Re: [clamav-users] Port number

2019-08-27 Thread Alpesh Thakare via clamav-users
What is the clamd service port in centos. From: Al Varnell Sent: 27 August 2019 12:01 To: ClamAV users ML Cc: Alpesh Thakare Subject: Re: [clamav-users] Port number Apparently Clamwin Daemon default listening port. -Al- ClamXAV user On Aug 26, 2019, at 23:28, Alpesh Thakare m

Re: [clamav-users] Port number

2019-08-27 Thread G.W. Haywood via clamav-users
Good morning, Alpesh Thakare via clamav-users wrote: Date: Tue, 27 Aug 2019 10:53:30 +0530 What is the port number used by ClamAV. Date: Tue, 27 Aug 2019 11:58:34 +0530 3310 port what is this ? Date: Tue, 27 Aug 2019 12:48:09 +0530 What is the clamd service port in centos. Could you ple

Re: [clamav-users] Port number

2019-08-27 Thread Matus UHLAR - fantomas
On 27.08.19 12:48, Alpesh Thakare via clamav-users wrote: What is the clamd service port in centos. are you asking us? If so, you should use question marks. I think centos usually uses unix socket. according to clamd.conf manual page, default is not to use TCP.

[clamav-users] False Positive for Txt.Coinminer.Generic-7132166-0

2019-08-27 Thread Brian Cole via clamav-users
Has anyone else seen a false positive from ClamAV, as a result of the August 24 signature update when the signature Txt.Coinminer.Generic-7132166-0 was added ? Specifically, we are seeing ClamAV think that CoinMiner virus exists in a cleartext file on Linux, even though CoinMiner is an executab

Re: [clamav-users] False Positive for Txt.Coinminer.Generic-7132166-0

2019-08-27 Thread Eric Tykwinski
Brian, It’s a straight text search for 6 strings. Can’t send the decode because it will be caught in my outbound. # sigtool –find-sigs Txt.Coinminer.Generic-7132166-0 | sigtool –decode-sigs Doesn’t seem extremely likely for a lot of false positives to me, but ymmv. __

Re: [clamav-users] False Positive for Txt.Coinminer.Generic-7132166-0

2019-08-27 Thread G.W. Haywood via clamav-users
Hi there, On Tue, 27 Aug 2019, Brian Cole via clamav-users wrote: ... we are seeing ClamAV think that CoinMiner virus exists in ... /var/log/sid_changes.log ... Would it not make more sense to exclude such files from your scans? -- 73, Ged. ___

Re: [clamav-users] Port number

2019-08-27 Thread Bowie Bailey
On 8/27/2019 1:23 AM, Alpesh Thakare via clamav-users wrote: > > Dear Team, > >   > > What is the port number used by ClamAV. > ClamAV defaults to listening on a Unix socket rather than a TCP port.  If you enable the TCP port, then the port number is set in the config file.  Take a look at TCPSoc

Re: [clamav-users] False Positive for Txt.Coinminer.Generic-7132166-0

2019-08-27 Thread Alain Zidouemba
The signature needs a little tweaking, and will be revised. Revision 0 (Txt.Coinminer.Generic-7132166-0) has been dropped and this will be reflected in the next signature update. - Alain On Tue, Aug 27, 2019 at 11:25 AM Brian Cole via clamav-users < clamav-users@lists.clamav.net> wrote: > > > H