[clamav-users] [Fwd: [sanesecurity] extremeshok/clamav-unofficial-sigs :: version 4.3 (updated 2015-05-13)]
Hi All, Just in case this is useful to anyone: Adrian of extremeshok-dot-com has forked Bill Landry's clamav-unofficial-sigs script and made quite a few new changes to the script: Original Message Subject: [sanesecurity] extremeshok/clamav-unofficial-sigs :: version 4.3 (updated 2015-05-13) From:admin-at-extremeshok-dot-com ad...@extremeshok.com Date:Wed, May 13, 2015 7:47 pm To: sanesecur...@freelists.org assp-t...@lists.sourceforge.net -- Location: https://github.com/extremeshok/clamav-unofficial-sigs Version 4.3.0 (updated 2015-05-13) * eXtremeSHOK.com Maintenance * Code refactoring: group and move functions to top of script * Complete rewrite of securiteinfo support, full support for Free/Delayed clamav by securiteinfo.com ;-P Note: securite info requires you to create a free account and add your authorisation code to the config. * Config updated to 4.3 Version 4.2.0 * eXtremeSHOK.com Maintenance * Replace annoying si_ , mbl_, ss_ with actual names ie. securiteinfo_ malwarepatrol_ sanesecurity_ * Complete rewrite of malwarepatrol support, full support for Free/Delayed clamav ;-P Note: malware patrol requires you to create a free account and add your purchase code to the config. * More fixes to config prasing and stripping of comments and whitespace * Code refactoring: remove empty commands: echo and comment * Config version detection and enforcing Version 4.1.0 * eXtremeSHOK.com Maintenance * Fix on default enable of foxhole medium and High false positive sources * grammatical corrections to some comments and log output * sig-boundary patch by Alan Stern * create intermediate monitor-ign-old.txt to prevent reading and writing of local.ign by Alan Stern Version 4.0.0 * eXtremeSHOK.com Maintenance * Enabled all low false positive sources by default * Added all Sanesecurity database files * Disabled all med/high false positive sources by default * Set default configs to work out of the box on a centos system * Silence cron job * Set correct paths throughout the script * Updated Installation Instructions * Updated Paths for removal * Updated Default locations to reflect installation instructions * Fix: correctly remove comments and blanklines from config before eval * Remove: invalid config values (eg. EXPORT path) * Fix: correctly check if rsync was successful Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] [Fwd: [sanesecurity] extremeshok/clamav-unofficial-sigs :: version 4.3 (updated 2015-05-13)]
Nice work, Steve and Adrian. dp On 5/14/15 6:13 AM, Steve Basford wrote: Hi All, Just in case this is useful to anyone: Adrian of extremeshok-dot-com has forked Bill Landry's clamav-unofficial-sigs script and made quite a few new changes to the script: Original Message Subject: [sanesecurity] extremeshok/clamav-unofficial-sigs :: version 4.3 (updated 2015-05-13) From:admin-at-extremeshok-dot-com ad...@extremeshok.com Date:Wed, May 13, 2015 7:47 pm To: sanesecur...@freelists.org assp-t...@lists.sourceforge.net -- ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav Scan on Access
Hi Alessandro, We are tracking the future on access effort in ClamAV with the following: https://bugzilla.clamav.net/show_bug.cgi?id=11049 Thanks, Steve On Thu, May 14, 2015 at 11:03 AM, Alessandro Baggi alessandro.ba...@gmail.com wrote: Hi list, I'm new user on list. I've installed on C7 (rel 1503) from epel repo clamav-* 0.98.7. I've tried Scan On access feature, but I've noticed a strange result. Setting OnAccessIncludePath /home clamd/fanotify protect on /home and not it's subdirectories, than it not recurses. On web I've found a post where an user has the same problem on date 2014. I don't know if recursion was added. This is a misconfiguration or the fanotify recursion is not yet implemented? Thanks in advance. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Clamav Scan on Access
Hi list, I'm new user on list. I've installed on C7 (rel 1503) from epel repo clamav-* 0.98.7. I've tried Scan On access feature, but I've noticed a strange result. Setting OnAccessIncludePath /home clamd/fanotify protect on /home and not it's subdirectories, than it not recurses. On web I've found a post where an user has the same problem on date 2014. I don't know if recursion was added. This is a misconfiguration or the fanotify recursion is not yet implemented? Thanks in advance. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Fwd: [Community-sigs] Create your own ClamAV signatures with CASC
Sending this over to the users list as well: Begin forwarded message: From: Alain Zidouemba azidoue...@sourcefire.commailto:azidoue...@sourcefire.com Subject: [Community-sigs] Create your own ClamAV signatures with CASC Date: May 14, 2015 at 9:57:00 AM PDT To: ClamAV Community Signatures Submission List community-s...@lists.clamav.netmailto:community-s...@lists.clamav.net Reply-To: ClamAV Community Signatures Submission List community-s...@lists.clamav.netmailto:community-s...@lists.clamav.net http://blog.clamav.net/2015/05/create-your-own-clamav-signatures-with.html The ClamAV community is growing and we are receiving more user-generated ClamAV signatures through our community signatures mailing list http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html. Thanks to all who have contributed! For those who find the task of writing your own signatures https://github.com/vrtadmin/clamav-devel/raw/master/docs/signatures.pdf daunting, we have created something you may be interested in. To aid users in developing better ClamAV signatures faster, Angel Villegas created the ClamAV Signature Creator (CASC), an IDA Pro plug-in. A quick and easy installation into IDA Pro 6.7 or higher (reduced feature set for IDA Pro 6.6) will have you creating basic ClamAV ndb and ldb signatures in no time. CASC allows users to select aspects of a sample's disassembly, a function block, or a set of strings to create a sub-signature. Each sub-signature can contain user-defined notes to keep track of information contained within the sub-signature. Once you've selected enough sub-signatures to get the job done, or until your heart's content, a ClamAV signature can be created from one or more sub-signatures. Check out this IDA Pro plug-in on Github https://github.com/vrtadmin/CASC and its wiki for documentation https://github.com/vrtadmin/CASC/wiki. - Alain ___ Community-sigs mailing list community-s...@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml