[clamav-users] ignore yara rule
Hi, Using clamav-unofficial-signatures and I'm trying to ignore a yara rule due to many FPs. The blocked message refers to the YARA.invalid_trailer_structure.UNOFFICIAL as the offending signature. However, entering any of following in local.ign2 file, clamav ignores it and keeps blocking: YARA.invalid_trailer_structure Any idea what I'm doing wrong here? thanks ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists
I already did that before I posted that I couldn't find it. Probably missed it, regardless the issue has been resolved. http://lists.clamav.net/pipermail/clamav-users/2018-October/thread.html Thanks for trying. Dino -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of G.W. Haywood Sent: Thursday, October 18, 2018 8:22 AM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists Hi there, On Wed, 17 Oct 2018, Dino Edwards wrote: > I got a response from someone about this error but I can?t seem to > find their email. Sigh. That would have been from me: Date: Wed, 10 Oct 2018 19:06:07 +0100 (BST) From: G.W. Haywood To: clamav-users@lists.clamav.net Subject: Re: /bin/mkdir: cannot create directory ?/run/clamav?: File exists Check the list archives. I'm not going to give you a direct link to the post here because I want you to do some work, and in the process teach yourself something about mailing lists. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Ok thanks! You really need to work on your social skills though. Here's how NORMAL people (i.e. people NOT in the autistic spectrum) would have handled this: YOU: "Hey I noticed the "-" prefix in "ExecStartPre=-/bin/mkdir /run/clamav" line. This does not indicate a problem, but rather a warning letting you know that the directory already exists. You don't have anything to worry about" ME: "Thanks! I appreciate you looking at it. You are awesome!" See? It's simple. Just don't be a dick! Give it a try. Thanks again! Dino -Original Message- From: Reindl Harald [mailto:h.rei...@thelounge.net] Sent: Wednesday, October 17, 2018 1:08 PM To: ClamAV users ML ; Dino Edwards Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists Am 17.10.18 um 18:21 schrieb Dino Edwards: > ExecStartPre=-/bin/mkdir /run/clamav > ExecStartPre=/bin/chown clamav /run/clamav you don't get an error, an error is when the service don't start "If I delete the /var/run/clamav directory, I don’t get the error, but if I restart clamd again I get the error again. I’m not sure what the problem is" - idiot there is no problem "ExecStartPre=-/bin/mkdir /run/clamav" is prefixed with - so that the service don't fail in case the directory exists and "mkdir" natuarlly fails when a directory already exists when you delete the directory - guess what - it get created and no warning - frankly this is not a clamav topic at all but lack of basic understanding of your system ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Hi Kris thanks for trying to help, Here you go: dpkg -L clamav-daemon |grep system /lib/systemd /lib/systemd/system /lib/systemd/system/clamav-daemon.service cat /lib/systemd/system/clamav-daemon.service [Unit] Description=Clam AntiVirus userspace daemon Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ # Check for database existence ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} [Service] ExecStart=/usr/sbin/clamd --foreground=true # Reload the database ExecReload=/bin/kill -USR2 $MAINPID StandardOutput=syslog [Install] WantedBy=multi-user.target cd /etc/systemd/system/clamav-daemon.service.d root@hermes:/etc/systemd/system/clamav-daemon.service.d# ls extend.conf root@hermes:/etc/systemd/system/clamav-daemon.service.d# cat extend.conf [Service] ExecStartPre=-/bin/mkdir /run/clamav ExecStartPre=/bin/chown clamav /run/clamav -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Kris Deugau Sent: Wednesday, October 17, 2018 10:38 AM To: ClamAV users ML Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists Dino Edwards wrote: > Answering my own question on the /var/run and the /run directories. > There is a link between the two, I just didn’t go up a level in the > directory structure. The question about the error still remains though. The chown and mkdir look a bit suspect to me; I'm not seeing anything like that in the Debian packages (which should be mostly the same in Ubuntu). What I *do* see in one of the stock files (/lib/systemd/system/clamav-daemon.socket) is this stanza: [Socket] ListenStream=/run/clamav/clamd.ctl #ListenStream=127.0.0.1:1024 SocketUser=clamav SocketGroup=clamav RemoveOnStop=True which if I understand correctly, implies that clamd on this system is using systemd's socket creation/handling voodoo rather than doing so itself. Can you post: - Output from "dpkg -L clamav-daemon |grep system" - Contents of any .service or .socket files from the above list - Contents of any files in /etc/systemd/system/clamav-daemon.service.d > Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; > vendor preset: enabled) > > Drop-In: /etc/systemd/system/clamav-daemon.service.d > > └─extend.conf This seems to indicate that you're not using the stock systemd service definitions from Ubuntu/Debian upstream. -kgd ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
@ GBlorst Thanks for the heads up. I’m going to try and stop feeding the troll. From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Sent: Wednesday, October 17, 2018 10:47 AM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists Hi, Dino. Reindl is a scared little boy. This is normal behavior for him. He has low-self esteem and needs to make his little boy self feel better. Don't worry about him. Ignore him and he will go away! He has been banned from many lists for his childish behavior! Bye Bye Reindl. GBlorst How about you contribute something of value to this discussion instead of a link about how this was added in Linux 7 years ago so you can show everyone how clever you are. Do I really need to know the history of this change? No, I was able to figure it out and I posted that with my 2nd post. The main issue still remains, "/bin/mkdir: cannot create directory ‘/run/clamav’: File exists". Do you have any insight on that? I'm thinking no? Thanks -Original Message- From: Reindl Harald [mailto:h.rei...@thelounge.net] Sent: Wednesday, October 17, 2018 8:29 AM To: ClamAV users ML <mailto:clamav-users@lists.clamav.net>; Dino Edwards <mailto:dino.edwa...@mydirectmail.net> Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists Take your old mailboxes with you. Free, fast and secure: eclipso Mail & Cloud<https://www.eclipso.eu>. Time to change!. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Get real. When I and others called you out, you decided to put a little more detail to cover the obvious fact that you were just trying to be a dick. The important thing you fail to understand that I did NOT write the script to start the service. So any "mkdir/chown dance" as you put it, was NOT done by me, but rather the package maintainer. This USED to work in previous Ubuntu/clamd version, now it no longer works. So, I'm trying to figure out why it's not working and if I should bring this up in the appropriate Ubuntu forum. Your link and "contribution" continues to be void of any value and substance in this discussion. So, I'm going to stop feeding this troll. -Original Message- From: Reindl Harald [mailto:h.rei...@thelounge.net] Sent: Wednesday, October 17, 2018 11:39 AM To: ClamAV users ML ; Dino Edwards ; gblo...@eclipso.eu Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists Am 17.10.18 um 14:33 schrieb Dino Edwards: > How about you contribute something of value to this discussion instead of a > link about how this was added in Linux 7 years ago so you can show everyone > how clever you are. i contributed the link which explains how these folders are supposed to get created at boot and any mkdir/chown dance is plain wrong - it's not my fault that you don't recognize input when you get it https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html and if one insists in "ExecStartPre=/bin/mkdir /run/clamav" he should make it proper as "ExecStartPre=-/bin/mkdir /run/clamav" which don't fail the whole service in case the directory already exists > -Original Message- > From: Reindl Harald [mailto:h.rei...@thelounge.net] > Sent: Wednesday, October 17, 2018 8:29 AM > To: ClamAV users ML ; Dino Edwards > > Subject: Re: [clamav-users] /bin/mkdir: cannot create directory > ‘/run/clamav’: File exists > > > Am 17.10.18 um 13:12 schrieb Dino Edwards: >> Good morning? > > what about read posted links and don't strip context? > > /run was introduced 7 years ago and the discussion about it made it to > every it news portal and that's what i mean when somebody is surprised > that /run is a tmpfs available at early boot which also means you need > to make sure folders there are created at boot > > https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html > >> Am 16.10.18 um 19:12 schrieb Dino Edwards: >>> good morning in 2018 > > > Weitergeleitete Nachricht > > Am 16.10.18 um 19:12 schrieb Dino Edwards: >> Answering my own question on the /var/run and the /run directories. >> There is a link between the two > good morning in 2018 > > http://www.h-online.com/open/news/item/Linux-distributions-to-include- > run-directory-1219006.html ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
How about you contribute something of value to this discussion instead of a link about how this was added in Linux 7 years ago so you can show everyone how clever you are. Do I really need to know the history of this change? No, I was able to figure it out and I posted that with my 2nd post. The main issue still remains, "/bin/mkdir: cannot create directory ‘/run/clamav’: File exists". Do you have any insight on that? I'm thinking no? Thanks -Original Message- From: Reindl Harald [mailto:h.rei...@thelounge.net] Sent: Wednesday, October 17, 2018 8:29 AM To: ClamAV users ML ; Dino Edwards Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists Am 17.10.18 um 13:12 schrieb Dino Edwards: > Good morning? what about read posted links and don't strip context? /run was introduced 7 years ago and the discussion about it made it to every it news portal and that's what i mean when somebody is surprised that /run is a tmpfs available at early boot which also means you need to make sure folders there are created at boot https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html > Am 16.10.18 um 19:12 schrieb Dino Edwards: >> good morning in 2018 Weitergeleitete Nachricht ---- Am 16.10.18 um 19:12 schrieb Dino Edwards: > Answering my own question on the /var/run and the /run directories. > There is a link between the two good morning in 2018 http://www.h-online.com/open/news/item/Linux-distributions-to-include-run-directory-1219006.html ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Good morning? Am 16.10.18 um 19:12 schrieb Dino Edwards: > good morning in 2018 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Answering my own question on the /var/run and the /run directories. There is a link between the two, I just didn’t go up a level in the directory structure. The question about the error still remains though. Hello, I’m getting the following error on clamav on Ubuntu 16.04 LTS when I look at the service status: Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Tue 2018-10-09 12:12:22 EDT; 4s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 14202 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 14199 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE) Main PID: 14207 (clamd) Tasks: 1 Memory: 225.1M CPU: 3.902s CGroup: /system.slice/clamav-daemon.service └─14207 /usr/sbin/clamd --foreground=true Oct 09 12:12:22 hermes systemd[1]: Starting Clam AntiVirus userspace daemon... Oct 09 12:12:22 hermes systemd[1]: Started Clam AntiVirus userspace daemon. Oct 09 12:12:22 hermes mkdir[14199]: /bin/mkdir: cannot create directory ‘/run/clamav’: File exists I got a response from someone about this error but I can’t seem to find their email. One thing I noticed is that the clamd.conf file sets the “LocalSocket” to the “/var/run/clamav” directory, however the error refers to the “/run/clamav” directory. I don’t see a symlink for those two directories, but the clamd.ctl file looks like the exact same file in both directories. If I delete the /var/run/clamav directory, I don’t get the error, but if I restart clamd again I get the error again. I’m not sure what the problem is, and I hope someone can help. Thanks a lot ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Hello, I’m getting the following error on clamav on Ubuntu 16.04 LTS when I look at the service status: Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Tue 2018-10-09 12:12:22 EDT; 4s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 14202 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 14199 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE) Main PID: 14207 (clamd) Tasks: 1 Memory: 225.1M CPU: 3.902s CGroup: /system.slice/clamav-daemon.service └─14207 /usr/sbin/clamd --foreground=true Oct 09 12:12:22 hermes systemd[1]: Starting Clam AntiVirus userspace daemon... Oct 09 12:12:22 hermes systemd[1]: Started Clam AntiVirus userspace daemon. Oct 09 12:12:22 hermes mkdir[14199]: /bin/mkdir: cannot create directory ‘/run/clamav’: File exists I got a response from someone about this error but I can’t seem to find their email. One thing I noticed is that the clamd.conf file sets the “LocalSocket” to the “/var/run/clamav” directory, however the error refers to the “/run/clamav” directory. I don’t see a symlink for those two directories, but the clamd.ctl file looks like the exact same file in both directories. If I delete the /var/run/clamav directory, I don’t get the error, but if I restart clamd again I get the error again. I’m not sure what the problem is, and I hope someone can help. Thanks a lot ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Hello, I’m getting the following error on clamav on Ubuntu 16.04 LTS when I look at the service status: Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Tue 2018-10-09 12:12:22 EDT; 4s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 14202 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 14199 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE) Main PID: 14207 (clamd) Tasks: 1 Memory: 225.1M CPU: 3.902s CGroup: /system.slice/clamav-daemon.service └─14207 /usr/sbin/clamd --foreground=true Oct 09 12:12:22 hermes systemd[1]: Starting Clam AntiVirus userspace daemon... Oct 09 12:12:22 hermes systemd[1]: Started Clam AntiVirus userspace daemon. Oct 09 12:12:22 hermes mkdir[14199]: /bin/mkdir: cannot create directory ‘/run/clamav’: File exists Can someone point me in the right direction? Thanks ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV for EnterPrise
Thank you Captain Obvious for the outstanding insight. I already answered his question so find somebody else to troll -Original Message- From: Groach [groachmail-stopspammin...@yahoo.com] Received: Wednesday, 19 Apr 2017, 2:44PM To: clamav-users@lists.clamav.net [clamav-users@lists.clamav.net] Subject: Re: [clamav-users] ClamAV for EnterPrise It only takes up peoples time of they CHOOSE to want to answer. And if they choose to answer then they have no right to be annoyed about their time being used. If people dont want to answer, or get annoyed by other posters questions, then they should simply stay away from the reply button and move on to more important things in their lives. (This also helps to save reading time for others who get annoyed by people who get annoyed and waste time telling people they are getting annoyed). On 19/04/2017 13:30, Dino Edwards wrote: > or do you just randomly post things to take up people's time > > > > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf > Of crazy thinker > Sent: Wednesday, April 19, 2017 8:20 AM > To: ClamAV users ML > Subject: Re: [clamav-users] ClamAV for EnterPrise > > @Joel > > That Sounds good but ClamAV is OpenSource.. how can we use it in Commercial > Product ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV for EnterPrise
I already gave you an answer about going with a commercial product, even gave you a recommendation. Are you stuck on ClamAV and insisting on somehow integrating it in an enterprise setting which was not designed to do by itself or do you just randomly post things to take up people's time or do you not understand? -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of crazy thinker Sent: Wednesday, April 19, 2017 8:20 AM To: ClamAV users ML Subject: Re: [clamav-users] ClamAV for EnterPrise @Joel That Sounds good but ClamAV is OpenSource.. how can we use it in Commercial Product ? On 19 April 2017 at 17:07, Joel Esler (jesler) wrote: > All -- > > ClamAV does not have any plans on making an enterprise version or > management console. We make a commercial product for that, which also > uses ClamAV in its engine. > > I think that settles the conversation. > > -- > Sent from my iPhone > > > On Apr 19, 2017, at 04:08, Reindl Harald wrote: > > > > > > > >> Am 19.04.2017 um 07:16 schrieb crazy thinker: > >> @G.W Haywood.. > >> it would be sounds good if you speak in polite way.. evey one can > >> bark > on > >> others.. but that is not solution here. i hope you understand well > > > > that was polite after following your posts for some days now > > > >>> On 19 April 2017 at 02:00, G.W. Haywood > >>> > wrote: > >>> Hi there, > >>> > >>> On Tue, 18 Apr 2017, crazy thinker wrote: > >>> > >>> - I am looking for below features in Enterprise Environment > - > - *Antivirus/Antispyware* > - *Desktop Firewall* > - *Intrusion Prevention* > - *Browser Protection* > - *Antivirus for Mac & Linux* > - *Device & Application Control* > - *Virtualization Features* > - *Centralized and Granular Policy Management* > > >>> > >>> The more questions you ask on this and the development list, the > >>> more painfully obvious it becomes to me that you have no idea what > >>> you are talking about. The list which you have provided above is > >>> garbage; if you took that to a commercial supplier they would > >>> probably fall about laughing after they have sold you a lot of > >>> useless junk and shown you out of the door. > >>> > >>> The best thing you can do is get yourself some good training, so > >>> that you will become capable of making rational decisions based on > >>> sound (and not crazy) thinking. You should expect the training, > >>> if pursued full-time, to take at least a couple of years to get > >>> you to the point where you at least know what a firewall does. To > >>> know how properly to configure one would, if you were no more than > >>> an average pupil in the first course, probably take a couple more > >>> years. If this sounds a bit like a batchelor's degree in computer > >>> science, that's not far wrong. > >>> > >>> The next best thing would be to employ someone competent, but with > >>> your current level of understanding I have no idea how you are > >>> going to be able to judge the competence of a prospective employee. > >>> > >>> To give you a rough idea of what level of skill you should be > >>> looking for, I would not allow someone with a new computer science > >>> degree to make unsupervised configuration changes to computer > >>> defences until he or she had worked for me for at least a few > >>> months - probably more like a couple of years - so that I could assess > >>> his/her capabilities. > >>> I managed to get a first class honours degree in engineering in > >>> 1976, I've been working with computers for over forty years, and > >>> I'm STILL learning new, interesting and sneaky tricks which could > >>> easily eat my lunch if I weren't careful. It's a jungle out there, it > >>> really is. > >>> > >>> If you plan to risk the livelihoods of employees on your own > >>> present computer skills, then I'd have to say I think that is > >>> irresponsible, and with the present threat levels simply begging for > >>> trouble. > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Need help: clamd stops after starting without any error message
Anything in syslog? -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Torge Riedel Sent: Wednesday, April 19, 2017 4:42 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Need help: clamd stops after starting without any error message Hi, I'm using clamav on my server (Ubuntu 12.04 LTS) for long time without any problem. Now I get messages from amavis that it cannot connect to socket /var/run/clamav/clamd.ctl The file exists and the file clamd.pid exists too, but there is no running process with this PID. If I execute service clamav-daemon start these two files are updated and a clamd-process is running for some seconds, then it stops. This is all I get in /var/log/clamav/clamav.log: Wed Apr 19 10:25:11 2017 -> +++ Started at Wed Apr 19 10:25:11 2017 Wed Apr 19 10:25:11 2017 -> Received 0 file descriptor(s) from systemd. Wed Apr 19 10:25:11 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Wed Apr 19 10:25:11 2017 -> Running as user clamav (UID 113, GID 119) Wed Apr 19 10:25:11 2017 -> Log file size limited to 4294967295 bytes. Wed Apr 19 10:25:11 2017 -> Reading databases from /var/lib/clamav Wed Apr 19 10:25:11 2017 -> Not loading PUA signatures. Wed Apr 19 10:25:11 2017 -> Bytecode: Security mode set to "TrustSigned". Wed Apr 19 10:25:22 2017 -> Loaded 6267692 signatures. Wed Apr 19 10:25:24 2017 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Setting connection queue length to 15 Wed Apr 19 10:25:24 2017 -> Limits: Global size limit set to 104857600 bytes. Wed Apr 19 10:25:24 2017 -> Limits: File size limit set to 26214400 bytes. Wed Apr 19 10:25:24 2017 -> Limits: Recursion level limit set to 10. Wed Apr 19 10:25:24 2017 -> Limits: Files limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxPartitions limit set to 50. Wed Apr 19 10:25:24 2017 -> Limits: MaxIconsPE limit set to 100. Wed Apr 19 10:25:24 2017 -> Limits: MaxRecHWP3 limit set to 16. Wed Apr 19 10:25:24 2017 -> Limits: PCREMatchLimit limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: PCRERecMatchLimit limit set to 5000. Wed Apr 19 10:25:24 2017 -> Limits: PCREMaxFileSize limit set to 25. Wed Apr 19 10:25:24 2017 -> Archive support enabled. Wed Apr 19 10:25:24 2017 -> Algorithmic detection enabled. Wed Apr 19 10:25:24 2017 -> Portable Executable support enabled. Wed Apr 19 10:25:24 2017 -> ELF support enabled. Wed Apr 19 10:25:24 2017 -> Mail files support enabled. Wed Apr 19 10:25:24 2017 -> OLE2 support enabled. Wed Apr 19 10:25:24 2017 -> PDF support enabled. Wed Apr 19 10:25:24 2017 -> SWF support enabled. Wed Apr 19 10:25:24 2017 -> HTML support enabled. Wed Apr 19 10:25:24 2017 -> XMLDOCS support enabled. Wed Apr 19 10:25:24 2017 -> HWP3 support enabled. Wed Apr 19 10:25:24 2017 -> Self checking every 3600 seconds. Any help is appreciated. I read the FAQ and googled but did not found any helpful solution. Thanks in advance Torge ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV for EnterPrise
Maybe give him the benefit of the doubt, although I have to admit his questions are suspect at best. Most of the requirements that he's looking for would certainly be checked off by a commercial AV vendor (not really sure what browser protection means) but most of it should. -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of G.W. Haywood Sent: Tuesday, April 18, 2017 4:31 PM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] ClamAV for EnterPrise Hi there, On Tue, 18 Apr 2017, crazy thinker wrote: > - I am looking for below features in Enterprise Environment > - > - *Antivirus/Antispyware* > - *Desktop Firewall* > - *Intrusion Prevention* > - *Browser Protection* > - *Antivirus for Mac & Linux* > - *Device & Application Control* > - *Virtualization Features* > - *Centralized and Granular Policy Management* The more questions you ask on this and the development list, the more painfully obvious it becomes to me that you have no idea what you are talking about. The list which you have provided above is garbage; if you took that to a commercial supplier they would probably fall about laughing after they have sold you a lot of useless junk and shown you out of the door. The best thing you can do is get yourself some good training, so that you will become capable of making rational decisions based on sound (and not crazy) thinking. You should expect the training, if pursued full-time, to take at least a couple of years to get you to the point where you at least know what a firewall does. To know how properly to configure one would, if you were no more than an average pupil in the first course, probably take a couple more years. If this sounds a bit like a batchelor's degree in computer science, that's not far wrong. The next best thing would be to employ someone competent, but with your current level of understanding I have no idea how you are going to be able to judge the competence of a prospective employee. To give you a rough idea of what level of skill you should be looking for, I would not allow someone with a new computer science degree to make unsupervised configuration changes to computer defences until he or she had worked for me for at least a few months - probably more like a couple of years - so that I could assess his/her capabilities. I managed to get a first class honours degree in engineering in 1976, I've been working with computers for over forty years, and I'm STILL learning new, interesting and sneaky tricks which could easily eat my lunch if I weren't careful. It's a jungle out there, it really is. If you plan to risk the livelihoods of employees on your own present computer skills, then I'd have to say I think that is irresponsible, and with the present threat levels simply begging for trouble. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV for EnterPrise
If you are looking for all these features you are going to have to go with a commercial offering. For example, Eset is decent lightweight and reasonably priced. Their management tools are very good also. https://www.eset.com/us/business/ -Original Message- From: crazy thinker [crazythinke...@gmail.com] Received: Tuesday, 18 Apr 2017, 6:44AM To: ClamAV users ML [clamav-users@lists.clamav.net] Subject: Re: [clamav-users] ClamAV for EnterPrise - - I am looking for below features in Enterprise Environment - - *Antivirus/Antispyware* - *Desktop Firewall* - *Intrusion Prevention* - *Browser Protection* - *Antivirus for Mac & Linux* - *Device & Application Control* - *Virtualization Features* - *Centralized and Granular Policy Management* - - On 18 April 2017 at 16:01, Dino Edwards wrote: > What do you mean by that exactly? What features are you looking for? > > > > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of crazy thinker > Sent: Tuesday, April 18, 2017 6:29 AM > To: ClamAV users ML ; ClamAV Development < > clamav-de...@lists.clamav.net> > Subject: [clamav-users] ClamAV for EnterPrise > > Hi ClamAV Developers, ClamAV Users > > > I have refered ClamAV Docs but i could find any info to set up clamav in > Business Environment. i have a small business office where 50-75 employees > are working > > Could anyone of you please help me in this? > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV for EnterPrise
What do you mean by that exactly? What features are you looking for? -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of crazy thinker Sent: Tuesday, April 18, 2017 6:29 AM To: ClamAV users ML ; ClamAV Development Subject: [clamav-users] ClamAV for EnterPrise Hi ClamAV Developers, ClamAV Users I have refered ClamAV Docs but i could find any info to set up clamav in Business Environment. i have a small business office where 50-75 employees are working Could anyone of you please help me in this? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Heuristics.Encrypted.PDF
We seem to be getting a lot of false positives with the following message: INFECTED, message contains virus: Heuristics.Encrypted.PDF The reason I know they are false positives is because when looking at the attached PDFs, there is no passwords set on them. The simple answer would be to simply set ArchiveBlockEncrypted to false, however that's not a good solution. We need ArchiveBlockEncrypted enabled to block potential malware but we need to somehow stop these false positives. Our clamav version is ClamAV 0.99.2 Thanks Dino Edwards ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] password protected encrypted .docx files
Didn't realize the ArchiveblockEncrypted included MS Word files. I thought it would be for password protected zip rar and such -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Benny Pedersen Sent: Wednesday, April 5, 2017 11:22 AM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] password protected encrypted .docx files Dino Edwards skrev den 2017-04-05 16:48: > Any way to get clamav to block password protected Microsoft word files? Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's off by default) if not working pastebin your clamconf (clamav section only) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] password protected encrypted .docx files
Any way to get clamav to block password protected Microsoft word files? Thanks ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml