,
Arnaud Jacques
Gérant de SecuriteInfo.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
Hello,
I have received this message of a false positive.
Regards,
A.J.
Message transféré
Sujet : False Positive of IObit product by ClamAV
Date : Wed, 12 Jul 2017 11:09:10 +0800
De :beta feedback
Pour : Arnaud Jacques
Hi Arnaud Jacques,
This is Coco from
Hi,
... or you can use SecuriteInfo signatures. The lastest emotet malwares
variant are already detected today.
More information at http://ow.ly/LqfdL
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
do not publish the signature I created and I gave you, I'd be
happy to know why.
I have several generic signature ready to give you if you are agree to
publish them.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mai
-summary {}
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Hello,
I’m using clamwin antivirus on windows server 2003 but now I can’t
update anymore.
You probably can use ClamAV for Windows
(https://www.clamav.net/downloads) and start learning how it works in
command line.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
cve2017-11882.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
/stats_malwares_internet.shtml
The page is in french, but you can use Google traduction :
https://translate.google.com/translate?sl=fr&tl=en&u=https://www.securiteinfo.com/attaques/hacking/stats_malwares_internet.shtml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone
that trigger
the warning
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfo
s
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.secur
ler_v10-7.exe>
>
> Looks like this is (vistumbler) detected as false positive.
and
On Thu, 8 Apr 2021, Arnaud Jacques wrote:
> At first look, ClamAV is not the only one that flags it as malware :
>
https://www.virustotal.com/gui/file/071921ede559082
format is strictly correct (even if the datas of the
image are corrupted).
Please advise .
You should send your sample to https://www.clamav.net/reports/malware
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securi
with the
filename/extension.
For me, and for ClamAV, it is not an image. Verify with "file" command
line tool :
#file agam.jpg
agam.jpg: data
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
S
sible. Is there a way to get one's hands on these?
https://packages.microsoft.com/clamav/
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://ww
all over the planet.
Couldflare public IPs are avalaible :
https://www.cloudflare.com/ips/
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://ww
clamd daemon in memory.
So I hope your settings in clamd_custom.conf about TCPSocket is
different than 3310.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook
av-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInf
t;
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-list
forward proxy and tried to curl myself, I got a 1020 error,
When I do it with wget, I got 403 error. Any idea why ?
Do not use curl. Do not use wget. Use freshclam.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a
Hello Milos,
infected by Archived_JS.UNOFFICIAL
UNOFFICIAL means this signature has not been created by ClamAV official.
You should find who published this signature, and ask them.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
Hello,
Oct 24 12:07:45 rhel9test clamd[46661]: ERROR: Can't allocate memory
You do not have enough RAM.
Do you have, at leaset 8Gb ?
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web :
y and subdirectories, I suggest the
following :
find /my_path -type f | parallel clamdscan -mi --fdpass --no-summary {}
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Fac
regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Writing signatures for ClamAV antivirus
,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Writing signatures for ClamAV antivirus since 2006
://tracker.debian.org/pkg/clamav
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Hello,
However, this might work for you:
find /tmp/files -type f -exec clamdscan --no-summary {} +
Faster with parallel command :
find /tmp/files -type f |parallel clamdscan --no-summary {}
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0
@sigil:/$ time find /usr/share/doc/texinfo -type f -exec
clamdscan --fdpass --no-summary {} + | tail -n 2
/usr/share/doc/texinfo/AUTHORS: OK
/usr/share/doc/texinfo/NEWS.Debian.gz: OK
real 0m0,343s
user 0m0,004s
sys 0m0,047s
Disk cache hits.
--
Cordialement / Best regards,
Arnaud
Hello,
Where is the official document for creating signatures ?
https://www.clamav.net/doc/latest/signatures.pdf -> 404
https://github.com/Cisco-Talos/clamav/blob/main/docs/signatures.pdf -> 404
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone :
Le 30/03/2023 à 12:23, newcomer01 via clamav-users a écrit :
Hello Arnaud,
does this help?
https://docs.clamav.net/manual/Signatures.html
kind greetings
Marc
Thank you Marc !
Have a good day !
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0
r provider made changes about our DNS without warning us about.
All should be fine in a few hours.
We apologize for the inconvenience.
Best regards,
Arnaud Jacques
www.securiteinfo.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.
e html tag.
> When yes it can detect a lot of files which it's OK and not include any
> "bad" aplication or malware.
Well, it detects iframes after the "" lines. This is common to
defaced websites.
Best regards,
Arnaud Jacques
Consultant Sécurité
Securiteinfo.com
mAV
> documentation, but don't find instructions for using wget or other
> command line utilities.
>
> Would someone please give me a hint?
man wget
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.sec
Le mercredi 27 juin 2007 15:09, Schramm e.K. [ Deutschland ] a écrit :
> Dear clamav-users-list,
>
> like the subject sounds have i some problems
> with clamav.
Known bug. Already corrected in version 0.91 rc2.
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
Secu
; causing a major problem, because it causes the startup of clamav-milter to
> break.
>
> Any suggestions?
Yes : Install version 0.91rc2
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
__
will include the
samples in its official database.
More information and FREE DOWNLOAD at :
http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
script with
> only one address, just like I use with SaneSecurity and MSRBL.
For now, the IP address is fixed. AFAIK, it will not change in the near
future. You can use it for your script.
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securi
me - credit
> where credit is due.
Good idea. Will do it on next update.
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
___
Help us build a comprehensive Cl
Le dimanche 19 août 2007 18:21, Andrew McGlashan a écrit :
> Hi,
>
> Arnaud Jacques wrote:
> >> I ask because I see that your download link is a bare IP address,
> >> which you may change as much as you want, but I would prefer to use
> >> a script with on
Le dimanche 19 août 2007 19:21, Bill Landry a écrit :
> Henrik Krohns wrote the following on 8/19/2007 8:34 AM -0800:
> > On Sun, Aug 19, 2007 at 05:22:34PM +0200, Arnaud Jacques wrote:
> >> Hello Dennis,
> >>
> >> Le dimanche 19 août 2007 06:03, Dennis P
can
> simple point to sd-9798.dedibox.fr in our download scripts. Does that
> work for you?
Please use http://clamav.securiteinfo.com/vx.hdb.gz for your scripts.
Thank you by advance.
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securitei
tyInfo : frenchies here ;)
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Hello,
> I would like to maintain my own virus and phishing database.
> Do you know how can I do that? Is there some HOW-TO or something
> else?
http://www.clamav.net/doc/latest/signatures.pdf
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo
Hello,
> LibClamAv Error: hex2int() translation problem(40)
>
> LibClamAv Error: readdb(): Malformed pattern line 30284 (file
> /tmp/clamav-ea3e7e6c8dbe5d3f/main.db)
Please upgrade Clamav to the latest version (0.91.2)
--
Cordialement / Best regards,
Arnaud Jacques
Consult
ile format.
Please, remove clamav-92833d66ae2041d0
> And more important can i do thoses nasty things on production ? ;)
Yes. Don't forget to reload the database after the manipulations
(/etc/init.d/clamd reload)
sigtool -l|wc -l should show 150783
--
Cordialement / Best regards,
Arnaud Jacques
Hello,
Before Debian users (and others ?) flood the mailing list with this message,
one possible solution is here :
http://www.securiteinfo.com/divers/Clamav_LibClamAV_Warning_RAR_code_not_compiled-in.shtml
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
Le vendredi 22 février 2008 00:58, David Liang a écrit :
> Thu Feb 21 15:35:30 2008 -> clamd daemon 0.90.1 (OS: linux-gnu, ARCH:
> i386, CPU: i486)
Last Clamav version is 0.92.1. You should keep your Clamav package up-to-date.
--
Cordialement / Best regards,
Arnaud Jacques
Consultant
egards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.fr
http://www.securiteinfo.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/
Hello,
Le lundi 25 février 2008 16:57, Brandon Perry a écrit :
> After updating today, I am getting many legit-looking executables
> (Yahoo!, HP, SmartBridge, etc...) being marked as Trojan.Zonebac.
This signature will be removed on next update.
--
Cordialement / Best regards,
Arnaud J
Clamav team : http://www.clamav.org/sendvirus/
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
___
Help us build a comprehensive ClamAV guide: visi
in the case of web hosting
servers, this could be interesting to detect if a hacker drops a network
sniffer or IRC server on the disk of your webserver. In that case PUA should
be enable.
PUA setting should suit the computer security politics of your company.
--
Cordialement / Best reg
mav.org/support/faq/) for details.
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Le mercredi 9 avril 2008 15:26, Alexander Siebnich a écrit :
> Arnaud Jacques schrieb:
> > At the moment, PUA should not be used in production environment.
> > See FAQ (http://www.clamav.org/support/faq/) for details.
>
> Thank you for this advice. I just wondered that this p
lement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
http://www.securiteinfo.fr
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.c
Hello,
> I would like to know if clamav scans for macro viruses ?
Yes, of course.
> In case of macro viruses, can it strip off the macro from the doc ?
Yes, see clamscan --debug --leave-temp
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.co
rent OSes ?
--
Cordialement / Best regards,
Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
http://www.securiteinfo.fr
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Hello,
What can I do to speed up the clamscan process?
Another way : don't use clamscan but clamdscan -m
--
Best regards,
Arnaud Jacques / SecuriteInfo.com
https://www.securiteinfo.com
___
clamav-users mailing list
clamav-users@lists.clama
://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
--
Cordialement,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https
lse positive.
--
Cordialement,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
/clamav/) to merge them with Clamav official signatures.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom
ers mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de Securit
...@securiteinfo.com -N Arnaud Jacques -n myfile
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter
ClamAV side ?
How to resolve this ?
Thank you by advance.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom
Le 06/05/2018 à 00:27, Joel Esler (jesler) a écrit :
Are you using a current version of clamsubmit?
Yes. Using Debian :
clamsubmit -v
ClamAV 0.100.0/24544/Sun May 6 06:28:26 2018
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique
Hello Jesler,
Is that you sending us all those submissions?! Fantastic amount!
Yes it is me.
Is it too much samples for you ?
I got so many to upload...
Time for Clamav to create generic signatures to detect all of these ;)
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de
|
...
(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and
any of them
The second offset looks wrong to me.
Why? uint32(0x3c) is 0x0040...
Because, each line is 16 bytes long (0x10).
So "0040" is in hexadecimal, not decimal.
--
Cordialement / Best regards,
Arna
ailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.co
Le 31/08/2018 à 11:00, Henrik Hoeg Thomsen1 a écrit :
Do clamav offer a encrypted download alternative to the unencrypted http
based wget used to update the signatue database?
May be : https://packages.microsoft.com/clamav/
Should be enough reliable.
--
Cordialement / Best regards,
Arnaud
-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.sec
/services/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages
https://sanesecurity.com/usage/signatures/
Maybe the best point is to submit samples to ClamAV that are not
detected by anyone ?
Btw, be sure to submit *malwares* to ClamAV. Malware collections like
VirusShare contains a lot of false positives...
--
Cordialement / Best regards,
Arnaud Jacques
Gér
taire n° 4: c87c37e806231de5493af5ecfbde894a
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/1328725234922
ClamAV.
And some 3rd party signatures can help to get full detection :
https://sanesecurity.com
http://ow.ly/LqfdL
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Hello Dennis,
Yes it is dead since years.
It has been replaced by this : http://ow.ly/LqfdL
Le 05/12/2018 à 04:09, Dennis Peterson a écrit :
I don't see a dns response for that site and logs show no recent
connection.
dp
--
Cordialement / Best regards,
Arnaud Jacques
Géra
empts use such tools.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
x27;m surprised that you haven't
observed it before, but I posted it publicly as a PSA to anybody else who might
be subscribed to this list. Sorry if you were offended by my doing so.
Sent from my iPad
-Al-
On Dec 4, 2018, at 21:08, Arnaud Jacques wrote:
Did you speak the official voice
/3280cfb299d7e42753556a4524fe8187808dafae266cc44dfce32b3dc2525d70/analysis/1548074954/
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages
protected by the "infected"
password. Manually unzipped, ClamAV is enable to detect the malware.
Is the format of .pwdb files has changed since 0.100.x ?
Is it still supported on recent ClamAV version ?
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphon
neer
Malware Research Team
On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques
mailto:webmas...@securiteinfo.com>> wrote:
Hello,
It seems .pwdb files does not work since version 0.100.2 (may be
since
0.100.0).
It has this format :
cat passwords.pwdb
ZipPassw
net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
://www.securiteinfo.com/clients/customers/signup).
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom
e, may be) "bytecode signature" = "keyword"
Sounds good? A link to a howto will be appreciated.
Yes it is possible. Please see the official documentation :
https://www.clamav.net/documents/creating-signatures-for-clamav
--
Cordialement / Best regards,
Arnaud Jacques
Gérant
Hello,
https://www.clamav.net/documents/doc is broken.
Link found at https://www.clamav.net/documents/miscellaneous-faq.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https
Corrected.
Le 10/03/2019 à 02:44, Thomas McCourt (tmccourt) via clamav-users a écrit :
Those links should of been corrected Friday ( yesterday), are you still having
the issue ?
On Mar 6, 2019, at 4:53 AM, Arnaud Jacques wrote:
Hello,
https://www.clamav.net/documents/doc is broken.
Link
stamp. Any thoughts on this?
It happens when the virus database is not (already) loaded in memory
and/or when clamdscan client cannot connect to clamd daemon (tcp or
socket problem).
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
rs
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.secur
working for official signatures. 3rd party signatures provide
hash based checksum files.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://ww
(2886 files extracted and scanned from this PDF).
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom
clamd.conf)
Maybe more usefull options using :
clamscan --help|grep max
I guess you can play with such options to optimize your scan.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site w
.
You can test the time to reload without this file.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom
res on low performance CPU (VMs, embeeded systems, old hardware, ...)
Could you please tell us the CPU you use ?
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebo
fice 425-305-2269
*From: *clamav-users on behalf
of Arnaud Jacques
*Reply-To: *ClamAV users ML
*Date: *Thursday, March 14, 2019 at 9:43 AM
*To: *"clamav-users@lists.clamav.net"
*Subject: *Re: [clamav-users] freshclam -V output
*[External Email]*
**
Hello Sean,
Le 14/03/2019 à 13:53,
Hello,
sigtool --find-sigs Doc.Trojan.Agent-6923124-0 | sigtool --decode-sigs
I don't understand why this signature is so long, and why it is based on
always changing variables.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76
created a *huge* ign2 file and it crashed clamd. Ign2
files may not be appropriate to ignore tons of signatures.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Fa
ect PDF containing "OpenAction" and "Javascript" or "JS"
you will have a lot of false positives.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securitei
Many thanks,
David
-Original Message-
From: clamav-users On Behalf Of Arnaud
Jacques
Sent: Thursday 11 April 2019 18:27
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] PDF Scanning
Hello David,
Le 11/04/2019 à 19:20, David Hendrick a écrit :
Hi there,
Does anyone know if there&#x
the
Windows port as we're running in Windows?
Many thanks,
David
On Thu 11 Apr 2019, 19:35 Arnaud Jacques, <mailto:webmas...@securiteinfo.com>> wrote:
David,
Here is an example :
Create a file pdf.ndb in your clamav signatures directory (usually
/var/lib/clamav
Hello,
This link generates 403 error code :
https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb
What's wrong ?
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web :
Hello Clark,
Running for 525 minutes at >90% CPU seems not good. Causes noticeable
delay in command line activity for all users.
Could you please send us the result of these command lines :
cat /proc/cpuinfo
free -m
Thank you
--
Cordialement / Best regards,
Arnaud Jacques
Gérant
regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La
1 - 100 of 200 matches
Mail list logo
