Re: [clamav-users] password protected encrypted .docx files

2017-04-05 Thread Reindl Harald 

technically .docx *are* zip files

Am 05.04.2017 um 21:08 schrieb Dino Edwards:

Didn't realize the ArchiveblockEncrypted included MS Word files. I thought it 
would be for password protected zip rar and such

-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Benny Pedersen
Sent: Wednesday, April 5, 2017 11:22 AM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] password protected encrypted .docx files

Dino Edwards skrev den 2017-04-05 16:48:

Any way to get clamav to block password protected Microsoft word files?


Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's off by 
default)

if not working pastebin your clamconf (clamav section only) 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] password protected encrypted .docx files

2017-04-05 Thread Dino Edwards 
Didn't realize the ArchiveblockEncrypted included MS Word files. I thought it 
would be for password protected zip rar and such

-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Benny Pedersen
Sent: Wednesday, April 5, 2017 11:22 AM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] password protected encrypted .docx files

Dino Edwards skrev den 2017-04-05 16:48:
> Any way to get clamav to block password protected Microsoft word files?

Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's off by 
default)

if not working pastebin your clamconf (clamav section only) 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Manual cdiff update procedure

2017-04-05 Thread venkat swaminathan 
Hello All,

I  am very new to clamav and trying to understand some update procedure.

I\i have daily.cvd and its new cdiff file. is there a procedure document
where i will be able follow and update daily.cvd with newly downloaded
cdiff files.

thanks
Venkat.S
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] password protected encrypted .docx files

2017-04-05 Thread Benny Pedersen 

Dino Edwards skrev den 2017-04-05 16:48:

Any way to get clamav to block password protected Microsoft word files?


Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's
off by default)

if not working pastebin your clamconf (clamav section only)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav antivm.yar malicious_document.yar and errors

2017-04-05 Thread Rejaine Monteiro 

Hello!

I thought there might be some solution other than just disabling Yara. 
But the project does not seem to be 100% compatible with Clamav yet, 
then I will follow the instruction and disable it.


Thanks.


Em 05-04-2017 11:47, Steve Basford escreveu:

On Wed, April 5, 2017 3:24 pm, Rejaine Monteiro wrote:

Hello, I'm having some errors with these signatures in clamav-0.99.2.
Any tips on what it is about or how to solve?


See here: 3rd Party download script:

https://github.com/extremeshok/clamav-unofficial-sigs/issues/151



--
Rejaine da Silveira Monteiro
Suporte-TI
Tel: (31) 2102-8854
Jamef Encomendas Urgentes - Matriz - Belo Horizonte/MG
www.jamef.com.br

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] password protected encrypted .docx files

2017-04-05 Thread Dino Edwards 
Any way to get clamav to block password protected Microsoft word files?

Thanks


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav antivm.yar malicious_document.yar and errors

2017-04-05 Thread Steve Basford 

On Wed, April 5, 2017 3:24 pm, Rejaine Monteiro wrote:
>

> Hello, I'm having some errors with these signatures in clamav-0.99.2.
> Any tips on what it is about or how to solve?
>

See here: 3rd Party download script:

https://github.com/extremeshok/clamav-unofficial-sigs/issues/151

-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav antivm.yar malicious_document.yar and errors

2017-04-05 Thread Rejaine Monteiro 


Hello, I'm having some errors with these signatures in clamav-0.99.2. 
Any tips on what it is about or how to solve?


LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 
497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 
512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 
528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 
544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 
557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 
603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 
614 undefined identifier "pe"
LibClamAV Error: cli_loadyara: failed to parse rules file 
/var/lib/clamav/antidebug_antivm.yar, error count 7
LibClamAV Error: yyerror(): /var/lib/clamav/malicious_document.yar line 
245 undefined identifier "uint32be"
LibClamAV Error: cli_loadyara: failed to parse rules file 
/var/lib/clamav/malicious_document.yar, error count 1


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam exit codes

2017-04-05 Thread Benny Pedersen 

Already have, it did not help


On April 5, 2017 1:25:39 PM Andreas Schulze  wrote:


Am 05.04.2017 um 12:52 schrieb Benny Pedersen:
I get Access denied, can login OK, but cant see any problems at all, is 
there a point with open source on closed bugzillas?


maybe you've simple to create an account?

--
A. Schulze
DATEV eG

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam exit codes

2017-04-05 Thread Andreas Schulze 
Am 05.04.2017 um 12:52 schrieb Benny Pedersen:
> I get Access denied, can login OK, but cant see any problems at all, is there 
> a point with open source on closed bugzillas?

maybe you've simple to create an account?

-- 
A. Schulze
DATEV eG
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam exit codes

2017-04-05 Thread Benny Pedersen 
I get Access denied, can login OK, but cant see any problems at all, is 
there a point with open source on closed bugzillas?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] how to avoid false positive in clamAV

2017-04-05 Thread Al Varnell 
Not sure where on the internet you found these instructions, but I believe they 
are old. The new way is to use the ".ign2" extension containing  
for signatures to be completely ignored and an ".fp" file with 
:: for individual files to be ignored so that the 
signature will still pick up any actual infected files.

Perhaps this site will help 

-Al-

On Wed, Apr 05, 2017 at 01:49 AM, Gaurav Kumar Garg wrote:
> 
> Hi ClamAV user, developer,
> 
> I am new to clamAV. I like its design.
> 
> While scanning i saw few false positive virus. I search on internet and found 
> out that i can avoid these false positive by writing md5 sum to local.ign 
> file and putting this file in /var/lib/clamav/*  directory. then restarting 
> clamd daemon.
> 
> 
> Its partially working, means it working when i scan false positive file with 
> clamscan -d and its not working with clamdscan.
> 
> 
> Steps for creating local.ign file:
> 
> 
> $ sigtool --md5  my_file_name.exe >> local.ign
> 
> 
> after that i put this file in /var/lib/clamav/* directory and restarted clamd 
> daemon.
> 
> 
> when i execute $ clamscan -d /var/lib/clamav/local.ign my_file_name.exe then 
> its not reporting false positive, its working perfectly.
> 
> 
> But when i scan this file using clamdscan then its still reporting false 
> positive.
> 
> 
> Could anyone help me regarding this false positive avoidance.
> 
> 
> I can not submit my false positive file because of some business ethics and 
> compliance.
> 
> 
> Thank you in advance,
> 
> 
> Regards,
> 
> Gaurav


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] how to avoid false positive in clamAV

2017-04-05 Thread Mark Allan 
To whitelist specific files this way, you need to add the m5sum to a file with 
the .fp extension.  So, in your example, it should be sigtool --md5  
my_file_name.exe >> local.fp

If you want to ignore the signature altogether, you add the signature name to a 
file with the extension ign2.

For what it's worth, this is on page 23 of the "signatures.pdf" document that 
ships with the ClamAV source code.

Best regards
Mark 

> On 5 Apr 2017, at 9:49 am, Gaurav Kumar Garg  wrote:
> 
> Hi ClamAV user, developer,
> 
> I am new to clamAV. I like its design.
> 
> While scanning i saw few false positive virus. I search on internet and found 
> out that i can avoid these false positive by writing md5 sum to local.ign 
> file and putting this file in /var/lib/clamav/*  directory. then restarting 
> clamd daemon.
> 
> 
> Its partially working, means it working when i scan false positive file with 
> clamscan -d and its not working with clamdscan.
> 
> 
> Steps for creating local.ign file:
> 
> 
> $ sigtool --md5  my_file_name.exe >> local.ign
> 
> 
> after that i put this file in /var/lib/clamav/* directory and restarted clamd 
> daemon.
> 
> 
> when i execute $ clamscan -d /var/lib/clamav/local.ign my_file_name.exe then 
> its not reporting false positive, its working perfectly.
> 
> 
> But when i scan this file using clamdscan then its still reporting false 
> positive.
> 
> 
> Could anyone help me regarding this false positive avoidance.
> 
> 
> I can not submit my false positive file because of some business ethics and 
> compliance.
> 
> 
> Thank you in advance,
> 
> 
> Regards,
> 
> Gaurav
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] how to avoid false positive in clamAV

2017-04-05 Thread Gaurav Kumar Garg 

Hi ClamAV user, developer,

I am new to clamAV. I like its design.

While scanning i saw few false positive virus. I search on internet and 
found out that i can avoid these false positive by writing md5 sum to 
local.ign file and putting this file in /var/lib/clamav/*  directory. 
then restarting clamd daemon.



Its partially working, means it working when i scan false positive file 
with clamscan -d and its not working with clamdscan.



Steps for creating local.ign file:


$ sigtool --md5  my_file_name.exe >> local.ign


after that i put this file in /var/lib/clamav/* directory and restarted 
clamd daemon.



when i execute $ clamscan -d /var/lib/clamav/local.ign my_file_name.exe 
then its not reporting false positive, its working perfectly.



But when i scan this file using clamdscan then its still reporting false 
positive.



Could anyone help me regarding this false positive avoidance.


I can not submit my false positive file because of some business ethics 
and compliance.



Thank you in advance,


Regards,

Gaurav


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml