft.com/clamav/ -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://ww

Re: [clamav-users] Broken media detection

with the filename/extension. For me, and for ClamAV, it is not an image. Verify with "file" command line tool : #file agam.jpg agam.jpg: data -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com S

Re: [clamav-users] Broken media detection

format is strictly correct (even if the datas of the image are corrupted). Please advise . You should send your sample to https://www.clamav.net/reports/malware -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securi

Re: [clamav-users] vistumbler as false positive

ler_v10-7.exe> > > Looks like this is (vistumbler) detected as false positive. and On Thu, 8 Apr 2021, Arnaud Jacques wrote: > At first look, ClamAV is not the only one that flags it as malware : > https://www.virustotal.com/gui/file/071921ede559082

Re: [clamav-users] vistumbler as false positive

s Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.secur

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

that trigger the warning -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfo

Re: [clamav-users] Detection rate

/stats_malwares_internet.shtml The page is in french, but you can use Google traduction : https://translate.google.com/translate?sl=fr&tl=en&u=https://www.securiteinfo.com/attaques/hacking/stats_malwares_internet.shtml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone

Re: [clamav-users] signature for cve2017-11882

cve2017-11882. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom

Re: [clamav-users] (no subject)

Hello, I’m using clamwin antivirus on windows server 2003 but now I can’t update anymore. You probably can use ClamAV for Windows (https://www.clamav.net/downloads) and start learning how it works in command line. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com

Re: [clamav-users] Can’t allocate memory error

-summary {} -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom

Re: [clamav-users] Looks like we've gotten a new variant of Emotet getting through...

do not publish the signature I created and I gave you, I'd be happy to know why. I have several generic signature ready to give you if you are agree to publish them. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mai

Re: [clamav-users] Looks like we've gotten a new variant of Emotet getting through...

Hi, ... or you can use SecuriteInfo signatures. The lastest emotet malwares variant are already detected today. More information at http://ow.ly/LqfdL -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com

Re: [clamav-users] [EXTERNAL] clamav scan of changed files

ool, the fastest way I found is : find /data -type f -mtime -7 |parallel clamdscan -mi --fdpass --no-summary {} -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.

Re: [clamav-users] 回复: Way to access .cvd file

s://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-m

Re: [clamav-users] Way to access .cvd file

v.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteIn

Re: [clamav-users] own hex-based rules do not match if more complex strings are used

lamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https:

Re: [clamav-users] Clamscan signature scan report

/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site

[clamav-users] clamav website down ?

Hello, Is it me of Clamav website is down ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom

Re: [clamav-users] clamsubmit error 500

It works now. Thank you. Le 01/05/2020 à 18:43, Joel Esler (jesler) via clamav-users a écrit : Interesting, please try again? I'm not able to replicate the issue. On 5/1/20, 12:42 PM, "clamav-users on behalf of Arnaud Jacques" wrote: Hello Joel, Every time.

Re: [clamav-users] clamsubmit error 500

Hello Joel, Every time. Le 01/05/2020 à 17:46, Joel Esler (jesler) via clamav-users a écrit : Does it happen every time, or just once? On 5/1/20, 10:42 AM, "clamav-users on behalf of Arnaud Jacques" wrote: Hello, Using clamsubmit, I got : Unexpected POST submi

[clamav-users] clamsubmit error 500

Hello, Using clamsubmit, I got : Unexpected POST submit response code: 500 -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com

Re: [clamav-users] Scanning files with ClamAV on Windows

o.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook :

Re: [clamav-users] DB updates of (only) securiteinfo.hdb failing since last nite (Failed to load new database: Malformed database). what's up?

Hello, last nite my ClamAV instance's DB update attempts (via freshclam) started failing for just "securiteinfo.hdb" This was due to a disk full on our side. Sorry for that. This has been resolved now. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo

Re: [clamav-users] How to purge a CustomDatabaseURL File from clamav completely?

ither: 1. Whitelist the file (if it's static)  or 2. Whitelist the signature(s) ... And report the false positive to the ClamAV team? All false positives from SecuriteInfo.com signatures should be sent to webmas...@securiteinfo.com. Thank you. -- Cordialement / Best regards, Arna

Re: [clamav-users] Why virus definition DB download url is not https?

build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com

Re: [clamav-users] Sigtool problem

--unpack-current=daily -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom

Re: [clamav-users] A better zip bomb

: Heuristics.Limits.Exceeded FOUND --- SCAN SUMMARY --- Known viruses: 8748540 Engine version: 0.101.4 Scanned directories: 1 Scanned files: 3 Infected files: 3 Data scanned: 169.38 MB Data read: 53.22 MB (ratio 3.18:1) Time: 396.918 sec (6 m 36 s) -- Cordialement / Best regards, Arnaud Jacques

Re: [clamav-users] Automated submissions to third party databases?

, and also contact you off-list. Good ! Thank you very much. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/Secur

Re: [clamav-users] Automated submissions to third party databases?

e results of this processing, in any format and by any means, to anyone who'd like to have that information.  Once set up, it could do it all in real time, without manual intervention at my end. Any takers? Sure, could you please send spam/phishing/malwares to malw...@surfezsanspub.fr ? Th

Re: [clamav-users] clamsubmit error

Hello Jerry, It works now for me (clamsubmit compiled from 0.102.0-beta sources). It seems older version does not work anymore. Le 13/08/2019 à 15:02, Jerry via clamav-users a écrit : On Mon, 12 Aug 2019 16:43:23 +0200, Arnaud Jacques stated: Same error message with 0.102.0-beta and 0.101.2

Re: [clamav-users] clamsubmit error

Same error message with 0.102.0-beta and 0.101.2 Le 12/08/2019 à 16:36, Joel Esler (jesler) via clamav-users a écrit : How about now? On Aug 12, 2019, at 3:40 AM, Arnaud Jacques wrote: Hello Joel, clamsubmit compiled from source from clamav-0.102.0-beta and from clamav-0.100.3 get same

Re: [clamav-users] clamsubmit error

and server ? Datas submitted ? Server side error ? Le 09/08/2019 à 07:53, Joel Esler (jesler) via clamav-users a écrit : We’re looking into this Arnaud. Sent from my  iPad On Aug 8, 2019, at 11:09, Arnaud Jacques wrote: Hello Micah, Still got the same error on each submitted file. Le

Re: [clamav-users] clamsubmit error

I am running command in root user. Files are read/write access. What's wrong ? Thank you. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securite

[clamav-users] clamsubmit error

rovided by clamav.net/presigned. Unable to continue submission.invalid cfduid and/or session id values provided by clamav.net/presigned... etc ... I am running command in root user. Files are read/write access. What's wrong ? Thank you. -- Cordialement / Best regards, Arnaud Ja

Re: [clamav-users] Freshclam seems locked and can not be unlocked.

process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https

Re: [clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & clamav-milter, : Probe for slot 1 returned: failed

On the positive side, you do have the 'Last-Modified' header so at least a client isn't always re-downloading an unchanged file. Fortunately, yes :) -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@secur

Re: [clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & clamav-milter, : Probe for slot 1 returned: failed

EINFO securiteinfoold.hdb It is a good idea to upgrade this script on our systems. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

v.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a

Re: [clamav-users] SecuriteInfo.com.Spam-12370

it should never happen again. I hope so ! -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/13287252

Re: [clamav-users] Andr.Dropper.Shedun-6840512-0 false positive ?

Hello, Btw, Andr.Dropper.Shedun-6840810-0 has same problem. Le 04/06/2019 à 09:11, Arnaud Jacques a écrit : Hello, For me, Andr.Dropper.Shedun-6840512-0 seems a false positive : VIRUS NAME: /tmp/daily/daily.ldb:Andr.Dropper.Shedun-6840512-0 TDB: Engine:51-255,FileSize:4096-16384,Target:0

[clamav-users] Andr.Dropper.Shedun-6840512-0 false positive ?

ik/system/DexClassLoader;Ljava/io/BufferedOutputStream;Lja As far as I know, DexClassLoader and BufferedOutputStream are legit Java/Android classes, and not malware related. What do you think about ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44

[clamav-users] PUA.Andr.Trojan.Mobidash-6888313-0

SIGNATURE: @-_1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/Securi

Re: [clamav-users] Faux positif ClamAV

ngine version: 0.100.3 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 26.12 MB Data read: 17.59 MB (ratio 1.48:1) Time: 114.523 sec (1 m 54 s) Are you up-to-date ? What is your version of Clamav ? What is your version of signature databases ? -- Cordialement / Best rega

Re: [clamav-users] virus/malware risk level

regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Securiteinfo.com La Sécurité Informatique - La

Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU

Hello Clark, Running for 525 minutes at >90% CPU seems not good.  Causes noticeable delay in command line activity for all users. Could you please send us the result of these command lines : cat /proc/cpuinfo free -m Thank you -- Cordialement / Best regards, Arnaud Jacques Gérant

[clamav-users] 403 on clamav-virusdb webpage

Hello, This link generates 403 error code : https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb What's wrong ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web :

Re: [clamav-users] PDF Scanning

the Windows port as we're running in Windows? Many thanks, David On Thu 11 Apr 2019, 19:35 Arnaud Jacques, <mailto:webmas...@securiteinfo.com>> wrote: David, Here is an example : Create a file pdf.ndb in your clamav signatures directory (usually /var/lib/clamav

Re: [clamav-users] PDF Scanning

Many thanks, David -Original Message- From: clamav-users On Behalf Of Arnaud Jacques Sent: Thursday 11 April 2019 18:27 To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] PDF Scanning Hello David, Le 11/04/2019 à 19:20, David Hendrick a écrit : Hi there, Does anyone know if there&#x

Re: [clamav-users] PDF Scanning

ect PDF containing "OpenAction" and "Javascript" or "JS" you will have a lot of false positives. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securitei

Re: [clamav-users] Scan very slow

created a *huge* ign2 file and it crashed clamd. Ign2 files may not be appropriate to ignore tons of signatures. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Fa

Re: [clamav-users] Malformed pattern daily.ldb version 25410

Hello, sigtool --find-sigs Doc.Trojan.Agent-6923124-0 | sigtool --decode-sigs I don't understand why this signature is so long, and why it is based on always changing variables. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76

Re: [clamav-users] freshclam -V output

fice 425-305-2269 *From: *clamav-users on behalf of Arnaud Jacques *Reply-To: *ClamAV users ML *Date: *Thursday, March 14, 2019 at 9:43 AM *To: *"clamav-users@lists.clamav.net" *Subject: *Re: [clamav-users] freshclam -V output *[External Email]* ** Hello Sean, Le 14/03/2019 à 13:53,

Re: [clamav-users] Slow reload

res on low performance CPU (VMs, embeeded systems, old hardware, ...) Could you please tell us the CPU you use ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebo

Re: [clamav-users] Slow reload

. You can test the time to reload without this file. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom

Re: [clamav-users] Scan very slow

clamd.conf) Maybe more usefull options using : clamscan --help|grep max I guess you can play with such options to optimize your scan. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site w

Re: [clamav-users] Scan very slow

(2886 files extracted and scanned from this PDF). -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom

Re: [clamav-users] Database updated over unencrypted connection?

working for official signatures. 3rd party signatures provide hash based checksum files. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://ww

Re: [clamav-users] Database updated over unencrypted connection?

rs Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.secur

Re: [clamav-users] freshclam -V output

stamp. Any thoughts on this? It happens when the virus database is not (already) loaded in memory and/or when clamdscan client cannot connect to clamd daemon (tcp or socket problem). -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46

Re: [clamav-users] broken link

Corrected. Le 10/03/2019 à 02:44, Thomas McCourt (tmccourt) via clamav-users a écrit : Those links should of been corrected Friday ( yesterday), are you still having the issue ? On Mar 6, 2019, at 4:53 AM, Arnaud Jacques wrote: Hello, https://www.clamav.net/documents/doc is broken. Link

[clamav-users] broken link

Hello, https://www.clamav.net/documents/doc is broken. Link found at https://www.clamav.net/documents/miscellaneous-faq. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https

Re: [clamav-users] possible to use clamscan to search for strings in mail?

e, may be) "bytecode signature" = "keyword" Sounds good? A link to a howto will be appreciated. Yes it is possible. Please see the official documentation : https://www.clamav.net/documents/creating-signatures-for-clamav -- Cordialement / Best regards, Arnaud Jacques Gérant

Re: [clamav-users] ClamAV freshclam third-party signatures support?

://www.securiteinfo.com/clients/customers/signup). -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom

Re: [clamav-users] Using clamav to test for bad links in incoming emails

net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46

Re: [clamav-users] pwdb files still supported ?

neer Malware Research Team On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques mailto:webmas...@securiteinfo.com>> wrote: Hello, It seems .pwdb files does not work since version 0.100.2 (may be since 0.100.0). It has this format : cat passwords.pwdb ZipPassw

[clamav-users] pwdb files still supported ?

protected by the "infected" password. Manually unzipped, ClamAV is enable to detect the malware. Is the format of .pwdb files has changed since 0.100.x ? Is it still supported on recent ClamAV version ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphon

[clamav-users] 2 false positives

/3280cfb299d7e42753556a4524fe8187808dafae266cc44dfce32b3dc2525d70/analysis/1548074954/ -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages

Re: [clamav-users] is clamav.securiteinfo.com no more?

x27;m surprised that you haven't observed it before, but I posted it publicly as a PSA to anybody else who might be subscribed to this list. Sorry if you were offended by my doing so. Sent from my iPad -Al- On Dec 4, 2018, at 21:08, Arnaud Jacques wrote: Did you speak the official voice

Re: [clamav-users] is clamav.securiteinfo.com no more?

empts use such tools. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom

Re: [clamav-users] is clamav.securiteinfo.com no more?

Hello Dennis, Yes it is dead since years. It has been replaced by this : http://ow.ly/LqfdL Le 05/12/2018 à 04:09, Dennis Peterson a écrit : I don't see a dns response for that site and logs show no recent connection. dp -- Cordialement / Best regards, Arnaud Jacques Géra

Re: [clamav-users] Question about sending sample process

ClamAV. And some 3rd party signatures can help to get full detection : https://sanesecurity.com http://ow.ly/LqfdL -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com

[clamav-users] freshclam crash (0.101.0 beta win x64)

taire n° 4: c87c37e806231de5493af5ecfbde894a -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/1328725234922

Re: [clamav-users] could it help...

https://sanesecurity.com/usage/signatures/ Maybe the best point is to submit samples to ClamAV that are not detected by anyone ? Btw, be sure to submit *malwares* to ClamAV. Malware collections like VirusShare contains a lot of false positives... -- Cordialement / Best regards, Arnaud Jacques Gér

Re: [clamav-users] whitelist with clamav-milter

/services/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages

Re: [clamav-users] secure download of .cvd files ?

-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.sec

Re: [clamav-users] secure download of .cvd files ?

Le 31/08/2018 à 11:00, Henrik Hoeg Thomsen1 a écrit : Do clamav offer a encrypted download alternative to the unencrypted http based wget used to update the signatue database? May be : https://packages.microsoft.com/clamav/ Should be enough reliable. -- Cordialement / Best regards, Arnaud

  1   2   3   >