Re: [clamav-users] Clamav configuration
Hi, I am using clamav server to scan from another host connected through. Can you please confirm if I should use the ip of the host to be scanned in the TCPAddr of the clamd.conf ? Thanks, Josh -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of tejas sarade Sent: Tuesday, January 14, 2014 2:37 PM To: ClamAV users ML Subject: Re: [clamav-users] Clamav configuration TCPAddr is the IP address ClamAV daemon listen on. It should be set to 127.0.0.1 as long as you are not using ClamAV server accepting files to scan from other hosts. On Thu, Jan 9, 2014 at 3:13 PM, Joshua Soulwin Malayappan joshua_malayap...@infosys.com wrote: Hi, Can you please let me know the configurations needed to be done in clamd.conf after installing clamav. I went through the site http://solutionsfox.com/2011/04/install-clamav-on-redhat-or-centos/ And it was given as TCPAddr 127.0.0.1 TCPSocket 3310 User root MaxThreads 30 Can you please help me out by explaining what TCPAddr I should configure here. Thanks in advance. Regards, Josh ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS*** ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Why CLAMAV do not recognized infected files?
Hi. Yesterday via mail i received infected file. (I use clamav on my debian mail system) So i uploaded it via clamav web to check. Web recognize it as a infected by xxx. But my clamav did not recognize it until now (it was yesterday) #clamscan /virus/111.exe --- SCAN SUMMARY --- Known viruses: 3070573 Engine version: 0.97.8 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.62 MB Data read: 0.61 MB (ratio 1.01:1) Time: 6.283 sec (0 m 6 s) Bases are current: Wed Jan 15 09:40:41 2014 - Received signal: wake up Wed Jan 15 09:40:41 2014 - ClamAV update process started at Wed Jan 15 09:40:41 2014 Wed Jan 15 09:40:41 2014 - WARNING: Your ClamAV installation is OUTDATED! Wed Jan 15 09:40:41 2014 - WARNING: Local version: 0.97.8 Recommended version: 0.98.1 Wed Jan 15 09:40:41 2014 - DON'T PANIC! Read http://www.clamav.net/support/faq Wed Jan 15 09:40:41 2014 - main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Wed Jan 15 09:40:41 2014 - daily.cld is up to date (version: 18353, sigs: 651663, f-level: 63, builder: neo) Wed Jan 15 09:40:41 2014 - bytecode.cld is up to date (version: 235, sigs: 44, f-level: 63, builder: dgoddard) ? -- bendix ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] ClamAV v0.98.1
Looks like 0.98.1 is out... Change log: https://raw.github.com/vrtadmin/clamav-devel/0.98.1/ChangeLog Sources: http://www.clamav.net/lang/en/download/sources/ Windows binaries (.msi format): http://sourceforge.net/projects/clamav/files/clamav/0.98.1/ Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Clamav configuration
The IP address in clamd.conf TCPAddr is a local address on the clamd machine. Remote clients using clamd will connect to this address. On Wed, Jan 15, 2014 at 3:01 AM, Joshua Soulwin Malayappan joshua_malayap...@infosys.com wrote: Hi, I am using clamav server to scan from another host connected through. Can you please confirm if I should use the ip of the host to be scanned in the TCPAddr of the clamd.conf ? Thanks, Josh -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto: clamav-users-boun...@lists.clamav.net] On Behalf Of tejas sarade Sent: Tuesday, January 14, 2014 2:37 PM To: ClamAV users ML Subject: Re: [clamav-users] Clamav configuration TCPAddr is the IP address ClamAV daemon listen on. It should be set to 127.0.0.1 as long as you are not using ClamAV server accepting files to scan from other hosts. On Thu, Jan 9, 2014 at 3:13 PM, Joshua Soulwin Malayappan joshua_malayap...@infosys.com wrote: Hi, Can you please let me know the configurations needed to be done in clamd.conf after installing clamav. I went through the site http://solutionsfox.com/2011/04/install-clamav-on-redhat-or-centos/ And it was given as TCPAddr 127.0.0.1 TCPSocket 3310 User root MaxThreads 30 Can you please help me out by explaining what TCPAddr I should configure here. Thanks in advance. Regards, Josh ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS*** ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] False positives
I'm a software developer at Anzovin Studio. We've recently received a rather irate report from one of our users that the ClamAV is flagging one of our installers as being infected with Win.Trojan.378656. We've checked our other installers with ClamAV and a number of them are also being flagged. I think it is unlikely that they are actually infected with a Trojan, but I would like to rule out the possibility of course. If it is, as I suspect, a false positive it would be nice to have it no longer reported as malicious. I see that there is a form on the ClamAV site for submitting false positives. Should I submit each of the installers in question? What is the process for handling false positives? Also, is there some reasonably straightforward way to find out what in particular about these installers is causing them to be flagged? As I said I think it is pretty unlikely that they are infected with any malware, but I would like to be able to rule out the possibility. The software in question was written before I came to the studio, and uses an installer program we no longer use except for older products, and that I am not familiar with. It is called Astrum InstallWizard. I suspect that there is something about the installer that's causing this. Thanks Tagore Smith ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] ClamAV v0.98.1
Thanks Steve. I was having an email issue yesterday and my announcement email was stuck in the queue. -- Joel Esler Intelligence Lead Open Source Manager Vulnerability Research Team On Jan 15, 2014, at 8:07 AM, Steve Basford steveb_cla...@sanesecurity.commailto:steveb_cla...@sanesecurity.com wrote: Looks like 0.98.1 is out... Change log: https://raw.github.com/vrtadmin/clamav-devel/0.98.1/ChangeLog Sources: http://www.clamav.net/lang/en/download/sources/ Windows binaries (.msi format): http://sourceforge.net/projects/clamav/files/clamav/0.98.1/ Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Virus update notices from month's ago.
Hi, I'm getting all sorts of virus update notifications that are months old and huge in size. Headers for one at http://pastebin.com/iMnkFiCk Regards, Rick ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] False positives
Tagore, Thanks for your FP report. The process for submitting suspected false positives is to go through the webpage http://www.clamav.net/lang/en/sendvirus/submit-fp/ . We monitor submission that come in through that feed and address them as soon as possible. For a high priority FP, please email this list with the MD5/SHA256 of the sample(s) you submitted. In this particular case, the signature name you provided was enough information to confirm the FP. The signature has been removed and this should be reflected in a DB update later today. Thanks, - Alain On Wed, Jan 15, 2014 at 11:59 AM, Tagore Smith tagoresm...@gmail.comwrote: I'm a software developer at Anzovin Studio. We've recently received a rather irate report from one of our users that the ClamAV is flagging one of our installers as being infected with Win.Trojan.378656. We've checked our other installers with ClamAV and a number of them are also being flagged. I think it is unlikely that they are actually infected with a Trojan, but I would like to rule out the possibility of course. If it is, as I suspect, a false positive it would be nice to have it no longer reported as malicious. I see that there is a form on the ClamAV site for submitting false positives. Should I submit each of the installers in question? What is the process for handling false positives? Also, is there some reasonably straightforward way to find out what in particular about these installers is causing them to be flagged? As I said I think it is pretty unlikely that they are infected with any malware, but I would like to be able to rule out the possibility. The software in question was written before I came to the studio, and uses an installer program we no longer use except for older products, and that I am not familiar with. It is called Astrum InstallWizard. I suspect that there is something about the installer that's causing this. Thanks Tagore Smith ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Virus update notices from month's ago.
Rick, That was me. There were a bunch stuck in the queue, and I cleared it out. Sorry about that. On Jan 15, 2014, at 1:31 PM, Rick Macdougall ri...@ummm-beer.com wrote: Hi, I'm getting all sorts of virus update notifications that are months old and huge in size. Headers for one at http://pastebin.com/iMnkFiCk Regards, Rick ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml