Re: [clamav-users] Question on sigtool memory usage

On Thu, 3 Oct 2024, Andrew C Aitchison via clamav-users wrote: On Wed, 2 Oct 2024, Mikhail Soumar via clamav-users wrote: Hello, We are using sigtool to decompile the standard clamav virus signature databases in a low-memory environment. However, the process is too short-lived for us to a

Re: [clamav-users] Question on sigtool memory usage

On Wed, 2 Oct 2024, Mikhail Soumar via clamav-users wrote: Hello, We are using sigtool to decompile the standard clamav virus signature databases in a low-memory environment. However, the process is too short-lived for us to accurately measure peak usage. Is there a way we can get an estimate

Re: [clamav-users] Question about future expected Main + Daily CVD size

Hi Mikhail, The growing size of the main and daily databases is a concern for me as well and has been for a few years. I have a plan to archive older signatures that do not appear to be relevant anymore. This plan requires some extensive changes to some SQL databases and middleware that builds

Re: [clamav-users] Question about additional processing on Documents in Clamd Configuration File

Hi Paul, Yes, that is correct. In the case of PDF processing, cli_scanpdf()​ has logic to extract additional content from PDF such as decompressing attached images, javascript, etc. It may also decrypt password protected PDF's where the password is empty. The scanraw()​ function is primarily

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

Hi Micah, Thank you for your response. I have been actually trying what you suggested with the sigtool command, and when removing Windows signatures from both daily.cvd and main.cvd, we saw a memory savings of about 1 GB during the scan, from 1.5 GB to 500-600 MB. However, I still haven’t figur

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

Hi Mikhail, As you probably know, the clamav signature database is comprised of daily.cvd, main.cvd, and bytecode.cvd. Note: I say "cvd" but the file will have a "cld" extension if freshclam has updated it from an older version using our cdiff patching update mechanism. Daily.cvd is updated d

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

On Tue, 18 Jun 2024, Mikhail Soumar via clamav-users wrote: We are a team from Microsoft Azure running ClamAV on small Linux VMs, and due to business and cost reasons we cannot use larger VMs. Peak memory usage of ClamAV is between 1.2GB and 1.5GB, which is unsustainable on our VMs, and we are l

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

bject: Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool Large archive files may be the most obvious case, especially if things like disk images and installation images are included, but make sure that large multimedia files are also handled. In to

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

e it directly with ClamAV. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Vu, Hong-Duc V. via clamav-users Sent: Tuesday, November 14, 2023 10:49 AM Cc: Vu, Hong-Duc V. ; ClamAV users ML Subject: Re

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

Hi Micah, Is it going to be part of clamav or a different application entirely? Hong-Duc Vu From: Micah Snyder (micasnyd) Sent: Monday, November 13, 2023 3:33 PM To: Andrew C Aitchison Cc: ClamAV users ML Subject: Re: [clamav-users] Question About MaxFileSize / news of upcoming Large

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > ________ > From: Andrew C Aitchison > Sent: Thursday, June 8, 2023 6:25 PM > To: Micah Snyder (micasnyd) > Cc: ClamAV users ML > Subject: Re: [clamav-users] Question About MaxFi

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

mAV Development Talos Cisco Systems, Inc. From: Andrew C Aitchison Sent: Thursday, June 8, 2023 6:25 PM To: Micah Snyder (micasnyd) Cc: ClamAV users ML Subject: Re: [clamav-users] Question About MaxFileSize On Thu, 8 Jun 2023, Micah Snyder (micasnyd) wrote: > I agree

Re: [clamav-users] Question on Restriction of Clamscan Privileges

On Tue, 2023-10-17 at 19:53 +0200, Michael via clamav-users wrote: > Dear ladies and gentleman, > > I have a question about the linux clamscan permissions. > > Use clamdscan (NOT clamscan) with the --fdpass option. That will scan under the privileges of the clamd daemon by passing it a referenc

Re: [clamav-users] Question About MaxFileSize

You are right. But more than that, merely *reading* a file will exercise such code. I wonder if anybody has devised a file which exploits such a kernel bug? (Shudder.) After I wrote my objection, I realized that to be even more safe, one should scan removable disks at the block level before mou

Re: [clamav-users] Question About MaxFileSize

--On Friday, June 09, 2023 6:40 PM -0400 Paul Kosinski via clamav-users wrote: I have on occasion heard of vulnerabilities in some archiving software, where the mere act of decompressing and extracting an archive can result in malicious code execution due to a bug in the archiving software. Af

Re: [clamav-users] Question About MaxFileSize

I must say I strongly disagree with the approach of feeding files contained in a big archive file one at a time to ClamAV. That's because an archive is *itself* a file. I have on occasion heard of vulnerabilities in some archiving software, where the mere act of decompressing and extracting an

Re: [clamav-users] Question About MaxFileSize

On Thu, 8 Jun 2023, Micah Snyder (micasnyd) wrote: I agree with you. I suspect the majority of cases today is when people have a large archive of files to scan. I think best case scenario for people with a need to scan files larger than the present internal 2GB limit is that archives larger th

Re: [clamav-users] Question About MaxFileSize

elopment Talos Cisco Systems, Inc. From: clamav-users on behalf of Andrew C Aitchison via clamav-users Sent: Wednesday, May 24, 2023 1:34 AM To: ClamAV users ML Cc: Andrew C Aitchison Subject: Re: [clamav-users] Question About MaxFileSize On Wed, 24 May 2023, Tachi

Re: [clamav-users] Question About MaxFileSize

On Wed, 24 May 2023, Tachibanaki Nozomi (橘木 希美) wrote: Dear Sir or Madam, Thank you for your help always. I am contacting you to ask about MaxFileSize in clamd.conf. The following description is found in the configuration of /usr/local/etc/clamd.conf. MaxFileSize # Technical design limitation

Re: [clamav-users] Question Exception Rule

I'm sure one of us could, but you need to tell us what the display and actual urls you want whitelisted first. Sent from my iPad -Al- On Dec 29, 2022, at 08:06, newcomer01 via clamav-users wrote: > Is it possible, that you assist me in this process? ___

Re: [clamav-users] Question Exception Rule

From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Eric Tykwinski <mailto:eric-l...@truenet.com> Gesendet / Sent: Donnerstag, Dezember 29, 2022 um 16:17 (at 04:17 PM) +0100 Betreff / Subject: Re: [clamav-us

Re: [clamav-users] Question Exception Rule

Marc, > -Original Message- > From: clamav-users On Behalf Of newcomer01 via clamav-users > Sent: Thursday, December 29, 2022 10:05 AM > To: ClamAV User Mailinglist > Cc: newcomer01 > Subject: [clamav-users] Question Exception Rule > > Hi @ all, > > who can I contact to get an exemption

Re: [clamav-users] question about a malware submission

Hello. I submitted it over a week ago, and got a response saying that "Our initial assessment has verified the sample as a threat & we will be publishing signatures for ClamAV," but neither the ClamAV scanner in Jotti nor the one in Virus Total detects it. You can verify for yourself; the SH

Re: [clamav-users] question about a malware submission

You should submit the suspected malware here: https://www.clamav.net/reports/malware — Sent from my  iPhone On Jun 22, 2021, at 22:01, vze1amckv--- via clamav-users wrote: Hello, I recently submitted a suspicious file via the ClamAV website submission form, and got a response back saying

Re: [clamav-users] Question regarding the 0.103.1 PNG bug fix

Hello! File type detection is performed primarily with file type magic (FTM) signatures loaded from daily.cvd. If you unpack daily.cvd, you’ll find them in daily.ftm. The signature format is documented here: https://www.clamav.net/documents/file-type-magic By adjusting these signatures, we di

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Hi Orion, Apologies for taking too long to respond. After some tests I was able to reproduce the FPs and target type 3 LDB signatures for Urlhaus have been updated and published and should not alert on legitimate files anymore. Please update your ClamAV database and if you still have some issues p

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Orion, I haven't been able to reproduce the FP with https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc.

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Lilia - Virus database is updated daily and updated last night. Still seeing one this morning: Virus Urlhaus.Malware.364328-9787819-0: https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Hi Orion! Those NBD signatures were updated at the beginning of the week and should not FP anymore. Please update your ClamAV db and let us know if the issue persists. Best regards, Lilia Gonzalez Malware Research Team Cisco Talos On Wed, Jan 6, 2021 at 4:59 PM Orion Poplawski wrote: > Lilia

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Lilia -   Thanks for the response.   We're seeing some others getting triggered as well:     Virus Urlhaus.Malware.490516-9766015-0:    10.21.2.5 https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt: 2 Time(s)    10.21.2.5 https://raw.githubusercontent.com/curbengh/urlhaus-fi

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Hi Orion! Thank you for reporting this. URLhaus is a partner that generates a list of ClamAV signatures to target malicious URLs. Signature Urlhaus.Malware.452652-9766253-0 looks for a malicious URL inside HTML files, which is why it is alerting on the URLs you mentioned. We found these FPs some w

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

So that is a apparently a malicious site as determined by Urlhaus and is on their filter list. But how is it useful as a ClamAV signature? You are not going to be filtering URLs with ClamAV, right? And now it's blocking these emails because it contains this string. Orion On 12/23/20 11:26 AM,

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Orion Poplawski wrote: Can anyone give me some details about the Urlhaus.Malware.452652-9766253-0 signature? We're seeing following URLs trigger it: https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

Here's the signature decoded: # sigtool --find-sig Urlhaus.Malware.452652-9766253-0 | sigtool --decode-sig VIRUS NAME: Urlhaus.Malware.452652-9766253-0 FUNCTIONALITY LEVEL: >=48 TARGET TYPE: HTML OFFSET: * DECODED SIGNATURE: aboveandbelow.com.au/cgi-bin/http:/sites/b4q7eajmmm2moxgkq/ Sincerely, E

Re: [clamav-users] Question about clamAV dependencies

Sorry, I forgot to mention that we run ClamAV in a container, so I think it makes sense that it doesn't have installed systemd as it is a single process. Thanks so much for the replies. On 10/12/20 08:45, "G.W. Haywood via clamav-users" wrote: Hi there, On Wed, 9 Dec 2020, Ttito Con

Re: [clamav-users] Question about clamAV dependencies

Hi there, On Wed, 9 Dec 2020, Ttito Concha, Darwin via clamav-users wrote: On 09/12/20 18:53, "Andrew C Aitchison" wrote: On Wed, 9 Dec 2020, Ttito Concha, Darwin via clamav-users wrote: > ...openSUSE...zypper install clamav, which ask to install 27 dependencies. > I would like to know if

Re: [clamav-users] Question about clamAV dependencies

Hi Andrew, thanks for the quick reply. I am using it to scan any type of file that is uploaded to our server. Regards, Darwin On 09/12/20 18:53, "Andrew C Aitchison" wrote: On Wed, 9 Dec 2020, Ttito Concha, Darwin via clamav-users wrote: > Hi Team, > > Currently I am using Cl

Re: [clamav-users] Question

Sent from my iPad On Jan 12, 2020, at 16:49, Mason, Aj via clamav-users wrote: > I have to update definitions on my offline Linux file and I needed assistance > with how to copy the files to my Linux system. I have already downloaded all > three files already. Is there a repository to > > thi

Re: [clamav-users] Question

Hi there, On Sat, 5 Oct 2019, Matus UHLAR - fantomas wrote: On 05.10.19 15:57, alex mc via clamav-users wrote: El sáb., 5 oct. 2019 a las 15:14, J.R. via clamav-users [...] escribió: I had already seen all this, but the code itself does not know where it is Are you talking about the virus d

Re: [clamav-users] Question

On 05.10.19 15:57, alex mc via clamav-users wrote: I'm talking about the source code of the antivirus, but thanks. your question has been answered then already: https://lists.clamav.net/pipermail/clamav-users/2019-October/008635.html https://lists.clamav.net/pipermail/clamav-users/2019-October/

Re: [clamav-users] Question

I'm talking about the source code of the antivirus, but thanks. El sáb., 5 oct. 2019 a las 15:14, J.R. via clamav-users (< clamav-users@lists.clamav.net>) escribió: > > I had already seen all this, but the code itself does not know where it > is > > Are you talking about the virus definitions? Th

Re: [clamav-users] Question

> I had already seen all this, but the code itself does not know where it is Are you talking about the virus definitions? Those are also available on the clamav download page. Once downloaded you can use sigtool to extract all the raw files into something you can read. ___

Re: [clamav-users] Question

Hi there, On Thu, 3 Oct 2019, alex mc via clamav-users wrote: ... lately I've been looking for the clamav antivirus code but I don't know why I can't find it, could you send it to me or tell me where to find it? ... http://catb.org/~esr/faqs/smart-questions.html -- 73, Ged. ___

Re: [clamav-users] Question

3, 2019 1:09 PM > > To: ClamAV users ML > > Cc: Wagde Zabit > > Subject: Re: [clamav-users] Question > > > > https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz > > > > Or my preference: https://github.com/Cisco-Talos/clamav-devel > >

Re: [clamav-users] Question

> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Wagde Zabit via clamav-users > Sent: Thursday, October 03, 2019 1:09 PM > To: ClamAV users ML > Cc: Wagde Zabit > Subject: Re: [clamav-users] Question > > https://www.clamav.net/downloads/prod

Re: [clamav-users] Question

https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz > On 3 Oct 2019, at 19:13, alex mc via clamav-users > wrote: > > Hi, lately I've been looking for the clamav antivirus code but I don't know > why I can't fin

Re: [clamav-users] Question

You mean on clamav.net/downloads? -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com From: clamav-users on behalf of alex mc via clamav-users Reply-To: ClamAV users ML Date: Thursday, October 3, 2019 at 12:31 PM To: "clamav-us

Re: [clamav-users] Question regarding Metasploit signatures

Hi there, On Sat, 31 Aug 2019, J.R. via clamav-users wrote: If the virus pattern is in one of the database files, then you are alerted... If it's not, then no alert... That's how every antivirus works... There's a bit more to it than that. Some detection is based on other characteristics, su

Re: [clamav-users] Question regarding Metasploit signatures

> Hence, my question or curiosity over how ClamAV determines > the *true* threat level of a malicious file. If the virus pattern is in one of the database files, then you are alerted... If it's not, then no alert... That's how every antivirus works... You are more than welcome to report files for

Re: [clamav-users] Question regarding Metasploit signatures

Hi There, > -Original Message- > From: clamav-users On Behalf Of > G.W. Haywood via clamav-users > Sent: 31 August 2019 08:39 > To: Manna, Mohammed via clamav-users > Cc: G.W. Haywood > Subject: Re: [clamav-users] Question regarding Metasploit signatures > >

Re: [clamav-users] Question regarding Metasploit signatures

Hi there, On Fri, 30 Aug 2019, Manna, Mohammed via clamav-users wrote: What I can see that ClamAV cannot always successfully detect reverse shell type of files (built using Metasploit msfvenom). And also, if the file is covered using a pseudo extension e.g. test.exe.txt When I was comparing th

Re: [clamav-users] Question about LLVM...

> So I would like to ask, does bytecode have access to its environment > (like ActiveX unfortunately did) and, how well is bytecode sandboxed? Well, first of all, only bytecode signatures published by Cisco/Talos are considered "trusted" and will run by default. You would have to manually specify

Re: [clamav-users] Question about LLVM...

I've always been leery of executable code that gets downloaded "behind the scenes" and then executed for whatever purpose. In the "old days", people were warned against downloading random software and then executing it. How that's become at least half of what we do on a daily basis -- in our browse

Re: [clamav-users] Question about LLVM...

Micah & Scott, Thank you for the replies, you answered exactly what I was thinking too based on posts referring to the built-in improvements and hush on llvm. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mai

Re: [clamav-users] Question about LLVM...

On Tuesday, December 11, 2018 05:59:05 PM Micah Snyder wrote: > Sorry about the broken links on the website and in the clamav-faq manual > pages. Our web dev team is actively working on integrating the newly > remodeled user manual into the website. > > The bytecode interpreter was nonfunctional

Re: [clamav-users] Question about LLVM...

Sorry about the broken links on the website and in the clamav-faq manual pages. Our web dev team is actively working on integrating the newly remodeled user manual into the website. The bytecode interpreter was nonfunctional for a long time but was fixed a few years ago. This is why LLVM was p

Re: [clamav-users] Question about sending sample process

Thanks Luca for investigating the false negative reports and submitting them to our malware research team. These reports really help, even if you don't necessarily get feedback on the reports. Kind regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Nov 6, 2018, at 11

Re: [clamav-users] Question about sending sample process

Thanks to everyone, by adding some extra signature the found rate has increased, a few, but has increased and this is a good news. Luca Il 06/11/18 15:27, Joel Esler (jesler) ha scritto: On Nov 6, 2018, at 4:46 AM, Luca Moscato > wrote: Question 1 - Is this proces

Re: [clamav-users] Question about sending sample process

On Nov 6, 2018, at 4:46 AM, Luca Moscato mailto:l...@funambol.com>> wrote: Question 1 - Is this process correct to send samples? Please update the version of clamsubmit you are using. You are several versions behind. ___ clamav-users mailing list

Re: [clamav-users] Question about sending sample process

Luca It's possible that some of the failure to detect is due to your using an outdated version of ClamAV. Some signature only work with more recent versions. You should probably focus on upgrading before submitting any undetected samples. -Al- ClamXAV User On Tue, Nov 06, 2018 at 01:46 AM, Luc

Re: [clamav-users] Question about sending sample process

Hello Luca, If I remember well, clamsubmit only works since versions 0.100.x of ClamAV. It seems you are still using version 0.99.4. Question 1 - Is this process correct to send samples? Yes it it. Question 2 - How much time is required to validate a sample and get the A/V db updated? Day

Re: [clamav-users] Question regarding freshclam.conf SafeBrowsing option

> On Jun 4, 2018, at 11:08 AM, Micah Snyder (micasnyd) > wrote: > > J, > > It appears that the info in freshclam.conf is out of date, and both the > Google safebrowsing API have changed as well as our practices for publishing > safebrowsing signature databases have changed since it was writt

Re: [clamav-users] Question regarding freshclam.conf SafeBrowsing option

J, It appears that the info in freshclam.conf is out of date, and both the Google safebrowsing API have changed as well as our practices for publishing safebrowsing signature databases have changed since it was written. I'm told that it's not necessary to run freshclam multiple times an hour a

Re: [clamav-users] Question regarding SIGUSR2 and clamd

You might be able to open the socket that clamd is listening on and attempt to ping it. I forget if it replies with PONG while it's in the middle of reloading. It's been a while since I tried to do that. On Thu, Mar 22, 2018 at 6:40 AM, Ralf Hildebrandt < ralf.hildebra...@charite.de> wrote: > O

Re: [clamav-users] Question about the clamdscan

This still has value as it can help catch things in action. It doesn't replace periodic scans either to catch malware discovered since the initial scan. There are a variety of ways of doing this if scanning everything in one shot isn't feasible. One option would be to split files up using a hash

Re: [clamav-users] Question about the clamdscan

Tripwire presumes a golden fileset at the outset, that is, scanned to the degree possible before enabling Tripwire. The fear of zero-day loop is infinite. dp On 3/21/18 6:41 PM, Paul Kosinski wrote: A few years ago, when Tripwire was no longer free, I set up a "scan once" environment for ClamA

Re: [clamav-users] Question about the clamdscan

A few years ago, when Tripwire was no longer free, I set up a "scan once" environment for ClamAV, identifying files using SHA1 hashing (with a few 'stat' results like inode and timestamp for good measure). I gave up when I realized that even if a file had already been scanned, it might have contai

Re: [clamav-users] Question about the clamdscan

It is possible to integrate ClamAV and Tripwire to get to a scan-once environment. Include puppet or CFEngine for a more complete tool. dp On 3/20/18 5:01 AM, Micah Snyder (micasnyd) wrote: Good morning Tsutomu, Al is quite correct. clamd and clamdscan maintain no memory of what has been sc

Re: [clamav-users] Question about the clamdscan

Good morning Tsutomu, Al is quite correct. clamd and clamdscan maintain no memory of what has been scanned before. In your ordinary use case, you simply run clamdscan over whatever you want to scan. You can exclude specific directories in your configuration if you want to point clamdscan at

Re: [clamav-users] Question about the clamdscan

Thank you so much. Your advice was very helpful. I would also like to wait for a message from the developer. On Thu, 15 Mar 2018 23:13:09 -0700 Al Varnell wrote: > I believe the developers are hard at work planning for the future this week, > so they can probably can give you better answers tha

Re: [clamav-users] Question about the clamdscan

I believe the developers are hard at work planning for the future this week, so they can probably can give you better answers than I later on. I suspect some of this may be platform specific, so my answers are based on my macOS experience. clamd scans every file that clamdscan tells it to, so s

Re: [clamav-users] Question regarding freshclam log entry

J Doe wrote: I note though that man 5 freshclam.conf states that clamd is *NOT* set to update by default, however when I installed the package on Ubuntu 16.04.03 LTS, it has put in 3600 for an update frequency. Between freshclam and clamd there are three options here that operate indpendentl

Re: [clamav-users] Question regarding freshclam log entry

Hi Noel, > On Feb 22, 2018, at 10:23 AM, Noel Jones wrote: > >> On 2/22/2018 8:29 AM, J Doe wrote: >> >>> Hello, >>> >>> I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and >>> utilize it as a milter for Postfix v. 3.1.0. >>> >>> When freshclam runs according to its’ cron

Re: [clamav-users] Question regarding freshclam log entry

On 2/22/2018 8:29 AM, J Doe wrote: > >> Hello, >> >> I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and >> utilize it as a milter for Postfix v. 3.1.0. >> >> When freshclam runs according to its’ cron job and successfully downloads an >> update, it leaves the following note i

Re: [clamav-users] Question regarding freshclam log entry

> Hello, > > I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and > utilize it as a milter for Postfix v. 3.1.0. > > When freshclam runs according to its’ cron job and successfully downloads an > update, it leaves the following note in the freshclam log: > > WARNING: clamd w

Re: [clamav-users] Question about Clamav compressed file support

Hello, Thank you all very much for explanation and thoughts. I almost expected these answers. Thanks again for your help and best regards Rob ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listin

Re: [clamav-users] Question about Clamav compressed file support

Clamav has no support for unpacking and scanning inside the Acronis .tib backup images. I wouldn't bother scanning it. -- Noel Jones On 1/11/2018 9:41 AM, botnec wrote: > Hello, > > I'm using a QNAP NAS server as destination for Acronis Tue Image > backup files. > The extension of these f

Re: [clamav-users] Question about Clamav compressed file support

Hi Rob, At this time, ClamAV does not have the means to decompress and parse the proprietary Acronis .tib format. I only took a brief peek at Wikipedia (https://en.wikipedia.org/wiki/Acronis_True_Image#File_format) to learn more about Acronis image files. Unless someone in the community write

Re: [clamav-users] Question regarding libclamunrar6

On 11/30/2017 06:31 PM, Scott Kitterman wrote: On Thursday, November 30, 2017 05:02:11 PM Jonathan Sélea wrote: On 11/30/2017 01:41 PM, Matus UHLAR - fantomas wrote: On 29.11.17 17:31, Jonathan Sélea wrote: Is there any alternative to the package "libclamunrar6"? For example a package that h

Re: [clamav-users] Question regarding libclamunrar6

On Thursday, November 30, 2017 05:02:11 PM Jonathan Sélea wrote: > On 11/30/2017 01:41 PM, Matus UHLAR - fantomas wrote: > > On 29.11.17 17:31, Jonathan Sélea wrote: > >> Is there any alternative to the package "libclamunrar6"? For example a > >> package that have the GPLv3 license? > > > > I doub

Re: [clamav-users] Question regarding libclamunrar6

On 11/30/2017 01:41 PM, Matus UHLAR - fantomas wrote: On 29.11.17 17:31, Jonathan Sélea wrote: Is there any alternative to the package "libclamunrar6"? For example a package that have the GPLv3 license? I doubt so - afaik, rar uses own propietary file format Thanks for the answer. The pack

Re: [clamav-users] Question regarding libclamunrar6

On 29.11.17 17:31, Jonathan Sélea wrote: Is there any alternative to the package "libclamunrar6"? For example a package that have the GPLv3 license? I doubt so - afaik, rar uses own propietary file format -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish N

Re: [clamav-users] question about fale positives

Correct. Although we are currently working on a confirmation system for receipt of and resolution of, false positives. Sent from my iPhone On Sep 30, 2017, at 4:22 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: You won't receive a response unless you subscribe to the clamav-virusdb email l

Re: [clamav-users] question about fale positives

You won't receive a response unless you subscribe to the clamav-virusdb email list and even then you will probably just have to wait to see if it shows up as dropped. If it's a very serious FP then post a hash value of the file you uploaded here and they can check it's status. -Al- On Sat, Se

Re: [clamav-users] Question on GUI notifications of virus detection

On Mon, 2017-06-19 at 20:44 +0200, Michael D. wrote: > Hi Bryan, > > The problem isn't with ClamAV, it's the difference in sessions between a > daemon and a user. > > A user that is logged in, is in a shell with lot's of environment > variables set, whereas a daemon is running in a bare-minimu

Re: [clamav-users] Question on GUI notifications of virus detection

On 06/19/2017 07:49 PM, Bryan C. Everly wrote: Hi all, I am running Arch Linux with ClamAV 0.99.2 on a Thinkpad X1 Carbon (Skylake) using xorg and Gnome3. Anyhow, I have the ScanOnAccess stuff configured to where the system will detect any activity on my EICAR test file. My /opt/clamav-utils/c

Re: [clamav-users] Question about ClamScan

Am 12.05.2017 um 19:19 schrieb crazy thinker: @Maarten I mailing to both ClamAV Developers and Users.. Hope you unerstand this no, we don#t understand crossposting at all .ClamAV Developers Mailing list seems inactive.. They are not responding no wonder looking at the type of your ques

Re: [clamav-users] Question about ClamScan

Hello, Not strictly single threaded, there is a timer thread for bytecode for example. You can search over the source code to see pthread_* function calls. You will see that the ClamAV engine also contains pthread resource serialization calls. Hope this helps, Steve On Fri, May 12, 2017 at 1:2

Re: [clamav-users] Question about ClamScan

It’s not that at all. They are working on ClamAV 99.3. I’ll call their attention to the devel list. -- Joel Esler | Talos: Manager | jes...@cisco.com On May 12, 2017, at 2:47 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 5/12/17 10:19 AM, crazy thi

Re: [clamav-users] Question about ClamScan

On 5/12/17 10:19 AM, crazy thinker wrote: @Maarten I mailing to both ClamAV Developers and Users.. Hope you unerstand this .ClamAV Developers Mailing list seems inactive.. They are not responding Given that your crazyplan is to develop a new fork of ClamAV they can hardly be blamed for not h

Re: [clamav-users] Question about ClamScan

You are the wind beneath my wings! -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of SCOTT PACKARD Sent: Friday, May 12, 2017 7:37 AM To: ClamAV users ML Subject: Re: [clamav-users] Question about ClamScan Hi Crazy - Could you please stop

Re: [clamav-users] Question about ClamScan

@Maarten I mailing to both ClamAV Developers and Users.. Hope you unerstand this .ClamAV Developers Mailing list seems inactive.. They are not responding On 12 May 2017 at 22:29, Maarten Broekman wrote: > Crazy, >the 'users' mailing list is what you are sending this questions to. You > k

Re: [clamav-users] Question about ClamScan

Crazy, the 'users' mailing list is what you are sending this questions to. You keep addressing this list as 'developers'. There is a separate mailing list where developers who write the internals of ClamAV talk. That is the appropriate forum for ALL of your questions. You really haven't had a s

Re: [clamav-users] Question about ClamScan

It would be better to keep calm for some one who are not interested to learn ClamAV Internals. On 12 May 2017 at 21:43, Sierk Bornemann wrote: > > > Am 12.05.2017 um 18:07 schrieb Reindl Harald : > > > > > > > > Am 12.05.2017 um 14:37 schrieb SCOTT PACKARD: > >> Hi Crazy - > >> Could you please

Re: [clamav-users] Question about ClamScan

> Am 12.05.2017 um 18:07 schrieb Reindl Harald : > > > > Am 12.05.2017 um 14:37 schrieb SCOTT PACKARD: >> Hi Crazy - >> Could you please stop asking your questions to the clamav-users list? Just >> stop. > > +1 +1 ___ clamav-users mailing list cla

Re: [clamav-users] Question about ClamScan

Am 12.05.2017 um 14:37 schrieb SCOTT PACKARD: Hi Crazy - Could you please stop asking your questions to the clamav-users list? Just stop. +1 -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of crazy thinker Sent: Thursday, May 11, 201

Re: [clamav-users] Question about ClamScan

Hi Crazy - Could you please stop asking your questions to the clamav-users list? Just stop. Thanks. > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf > Of crazy thinker > Sent: Thursday, May 11, 2017 10:29 PM > To: ClamAV users ML ; Clam

Re: [clamav-users] Question about ClamAV

On Thu, May 11, 2017 at 03:03 AM, crazy thinker wrote: > > @AI > May be my question is a stupid one.. i have a still doubt so want to > clarify my self.. Why Heuristics Scanner need Signature Database when > Heruisitcs Scanning Technique detects malware based on behavior? Sorry to sound exasperat

Re: [clamav-users] Question about ClamAV

I would consider a malware author that does not pass his/her new product through several file scanners to be incompetent. There is little point in distributing such files if it is commonly detectable. Scanners are one of the best quality inspection tools a malware author has at their disposal. C

Re: [clamav-users] Question about ClamAV

Crazy Thinker, > As per my understanding, Signature Based Scanner will never involve in > false postive/false negative results. But Heuristic scanner some times > gives false postive/false negative results. Signature Based scanning can and will have false positive and false negative results. In f

  1   2   3   >