Re: [clamav-users] Javascript file not recognized

2017-02-16 Thread Al Varnell 
Thanks for the response. For whatever reason I didn't receive that.

-Al-

On Thu, Feb 16, 2017 at 02:22 PM, Dennis Peterson wrote:
> 
> It was resent as text in the next message body.
> 
> dp




smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Javascript file not recognized

2017-02-16 Thread Dennis Peterson 

It was resent as text in the next message body.

dp

On 2/16/17 2:20 PM, Al Varnell wrote:

I thought attachments were removed for that reason. I know the subscription 
instructions make it very clear not to submit samples
.

There was no attachment on the e-mail I received, did you get it?

-Al-

On Thu, Feb 16, 2017 at 12:02 PM, Dennis Peterson wrote:

It is really bad form to post suspected malware to this or any list.

dp

On 2/16/17 11:55 AM, Markus Egg wrote:

The attached file was in an email as attachment as "bill":
319598.js

sha1sum
b32a6dfdef2444de1695cb96e6a674c2f7cda74b  319598.js
sha256sum 319598.js
50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7 319598.js


Shows several virus alerts on https://www.virustotal.com/de/
but not with clamav.

BR


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Javascript file not recognized

2017-02-16 Thread Al Varnell 
I thought attachments were removed for that reason. I know the subscription 
instructions make it very clear not to submit samples 
.

There was no attachment on the e-mail I received, did you get it?

-Al-

On Thu, Feb 16, 2017 at 12:02 PM, Dennis Peterson wrote:
> 
> It is really bad form to post suspected malware to this or any list.
> 
> dp
> 
> On 2/16/17 11:55 AM, Markus Egg wrote:
>> The attached file was in an email as attachment as "bill":
>> 319598.js
>> 
>> sha1sum
>> b32a6dfdef2444de1695cb96e6a674c2f7cda74b  319598.js
>> sha256sum 319598.js
>> 50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7 319598.js
>> 
>> 
>> Shows several virus alerts on https://www.virustotal.com/de/
>> but not with clamav.
>> 
>> BR


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

2017-02-16 Thread Alain Zidouemba 
That alert caused by Win.Trojan.DarkKomet-5711346-0 is an FP. The signature
is being dropped.

Thanks for reporting,

- Alain

On Thu, Feb 16, 2017 at 3:17 PM, Mark Foley  wrote:

> I am running a scheduled clamscan on the IMAP mail folders. The command is:
>
> /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout
> --infected \
> --recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/
>
> This scan turns up the following:
>
>
> /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.
> M717944P16540.mail,S=1444158,W=1463348:2,S:
> Win.Trojan.DarkKomet-5711346-0 FOUND
>
> /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.
> M717944P16540.mail,S=1444158,W=1463348:2,S!...!(72)MAIL:
> SEC_deficiency_letter_to_Timbervest.pdf: Win.Trojan.DarkKomet-5711346-0
> FOUND
>
> This email has 4 .pdf attachments.  When I run clamscan manually on any of
> them
> I get no infections:
>
> $ clamscan --detect-pua=yes --scan-ole2=yes 2011.06.08\ Notification\ of\
> Distribution.pdf
> 2011.06.08 Notification of Distribution.pdf: OK
>
> --- SCAN SUMMARY ---
> Known viruses: 5832752
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.41 MB
> Data read: 0.08 MB (ratio 5.20:1)
> Time: 5.877 sec (0 m 5 s)
>
> Why? This is making it difficult to determine if there is an actual
> problem.
>
> This email is also from 2013, so unlikely it suddenly became infected.  I'm
> assuming a new signature was added.  This "malware" (?) started being
> reported
> Feburary 1st.
>
> I run freshclam twice a day.
>
> Thanks --Mark
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

2017-02-16 Thread Mark Foley 
On Thu, 16 Feb 2017 21:21:06 +0100 Reindl Harald  wrote:

> Am 16.02.2017 um 21:17 schrieb Mark Foley:
> > I am running a scheduled clamscan on the IMAP mail folders. The command is:
> >
> > /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout 
> > --infected \
> > --recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/
> >
> > This scan turns up the following:
> >
> >
> > /home/HPRS/dsmith/Maildir/.Sent 
> > Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S: 
> > Win.Trojan.DarkKomet-5711346-0 FOUND
> >
> > /home/HPRS/dsmith/Maildir/.Sent 
> > Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S!...!(72)MAIL:SEC_deficiency_letter_to_Timbervest.pdf:
> >  Win.Trojan.DarkKomet-5711346-0 FOUND
> >
> > This email has 4 .pdf attachments.  When I run clamscan manually on any of 
> > them
> > I get no infections:
> >
> > $ clamscan --detect-pua=yes --scan-ole2=yes 2011.06.08\ Notification\ of\ 
> > Distribution.pdf
> > 2011.06.08 Notification of Distribution.pdf: OK
>
> why --scan-ole2=yes when you scan a pdf?
> --scan-pdf makes more sense

For hopefully consistent results, I was using the same clamscan switches the 
schedule
clamscan job used. With those switches (plus --scan-mail=yes) the scheduled
clamscan found the infections. I didn't use --scan-mail=yes in my manual test
because I had unpacked the attachments from the email.

In any case, running clamscan --scan-pdf also turned up no infections:

So the question stands, Why does it find infections when run on the mail file,
but not on the attachments (or mail body text) when run manually?

--Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Javascript file not recognized

2017-02-16 Thread Steve Basford 

On Thu, February 16, 2017 7:55 pm, Markus Egg wrote:
> The attached file was in an email as attachment as "bill":
> 319598.js
Detected:

phish.ndb: Sanesecurity.Malware.26652.JsHeur
shelter.ldb: Sanesecurity.Shelter.Malware.JSHeur.004

-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

2017-02-16 Thread Reindl Harald 



Am 16.02.2017 um 21:17 schrieb Mark Foley:

I am running a scheduled clamscan on the IMAP mail folders. The command is:

/usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout --infected \
--recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/

This scan turns up the following:


/home/HPRS/dsmith/Maildir/.Sent 
Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S: 
Win.Trojan.DarkKomet-5711346-0 FOUND

/home/HPRS/dsmith/Maildir/.Sent 
Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S!...!(72)MAIL:SEC_deficiency_letter_to_Timbervest.pdf:
 Win.Trojan.DarkKomet-5711346-0 FOUND

This email has 4 .pdf attachments.  When I run clamscan manually on any of them
I get no infections:

$ clamscan --detect-pua=yes --scan-ole2=yes 2011.06.08\ Notification\ of\ 
Distribution.pdf
2011.06.08 Notification of Distribution.pdf: OK


why --scan-ole2=yes when you scan a pdf?
--scan-pdf makes more sense
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

2017-02-16 Thread Mark Foley 
I am running a scheduled clamscan on the IMAP mail folders. The command is:

/usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout --infected \
--recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/

This scan turns up the following:


/home/HPRS/dsmith/Maildir/.Sent 
Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S: 
Win.Trojan.DarkKomet-5711346-0 FOUND

/home/HPRS/dsmith/Maildir/.Sent 
Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S!...!(72)MAIL:SEC_deficiency_letter_to_Timbervest.pdf:
 Win.Trojan.DarkKomet-5711346-0 FOUND

This email has 4 .pdf attachments.  When I run clamscan manually on any of them
I get no infections:

$ clamscan --detect-pua=yes --scan-ole2=yes 2011.06.08\ Notification\ of\ 
Distribution.pdf
2011.06.08 Notification of Distribution.pdf: OK

--- SCAN SUMMARY ---
Known viruses: 5832752
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.41 MB
Data read: 0.08 MB (ratio 5.20:1)
Time: 5.877 sec (0 m 5 s)

Why? This is making it difficult to determine if there is an actual problem.

This email is also from 2013, so unlikely it suddenly became infected.  I'm
assuming a new signature was added.  This "malware" (?) started being reported
Feburary 1st. 

I run freshclam twice a day.

Thanks --Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Javascript file not recognized

2017-02-16 Thread Reindl Harald 



Am 16.02.2017 um 20:55 schrieb Markus Egg:

The attached file was in an email as attachment as "bill":
319598.js

sha1sum
b32a6dfdef2444de1695cb96e6a674c2f7cda74b  319598.js
sha256sum 319598.js
50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7  319598.js


just block them in general as gmail will do in the near future

[sa-milt@mail-gw:~]$ cat 
/var/lib/clamav/thelounge_blocked_extensions.cdb | grep js

thelounge.blocked.extension.js:CL_TYPE_MAIL:*:(?i)\.js$:*:*:*:*:*:*

http://sanesecurity.com/foxhole-databases/

foxhole_js.cdb (medium false positive risk)

This database will block most JavaScript (.js) files within Zip, Rar 
archived.  The current #locky #javascript #malware is using rapidly 
changing JavaScript files and this database is aimed at blocking these. 
To help minimise false positives, this database will only scan small 
sized Zip and Rar files.


foxhole_js.ndb (medium false positive risk)
This database will block ALL JavaScript (.js) files within GZip and Ace 
archives.
The current #locky #javascript #malware is using rapidly changing 
JavaScript files and this database is aimed at blocking these.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Javascript file not recognized

2017-02-16 Thread Dennis Peterson 

It is really bad form to post suspected malware to this or any list.

dp

On 2/16/17 11:55 AM, Markus Egg wrote:

The attached file was in an email as attachment as "bill":
319598.js

sha1sum
b32a6dfdef2444de1695cb96e6a674c2f7cda74b  319598.js
sha256sum 319598.js
50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7 319598.js


Shows several virus alerts on https://www.virustotal.com/de/
but not with clamav.

BR
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Javascript file not recognized

2017-02-16 Thread Markus Egg 

Am 16/02/17 um 20:55 schrieb Markus Egg:

The attached file was in an email as attachment as "bill":
319598.js

sha1sum
b32a6dfdef2444de1695cb96e6a674c2f7cda74b  319598.js
sha256sum 319598.js
50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7  319598.js


Shows several virus alerts on https://www.virustotal.com/de/
but not with clamav.

BR



Forgot the attachment as txt-file, sorry.

var awzaw = [RegExp, RegExp, RegExp, RegExp, RegExp, Date, RegExp, Date, 
RegExp, Date, Date, RegExp, Date, "th='", Date][13];
var omykle = [Date, Date, RegExp, Date, RegExp, RegExp, Date, RegExp, RegExp, 
Date, RegExp, Date, "'^le", RegExp, RegExp][12];
var efgycp = [RegExp, Date, Date, RegExp, "uspa", RegExp, RegExp, RegExp, Date, 
Date, RegExp, RegExp, RegExp, Date, RegExp][4];
var wdezbuk = [RegExp, "u.e'", Date, RegExp, Date, RegExp, Date, RegExp, Date, 
Date, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, Date][1];
var endubot = [RegExp, RegExp, Date, RegExp, Date, RegExp, Date, Date, Date, 
RegExp, Date, "hvaw", RegExp, Date, RegExp][11];
var lfyluzy = [RegExp, Date, Date, Date, Date, RegExp, Date, Date, RegExp, 
Date, Date, RegExp, "nt).", RegExp, RegExp, RegExp][12];
var bgijdepm = [Date, Date, RegExp, Date, Date, Date, RegExp, RegExp, RegExp, 
RegExp, RegExp, "ew-O", RegExp, Date, RegExp, RegExp, Date, Date][11];
var axzibvu = [RegExp, Date, RegExp, Date, RegExp, RegExp, Date, Date, Date, 
RegExp, RegExp, Date, RegExp, RegExp, "$cro", Date, Date][14];
var usfyr = [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, 
RegExp, ";\\\"", Date, RegExp, RegExp, Date, RegExp, RegExp, Date, Date][9];

function jocfim() {
var adirj = 799;
return adirj;
}
var qpovzup = [RegExp, RegExp, RegExp, Date, Date, Date, Date, RegExp, RegExp, 
Date, RegExp, Date, "ll  ", RegExp, RegExp, Date, Date, RegExp][12];
var tralpo = [RegExp, RegExp, Date, "alxa", Date, Date, Date, Date, Date, Date, 
RegExp, RegExp, RegExp, Date, Date][3];
var etxuxe = [RegExp, RegExp, Date, Date, RegExp, RegExp, RegExp, Date, RegExp, 
Date, Date, RegExp, RegExp, RegExp, Date, RegExp, Date, "); S"][17];
var itripru = [Date, "bo='", RegExp, RegExp, Date, Date, RegExp, RegExp, 
RegExp, Date, Date, RegExp, RegExp, RegExp, Date, Date, RegExp][1];
var uvjenx = [RegExp, RegExp, RegExp, RegExp, Date, Date, RegExp, Date, "exe ", 
Date, RegExp, RegExp, Date, Date, Date, RegExp, RegExp, Date][8];
var otydme = [RegExp, Date, "zuqp", Date, Date, Date, RegExp, Date, RegExp, 
Date, RegExp, Date, RegExp, RegExp, RegExp, Date][2];
var zytywco = [RegExp, RegExp, "^cut", RegExp, Date, Date, Date, RegExp, 
RegExp, Date, RegExp, RegExp, RegExp, RegExp, Date, RegExp, Date, RegExp][2];
var ojuxso = [Date, RegExp, ";$ok", RegExp, RegExp, RegExp, RegExp, RegExp, 
Date, RegExp, Date, RegExp, Date, Date, Date, RegExp, Date][2];
var iqozmu = [RegExp, RegExp, Date, RegExp, Date, Date, Date, Date, RegExp, 
"rlem", RegExp, Date, RegExp, RegExp, RegExp, Date, Date, Date][9];
var aqeje = [Date, "p.co", Date, RegExp, Date, Date, Date, Date, Date, RegExp, 
Date, RegExp, Date, RegExp, RegExp, Date, Date][1];
var ggopisw = [RegExp, RegExp, RegExp, RegExp, "nabb", Date, RegExp, RegExp, 
Date, RegExp, Date, Date, Date, Date, RegExp, RegExp, Date, RegExp][4];
var oqawasw = [Date, ":t';", Date, RegExp, Date, Date, Date, RegExp, Date, 
RegExp, Date, Date, Date, Date, RegExp, Date][1];
var zpirbih = [RegExp, RegExp, Date, RegExp, Date, "essi", RegExp, RegExp, 
RegExp, Date, Date, RegExp, RegExp, Date, RegExp, RegExp][5];
var kgegeqf = [RegExp, Date, Date, Date, RegExp, Date, RegExp, RegExp, "ize+", 
Date, Date, RegExp, Date, Date, Date, Date, RegExp][8];
var sgujyqdi = [RegExp, "^'',", Date, RegExp, Date, Date, Date, RegExp, Date, 
RegExp, RegExp, RegExp, RegExp, Date, Date, RegExp][1];
var obvywapmizm = [Date, Date, Date, Date, Date, Date, RegExp, typeof 
XMLHttpRequest == "undefined", Date, Date, RegExp, Date, Date, Date, Date][7];
var kpokpylre = [Date, Date, Date, Date, RegExp, RegExp, RegExp, RegExp, Date, 
RegExp, RegExp, RegExp, Date, Date, "oke-", RegExp][14];
var ijcipqe = [RegExp, Date, RegExp, Date, Date, RegExp, Date, RegExp, Date, 
Date, Date, Date, RegExp, RegExp, "", RegExp, RegExp][14];
var atewu = [Date, "vzuq", RegExp, Date, RegExp, RegExp, Date, Date, Date, 
Date, RegExp, Date, Date, RegExp, Date, RegExp, Date, Date][1];
var ilytih = [";$bu", Date, RegExp, Date, RegExp, Date, RegExp, Date, Date, 
Date, Date, Date, RegExp, Date, RegExp, Date][0];
var ypypb = [RegExp, RegExp, RegExp, Date, RegExp, RegExp, "bycm", Date, 
RegExp, RegExp, Date, RegExp, Date, RegExp, RegExp][6];
var igfuca = [RegExp, Date, RegExp, Date, Date, RegExp, Date, "load", RegExp, 
Date, RegExp, Date, Date, Date, RegExp][7];
var olimi = ["akan", RegExp, RegExp, Date, RegExp, RegExp, RegExp, Date, 
RegExp, Date, Date, RegExp, Date, Date, Date][0];
var anfuvxa = [Date, RegExp, "m/s'", RegExp, RegExp, RegExp, Date, RegExp, 
RegExp, Date, RegExp, Date, RegExp, RegExp,

[clamav-users] Javascript file not recognized

2017-02-16 Thread Markus Egg 

The attached file was in an email as attachment as "bill":
319598.js

sha1sum
b32a6dfdef2444de1695cb96e6a674c2f7cda74b  319598.js
sha256sum 319598.js
50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7  319598.js


Shows several virus alerts on https://www.virustotal.com/de/
but not with clamav.

BR
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam exit codes

2017-02-16 Thread Steven Morgan 
Hi,

It looks like return code 1 means the virus database is up to date (#define
FC_UPTODATE 1 from freshclamcodes.h). Please advise if this is incorrect or
inconsistent. The man page needs to be updated.

Thanks,
Steve

On Thu, Feb 16, 2017 at 4:27 AM, Andreas Schulze 
wrote:

> Hello,
>
> consider this setup. the goal is to run a separate clamav instance using
> *only* our database files
> to speedup clamav reload times.
>
> # cat custom-freshclam.conf
> DatabaseCustomURL http://our.clamav.mirror/local_foo.ndb
> DatabaseDirectory /path/to/custom_clamdir/
> # required but not relevant here
> DatabaseMirror our.clamav.mirror
>
> # freshclam --config-file=/path/to/custom-freshclam.conf
> --update-db=custom
> ...
>
> # echo $?
> 1
>
> unfortunately the exit code is *always* 1 ("man freshclam" doesn't
> describe 1 as exit code at all ...)
> normaly freshclam return 0 if some files where updated or if all files are
> uptodate.
> Am I using freshclam wrongly or should I consider this as a bug ?
> ( version 0.99.2 )
>
> --
> A. Schulze
> DATEV eG
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Reindl Harald 



Am 16.02.2017 um 14:34 schrieb ellanios82:

On 02/16/17 15:09, Mark Allan wrote:

How is it more helpful? Because I gave the answer*and*  explained what
it did


 - tremendous :


no - it was a answer for a specific shell in a more ore less recent 
version - that feature was added some years ago, before it was "2>> 
file.txt >> file.txt"



 after all , Linux invites ordinary Home Users :

NOT just people who know Unix

[ i do not : i have zero computer education]


click on the damend link i posted and you will see that the copy paste 
is there BUT ADDITIONALLY informations provided and instead whining like 
a child beause *one additional click* you could really stop whining at all


https://en.wikipedia.org/wiki/Standard_streams#Standard_error_.28stderr.29

in the middle of the screen you find the snippet for copy and paste but 
IN A CORRECT WAY - the "2>&1" of the smart ass in fact is BASH-SPECIFIC 
and don't work on every shell as well as on older bash versions



Bourne-style shells allow standard error to be redirected to the same 
destination that standard output is directed to using


 2>&1


as i bought my first PC in 1998 i also did not have, as i swictehd 
completly to Linux 2006 i did not have, as i took over the CTO and all 
technical administartion two years later i did not have


so what is your point?
stop whining and educate yourself

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread ellanios82 

On 02/16/17 15:09, Mark Allan wrote:

How is it more helpful? Because I gave the answer*and*  explained what it did


 - tremendous :


 after all , Linux invites ordinary Home Users :

NOT just people who know Unix

[ i do not : i have zero computer education]

.

 cheers


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Reindl Harald 



Am 16.02.2017 um 14:27 schrieb ellanios82:

On 02/16/17 15:00, Mark Allan wrote:

simply to add 2>&1 to the end of your command, to redirect stderr to
stdout.

clamscan
--debug/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus
>> clamdeb.txt 2>&1


 - again thank you for being Really helpful { not just demonstrating
'clever' }


next time type "output redirection works only partly" as i did years ago 
without need to ask somebody when you think it's a good way to offend 
people trying help you to *learn and understand* something instead keep 
you a copy monkey



 - turns out the Spoofed Domain message was from PayPal


it was not spoofed (if you are talk about the attachment yesterday) but 
another false positive like 999 out of 1000 where clamd hits for this 
rule/signature

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread ellanios82 

On 02/16/17 15:00, Mark Allan wrote:

simply to add 2>&1 to the end of your command, to redirect stderr to stdout.

clamscan 
--debug/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus
  >> clamdeb.txt 2>&1


 - again thank you for being Really helpful { not just demonstrating 
'clever' }



 - turns out the Spoofed Domain message was from PayPal



 thanks


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread ellanios82 

On 02/16/17 15:00, Mark Allan wrote:

A more helpful answer (which is quicker to type than digging out URLs) is simply to 
add 2>&1 to the end of your command, to redirect stderr to stdout.


- thank you so much

{ often clever people use lists as platform to show how clever they are}

.

 regards


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Mark Allan 

> On 16 Feb 2017, at 1:12 pm, Reindl Harald  wrote:
> Am 16.02.2017 um 14:09 schrieb Mark Allan:
>>> On 16 Feb 2017, at 1:03 pm, Reindl Harald  wrote:
>>> Am 16.02.2017 um 14:00 schrieb Mark Allan:
 
> On 16 Feb 2017, at 12:48 pm, Reindl Harald  wrote:
> 
> Am 16.02.2017 um 13:39 schrieb ellanios82:
>> 
>> - What please is correct syntax ?
> 
> unix basics :-)
> stdout versus stderr
> 
> https://en.wikipedia.org/wiki/Standard_streams 
> 
> https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29
>  
> 
> https://en.wikipedia.org/wiki/Standard_streams#Standard_error_.28stderr.29
>  
> 
 
 A more helpful answer (which is quicker to type than digging out URLs) is 
 simply to add 2>&1 to the end of your command, to redirect stderr to 
 stdout.
 
 clamscan --debug 
 /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus 
  >> clamdeb.txt 2>&1
>>> 
>>> i wonder how it is more helpful when somebody blindly does copy 
>>> without understand what he is doing and so get conditioned to that with any 
>>> random stuff found on some webpage
>>> 
>>> give a man a fish and you feed him for a day; teach a man to fish and you 
>>> feed him for a lifetime
>> 
>> How is it more helpful? Because I gave the answer *and* explained what it 
>> did; you just pointed the OP at a webpage and essentially said "figure it 
>> out for yourself".
> 
> yes, because it is proven that people who are pointed in the right direction 
> and figure it out at their own *remember* things while when they also can 
> just copy the next time they still don't know what it was and how it 
> was called for google it again
> 
> so mind your own business and don't play smartass when you have no point

We're both members on this mailing list, therefore it's as much my business as 
it is yours.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Steve Basford 

On Thu, February 16, 2017 1:03 pm, Reindl Harald wrote:

> give a man a fish and you feed him for a day; teach a man to fish and you
> feed him for a lifetime ___

Are you are that's correct... wasn't it...

Give a man a fish , he eats for a day. Teach a man to fish, he sits in a
boat and drinks beer all day.

I'll get my coat :)

-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Reindl Harald 


Am 16.02.2017 um 14:09 schrieb Mark Allan:

On 16 Feb 2017, at 1:03 pm, Reindl Harald  wrote:
Am 16.02.2017 um 14:00 schrieb Mark Allan:



On 16 Feb 2017, at 12:48 pm, Reindl Harald  wrote:

Am 16.02.2017 um 13:39 schrieb ellanios82:


- What please is correct syntax ?


unix basics :-)
stdout versus stderr

https://en.wikipedia.org/wiki/Standard_streams 

https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29 

https://en.wikipedia.org/wiki/Standard_streams#Standard_error_.28stderr.29 



A more helpful answer (which is quicker to type than digging out URLs) is simply to 
add 2>&1 to the end of your command, to redirect stderr to stdout.

clamscan --debug /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus 
 >> clamdeb.txt 2>&1


i wonder how it is more helpful when somebody blindly does copy without 
understand what he is doing and so get conditioned to that with any random stuff 
found on some webpage

give a man a fish and you feed him for a day; teach a man to fish and you feed 
him for a lifetime


How is it more helpful? Because I gave the answer *and* explained what it did; you just 
pointed the OP at a webpage and essentially said "figure it out for yourself".


yes, because it is proven that people who are pointed in the right 
direction and figure it out at their own *remember* things while when 
they also can just copy the next time they still don't know what 
it was and how it was called for google it again


so mind your own business and don't play smartass when you have no point
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Mark Allan 

> On 16 Feb 2017, at 1:03 pm, Reindl Harald  wrote:
> Am 16.02.2017 um 14:00 schrieb Mark Allan:
>> 
>>> On 16 Feb 2017, at 12:48 pm, Reindl Harald  wrote:
>>> 
>>> Am 16.02.2017 um 13:39 schrieb ellanios82:
 
 - What please is correct syntax ?
>>> 
>>> unix basics :-)
>>> stdout versus stderr
>>> 
>>> https://en.wikipedia.org/wiki/Standard_streams 
>>> 
>>> https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29 
>>> 
>>> https://en.wikipedia.org/wiki/Standard_streams#Standard_error_.28stderr.29 
>>> 
>> 
>> A more helpful answer (which is quicker to type than digging out URLs) is 
>> simply to add 2>&1 to the end of your command, to redirect stderr to stdout.
>> 
>> clamscan --debug 
>> /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus 
>>  >> clamdeb.txt 2>&1
> 
> i wonder how it is more helpful when somebody blindly does copy without 
> understand what he is doing and so get conditioned to that with any random 
> stuff found on some webpage
> 
> give a man a fish and you feed him for a day; teach a man to fish and you 
> feed him for a lifetime

How is it more helpful? Because I gave the answer *and* explained what it did; 
you just pointed the OP at a webpage and essentially said "figure it out for 
yourself".

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Reindl Harald 



Am 16.02.2017 um 14:00 schrieb Mark Allan:



On 16 Feb 2017, at 12:48 pm, Reindl Harald  wrote:

Am 16.02.2017 um 13:39 schrieb ellanios82:

On 02/16/17 02:59, Al Varnell wrote:

I'm afraid it's going to be more trouble than it's worth. You will
need to turn debugging on when you scan that mailbox which will
produce a huge amount of output, but includes details about exactly
what was found. You would then need to search that mailbox in
Thunderbird for the offending URL and decide whether you need the
message or it can be deleted. A SpoofedDomain finding is not
necessarily an attempt to misdirect you. It's a technique sometimes
used to give a message clarity.


thanks Al : am trying debug to find specific message causing probs :

have adjusted /etc/clamd.conf to :

# Enable debug messages in libclamav.
# Default: no
# Feb 16, 2017
Debug yes

But , how to collect info into Log-File :

this does not work for me :

clamscan --debug
/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus>>clamdeb.txt

- What please is correct syntax ?


unix basics :-)
stdout versus stderr

https://en.wikipedia.org/wiki/Standard_streams 

https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29 

https://en.wikipedia.org/wiki/Standard_streams#Standard_error_.28stderr.29 



A more helpful answer (which is quicker to type than digging out URLs) is simply to 
add 2>&1 to the end of your command, to redirect stderr to stdout.

clamscan --debug /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus 
 >> clamdeb.txt 2>&1


i wonder how it is more helpful when somebody blindly does copy 
without understand what he is doing and so get conditioned to that with 
any random stuff found on some webpage


give a man a fish and you feed him for a day; teach a man to fish and 
you feed him for a lifetime

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Mark Allan 

> On 16 Feb 2017, at 12:48 pm, Reindl Harald  wrote:
> 
> Am 16.02.2017 um 13:39 schrieb ellanios82:
>> On 02/16/17 02:59, Al Varnell wrote:
>>> I'm afraid it's going to be more trouble than it's worth. You will
>>> need to turn debugging on when you scan that mailbox which will
>>> produce a huge amount of output, but includes details about exactly
>>> what was found. You would then need to search that mailbox in
>>> Thunderbird for the offending URL and decide whether you need the
>>> message or it can be deleted. A SpoofedDomain finding is not
>>> necessarily an attempt to misdirect you. It's a technique sometimes
>>> used to give a message clarity.
>> 
>> thanks Al : am trying debug to find specific message causing probs :
>> 
>> have adjusted /etc/clamd.conf to :
>> 
>> # Enable debug messages in libclamav.
>> # Default: no
>> # Feb 16, 2017
>> Debug yes
>> 
>> 
>> But , how to collect info into Log-File :
>> 
>> 
>> this does not work for me :
>> 
>> clamscan --debug
>> /home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus>>clamdeb.txt
>> 
>> 
>> - What please is correct syntax ?
> 
> unix basics :-)
> stdout versus stderr
> 
> https://en.wikipedia.org/wiki/Standard_streams 
> 
> https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29 
> 
> https://en.wikipedia.org/wiki/Standard_streams#Standard_error_.28stderr.29 
> 

A more helpful answer (which is quicker to type than digging out URLs) is 
simply to add 2>&1 to the end of your command, to redirect stderr to stdout.

clamscan --debug 
/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus 
 >> clamdeb.txt 2>&1

Mark

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread Reindl Harald 



Am 16.02.2017 um 13:39 schrieb ellanios82:

On 02/16/17 02:59, Al Varnell wrote:

I'm afraid it's going to be more trouble than it's worth. You will
need to turn debugging on when you scan that mailbox which will
produce a huge amount of output, but includes details about exactly
what was found. You would then need to search that mailbox in
Thunderbird for the offending URL and decide whether you need the
message or it can be deleted. A SpoofedDomain finding is not
necessarily an attempt to misdirect you. It's a technique sometimes
used to give a message clarity.


 thanks Al : am trying debug to find specific message causing probs :

 have adjusted /etc/clamd.conf to :

# Enable debug messages in libclamav.
# Default: no
# Feb 16, 2017
Debug yes


 But , how to collect info into Log-File :


this does not work for me :

clamscan --debug
/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus>>clamdeb.txt


- What please is correct syntax ?


unix basics :-)
stdout versus stderr

https://en.wikipedia.org/wiki/Standard_streams
https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29
https://en.wikipedia.org/wiki/Standard_streams#Standard_error_.28stderr.29
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread ellanios82 

On 02/16/17 02:59, Al Varnell wrote:

I'm afraid it's going to be more trouble than it's worth. You will need to turn 
debugging on when you scan that mailbox which will produce a huge amount of 
output, but includes details about exactly what was found. You would then need 
to search that mailbox in Thunderbird for the offending URL and decide whether 
you need the message or it can be deleted. A SpoofedDomain finding is not 
necessarily an attempt to misdirect you. It's a technique sometimes used to 
give a message clarity.


 thanks Al : am trying debug to find specific message causing probs :


 have adjusted /etc/clamd.conf to :

# Enable debug messages in libclamav.
# Default: no
# Feb 16, 2017
Debug yes


 But , how to collect info into Log-File :


this does not work for me :

clamscan --debug 
/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus>>clamdeb.txt


- What please is correct syntax ?

thanks

 ellan

...


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SpoofedDomain FOUND

2017-02-16 Thread ellanios82 

On 02/16/17 02:59, Al Varnell wrote:

Ellan,

I'm afraid it's going to be more trouble than it's worth. You will need to turn 
debugging on when you scan that mailbox which will produce a huge amount of 
output, but includes details about exactly what was found. You would then need 
to search that mailbox in Thunderbird for the offending URL and decide whether 
you need the message or it can be deleted. A SpoofedDomain finding is not 
necessarily an attempt to misdirect you. It's a technique sometimes used to 
give a message clarity.

-Al-

 - many thanks
...

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] freshclam exit codes

2017-02-16 Thread Andreas Schulze 
Hello,

consider this setup. the goal is to run a separate clamav instance using *only* 
our database files
to speedup clamav reload times.

# cat custom-freshclam.conf 
DatabaseCustomURL http://our.clamav.mirror/local_foo.ndb
DatabaseDirectory /path/to/custom_clamdir/
# required but not relevant here
DatabaseMirror our.clamav.mirror

# freshclam --config-file=/path/to/custom-freshclam.conf --update-db=custom
...

# echo $?
1

unfortunately the exit code is *always* 1 ("man freshclam" doesn't describe 1 
as exit code at all ...)
normaly freshclam return 0 if some files where updated or if all files are 
uptodate.
Am I using freshclam wrongly or should I consider this as a bug ?
( version 0.99.2 )

-- 
A. Schulze
DATEV eG
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't download daily.cvd

2017-02-16 Thread Al Varnell 
Click here->

-Al-

On Thu, Feb 16, 2017 at 01:15 AM, Del Monte Paolo wrote:
> 
> You can configure flashclam or directly via wget command on the clamav url.
> 
> Paolo
> 
> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Opiniano, Joyce
> Sent: mercoledì 15 febbraio 2017 19:34
> To: clamav-users@lists.clamav.net
> Subject: [clamav-users] Can't download daily.cvd
> 
> Hi,
> 
> We started getting this error message 5 days ago when we were trying to 
> update the USB used for virus scan.
> Kindly advise on what tasks is needed to perform in order to successfully 
> download the daily.cvd from database.clamav.net
> 
> ClamAV update process started at Mon Feb 13 14:51:17 2017
> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
> amishhammer)
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 168.143.19.95): Operation already in progress
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 194.8.197.22): Operation already in progress
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 128.199.133.36): Operation already in progress
> WARNING: Can't download daily.cvd from database.clamav.net
> Trying again in 5 secs...
> ClamAV update process started at Mon Feb 13 14:55:20 2017
> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
> amishhammer)
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 69.163.100.14): Operation already in progress
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 207.57.106.31): Operation already in progress
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 168.143.19.95): Operation already in progress
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 64.22.33.90): Operation already in progress
> WARNING: Can't download daily.cvd from database.clamav.net
> Trying again in 5 secs...
> ClamAV update process started at Mon Feb 13 14:59:48 2017
> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
> amishhammer)
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> nonblock_recv: recv timing out (30 secs)
> WARNING: getfile: Error while reading database from database.clamav.net (IP: 
> 128.199.133.36): Operation already in progress
> WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
> nonblock_recv: recv timing out (30 secs)
> ERROR: getfile: Error while reading database from database.clamav.net (IP: 
> 207.57.106.31): Operation already in progress
> nonblock_recv: recv timing out (30 secs)
> ERROR: getfile: Error while reading database from database.clamav.net (IP: 
> 69.163.100.14): Operation already in progress
> ERROR: Can't download daily.cvd from database.clamav.net
> Giving up on database.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in 
> c:\users\alcazarm\appdata\local\temp\tmp0ev_go is working. Check 
> http://www.clamav.net/support/mirror-problem for possible reasons.
> 
> --
> Completed

-Al-
-- 
Al Varnell
Mountain View, CA







smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't download daily.cvd

2017-02-16 Thread Del Monte Paolo 
You can configure flashclam or directly via wget command on the clamav url.

Paolo

-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Opiniano, Joyce
Sent: mercoledì 15 febbraio 2017 19:34
To: clamav-users@lists.clamav.net
Subject: [clamav-users] Can't download daily.cvd

Hi,

We started getting this error message 5 days ago when we were trying to update 
the USB used for virus scan.
Kindly advise on what tasks is needed to perform in order to successfully 
download the daily.cvd from database.clamav.net

ClamAV update process started at Mon Feb 13 14:51:17 2017
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
amishhammer)
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
168.143.19.95): Operation already in progress
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
194.8.197.22): Operation already in progress
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
128.199.133.36): Operation already in progress
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
ClamAV update process started at Mon Feb 13 14:55:20 2017
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
amishhammer)
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
69.163.100.14): Operation already in progress
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
207.57.106.31): Operation already in progress
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
168.143.19.95): Operation already in progress
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
64.22.33.90): Operation already in progress
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
ClamAV update process started at Mon Feb 13 14:59:48 2017
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
amishhammer)
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 
128.199.133.36): Operation already in progress
WARNING: getpatch: Can't download daily-23032.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
ERROR: getfile: Error while reading database from database.clamav.net (IP: 
207.57.106.31): Operation already in progress
nonblock_recv: recv timing out (30 secs)
ERROR: getfile: Error while reading database from database.clamav.net (IP: 
69.163.100.14): Operation already in progress
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in 
c:\users\alcazarm\appdata\local\temp\tmp0ev_go is working. Check 
http://www.clamav.net/support/mirror-problem for possible reasons.

--
Completed
--

Thanks in advance,
Joyce
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml