Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)
On 12.03.19 13:58, Sunhux G via clamav-users wrote: I'm on Solaris 10 x86 : we disabled compilers as part of our OS hardening; much appreciated if someone can help me make/compile one for our OS. So far I can't locate any 0.101.1 for Solaris 10 x86, only for RHEL/Windows. it's strange that you disable compiling from source code as part of hardening, but you are willing to take code compiled by someone else and run it locally. How do you know that the code doesn't contain backdoor? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson. -- Daffy Duck & Porky Pig ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)
On March 12, 2019 11:22:05 AM UTC, Matus UHLAR - fantomas via clamav-users wrote: >On 12.03.19 13:58, Sunhux G via clamav-users wrote: >>I'm on Solaris 10 x86 : we disabled compilers as part of our OS >hardening; >>much appreciated if someone can help me make/compile one for our OS. >>So far I can't locate any 0.101.1 for Solaris 10 x86, only for >>RHEL/Windows. > >it's strange that you disable compiling from source code as part of >hardening, but you are willing to take code compiled by someone else >and run >it locally. > >How do you know that the code doesn't contain backdoor? You are thinking about security. This seems to be about compliance. It's only distantly related. Scott K ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)
On 12/03/2019 23:23, Scott Kitterman via clamav-users wrote: On March 12, 2019 11:22:05 AM UTC, Matus UHLAR - fantomas via clamav-users wrote: On 12.03.19 13:58, Sunhux G via clamav-users wrote: I'm on Solaris 10 x86 : we disabled compilers as part of our OS hardening; much appreciated if someone can help me make/compile one for our OS. So far I can't locate any 0.101.1 for Solaris 10 x86, only for RHEL/Windows. it's strange that you disable compiling from source code as part of hardening, but you are willing to take code compiled by someone else and run it locally. How do you know that the code doesn't contain backdoor? You are thinking about security. This seems to be about compliance. It's only distantly related. True. Looks more like Standard Auditory Compliance by Incompetence to me (but I'm a cynical old BOFH, so much of what goes on these days is thinly-disguised incompetence). Cheers, GaryB-) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)
> I'm on Solaris 10 x86 : we disabled compilers as part of our OS hardening; much appreciated if someone can help me make/compile one for our OS. So far I can't locate any 0.101.1 for Solaris 10 x86, only for RHEL/Windows. Well, I'll point you to unixpackages.com. You pay a subscription fee, they compile packages for you. Easy to say who the source is from too, for your compliance auditor. Once you're paid up you can request they build a newer version of ClamAV (they're on 0.100.2 currently). They provide just a libgcc package, to keep the whole gcc compiler off the host. In total, you need 21 packages installed in order to satisfy all the dependencies. Regards, Scott Packard ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)
> -Original Message- > From: clamav-users On Behalf Of Gary > R. Schmidt > Sent: Tuesday, March 12, 2019 5:42 AM > To: clamav-users@lists.clamav.net > Subject: [External] Re: [clamav-users] Any way to auto-update Clam engine > (freshclam or any other tools) > > On 12/03/2019 23:23, Scott Kitterman via clamav-users wrote: > > > > > > On March 12, 2019 11:22:05 AM UTC, Matus UHLAR - fantomas via clamav-users > > wrote: > >> On 12.03.19 13:58, Sunhux G via clamav-users wrote: > >>> I'm on Solaris 10 x86 : we disabled compilers as part of our OS > >> hardening; > >>> much appreciated if someone can help me make/compile one for our OS. > >>> So far I can't locate any 0.101.1 for Solaris 10 x86, only for > >>> RHEL/Windows. > >> > >> it's strange that you disable compiling from source code as part of > >> hardening, but you are willing to take code compiled by someone else > >> and run > >> it locally. > >> > >> How do you know that the code doesn't contain backdoor? > > > > You are thinking about security. This seems to be about compliance. It's > > only distantly related. > > > True. > > Looks more like Standard Auditory Compliance by Incompetence to me (but > I'm a cynical old BOFH, so much of what goes on these days is > thinly-disguised incompetence). See Gene Spafford's latest blog on RSA conference, for more like-minded thoughts. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Txt.Trojan.Kryptik-6887991-0 FOUND
Mac OS 10.14.3 I wake up this morning to find that clamav has discovered sixteen instances of this: Txt.Trojan.Kryptik-6887991-0 FOUND Most of these are in Chrome cache files, but a few were in Apple Automator cache files. I’ve searched around, but find precious little on this infecting Macs. (Lots on Windows.) Can someone point me in the right direction to find out just what this is, where it came from and how I can get rid of it? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Txt.Trojan.Kryptik-6887991-0 FOUND
Michael, The reported detections are likely false positives (I too am seeing matches on Chrome cache files). The signature will be dropped soon. Thanks for bringing this to our attention. -Andrew Andrew Williams Malware Research Team Cisco Talos On Tue, Mar 12, 2019 at 7:08 PM Michael Newman via clamav-users < clamav-users@lists.clamav.net> wrote: > Mac OS 10.14.3 > > I wake up this morning to find that clamav has discovered sixteen > instances of this: > > Txt.Trojan.Kryptik-6887991-0 FOUND > > Most of these are in Chrome cache files, but a few were in Apple Automator > cache files. > > I’ve searched around, but find precious little on this infecting Macs. > (Lots on Windows.) > > Can someone point me in the right direction to find out just what this is, > where it came from and how I can get rid of it? > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Txt.Trojan.Kryptik-6887991-0 FOUND
All I can add is some technical information about the signature. I have no idea what kind of infection it causes and on what platform. The signature was added to the database by daily - 25386 earlier today as an .ldb. Looking for a single ascii string in any type of file: > sigtool -fTxt.Trojan.Kryptik-6887991-0|sigtool --decode-sigs > VIRUS NAME: Txt.Trojan.Kryptik-6887991-0 > TDB: Engine:51-255,FileSize:262144-1048576,Target:0 > LOGICAL EXPRESSION: 0 > * SUBSIG ID 0 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > 1/g,"");if(!/^[-_a-zA-Z0-9#.:* ,>+~[\]()=^$|]+$/.test(c))throw E I added an extra space before the "E" in order that this message isn't found to be infected. Another user said it appears to be associated with Google searches, but not when using Bing. -Al- ClamXAV User On Mar 12, 2019, at 16:07, Michael Newman via clamav-users mailto:clamav-users@lists.clamav.net>> wrote: > Mac OS 10.14.3 > > I wake up this morning to find that clamav has discovered sixteen instances > of this: > > Txt.Trojan.Kryptik-6887991-0 FOUND > > Most of these are in Chrome cache files, but a few were in Apple Automator > cache files. > > I’ve searched around, but find precious little on this infecting Macs. (Lots > on Windows.) > > Can someone point me in the right direction to find out just what this is, > where it came from and how I can get rid of it? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Txt.Trojan.Kryptik-6887991-0 FOUND
Thanks for the prompt reply. I’m relieved…. > On Mar 13, 2019, at 10:42, Andrew Williams wrote: > > Michael, > > The reported detections are likely false positives (I too am seeing matches > on Chrome cache files). The signature will be dropped soon. > > Thanks for bringing this to our attention. > > -Andrew > > Andrew Williams > Malware Research Team > Cisco Talos > ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
