Re: [clamav-users] EICAR signature not working

David, To find the Signature: $ sigtool --find-sigs Eicar-Signature | sigtool --decode-sigs I'm guessing the typo on your file is on purpose here. -Original Message- From: clamav-users On Behalf Of David Morton via clamav-users Sent: Monday, February 17, 2025 2:43 PM To: ClamAV users M

Re: [clamav-users] Uninstalling clamAV on macOS

Kortschnoi, I just did a fresh install on a blank drive: /Library/Receipts/com.cisco.ClamAV.* /usr/local/clamav/* That should be all the files installed that I can see. -Original Message- From: clamav-users On Behalf Of Kortschnoi via clamav-users Sent: Tuesday, December 17, 2024 5:15

[clamav-users] Slow PDF Scanning pt 3.

are used after tags are parsed. And neither DP nor DecodeParms are in `pdfname_actions`, so they are not affecting state. Slow PDF scanning has been a known problem for 3 years, and it would be nice to see it addressed in a new patch soon. Again, I’m happy to provide more detail

[clamav-users] Slow PDF scanning, pt.2

/5f934c16b47591157a7082b71e751c45f095e2c8/libclamav/pdf.c#L1580, we see references to parameters, but they are used after tags are parsed. And neither DP nor DecodeParms are in `pdfname_actions`, so they are not affecting state. Please check on this. Happy to provide more information. Best, Eric

[clamav-users] Slow PDF scanning

(1 m 35 s) Start Date: 2024:02:06 22:58:43 End Date: 2024:02:06 23:00:18 Thought this might be helpful for investigations. BTW, do we have an update on if this issue with slow PDF scanning will be fixed soon? Best regards, Eric CONFIDENTIALITY NOTICE: This

Re: [clamav-users] Bitdefender Antivirus Plus slows down my computers to a crawl

Honestly, this is actually a good question. I would have normally suggested Cisco's windows free endpoint software: https://www.immunet.com/ But as you can see, they are stopping support at the beginning of next year. Window's built-in Defender is usually good enough for me, but Cisco might have

Re: [clamav-users] Needed to whitelist Email.Phishing.RPMSG_Downloader-10004958-0

Taken care of… I think it only uploaded the one sample, but I think all three were just test emails send by the MS customer. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 11, 2023, at 5:30 PM, Micah Snyder (micasnyd) > wrote: > > You can submit FP reports t

[clamav-users] Needed to whitelist Email.Phishing.RPMSG_Downloader-10004958-0

f you need headers or anything let me know. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help

Re: [clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

ublished > > No. Ubuntu package maintenance is separate from Debian's. > > Scott K For those interested, David Gonzales just released the patches to security-proposed on Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2007456 Sincerely, Eri

Re: [clamav-users] Question Exception Rule

I contact to get an exemption for ClamAV ("Heuristics.Phishing.Email.SpoofedDomain")? > This in my case is an absolutely legitimize sender (my Bank). It's in the documentation: https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format > Regards > Marc Si

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Al, > From: clamav-users On Behalf Of Al > Varnell via clamav-users > Sent: Thursday, December 15, 2022 9:20 AM > To: ClamAV users ML > Cc: Al Varnell > Subject: Re: [clamav-users] How many viruses/malware is clamav protecting us > from? > > I don't believe I understand your question. Ar

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Michael, Here’s the update mailing list: https://lists.clamav.net/mailman/listinfo/clamav-virusdb Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Michael Kyriacou via clamav-users Sent: Thursday, December 15, 2022 9:10 AM To: ClamAV

Re: [clamav-users] GCP Management

Ged, I think he's talking about the Google Marketplace images, like AWS images. Personally instead of relying on a third party to setup the vm, I would just setup a quick docker instance and use the official ClamAV image. https://hub.docker.com/r/clamav/clamav Sincerely, Eric Tykwinski Tr

Re: [clamav-users] ClamAV Action is not working on WHM/cPanel

Joel, As far as I know it should be managed by cPanel, but I haven’t run it in ages. My suggestion would be to ask here: https://forums.cpanel.net/ > On Oct 13, 2022, at 4:49 PM, Joel Esler via clamav-users > wrote: > > I am betting that Inmotion is running an old

[clamav-users] Anyone running a cluster on K8s?

—reload to the service to hit them all? Any guidance would be appreciated. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users

Re: [clamav-users] Please help

Jan, Look in clamd.conf for something like: LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 or TCPSocket 3310 TCPAddr xxx.xxx.xxx.xxx Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users

Re: [clamav-users] Permanently banned from clamav

tails going through SSL CAs, web transactions, et al… CGNAT on ip4 wouldn’t surprise me, as I’ve personally seen issues with other CDNs, Netflix, Disney+, et al…. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 2, 2022, at 1:57 PM, G.W. Haywood via clamav-users > wro

Re: [clamav-users] Off topic question...

Ged, > Hi there, > > On Wed, 29 Jun 2022, Eric Tykwinski via clamav-users wrote: > >> Any one have an abuse contact for Cisco IronPorts hosted service? >> >> Customer of ours received a phishing email from a Cisco client but >> wasn't sent by them, at le

[clamav-users] Off topic question...

Any one have an abuse contact for Cisco IronPorts hosted service? Customer of ours received a phishing email from a Cisco client but wasn't sent by them, at least that what I'm being told. Sincerely, Eric Tykwinski TrueNet, Inc. P: 61

[clamav-users] How to stop receive messages.

Dear Sir, I don't want to receive any posted messages. Please tell me how to stop it. Thanks. Best regards, Eric. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us bu

Re: [clamav-users] DoD/IL4/Federal use case

Department of Defense (United States) Impact Level 4 It’s a grading system that should say what the requirements are to reach that level. I honestly have no clue what the requirements are, but they should be listed on the site. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429

Re: [clamav-users] Virus not detected

Jorge, There are a lot of alternative signatures. Sanesecurity: http://sanesecurity.com/ Malware Patrol: https://www.malwarepatrol.net/clamav-configuration-guide/ or you can use something like clamav-unofficial-sigs: https://github.com/extremeshok/clamav-unofficial-sigs > On Mar 21, 2022, at 4:

Re: [clamav-users] human friendly signatures

Steve, I like the idea, but why the hex; hex? Just thinking about my recent issues with direct deposit phishing emails from gmail.com and they are written probably by people, so I can’t really hash it, and have to regex it. > On Mar 16, 2022, at 5:10 PM, Steve Basford > wrote: > > On 16 Marc

Re: [clamav-users] Current replacement for --max-ratio?

Ged, When did clamav start scanning iso files? I just tried this and found a eicar.txt file, so yes it does work. For email, I always just blocked iso extensions. Still doesn’t like MacOS cdr extensions, but a great improvement. Sincerely, Eric Tykwinski > On Jan 14, 2022, at 6:21 PM,

Re: [clamav-users] Does ClamAV scan attachments embedded in .msg files

mail and decode attachments. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Andreas Wittig Sent: Friday, January 14, 2022 6:17 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Does ClamAV scan attachments embedded in .msg files

[clamav-users] stuck at "Starting Clam AntiVirus Daemon" when rebooting.

CaJUwwSA?e=KKeYf1 BR, Eric. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0

, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Dan Jaap via clamav-users Sent: Friday, September 10, 2021 12:31 PM To: clamav-users@lists.clamav.net Cc: Dan Jaap Subject: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0 Can someone explain what the

Re: [clamav-users] How to uninstall the ClamAV 0.104?

Thanks Ged. G.W. Haywood via clamav-users 於 2021年8月4日 週三 下午11:00寫道： > Hi there, > > On Wed, 4 Aug 2021, Eric Jin via clamav-users wrote: > > > I tried to uninstall the clamav 0.104 per the link: > > https://docs.clamav.net/faq/faq-uninstall.html but I can't find

[clamav-users] How to uninstall the ClamAV 0.104?

Hi, I tried to uninstall the clamav 0.104 per the link: https://docs.clamav.net/faq/faq-uninstall.html but I can't find the install_manifest.txt. What's the problem with it? Thanks. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lis

Re: [clamav-users] Cannot ignore BC.Gif.Exploit.Agent-1425366.Agent

Guys, Found the file causing the issue. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/tests/test-images/gif-test-suite/max-width.gif Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Orion Poplawski via clamav-users

[clamav-users] Opinion?

to notify the sender right away. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive Cl

Re: [clamav-users] clamav-freshclam service issue

You could also just delete file # rm /etc/cron.d/clamav-update but I imagine it will be there on next update. On 7/5/2021 11:53 AM, Eric Broch wrote: Freshclam doesn't start because databases are now updated by cron job '/etc/cron.d/clamav-update' in 'freshclam.servic

Re: [clamav-users] clamav-freshclam service issue

, it showed the log without any issue, but when I ran toaststat it stopped. On Fri, Jul 2, 2021 at 12:17 PM ChandranManikandan <mailto:kand...@gmail.com>> wrote: Hi Eric, Am running Centos 7 64 Bit with the Qmailtoaster system. Usually update through the command lin

Re: [clamav-users] clamav-freshclam service issue

# cat /etc/freshclam.conf Show output on list. On 7/1/2021 2:46 AM, ChandranManikandan via clamav-users wrote: Hi Folks, I have updated the below packages through the webmin panel. Jul 01 13:27:50 Updated: clamav-filesystem-0.103.2-2.el7.noarch Jul 01 13:27:51 Updated: clamav-lib-0.103.2-2.el7

Re: [clamav-users] clamav-freshclam service issue

# cat /usr/lib/systemd/system/clamav-freshclam.service send output along On 7/1/2021 2:46 AM, ChandranManikandan via clamav-users wrote: Hi Folks, I have updated the below packages through the webmin panel. Jul 01 13:27:50 Updated: clamav-filesystem-0.103.2-2.el7.noarch Jul 01 13:27:51 Updated

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

read: 144370.49 MB (ratio 0.18:1) Time: 7685.714 sec (128 m 5 s) Start Date: 2021:06:16 03:15:16 End Date: 2021:06:16 05:23:22 G.W. Haywood via clamav-users 於 2021年6月16日 週三 下午10:47寫道： > Hi Eric, > > On Wed, 16 Jun 2021, Eric Jin via clamav-users wrote: > > G.W. Haywood via clamav-us

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

27; '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate&#

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

.localdomain systemd[1]: Unit clamd@scan.service entered failed state. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service failed. BR, Eric. G.W. Haywood via clamav-users 於 2021年6月16日 週三 下午2:43寫道： > Hi Eric, > > On Wed, 16 Jun 2021, Eric Jin via clamav-user

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

-specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CON

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

Hi Ged, I finished the installation and configuration according to these commands in the link:https://www.opencli.com/linux/rhel-centos-install-clamav. BR, Eric. G.W. Haywood via clamav-users 於 2021年6月15日 週二 下午6:40寫道： > Hi there, > > On Tue, 15 Jun 2021, Eric Jin via clamav-us

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain...

fo Actual underlying link: https://click.o.delta.com/u/?qs=1568763c78f67b6cdcd44df9cfac10c6bdd8a68c567c4d04238da45d4092cc1adeef2f53a3a8c4248f7140f92bd80fb33b830537983d2ad07ed440f137dd0226 If you ask me, that deserves to be quarantined. For Sendmail, it should be something like "sendmail -q" I would definitely look it up in the man pages, as I've been using po

Re: [clamav-users] SSN question

oth. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Matus UHLAR - fantomas Sent: Tuesday, April 6, 2021 12:03 PM To: clamav-users@lists.clamav.net Subject: [clamav-users] SSN question Hello, I see that I can enable

[clamav-users] Heuristics.Phishing.Email.SpoofedDomain...

Just a heads up. I noticed a bunch of American Express Statements in our quarantine. My guess is because they are using m.amex and go.amex links in the emails. DKIM and SPF pass so these definitely seem to be legit AMEX emails. >From address is "American Express" Sincerely, E

Re: [clamav-users] Linode Clam AV Updates

subscribing to these providers irl. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 19, 2021, at 7:52 PM, Joel Esler (jesler) via clamav-users > wrote: > > Linode is our second biggest abuser. > > Slow your updater down. > > Sent from my  iPhone &

[clamav-users] Exchange attacks...

…. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

quick: https://www.reddit.com/r/qnap/comments/dcnjzo/clamav_virus_definition_downloads_failing/ <https://www.reddit.com/r/qnap/comments/dcnjzo/clamav_virus_definition_downloads_failing/> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 7, 2021, at 5:48 PM, Joel Esler (je

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

I’ve got a QNAP at my house. Looks like it’s fine on the newest version: v4.5.3.1594 Given it’s outdated, but that doesn’t surprise me much: ClamAV 0.102.2/26100/Sat Mar 6 07:05:22 2021 Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 7, 2021, at 4:29 PM, Eero Voloti

Re: [clamav-users] ClamAv help

ntined to a ~/Documents/Quarantine/ directory so if a file simple went missing I would know where it was from and where it went to. P.S. Have a good new year everyone... Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 31, 2020, at 6:52 PM, Jay A. Schoon via clamav-users >

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

incerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Orion Poplawski Sent: Wednesday, December 23, 2020 1:11 PM To: ClamAV users ML Subject: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0 Can anyone give me some details a

Re: [clamav-users] Looks like we've gotten a new variant of Emotet getting through...

rite my own signatures if I need to. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV

Re: [clamav-users] Looks like we've gotten a new variant of Emotet getting through...

Sorry to bother, but do you guys want raw emails or just the payload Word Docs? I just sent payloads, since they are real emails with responses and a virus attached. I can however scrub the raws and send a few of those as well. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

[clamav-users] Looks like we've gotten a new variant of Emotet getting through...

I'm going to start posting a few to https://www.clamav.net/reports/malware Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/lis

Re: [clamav-users] Fwd: MacOS ClamAV Configuration Errors

Sorry just noticed the last line. If you want to use check, you’ll need to install it. #brew install check After that, it should build fine... From: clamav-users On Behalf Of eric-l...@truenet.com Sent: Wednesday, November 11, 2020 3:57 PM To: 'ClamAV users ML' Subject: R

Re: [clamav-users] Fwd: MacOS ClamAV Configuration Errors

Wayne, Since it looks like you are using homebrew, why not just install that: eric@Erics-Mac-Pro ~ % brew info clamav clamav: stable 0.103.0 (bottled), HEAD Anti-virus software https://www.clamav.net/ /usr/local/Cellar/clamav/0.103.0 (62 files, 448.2MB) * Poured from bottle on 2020-09

Re: [clamav-users] Standard list of exclusions and a private docker registry

I agree with Ged on scanning a Docker registry, what I would be more worried about is software versions especially when pulling from something like Docker Hub. I've personally started playing around with VMware's integrated containers which do vulnerability scans, but I'm sure there's probably some

Re: [clamav-users] How to package source into .pkg for mac installer to mass deploy via MDM?

good for desktop users, and without something like ClamTK, I just don't see the need. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Micah Snyder (micasnyd) via clamav-users Sent: Thursday, September 24, 2020 8:34 PM To: Cl

Re: [clamav-users] How to package source into .pkg for mac installer to mass deploy via MDM?

Probably not relevant too much to the list, but you'll need a developer certificate, and check out pkgbuild from X-Code. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Emil via clamav-users Sent: Thursday, September 24, 2

Re: [clamav-users] Anyone have a good script for encrypted zip Emotet files?

Ged, > Hi Eric, > > > On Tue, 22 Sep 2020, Eric Tykwinski wrote: > > > >> I started writing my own, but of course I'm not catching them all. > > > > If you could let me have some samples (complete messages) I could take > > a look to see what

[clamav-users] Anyone have a good script for encrypted zip Emotet files?

I started writing my own, but of course I'm not catching them all. Example of my YARA file is here: https://pastebin.com/MKTbKiNX If anyone is willing to share a more comprehensive rule I would appreciate it. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429

Re: [clamav-users] Services Difference & Memory Utilization

whitelisted. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Sep 14, 2020, at 8:17 PM, bobby via clamav-users > wrote: > > What is a good vps provider to use then if not DO? > > On Mon, Sep 14, 2020 at 7:10 PM Eric Tykwinski <mailto:eric-l...@truenet.com>> wr

Re: [clamav-users] Services Difference & Memory Utilization

… Use TalosIntelligence.com <http://talosintelligence.com/> before you purchase a VPS for email, it’ll probably save you a lot of hassle. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Sep 14, 2020, at 6:50 PM, G.W. Haywood via clamav-users > wrote: > > Hi ther

Re: [clamav-users] Is ClamAV On-Access Scanning model applied on Windows?

omo/fswatch Works well for that case. Example: /usr/local/bin/fswatch -0 $HOME | xargs -0 -n1 -I {} /usr/local/bin/clamdscan -i --move=$HOME/Documents/Quarantine {} Says it can do Windows as well, but I've never attempted it and looks like it's needs Cygwin, which I wouldn't want

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.0 release candidate

Congrats guys, non-blocking was a long awaited improvement on my end… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Aug 18, 2020, at 5:57 PM, Joel Esler (jesler) via clamav-users > wrote: > > >> >> https://blog.clamav.net/2020/08/clamav-0103

Re: [clamav-users] ClamAV Database update issue

ClamAV Database update issue Hi Eric, Thanks for your reply but the ip posted here belongs to San Francisco will Issue in LA cause issue in San Francisco as well? I find this little strange. Thanks, -- SUDHIR KUMAR MAHARJAN Associate IT Manager Deerwalk Services Pvt. Ltd. p:

Re: [clamav-users] ClamAV Database update issue

Check out CloudFlare status: https://www.cloudflarestatus.com/ If you are in the LA area, that could be a cause… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Sudhir Kumar Maharjan

Re: [clamav-users] How to determine virus database version from behind proxy?

dly, I don’t know of really any local DoH resolvers that can be used to scale, and I honestly don’t think it’ll last as long as I think most people think it will. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 9, 2020, at 6:20 PM, Eric Tykwinski wrote: > > Lol,

Re: [clamav-users] How to determine virus database version from behind proxy?

t; curl -H 'accept: application/dns-json' >>> 'https://dns.google.com/resolve?name=current.cvd.clamav.net&type=A' >>> >>> ... or even just: >>> >>> curl 'https://dns.google.com/resolve?name=current.cvd.clamav.net

Re: [clamav-users] How to determine virus database version from behind proxy?

You could query using DoH: #curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=current.cvd.clamav.net&type=TXT' > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of André Weidemann > Sent: Thursday, July 09

Re: [clamav-users] clamonaccess scanning doesnot see /tmp/eicar.com

0 lvm /var └─system-lv--tmp 253:602G 0 lvm /tmp sdb8:16 0 100G 0 disk └─sdb1 8:17 0 100G 0 part ├─datavg-lv--data 253:204G 0 lvm /data └─datavg-lv--audit 253:301G 0 lvm /var/log/audit [erirhe1d@gglvboft001 tm

[clamav-users] clamonaccess scanning doesnot see /tmp/eicar.com

king every 1800 seconds. clamd[4819]: SelfCheck: Database status OK. clamd[4819]: SelfCheck: Database status OK. clamonacc: ClamInotif: watching '/tmp' (and all sub-directories) Please tell me what i'm doing wrong ? Thanks in advance, Met vriendelijke groet, Eric van Rheenen L

Re: [clamav-users] Cannot install Clam AV on Ubuntu 16.04

Seriously, Nothing to do with ClamAV specifically, but RH/Cent is know to confuse the hell out of everyone with their wonderful retrograde back ports. So I’ve talked to ISC about Bind versions and they basically said ditch it… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On

Re: [clamav-users] eff.org.xpi false positive ? Mailing Lists/ClaMav/clamav-users x

Marcos, You can check out the signature for the HTTPS Everywhere extension on their page: https://www.eff.org/https-everywhere <https://www.eff.org/https-everywhere> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 25, 2020, at 2:50 PM, marcos sr via clamav-users

Re: [clamav-users] Email payload in .img container

vary in size but not near 4 GB… > Pretty much on par with size, a little bit bigger: 1.19 MB I’ve decided to just block them by extension for now, as I don’t think many of my customers will be emailing out ISOs or disk images directly at least. Sincerely, Eric Tykw

[clamav-users] Email payload in .img container

image container would it have even been caught anyways, even if it was detected? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/lis

Re: [clamav-users] messages in freshclam.log

This was mentioned here before, and I can't remember what the status was. For this example: A dig trace leads to: ping.clamav.net.86400 IN NS ns1a.clamav.net. ;; BAD (HORIZONTAL) REFERRAL dig: too many lookups #dig daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net

Re: [clamav-users] Elmedia Player.app detection

Found an article on it: https://www.intego.com/mac-security-blog/osxproton-malware-is-back-heres-wha t-mac-users-need-to-know/ From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Al Varnell via clamav-users Sent: Tuesday, December 10, 2019 11:25 AM To: ClamAV u

Re: [clamav-users] Use ClamAV to scan email in Plesk Ubuntu with Postfix

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of G.W. Haywood via clamav-users > Sent: Friday, October 04, 2019 11:52 AM > To: ClamAV Users Mailing List > Cc: G.W. Haywood > Subject: Re: [clamav-users] Use ClamAV to scan email in Plesk

Re: [clamav-users] Question

uction/clamav-0.102.0.tar.gz > Or my preference: https://github.com/Cisco-Talos/clamav-devel Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/list

Re: [clamav-users] False Positive for Txt.Coinminer.Generic-7132166-0

Brian, It’s a straight text search for 6 strings. Can’t send the decode because it will be caught in my outbound. # sigtool –find-sigs Txt.Coinminer.Generic-7132166-0 | sigtool –decode-sigs Doesn’t seem extremely likely for a lot of false positives to me, but ymmv. __

Re: [clamav-users] clamav-users Digest, Vol 174, Issue 2

Dexter, Something like ansible? Use ansible's homebrew module to install ClamAV, run a scan, than use the module again to uninstall. With something like Tower or AWX just schedule it out to run whenever you want on as many computers as you want. Problem would be the time to scan as each host wi

Re: [clamav-users] Linux viruses

Christopher, Run #sigtool –find-sigs Unix There are quite a few which I think apply to *nix in general. From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Christopher Draper via clamav-users Sent: Friday, June 28, 2019 3:49 PM To: clamav-users@lists.clamav.

Re: [clamav-users] Scanning on Mac without installation

a cron job as well for nightly scans, which it sounds like you were doing for windows, but it needs to be installed somewhere, and have file access. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On May 10, 2019, at 7:42 PM, Dexter Rivera via clamav-users > wrote: &g

Re: [clamav-users] Security 3310 SSL/TLS

I think most suggest using an SSH tunnel between server and host. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of David Hendrick Sent: Wednesday, April 10, 2019 1:19 PM To: clamav-users

Re: [clamav-users] Mailman web UI for ClamAV currently inaccessible

Typo in the URL: https://lists.clamav.net/mailman/listinfo/clamav-users Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Ralph Seichter via clamav-users > Se

Re: [clamav-users] Testing

EtpLAtz"; dkim-atps=neutral⁩ X-Smartermail-Totalspamweight: ⁨0 (Trusted Sender - User)⁩ Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-use

Re: [clamav-users] Using clamav to test for bad links in incoming emails

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Alessandro Vesely > Sent: Thursday, February 14, 2019 11:08 AM > > Shouldn't that be done with SA? > http://uribl.com/usage.shtml It really depends on your goal. For me I use ClamAV to

Re: [clamav-users] Using clamav to test for bad links in incoming emails

Check out SaneSecurity: https://sanesecurity.com/usage/signatures/ <https://sanesecurity.com/usage/signatures/> Specifically: phish, winnow_phish_complete_url I’m sure there’s others as well. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Feb 8, 2019, at 6:07 PM, Gen

Re: [clamav-users] Constant CPU Usage

Have you checked out clamdtop to see what’s being done? I usually see 1 core maxed on clamd. It’s a 2012 MacPro, so not a worry for me. Might want to change from fswatch to just a nightly scan if it’s too hard on the system. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

Re: [clamav-users] pcre2-devel needed?

s disabled, skipping [LibClamAV] cli_loadldb: logical signature for PUA.Java.Packer.Allatori-6687596-0 uses PCREs but support is disabled, skipping Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Marc

Re: [clamav-users] Qnap

version ClamAV 0.99.3/25342/Tue Jan 29 13:32:14 2019 [/etc] # cat version_info commit 534e5ce77871835b63da250f062677c7b924121f Date: 2018-11-13 21:44:40 +0800 ==== * QTS_4.3.5 remotes/origin/QTS_4.3.5 [/etc] # cat hosts 127.0.0.1 localhost 127.0.1.1 localhost 192.168.1.25 QNAP-NAS QNA

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

king at it. Definitely, I did hop on without all the facts and was just trying to figure out on the fly what’s going on, so my bad on that. When in doubt, I usually pull a pcap on a server. There’s a lot of factors that can come into play, but actually with clam only using

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

t; which gets posted to the logs when the file doesn’t exist. I’m not positive on this so Micah can chime in, but I do believe you get the cdiff files from the DNS TXT somehow. If anything it’s a good lesson on how exactly freshclam works. Sincerely, Eric Tykwinski_

Re: [clamav-users] Detecting Word docs with macros

o and or passwords. Thanks, just added badmacro.ndb, so hopefully that will help. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clam

[clamav-users] Detecting Word docs with macros

-microsoft-office-files-co ntaining-macro/ Anyone have a suggestion? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

il. So it looks like IAD updated at 14:14:30 GMT, but BOS didn’t update till 17:09:01 GMT from his email. From back in archives, I think he’s using wget to just pull the files, but freshclam would just pull the cdiffs and keep you up to date on the next check. Sincerely, Eric Tykwinski TrueNet,

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

LeAUL5hSpzj:neo:1544293134 So daily.cvd is being cached on cloudflare for the first update and you might need to be running a freshclam right after a new install since it’s out of date due to caching on cloudflare’s server. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

the source and use the updates, which pretty much is using freshclam. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 8, 2018, at 10:37 AM, Paul Kosinski wrote: > > Not sure what DNS caching would have to do with this. As I understand > "anycast", it hap

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

hat is still giving older records. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 7, 2018, at 6:20 PM, Paul Kosinski wrote: > > As some of you may be aware, ever since ClamAV began using Cloudflare, > we have seen many occasions when files like daily.cvd were not

Re: [clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

OCASE +-> DECODED SUBSIGNATURE: begir * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NOCASE +-> DECODED SUBSIGNATURE: Info.plist Eric Tykwinski ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mail

Re: [clamav-users] freshclam. Service exited with abnormal code: 1

Robert, Looking at the freshclam return codes, it's not a problem. https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/freshclam/freshclamcodes.h FC_UPTODATE = 1, So basically it means there was no changes. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -

  1   2   3   4   >