Re: [clamav-users] clamd/clamdscan and IPv6

2016-12-14 Thread Dennis Peterson 

Thanks for closing the event here. It doesn't happen enough.

dp

On 12/14/16 2:54 PM, Steven Morgan wrote:

Thanks, there was a little coding error. Following the connect() failure on
the local socket, the code was not checking if the TCPAddr option is
enabled.

Steve

On Wed, Dec 14, 2016 at 3:12 AM, Christoph Pleger 
wrote:


Hello Steve,


Looking at the code, it appears that the error message occurs when the
clamd/clamdscan parameter "LocalSocket" is disabled, or it is enabled and
the socket connect() call fails, and also the TCPAddr parameter is
specified.

Thank you for that hint. It brought me to the finding that, close to the
time of the ISP change, I must have made an update of the clamav package
that changed user and group ownership of the local socket without my
knowledge.

But TCPAddr was and is not enabled; clamconf says:

 TCPSocket
disabled
TCPAddr disabled

Regards
   Christoph

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamd/clamdscan and IPv6

2016-12-14 Thread Steven Morgan 
Thanks, there was a little coding error. Following the connect() failure on
the local socket, the code was not checking if the TCPAddr option is
enabled.

Steve

On Wed, Dec 14, 2016 at 3:12 AM, Christoph Pleger 
wrote:

> Hello Steve,
>
> > Looking at the code, it appears that the error message occurs when the
> > clamd/clamdscan parameter "LocalSocket" is disabled, or it is enabled and
> > the socket connect() call fails, and also the TCPAddr parameter is
> > specified.
>
> Thank you for that hint. It brought me to the finding that, close to the
> time of the ISP change, I must have made an update of the clamav package
> that changed user and group ownership of the local socket without my
> knowledge.
>
> But TCPAddr was and is not enabled; clamconf says:
>
> TCPSocket
> disabled
> TCPAddr disabled
>
> Regards
>   Christoph
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread robert k Wild 
thanks

On 14 Dec 2016 6:34 p.m., "Simon Hobson"  wrote:

> robert k Wild  wrote:
>
> > Can I install a clamav server and point all my clamav end users ie Mac
> > Linux windows to the server to get update definitions
>
> Yes. Setup your own mirror and point everything at it.
>
> > and can I manage my
> > clients from the server ie see if there online run scans and lock clients
> > so they can't change settings?
>
> As already said, that's the province of enterprise systems.
> You should be able to "roll your own" with a combination of local
> permissions management (stop users fiddling with settings), configuration
> management systems (such as Puppet already mentioned, set configuration),
> centralised logging and log analysis (see what is running when), and
> monitoring systems (e.g. I use Nagios to monitor if ClamAV is up to date on
> my servers).
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread Simon Hobson 
robert k Wild  wrote:

> Can I install a clamav server and point all my clamav end users ie Mac
> Linux windows to the server to get update definitions

Yes. Setup your own mirror and point everything at it.

> and can I manage my
> clients from the server ie see if there online run scans and lock clients
> so they can't change settings?

As already said, that's the province of enterprise systems.
You should be able to "roll your own" with a combination of local permissions 
management (stop users fiddling with settings), configuration management 
systems (such as Puppet already mentioned, set configuration), centralised 
logging and log analysis (see what is running when), and monitoring systems 
(e.g. I use Nagios to monitor if ClamAV is up to date on my servers).

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-milter and unofficial sigs

2016-12-14 Thread Reindl Harald 



Am 14.12.2016 um 18:01 schrieb Benny Pedersen:

is it possible currently to accept 3dr party virus in clamav-milter ?

eq:

OnUnofficial Accept

where default is Rejct like OnInfected ?

this will make clamav-milter more flexible


just use two clamd instances

* one as milter with reject
* one with signatures prone to FP and used with the SA plugin for scoring

the fact "is it a 3rd party" don't matter - look at sanesecurity, there 
are a ton of sigs which should only be used for scoring and others are a 
dead-safe "reject it"

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav-milter and unofficial sigs

2016-12-14 Thread Benny Pedersen 

is it possible currently to accept 3dr party virus in clamav-milter ?

eq:

OnUnofficial Accept

where default is Rejct like OnInfected ?

this will make clamav-milter more flexible

using currently here clamav from github head
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread robert k Wild 
thanks

On 14 Dec 2016 4:19 p.m., "Joel Esler (jesler)"  wrote:

> This is probably found exclusively in an enterprise system.
>
> We have it in our AMP product that we sell (which uses ClamAV as one of
> its engines), but I am not aware of any free enterprise management of AV
> software.
>
>
> --
> Joel Esler | Talos: Manager | jes...@cisco.com
>
>
>
>
>
>
> On Dec 14, 2016, at 11:13 AM, robert k Wild  robertkw...@gmail.com>> wrote:
>
> are there any AV programs that have this functunality free?
>
> many thanks,
>
> rob
>
> On 14 December 2016 at 15:59, robert k Wild  robertkw...@gmail.com>> wrote:
>
> thank you all
>
> On 14 Dec 2016 15:57, "Leonardo Rodrigues"  mailto:leolis...@solutti.com.br>>
> wrote:
>
>
>No, absolutely not, clamav do not implement such features usually
> found on 'corporate' antivirus commercial solutions.
>
>Getting update definitions from a single point is easy, just get a
> local mirror of the definitions and configure that on the clients. All the
> other requests, no no no.
>
> Em 14/12/16 13:27, robert k Wild escreveu:
>
> Hi all,
>
> Can I install a clamav server and point all my clamav end users ie Mac
> Linux windows to the server to get update definitions and can I manage my
> clients from the server ie see if there online run scans and lock clients
> so they can't change settings?
>
>
> --
>
>
>Atenciosamente / Sincerily,
>Leonardo Rodrigues
>Solutti Tecnologia
>http://www.solutti.com.br
>
>Minha armadilha de SPAM, NÃO mandem email
>gertru...@solutti.com.br
>My SPAMTRAP, do not email it
>
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> --
> Regards,
>
> Robert K Wild.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread Dennis Peterson 
You could probably configure CFEngine or Puppet to help do that. I did that 
years ago and it worked fine.


dp

On 12/14/16 7:27 AM, robert k Wild wrote:

Hi all,

Can I install a clamav server and point all my clamav end users ie Mac
Linux windows to the server to get update definitions and can I manage my
clients from the server ie see if there online run scans and lock clients
so they can't change settings?

Many thanks,

Rob
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread Joel Esler (jesler) 
This is probably found exclusively in an enterprise system.

We have it in our AMP product that we sell (which uses ClamAV as one of its 
engines), but I am not aware of any free enterprise management of AV software.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Dec 14, 2016, at 11:13 AM, robert k Wild 
mailto:robertkw...@gmail.com>> wrote:

are there any AV programs that have this functunality free?

many thanks,

rob

On 14 December 2016 at 15:59, robert k Wild 
mailto:robertkw...@gmail.com>> wrote:

thank you all

On 14 Dec 2016 15:57, "Leonardo Rodrigues" 
mailto:leolis...@solutti.com.br>>
wrote:


   No, absolutely not, clamav do not implement such features usually
found on 'corporate' antivirus commercial solutions.

   Getting update definitions from a single point is easy, just get a
local mirror of the definitions and configure that on the clients. All the
other requests, no no no.

Em 14/12/16 13:27, robert k Wild escreveu:

Hi all,

Can I install a clamav server and point all my clamav end users ie Mac
Linux windows to the server to get update definitions and can I manage my
clients from the server ie see if there online run scans and lock clients
so they can't change settings?


--


   Atenciosamente / Sincerily,
   Leonardo Rodrigues
   Solutti Tecnologia
   http://www.solutti.com.br

   Minha armadilha de SPAM, NÃO mandem email
   gertru...@solutti.com.br
   My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




--
Regards,

Robert K Wild.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread robert k Wild 
are there any AV programs that have this functunality free?

many thanks,

rob

On 14 December 2016 at 15:59, robert k Wild  wrote:

> thank you all
>
> On 14 Dec 2016 15:57, "Leonardo Rodrigues" 
> wrote:
>
>>
>> No, absolutely not, clamav do not implement such features usually
>> found on 'corporate' antivirus commercial solutions.
>>
>> Getting update definitions from a single point is easy, just get a
>> local mirror of the definitions and configure that on the clients. All the
>> other requests, no no no.
>>
>> Em 14/12/16 13:27, robert k Wild escreveu:
>>
>>> Hi all,
>>>
>>> Can I install a clamav server and point all my clamav end users ie Mac
>>> Linux windows to the server to get update definitions and can I manage my
>>> clients from the server ie see if there online run scans and lock clients
>>> so they can't change settings?
>>>
>>>
>> --
>>
>>
>> Atenciosamente / Sincerily,
>> Leonardo Rodrigues
>> Solutti Tecnologia
>> http://www.solutti.com.br
>>
>> Minha armadilha de SPAM, NÃO mandem email
>> gertru...@solutti.com.br
>> My SPAMTRAP, do not email it
>>
>>
>>
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>


-- 
Regards,

Robert K Wild.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread robert k Wild 
thank you all

On 14 Dec 2016 15:57, "Leonardo Rodrigues"  wrote:

>
> No, absolutely not, clamav do not implement such features usually
> found on 'corporate' antivirus commercial solutions.
>
> Getting update definitions from a single point is easy, just get a
> local mirror of the definitions and configure that on the clients. All the
> other requests, no no no.
>
> Em 14/12/16 13:27, robert k Wild escreveu:
>
>> Hi all,
>>
>> Can I install a clamav server and point all my clamav end users ie Mac
>> Linux windows to the server to get update definitions and can I manage my
>> clients from the server ie see if there online run scans and lock clients
>> so they can't change settings?
>>
>>
> --
>
>
> Atenciosamente / Sincerily,
> Leonardo Rodrigues
> Solutti Tecnologia
> http://www.solutti.com.br
>
> Minha armadilha de SPAM, NÃO mandem email
> gertru...@solutti.com.br
> My SPAMTRAP, do not email it
>
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread Leonardo Rodrigues 


No, absolutely not, clamav do not implement such features usually 
found on 'corporate' antivirus commercial solutions.


Getting update definitions from a single point is easy, just get a 
local mirror of the definitions and configure that on the clients. All 
the other requests, no no no.


Em 14/12/16 13:27, robert k Wild escreveu:

Hi all,

Can I install a clamav server and point all my clamav end users ie Mac
Linux windows to the server to get update definitions and can I manage my
clients from the server ie see if there online run scans and lock clients
so they can't change settings?



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Central management server?

2016-12-14 Thread Reindl Harald 



Am 14.12.2016 um 16:27 schrieb robert k Wild:

Can I install a clamav server and point all my clamav end users ie Mac
Linux windows to the server to get update definitions and can I manage my
clients from the server ie see if there online run scans and lock clients
so they can't change settings?


no


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Central management server?

2016-12-14 Thread robert k Wild 
Hi all,

Can I install a clamav server and point all my clamav end users ie Mac
Linux windows to the server to get update definitions and can I manage my
clients from the server ie see if there online run scans and lock clients
so they can't change settings?

Many thanks,

Rob
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] alternative signatures

2016-12-14 Thread Vladislav Kurz 
On 12/13/16 10:14, Reindl Harald wrote:
> 
> 
> Am 13.12.2016 um 10:03 schrieb Vladislav Kurz:
>> Hello all,
>>
>> In the last few months my satisfaction with clamav's virus signatures is
>> getting worse. Viruses getting through, while clamav catches just a few.
>> Some of them are detected few days later, but that may be too late.
>> Also occasional false positives matching too many innocent files giving
>> bad points.
>>
>> So I am looking for alternative signatures, to improve the detection
>> rate. I heard about sanesecurity.com. Are there any other 3rd party
>> signatures?
> 
> when you already heard about sanesecurity.com why don't you give it a
> try and instead seek for different sources obviosuly not much people are
> using?

I was just curious. Now I found out that the recommended script for
downloading sanesecurity signatures offers also wide range of other's
signatures. That's really cool.


-- 
Best Regards
Vladislav Kurz

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] basic usage from Linux scanning Windows

2016-12-14 Thread thufir 
Internet Explorer has hijacks and pop-ups rendering it nearly useless. 
Chrome seems a bit better.  Is ClamAV broad enough to help?


I'm planning on dual-booting Linux on the same drive as Windows 10 for a 
laptop, and then using ClamAV to scan the Windows partition.  This would 
how it's commonly used?




thanks,

Thufir
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamd/clamdscan and IPv6

2016-12-14 Thread Christoph Pleger 
Hello Steve,

> Looking at the code, it appears that the error message occurs when the
> clamd/clamdscan parameter "LocalSocket" is disabled, or it is enabled and
> the socket connect() call fails, and also the TCPAddr parameter is
> specified.

Thank you for that hint. It brought me to the finding that, close to the
time of the ISP change, I must have made an update of the clamav package
that changed user and group ownership of the local socket without my
knowledge.

But TCPAddr was and is not enabled; clamconf says:
  
TCPSocket
disabled
TCPAddr disabled

Regards
  Christoph

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml