Re: [clamav-users] Question on sigtool memory usage

On Thu, 3 Oct 2024, Andrew C Aitchison via clamav-users wrote: On Wed, 2 Oct 2024, Mikhail Soumar via clamav-users wrote: Hello, We are using sigtool to decompile the standard clamav virus signature databases in a low-memory environment. However, the process is too short-lived for us to a

Re: [clamav-users] Question on sigtool memory usage

On Wed, 2 Oct 2024, Mikhail Soumar via clamav-users wrote: Hello, We are using sigtool to decompile the standard clamav virus signature databases in a low-memory environment. However, the process is too short-lived for us to accurately measure peak usage. Is there a way we can get an estimate

[clamav-users] Question on sigtool memory usage

Hello, We are using sigtool to decompile the standard clamav virus signature databases in a low-memory environment. However, the process is too short-lived for us to accurately measure peak usage. Is there a way we can get an estimate (or is it known and documented somewhere?) of how much memor

Re: [clamav-users] Question about future expected Main + Daily CVD size

via clamav-users Cc: Mikhail Soumar Subject: [clamav-users] Question about future expected Main + Daily CVD size Hello, Are there any guidelines or restrictions about what the size of the main and daily databases will look like in the future? I found this blog from 3 years ago (ClamAV® blog: Clam

Re: [clamav-users] Question about additional processing on Documents in Clamd Configuration File

ction. Regards, Micah Micah Snyder (they/them) ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Paul via clamav-users Sent: Thursday, June 27, 2024 3:28 PM To: clamav-users@lists.clamav.net Cc: Paul Subject: [clamav-users] Question

[clamav-users] Question about future expected Main + Daily CVD size

Hello, Are there any guidelines or restrictions about what the size of the main and daily databases will look like in the future? I found this blog from 3 years ago (ClamAV(r) blog: ClamAV, CVDs, CDIFFs and the magic behind the curtain

[clamav-users] Question about additional processing on Documents in Clamd Configuration File

Hello everyone, In the clamd.conf file there are several different document types (PDF, SWF, OLE2, etc.) that have an option for additional processing. For example: # This option enables scanning within PDF files. > # If you turn off this option, the original files will still be scanned, > but >

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

___ From: clamav-users mailto:clamav-users-boun...@lists.clamav.net>> on behalf of Mikhail Soumar via clamav-users mailto:clamav-users@lists.clamav.net>> Sent: Monday, June 17, 2024 9:06 PM To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

going and I really don't know what else to say about it. 🤞 Regards, Micah Micah Snyder (they/them) ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Mikhail Soumar via clamav-users Sent: Monday, June 17, 2024 9:06 PM To: clamav-user

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

On Tue, 18 Jun 2024, Mikhail Soumar via clamav-users wrote: We are a team from Microsoft Azure running ClamAV on small Linux VMs, and due to business and cost reasons we cannot use larger VMs. Peak memory usage of ClamAV is between 1.2GB and 1.5GB, which is unsustainable on our VMs, and we are l

[clamav-users] Question on ClamAV memory usage with respect to the signature database

Hello, We are a team from Microsoft Azure running ClamAV on small Linux VMs, and due to business and cost reasons we cannot use larger VMs. Peak memory usage of ClamAV is between 1.2GB and 1.5GB, which is unsustainable on our VMs, and we are looking for ways to reduce this. There are some tips

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

bject: Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool Large archive files may be the most obvious case, especially if things like disk images and installation images are included, but make sure that large multimedia files are also handled. In to

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

e it directly with ClamAV. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Vu, Hong-Duc V. via clamav-users Sent: Tuesday, November 14, 2023 10:49 AM Cc: Vu, Hong-Duc V. ; ClamAV users ML Subject: Re

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

Hi Micah, Is it going to be part of clamav or a different application entirely? Hong-Duc Vu From: Micah Snyder (micasnyd) Sent: Monday, November 13, 2023 3:33 PM To: Andrew C Aitchison Cc: ClamAV users ML Subject: Re: [clamav-users] Question About MaxFileSize / news of upcoming Large

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > ____ > From: Andrew C Aitchison > Sent: Thursday, June 8, 2023 6:25 PM > To: Micah Snyder (micasnyd) > Cc: ClamAV users ML > Subject: Re: [clamav-users] Question About MaxFi

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

mAV Development Talos Cisco Systems, Inc. From: Andrew C Aitchison Sent: Thursday, June 8, 2023 6:25 PM To: Micah Snyder (micasnyd) Cc: ClamAV users ML Subject: Re: [clamav-users] Question About MaxFileSize On Thu, 8 Jun 2023, Micah Snyder (micasnyd) wrote: > I agree

Re: [clamav-users] Question on Restriction of Clamscan Privileges

On Tue, 2023-10-17 at 19:53 +0200, Michael via clamav-users wrote: > Dear ladies and gentleman, > > I have a question about the linux clamscan permissions. > > Use clamdscan (NOT clamscan) with the --fdpass option. That will scan under the privileges of the clamd daemon by passing it a referenc

[clamav-users] Question on Restriction of Clamscan Privileges

Dear ladies and gentleman, I have a question about the linux clamscan permissions. By starting the clamscan from the linux desktop user - for example [user1] - it seems that clamscan gets the permissions as it was [user1], because it can remove infected files. Therefore, if this was right, it

Re: [clamav-users] Question About MaxFileSize

You are right. But more than that, merely *reading* a file will exercise such code. I wonder if anybody has devised a file which exploits such a kernel bug? (Shudder.) After I wrote my objection, I realized that to be even more safe, one should scan removable disks at the block level before mou

Re: [clamav-users] Question About MaxFileSize

--On Friday, June 09, 2023 6:40 PM -0400 Paul Kosinski via clamav-users wrote: I have on occasion heard of vulnerabilities in some archiving software, where the mere act of decompressing and extracting an archive can result in malicious code execution due to a bug in the archiving software. Af

Re: [clamav-users] Question About MaxFileSize

I must say I strongly disagree with the approach of feeding files contained in a big archive file one at a time to ClamAV. That's because an archive is *itself* a file. I have on occasion heard of vulnerabilities in some archiving software, where the mere act of decompressing and extracting an

Re: [clamav-users] Question About MaxFileSize

On Thu, 8 Jun 2023, Micah Snyder (micasnyd) wrote: I agree with you. I suspect the majority of cases today is when people have a large archive of files to scan. I think best case scenario for people with a need to scan files larger than the present internal 2GB limit is that archives larger th

Re: [clamav-users] Question About MaxFileSize

elopment Talos Cisco Systems, Inc. From: clamav-users on behalf of Andrew C Aitchison via clamav-users Sent: Wednesday, May 24, 2023 1:34 AM To: ClamAV users ML Cc: Andrew C Aitchison Subject: Re: [clamav-users] Question About MaxFileSize On Wed, 24 May 2023, Tachi

Re: [clamav-users] Question About MaxFileSize

On Wed, 24 May 2023, Tachibanaki Nozomi (橘木 希美) wrote: Dear Sir or Madam, Thank you for your help always. I am contacting you to ask about MaxFileSize in clamd.conf. The following description is found in the configuration of /usr/local/etc/clamd.conf. MaxFileSize # Technical design limitation

[clamav-users] Question About MaxFileSize

Dear Sir or Madam, Thank you for your help always. I am contacting you to ask about MaxFileSize in clamd.conf. The following description is found in the configuration of /usr/local/etc/clamd.conf. MaxFileSize # Technical design limitations prevent ClamAV from scanning files greater than # 2 G

[clamav-users] Question about EOL policy of regular (non-LTS) feature releases

Hello, While checking FAQ page of "ClamAV EOL Policy" (https://docs.clamav.net/faq/faq-eol.html), one question hits upon me. In the page EOL policy of regular (non-LTS) feature releases is described as following. -- Non-LTS feat

Re: [clamav-users] Question Exception Rule

I'm sure one of us could, but you need to tell us what the display and actual urls you want whitelisted first. Sent from my iPad -Al- On Dec 29, 2022, at 08:06, newcomer01 via clamav-users wrote: > Is it possible, that you assist me in this process? ___

Re: [clamav-users] Question Exception Rule

From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Eric Tykwinski <mailto:eric-l...@truenet.com> Gesendet / Sent: Donnerstag, Dezember 29, 2022 um 16:17 (at 04:17 PM) +0100 Betreff / Subject: Re: [clamav-us

Re: [clamav-users] Question Exception Rule

Marc, > -Original Message- > From: clamav-users On Behalf Of newcomer01 via clamav-users > Sent: Thursday, December 29, 2022 10:05 AM > To: ClamAV User Mailinglist > Cc: newcomer01 > Subject: [clamav-users] Question Exception Rule > > Hi @ all, > > who can

[clamav-users] Question Exception Rule

Hi @ all, who can I contact to get an exemption for ClamAV ("Heuristics.Phishing.Email.SpoofedDomain")? This in my case is an absolutely legitimize sender (my Bank). Regards Marc ___ Manage your clamav-users mailing list subscription / unsubscribe: h

Re: [clamav-users] question about a malware submission

Hello. I submitted it over a week ago, and got a response saying that "Our initial assessment has verified the sample as a threat & we will be publishing signatures for ClamAV," but neither the ClamAV scanner in Jotti nor the one in Virus Total detects it. You can verify for yourself; the SH

Re: [clamav-users] question about a malware submission

You should submit the suspected malware here: https://www.clamav.net/reports/malware — Sent from my  iPhone On Jun 22, 2021, at 22:01, vze1amckv--- via clamav-users wrote: Hello, I recently submitted a suspicious file via the ClamAV website submission form, and got a response back saying

[clamav-users] question about a malware submission

Hello, I recently submitted a suspicious file via the ClamAV website submission form, and got a response back saying that "Our initial assessment has verified the sample as a threat & we will be publishing signatures for ClamAV." But when I re-submit the file to virusscan.jotti.org or VirusT

Re: [clamav-users] Question regarding the 0.103.1 PNG bug fix

request a CVE or publish an advisory. -Micah From: clamav-users On Behalf Of Pierre Olivier KAPLAN Sent: Wednesday, March 3, 2021 5:12 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Question regarding the 0.103.1 PNG bug fix Hello, I have two question regarding the 0.103.1

[clamav-users] Question regarding the 0.103.1 PNG bug fix

Hello, I have two question regarding the 0.103.1 Releases Notes. In the bug fixes is mentionned an issue with some PNG parsing file causing a stack exhaustion. With isn't this categorized as a vulnerability, as it allows DoS attacks ? It is also mentionned that a signature exists to avoid t

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Hi Orion, Apologies for taking too long to respond. After some tests I was able to reproduce the FPs and target type 3 LDB signatures for Urlhaus have been updated and published and should not alert on legitimate files anymore. Please update your ClamAV database and if you still have some issues p

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Orion, I haven't been able to reproduce the FP with https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc.

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Lilia - Virus database is updated daily and updated last night. Still seeing one this morning: Virus Urlhaus.Malware.364328-9787819-0: https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Hi Orion! Those NBD signatures were updated at the beginning of the week and should not FP anymore. Please update your ClamAV db and let us know if the issue persists. Best regards, Lilia Gonzalez Malware Research Team Cisco Talos On Wed, Jan 6, 2021 at 4:59 PM Orion Poplawski wrote: > Lilia

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Lilia -   Thanks for the response.   We're seeing some others getting triggered as well:     Virus Urlhaus.Malware.490516-9766015-0:    10.21.2.5 https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt: 2 Time(s)    10.21.2.5 https://raw.githubusercontent.com/curbengh/urlhaus-fi

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Hi Orion! Thank you for reporting this. URLhaus is a partner that generates a list of ClamAV signatures to target malicious URLs. Signature Urlhaus.Malware.452652-9766253-0 looks for a malicious URL inside HTML files, which is why it is alerting on the URLs you mentioned. We found these FPs some w

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

RE: > aboveandbelow.com.au/cgi-bin/http:/sites/b4q7eajmmm2moxgkq/ > > Sincerely, > > Eric Tykwinski > TrueNet, Inc. > P: 610-429-8300 > > -Original Message- > From: clamav-users On Behalf Of > Orion Poplawski > Sent: Wednesday, December 23, 2020 1

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Orion Poplawski wrote: Can anyone give me some details about the Urlhaus.Malware.452652-9766253-0 signature? We're seeing following URLs trigger it: https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

incerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Orion Poplawski Sent: Wednesday, December 23, 2020 1:11 PM To: ClamAV users ML Subject: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0 Can anyone give me some details a

[clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Can anyone give me some details about the Urlhaus.Malware.452652-9766253-0 signature? We're seeing following URLs trigger it: https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt https://gitcdn

Re: [clamav-users] Question about clamAV dependencies

Sorry, I forgot to mention that we run ClamAV in a container, so I think it makes sense that it doesn't have installed systemd as it is a single process. Thanks so much for the replies. On 10/12/20 08:45, "G.W. Haywood via clamav-users" wrote: Hi there, On Wed, 9 Dec 2020, Ttito Con

Re: [clamav-users] Question about clamAV dependencies

Hi there, On Wed, 9 Dec 2020, Ttito Concha, Darwin via clamav-users wrote: On 09/12/20 18:53, "Andrew C Aitchison" wrote: On Wed, 9 Dec 2020, Ttito Concha, Darwin via clamav-users wrote: > ...openSUSE...zypper install clamav, which ask to install 27 dependencies. > I would like to know if

Re: [clamav-users] Question about clamAV dependencies

Hi Andrew, thanks for the quick reply. I am using it to scan any type of file that is uploaded to our server. Regards, Darwin On 09/12/20 18:53, "Andrew C Aitchison" wrote: On Wed, 9 Dec 2020, Ttito Concha, Darwin via clamav-users wrote: > Hi Team, > > Currently I am using Cl

[clamav-users] Question about clamAV dependencies

Hi Team, Currently I am using ClamAV in openSUSE. So to install it I run zypper install clamav, which ask to install 27 dependencies. I would like to know if all these dependencies are needed, since I tried to install clamAV only by installing two of these dependencies: libclammspack0, libclam

Re: [clamav-users] Question

Sent from my iPad On Jan 12, 2020, at 16:49, Mason, Aj via clamav-users wrote: > I have to update definitions on my offline Linux file and I needed assistance > with how to copy the files to my Linux system. I have already downloaded all > three files already. Is there a repository to > > thi

[clamav-users] Question

Good evening, I have to update definitions on my offline Linux file and I needed assistance with how to copy the files to my Linux system. I have already downloaded all three files already. Is there a repository to this? Thanks This message (including any attachments) contains confidential in

Re: [clamav-users] Question

Hi there, On Sat, 5 Oct 2019, Matus UHLAR - fantomas wrote: On 05.10.19 15:57, alex mc via clamav-users wrote: El sáb., 5 oct. 2019 a las 15:14, J.R. via clamav-users [...] escribió: I had already seen all this, but the code itself does not know where it is Are you talking about the virus d

Re: [clamav-users] Question

On 05.10.19 15:57, alex mc via clamav-users wrote: I'm talking about the source code of the antivirus, but thanks. your question has been answered then already: https://lists.clamav.net/pipermail/clamav-users/2019-October/008635.html https://lists.clamav.net/pipermail/clamav-users/2019-October/

Re: [clamav-users] Question

I'm talking about the source code of the antivirus, but thanks. El sáb., 5 oct. 2019 a las 15:14, J.R. via clamav-users (< clamav-users@lists.clamav.net>) escribió: > > I had already seen all this, but the code itself does not know where it > is > > Are you talking about the virus definitions? Th

Re: [clamav-users] Question

> I had already seen all this, but the code itself does not know where it is Are you talking about the virus definitions? Those are also available on the clamav download page. Once downloaded you can use sigtool to extract all the raw files into something you can read. ___

Re: [clamav-users] Question

Hi there, On Thu, 3 Oct 2019, alex mc via clamav-users wrote: ... lately I've been looking for the clamav antivirus code but I don't know why I can't find it, could you send it to me or tell me where to find it? ... http://catb.org/~esr/faqs/smart-questions.html -- 73, Ged. ___

Re: [clamav-users] Question

3, 2019 1:09 PM > > To: ClamAV users ML > > Cc: Wagde Zabit > > Subject: Re: [clamav-users] Question > > > > https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz > > > > Or my preference: https://github.com/Cisco-Talos/clamav-devel > >

Re: [clamav-users] Question

> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Wagde Zabit via clamav-users > Sent: Thursday, October 03, 2019 1:09 PM > To: ClamAV users ML > Cc: Wagde Zabit > Subject: Re: [clamav-users] Question > > https://www.clamav.net/downloads/prod

Re: [clamav-users] Question

https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz > On 3 Oct 2019, at 19:13, alex mc via clamav-users > wrote: > > Hi, lately I've been looking for the clamav antivirus code but I don't know > why I can't fin

Re: [clamav-users] Question

lamav-users@lists.clamav.net" Cc: alex mc Subject: [clamav-users] Question Hi, lately I've been looking for the clamav antivirus code but I don't know why I can't find it, could you send it to me or tell me where to find it? Thank you so much smime.p7s Description: S/MIM

[clamav-users] Question

Hi, lately I've been looking for the clamav antivirus code but I don't know why I can't find it, could you send it to me or tell me where to find it? Thank you so much ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/

Re: [clamav-users] Question regarding Metasploit signatures

Hi there, On Sat, 31 Aug 2019, J.R. via clamav-users wrote: If the virus pattern is in one of the database files, then you are alerted... If it's not, then no alert... That's how every antivirus works... There's a bit more to it than that. Some detection is based on other characteristics, su

Re: [clamav-users] Question regarding Metasploit signatures

> Hence, my question or curiosity over how ClamAV determines > the *true* threat level of a malicious file. If the virus pattern is in one of the database files, then you are alerted... If it's not, then no alert... That's how every antivirus works... You are more than welcome to report files for

Re: [clamav-users] Question regarding Metasploit signatures

Hi There, > -Original Message- > From: clamav-users On Behalf Of > G.W. Haywood via clamav-users > Sent: 31 August 2019 08:39 > To: Manna, Mohammed via clamav-users > Cc: G.W. Haywood > Subject: Re: [clamav-users] Question regarding Metasploit signatures > >

Re: [clamav-users] Question regarding Metasploit signatures

Hi there, On Fri, 30 Aug 2019, Manna, Mohammed via clamav-users wrote: What I can see that ClamAV cannot always successfully detect reverse shell type of files (built using Metasploit msfvenom). And also, if the file is covered using a pseudo extension e.g. test.exe.txt When I was comparing th

[clamav-users] Question regarding Metasploit signatures

Hello, What I can see that ClamAV cannot always successfully detect reverse shell type of files (built using Metasploit msfvenom). And also, if the file is covered using a pseudo extension e.g. test.exe.txt When I was comparing this on virustotal.com ClamAV seems to be missing quite a lot of t

Re: [clamav-users] Question about LLVM...

> So I would like to ask, does bytecode have access to its environment > (like ActiveX unfortunately did) and, how well is bytecode sandboxed? Well, first of all, only bytecode signatures published by Cisco/Talos are considered "trusted" and will run by default. You would have to manually specify

Re: [clamav-users] Question about LLVM...

I've always been leery of executable code that gets downloaded "behind the scenes" and then executed for whatever purpose. In the "old days", people were warned against downloading random software and then executing it. How that's become at least half of what we do on a daily basis -- in our browse

Re: [clamav-users] Question about LLVM...

Micah & Scott, Thank you for the replies, you answered exactly what I was thinking too based on posts referring to the built-in improvements and hush on llvm. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mai

Re: [clamav-users] Question about LLVM...

On Tuesday, December 11, 2018 05:59:05 PM Micah Snyder wrote: > Sorry about the broken links on the website and in the clamav-faq manual > pages. Our web dev team is actively working on integrating the newly > remodeled user manual into the website. > > The bytecode interpreter was nonfunctional

Re: [clamav-users] Question about LLVM...

Sorry about the broken links on the website and in the clamav-faq manual pages. Our web dev team is actively working on integrating the newly remodeled user manual into the website. The bytecode interpreter was nonfunctional for a long time but was fixed a few years ago. This is why LLVM was p

[clamav-users] Question about LLVM...

I've googled to no end, but haven't been able to come up with anything except a few snips mentioning LLVM and bytecode here and there... I'm curious exactly what the benefit would be to use LLVM, is there much of a performance gain over the built-in (non-llvm) bytecode interpreter? Is it an expand

Re: [clamav-users] Question about sending sample process

Thanks Luca for investigating the false negative reports and submitting them to our malware research team. These reports really help, even if you don't necessarily get feedback on the reports. Kind regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Nov 6, 2018, at 11

Re: [clamav-users] Question about sending sample process

Thanks to everyone, by adding some extra signature the found rate has increased, a few, but has increased and this is a good news. Luca Il 06/11/18 15:27, Joel Esler (jesler) ha scritto: On Nov 6, 2018, at 4:46 AM, Luca Moscato > wrote: Question 1 - Is this proces

Re: [clamav-users] Question about sending sample process

On Nov 6, 2018, at 4:46 AM, Luca Moscato mailto:l...@funambol.com>> wrote: Question 1 - Is this process correct to send samples? Please update the version of clamsubmit you are using. You are several versions behind. ___ clamav-users mailing list

Re: [clamav-users] Question about sending sample process

Luca It's possible that some of the failure to detect is due to your using an outdated version of ClamAV. Some signature only work with more recent versions. You should probably focus on upgrading before submitting any undetected samples. -Al- ClamXAV User On Tue, Nov 06, 2018 at 01:46 AM, Luc

Re: [clamav-users] Question about sending sample process

Hello Luca, If I remember well, clamsubmit only works since versions 0.100.x of ClamAV. It seems you are still using version 0.99.4. Question 1 - Is this process correct to send samples? Yes it it. Question 2 - How much time is required to validate a sample and get the A/V db updated? Day

[clamav-users] Question about sending sample process

Hi everyone, one of our customers notify us that the AV we use (clamav of course) does not detect some of malware downloadable from das malwerk usued for testing. Pretty strange situation, so we decided to download all malwares from that site and send as a sample using command line interface

[clamav-users] Question regarding Mach-O binaries and clamd.conf

Hi, I noticed in the Clam manual (PDF) for Clam 0.99.4 that Mach-O binaries are supported. In man clamd.conf there are parameters for enabling scanning of Windows PE files (ScanPE) and Linux/Unix ELF files (ScanELF), but there is not a Mach-O specific parameter. Does this mean that: 1. clamd

Re: [clamav-users] Question regarding freshclam.conf SafeBrowsing option

> On Jun 4, 2018, at 11:08 AM, Micah Snyder (micasnyd) > wrote: > > J, > > It appears that the info in freshclam.conf is out of date, and both the > Google safebrowsing API have changed as well as our practices for publishing > safebrowsing signature databases have changed since it was writt

Re: [clamav-users] Question regarding freshclam.conf SafeBrowsing option

J, It appears that the info in freshclam.conf is out of date, and both the Google safebrowsing API have changed as well as our practices for publishing safebrowsing signature databases have changed since it was written. I'm told that it's not necessary to run freshclam multiple times an hour a

[clamav-users] Question regarding freshclam.conf SafeBrowsing option

Hi, I had a question regarding the SafeBrowsing option in freshclam.conf for clamav version 0.99.4. According to man freshclam.conf, if this option is enabled, freshclam “…must update every 30 minutes…”. Am I correct that this means that the Checks option must be set to 48 or higher ? I do

Re: [clamav-users] Question regarding SIGUSR2 and clamd

You might be able to open the socket that clamd is listening on and attempt to ping it. I forget if it replies with PONG while it's in the middle of reloading. It's been a while since I tried to do that. On Thu, Mar 22, 2018 at 6:40 AM, Ralf Hildebrandt < ralf.hildebra...@charite.de> wrote: > O

[clamav-users] Question regarding SIGUSR2 and clamd

One can send SIGUSR2 to a running clamd instance to reload the signatures. But how can I (from a script) determine, if the signatures have been reloaded? I can of course try "sleep 30" which will suffice in most cases (from my experiene) but is there a script based approach apart from trying to p

Re: [clamav-users] Question about the clamdscan

This still has value as it can help catch things in action. It doesn't replace periodic scans either to catch malware discovered since the initial scan. There are a variety of ways of doing this if scanning everything in one shot isn't feasible. One option would be to split files up using a hash

Re: [clamav-users] Question about the clamdscan

Tripwire presumes a golden fileset at the outset, that is, scanned to the degree possible before enabling Tripwire. The fear of zero-day loop is infinite. dp On 3/21/18 6:41 PM, Paul Kosinski wrote: A few years ago, when Tripwire was no longer free, I set up a "scan once" environment for ClamA

Re: [clamav-users] Question about the clamdscan

A few years ago, when Tripwire was no longer free, I set up a "scan once" environment for ClamAV, identifying files using SHA1 hashing (with a few 'stat' results like inode and timestamp for good measure). I gave up when I realized that even if a file had already been scanned, it might have contai

Re: [clamav-users] Question about the clamdscan

It is possible to integrate ClamAV and Tripwire to get to a scan-once environment. Include puppet or CFEngine for a more complete tool. dp On 3/20/18 5:01 AM, Micah Snyder (micasnyd) wrote: Good morning Tsutomu, Al is quite correct. clamd and clamdscan maintain no memory of what has been sc

Re: [clamav-users] Question about the clamdscan

Good morning Tsutomu, Al is quite correct. clamd and clamdscan maintain no memory of what has been scanned before. In your ordinary use case, you simply run clamdscan over whatever you want to scan. You can exclude specific directories in your configuration if you want to point clamdscan at

Re: [clamav-users] Question about the clamdscan

Thank you so much. Your advice was very helpful. I would also like to wait for a message from the developer. On Thu, 15 Mar 2018 23:13:09 -0700 Al Varnell wrote: > I believe the developers are hard at work planning for the future this week, > so they can probably can give you better answers tha

Re: [clamav-users] Question about the clamdscan

I believe the developers are hard at work planning for the future this week, so they can probably can give you better answers than I later on. I suspect some of this may be platform specific, so my answers are based on my macOS experience. clamd scans every file that clamdscan tells it to, so s

[clamav-users] Question about the clamdscan

Hi, all. I have two question about the clamdscan; 1) Does the clamd skip scanning the files which are scanned before? I want to know if the clamd remember which files are scanned, and skip them when the scan is performed again. 2) Is there any case that a file is locked by the clamd (user cann

Re: [clamav-users] Question regarding freshclam log entry

J Doe wrote: I note though that man 5 freshclam.conf states that clamd is *NOT* set to update by default, however when I installed the package on Ubuntu 16.04.03 LTS, it has put in 3600 for an update frequency. Between freshclam and clamd there are three options here that operate indpendentl

Re: [clamav-users] Question regarding freshclam log entry

Hi Noel, > On Feb 22, 2018, at 10:23 AM, Noel Jones wrote: > >> On 2/22/2018 8:29 AM, J Doe wrote: >> >>> Hello, >>> >>> I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and >>> utilize it as a milter for Postfix v. 3.1.0. >>> >>> When freshclam runs according to its’ cron

Re: [clamav-users] Question regarding freshclam log entry

On 2/22/2018 8:29 AM, J Doe wrote: > >> Hello, >> >> I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and >> utilize it as a milter for Postfix v. 3.1.0. >> >> When freshclam runs according to its’ cron job and successfully downloads an >> update, it leaves the following note i

Re: [clamav-users] Question regarding freshclam log entry

> Hello, > > I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and > utilize it as a milter for Postfix v. 3.1.0. > > When freshclam runs according to its’ cron job and successfully downloads an > update, it leaves the following note in the freshclam log: > > WARNING: clamd w

[clamav-users] Question regarding freshclam log entry

Hello, I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and utilize it as a milter for Postfix v. 3.1.0. When freshclam runs according to its’ cron job and successfully downloads an update, it leaves the following note in the freshclam log: WARNING: clamd was NOT notified: C

Re: [clamav-users] Question about Clamav compressed file support

Hello, Thank you all very much for explanation and thoughts. I almost expected these answers. Thanks again for your help and best regards Rob ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listin

Re: [clamav-users] Question about Clamav compressed file support

Clamav has no support for unpacking and scanning inside the Acronis .tib backup images. I wouldn't bother scanning it. -- Noel Jones On 1/11/2018 9:41 AM, botnec wrote: > Hello, > > I'm using a QNAP NAS server as destination for Acronis Tue Image > backup files. > The extension of these f

Re: [clamav-users] Question about Clamav compressed file support

Hi Rob, At this time, ClamAV does not have the means to decompress and parse the proprietary Acronis .tib format. I only took a brief peek at Wikipedia (https://en.wikipedia.org/wiki/Acronis_True_Image#File_format) to learn more about Acronis image files. Unless someone in the community write

  1   2   3   4   >