when, and is used to facilitate the configuration of subsequent
installations should you ever run the same installer again, or attempt to
install an older version on top.
Best regards,
Mark
> On 17 Dec 2024, at 1:27 pm, Eric Tykwinski via clamav-users
> wrote:
>
> Kortschnoi,
atal runtime error: failed to initiate panic,
error 5
I just wanted to pass this along, in case anyone has any insight or
interest.
Mark
--
Mark G Thomas , KC3DRE
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.cl
ing found the issue. A single entry into
a file and restart the protection program that has been blocking access.
Regards
Mark.
On 09/08/2023 03:42, Tachibanaki Nozomi (橘木 希美) wrote:
Hi Mark,
thank you for your reply.
I checked the environment with the command you suggested.
The er
775:
sudo chmod 775 /var/lib/clamav
Get information on the directory owner/group and permissions:
ls -ld /var/lib/clamav
I hope this helps you get further.
Regards
Mark.
On 07/08/2023 08:40, Tachibanaki Nozomi (橘木 希美) wrote:
Thank you for your reply.
I tried creating a vscan service account
Al will probably be along shortly to correct me (he's quite good at tracking
down when items were added to the DB), but as far as I know, the only way is to
search the archive of posts to the clamav-virusdb mailing list.
https://lists.clamav.net/pipermail/clamav-virusdb/
Mark
&
ck to previous values.
There's no mention of the change to the maximum file size in the man pages for
either clamd clamd.conf or clamscan.
Mark
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailma
This may be
happening to you... I added a Windows Defender exclusion form the clamav
database directory and the updates subsequently succeeded.
- Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/lis
Macintosh; Intel Mac OS X 10.15; rv:98.0) Gecko/20100101
Firefox/98.0"
This won't work for database updates (as has been covered many times on this
list) but does appear to work for downloading sources...at least for now ;)
Mark
___
clam
Hi,
On Sun, Oct 31, 2021 at 08:32:00PM -0400, Michael Orlitzky via clamav-users
wrote:
> On Sun, 2021-10-31 at 13:05 -0400, Mark G Thomas wrote:
> >
> > Has anyone else had similar experiences recently?
>
> Not recently per se, but it happens. Do you limit the number of sc
lamav-daemon.service failed.
--
Mark G. Thomas , KC3DRE
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
Hi Max,
Please be aware that at present, ClamAV can't scan files above 2G
because of internal variable limitations.
If your ZIP files are around 2G then this may be the limit you are
encountering.
Regards
Mark.
On 04/10/2021 09:37, Max Allan via clamav-users wrote:
Thanks La
s various other things to think about
relating to configuration setup which MAY find total documentation
useful. The web site serves that purpose very well. Meanwhile, the
conf_examples directory contains a very useful starting point for anyone who
may actually start from that container (zip or ot
operate normally in my environment and are
now in production. If anything surprising happens, I’ll raise the problem here.
* Mark Pizzolato
From: clamav-users
mailto:clamav-users-boun...@lists.clamav.net>>
On Behalf Of Joel Esler (jesler) via clamav-users
Sent: Thursday, August 19, 202
-users@lists.clamav.net/msg50957.html
Regards
Mark.
On 06/08/2021 10:14, Andrew Watkins via clamav-users wrote:
On 05/08/2021 10:53, Henrik K wrote:
On Sat, Jul 24, 2021 at 08:17:19PM +, Micah Snyder (micasnyd) via
clamav-users wrote:
No problems on Solaris 11.4.32.0.1.88.3 (SPARC
e CLAMAV_USER changes or setting CLAMAVUSER in the
documentation are also needed for 0.103.x.
Regards
Mark.
On 05/08/2021 03:07, Micah Snyder (micasnyd) wrote:
Thanks for patch #2. Very good eye catching the CLAMAV_USER and CONFDIR
variable issues.
I've updated the PR with the
gone wrong.
Regards
Mark.
On 31/07/2021 13:03, Micah Snyder (micasnyd) via clamav-users wrote:
Hi all,
I could use your opinion about a change we'd planned to make in 0.104.
By request, I'd made this pull request to change the default directory
for the config files from /e
OS, it is set to
'-lbz2' for autotools but I don't know why it is being set and no other
dependent libraries are there.
I would expect it to be a list of all dependent libraries used when
linking with libclamav.
Regards
Mark.
On 29/07/2021 00:54, Micah Snyder (mic
system
time stamps).
Regards
Mark.
On 29/07/2021 00:53, Micah Snyder (micasnyd) via clamav-users wrote:
Hi All,
For the past couple of months I’ve been promoting the idea of having
Long Term Support (LTS) feature releases for ClamAV within internal
Talos communications.
For the
d being messed with by idle
hands!
I'll get back to you once I've got the VM set up.
Mark
PS. Would you rather take this off-list?
> On 27 Jul 2021, at 11:25 pm, Micah Snyder (micasnyd)
> wrote:
>
> Mark:
>
> I’m sorry about breaking your scripts. For what it’s wo
Please do.
On 28/07/2021 22:02, Micah Snyder (micasnyd) wrote:
Will do. Thanks for the fix. Ok if I add you to the acknowledgements section
of the news?
-Original Message-
From: Mark Fortescue
Sent: Wednesday, July 28, 2021 1:59 PM
To: Micah Snyder (micasnyd) ; ClamAV users ML
Hi Micah,
Please can you submit it for me - I don't have an account.
Regards
Mark.
On 28/07/2021 21:55, Micah Snyder (micasnyd) wrote:
Mark,
This is amazing! Thanks!
If you have an account on GitHub, can you submit this as a PR? If not, I can
submit one for you.
Regards,
Hi again,
After a bit of digging around, I have updated CMakeLists.txt to fix this
issue and another minor issue.
See attached patch.
This may not be the correct solution but at least it generated the
correct entries on clamav-types.h.
Regards
Mark.
On 28/07/21 19:10, Mark
with 64bit numbers.
Any ideas on how to implement a quick fix ?
Regards
Mark.
On 28/07/21 01:14, Mark Fortescue wrote:
Hi again,
I needed to read all of the INSTALL.md file not just the top bit.
Got the cmake build to work and the binaries test OK.
Not as user friendly as configure
something wrong or at least opened in an editor to
see what it is actually doing. Not sure where to start if cmake does not
do what it is meant to do.
Regards
Mark.
On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:
Hi all,
I have two curl installations. One is not suitable
a conversion from
all the configure script options to there cmake equivalents. Is there a
way of getting cmake to display all the variables that can be set
(equivalent to ./configure --help) ?
Regards
Mark.
On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:
https
hassle of starting setting up a new OS and
fixing all the distribution bugs/annoyances that get installed with each
new OS all over again.
Regards
Mark.
On 27/07/2021 16:30, Joel Esler (jesler) via clamav-users wrote:
On Jul 27, 2021, at 11:27 AM, Paul Kosinski via clamav-users
s odd to change the whole build process without at least saying
what the benefits are.
...and don't get me started on the official recommendation to use Homebrew on
macOS.
Regards
Mark
> On 26 Jul 2021, at 4:35 pm, Rick Cooper wrote:
>
> And what, exactly, is the reason for mo
rk if they are to work properly in
the presence of symlinks.
It should be reported as a test suite bug.
Regards
Mark.
On 26/07/2021 09:43, Andrew C Aitchison via clamav-users wrote:
On Mon, 26 Jul 2021, Frans de Boer wrote:
Here's y
Hi Kaushal,
You have a small configuration error in you systemd/clamd setup.
Not sure if it is the best way but try:
sudo cp -p /etc/clamd.d/scan.conf
/etc/clamd.d/server.conf
Regards
Mark.
On 19/07/2021 19:47, Matus UHLAR - fantomas wrote:
On 20.07.21 00:08, Kaushal Shriyan via
ed will be something in 'certs'.
Ged/others may know which specific pem/crt files are needed to get
freshclam to play ball. I don't.
I am sorry that I can't help much further as my x86 LFS dist is not
available at the moment so I can't replicate the issues.
I hope th
Thanks. I haven't seen further error reports since around the time you
sent this.
-mm- (but there's always tomorrow)
On Thu, Jul 15, 2021 at 02:32:39AM +, Micah Snyder (micasnyd) via
clamav-users wrote:
> Hi Mark,
>
> I think I know what happened on your system.
On Wed, Jul 14, 2021 at 11:55:06PM +, Micah Snyder (micasnyd) via
clamav-users wrote:
...
>
> But it seems 0.103 has a second bug where it will patiently wait until
> it's at least 2 versions behind before it downloads the whole CVD
> database. This behavior is supposed to happen when
According to the man page (and freshclam.conf) "ScriptedUpdates" is what ClamAV
calls the mechanism for performing daily incremental updates via cdiff files
rather than downloading the whole cvd.
Are you providing cdiff files for both main.cvd and daily.cvd or just the cvd
files?
Re
Hi Joel,
Will you be posting scripted updates for main.cvd and daily.cvd or just the new
cvd files in their entirety? I seem to remember processing the cdiff files
caused a lot of problems for people the last time main.cvd was updated.
Mark
> On 13 Jul 2021, at 3:05 pm, Joel Esler (jes
Hi Michael,
How much free user disk space do you have ?
I had this sort of problem when I ran out of disk space.
The database files need to be uncompressed to apply the daily diffs so
you need at least 3 Gig of user disk space free in the database directory.
Regards
Mark.
On 08/07
uot;legitimate" messages while I'd always want to stop the ContainsMacros
case. By "legitimate" here, I'm not saying that whatever heuristic is being
interpreted incorrectly, but merely that real email from legitimate senders
is being sent to users who ex
Hi Rémy,
This is not a cloudflare issue. This is an EOL issue.
You need to update to the latest version of clamav. If the latest
pre-built version is 0.99 then you will probably have to learn to build
from source.
Regards
Mark.
On 10/03/2021 16:49, Rémy DODIN via clamav-users wrote
I've never seen any problem with freshclam's memory footprint.
On my Windows box, freshclam runs taking up all of 2.6MB.
Clamd, on the other hand sucks down 1.4GB.
There is no need to run clamd for the situation you are dealing with.
On Friday, March 5, 2021 at 10:45 AM, Joel Esler wrote:
>
for the complainers out there
ClamAV is *FREE*
I have checked into other Linux security apps. and they are roughly $138
On Fri, Feb 19, 2021 at 12:09 PM Paul Kosinski via clamav-users <
clamav-users@lists.clamav.net> wrote:
> https://www.safetydetectives.com/best-antivirus/linux/
>
> _
t;
>
> >On Tue, Jan 5, 2021 at 9:36 PM David Copeland
> wrote:
> >> You might have a look at:
> >>
> >>
> >>
> https://www.clamav.net/documents/installation-on-debian-and-ubuntu-linux-distributions
>
> >> On 2021-01-05 2:29 p.m., Mark Bur
Hello,
I downloaded the tar.gz for Clamav, then gunzipped it, then moved it to its
own directory and un tarred it. Now I have a directory full of files and no
idea how to get clamav installed.
New to Linux
using Ubuntu 20.04 in a Virtual box environment.
Thank you,
Mark B
e only bits you need to work about are keeping the
'ldb' extension, and ensuring the files are in the correct location with the
correct ownership and permissions.
Mark
> On 14 Dec 2020, at 8:33 pm, Sandeep Talla wrote:
>
> Hi All,
>
> We have ClamAV installe
number of 16kb blocks,
then it should be counting at least 0.016384 MB (or 0.015625 MiB) for
tiny files. By normal rounding rules this should display as 0.02 MB/MiB.
On Tue, 3 Nov 2020 17:50:18 +
Mark Fortescue via clamav-users wrote:
> Hi all,
>
>
u not just round up by adding (BlockSize - 1) bytes when setting
the block variables ?
Regards
Mark.
On 03/11/2020 16:07, Paul Kosinski via clamav-users wrote:
"This is a display problem, not a storage problem."
I disagree. When the counts in info.blocks and info.rblocks are
Hi Tsutomu,
How much memory is available on your AIX system ?
Recommendations vary but I think the general rule will be you need
4GBytes or more for any server that has to do more than just run Clamd.
Anything less that 2GBytes is going to be very slow or fail.
Regards
Mark.
On 31
Hi,
Have you tried C:\\Windows or C:/Windows.
Just a thought.
Regards
Mark.
On 23/10/2020 19:46, Marcy Rogers via clamav-users wrote:
Ged
Thank you for the advice.
When I installed Clamav for Windows, the install places the Clamav in
the c:\program files.
I followed the instructions
system are suitable for
scanning.
Regards
Mark.
On 11/09/2020 17:39, Royce Souther via clamav-users wrote:
I setup *clamd* running as the clamscan user. I have *clamonacc* running
as root.
I was not able to get *clarmonacc* to use syslog so I pass it a log file
path argument. It is
unlinkat() functions to understand the differences with the regular
versions.
Parsing paths is not always the easiest thing to do but the learning
curve can be useful.
Regards
Mark.
On 16/07/2020 22:22, Kevin A. McGrail via clamav-users wrote:
Hi, I have an old system I'm comp
urprising that a signature can bring down clamd though.
Hope the above is useful.
Best regards
Mark
> On 5 May 2020, at 6:28 pm, Micah Snyder (micasnyd) wrote:
>
> Mark,
>
> It probably won’t make much difference, though there is a possible slow scan
> time issue in pcre2 1
Hi Micah,
Al is correct, we're using 10.32. I see 10.34 is now available, so I'll compile
against that when I get a chance and see if it makes any difference.
Mark
> On 5 May 2020, at 6:25 am, Al Varnell via clamav-users
> wrote:
>
> Micah,
>
> Looks to be 10.
Hi James,
Glad that seems to have helped.
Al and others are correct that the distro should be updated to use pcre2, but
I'm not convinced that's the root of the problem. We're seeing the issue with
that signature despite already using pcre2 in our build.
Mark
> On 2 May 20
. It hasn't crashed since we started excluding it from the
DB.
Mark
> On 1 May 2020, at 7:15 am, James Brown via clamav-users
> wrote:
>
> Getting lots of crashes of clamd. No indication of an issue in the clamd.log.
>
> Installed via Homebrew.
>
>
the value returned by fseek(). It should
be returning 0.
If the cast works then it would be a good idea to try and make 'size'
and 'pad' 'unsigned long' instead of 'unsigned int'.
Hope this helps.
Regards
Mark.
On 21/03/2020 13:41, Pierluigi F
from clam-update.log:
--
ClamAV update process started at Fri Feb 7 06:57:01 2020
daily database available for update (local version: 25716, remote
version: 25717)
Testing database:
'/usr/local/share/clamav/tmp.e1a28/clamav-19a0fec778f453c2ae9e9c0a247a66ca.t
Hi All
Looking back at the clamd.log shows a change in the test file name from:
OLD:
stream(127.0.0.1@1611): Eicar-Test-Signature FOUND
NEW:
stream(127.0.0.1@1556): Clamav.Test.File-7 FOUND
So i suspect that clamdmon is looking for the older name and can't find
it. Can this be fixed please?
Hi All,
As of daily.cld update 25717 my clamdmon process no longer works
although clamd still shows an ok status and clamd.log is showing
stream(127.0.0.1@1957): Clamav.Test.File-7 FOUND.
Advise please!
Thank you,
~Moshe
___
clamav-users maili
d help find any buffer overruns but it
does take a bit of getting use to for first time users.
There are more primitive approaches for finding buffer overruns but you
would need to be vary familiar with the SSL and freshclam source code
for these.
Regards
Mark.
On 30/11/19 02:54,
Well, I don't want to change permissions on 30 million files to make
this work. Seems like the wrong thing to do.
On 11/11/2019 12:05 PM, G.W. Haywood via clamav-users wrote:
Hi there,
On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote:
... need onaccess scanning but ..
squash, it doesn't have permissions to view a user's home directory
contents.
Am I missing something?
-Mark
--
Mark Parker - SGL Network Administrator
Applied Research Laboratories : The University of Texas at Austin
(512) 835-3768 / mpar...@arlut.utexas.edu
smime.p7s
its temporary files as this will is likely to cause issues.
I hope that this helps clarify some of the issues.
Regards
Mark.
On 19/10/19 20:20, Ian via clamav-users wrote:
On Oct 19, 2019, at 10:58 AM, G.W. Haywood via clamav-users
wrote:
Hi there,
On Sat, 19 Oct 2019, Ian via
risk from malicious software.
Regards
Mark.
On 07/10/19 18:38, J.R. via clamav-users wrote:
Steve Basford:
So, is the above hash still relevant or should it moved into archived.hsb,
which by default doesn't load ?
I would *guess* the ClamAV team would have a *little* more detailed of
a
Hi Jeff,
Looks like Apparmor may be stepping in and preventing access. Have you
checked that Apparmor has been changed to give clamd the required
permissions ?
Regards
Mark.
On 03/09/2019 22:01, Jeff Blaine via clamav-users wrote:
Hello all,
I'm experiencing something o
risk of upsetting other users.
It is never a good thing to install new software that you are not
familiar with on a live system without first trying it out on a test
system.
Regards
Mark Fortescue
On 26/07/2019 16:29, Edouard Guigné wrote:
Hello again,
I read the docs from the
from several hours to just 47 minutes.
Thank you!
Mark
On Thu, 18 Apr 2019 at 09:46, Al Varnell via clamav-users <
clamav-users@lists.clamav.net> wrote:
> Looks like all Phish.Phishing.REPHISH_ID_... signatures were dropped by
> daily-25423 today.
>
> -Al-
>
> On Apr 17, 2019
Hi Micah,
Sorry to pester you, but have you any update on when the remaining
Phishtank signatures will be getting removed? It would be really great to
get scan times properly back to normal.
Best regards
Mark
On Tue, 9 Apr 2019 at 16:32, Micah Snyder (micasnyd)
wrote:
> Mark,
>
>
&
tures in the DB:
$ sigtool --find Phishtank | wc -l
3968
Can I request that those ones also be removed please?
Best regards
Mark
On Sun, 7 Apr 2019 at 14:43, Micah Snyder (micasnyd)
wrote:
> Tim,
>
>
>
> There are a couple of ways for users to drop specific categories of
> sign
Already tried that.
Mark
On Fri, 5 Apr 2019 at 14:20, Joel Esler (jesler) wrote:
>
> On Apr 5, 2019, at 09:13, Mark Allan via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Also CC'ing Micah directly as the mailing list would appear to be offline
&g
the longest it has ever taken to scan this volume (cf my previous
email of 25th March)
Is there anything that can be excluded?
Best regards
Mark
On Mon, 1 Apr 2019 at 17:11, Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:
> Thanks Oya for the updat
Cheers Steve,
In the interest of completeness, here's the scan from today (TXT from DNS:
0.101.1:58:25399:1553509741:1:63:48528:328) showing a marked improvement in
scan time, although at 6m 7s it's still almost twice what it used to be.
Mark
On Mon, 25 Mar 2019 at 12:56, Steve Basf
.
Hopefully this helps someone to narrow things down a bit.
Mark
dd/mm/yy duration DNS Txt
5/2/19 3m 14s TXT from DNS: 0.101.1:58:25351:1549376940:1:63:48440:328
6/2/19 3m 20s TXT from DNS: 0.101.1:58:25352:1549466941:1:63:48444:328
11/2/19 3m 20s TXT from DNS: 0.101.1:58:25356:1549837740:1:63:48460
Thanks Ralph,
The URL error has been corrected now.
/Mark
On 14/3/19 4:39 pm, Ralph Seichter via clamav-users wrote:
>> https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users returns
>> "403 Forbidden".
>
> I should probably mention that the above URL is
emails are generated from with my office and are unlikely to contain malware.
I'm wondering how legit this is and whether to actually go through and remove
hundreds of message from user's mail folder or to set .ign2 to ignore this
signature.
--Mark
Hey folks,
Signature "Osx.Trojan.EmPyre-6852410-0
<https://www.virustotal.com/gui/search/clamav%253A%2522Osx.Trojan.EmPyre-6852410-0%2522>"
is generating an FP against a file signed and distributed by Apple.
File hash is
c81d0180cbfa858d6f3faf445514cbb53675d4f469beaa5638eb95
We are using 0.100.2 release, I’m not sure where the .93 is coming from. The
IP is a private IP address in our ICP environment.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
21:08:23 2018
Using IPv6 aware code
Querying current.cvd.clamav.net <http://current.cvd.clamav.net/>
———— SNIP ———
Thanks in advance for any help
Mark Johnson
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-b
child etc. and should also have logging.
It would have to be built into 'clamd' as 'clamd' should already be
doing things to become a demon process and this additional 'fork' would
need to be after all that has been done.
Regards
Mark.
On 21/09/18 09:49,
Hi,
Good grief! Yet another. So much for Malware patrol!
# sigtool --find-sigs MBL_13497693| sigtool --decode-sigs
VIRUS NAME: MBL_13497693
DECODED SIGNATURE:
https://drive.google.com
Mark
On Fri, Aug 31, 2018 at 06:25:10PM +0100, Steve Basford wrote:
>
> On 31 August 2018 17:52:26
Hi,
And YET ANOTHER today. I figured others here might want the heads up.
[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool --decode-sigs
VIRUS NAME: MBL_13226139
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url
-Mark
On Wed, Aug 29, 2018 at 09:12:34PM +0100, Steve Basford
has a simlar service: safelinks.protection.outlook.com
It seems to me there are all sorts of negative consequences to altering
message content in this way, however that's poor excuse for adding such
URLs to a publically distributed virus filter rule.
Mark
On Tue, Aug 28, 2018 at 07:45
Hi,
But, there are more. This is nuts.
# sigtool --find-sigs MBL_13112740 | sigtool --decode-sigs
VIRUS NAME: MBL_13112740
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url
Mark
On Mon, Aug 27, 2018 at 07:41:27PM +0100, Steve Basford wrote:
> Just whitelisted for th
[1]malwarepatrol.net.
> -Al-
> On Mon, Aug 20, 2018 at 08:34 PM, Alex wrote:
>
> Hi, fyi
> # sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
> VIRUS NAME: MBL_12952716
> TARGET TYPE: ANY FILE
>
/etc/clamsmtpd.conf /etc/clamd.conf
Restart chamad ...
Regards
Mark.
On 23/07/18 09:26, Aziz wrote:
Thanks Mark for your feedback.
It seems that the file doesn't exist at all, here is the output :
/*[root@mail /]# find /etc -name "*clam*.conf" -print
/etc/clamd.d/cla
One option to try, as root, run the command:
find /etc -name "*clam*.conf" -print
Most likely the file is in /etc/clamav
Regards
Mark.
On 23/07/18 09:04, Aziz wrote:
Hi users,
I'm trying to install Clamav in my Centos 7 to use it with Postfix,
however I can'
--- Begin Message ---
On 15/05/2018 12:57, Todd Aiken via clamav-users wrote:
> Just wondering why for the past few days is every message
> that is sent to the list appearing as an attachment underneath a
second message?
Is it not-entirely-working-properly DMARC mitigation?
--
Mark R
Looks like the problem actually stems from a new #define in
"freshclam/freshclamcodes.h". Change the value of FC_UPTODATE from 1 to 0
and you'll get the old/correct functionality. Patch below.
Cheers
Mark
diff -Naurw freshclamOrig/freshclamcodes.h freshclam/freshclamcodes.h
--
> On 8 Mar 2018, at 9:08 am, Tilman Schmidt wrote:
>
> What definitely isn't fine is this endless griping about how people
> should phrase their questions differently, know more than they do, have
> read this and that (blindly assuming that they hadn't) and so on which
> contributes exactly not
Rather than whitelisting, you could add something like cmbx$ to your exclude
settings. You would do this either by passing the appropriate command line
argument to clamscan or by tweaking your clamd.conf file.
Mark
> On 1 Mar 2018, at 11:52 am, Emanuel wrote:
>
> Hello?
>
>
ocess?"
Mark
> On 28 Feb 2018, at 2:05 pm, Frank Elsner wrote:
>
> On Wed, 28 Feb 2018 12:52:42 + Mark Allan wrote:
>> Hi there,
>>
>> I just noticed that there don't appear to have been any updates to daily.cvd
>> since v24352 on Monday 26th, whi
ly released cvd
versions?
bash$ dig -t txt current.cvd.clamav.net +short
"0.99.3:58:24352:1519820940:1:63:47077:319"
Best regards
Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bi
ily-24262.cdiff of=daily-24262.gzip
Unpack the gzip file and you've got a plain text script file listing all the
changes.
Doing all that programmatically is left as an exercise for the reader ;-)
Mark
> On 29 Jan 2018, at 9:55 am, Al Varnell wrote:
>
> Just trying to figure out wh
on your blog.
Have plans changed, or is still coming today?
Best regards
Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https
cript from looking at these specific older messages. We'll see what
happens from there.
Thanks for your feedback.
--Mark
On Sun, 19 Nov 2017 14:52:36 -0800 Al Varnell wrote:
> It's a vulnerability that impacts Adobe Acrobat and Reader for Windows and
> Macintosh, specifically a C
idate will be
provided.
THX --Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.
/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S!MAIL:InvoiceETT3600920.doc!...!(3)ZIP:docProps/core.xml:
Doc.Dropper.Agent-6374331-0 FOUND
I'll go ahead and submit my file anyway, in case this is something different.
--Mark
-Original Message-
From: Steven Morgan
?
(To where should I submit a sample of this attachment?)
--Mark
-Original Message-
From: Mark Foley
Date: Wed, 15 Nov 2017 13:18:23 -0500
Organization: Novatec Software Engineering, LLC
To: clamav-users@lists.clamav.net
I'm having this same issue. The problem as I see it is that the .do
format somewhere in
> > the office document structure, _not_ as a encrypted zip file.
> >
> > So ArchiveblockEncrypted won't block encrypted Word documents.
> >
> >
> > Regards,
> >
> > Kees Theunis
s". I'm continuing to research this.
--Mark
On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel wrote:
> Other virus not detected
>
> https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f78103d2e87bd4331654bc65c0daeb176dd/detection
>
>
> El 14/11/17 a las 09:52, Em
On Wed, 15 Nov 2017 18:37:36 +0100 (CET) Kees Theunissen
wrote:
>
> On Wed, 15 Nov 2017, Mark Foley wrote:
>
> >On Wed 15 Nov 2017 01:14:00 -0800 Al Varnell wrote:
> >
> >>On Tue, Nov 14, 2017 at 07:45 AM, Mark Foley wrote:
> >>> I found this older me
On Wed 15 Nov 2017 01:14:00 -0800 Al Varnell wrote:
>On Tue, Nov 14, 2017 at 07:45 AM, Mark Foley wrote:
>> I found this older message in the archives. I'm receiving a lot of fake
>> "Invoice" messages with attached encrypted .doc files that run VB scripts and
>
off
> by default)
Is that a typeo? Did he mean "you can turn ArchiveBlockEncrypted on in
clamd.conf"? Seems like turning this "off" would NOT block encrypted files.
THX --Mark
-Original Message-
> Date: Wed, 5 Apr 2017 21:19:47 +0200
> From: Reindl Harald
1 - 100 of 424 matches
Mail list logo
