Hi Orion, This time I went through daily.ldb to check all the published Urlhaus signatures and I think I updated the ones that kept "hiding" from me :) I updated my ClamAV db today in the morning and I'm not seeing any alerts on the files you shared a while back. Please let me know if you still have issues.
Best regards, Lilia Gonzalez Malware Research Team Cisco Talos On Wed, Feb 10, 2021 at 6:41 PM Orion Poplawski <or...@nwra.com> wrote: > Lilia - > > Thanks for the update. We are still seeing the following get blocked > though: > > > Virus Urlhaus.Malware.364328-9787819-0: > > > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.33.2-an+fx.xpi?filehash=sha256%3A5c3a5ef6f5b5475895053238026360020d6793b05541d20032ea9dd1c9cae451 > > This is with today's update. > > Orion > > On 2/8/21 10:39 AM, Lilia Gonzalez Medina wrote: > > Hi Orion, > > > > Apologies for taking too long to respond. After some tests I was able to > > reproduce the FPs and target type 3 LDB signatures for Urlhaus have been > > updated and published and should not alert on legitimate files anymore. > > Please update your ClamAV database and if you still have some issues > > please let me know. > > > > Best regards, > > > > Lilia Gonzalez > > Malware Research Team > > Cisco Talos > > > > > > > > On Tue, Jan 12, 2021 at 12:54 PM Orion Poplawski <or...@nwra.com > > <mailto:or...@nwra.com>> wrote: > > > > Lilia - > > > > Odd, I see it: > > > > # https_proxy= curl -o ublock_origin-1.32.4-an+fx.xpi > > ' > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >' > > # clamscan ublock_origin-1.32.4-an+fx.xpi > > ublock_origin-1.32.4-an+fx.xpi: Urlhaus.Malware.364328-9787819-0 > FOUND > > > > # clamscan --version > > ClamAV 0.103.0/26046/Mon Jan 11 05:34:14 2021 > > > > # clamscan urlhaus-filter-online.txt > > urlhaus-filter-online.txt: Urlhaus.Malware.364328-9787819-0 FOUND > > > > ----------- SCAN SUMMARY ----------- > > Known viruses: 8799521 > > Engine version: 0.103.0 > > Scanned directories: 0 > > Scanned files: 1 > > Infected files: 1 > > Data scanned: 0.29 MB > > Data read: 0.14 MB (ratio 2.11:1) > > Time: 21.911 sec (0 m 21 s) > > Start Date: 2021:01:12 10:37:52 > > End Date: 2021:01:12 10:38:14 > > > > Other URLs: > > > > Virus Urlhaus.Malware.364328-9787819-0: > > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>: > 2 > > Time(s) > > > > > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > >: > > 2 Time(s) > > > > > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt > >: > > 1 Time(s) > > > > > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >: > > 1 Time(s) > > > > > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >: > > 1 Time(s) > > > > > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >: > > 1 Time(s) > > > > > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt > >: > > 1 Time(s) > > > > > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >: > > 1 Time(s) > > > > I've attached copies. > > > > Orion > > > > On 1/8/21 9:18 PM, Lilia Gonzalez Medina wrote: > > > Orion, I haven't been able to reproduce the FP with > > > > > > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >. > > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >> > > > > > > If you could send me the file that alerts with > > > Urlhaus.Malware.364328-9787819-0 I could look into it. > > > > > > Best regards, > > > > > > Lilia Gonzalez > > > Malware Research Team > > > Cisco Talos > > > > > > On Thu, Jan 7, 2021 at 12:00 PM Orion Poplawski <or...@nwra.com > > <mailto:or...@nwra.com> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com>>> wrote: > > > > > > Lilia - > > > > > > Virus database is updated daily and updated last night. > > Still seeing one > > > this morning: > > > > > > Virus Urlhaus.Malware.364328-9787819-0: > > > > > > > > > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >>: > > > 1 Time(s) > > > > > > Though that is a different signature. > > > > > > Orion > > > > > > On 1/7/21 7:56 AM, Lilia Gonzalez Medina wrote: > > > > Hi Orion! > > > > > > > > Those NBD signatures were updated at the beginning of the > > week and > > > should not > > > > FP anymore. Please update your ClamAV db and let us know if > > the issue > > > persists. > > > > > > > > Best regards, > > > > > > > > Lilia Gonzalez > > > > Malware Research Team > > > > Cisco Talos > > > > > > > > > > > > On Wed, Jan 6, 2021 at 4:59 PM Orion Poplawski > > <or...@nwra.com <mailto:or...@nwra.com> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com>> > > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>>>> wrote: > > > > > > > > Lilia - > > > > > > > > Thanks for the response. We're seeing some others > > getting > > > triggered as > > > > well: > > > > > > > > Virus Urlhaus.Malware.490516-9766015-0: > > > > 10.21.2.5 > > > > > > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt> > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>> > > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt> > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>: > 2 > > > Time(s) > > > > 10.21.2.5 > > > > > > > > > > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > >>>: > > > > 2 Time(s) > > > > 10.21.2.5 > > > > > > > > > > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >>>: > > > > 1 Time(s) > > > > 10.21.2.5 > > > > > > > > > > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >>>: > > > > 1 Time(s) > > > > 10.21.2.5 > > > > > > > > > > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt > >>>: > > > > 1 Time(s) > > > > > > > > Virus Urlhaus.Malware.161756-8797115-0: > > > > 10.10.20.7 > > > > > > > > > > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >> > > > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >>>: > > > > 1 Time(s) > > > > 10.11.1.3 > > > > > > > > > > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >> > > > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > > > > > > > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > < > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > >>>: > > > > 1 Time(s) > > > > > > > > > > > > Orion > > > > > > > > On 1/4/21 8:43 AM, Lilia Gonzalez Medina wrote: > > > > > Hi Orion! > > > > > > > > > > Thank you for reporting this. URLhaus is a partner > > that generates > > > a list of > > > > > ClamAV signatures to target malicious URLs. Signature > > > > > Urlhaus.Malware.452652-9766253-0 looks for a > > malicious URL inside HTML > > > > > files, which is why it is alerting on the URLs you > > mentioned. We > > > found these > > > > > FPs some weeks ago and added an extra check on new > ClamAV > > > signatures to > > > > > prevent them from alerting on legitimate URLhaus > > content. We are > > > currently > > > > > updating older ClamAV signatures to ensure they don't > > FP on > > > non-malicious > > > > > HTML files. > > > > > > > > > > Best regards, > > > > > > > > > > Lilia Gonzalez > > > > > Malware Research Team > > > > > Cisco Talos > > > > > > > > > > On Wed, Dec 23, 2020 at 1:11 PM Orion Poplawski > > <or...@nwra.com <mailto:or...@nwra.com> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com>> > > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>>> > > > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>>>>> wrote: > > > > > > > > > > Can anyone give me some details about the > > > > Urlhaus.Malware.452652-9766253-0 > > > > > signature? We're seeing following URLs trigger > it: > > > > > > > > > > > > > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt> > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>> > > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt> > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > >>> > > > > > > > > > > < > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt < > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt> > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>> > > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt> > > > > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > > <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt > >>>> > > > > > > > > > > > > > > > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > >>> > > > > > > > > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt > >>>> > > > > > > > > > > > > > > > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > >>> > > > > > > > > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > > > > > > > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > < > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt > >>>> > > > > > > > > > > > > > > > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >>> > > > > > > > > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > > > > > > > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > < > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > >>>> > > > > > > > > > > > > > > > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >>> > > > > > > > > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >> > > > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > > > > > > > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > < > https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt > >>>> > > > > > > > > > > Which seems to be the online update URLs for the > > urlhaus > > > filter. Does > > > > > ClamAV > > > > > deem urlhaus a bad actor? > > > > > > > > > > Thanks, > > > > > Orion > > > > > > > > > > -- > > > > > Orion Poplawski > > > > > Manager of NWRA Technical Systems > > 720-772-5637 > > > > > NWRA, Boulder/CoRA Office FAX: > > 303-415-9702 > > > > > 3380 Mitchell Lane or...@nwra.com > > <mailto:or...@nwra.com> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com>> > > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>>> > > > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>>>> > > > > > Boulder, CO 80301 https://www.nwra.com/ > > <https://www.nwra.com/> > > > <https://www.nwra.com/ <https://www.nwra.com/>> > > > > <https://www.nwra.com/ <https://www.nwra.com/> > > <https://www.nwra.com/ <https://www.nwra.com/>>> > > > > > <https://www.nwra.com/ <https://www.nwra.com/> > > <https://www.nwra.com/ <https://www.nwra.com/>> > > > <https://www.nwra.com/ <https://www.nwra.com/> > > <https://www.nwra.com/ <https://www.nwra.com/>>>> > > > > > > > > > > _______________________________________________ > > > > > > > > > > clamav-users mailing list > > > > > clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net> > > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net>> > > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net> > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net>>> > > > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net> > > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net>> > > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net> > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net>>>> > > > > > > > https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users>> > > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users>>> > > > > > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users>> > > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users>>>> > > > > > > > > > > > > > > > Help us build a comprehensive ClamAV guide: > > > > > https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq>> > > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq>>> > > > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq>> > > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq>>>> > > > > > > > > > > http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml>> > > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml>>> > > > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml>> > > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml>>>> > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > clamav-users mailing list > > > > > clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net> > > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net>> > > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net> > > <mailto:clamav-users@lists.clamav.net > > <mailto:clamav-users@lists.clamav.net>>> > > > > > > > https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users>> > > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > <https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users>>> > > > > > > > > > > > > > > > Help us build a comprehensive ClamAV guide: > > > > > https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq>> > > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > <https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq>>> > > > > > > > > > > http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml>> > > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > > <http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml>>> > > > > > > > > > > > > -- > > > > Orion Poplawski > > > > Manager of NWRA Technical Systems 720-772-5637 > > > > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > > > > 3380 Mitchell Lane or...@nwra.com <mailto: > or...@nwra.com> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com>> > > > > <mailto:or...@nwra.com <mailto:or...@nwra.com> > > <mailto:or...@nwra.com <mailto:or...@nwra.com>>> > > > > Boulder, CO 80301 https://www.nwra.com/ > > <https://www.nwra.com/> > > > <https://www.nwra.com/ <https://www.nwra.com/>> > > > > <https://www.nwra.com/ <https://www.nwra.com/> > > <https://www.nwra.com/ <https://www.nwra.com/>>> > > > > > > > > > > > > > > > > > -- > > > Orion Poplawski > > > Manager of NWRA Technical Systems 720-772-5637 > > > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > > > 3380 Mitchell Lane or...@nwra.com <mailto:or...@nwra.com> > > > <mailto:or...@nwra.com <mailto:or...@nwra.com>> > > > Boulder, CO 80301 https://www.nwra.com/ < > https://www.nwra.com/> > > > <https://www.nwra.com/ <https://www.nwra.com/>> > > > > > > > > > -- > > Orion Poplawski > > Manager of NWRA Technical Systems 720-772-5637 > > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > > 3380 Mitchell Lane or...@nwra.com <mailto:or...@nwra.com> > > Boulder, CO 80301 https://www.nwra.com/ <https://www.nwra.com/> > > > > > -- > Orion Poplawski > he/him/his - surely the least important thing about me > Manager of NWRA Technical Systems 720-772-5637 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane or...@nwra.com > Boulder, CO 80301 https://www.nwra.com/ > >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml