You might fix this with a quick
sudo ldconfig
( and some distros require that you explicitly include /usr/local/lib in
your /etc/ld.so.conf - or /etc/ld.so.cond.d/.conf )
just to update the system catalogs...
hth,
Steve
On Thu, 2009-07-09 at 18:14 -0400, Tom Shaw wrote:
> I searched
at the spam itself arrives at
a larger audience without and extra effort on the spammers part at all.
Which is a bad thing (:
Cheers,
Steve
--
Steve Holdoway
http://www.greengecko.co.nz
MSN: st...@greengecko.co.nz
GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0
signature.asc
D
onds.
but it's no longer running. This is exactly the same log I get from a
successful 0.95.2 start.
I've reverted to 0.95.2 - both build with
./configure --enable-milter --disable-clamuko
and is all running fine again. Can anyone suggest where to start with
sorting this one out?? Any co
r used mod_clamav, but it'll be
checking the content that you serve. Is that OK?
Personally, I protect my web *clients* by using squid proxy, integrating
it via havp to a clamd server.
Which - to me - is much more useful.
Steve
--
Steve Holdoway
http://www.greengecko.co.nz
MSN: st..
are plenty of tools ( cacti, munin for example ) built on top of that.
Tobi should be knighted IMO.
Steve
--
Steve
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
amav using the squidclamav
product. Works well for me (:
( I use squidGuard as well so I can blacklist specific sites/classes of sites )
hth,
Steve
--
Steve
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
HTML support enabled.
Sun Feb 15 09:05:29 2009 -> Self checking every 600 seconds.
Sun Feb 15 09:05:29 2009 -> Listening daemon: PID: 11494
Do you want any other info???
Steve
--
Steve
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
On Sat, 14 Feb 2009 23:21:16 +0100
aCaB wrote:
> Steve wrote:
> > Unfortunately, no change.
>
> That's likely because you didn't update the svn checkout or recompiled,
> or reinstalled, or restarted the daemons.
> ___
On Sat, 14 Feb 2009 16:50:44 -0800
Dennis Peterson wrote:
> Steve wrote:
> > On Sat, 14 Feb 2009 23:21:16 +0100
> > aCaB wrote:
> >
> >> Steve wrote:
> >>> Unfortunately, no change.
> >> That's likely because you didn't update the
On Sat, 14 Feb 2009 20:57:52 -0800
Dennis Peterson wrote:
> Steve wrote:
> > On Sat, 14 Feb 2009 16:50:44 -0800
> > Dennis Peterson wrote:
> >
> >> Steve wrote:
> >>> On Sat, 14 Feb 2009 23:21:16 +0100
> >>> aCaB wrote:
> >>>
&
On Sun, 15 Feb 2009 10:30:22 +0200
Török Edwin wrote:
> On 2009-02-15 07:15, Steve wrote:
> > My main frustration is that the only way I can get more information from
> > the applications is to rewrite the
> > code itself... at least it's written in a real language (
On Sun, 15 Feb 2009 19:29:09 +0100
aCaB wrote:
> Steve wrote:
> > send test message to myself, and the mail log shows
>
> Hi Steve,
>
> please try r4793, it should be fixed.
> If not please open a proper bug report on the bugzi
.. so far.
Hope it helps,
Steve
Ps. A big thanks to all the ClamAV team for all their efforts!
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who
own risk, etc.
etc. if anyone things this is wrong... yell ;)
If you're at all worried, just wait for the new version...
Good luck...
Steve
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Quoting Tomasz Kojm <[EMAIL PROTECTED]>:
> > Exploit.IFRAME.foo:*:494652414d453d??{256-}
>
> Bad format.
Does this one seem okay?
note1: ndb database format: use with v0.80
note2: matches http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
ld be to modify clamd.conf setting:
ArchiveBlockEncrypted yes: blocks zips/exes ONLY
PDFBlockEncrypted yes: blocks PDFs ONLY **new option**
clamscan --block-encrypted=yes should be zip/exes ONLY and
a new option --block-encrypted-pdf=no should be added
Cheers,
Ste
blacklisting format (bb#1625)
* libclamav: allow arbitrary names for .ign/.ign2 files (bb#1683)
So, you'd need to upgrade ClamAV for the .ign2 format to work.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://gi
27;t work add ".UNOFFICIAL" at the end of the signature name.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
quot;Sanesecurity.Malware.22454.ZipHeur" works
"Sanesecurity.Malware.22454.ZipHeur " fails
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
e-up, the issue was a bit confusing ;)
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
36 was whitelisted/removed early this
morning, so update crdfam.clamav.hdb if you still have issues.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
the list of default databases in the config file.
Download available here:
http://sourceforge.net/projects/unofficial-sigs/
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
Looks like 0.98.1 is out...
Change log:
https://raw.github.com/vrtadmin/clamav-devel/0.98.1/ChangeLog
Sources:
http://www.clamav.net/lang/en/download/sources/
Windows binaries (.msi format):
http://sourceforge.net/projects/clamav/files/clamav/0.98.1/
Cheers,
Steve
Sanesecurity
--database=testdb.hdb
eicar.com.xz: eicar.com.UNOFFICIAL FOUND
test 2
clamscan eicar.com.xz --database=main.ndb
eicar.com.xz: OK
test 3
grep -i "EICAR" main.ndb > test.ndb
clamscan eicar.com.xz --database=test.ndb
eicar.com.xz: Eicar-Test-Signature.UNOF
> Thanks Steve for this reply; this is helpful.
>
Hi Bill,
Sorted I think.
Someone @ ClamAV needs to add this to daily.ftm filetypes...
0:0:FD377A585A00:XZ container file:CL_TYPE_ANY:CL_TYPE_XZ:75
It's in the source defaults (filetypes_int.h) but when daily.cvd gets
loaded,
4:482B0004:HFS+ partition:CL_TYPE_PART_ANY:CL_TYPE_PART_HFSPLUS:75
4:1024:48580005:HFSX partition:CL_TYPE_PART_ANY:CL_TYPE_PART_HFSPLUS:75
0:0:FD377A585A00:XZ container file:CL_TYPE_ANY:CL_TYPE_XZ:75
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
http
>
>>
>> Someone @ ClamAV needs to add this to daily.ftm filetypes...
Just to close this... daily.ftm has now been updated, so XZ files
should now be scanned correctly.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive Clam
tils/
Malware MD5: 8b1f0996435099ba28dee7eefda05bdf
Malware SHA1: fb1bd423c047fb459c3bf8eea389abae38e409fb
To report false positives or list problems: fp (_a_t_) malwarepatrol.net
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive Cl
intf MBL_400944 > local_ignore.ign2
copy local_ignore.ign2 to db directory
restart clamd
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
7;t any malware in gadget_multi.txt on their website
b) there's isn't any malware in the gadget_multi.txt's on your system
c) It's a false positive and should be report to MBL as such
d) Where's my coffee ;)
Cheers,
Steve
Sanesecurity.com
__
th the following error-message:
Hi,
The above signature is just an md5 hash of a file, that's 43,180 long...
ie: VirusTotal info (DHL report DOT zip)
https://www.virustotal.com/en/file/4616d4fced326d3b638598bc516f80b9fefb23ad97394aa529797800c509e92c/analysis/
Sorry I can'
>> c) It's a false positive and should be report to MBL as such
>
> And their contact address is?
>
To report false positives or list problems: fp (_a_t_) malwarepatrol.net
Cheers,
Steve
Sanesecurity
___
Help us build a compre
eport.html
fwiw, I use Nirsoft tools now and again and they have been very useful, they
can, like most PUA's be misused and AV's misreported.. but that's another
story.
Anyway, enough list noise.
Cheers,
Steve
Sanesecurity
___
Help us
>
> Which is the best solution/way to block all EXE/executable files?
You could use these...
http://sanesecurity.com/foxhole-databases/
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/
clam/?src=api
There is an option to contact the author for support/suggestions...
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
scan --database=sanestopexe.ndb --database=sanewhitelist.fp *.exe
In order words:
Sanesecurity.POC.EXEBLOCK will detect ALL EXE's unless it's in the
sanewhitelist.fp database.
Just a POC ;)
Cheers,
Steve
Sanesecurity
___
Help us build a comprehe
> Hello Steve,
>
>
> In this way I can stop EXE/Executable into ZIP/Archive file and as
> attachment (without change any other settings into mailserver config)
Shouldn't be an issue.
Cheers,
Steve
Sanesecurity
___
Help us b
In case this is useful for system scanning for TheMask aka Careto...
Original Message
Subject: [sanesecurity] new database: malwarehash.hsb
From:"Steve Basford"
Date:Mon, February 17, 2014 4:00 pm
To: sanesecu
> OpenSSL will be required to both compile and run ClamAV.
Out of interest what Cipher:
http://zombe.es/post/4078724716/openssl-cipher-selection
http://security.stackexchange.com/questions/35036/different-performance-of-openssl-speed-on-the-same-hardware-with-aes-256-evp-an
Cheers,
St
g the message text directly next
to the link?!)
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant messager: xmpp:st...@opendium.com
Email:st...@opendium.com
Phone:sip:st...@opendium.com
Sales / enqu
infected*.
I think a "h t t p" non-clickable link might have been wise though,
just in case someone hasn't had their coffee yet and clicks it...yes,
I know... but it does happen ;)
Cheers,
Steve
Sanesecurity.com
___
Help us bu
ctual malware - have I got something wrong in my configuration, or is
Clam's detection engine and signature database *really* unable to detect
all this malware?
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant message
On 03.03.14 13:49, Steve Basford wrote:
I think a "h t t p" non-clickable link might have been wise though,
just in case someone hasn't had their coffee yet and clicks it...yes,
I know... but it does happen ;)
My apologies - I will keep this in mind in future.
--
- Steve Hi
cal use of the git repository.
Hi Frans,
+1
Must admit I miss seeing the changelog being updated quite a bit
before the actual release comes into play, plus it gives a bit of a road-map.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive C
On Wed, May 7, 2014 8:52 pm, Joel Esler (jesler) wrote:
>
> ClamAV 0.98.3 has been released, and is available here:
Win32/64 released here... with... drumroll... Zips *and* MSI versions..
thanks guys! :)
http://sourceforge.net/projects/clamav/files/clamav/win32/0.98.3/
Cheers,
y 08 16:30:18 2014 -> Received POLLIN|POLLHUP on fd 1148
Thu May 08 16:30:18 2014 -> Got new connection, FD 1384
Thu May 08 16:30:18 2014 -> SelfCheck: Database modification detected.
Forcing reload.
:(
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
On Thu, May 8, 2014 5:46 pm, Shawn Webb wrote:
> Hey Steve
>
> Could you send me over a copy of your clamd.conf, please?
>
>
> Thanks,
>
>
> Shawn
Here you go...
http://pastebin.com/EzRLk9iW
Cheers,
Steve
Sanesecurity
> Hey Steve,
> Could you send me over a copy of your clamd.conf, please?
Hi Shawn,
I can reproduce...
Installed a clamav without 3rd party stuff, fresh onto a test XP box I had
not doing anything
run freshclam
run clamd
run clamdscan to prove its all working
1) clamdscan --reload to f
ses/
Just in case it helps..
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
r log?
If you do, does a clamdscan on the email cause a crash?
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
; I haven't hit it if I remove phish.ndb).
Hi Stuart,
If you can email me off-list with the sig name, sample email etc. I'll
take a peek
samples AT sanesecurity DOT me DOT uk
steveb _ clamav AT sanesecurity DOT com
Cheers,
Steve
Sanesecurity
__
o your clamav database directory
restart clamd
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
ou've got to check your download
scripts and remove them.
Alternatively,
printf "MBL_343814" > localwhitelist.ign2
place localwhitelist.ign2 into your clamav database directory
restart clamd.
For future reference, here's the current FP report addresses:
http://sanesec
ownload scripts are here, if needed and want to update things
again...
http://sanesecurity.co.uk/usage/linux-scripts/
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
> - Crashes of clamd on Windows and Mac OS X platforms when reloading
> the virus signature database.
Just testing at the moment - reload issue seems to have gone and
so far so good... great work guys!
Cheers,
Steve
Sanesecurity
___
Help us
s Trojan.Zip.Arch-Bomb.yngkq 20140520
TrendMicro TROJ_ZIPBOMB.B 20140520
TrendMicro-HouseCallTROJ_ZIPBOMB.B 20140520
VBA32 suspected of ZIP.MailBomb 20140519
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
body.
>
Something like this...
Spam.Subject.001:4:*:5375626A6563743A{-50}4D617373205370616D205375626A656374
Which will match...
Subject: (any 50 chars)Mass Spam Subject
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guid
up to date (version: 19037, sigs: 970172, f-level: 63,
builder: neo
db updates...
http://lurker.clamav.net/list/clamav-virusdb.html
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-fa
looks correct.. there haven't been updates generated/published since
Friday.
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
.
free [coffee|beer|water] all round...
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
testdb.cud
ERROR: Malformed database
Has anyone who has got this working, do a quick how-to?
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
date (version: 241, sigs: 46, f-level: 63, builder:
dgodda
rd)
I'm wondering if it's the : that's throwing it?
I get wget from blahblahblah.com:/test.cud ok...
If anyone can confirm, it's a port thing... I'll raise a bugzilla
Cheers,
Steve
Sanesecurity
__
>
> As it stands right now, freshclam does not support custom ports. However,
> we can add that functionality for a future release.
Thanks for the quick reply. I'll add a bugzila...
Cheers,
Steve
Sanesecurity
___
Help us build a
testdb.cud
ERROR: Malformed database
Has anyone who has got this working do a quick how-to?
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
version: 241, sigs: 46, f-level: 63, builder:
dgodda
rd)
I'm wondering if it's the : that's throwing it?
If anyone can confirm, I'll raise a bugzilla
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide
ved a
> response, and 24hrs later it's still not being tagged. I was hoping
> someone could help me identify it and determine the risk.
Hi Alex,
Just seen the sample posted and it's an interesting one.
Detection added, in both rogue.hdb and also mainly, phish.ndb.
Should b
/vzt.rkr
\UJVCTZDKMBU.fpe
Which isn't looking good...
2. Quick check...
https://malwr.com/analysis/MWZmZjk5OTZmNDk1NGZkYzk3YTVmODcxNDE0ZDU5OGY/
So, looks like there might be some user input needed to actually run it,
but best it's blocked a
ed it Win32/Kryptik.CFAE)
> but ClamAV did not detect it.
Hi Walter,
This was added to phish.ndb:
Sanesecurity.Malware.23787.ZipHeur
Added: 23 Jun 2014 09:32:40 UT
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
mAV and it's engine to play
with in the first place.
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
iles/clamav/win32/0.98.4/
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
Native 0.98.4-rc1:
https://github.com/clamwin/clamav-win32
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
clamd.conf the default is No... so if DLP isn't needed,
turn if off.. just to be sure
# Enable the DLP module
# Default: No
StructuredDataDetection No
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtad
On Tue, July 8, 2014 3:41 pm, a...@alb.de wrote:
> alex:~$ dd if=mp3file.mp3 count=1 | sigtool --hex-dump
> alex:~$ clamscan mp3file.exe
Hi Alex,
In the daily.ftm file, mp3 filetypes are ignored.
0:0:494433:MP3:CL_TYPE_ANY:CL_TYPE_IGNORED
Cheers,
Steve
Sanese
ion: attachment;
filename="test.mp3"
SUQzAw
==
.. but depends on what you are trying to do...
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http
Just a thought.. Will ClamAV use LibreSSL too, as it's supposed to be drop in
On 9 July 2014 20:14:01 GMT+01:00, "Joel Esler (jesler)"
wrote:
>Compiling OpenSSL For Windows
>
>
>In order to support more advanced features planned in future releases,
>ClamAV has switched to using OpenSSL for hashi
0% of my
> CPU ! I would rather think of an antivirus as a silent,
> background, quiet process. I tried "nice" and "renice" but clamscan
Hi Bernard,
Have you tried using clamdscan, instead of clamscan ?
Cheers,
Steve
Sanesecurity
type recognition. ZIP files larger
# than this value will skip the step to potentially reanalyze as PE.
# Note: disabling this limit or setting it too high may result in severe
damage
# to the system.
# Default: 1M
#MaxZipTypeRcg 1M
Does the file scan ok with clamscan and/or clamdscan...
Cheer
are merely things which are installed alongside other
applications (typically freeware and shareware applications) which you
most likely do not want installing as well.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
https:
On Wed, September 3, 2014 12:38 pm, Gene Heskett wrote:
>
> So as its been yonks since I setup the daily machine scan, where do I
> turn off this particular PUA feature?
detect-pua switch for clamscan or disable it in the clamd.conf file.
Cheers,
Steve
San
lamscan then I guess you've got a script somewhere,
calling clamscan, you need to add: --detect-pua=no
If it's clamdscan you are using then edit the clamd.conf file... and
restart clamd...
# Detect Possibly Unwanted Applications.
# Default: no
DetectPU
Hi All,
For those using Sanesecuriy foxhole databases, I've finally updated
their usage information:
http://sanesecurity.com/foxhole-databases/
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://githu
On Fri, September 5, 2014 8:21 pm, Dennis Peterson wrote:
> Steve - thanks for your contribution to the success of the ClamAV
> products. One question for you - how does determine the current version of
> the files you distribute? One of the foxhole signature files I have is
> f
726F74313328??636572745F657263796E7072??293B2024
test.cryptbot:7:*:3D22{12}225E22{40}3B2024
You might have to change :3: to :7: to make it work...
Disclaimer: not had enough coffee, so not fully tested etc.
Cheers,
Steve
Sanesecurity.com
___
Hel
of "no version information available"
error...
Google:
/usr/local/lib/libxml2.so.2: no version information available
Shows a few posts...
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
hat have been actually seen carrying malware.
To whitelist...
printf Zip.Suspect.MiscDoubleExtension-zippwd-4 > localign.ign2
restart clamd
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/
, 2008-06-23 22:41
[Update (main: 48, 2008-09-04 21:29
[Update (main: 49, 2008-10-24 21:10
[Update (main: 53, 2010-11-14 18:27
etc. etc.
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmi
db database to whitelist...
eg... currently...
grep "mbna" daily.wdb
M:customerservice.mbna.co.uk:virginmoney.com
grep "bankof" daily.wdb
M:email.countrywide.com:www.bankofamerica.com
M:rc.us-east.srv.overture.com:www.bankofamerica.com
can, of course email the missed RAR samples to:
samples ATT sanesecurity.me.uk
Slightly off topic, does anyone have a folder full of saved malware
zips/rars etc. they have kept over the past xxx months, if so can U
contact me off-list...
Cheers,
Steve
Sanesecurity.com
__
al: 249,167
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On Tue, November 18, 2014 10:11 pm, Joel Esler (jesler) wrote:
>
>
> ClamAV 0.98.5 has been released!
Windows 32/64 bit binaries here:
http://sourceforge.net/projects/clamav/files/clamav/win32/0.98.5/
Cheers,
Steve
Sanesecurity.com
__
On Mon, November 24, 2014 11:21 am, stephen.b...@tanint.com wrote:
>
> I'm hoping someone can shed some light on an issue I'm experiencing...
>
Seem to remember a post a while ago... to do with AllowSupplementaryGroups ?
clamd.conf...
AllowSupplementaryGroups tr
On Tue, December 9, 2014 1:23 pm, polloxx wrote:
> We have the same problem with signatures we want to whitelist. Was this
> problem ever solved?
Hi,
What sig name are you whitelisting?
Cheers,
Steve
Sanesecurity.com
___
Help us b
On Tue, December 9, 2014 1:33 pm, polloxx wrote:
>
> % cat local.ign2
> SecuriteInfo.com.Spammer.ec-messenger.com.UNOFFICIAL
> SecuriteInfo.com.Spammer.addemar.com.UNOFFICIAL
Ah, ok...remove the ".UNOFFICIAL" off the end and restart clamd.
Cheers,
#1677)
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
policy type
stuff or something like this (Windows):
CryptoPrevent:
https://www.foolishit.com/vb6-projects/cryptoprevent/technical-information/
These are worth looking at...
http://labs.bitdefender.com/2014/12/bitdefender-offers-free-cryptowall-vaccine/
http://www.surfright.nl/en/cryptoguard
Che
foxhole-databases/
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_TYPE_ZIP, CL_TYPE_RAR, CL_TYPE_ARJ,
CL_TYPE_CAB, CL_TYPE_7Z, CL_TYPE_MAIL, CL_TYPE_(POSIX|OLD)_TAR,
CL_TYPE_CPIO_(OLD|ODC|NEWC|CRC)
So, using CL_TYPE_MAIL will hit a url/filename mentoned in an email too,
which might not be a bad thing but though I'd mention it.
Cheers,
Steve
Web : sanesec
On Thu, February 5, 2015 9:30 am, Virgo Pärna wrote:
> On Thu, 5 Feb 2015 09:11:16 -0000, Steve Basford
>It does not match urls inside the
> mail content. Also, since regexes are actually case sensitive, it does not
> match *.EXE. So there's that.
Hi Virgo,
(?i) will sort
w.sslshopper.com/ssl-checker.html#hostname=www.clamav.net
https://sslcheck.globalsign.com/en_GB/sslcheck?host=www.clamav.net
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
___
Help us build a comprehensive ClamAV guide:
https://github
On Mon, February 9, 2015 11:03 am, Al Varnell wrote:
> Yes, Im seeing the same thing with Safari for OS X. I also get an
> expired 22 Oct 2014 certificate for the wwws.clamav.net/bugzilla site.
Hi Al,
Thanks for the confirmation.
Cheers,
Steve
Web : sanesecurity.co
1 - 100 of 826 matches
Mail list logo
