Re: [clamav-users] https support for freshclam
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Tue, Dec 30, 2014 at 8:15 AM, Dennis Peterson denni...@inetnw.com wrote: If I were in your position I'd also use rsync as that is what I did when I was in your position (retirement is a fine thing). It also provides a very atomic-like operation so if clamd or clamscan needed to read the signatures they're not in a half-there state. Your case involves protecting intellectual property and that is justification for just about any solution you can come up with. dp On 12/29/14 6:43 AM, Torge Husfeldt wrote: Hi, Am 24.12.2014 um 12:09 schrieb Arnaud Jacques / SecuriteInfo.com: Le mardi 23 décembre 2014, 10:56:37 Dennis Peterson a écrit : Second try: What problem are you trying to solve with https? Privacy. I'd like to expand upon this. For the standard use-case using the official sources this might be irrelevant and actually present more draw-backs than advantages. But: just like the original poster we have a DB of internal signatures and we had to solve the exact same problem. We resolved not to use freshclam at all but rsync/sigUSR1 the updated signatures to our ~20k Servers. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] (no subject)
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Sun, Dec 28, 2014 at 1:47 AM, jpff j...@codemist.co.uk wrote: Thank you Shawn; that fixes it. I did look at the archive but clearly inadequately All working at company and university ==John ffitch ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Protection from cryptowall/cryptolocker
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Wed, Dec 24, 2014 at 12:38 AM, Steve Basford steveb_cla...@sanesecurity.com wrote: On Tue, December 23, 2014 6:35 pm, Alex Regan wrote: I'd appreciate any further documents or other methods of protection that people are using to block these? ClamAV and Sanesecurity signatures will help block malware which is emailed in, which can then download exploit packs, some of which contain CrytoWall etc. Sanesecurity sigs are here: http://sanesecurity.com/foxhole-databases/ http://sanesecurity.com/usage/signatures/ Sanesecurity blog with current malware being seen... http://sanesecurity.blogspot.co.uk/ You might also want to sort out windows users with group policy type stuff or something like this (Windows): CryptoPrevent: https://www.foolishit.com/vb6-projects/cryptoprevent/technical-information/ These are worth looking at... http://labs.bitdefender.com/2014/12/bitdefender-offers-free-cryptowall-vaccine/ http://www.surfright.nl/en/cryptoguard Cheers, Steve Web: Sanesecurity.com Blog: sanesecurity.blogspot.co.uk ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Regarding Clamav 0.98.5 installation from source code
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Wed, Dec 24, 2014 at 12:25 AM, Dennis Peterson denni...@inetnw.com wrote: What a dummy - I responded to the wrong post :) On 12/23/14 10:41 AM, Dennis Peterson wrote: ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] sigwhitelist.ign2 whitelist not working
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Tue, Dec 9, 2014 at 7:29 PM, polloxx poll...@gmail.com wrote: Thanks Steve, that works. On Tue, Dec 9, 2014 at 2:43 PM, Steve Basford steveb_cla...@sanesecurity.com wrote: On Tue, December 9, 2014 1:33 pm, polloxx wrote: % cat local.ign2 SecuriteInfo.com.Spammer.ec-messenger.com.UNOFFICIAL SecuriteInfo.com.Spammer.addemar.com.UNOFFICIAL Ah, ok...remove the .UNOFFICIAL off the end and restart clamd. Cheers, Steve Sanesecurity.com ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Win.Trojan.Genieo
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Wed, Dec 3, 2014 at 12:59 PM, Al Varnell alvarn...@mac.com wrote: I believe this signature has been mislabeled as Windows only. The signature comes back as: VIRUS NAME: Win.Trojan.Genieo TARGET TYPE: MACHO OFFSET: * DECODED SIGNATURE: okup__ZL20dtor_genieo_06041979v___tcf_0 stub which tells me it’s an OS X executable. Since it’s neither a false positive or false negative, I wasn’t sure how to report it. -Al- -- Al Varnell Mountain View, CA ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav installation on Ubuntu 14.10
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Fri, Dec 5, 2014 at 5:35 AM, Raj, Dilip dilip@arris.com wrote: Hi, I have several Ubuntu Server, and I wanted to deploy Clamav. I don't want to have all my server connect to internet and grab In a Troubleshooting section of Clamav web site, it says it can be done. Clamav Server: My main clamav server ( 192.168.75.125) ( which will connect to internet and download main.cvd and other .cvd file. The freshclam download the *.cvd files from http://database.clamav.net. How do I configure it so it can dump this into webserver's DocumentRoot. My clamav server is configured with LAMP config on a Ubuntu 14.10. Clients: My other Ubuntu Clients will connect to clamav server ( 192.168.75.125) and download this main.cvd and other files. Client is also Ubuntu 10.10. This below notes is directly from clamav Web site. 1. The second possible solution is to configure a local webserver on one of your machines (say machine1.mylan) and let freshclam download the *.cvd files from http://database.clamav.net to the webserver's DocumentRoot. Finally, change freshclam.conf on your clients so that it reads: DatabaseMirror machine1.mylan. First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it. For this to work, you have to add ScriptedUpdates off on all of your machines! Thanks. Dilip ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamsubmit option -p
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Mon, Dec 1, 2014 at 10:30 PM, Benny Pedersen m...@junc.eu wrote: On 1. dec. 2014 15.58.15 Shawn Webb sw...@sourcefire.com wrote: No need to extract files prior to submission, though it would certainly accelerate analysis if you did. The acronym FP means False Positive--a file that erroneously caused ClamAV to report a virus. The acronym FN means False Negative--a file that was erroneously reported as clean by ClamAV. Thanks now i know the diffrence, will submit some fn, currently only detected with foxhole, but i think the real virus/malware should be detected undepended of archive extension ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Mirroring Problems with db.de.clamav.net and safebrowsing
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Mon, Nov 24, 2014 at 6:37 PM, Matthias Egger maeg...@ee.ethz.ch wrote: Hello List I just checked the logfiles back until october 2014 and saw, that we got often safebrowsing-N.cdiff not found on remote server when we tried downloading the file from db.de.clamav.net. 2 times from 212.227.138.145 15 times from 62.245.181.53 41 times from 88.198.17.100 Are these mirrors just not aware that they should now mirror a safebrowsing-N.cdiff File? Or should i use another URL (db.??.clamav.net) to download (and which url in that case?). Best regards Matthias -- Matthias Egger ETH Zurich Department of Information Technology maeg...@ee.ethz.ch and Electrical Engineering IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90 Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] cannot find clamav-devel-latest.tar.gz anymore...
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Wed, Nov 26, 2014 at 8:09 PM, Joel Esler (jesler) jes...@cisco.com wrote: I'll take a look, probably won't happen before Thanksgiving here in the US though. Most of the critical people are on vacation. From: clamav-users [clamav-users-boun...@lists.clamav.net] on behalf of Heino Backhaus [heino.backh...@fink-computer.de] Sent: Wednesday, November 26, 2014 9:38 AM To: ClamAV users ML Subject: Re: [clamav-users] cannot find clamav-devel-latest.tar.gz anymore... i would realy appreciate that ;-) Thanks for your effort. Mit freundlichen Gruessen H. Backhaus Fink-Computer Systeme Heggrabenstr. 9, 35435 Wettenberg Email: heino.backh...@fink-computer.de Web: www.fink-computer.de Fax: +49-641-98444638 Fon: +49-641-98444640 UST-ID: DE151040770 HRB: 2143 Gießen GF: Fredi Fink I was gratified to be able to answer promptly, and I did. I said I didn't know. -Mark Twain Am 26.11.2014 15:26, schrieb Joel Esler (jesler): Well I imagine this probably happened when we switched from the old website to the new website. I wasn't aware that we were producing daily builds. I'll talk it over with the team and see if this is something we want to include on the new site. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos On Nov 26, 2014, at 7:42 AM, Heino Backhaus heino.backh...@fink-computer.de wrote: Hello List, i'm using http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz as source for an automated daily upgrade-script since about 10 Years on 15 +x MailScanner machines and it worked perfectly (thanks for that). My problem ist that this file just doesn't exist since version: ClamAV devel-20140826/19682/Wed Nov 26 06:40:34 2014. Haven't I searched hard enough ? -- Mit freundlichen Gruessen H. Backhaus Fink-Computer Systeme Heggrabenstr. 9, 35435 Wettenberg Email: heino.backh...@fink-computer.de Web: www.fink-computer.de Fax: +49-641-98444638 Fon: +49-641-98444640 UST-ID: DE151040770 HRB: 2143 Gießen GF: Fredi Fink I was gratified to be able to answer promptly, and I did. I said I didn't know. -Mark Twain ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] detection of really old viruses?
Respected Sir/Madam, Could you tell me step-wise how to install stable version 0.98.5 from source code in ubuntu??? --- Naresh On Sun, Nov 23, 2014 at 10:02 AM, Marcel Giannelia i...@skeena.net wrote: On Sat, 22 Nov 2014 18:53:58 -0800 Al Varnell alvarn...@mac.com wrote: AFAIK, definitions exist forever unless they have been found to cause False Positives. You can normally find the date a definition was added by searching the clamav-virusdb archive: http://lurker.clamav.net/list/clamav-virusdb.en.html Confirmed; e.g. searching that list for CIH (a.k.a. Chernobyl, from about 1998 or 99) shows W95.CIH-II.882 and some variants were added to the defs in about 2003. sigtool -l of the current main.cvd shows that these definitions are still present in current. Thanks, ~Felix. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml