Re: [clamav-users] Installing question

2019-03-27 Thread MOHAMED OMAR MAKRAM via clamav-users 
Thank you, Terry,
Can you help me narrow down how to learn or follow your advice of checking
the site permissions and extensions/modules? I am using Drupal 7.
Do you know of a step-by-step guide to doing that for a newbie like myself?







On Wed, Mar 27, 2019 at 1:54 PM  wrote:

> If the malware files keep returning, you better check your site
> permissions and extensions/modules on the site. Moving it to a different
> hosting company won’t fix it.
>
> Terry
>
>
>
> *From:* clamav-users  *On Behalf
> Of *MOHAMED OMAR MAKRAM via clamav-users
> *Sent:* Wednesday, March 27, 2019 12:26 PM
> *To:* ClamAV users ML 
> *Cc:* MOHAMED OMAR MAKRAM 
> *Subject:* {Disarmed} Re: [clamav-users] Installing question
>
>
>
> Thank you, Scott, but that is not the site I am worried about, and I don't
> have a problem currently because I am paying for virus protection and a
> firewall at $21 per month for each site.
>
> I want to stop paying for a virus and a firewall for all my sites and move
> it out from GoDaddy and put it into Hostgator. I am done with GoDaddy.
> Right now you won't be able to see any issues because the virus-created
> files are quarantined. The minute I stop paying for the virus scan and
> firewall, even if I deleted those quarantined files, I will have them
> coming back again and again.
>
>
>
>
>
> My sites are:
>
> *MailScanner has detected a possible fraud attempt from "llink.to"
> claiming to be* https://www.twelvestepjournaling.com/
> 
>
>
> *MailScanner has detected a possible fraud attempt from "llink.to"
> claiming to be* https://www.intentionalbeings.com/
> 
>
>
> *MailScanner has detected a possible fraud attempt from "llink.to"
> claiming to be* https://www.cocreationsmanager.com/
> 
>
>
>
>
> On Wed, Mar 27, 2019 at 10:58 AM SCOTT PACKARD via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> There's almost nothing going on on your web site http://tucson-az-cpa.com/.
> It should be an easy job to restore it from whatever offline source you
> have.
>
> If all you're worried about is "visitors to your site they get a message
> that the site is unsecured", I think getting https:// going is what
> you're after.
>
> Maybe go and read https://letsencrypt.org/ .
>
>
>
> Regards, Scott
>
>
>
> *From:* clamav-users  *On Behalf
> Of *MOHAMED OMAR MAKRAM via clamav-users
> *Sent:* Wednesday, March 27, 2019 10:32 AM
> *To:* ClamAV users ML 
> *Cc:* MOHAMED OMAR MAKRAM ; J.R. <
> themadbea...@gmail.com>
> *Subject:* [External] Re: [clamav-users] Installing question
>
>
>
> I've had this for few months. The only thing i was able to do is to pay
> for virus protection but it is so expensive.
>
> Is there a way to find those hidden files? Do you think they are in the
> db or in the files?
>
> I am moving out to another server right now. Is there a good process to do
> this without copying the virus along with the files?
>
>
>
> Thanks for your help
>
> [image: Image removed by sender.]
>
>
>
> On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> > I do not know if the virus is on the server, in the files, or in the db.
> > Here is what I know:
> > Under each folder of each site, files appear with a name such as:
> > f68z319m.php
> > When visitors go to my websites, they get a message that the site is
> > unsecured
> >
> > Does this information help identify the issue, or where to look for the
> > virus?
>
> Did you look at the contents of those files? Sounds like someone is
> exploiting code to upload files which could then be used to do all
> sorts of nasty things. That could be an issue with drupal or packages
> on your system being out of date. Often that is just the first step
> and once they upload one file they use it to upload a lot more in
> hidden directories and modifying files and such...
>
> I hope you have a recent backup...
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> --
>
> *Mohamed Omar Makram, CPA*
>
> *Osiris CPA, PLLC *
>
> *Tele: (520) 906-1863*
>
> *Fax: (520) 448-0706*
>
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> --
>
> *Mohamed Omar Makram, CPA*
>
> *Osiris CPA, PLLC

Re: [clamav-users] Installing question

2019-03-27 Thread lists 
If the malware files keep returning, you better check your site permissions and 
extensions/modules on the site. Moving it to a different hosting company won’t 
fix it.

Terry

 

From: clamav-users mailto:clamav-users-boun...@lists.clamav.net> > On Behalf Of MOHAMED OMAR 
MAKRAM via clamav-users
Sent: Wednesday, March 27, 2019 12:26 PM
To: ClamAV users ML mailto:clamav-users@lists.clamav.net> >
Cc: MOHAMED OMAR MAKRAM mailto:adamupaccount...@gmail.com> >
Subject: {Disarmed} Re: [clamav-users] Installing question

 

Thank you, Scott, but that is not the site I am worried about, and I don't have 
a problem currently because I am paying for virus protection and a firewall at 
$21 per month for each site. 

I want to stop paying for a virus and a firewall for all my sites and move it 
out from GoDaddy and put it into Hostgator. I am done with GoDaddy. Right now 
you won't be able to see any issues because the virus-created files are 
quarantined. The minute I stop paying for the virus scan and firewall, even if 
I deleted those quarantined files, I will have them coming back again and again.

 

 

My sites are:

 

 MailScanner has detected a possible fraud attempt from "llink.to" claiming to 
be https://www.twelvestepjournaling.com/  

 

 MailScanner has detected a possible fraud attempt from "llink.to" claiming to 
be https://www.intentionalbeings.com/ 

 

 MailScanner has detected a possible fraud attempt from "llink.to" claiming to 
be https://www.cocreationsmanager.com/ 

   

 

On Wed, Mar 27, 2019 at 10:58 AM SCOTT PACKARD via clamav-users 
mailto:clamav-users@lists.clamav.net> > wrote:

There's almost nothing going on on your web site http://tucson-az-cpa.com/.  It 
should be an easy job to restore it from whatever offline source you have.

If all you're worried about is "visitors to your site they get a message that 
the site is unsecured", I think getting https:// going is what you're after.

Maybe go and read https://letsencrypt.org/ .

 

Regards, Scott

 

From: clamav-users mailto:clamav-users-boun...@lists.clamav.net> > On Behalf Of MOHAMED OMAR 
MAKRAM via clamav-users
Sent: Wednesday, March 27, 2019 10:32 AM
To: ClamAV users ML mailto:clamav-users@lists.clamav.net> >
Cc: MOHAMED OMAR MAKRAM mailto:adamupaccount...@gmail.com> >; J.R. mailto:themadbea...@gmail.com> >
Subject: [External] Re: [clamav-users] Installing question

 

I've had this for few months. The only thing i was able to do is to pay for 
virus protection but it is so expensive. 

Is there a way to find those hidden files? Do you think they are in the db or 
in the files? 

I am moving out to another server right now. Is there a good process to do this 
without copying the virus along with the files?

 

Thanks for your help



 

On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users 
mailto:clamav-users@lists.clamav.net> > wrote:

> I do not know if the virus is on the server, in the files, or in the db.
> Here is what I know:
> Under each folder of each site, files appear with a name such as:
> f68z319m.php
> When visitors go to my websites, they get a message that the site is
> unsecured
>
> Does this information help identify the issue, or where to look for the
> virus?

Did you look at the contents of those files? Sounds like someone is
exploiting code to upload files which could then be used to do all
sorts of nasty things. That could be an issue with drupal or packages
on your system being out of date. Often that is just the first step
and once they upload one file they use it to upload a lot more in
hidden directories and modifying files and such...

I hope you have a recent backup...

___

clamav-users mailing list
clamav-users@lists.clamav.net  
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




 

-- 

Mohamed Omar Makram, CPA

Osiris CPA, PLLC  

Tele: (520) 906-1863

Fax: (520) 448-0706

 


___

clamav-users mailing list
clamav-users@lists.clamav.net  
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




 

-- 

Mohamed Omar Makram, CPA

Osiris CPA, PLLC  

Tele: (520) 906-1863

Fax: (520) 448-0706

 


___

clamav-users mailing list

Re: [clamav-users] Installing question

2019-03-27 Thread MOHAMED OMAR MAKRAM via clamav-users 
Thank you, Scott, but that is not the site I am worried about, and I don't
have a problem currently because I am paying for virus protection and a
firewall at $21 per month for each site.
I want to stop paying for a virus and a firewall for all my sites and move
it out from GoDaddy and put it into Hostgator. I am done with GoDaddy.
Right now you won't be able to see any issues because the virus-created
files are quarantined. The minute I stop paying for the virus scan and
firewall, even if I deleted those quarantined files, I will have them
coming back again and again.


My sites are:
https://www.twelvestepjournaling.com/


https://www.intentionalbeings.com/


https://www.cocreationsmanager.com/



On Wed, Mar 27, 2019 at 10:58 AM SCOTT PACKARD via clamav-users <
clamav-users@lists.clamav.net> wrote:

> There's almost nothing going on on your web site http://tucson-az-cpa.com/.
> It should be an easy job to restore it from whatever offline source you
> have.
>
> If all you're worried about is "visitors to your site they get a message
> that the site is unsecured", I think getting https:// going is what
> you're after.
>
> Maybe go and read https://letsencrypt.org/ .
>
>
>
> Regards, Scott
>
>
>
> *From:* clamav-users  *On Behalf
> Of *MOHAMED OMAR MAKRAM via clamav-users
> *Sent:* Wednesday, March 27, 2019 10:32 AM
> *To:* ClamAV users ML 
> *Cc:* MOHAMED OMAR MAKRAM ; J.R. <
> themadbea...@gmail.com>
> *Subject:* [External] Re: [clamav-users] Installing question
>
>
>
> I've had this for few months. The only thing i was able to do is to pay
> for virus protection but it is so expensive.
>
> Is there a way to find those hidden files? Do you think they are in the
> db or in the files?
>
> I am moving out to another server right now. Is there a good process to do
> this without copying the virus along with the files?
>
>
>
> Thanks for your help
>
> [image: Image removed by sender.]
>
>
>
> On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> > I do not know if the virus is on the server, in the files, or in the db.
> > Here is what I know:
> > Under each folder of each site, files appear with a name such as:
> > f68z319m.php
> > When visitors go to my websites, they get a message that the site is
> > unsecured
> >
> > Does this information help identify the issue, or where to look for the
> > virus?
>
> Did you look at the contents of those files? Sounds like someone is
> exploiting code to upload files which could then be used to do all
> sorts of nasty things. That could be an issue with drupal or packages
> on your system being out of date. Often that is just the first step
> and once they upload one file they use it to upload a lot more in
> hidden directories and modifying files and such...
>
> I hope you have a recent backup...
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> --
>
> *Mohamed Omar Makram, CPA*
>
> *Osiris CPA, PLLC *
>
> *Tele: (520) 906-1863*
>
> *Fax: (520) 448-0706*
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
*Mohamed Omar Makram, CPA*
*Osiris CPA, PLLC Tele: (520) 906-1863*
*Fax: (520) 448-0706*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installing question

2019-03-27 Thread SCOTT PACKARD via clamav-users 
There's almost nothing going on on your web site http://tucson-az-cpa.com/.  It 
should be an easy job to restore it from whatever offline source you have.
If all you're worried about is "visitors to your site they get a message that 
the site is unsecured", I think getting https:// going is what you're after.
Maybe go and read https://letsencrypt.org/ .

Regards, Scott

From: clamav-users  On Behalf Of MOHAMED 
OMAR MAKRAM via clamav-users
Sent: Wednesday, March 27, 2019 10:32 AM
To: ClamAV users ML 
Cc: MOHAMED OMAR MAKRAM ; J.R. 

Subject: [External] Re: [clamav-users] Installing question

I've had this for few months. The only thing i was able to do is to pay for 
virus protection but it is so expensive.
Is there a way to find those hidden files? Do you think they are in the db or 
in the files?
I am moving out to another server right now. Is there a good process to do this 
without copying the virus along with the files?

Thanks for your help
[Image removed by sender.]

On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:
> I do not know if the virus is on the server, in the files, or in the db.
> Here is what I know:
> Under each folder of each site, files appear with a name such as:
> f68z319m.php
> When visitors go to my websites, they get a message that the site is
> unsecured
>
> Does this information help identify the issue, or where to look for the
> virus?

Did you look at the contents of those files? Sounds like someone is
exploiting code to upload files which could then be used to do all
sorts of nasty things. That could be an issue with drupal or packages
on your system being out of date. Often that is just the first step
and once they upload one file they use it to upload a lot more in
hidden directories and modifying files and such...

I hope you have a recent backup...

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Mohamed Omar Makram, CPA
Osiris CPA, PLLC
Tele: (520) 906-1863
Fax: (520) 448-0706


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.101.2 announcement?

2019-03-27 Thread Micah Snyder (micasnyd) via clamav-users 
0.101.2 is a security patch release that includes a handful of urgent 
vulnerability fixes for issues in 0.101.1 and several that were in 0.100 and 
prior.  Please see the blog announcement for details:

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

Micah


On 3/27/19, 1:18 PM, "clamav-users on behalf of J.R. via clamav-users" 
 wrote:

I saw 0.101.2 was released yesterday (3/26/2019) but I can't find an
announcement anywhere?

Anything noteworthy on this release?

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV 0.101.2 announcement?

2019-03-27 Thread J.R. via clamav-users 
I saw 0.101.2 was released yesterday (3/26/2019) but I can't find an
announcement anywhere?

Anything noteworthy on this release?

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installing question

2019-03-27 Thread MOHAMED OMAR MAKRAM via clamav-users 
I do not know if the virus is on the server, in the files, or in the db.
Here is what I know:
Under each folder of each site, files appear with a name such as:
f68z319m.php
When visitors go to my websites, they get a message that the site is
unsecured

Does this information help identify the issue, or where to look for the
virus?

Thank you. I am really desperate for help.

On Wed, Mar 27, 2019 at 8:47 AM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I agree with What J.R. said regarding "bigger issues". ClamAV and other
> anti-malware tools may help you detect malware before it runs on your
> machine, but it is not sufficient to get rid of it if your system has
> already been compromised.  It  would be safest to rescue your data offline
> and reinstalling your operating system from scratch.  Hopefully you have
> backups you can revert to, if a fresh reinstall isn't an option for you.
> This is personal advice, and I take no responsibility for any data loss you
> may incur.  This mailing list is also not the best avenue for incident
> response advice.
>
> For those wishing to use ClamAV, we do have step by step instructions to
> install ClamAV for a handful of operating systems using the materials we
> publish:
>
> Windows - http://www.clamav.net/documents/installing-clamav-on-windows
> 
> Debian & Ubuntu -
> https://www.clamav.net/documents/installation-on-debian-and-ubuntu-linux-distributions
> 
> Redhat & CentOS -
> https://www.clamav.net/documents/installation-on-redhat-and-centos-linux-distributions
> 
> macOS - https://www.clamav.net/documents/installation-on-macos-mac-os-x
> 
>
> Regards,
> Micah
>
> On 3/27/19, 9:37 AM, "clamav-users on behalf of J.R. via clamav-users" <
> clamav-users-boun...@lists.clamav.net
> 
> on behalf of clamav-users@lists.clamav.net
> >
> wrote:
>
> > I am new here and I don't know how to use drush or command line. Can
> I
> > still install clamav? Is there an installation guide for absolute
> beginners
> > like me?
>
> What OS? Windows there is an exe that has a GUI. Linux distro's
> typically have their own packages which you would install through your
> OS's package manager.
>
> There's lots of guides out there, just have to google...
>
> > I have a virus on my server and I have no idea where to begin to get
> rid of
> > it. I have four sites, all are personal sites and all are drupal.
>
> If drupal got exploited, you are going to have bigger issues and
> probably more than what ClamAV will find.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> 
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
>
> http://www.clamav.net/contact.html#ml
> 
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> 
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
>
> http://www.clamav.net/contact.html#ml
> 
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:

Re: [clamav-users] Installing question

2019-03-27 Thread Micah Snyder (micasnyd) via clamav-users 
I agree with What J.R. said regarding "bigger issues". ClamAV and other 
anti-malware tools may help you detect malware before it runs on your machine, 
but it is not sufficient to get rid of it if your system has already been 
compromised.  It  would be safest to rescue your data offline and reinstalling 
your operating system from scratch.  Hopefully you have backups you can revert 
to, if a fresh reinstall isn't an option for you.  This is personal advice, and 
I take no responsibility for any data loss you may incur.  This mailing list is 
also not the best avenue for incident response advice. 

For those wishing to use ClamAV, we do have step by step instructions to 
install ClamAV for a handful of operating systems using the materials we 
publish:

Windows - http://www.clamav.net/documents/installing-clamav-on-windows
Debian & Ubuntu - 
https://www.clamav.net/documents/installation-on-debian-and-ubuntu-linux-distributions
 
Redhat & CentOS - 
https://www.clamav.net/documents/installation-on-redhat-and-centos-linux-distributions
 
macOS - https://www.clamav.net/documents/installation-on-macos-mac-os-x 

Regards,
Micah

On 3/27/19, 9:37 AM, "clamav-users on behalf of J.R. via clamav-users" 
 wrote:

> I am new here and I don't know how to use drush or command line. Can I
> still install clamav? Is there an installation guide for absolute 
beginners
> like me?

What OS? Windows there is an exe that has a GUI. Linux distro's
typically have their own packages which you would install through your
OS's package manager.

There's lots of guides out there, just have to google...

> I have a virus on my server and I have no idea where to begin to get rid 
of
> it. I have four sites, all are personal sites and all are drupal.

If drupal got exploited, you are going to have bigger issues and
probably more than what ClamAV will find.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installing question

2019-03-27 Thread Ralph Seichter via clamav-users 
* MOHAMED OMAR MAKRAM via clamav-users:

> I have a virus on my server and I have no idea where to begin to get
> rid of it. I have four sites, all are personal sites and all are
> drupal.

If you are really certain that there is a virus on your server, my
recommendation is to re-install that server from scratch. Of course, you
need to be careful when restoring data from your backups not to include
the virus.

-Ralph

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installing question

2019-03-27 Thread J.R. via clamav-users 
> I am new here and I don't know how to use drush or command line. Can I
> still install clamav? Is there an installation guide for absolute beginners
> like me?

What OS? Windows there is an exe that has a GUI. Linux distro's
typically have their own packages which you would install through your
OS's package manager.

There's lots of guides out there, just have to google...

> I have a virus on my server and I have no idea where to begin to get rid of
> it. I have four sites, all are personal sites and all are drupal.

If drupal got exploited, you are going to have bigger issues and
probably more than what ClamAV will find.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error Broken Link

2019-03-27 Thread Micah Snyder (micasnyd) via clamav-users 
Hello Clayton,

Please try either of these links:
http://www.clamav.net/downloads/production/clamav-0.101.2.exe
 https://www.clamav.net/downloads/production/clamav-0.101.2.exe

It appears that the links may be case sensitive.  I will check with the web 
team to see why that is.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



From: clamav-users  on behalf of Clayton 
Bugeja 
Reply-To: ClamAV users ML 
Date: Wednesday, March 27, 2019 at 6:57 AM
To: "clamav-users@lists.clamav.net" 
Subject: [clamav-users] Error Broken Link

Dear Sir/Madam,

We are experiencing an issue when trying to download the file from this link 
listed in the User Manual to install the Windows non-portable version of 
clamav. The broken link is:

http://www.clamav.net/downloads/production/ClamAV-0.101.2.exe

Here is a screenshot of the error encountered when accessing the url above.

[image.png]

Could you please let us know what time can we expect a working link to download 
the executable version of the latest version of clamav please?

Thank you.

Best Regards



Best Regards

Clayton Bugeja

_

System Administrator

Transactium Ltd.

Tel: (356) 2333 3000

Direct: (356) 2333 7109

Email: clay...@transactium.com

Web: www.transactium.com



This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify 
clay...@transactium.com Any views or opinions 
presented in this email are solely those of the author and do not necessarily 
represent those of the company. Finally, the recipient should check this email 
and any attachments for the presence of viruses. The company accepts no 
liability for any damage caused by any virus transmitted by this email.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Are signatures for Windows only?

2019-03-27 Thread Graeme Fowler via clamav-users 
On Mar 27, 2019, at 11:07, G.W. Haywood wrote:
> On that day's numbers it looks like ClamAV is rejecting about 5% of
> rejected mail.  Here, in fifteen months, it's rejected _less_ than
> 0.0002% (although I'll grant that both are likely poor statistics).

Hello, fellow Loughborough graduate :)

We have a large number of other checks in line before content gets accepted and 
messages get passed to ClamAV. I'm not going to detail them here as this is a 
public mailing list, but suffice to say that you only get your message scanned 
if it hasn't tripped one of a large number of other rules we have in place. We 
use Exim, so we have almost infinite flexibility at all decision points in the 
SMTP transaction flow.

Given ClamAV's extensible nature, we're making use of a number of 'unofficial' 
signature databases which catch an awful lot of bad behaviour. Actual 
infectious agents (viruses, trojans, RATs and so on) are a very small fraction 
of the whole - largely because the indiscriminate ones that spew forth from 
older botnets and infected hosts are rejected before they pass any content to 
us.

ClamAV is part of a many-layered defence-in-depth approach, but without it we'd 
have a significant gap.

Graeme

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Installing question

2019-03-27 Thread MOHAMED OMAR MAKRAM via clamav-users 
hi there,
I am new here and I don't know how to use drush or command line. Can I
still install clamav? Is there an installation guide for absolute beginners
like me?

I have a virus on my server and I have no idea where to begin to get rid of
it. I have four sites, all are personal sites and all are drupal.

Please guide me in the right direction.
Thank You
Yogiart

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Are signatures for Windows only?

2019-03-27 Thread Andy via clamav-users 
  ‎Hi Clayton,Use lowercase for the filename or go to www.clamav.net click on Download, scroll down to the Windows packages and select the one you require.Regards,Andy.From: Clayton BugejaSent: Wednesday, 27 March 2019 11:20To: ClamAV users MLReply To: ClamAV users MLCc: G.W. HaywoodSubject: Re: [clamav-users] Are signatures for Windows only?Hi Everyone,Can you please try this link see if you can download the file as for us its not working: http://www.clamav.net/downloads/production/ClamAV-0.101.2.exewe are getting this message: This page isn’t workingwww.clamav.net is currently unable to handle this request.HTTP ERROR 500Best RegardsClayton Bugeja_System AdministratorTransactium Ltd.Tel: (356) 2333 3000Direct: (356) 2333 7109Email: clayton@transactium.comWeb: www.transactium.com This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify Clayton@transactium.com Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.On Wed, Mar 27, 2019 at 12:08 PM G.W. Haywood via clamav-users  wrote:Hi there,

On Mon, 25 Mar 2019, Joel Esler wrote:

> On Mar 25, 2019, at 12:22, G.W. Haywood via clamav-users ... wrote:
>
> > ... we really only use ClamAV to scan mail.  I guess we're as
> > untypical of a ClamAV user as you'll get.
> 
> Actually, from what we understand, ClamAV is mostly used to scan email.

Quite so.

On Tue, 26 Mar 2019, Graeme Fowler wrote:

> We (Loughborough University) use ClamAV ...

Unfortunately when I was at Loughborough University (Electronic and
Electrical Engineering) ClamAV did not exist.  Nor did the Internet,
as I graduated in 1976 (*). :/

> Picking a random recent day, we had 135000 rejections, 6500 of which
> were from ClamAV. By comparison, we accepted & delivered 25000
> messages ...

On that day's numbers it looks like ClamAV is rejecting about 5% of
rejected mail.  Here, in fifteen months, it's rejected _less_ than
0.0002% (although I'll grant that both are likely poor statistics).

On Mon, 25 Mar 2019, J.R. wrote:

> Yep, other measures for me too has meant that ClamAV *might* get one
> hit a day, which typically is a 3rd party phishing signature. I'm
> sure if ClamAV didn't catch it the email would still have been
> flagged and deleted as spam from other measures.
> 
> > It's a while since I looked at this, so I did a few 'grep's on 'daily':
> 
> You inspired me to take a look at the signature files ...

Excellent!  I like to inspire. :)

Obviously I didn't mean that using ClamAV to scan mail is untypical,
it's our 0.0002% detection rate which I think might be untypical.  I
should be very concerned if I relied on *any* anti-virus package to
stop one in twenty malicious payloads.  Not that I'm saying LU does,
there isn't enough information here to make that call.  But my guess
is that the typical ClamAV user feels that, if a message has been
scanned, it's probably safe to use a mail client's GUI to read it.
I'm pretty sure that it isn't (and my mail client doesn't have one,
and I'm *sure* that's untypical).

On Mon, 25 Mar 2019, Joel Esler wrote:

> That?s super interesting.  I?d be interested in what the 6500
> signatures were.  Just for a real world ?what are you seeing?
> conversation.

As Micah said:

On Tue, 26 Mar 2019, Micah Snyder wrote:

> We had hoped to re-implement it for 0.102.  I'm still crossing my
> fingers that we can get it done

It could be valuable to us to have the fed back information published
but you can see how it might be valuable to the wrong people too.

> but we've lost a lot of time working on improving ClamAV code
> quality and security.

That's not lost time.  It's time well used. :)

-- 

73,
(*) G.W. Haywood, BSc (1st hons 1976), CEng, MIET, MRIN.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:

[clamav-users] Error Broken Link

2019-03-27 Thread Clayton Bugeja 
Dear Sir/Madam,

We are experiencing an issue when trying to download the file from this
link listed in the User Manual to install the Windows non-portable version
of clamav. The broken link is:

http://www.clamav.net/downloads/production/ClamAV-0.101.2.exe

Here is a screenshot of the error encountered when accessing the url above.

[image: image.png]

Could you please let us know what time can we expect a working link to
download the executable version of the latest version of clamav please?

Thank you.

*Best Regards*


*Best Regards*

*Clayton Bugeja*

*_*

*System Administrator*

*Transactium Ltd.*


*Tel: (356) 2333 3000*

*Direct: (356) 2333 7109*


*Email: clay...@transactium.com *

*Web: www.transactium.com *



This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify Clayton
@transactium.com  Any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this email.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml