Re: [clamav-users] Problems with safe browsing

2016-11-10 Thread Gene Heskett 
On Thursday 10 November 2016 17:45:24 TR Shaw wrote:

> Thanks, all.
>
> However its a real shame that it will not scan generic files looking
> for bad urls rather than only scanning email files.
>
> I was going to to use clamav to scan disk drives for scripts that used
> uris in safe browsing So much of that :-(
>
> Tom

It scans disks just fine, has caught one real, and 2 fp's in the 3 years 
or so I've been using it. I also have clamscand scanning all incoming 
emails, and it has quaranteened, in the past year,
-rw-r--r-- 1 gene mail 113710 Jun  6 08:13 virii
So there is probably 3, maybe more, attacks in there.  I usually zero 
that file out on new years day. The clamav tools can do a lot, if used 
for the jobs they were designed to do.  Read the docs, then read them 
again.

> > On Nov 10, 2016, at 3:46 PM, Steve basford
> >  wrote:
> >
> > Hi Tom,
> >
> > Create a standard header body formatted  email and then insert the
> > address at the end.
> >
> > It will be detected.  Just placing on a line.. it won't be detected,
> >
> > Cheers,
> >
> > Steve
> > Twitter: @sanesecurity
> >
> > On 10 November 2016 19:53:05 TR Shaw  wrote:
> >> I have freshclam set to load safe browsing:
> >>
> >> -rw-r--r--   1 _clamav  admin   57874944 Nov 10 11:51 daily.cld
> >> -rw-r--r--   1 _clamav  admin  103419904 Nov 10 13:51
> >> safebrowsing.cld
> >>
> >> I placed http://ianfette[.]org/ in a file safebrowsingtest.txt
> >>
> >> Then I run clam and expect to hit safe browsing but I instead I get
> >> OK.
> >>
> >> $ clamscan -v safebrowsingtest.txt
> >> Scanning safebrowsingtest.txt
> >> safebrowsingtest.txt: OK
> >>
> >> --- SCAN SUMMARY ---
> >> Known viruses: 8073056
> >> Engine version: 0.99.2
> >> Scanned directories: 0
> >> Scanned files: 1
> >> Infected files: 0
> >> Data scanned: 0.00 MB
> >> Data read: 0.00 MB (ratio 0.00:1)
> >> Time: 12.567 sec (0 m 12 s)
> >>
> >> When I place http://ianfette[.]org/ in a browser I get the safe
> >> browsing alert.  Any ideas what I am doing wrong?
> >>
> >> Tom
> >>
> >>
> >> ___
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problems with safe browsing

2016-11-10 Thread TR Shaw 
Thanks, all.

However its a real shame that it will not scan generic files looking for bad 
urls rather than only scanning email files.

I was going to to use clamav to scan disk drives for scripts that used uris in 
safe browsing So much of that :-(

Tom

> On Nov 10, 2016, at 3:46 PM, Steve basford  
> wrote:
> 
> Hi Tom,
> 
> Create a standard header body formatted  email and then insert the address at 
> the end.
> 
> It will be detected.  Just placing on a line.. it won't be detected,
> 
> Cheers,
> 
> Steve
> Twitter: @sanesecurity
> 
> 
> 
> On 10 November 2016 19:53:05 TR Shaw  wrote:
> 
>> I have freshclam set to load safe browsing:
>> 
>> -rw-r--r--   1 _clamav  admin   57874944 Nov 10 11:51 daily.cld
>> -rw-r--r--   1 _clamav  admin  103419904 Nov 10 13:51 safebrowsing.cld
>> 
>> I placed http://ianfette[.]org/ in a file safebrowsingtest.txt
>> 
>> Then I run clam and expect to hit safe browsing but I instead I get OK.
>> 
>> $ clamscan -v safebrowsingtest.txt
>> Scanning safebrowsingtest.txt
>> safebrowsingtest.txt: OK
>> 
>> --- SCAN SUMMARY ---
>> Known viruses: 8073056
>> Engine version: 0.99.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 12.567 sec (0 m 12 s)
>> 
>> When I place http://ianfette[.]org/ in a browser I get the safe browsing 
>> alert.  Any ideas what I am doing wrong?
>> 
>> Tom
>> 
>> 
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problems with safe browsing

2016-11-10 Thread Steve basford 

Hi Tom,

Create a standard header body formatted  email and then insert the address 
at the end.


It will be detected.  Just placing on a line.. it won't be detected,

Cheers,

Steve
Twitter: @sanesecurity



On 10 November 2016 19:53:05 TR Shaw  wrote:


I have freshclam set to load safe browsing:

-rw-r--r--   1 _clamav  admin   57874944 Nov 10 11:51 daily.cld
-rw-r--r--   1 _clamav  admin  103419904 Nov 10 13:51 safebrowsing.cld

I placed http://ianfette[.]org/ in a file safebrowsingtest.txt

Then I run clam and expect to hit safe browsing but I instead I get OK.

$ clamscan -v safebrowsingtest.txt
Scanning safebrowsingtest.txt
safebrowsingtest.txt: OK

--- SCAN SUMMARY ---
Known viruses: 8073056
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.567 sec (0 m 12 s)

When I place http://ianfette[.]org/ in a browser I get the safe browsing 
alert.  Any ideas what I am doing wrong?


Tom


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problems with safe browsing

2016-11-10 Thread Steven Morgan 
Hi Tom,

Is it an email file? Looks like the safebrowsing checks only occur during
email file parsing.

Hope this helps,
Steve
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Problems with safe browsing

2016-11-10 Thread TR Shaw 
I have freshclam set to load safe browsing:

-rw-r--r--   1 _clamav  admin   57874944 Nov 10 11:51 daily.cld
-rw-r--r--   1 _clamav  admin  103419904 Nov 10 13:51 safebrowsing.cld

I placed http://ianfette[.]org/ in a file safebrowsingtest.txt

Then I run clam and expect to hit safe browsing but I instead I get OK. 

$ clamscan -v safebrowsingtest.txt 
Scanning safebrowsingtest.txt
safebrowsingtest.txt: OK

--- SCAN SUMMARY ---
Known viruses: 8073056
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.567 sec (0 m 12 s)

When I place http://ianfette[.]org/ in a browser I get the safe browsing alert. 
 Any ideas what I am doing wrong?

Tom


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Creating Windows 10 Services

2016-11-10 Thread Steve Basford 

On Thu, November 10, 2016 12:15 am, Andrew Brown wrote:

> I would now like to turn this into a service. I have found Sc
> create #BKMK_examples> useful and I can create the service but when I enter my
> parameters it goes bang and I have no idea what to do next. Does anyone
> have any hints or tips on how to get any and all of clamav's daemons
> running as services under Windows please. When freshclam is running as a
> daemon, I do see it as a background task using Task Manager.

Hi Andrew,

This entry has an option "Running ClamAV as a service":

http://kb.gtkc.net/installing-clamav-on-windows-server-2012/

You might need to modify pathnames etc. but looks like runassvc.zip is the
bit you'd need.

-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml