What's "high cpu" in this instance ... you should expect system resources
to be consumed when the on-demand scans run, are you seeing high load
averages, what are you using to diagnose high cpu, is it simply a per core
spike?
On Jan 26, 2016 13:27, "Jeff Johnson" wrote:
> I have rolled out clamd
Is there any integrity or authenticity checks within freshclam when it
connects to the clamAV servers to download the virus signature databases?
Also is there any non-repudiation of the servers hosting the virus
signature databases, that is who gets to be a host and is there any
procedures to ens
Thanks for the quick replies and information, this helps greatly and is
much appreciated!
On Jan 29, 2016 03:28, "Steve Basford"
wrote:
>
> On Thu, January 28, 2016 10:29 pm, Brad Scalio wrote:
> > Is there any integrity or authenticity checks within freshclam when it
>
Can anyone answer the mail on this control enhancement in NIST 800-53 (Rev.
4) and if Clam AV has this in 0.99 release and if not, if anyone has any
fodder or websites that can explain this more ... again many thanks and if
this isn't the correct listserver to use for this many apologies.
SI-3(7)
hecked before database load time.
> Virus names of signatures from non-signed databases are appended with
> ".UNOFFICIAL".
>
> Hope this helps,
> Steve
>
> On Thu, Jan 28, 2016 at 5:29 PM, Brad Scalio wrote:
>
> > Is there any integrity or authenticity checks
I think I answered my own question, Sansecurity.
On Fri, Jan 29, 2016 at 4:41 PM, Brad Scalio wrote:
> Thanks Steve that does help, who's the CA or at least the certs aren't
> self-signed correct?
>
> On Fri, Jan 29, 2016, 14:42 Steven Morgan wrote:
>
>> Brad,
Gotcha sorry I thought I found a previous post to such but indeed I was
wrong.
Many thanks for the information.
On Jan 29, 2016 17:53, "Benny Pedersen" wrote:
> On 2016-01-29 23:28, Al Varnell wrote:
>
>> Not sure how you would arrive at that conclusion. SaneSecurity is not
>> affiliated with Ci
I've seen a lot of fodder on clamd vs clamscan, running 0.99 on RHEL6.7
exit/entry points ... While it's easy enough to use clamscan via cron, is
there any good stepwise SOP on getting clamd to work permission wise to
scan all filesystem? I like the ability to have it all controlled via the
daemon
t helpful during our investigation and analysis, much
appreciated!!!
On Feb 10, 2016 08:51, "Matus UHLAR - fantomas" wrote:
> On 10.02.16 05:29, Brad Scalio wrote:
>
>> I've seen a lot of fodder on clamd vs clamscan, running 0.99 on RHEL6.7
>> exit/entry points ... While i
Is it installed in a non-standard location, run "which openssl" and pass
--with-openssl= and the path given.
On Jul 15, 2016 15:47, "Gaiseric Vandal" wrote:
> there is probably an openssl-devel package required
>
> On 07/15/16 15:41, Albrecht, Thomas C wrote:
>
>> Hi,
>>
>>
>>
>> I'm working on
When a clamscan is ran from cmdline or via cron is the virus signature
database checked before scanning commences in a fashion that if we aren't
using clamdscan then is there a need for clamd to run, does it provide any
added features or functionality not already present with freshclam +
clamscan r
So if we are using only clamscan from a cronjob and freshclamd to update
the VSD then no need to startup clamd correct?
On Oct 12, 2016 5:35 AM, "Ralf Hildebrandt"
wrote:
> * Brad Scalio :
> > When a clamscan is ran from cmdline or via cron is the virus signature
> >
Is there a way to log-to-syslog for clamscan runs? We pass the --log
argument to write to an organizational defined log location for parsing for
remote monitoring scripts but we also need to forward to arcsight
collectors the scans for central management. I know clamd and freshclam
log by default
Yes got it, many thanks for the replies -- gotta admit it's always a
pleasure to post questions here as I know I will get a response, and
sometimes some well deserved sarcasm.
On Wed, Oct 12, 2016 at 8:14 AM, Reindl Harald
wrote:
>
>
> Am 12.10.2016 um 12:15 schrieb Brad Scalio:
Thanks Vlad for the suggestion ... Tried it today and it's a good solution
for the functionality we need.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Is there documentation on options and setting up your own virus signature
database source if certain target systems within your network cannot
resolve hostnames (no DNS) or no external internet connectivity.
Many thanks!
___
Help us build a comprehensive
OK I'm all for simple just wasn't sure if there was a path native to
freshclam that would do it without external syncing scripts.
Thanks!
On Oct 17, 2016 13:11, "Reindl Harald" wrote:
Am 17.10.2016 um 19:05 schrieb Brad Scalio:
> Is there documentation on options
Greetings,
We are using a clamscan to recursively scan local filesystems on our
entry/exit points (jump boxes, DMZ servers) via a cronjob excluding certain
OS filesystems (proc, sysfs). We don't have any network filesystems
mounted on these devices.
To satisfy guidelines for our system we need t
Clamscan found a PE "visor.exe.svn-base" that matched
Win.Trojan.Agent-793284 FOUND.
That said, ran it through virustotal.com with results here
https://goo.gl/flJl6j
I know pasting a shortened URL in a AV mailing list :-)
11 of 56 scanners detect a signature, however the file in question is on a
Thanks much.
On Thu, Feb 9, 2017 at 8:55 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Thu, February 9, 2017 1:12 pm, Brad Scalio wrote:
> > Clamscan found a PE "visor.exe.svn-base" that matched
> > Win.Trojan.Agent-793284 FOUND.
> >
&
84 matches the
main.mdb but another Win.Trojan.Ramnit-6152 matches the daily.mdb so other
than telling me that a daily match might be a more recent signature, any
other information you can glean from that distinction?
Thanks,
Brad
On Thu, Feb 9, 2017 at 1:20 PM, G.W. Haywood
wrote:
> Hi ther
I thought there was a cmdline argument to on-demand clamscan to exec a
script after finishing. Am I imagining things or does this exist and if so
anyone know the flag & syntax?
Thx!
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://list
Greetings,
Is there a way to copy to quarantine directory if and only if the file to
be copied and identified as a match against the VSD does not exist in the
quarantine directory already either matching a hash or name or size?
Hit a case where a few false positives, copied to quarantine, were
fo
Indeed, that's the path of least resistance and still technically
acceptable from all perspectives.
Many thanks!
On Mar 10, 2017 12:15, "G.W. Haywood" wrote:
> Hi there,
>
> On Fri, 10 Mar 2017, Brad Scalio wrote:
>
> Is there a way to copy to quarantine direct
If your Linux systems are on network segments co-hosting windows devices or
sharing files/filesystems, running Clamscan helps prevent having your Linux
clients hosting viruses for your windows machines or meeting
standards/requirements such as SI-3 in NIST 800-53.
We run it on our entry/exit point
25 matches
Mail list logo
