Re: [clamav-users] Possible FP on Doc.Dropper.Agent-6447876-0?

It is possible, using a service we have here: https://talosintelligence.com/sha_searches <https://talosintelligence.com/sha_searches> To look up some additional details about files, if interested. SHA256 required. -- Joel Esler | Talos: Manager | jes...@cisco.com <mailto:jes...@

[clamav-users] test

Feel free to ignore this. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us b

[clamav-users] ClamAV® blog: ClamAV 0.99.4 has been released!

. Thank you to the following ClamAV community members for your code submissions and bug reports! Alberto Garcia Bernhard Vogel Francisco Oca Hanno Böck Jeffrey Yasskin Keith Jones mtowalski Suleman Ali yongji.oy xrym Stay tuned for the upcoming 0.100.0 release candidate! -- Joel Esler

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.4 has been released!

Understood. Sent from my iPhone > On Mar 2, 2018, at 03:28, lukn wrote: > >> On 02.03.2018 09:21, Al Varnell wrote: >> They just need to update DNS with updated version when they come in. Not a >> big deal. It only results in display of the warning. Should not impact >> operations in any w

Re: [clamav-users] Blank Signature Updates

Thank you Al. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 4, 2018, at 12:51 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Seems to be working again with 24361 this evening. -Al- On Sat, Mar 03, 2018 at 02:21 AM, Al Varnell wrote: All

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.4 has been released!

Can you show us the warning you are receiving? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 7, 2018, at 12:05 PM, Brian Fluet-Denver Equip of Chlt mailto:d...@dec-clt.com>> wrote: I just subscribed to the list in the hopes of understandi

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.4 has been released!

Which is perfectly fine. The mailing lists are the correct place for people to ask for help. Should people read the archives? Yes. Should people read FAQs? Yes. But largely, they won't. So we need to help our community. -- Joel Esler | Talos: Manager | jes...@cisco.com<ma

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.4 has been released!

s and suggestions unless this is a warm and welcoming community. That's what it needs to be. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 8, 2018, at 4:08 AM, Tilman Schmidt mailto:tschm...@cardtech.de>> wrote: What definitely isn't f

Re: [clamav-users] ClamAV? blog: ClamAV 0.99.4 has been released!

Okay, let's call an end to this thread, I'll handle it differently. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 8, 2018, at 1:15 PM, G.W. Haywood mailto:cla...@jubileegroup.co.uk>> wrote: Hi Joel, On Thu, 8 Mar 2018, Joel Esler

Re: [clamav-users] Signatures once again 2 days old

We have a new cvd building now. We do have an alert system, but the alert system, for some reason didn’t email us the alert. We’re looking into that. Sent from my iPhone > On Mar 18, 2018, at 12:07, Andy Schmidt wrote: > > This has become a regular occurrence - but since no one else has me

[clamav-users] ClamAV® blog: ClamAV 0.100.0-rc has been posted!

http://blog.clamav.net/2018/03/clamav-01000-rc-has-been-posted.html ClamAV 0.100.0-rc has been posted! ClamAV 0.100.0 is a feature release (candidate) which includes many code submissions from the ClamAV community. As always, it can be downloaded from our downloads site on clamav.net

Re: [clamav-users] Errors connecting to mirrors

Please file errors here: https://bugzilla.clamav.net/enter_bug.cgi?product=Mirror%20Issues With Mirrors? Thanks. -- Joel Esler Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com On Mar 23, 2018, at 1:41 PM, G.W. Haywood mailto:cla

Re: [clamav-users] Errors connecting to mirrors

Inline’ Sent from my iPad > On Mar 28, 2018, at 5:34 PM, Alex wrote: > > Is there a known current problem? Not that I am aware of. Please file a mirror error ticket at bugzilla.clamav.net and I’ll get someone to investigate it? > Is there a site where we can go to > check mirror status? Not

Re: [clamav-users] [clamav-virusdb] Signatures Published daily - 24446

It was replaced with better detection. On Apr 3, 2018, at 8:26 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: * Osx.Malware.Agent-6453877-0 Not sure why you would drop this as it's clearly part of the OSX.Coldroot RAT VT:

[clamav-users] ClamAV® blog: ClamAV Mirror improvements

ty of downloads. You may see mirrors fall out of rotation, and new ones inserted. This is intentional. If there are any questions, or issues, please address them on the ClamAV-Mirrors list. Thank you for your patience. -- Joel Esler Manager Open Source, Design, Web, and Education Talos Group

[clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html ClamAV 0.100.0 has been released! Join us as we welcome ClamAV 0.100.0 to the family officially. You can grab it, as always, from the downloads page on ClamAV.net. ClamAV 0.100.0 is a featur

Re: [clamav-users] Malwarepatrol false positives

That shouldn’t be part of the official ruleset. Sent from my iPhone > On Apr 28, 2018, at 17:32, Alex wrote: > > Hi, > > So I decided to check which MBL hits there were today, and it seems > they're now blocking https://bit.ly > > $ sigtool --find-sigs MBL_6913896 |sigtool --decode-sigs > V

Re: [clamav-users] clamsubmit error

I like this idea. > On May 5, 2018, at 8:30 AM, Benny Pedersen wrote: > > Arnaud Jacques skrev den 2018-05-05 07:38: > >> I did : >> clamsubmit -e webmas...@securiteinfo.com -N Arnaud Jacques -n myfile > > space is new arg ? > > clamsubmit -e webmas...@securiteinfo.com -N "Arnaud Jacques" -n

Re: [clamav-users] clamsubmit error

for I in `ls -l /tmp/files/malicious` do clamsubmit $I; done > On May 5, 2018, at 8:30 AM, Benny Pedersen wrote: > > Arnaud Jacques skrev den 2018-05-05 07:38: > >> I did : >> clamsubmit -e webmas...@securiteinfo.com -N Arnaud Jacques -n myfile > > space is new arg ? > > clamsubmit -e webmas.

Re: [clamav-users] clamsubmit error

Are you using a current version of clamsubmit? > On May 5, 2018, at 3:21 PM, Walter H. wrote: > > On 05.05.2018 07:38, Arnaud Jacques wrote: >> Hello, >> >> Wanted to send some files to ClamAV using clamsubmit, got this error : >> >> invalid cfduid and/or session id values provided by clamav.n

Re: [clamav-users] clamsubmit error

Files that come in via the website, for the most part, are processed automatically. There is a lot of automation going on with web submissions. > On May 5, 2018, at 4:29 PM, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2018-05-05 19:56: >> for I in `ls -l /tmp/file

Re: [clamav-users] fp Img.Malware.Agent-6499558-0

Dear Benny, You should submit a false positive report. The false positive submission form can be found here: http://www.clamav.net/lang/en/sendvirus/submit-fp/ Sent from my iPhone > On May 6, 2018, at 20:55, Benny Pedersen wrote: > > https://www.virustotal.com/file/074fe51b41596a05f5c04ba14c

Re: [clamav-users] fp Img.Malware.Agent-6499558-0

Whoops, that’s an old link https://www.clamav.net/reports/fp Sent from my iPhone On May 6, 2018, at 21:24, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Dear Benny, You should submit a false positive report. The false positive submission form can be found here: http://www.clam

Re: [clamav-users] Is it legal to use ClamAV on a Windows Server in a SMB environment?

ClamAV's license is GPLv2. I don't see why it wouldn't be legal to do so. On May 9, 2018, at 2:11 PM, Allen Morrow mailto:allen.mor...@withrossgroup.com>> wrote: Is it legal to use ClamAV on a Windows Server in a SMB environment? [cid:image001.jpg@01D327DB.1656BA60] ALLEN MORROW 405.264.2264

Re: [clamav-users] clamsubmit error

On May 9, 2018, at 3:43 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Micah Snyder (micasnyd) skrev den 2018-05-09 19:39: The web interface, however, can do both http and https. if users can do 2 things, most will do incorrect way turning off ssl is not a good option to any problem We wil

Re: [clamav-users] clamsubmit error

Arnaud, Is that you sending us all those submissions?! Fantastic amount! > On May 9, 2018, at 10:07 AM, Arnaud Jacques > wrote: > > Hello, > >> clamsubmit with ClamAV 0.100.0 should work fine. I am surprised to see that >> error. We fixed code in the near vicinity to that error statement

Re: [clamav-users] how long i will get up-to-date AV signatures for version 0.99.2

0.99.2 is still supported, and will remain supported officially until we ship 0.101.0, according to our EOL guidelines. But I will also tell you that we keep testing older versions for awhile, right up until they break. I think we test as far back as 0.97ish, I'd have to check to be sure. >

Re: [clamav-users] Test Message

ilto:clamav-users-boun...@lists.clamav.net>> on behalf of "Joel Esler (jesler) via clamav-users" mailto:clamav-users@lists.clamav.net>> Reply-To: ClamAV users ML mailto:clamav-users@lists.clamav.net>> Date: Friday, May 18, 2018 at 3:01 PM To: ClamAV users ML mailt

Re: [clamav-users] Test Message

A J1M 1Z7 > > > >"What's going on around here?" - RS > >Having a technology issue? > >Visit https://octopus.ubishops.ca to place a ticket directly > into our ITS work order system. This is the best way to get your

Re: [clamav-users] Attachments

This should be fixed. On May 15, 2018, at 8:13 AM, Groach via clamav-users mailto:clamav-users@lists.clamav.net>> wrote: From: Groach mailto:groachmail-stopspammin...@yahoo.com>> Subject: Re: [clamav-users] Attachments Date: May 15, 2018 at 8:13:53 AM EDT To: ClamAV users ML mailto:clamav-us

Re: [clamav-users] Mirrors not responding?

Try removing your mirrors.dat. Sent from my iPhone > On May 19, 2018, at 05:45, Brian Morrison wrote: > > On Fri, 18 May 2018 15:18:06 +0000 > "Joel Esler (jesler)" wrote: > >> db.gb was overlooked in the move of db.uk<http://db.uk> to our CDN >>

[clamav-users] Db.cn was moved to CDN last night, and more CDN stuff

We are letting the traffic settle back down after the transfer of dB.cn. What we have discovered are there a ton of ClamAV installations that have not been able to update in a long time or are pointed at a dead mirror in the zone. When we transfer a zone to Cloudflare, (our CDN provider, p

Re: [clamav-users] DNS entry of db.jp.clamav.net disappeared?

Sorry for my lack of response. We went to fix it, and I didn’t acknowledge your email. Sent from my iPhone > On May 20, 2018, at 03:06, Yasuhiro KIMURA wrote: > > From: Al Varnell > Subject: Re: [clamav-users] DNS entry of db.jp.clamav.net disappeared? > Date: Sat, 19 May 2018 03:15:09 -07

Re: [clamav-users] Mirrors not responding?

What zone? Sent from my iPhone > On May 20, 2018, at 08:34, Brian Morrison wrote: > > On Sat, 19 May 2018 12:23:29 +0000 > "Joel Esler (jesler)" wrote: > >> Try removing your mirrors.dat. > > Fixed itself overnight before I did that, but thanks for th

Re: [clamav-users] Mirrors not responding?

Oh sorry, dB.gb. Very interesting. Thank you for the follow up Sent from my iPhone > On May 20, 2018, at 11:06, Joel Esler (jesler) wrote: > > What zone? > > Sent from my iPhone > >> On May 20, 2018, at 08:34, Brian Morrison wrote: >> >> On Sat, 19 Ma

Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions

Plus the diff files, if you are using freshclam. We much prefer that you download using freshclam, so that diff Cvds are available. Saves on bandwidth. Sent from my iPhone On Jun 19, 2018, at 07:45, SCOTT PACKARD wrote: >> Is there a way that I can copy the files from another server inte

Re: [clamav-users] clamav list spf problem

> On Jun 21, 2018, at 3:54 AM, Tilman Schmidt wrote: > >> Am 20.06.2018 um 19:14 schrieb Andrew McGlashan: >> >> This is an opportunity to fix things, such an opportunity should not >> lost, especially if it helps more people to understand the problems with >> having too liberal SPF rules (defe

Re: [clamav-users] VirusDB Updates Broken?

Al, Thanks. We are aware. Looking into it. Sent from my iPhone > On Jun 24, 2018, at 23:12, Al Varnell wrote: > > Yes, but all but one was empty. > > Sent from my iPad > > -Al- > >> On Jun 24, 2018, at 19:42, Paul Kosinski wrote: >> >> I've gotten several daily.cvd updates in that per

Re: [clamav-users] VirusDB Updates Broken?

ided. >> >> On Tue, Jun 26, 2018, at 06:41, Robin Bourne wrote: >>> Joel, >>> >>> I'm now getting "WARNING: Mirror 104.16.188.138 is not >>> synchronized." when using the CDN. Could it be related to the >>> changes ma

[clamav-users] Mirror Load + ClamAV Updates

seeking feedback about the stability of this, or if any updates are failing. (I have seen the thread that is currently on-going). If you having problems downloading from the ClamAV mirror infrastructure, please delete your mirrors.dat file and start over. -- Joel Esler Sr. Manager Open Source

Re: [clamav-users] VirusDB Updates Broken?

allegedly "not synchronized". > > The result of all this confusion is that the last time I got a > daily.cvd via freshclam was before CloudFlare: > > Monday 25 June 2018 at 09:06:26 > Database updated (6556585 signatures) from db.us.clamav.net (IP: > 200.236.31.1)

Re: [clamav-users] VirusDB Updates Broken?

26, 2018 at 05:40 PM, Joel Esler (jesler) wrote: I just purged db.us<http://db.us/>’s cache. Can you try? Sent from my iPhone On Jun 26, 2018, at 20:24, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Joel, Sorry to have been somewhat cryptic: I assumed the context of the

Re: [clamav-users] VirusDB Updates Broken?

Okay, that should be fixed. Sent from my iPhone > On Jun 27, 2018, at 04:46, Steve Basford > wrote: > > >> On Wed, June 27, 2018 2:42 am, Joel Esler (jesler) wrote: >> Db.us<http://Db.us> should be good on both now. >> > >> Worked perfectly

Re: [clamav-users] VirusDB Updates Broken?

Just fixed it. Sent from my iPhone > On Jun 27, 2018, at 04:54, Michael Da Cova wrote: > > same here getting errors with the gb sites > > >> On 27/06/18 09:45, Steve Basford wrote: >>> On Wed, June 27, 2018 2:42 am, Joel Esler (jesler) wrote: >>> Db.

Re: [clamav-users] VirusDB Updates Broken?

iPhone > On Jun 27, 2018, at 06:40, Steve Basford > wrote: > > >> On Wed, June 27, 2018 11:32 am, Joel Esler (jesler) wrote: >> Just fixed it. >> >> > Thanks Joel... all working now... > > main.cld is up to date (version: 58, sigs: 4566249, f-l

[clamav-users] Tweet by ClamAV - Cloudflare

I generally wouldn’t copy a Tweet over to the mailing list, but I though you all might like to see this. — Joel ClamAV (‪@clamav‬) 6/27/18, 10:13 Improvements since we've moved the update infrastructure to ‪@Cl

Re: [clamav-users] Tweet by ClamAV - Cloudflare

uldn't they have had really good service to begin with? On Wed, 27 Jun 2018 14:25:47 + "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: I generally wouldn’t copy a Tweet over to the mailing list, but I though you all might like to see this. — Joel ClamAV (‪@clamav‬

Re: [clamav-users] Tweet by ClamAV - Cloudflare

ipt disabled (my default way > of browsing). > > > On Wed, 27 Jun 2018 15:02:25 + > "Joel Esler (jesler)" wrote: > >> It's a little deceiving at that scale, the dark green dot in that >> area is actually San Diego. >> >> [cid:F8F422B

Re: [clamav-users] Mirror Load + ClamAV Updates

Following up to this email from yesterday. We've been adjusting over the past 24 hours for different zones throughout the world. Any feedback? -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com On Jun 26, 2018, at 5:17 PM,

Re: [clamav-users] OT: DMARC

Mailman is used, and Mailman will break dkim if not properly configured in DNS. We are working with our operations team to create and correct the DNS entries needed. Sent from my iPad > On Jun 28, 2018, at 12:40 PM, Benny Pedersen wrote: > > > > On 28. jun. 2018 18.11.18 Dianne Skoll wrot

Re: [clamav-users] OT: DMARC

es, if you would be able to fix that > with *your* DNS records DKIM would be useless at all > > Am 28.06.2018 um 18:49 schrieb Joel Esler (jesler): >> Mailman is used, and Mailman will break dkim if not properly configured in >> DNS. We are working with our operations t

Re: [clamav-users] Mirror Load + ClamAV Updates

n I just leave it. Adolf Belka Sent from my Desktop Computer On 27/06/18 23:57, Joel Esler (jesler) wrote: Following up to this email from yesterday. We've been adjusting over the past 24 hours for different zones throughout the world. Any feedback? -- Joel Esler Sr. Manager Open Source, D

Re: [clamav-users] VirusDB Updates Broken?

:1::6810:b98a (due to previous errors) > Ignoring mirror 2400:cb00:2048:1::6810:bb8a (due to previous errors) > ERROR: Can't download daily.cvd from database.clamav.net > Giving up on database.clamav.net... > > -Original Message- > From: clamav-users

Re: [clamav-users] Is there any documentation on what signatures mean?

Who needs to add a link to what, and what would you like to see? Sent from my iPhone > On Jun 29, 2018, at 19:11, Nikita Yerenkov-Scott > wrote: > > Is there any chance that they will add a way of people giving a > description of why they think that it is malware? _

Re: [clamav-users] update report

Interesting. Can you give us a -debug? Sent from my iPhone > On Jun 30, 2018, at 20:22, Gene Heskett wrote: > > I'm still logging this about every other freshclam run: > > Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101: > Network is unreachable > Sat Jun 30 18:49:53

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Ping.clamav.net is an identification lookup. Helps us see what versions people are running out there and what version of ClamAV people are using. It’s failure shouldn’t stop the update process. Please give us a debug. Sent from my iPhone > On Jun 30, 2018, at 19:28, Paul Kosinski wrote: >

Re: [clamav-users] update report

Gentlemen, we’ve descended into a “who is better” contest. I suggest we stop. Sent from my iPhone > On Jul 1, 2018, at 10:43, Gary R. Schmidt wrote: > >> On 02/07/2018 00:35, Reindl Harald wrote: >> >>> Am 01.07.2018 um 16:33 schrieb Gary R. Schmidt: >>> On 01/07/2018 22:37, Reindl Harald

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

It may be the TTL I have set on the cache. Let me get to my desk and remove the TTL and flush the cache and have you try again Sent from my iPhone > On Jul 2, 2018, at 00:01, Al Varnell wrote: > > Seems to me that it's only a problem if it takes a significant amount of time > between the DNS

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Okay, I just did this and I flushed the cache on all the largest PoP cache servers. If you are connected to db.us, please test? Sent from my iPhone > On Jul 2, 2018, at 07:59, Joel Esler (jesler) wrote: > > It may be the TTL I have set on the cache. Let me get to my desk and remo

Re: [clamav-users] update report

agree, its a bug. Not a showstopper, but one to be swatted in the next upgrade for us folks out here in the ipv4 only puckerbrush. It's definitely on our radar. Micah may want to comment further. -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I’m not at a large keyboard right now. But with Cloudflare currently acting as our mirror network, none of the current assumptions about how the mirror network works is accurate. We have not changed the donated mirror network, as our discussions with cloudflare are on going. Sent from my

Re: [clamav-users] lost the thread, but my ipv6 noise in the freshclam log has vanished

What does that mean? Sent from my iPhone > On Jul 3, 2018, at 06:39, Gene Heskett wrote: > > > -- > Cheers, Gene Heskett > -- > "There are four boxes to be used in defense of liberty: > soap, ballot, jury, and ammo. Please use in that order." > -Ed Howdershelt (Author) > Genes Web page

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

So, no, those issues will not occur. In fact, it was on, and yes, it was causing problems, which is why it's now off. However, the ~60TB of traffic we are passing on a 24 hour basis tells me that freshclam is working fine. You can't hit the cloudflare IPs directly, which is what that

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

are serving ought to be a good idea. Not my day job though... I made an adjustment yesterday. Are people still seeing this error? -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com ___ clamav-u

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

hat checks 100,000+ times a day), but clearly that's excessive. We publish approx 5-6 times a day. So, let's say you check 50 times a day Clearly, that's enough. -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http:/

Re: [clamav-users] freshclam works for me

ests that hit our server for that file. (Unless I flush the cache or something). -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com ___ clamav-users mailing list clamav-users@list

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

aluating. It's a great system. The problem is maintenance. We spend a tremendous amount of time maintaining and grooming the mirror network (removing dead ones, removing ones that don't work, etc.). It's more than one full time employee (FTE), let's put it that way. -- Joel E

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 2:11 PM, SCOTT PACKARD mailto:scott.pack...@raytheon.com>> wrote: I rely on someone in Arizona to pull definitions from, but sometimes their server goes out, other times clamav's content system breaks, and it's a pain to figure out which one is the culprit. Well, hopefully,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily, which could be a ton. It's the people that are downloading the *same* diff 1000x an hour that are the problem. -- Joel Esler Sr. M

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:46 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler): On Jul 3, 2018, at 3:59 PM, Reindl Harald mailto:h.rei...@thelounge.net> <mailto:h.rei...@thelounge.net>> wrote: voila - all new connecti

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:50 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2018-07-03 22:42: Yes. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

saw a very few timeouts in mid-late March. > >> On Wed, 4 Jul 2018, Joel Esler wrote: >> >> ... It's the people that are downloading the *same* diff 1000x an >> hour that are the problem. > > That sounds like probable cause. I'd drop 'em in the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

eve we've had no problems at all with mirrors since March >> 2018, when I responded to a post on 23rd March by Orion Poplawski, who >> saw a few timeouts. We also saw a very few timeouts in mid-late March. >> >>> On Wed, 4 Jul 2018, Joel Esler wrote: >>> &

Re: [clamav-users] Is ClamAV available on the hypervisor?

ClamAV is not for traffic. Snort is for traffic. (www.snort.org) On Jul 5, 2018, at 12:52 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: "* If the question is about using ClamAV to analyze traffic then no, that is not the function of ClamAV. ClamAV analyzes f

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

ining (and if necessary enforcing) a clear > *protocol* would fully protect the mirrors against overload or abuse. > > > On Wed, 4 Jul 2018 19:12:48 + > "Joel Esler (jesler)" wrote: > >> Okay. Here’s a good conversation. Why? >> >> If the to

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

For the people who have this issue, can you change your mirror to "database.clamav.net<http://database.clamav.net>" and see if this error occurs any more? -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com On Jul 2, 2

[clamav-users] ClamAV 0.100.1 has been released!

ch at Flexera -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us bu

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Thanks for this feedback everyone. This is extremely useful. > On Jul 10, 2018, at 11:26 AM, Paul Kosinski wrote: > > Last night our new method of getting cvd updates showed that it was > *one hour* from the time the DNS TXT record claimed a new cvd was > available to the time when our quick c

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

uld provide statistics on that, especially if expected delays are spelled out in an SLA. On Tue, 10 Jul 2018 22:11:46 + "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: > Thanks for this feedback everyone. This is extremely useful. > > > > On Jul 10, 201

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

[cid:5D12CA40-9AC5-4A67-8169-BAD1535C8B23@vrt.sourcefire.com] On Jul 11, 2018, at 2:46 PM, Kevin A. McGrail mailto:kmcgr...@pccc.com>> wrote: On 7/11/2018 2:33 PM, Joel Esler (jesler) wrote: It is very solid. We are using *all* of their regions. As a result of this, we've been

Re: [clamav-users] Yet another synchronization failure!

Let me look into troubleshooting this. I am working with Cloudflare on this constantly. Sent from my iPhone > On Jul 18, 2018, at 15:38, Paul Kosinski wrote: > > A few days ago, I programmed some pre-tests so as to avoid running > freshclam until *both* the DNS TXT record and the first few by

Re: [clamav-users] Data Base

The database files are the same. Regardless of Os. Sent from my iPhone > On Jul 21, 2018, at 11:25, Paul Thompson wrote: > > I'm using SuSE LEAP 42.3 and it has gotten corrupted. Before reinstalling it > I wanted to try ClamAV. The Linux internet connection is now so poor I have > been una

Re: [clamav-users] Partial downloads of updates

Try the freshclam that is included with version 0.100.1 and see if you still see the error. > On Jul 30, 2018, at 12:14 PM, David Rosenstrauch wrote: > > On 07/30/2018 11:28 AM, David Rosenstrauch wrote: >> I've been having some issues over the last few weeks with freshclam failing >> to down

Re: [clamav-users] Still over 1/3 signature update sync errors

Thanks Paul, this is super useful. > On Jul 31, 2018, at 1:47 PM, Paul Kosinski wrote: > > There are still over 1/3 signature update sync errors with the new > ClamAV mirrors. > > You may remember that I previously added code to our ClamAV update > protocol to verify that the actually available

Re: [clamav-users] Many reports / false positives since a couple of days

I am dropping these signatures now. > On Aug 1, 2018, at 9:57 AM, David Rosenstrauch wrote: > > > > On 07/31/2018 04:53 AM, Albrecht, Peter wrote: >> Hello, >> Since Saturday (2018-07-28) we are seeing many reports from clamscan having >> found (possibly) infected files. I suspect these are fa

Re: [clamav-users] False positive

What is the md5? On Aug 3, 2018, at 2:36 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: An overnight scan has just pulled out a false positive on a program. Its against Winscp (file transfer program) that is a genuine download and been used for years. It's not the first time

Re: [clamav-users] Same file, different signatures detected

Correct. Jar files are essentially zip files. Sent from my iPhone > On Aug 7, 2018, at 07:00, Maarten Broekman wrote: > > JAR files can be unpacked like tarballs so it is likely that there is a > common file in each that matches those hashes. > > Maarten > Sent from a tiny keyboard > >> On

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

I actually just made an adjustment today to see if that will resolve the issues. Please keep these coming?! Sent from my iPad > On Aug 11, 2018, at 2:10 PM, Paul Kosinski wrote: > > Here is the latest report for ClamAV virus update mirror delays since > the end of July. DNS TXT vs actual file

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

Paul, how are things looking from your side? -- Joel Esler Sr. Manager Community, Branding, and Open Source Talos Group http://www.talosintelligence.com On Aug 11, 2018, at 6:12 PM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: I actually just made an adjustment today to see i

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

-15 22:03:01 No delay > 2018-08-16 05:03:02 No delay > 2018-08-16 14:03:02 01:00:01 delay > 2018-08-16 21:18:01 00:14:59 delay > 2018-08-17 06:03:01 No delay > 2018-08-17 13:33:02 00:30:01 delay > 2018-08-17 21:03:02 No delay > > > On Thu, 16 Aug 2018

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

elf to deal with > this problem in a similar fashion. But I didn't want to fork a fairly > complicated program which mainly does stuff that has nothing to do with > this particular problem. > > > > On Mon, 20 Aug 2018 15:43:14 + > "Joel Esler (jesler)" wro

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

On Aug 21, 2018, at 12:32 PM, G.W. Haywood mailto:cla...@jubileegroup.co.uk>> wrote: Hi there, On Tue, 21 Aug 2018, Joel Esler wrote: The amount of people using ClamAV version 0.90 and below is surprising as well. That's not really surprising to me. Most of them probably don&

Re: [clamav-users] ERROR 403: Forbidden

You’re going to have to send me the IP that is getting blocked so I can look into why. Sent from my iPhone On Aug 28, 2018, at 09:03, Maarten Broekman mailto:maarten.broek...@gmail.com>> wrote: Yeah. One thing that might help is getting the full output of the error. Using the following will d

Re: [clamav-users] ERROR 403: Forbidden

Try now? On Aug 28, 2018, at 9:31 AM, Jon Roberts mailto:j...@racksrv.net>> wrote: Hi Joel, The seemingly blocked IP is 213.5.176.169 Regards, Jon From: clamav-users mailto:clamav-users-boun...@lists.clamav.net>> on behalf of Joel Esler (jesler

Re: [clamav-users] secure download of .cvd files ?

You should be able to do it it now. However, freshclam doesn’t support ssl. When we get ssl built into freshclam, https redirection would be available. But I couldn’t do it before with the mirrors the way they were. We can now. Sent from my iPhone > On Aug 31, 2018, at 07:07, Arnaud Jac

Re: [clamav-users] secure download of .cvd files ?

Agreed. But it wasn’t something we could support. Now we can. It that it matters, but at least we can now. Sent from my iPhone > On Aug 31, 2018, at 07:16, Al Varnell wrote: > > And the answer is the same as it was then. There is nothing to be gained by > supporting https. There is noth

Re: [clamav-users] updates

We are going to need more information than that Sent from my iPhone > On Sep 12, 2018, at 06:58, Michael Da Cova wrote: > > Hi > > is anyone else getting sync errors > > Michael > > > >> On 07/09/18 10:11, Michael Da Cova wrote: >> Hi >> >> I still get "WARNING: Mirror 104.16.187.138 is

Re: [clamav-users] updates

Paul, Can you give me some more information on how you do this? How often is the check ran, etc. I am working with cloudflare on the issue now. On Sep 7, 2018, at 2:25 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Here is our recent CVD delay report showing how long the actual dai

Re: [clamav-users] updates

27;report-delays' logs the delays (or non- delays) found. > > We keep various recent versions of ClamAV in /opt/clamav.d, both for > testing, and in case we have to backtrack. Thus, /opt/clamav is a > symlink to the current version, as in: > > /opt/clamav -> /opt/clamav.

Re: [clamav-users] updates

shclam' is run >>> by cron under userid clamav (same as clamd) every so often >>> (currently every 15 mins) to determine if there are any relevant > > -- > > On Wed, 12 Sep 2018 20:59:45 + > "Joel Esler (jesler)" wrote: > >>

<    2   3   4   5   6   7   8   9   10   11   >