Re: [clamav-users] Hi I haver been using clamav for my linux system I use 12.04Ltd i have a query

2016-12-12 Thread Steven Morgan 
On Sat, Dec 10, 2016 at 6:23 PM, Beth Macdougal 
wrote:

> now i am not positive about this whether it is a virus or not but i ran the
>
> clamscan -r --bell -i /
>
> and when it finished it said
>
> LibClamAV Warning: fmap_readpage: pread fail: asked for 4085 bytes @ offset
>
[...]

This warning message does not indicate the presence of a virus. If you take
out the -i flag, you should be able to determine the file where the warning
occurred.

Hope this helps,
Steve
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question on attachments

2016-12-12 Thread Joel Esler (jesler) 
File types are based upon their contents.  Not their extensions.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Dec 12, 2016, at 11:43 AM, TR Shaw > 
wrote:

How does ClamAV decide to unpack an attachment?

In particular this is in reference to the recent Locky attachments that are 
zips but have the attachment extension “dip”

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question on attachments

2016-12-12 Thread Steve basford 

Hi Tom,

.ftm files contain magic headers of various formats.

Cat daily.ftm
Cat sanesecurity.ftm

The engine then unpacks if it's a zip etc and the unpacked exists. That's 
why your example filename still unpacks.


You can also use. ftm to skip file formats from scanning.

I'm mobile at the moment ...so sorry if this is a bit vague.

Cheers,

Steve
Twitter: @sanesecurity



On 12 December 2016 16:44:17 TR Shaw  wrote:


How does ClamAV decide to unpack an attachment?

In particular this is in reference to the recent Locky attachments that are 
zips but have the attachment extension “dip”


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question on attachments

2016-12-12 Thread Reindl Harald 



Am 12.12.2016 um 17:43 schrieb TR Shaw:

How does ClamAV decide to unpack an attachment?

In particular this is in reference to the recent Locky attachments that are 
zips but have the attachment extension “dip”


clamav don't care about extensions as any other unix software

[harry@rh:/downloads/test]$ clamscan test.zip
test.zip: Eicar-Test-Signature FOUND

--- SCAN SUMMARY ---
Known viruses: 5276854
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 8.036 sec (0 m 8 s)
[harry@rh:/downloads/test]$ mv test.zip test.nothing
[harry@rh:/downloads/test]$ clamscan test.nothing
test.nothing: Eicar-Test-Signature FOUND

--- SCAN SUMMARY ---
Known viruses: 5276854
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 7.537 sec (0 m 7 s)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Question on attachments

2016-12-12 Thread TR Shaw 
How does ClamAV decide to unpack an attachment?

In particular this is in reference to the recent Locky attachments that are 
zips but have the attachment extension “dip”

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] bugzilla security certificate

2016-12-12 Thread Steve Basford 

On Wed, December 7, 2016 5:03 pm, Benny Pedersen wrote:

>> You can bypass the warning if desired.
>
> worst advise you ever have giving here

Thanks... but I didn't actually say you *should* ... but browsers do allow
you too.

In this case the firefox error box was:

bugs.clamav.net uses an invalid security certificate.
The certificate ***is only valid*** for bugzilla.clamav.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN

Seeing as the url is: https://bugs.clamav.net/
and the certificate is for bugzilla.clamav.net, you are given
a bit of information to help you decide if you really want to bypass the
warning.

BIG FLASHING LED'S -> not saying that you should

Plus, you have to click Advanced, Add Exception before you
even get to confirming the exception... so you have to be pretty certain
you want to do this.

Hopefully case closed ;)

-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml