Hi there,
On Wed, 27 Nov 2019, Paul via clamav-users wrote:
root@larch:/tmp/paul# /usr/bin/sigtool --unpack-current=daily.cld
ERROR: unpack: Couldn't find daily.cld CLD/CVD database in /var/lib/clamav
root@larch:/tmp/paul# /usr/bin/sigtool
--unpack-current=/var/lib/clamav/daily.cld
ERROR: unpa
Hi
Must be getting tired and not reading things properly
sigtool --unpack-current=daily does the business
On 27/11/2019 19:11, Paul via clamav-users wrote:
Hi
root@larch:/tmp/paul# /usr/bin/sigtool --unpack-current=daily.cld
ERROR: unpack: Couldn't find daily.cld CLD/CVD database in
/var/l
Hi
root@larch:/tmp/paul# /usr/bin/sigtool --unpack-current=daily.cld
ERROR: unpack: Couldn't find daily.cld CLD/CVD database in /var/lib/clamav
root@larch:/tmp/paul# /usr/bin/sigtool
--unpack-current=/var/lib/clamav/daily.cld
ERROR: unpack: Couldn't find /var/lib/clamav/daily.cld CLD/CVD databas
Hi Joel
Silly thing check
root@larch:/tmp/paul# sigtool -V
ClamAV 0.101.5/25646/Wed Nov 27 10:06:44 2019
root@larch:/tmp/paul# /usr/bin/sigtool --unpack-current
/var/lib/clamav/daily.cld
ERROR: unpack: Couldn't find /var/lib/clamav/daily.cld CLD/CVD database
in /var/lib/clamav
On 27/11/2019
Hello,
Le 27/11/2019 à 19:07, Paul via clamav-users a écrit :
root@larch:/tmp/paul# sigtool --unpack-current daily.cld
As far as I know :
sigtool --help|grep unpack-current
--unpack-current=SHORTNAME Unpack local CVD/CLD into cwd
So the command line should be :
sigtool --unp
What happens if you issue the full part in the sigtool command?
Sent from my iPhone
> On Nov 27, 2019, at 13:08, Paul via clamav-users
> wrote:
>
> Hi
>
> Am I missing something here or is sigtool broken in 101.5
>
>
> root@larch:/tmp/paul# ls /var/lib/clamav/*.cld -lh
> -rw-r--r-- 1 cla
Hi
Am I missing something here or is sigtool broken in 101.5
root@larch:/tmp/paul# ls /var/lib/clamav/*.cld -lh
-rw-r--r-- 1 clamav clamav 1.4M Sep 19 17:56 /var/lib/clamav/bytecode.cld
-rw-r--r-- 1 clamav clamav 158M Nov 27 10:54 /var/lib/clamav/daily.cld
-rw-r--r-- 1 clamav clamav 294M Nov 25
On Tue, 16 Aug 2016, Jack wrote:
> Hello,
>
> I am attempting to dissect a document’s macros using sigtool, but am running
> into a problem. Nothing is being returned when the following command is run:
>
> $ sigtool --vba
> '237b81cda8251aac11eaa28387765e6dd165664aa87563a6bce5951dd5ca4de3.bin’
Hello Jack,
> Great, thanks. Here is the output with ‘—debug’:
>
> LibClamAV debug: Initialized 0.99.2 engine
> LibClamAV debug: in cli_ole2_extract()
> LibClamAV debug: OLE2 magic failed!
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
>
> To note, the documen
On Tue, 16 Aug 2016, Jack wrote:
>
> To note, the document opens fine in Microsoft Word, and oletools has no
> issues dumping out the macros.
Hi,
I have observed this problem too with files
that file reports as "Microsoft Word 2007+".
oledump will extract the macros but not sigtool.
clamav
On Mon, August 15, 2016 4:25 pm, Jack wrote:
> Great, thanks. Here is the output with ‘—debug’:
>
>
> LibClamAV debug: Initialized 0.99.2 engine
> LibClamAV debug: in cli_ole2_extract()
> LibClamAV debug: OLE2 magic failed!
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cl
Great, thanks. Here is the output with ‘—debug’:
LibClamAV debug: Initialized 0.99.2 engine
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: OLE2 magic failed!
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Phishcheck cleaned up
To note, the document opens fine in Microsoft Word,
On Mon, August 15, 2016 3:50 pm, Jack wrote:
> Hello,
>
>
>
> Can someone take a look and determine why there are passing issues?
Hi Jack,
add --debug on the end... eg... might give you a bit more info...
sigtool --vba "287DD777DB20BE14F2DD0B9952BECF41.xxx" --debug
LibClamAV debug: Initialized
Hello,
I am attempting to dissect a document’s macros using sigtool, but am running
into a problem. Nothing is being returned when the following command is run:
$ sigtool --vba
'237b81cda8251aac11eaa28387765e6dd165664aa87563a6bce5951dd5ca4de3.bin’
The document in question is SHA256:
237b81cda
Hi Arnaud, I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11553
for a fix.
Thanks for your report,
Steve
On Thu, Apr 14, 2016 at 11:03 AM, Arnaud Jacques / SecuriteInfo.com <
webmas...@securiteinfo.com> wrote:
> Hello,
>
> Using sigtool -l always reports this error :
>
> ERROR: listdb:
Hello,
Using sigtool -l always reports this error :
ERROR: listdb: Malformed pattern line 1 (file /tmp/clamav-
c57a51d1b297cd6a8b2ca0810c9776f9.tmp/daily.cdb)
ERROR: listdb: Error listing database
/tmp/clamav-c57a51d1b297cd6a8b2ca0810c9776f9.tmp/daily.cdb
ERROR: listdb: Can't list directory /var
I cant figure out how to build cud files yet with 0.98.5
Is there a guide somewhere for this ?
It fails with build name, and sigtool interactive ask for the build name,
but fails to build with the type answer :(
Env variables is not explained anywhere
_
| On 01/24/2012 01:05 AM, Greg Cirino wrote:
|> Ok, I'm not sure what is happening, but I did a wget of the main.cvd and
|> ran the sigtool against it with the following command:
|>
|> sigtool --info=main.cvd
|>
|> and got this:
|>
|> File: main.cvd
|> Build time: 11 Oct 2011 10:34 -0400
|> Versio
On 01/24/2012 01:05 AM, Greg Cirino wrote:
> Ok, I'm not sure what is happening, but I did a wget of the main.cvd and
> ran the sigtool against it with the following command:
>
> sigtool --info=main.cvd
>
> and got this:
>
> File: main.cvd
> Build time: 11 Oct 2011 10:34 -0400
> Version: 54
> Si
Ok, IMHO sigtool should return the same information (results) regardless
if the debug flag is set or not.
This means, using
sigtool --debug --info=main.cvd
vs
sigtool --info=main.cvd
Should return the same results, one with extra code and one without
But sigtool version 97.3 does not do this (on
Ok, I'm not sure what is happening, but I did a wget of the main.cvd and
ran the sigtool against it with the following command:
sigtool --info=main.cvd
and got this:
File: main.cvd
Build time: 11 Oct 2011 10:34 -0400
Version: 54
Signatures: 1044387
Functionality level: 60
Builder: sven
MD5: ef01
FM wrote:
> Tx for the reply but in my case it is not that easy.
>
> I am using courier-mta and courier-pythonfilter to connect the mta and
> clamav
> This filter is using libclamav directly
>
> and in clamd.conf I have :
>
> PhishingScanURLs no
> PhishingSignatures no
>
>
> but still have vir
Tx for the reply but in my case it is not that easy.
I am using courier-mta and courier-pythonfilter to connect the mta and
clamav
This filter is using libclamav directly
and in clamd.conf I have :
PhishingScanURLs no
PhishingSignatures no
but still have virus alert in the maillog
Regards,
FM wrote:
> hello,
> I have lots of false positive with clamav phishing detection.
> What is the correct way to remove these rules using sigtool?
From a recent post:
> You can disable the heuristics-based phish checks without
> disabling the signature-based checks. Both the official
> clama
hello,
I have lots of false positive with clamav phishing detection.
What is the correct way to remove these rules using sigtool?
Regards
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-us
At 03:45 PM 6/8/2007, Efren Bravo wrote:
> > You can use:
> > echo "clamav database updated" | mail -s "Clamav Update OK"
> > [EMAIL PROTECTED]
> >
> > or for more info, maybe:
> > clamscan /etc/motd | mail -s "clamav update OK" [EMAIL PROTECTED]
> >
>
>Why not to use sigtool, isn't it supported on
- Original Message -
From: "Noel Jones" <[EMAIL PROTECTED]>
To: "ClamAV users ML"
Sent: Friday, June 08, 2007 10:37 AM
Subject: Re: [Clamav-users] sigtool and 90.x
> At 09:40 AM 6/8/2007, Efren Bravo wrote:
>>Hi,
>&
At 09:40 AM 6/8/2007, Efren Bravo wrote:
>Hi,
>
>I've this inside the freshclam.conf:
>-
># Run command after successful database update.
># Default: disabled
>OnUpdateExecute /usr/local/etc/freshclam-x/onupdt.sh
>
>and /usr/local/etc/freshclam-x/onupdt.sh have:
>---
Hi,
I've this inside the freshclam.conf:
-
# Run command after successful database update.
# Default: disabled
OnUpdateExecute /usr/local/etc/freshclam-x/onupdt.sh
and /usr/local/etc/freshclam-x/onupdt.sh have:
--
/usr/lo
On Mon, 20 Sep 2004 15:49:14 -0400
Dewey Hylton <[EMAIL PROTECTED]> wrote:
> $ sigtool --unpack-current daily.cvd
> LibClamAV Error: Unknown type flag 3.
> ERROR: Can't unpack file.
This error comes from libclamav/cvd.c:cli_untgz() and was also reported
on Cygwin. We're working on a fix.
--
i see the following problem in freebsd 4.8 and 5.2.1 - but not in any of the
linux distros i've tried:
$ freshclam --datadir . --log freshclam.log
ClamAV update process started at Sun Sep 19 10:09:45 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 27, sig
Steven Stern wrote:
On Wed, 28 Jul 2004 10:15:53 -0500, "Vernon A. Fort"
<[EMAIL PROTECTED]> wrote:
I'm tring to understand the Build time string in the sigtoo -i daily.cvd
file:
Build time: 27 Jul 2004 15-12 +0200
specifically with the 15-12 +0200. I want to convert this to Central
time
On Wed, 2004-07-28 at 17:51, Denis De Messemacker wrote:
> It means the signature was done at 3:12 pm (15:12) , in a GMT+2 zone.
> So 1:12pm GMT.
>
> Assuming Central Standard Time USA is GMT-5 in summer, it makes 8:12 am.
>
Perhaps there would be some sense in timestamping the signature
databas
On Tue, 27 Jul 2004 15:16:38 -0700
"zbuckholz" <[EMAIL PROTECTED]> wrote:
> But please still enlighten me, if the email attachment is zipped and
> is password protected how does clamav detect it? Does clamav have most
Oh, this is a military secret :-)
--
oo. Tomasz Kojm <[EMA
On Wed, 2004-07-28 at 17:15, Vernon A. Fort wrote:
> I'm tring to understand the Build time string in the sigtoo -i daily.cvd
> file:
>
> Build time: 27 Jul 2004 15-12 +0200
>
> specifically with the 15-12 +0200. I want to convert this to Central
> time (US), any pointers.
>
> Vernon
>
On Wed, 28 Jul 2004 10:15:53 -0500, "Vernon A. Fort"
<[EMAIL PROTECTED]> wrote:
>I'm tring to understand the Build time string in the sigtoo -i daily.cvd
>file:
>
>Build time: 27 Jul 2004 15-12 +0200
>
>specifically with the 15-12 +0200. I want to convert this to Central
>time (US), any po
-5 right now... -6 when daylight saving time ends
- Original Message -
From: "Tomasz Papszun" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 28, 2004 10:44 AM
Subject: Re: [Clamav-users] Sigtool Build Time
> On Wed, 28 Jul 2004 at 10:15
Quoting "Vernon A. Fort" <[EMAIL PROTECTED]>:
I'm tring to understand the Build time string in the sigtoo -i daily.cvd
file:
Build time: 27 Jul 2004 15-12 +0200
specifically with the 15-12 +0200. I want to convert this to Central
time (US), any pointers.
Vernon
well im not sure what the 15-1
On Wed, 28 Jul 2004 at 10:15:53 -0500, Vernon A. Fort wrote:
> I'm tring to understand the Build time string in the sigtoo -i daily.cvd
> file:
>
>Build time: 27 Jul 2004 15-12 +0200
>
> specifically with the 15-12 +0200. >
It means 15:12 GMT+2
> I want to convert this to Central time (U
I'm tring to understand the Build time string in the sigtoo -i daily.cvd
file:
Build time: 27 Jul 2004 15-12 +0200
specifically with the 15-12 +0200. I want to convert this to Central
time (US), any pointers.
Vernon
---
This SF.Net email
Hi,
On Tue, Jul 27, 2004 at 02:35:56PM -0700, zbuckholz wrote:
> I just took your suggestion and tried it and it still does not detect the
> virus. I have the original text email that I scan like follows:
> ./clamscan sample.txt
> This is a copy of the atomic-time-stamp type file in the Maildir
ECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Kojm
Sent: Tuesday, July 27, 2004 1:56 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] sigtool outout very large
On Tue, 27 Jul 2004 12:48:55 -0700
"zbuckholz" <[EMAIL PROTECTED]> wrote:
> My basic question is why will clamsc
On Tue, 27 Jul 2004 16:18:54 -0400
Ryan Moore <[EMAIL PROTECTED]> wrote:
> Clamav needs the original rfc822 message text to detect it as a
> password protected virus I think. If you're trying to scan the
No, it doesn't. The Worm.Bagle.Gen-zippwd signature should catch the raw
zip file.
--
oo
zbuckholz wrote:
I just took your suggestion and tried it and it still does not detect the
virus. I have the original text email that I scan like follows:
./clamscan sample.txt
This is a copy of the atomic-time-stamp type file in the Maildir
I do not know the format of the cvd files, I assume I w
: [Clamav-users] sigtool outout very large
zbuckholz wrote:
> I have an email attachment that uvscan is detecting as:
> (When zipped)
> Found the W32/[EMAIL PROTECTED] virus !!!
>
>
> (When unzipped using password in email text)
>
> Found the W32/[EMAIL PROTECTED] vi
On Tue, 27 Jul 2004 12:48:55 -0700
"zbuckholz" <[EMAIL PROTECTED]> wrote:
> My basic question is why will clamscan not detect this Bagle , and if
I'm sure your version is older than 0.70.
--
oo. Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\. http://www.ClamAV.net/gp
zbuckholz wrote:
I have an email attachment that uvscan is detecting as:
(When zipped)
Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text)
Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as:
(When unzipped using password in email text)
gyadu.exe: Wor
I have an email attachment that uvscan is detecting as:
(When zipped)
Found the W32/[EMAIL PROTECTED] virus !!!
(When unzipped using password in email text)
Found the W32/[EMAIL PROTECTED] virus !!!
Clamscan detects it as:
(When unzipped using password in email text)
gyad
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Monday, May 03, 2004 6:20 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sigtool not working correctly
>
>
> Jim,
>
>
> On May
All,
What is odd is that I was using the /usr/local/share/clamav path but
changed it to /var/lib/clamav because that is what freshclam.conf has
as it's default. I changed the line in the /etc/clamav.conf to
reflect
the /var/lib/clamav location.
Clam is catching the newest viruses, and the datab
Niek,
On May 3, 2004, at 3:58 AM, Niek wrote:
Mark Novak wrote:
Hello all,
I recently upgraded my Clamav from 0.70-rc to clamav-0.70. After the
upgrade my sigtool stopped working as it used to. For example:
[EMAIL PROTECTED] log]# sigtool -i /var/lib/clamav/daily.cvd
Build time: 29 Apr 2004
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Monday, May 03, 2004 2:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sigtool not working correctly
>
>
> What is odd is that I was using the /
This also happened to me. Just so you
won't confuse yourself with two db paths,
delete the other one and just ln -s
to the other one. That way either way you
go, it takes you to the same place.
> > What is odd is that I was using the
> /usr/local/share/clamav path but
> > changed it to /var/lib/cl
Jim,
On May 3, 2004, at 3:27 PM, Jim Maul wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mark
Novak
Sent: Monday, May 03, 2004 2:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] sigtool not working correctly
What is odd is that I was
Mark Novak wrote:
Hello all,
I recently upgraded my Clamav from 0.70-rc to clamav-0.70. After the
upgrade my sigtool stopped working as it used to. For example:
[EMAIL PROTECTED] log]# sigtool -i /var/lib/clamav/daily.cvd
Build time: 29 Apr 2004 07-50 +0200
Version: 294
# of signatures: 1075
Hello all,
I recently upgraded my Clamav from 0.70-rc to clamav-0.70. After the
upgrade my sigtool stopped working as it used to. For example:
[EMAIL PROTECTED] log]# sigtool -i /var/lib/clamav/daily.cvd
Build time: 29 Apr 2004 07-50 +0200
Version: 294
# of signatures: 1075
Functionality leve
On Mon, 01 Mar 2004 at 8:18:25 -0600, Joe Kletch wrote:
> >sigtool --list-sigs
>
> Does not work on my install. Is the best way to get this corrected to
> upgrade Clam 0.67?
>
> mail burtonmayer.com $ clamd -V
> clamd / ClamAV version 0.65
>
Please, don't "top-post".
Yes.
--
Tomasz Papszu
Joe Kletch wrote:
sigtool --list-sigs
Does not work on my install. Is the best way to get this corrected to
upgrade Clam 0.67?
mail burtonmayer.com $ clamd -V
clamd / ClamAV version 0.65
It can't hurt anyway to upgrade to v0.67-1. Maybe try finding it with
'whereis sigtool' (or 'locate sigtool')
sigtool --list-sigs
Does not work on my install. Is the best way to get this corrected to
upgrade Clam 0.67?
mail burtonmayer.com $ clamd -V
clamd / ClamAV version 0.65
Thanks!
Joe Kletch
On Mar 1, 2004, at 7:43 AM, Kristof Hardy wrote:
sigtool --list-sigs
---
The latest snapshot contains some important fixes for sigtool:
fixed random segfaults and modified algorithm. It should create
better signatures, however it's still not perfect (but it will be
;)).
Best regards,
Tomasz Kojm
--
oo. [EMAIL PROTECTED]
(\/)\. http
* =?iso-8859-1?Q?Germ=E1n_D. _Staltari?= <[EMAIL PROTECTED]> [20021107 15:45]: wrote:
> Hi, could anyone please give me a deeper explained example of how to use the
> sigtool.
Search the archives of this list for "Creating an original signature..."
Tomasz explained the process in detail to someon
Hi, could anyone please give me a deeper explained example of how to use the
sigtool.
Thanks
German Staltari
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
62 matches
Mail list logo
