Re: [Clamav-users] Unofficial malware signatures for Clamav
Bill Landry wrote the following on 8/19/2007 1:17 PM -0800: > Arnaud Jacques wrote the following on 8/19/2007 12:10 PM -0800: > >> I uploaded a new version with "VX." prefix. >> >> >>> Arnaud, if you are okay with it, I was thinking about adding VX >>> signature updates to my publicly available download script hosted at >>> http://www.sanesecurity.com/clamav/ss-msrbl.txt. I currently provides >>> scripted update downloads for SaneSecurity and MSRBL signature files. I >>> was also thinking about adding the MBL signatures, as well. >>> >>> >> I'm OK with it. >> >> >> > Great, but I'll wait and send Steve an update to post after you have > updated your DNS (don't want to have to send him too many updates to > post to his site). > > Arnaud, I see that sd-9798.dedibox.fr has a "A" record that points to 88.191.56.100, and their is also a "PTR" record for 88.191.56.100 that points back to sd-9798.dedibox.fr. If this will not change, we can simple point to sd-9798.dedibox.fr in our download scripts. Does that work for you? Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Gerard wrote: > I am not sure if Steve has had the time to > upload it to his servers yet. He is quite busy. > Just uploaded the updated script to both domains :) Cheers, Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Arnaud Jacques wrote the following on 8/19/2007 12:10 PM -0800: > I uploaded a new version with "VX." prefix. > >> Arnaud, if you are okay with it, I was thinking about adding VX >> signature updates to my publicly available download script hosted at >> http://www.sanesecurity.com/clamav/ss-msrbl.txt. I currently provides >> scripted update downloads for SaneSecurity and MSRBL signature files. I >> was also thinking about adding the MBL signatures, as well. >> > > I'm OK with it. > > Great, but I'll wait and send Steve an update to post after you have updated your DNS (don't want to have to send him too many updates to post to his site). Thanks for your contribution to the ClamAV user community and for allowing me to add your signatures to my download script! Best regards, Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
On Sunday August 19, 2007 at 03:10:41 (PM) Arnaud Jacques wrote: > > Arnaud, if you are okay with it, I was thinking about adding VX > > signature updates to my publicly available download script hosted at > > http://www.sanesecurity.com/clamav/ss-msrbl.txt. I currently provides > > scripted update downloads for SaneSecurity and MSRBL signature files. I > > was also thinking about adding the MBL signatures, as well. > > I'm OK with it. I wrote the 'scamp.sh' script that is available at "SaneSecurity". I have all ready sent Steve an updated file that will download and install your signatures. I am not sure if Steve has had the time to upload it to his servers yet. He is quite busy. Assuming that the user runs the script as directed, it should only download your file when it changes. -- Gerard ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Le dimanche 19 août 2007 19:21, Bill Landry a écrit : > Henrik Krohns wrote the following on 8/19/2007 8:34 AM -0800: > > On Sun, Aug 19, 2007 at 05:22:34PM +0200, Arnaud Jacques wrote: > >> Hello Dennis, > >> > >> Le dimanche 19 août 2007 06:03, Dennis Peterson a écrit : > >>> So that your signatures are easily discovered in my logs I've prefixed > >>> all the virus names with vx so that Backdoor.Win32.LiveList.a becomes > >>> vxBackdoor.Win32.LiveList.a. I'd recommend you do the same - credit > >>> where credit is due. > >> > >> Good idea. Will do it on next update. > > Please do VX. or some other clean identity, vx without a dot isn't really > > readable. I uploaded a new version with "VX." prefix. > Arnaud, if you are okay with it, I was thinking about adding VX > signature updates to my publicly available download script hosted at > http://www.sanesecurity.com/clamav/ss-msrbl.txt. I currently provides > scripted update downloads for SaneSecurity and MSRBL signature files. I > was also thinking about adding the MBL signatures, as well. I'm OK with it. -- Cordialement / Best regards, Arnaud Jacques Consultant Sécurité SecuriteInfo.com http://www.securiteinfo.com http://www.securiteinfo.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Henrik Krohns wrote the following on 8/19/2007 8:34 AM -0800: > On Sun, Aug 19, 2007 at 05:22:34PM +0200, Arnaud Jacques wrote: > >> Hello Dennis, >> >> Le dimanche 19 août 2007 06:03, Dennis Peterson a écrit : >> >>> So that your signatures are easily discovered in my logs I've prefixed >>> all the virus names with vx so that Backdoor.Win32.LiveList.a becomes >>> vxBackdoor.Win32.LiveList.a. I'd recommend you do the same - credit >>> where credit is due. >>> >> Good idea. Will do it on next update. >> > > Please do VX. or some other clean identity, vx without a dot isn't really > readable. > I agree, which is exactly what I did in prefixing my signature file after Dennis made his original suggestion. Arnaud, if you are okay with it, I was thinking about adding VX signature updates to my publicly available download script hosted at http://www.sanesecurity.com/clamav/ss-msrbl.txt. I currently provides scripted update downloads for SaneSecurity and MSRBL signature files. I was also thinking about adding the MBL signatures, as well. Note that checks may be done more often than daily, however, downloads are only done if an update is detected. If you would rather I not add the VX signature file to the script, just let me know. Thanks, Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Le dimanche 19 août 2007 18:21, Andrew McGlashan a écrit : > Hi, > > Arnaud Jacques wrote: > >> I ask because I see that your download link is a bare IP address, > >> which you may change as much as you want, but I would prefer to use > >> a script with only one address, just like I use with SaneSecurity > >> and MSRBL. > > > > For now, the IP address is fixed. AFAIK, it will not change in the > > near future. You can use it for your script. > > Why not set up your own local host file entry [or similar] and use a > constant host name of your choice? If the IP address does change, then you > only need to adjust your relevant local hosts file and not adjust your > scripts again. I'm just too lazy to do the DNS stuff. I will do it when I got 5 minutes... :) -- Cordialement / Best regards, Arnaud Jacques Consultant Sécurité SecuriteInfo.com http://www.securiteinfo.com http://www.securiteinfo.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Hi, Arnaud Jacques wrote: >> I ask because I see that your download link is a bare IP address, >> which you may change as much as you want, but I would prefer to use >> a script with only one address, just like I use with SaneSecurity >> and MSRBL. > > For now, the IP address is fixed. AFAIK, it will not change in the > near future. You can use it for your script. Why not set up your own local host file entry [or similar] and use a constant host name of your choice? If the IP address does change, then you only need to adjust your relevant local hosts file and not adjust your scripts again. Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP Current Fixed Line No: 03 8705 0300 Mobile: 04 2574 1827 Fax: 03 8790 1224 National No: 1300 85 3804 Affinity Vision Australia Pty Ltd http://www.affinityvision.com.au http://adsl2choice.net In Case of Emergency -- http://www.affinityvision.com.au/ice.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Hello Dennis, Le dimanche 19 août 2007 06:03, Dennis Peterson a écrit : > So that your signatures are easily discovered in my logs I've prefixed > all the virus names with vx so that Backdoor.Win32.LiveList.a becomes > vxBackdoor.Win32.LiveList.a. I'd recommend you do the same - credit > where credit is due. Good idea. Will do it on next update. -- Cordialement / Best regards, Arnaud Jacques Consultant Sécurité SecuriteInfo.com http://www.securiteinfo.com http://www.securiteinfo.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial malware signatures for Clamav
Hello René, Le dimanche 19 août 2007 00:05, René Berber a écrit : > Are you going to setup a general download address, like SaneSecurity? > > I ask because I see that your download link is a bare IP address, which you > may change as much as you want, but I would prefer to use a script with > only one address, just like I use with SaneSecurity and MSRBL. For now, the IP address is fixed. AFAIK, it will not change in the near future. You can use it for your script. -- Cordialement / Best regards, Arnaud Jacques Consultant Sécurité SecuriteInfo.com http://www.securiteinfo.com http://www.securiteinfo.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html