Your main.cvd file should start with:
ClamAV-VDB:16 Mar 2016 23-17 +:57:4218790:60:06386
If it doesn’t then your original download is corrupt and will need to be
re-downloaded.
-Al-
On Mon, May 16, 2016 at 02:33 AM, Zvi Kave wrote:
>
> Yes. Usually I got a lot of messages like this:
> Cla
Al,
But the problem is that in 90% of the cases,
instead of getting the real main.cvd or daily.cvd,
I get a file with the following text:
<|DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
403 Forbidden
Forbidden
You don't have permission to access /daily.cvd
on this server.
Apache/2.4.20
I don’t see how that can possibly happen if you use freshclam instead of curl.
You only need to download main.cvd once ever few years, so once you have a
clean copy you should be set.
-Al-
On Tue, May 17, 2016 at 02:29 AM, Zvi Kave wrote:
>
> Al,
>
> But the problem is that in 90% of the cas
Hi,
Hope it's the right list I'm posting to :)
Why is the Signature Database only updated every 4 hours? Every 15
minutes would make more sense, since Spammers move very fast pushing out
new version of Trojans and alike.
I've reported several Signatures/Files (via. the website), but they
ne
My 2 cents would be that rapid traditional signature updates are not a viable
solution to this long term problem. I'm pretty sure the current generation of
Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny
mutations so that almost every email attachment has a unique si
On May 17, 2016, at 5:02 AM, Michael D. L. wrote:
> Hi,
>
> Hope it's the right list I'm posting to :)
>
> Why is the Signature Database only updated every 4 hours? Every 15 minutes
> would make more sense, since Spammers move very fast pushing out new version
> of Trojans and alike.
Over the
No ClamAV 0.98.7.
-J
On Mon, May 16, 2016 at 11:25 PM, Al Varnell wrote:
> I’m unable to replicate your findings:
>
> ~/Downloads/2016-05-16/eicar.txt: Eicar-Test-Signature FOUND
>
> Taking a look at the current daily.cld I see entries in both ignore
> sections:
>
> daily.ign
>
Jason:
Do you have all both main.cvd and daily.cvd? Win.Trojan.Trojan-605 was
dropped several weeks ago, but would only be reflected in your installation
if you have both main.cvd and daily.cvd. Please confirm.
Thanks,
- Alain
On Tue, May 17, 2016 at 4:11 PM, Jason J. W. Williams <
jasonjwwil
We do.
-J
On Tue, May 17, 2016 at 1:13 PM, Alain Zidouemba
wrote:
> Jason:
>
> Do you have all both main.cvd and daily.cvd? Win.Trojan.Trojan-605 was
> dropped several weeks ago, but would only be reflected in your installation
> if you have both main.cvd and daily.cvd. Please confirm.
>
> Than
$ sigtool -u /usr/local/share/clamav/daily.cld
$ grep -i 'Win.Trojan.Trojan-605' daily.ign
main:42:Win.Trojan.Trojan-605
Same on your end?
- Alain
On Tue, May 17, 2016 at 4:22 PM, Jason J. W. Williams <
jasonjwwilli...@gmail.com> wrote:
> We do.
>
> -J
>
> On Tue, May 17, 2016 at 1:13 PM, Ala
Yessir:
# sigtool -u /var/lib/clamav/daily.cld
# grep -i 'Win.Trojan.Trojan-605' daily.ign
main:42:Win.Trojan.Trojan-605
On Tue, May 17, 2016 at 1:25 PM, Alain Zidouemba
wrote:
> $ sigtool -u /usr/local/share/clamav/daily.cld
>
> $ grep -i 'Win.Trojan.Trojan-605' daily.ign
> main:42:Win.Trojan
If you run clamscan with "--debug" it will tell you which files it is
loading, even the files inside a cvd or cld file. It will also remark about
which signatures is skips when loading.
You should see these lines within your debug output:
...
LibClamAV debug: daily.ign2 loaded
...
LibClamAV debug
Hi Dave,
Thanks. I don't see any issues with it loading the daily.cld. I'm going to
wipe it out and let Freshclam reload it and the ign.
-J
On Tue, May 17, 2016 at 2:02 PM, David Raynor
wrote:
> If you run clamscan with "--debug" it will tell you which files it is
> loading, even the files ins
Correct. Now that we are back to pushing updates every 4 hours, whereas most
AV companies only push once or twice a day.
--
Joel Esler
Manager, Talos Group
On May 17, 2016, at 10:20 AM, C.D. Cochrane
mailto:c...@post.com>> wrote:
My 2 cents would be that rapid traditional signature update
Hallo, Jason,
Du meintest am 17.05.16:
>> You should see these lines within your debug output:
>>
>> ...
>> LibClamAV debug: daily.ign2 loaded
>> ...
>> LibClamAV debug: /var/lib/clamav/daily.cld loaded
>> ...
>> LibClamAV debug: Ignoring signature Win.Trojan.Trojan-605
>> ...
>> LibClamAV debug
15 matches
Mail list logo
