Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Olivier via clamav-users 
"G.W. Haywood via clamav-users"  writes:

> Hi there,
>
> On Thu, 29 Apr 2021, Robert Kudyba wrote:
>
>> ... no error(s) when I just ran it manually.
>
> There are lots of things in the script which look likely to cause
> issues, so I'd have expected something:
>
> 1. Is your Perl interpreter in /usr/local/bin/?  It's often in usr/bin/.

This is FreeBSD, perl is not into the system anymore, so it belongs to 
/usr/local.

>
> 2. The environment is likely to be different when the script runs via
> freshclam from when it runs at the command line,

It is not run by freshclam but by clamav-unofficial-sigs.sh.

> and it's usually bad
> form in scripts to rely on the environment anyway, so in any script of
> this kind I'd use full paths to executables.  For example on my system
> these would be
>
> /bin/chown
> /usr/bin/logger
> and
> /usr/local/bin/clamdscan

Agreed, but the script was written in hast to solve a pressent issue, so
I had not been that careful.

Note chown is the Perl function and logger should have been written
using some Perl module, but I was in a hurry :)

>
> but what are they on yours?  I'd also use full paths everywhere else
> instead of relative paths.  Things can go wrogn ervy kuiqly.
>
> 3. What is uid 110 on your system?  On my clamd server it's 'sshd'.
> This means that if I were to run it as root as it is, the script would
> change ownership of the modified files to the wrong user (which would
> break future updates unless root did them) and for other users fail.

110:110 is the anti-virus user (for historical reason, I was running
Kaspersky for FreeBSD at some stage and the user was hard coded in the 
anti-cirus).

> 4. People store the ClamAV databases in different places.  The script
> makes assumptions about them, have you changed them in the script to
> suit your system, or do you have or have you the needed directories?
> /var/db/clamav-unofficial-sigs/post-control/
> /var/db/clamav/

That is all FreeBSD standard places.

> 5. The script does no error checking at all.  It's good practice in
> scripts to check the return values of functions which provide them,
> such as 'chdir', 'link', 'unlink', 'chown' and (especially) 'open'.

Agreed too. I usually do it when I have time. Though Perl is pretty
resilient if a file is missing :)

>
>> Is there a sigtool command I can use to check that it worked? I can
>> compare this against another server that I have yet to install this.
>
> sigtool --find-sigs 
>
> should give you an idea of what's happened.
>
> As I warned already, do be careful with this stuff.

The script is provided as is, people are welcome to modify and twist as
they see fit :)

Best regards,

Olivier

-- 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Michael Orlitzky via clamav-users 
On Thu, 2021-04-29 at 16:22 +0100, G.W. Haywood via clamav-users wrote:
> 
> 3. What is uid 110 on your system?  On my clamd server it's 'sshd'.
> This means that if I were to run it as root as it is, the script would
> change ownership of the modified files to the wrong user (which would
> break future updates unless root did them) and for other users fail.
> 

If you're lucky. The clamav user can replace those files with
sym/hardlinks to take over any file on the system.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Robert Kudyba 
>
> 1. Is your Perl interpreter in /usr/local/bin/?  It's often in usr/bin/.
>

Thanks I saw that after the fact, indeed /usr/bin in Fedora

2. The environment is likely to be different when the script runs via
> freshclam from when it runs at the command line, and it's usually bad
> form in scripts to rely on the environment anyway, so in any script of
> this kind I'd use full paths to executables.  For example on my system
> these would be
>
> /bin/chown
> /usr/bin/logger
> and
> /usr/local/bin/clamdscan
>
> but what are they on yours?  I'd also use full paths everywhere else
> instead of relative paths.  Things can go wrogn ervy kuiqly.
>

/usr/bin for the all 3

> 3. What is uid 110 on your system?  On my clamd server it's 'sshd'.
> This means that if I were to run it as root as it is, the script would
> change ownership of the modified files to the wrong user (which would
> break future updates unless root did them) and for other users fail.
>

Yes caught those after the fact and updated the script accordingly

4. People store the ClamAV databases in different places.  The script
> makes assumptions about them, have you changed them in the script to
> suit your system, or do you have or have you the needed directories?
> /var/db/clamav-unofficial-sigs/post-control/
> /var/db/clamav/
>

Different on ours:
/var/lib/clamav-unofficial-sigs/dbs-mbl/

And I went ahead and created
/var/lib/clamav-unofficial-sigs/dbs-mbl/post-control

and not sure why we have a test dir:

/var/lib/clamav-unofficial-sigs/test

5. The script does no error checking at all.  It's good practice in
> scripts to check the return values of functions which provide them,
> such as 'chdir', 'link', 'unlink', 'chown' and (especially) 'open'.
>

Anything off the top of your head I can add?

> Is there a sigtool command I can use to check that it worked? I can
> > compare this against another server that I have yet to install this.
>
> sigtool --find-sigs 
>
> should give you an idea of what's happened.


The signature does not exist when I run this command.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread G.W. Haywood via clamav-users 

Hi there,

On Thu, 29 Apr 2021, Robert Kudyba wrote:


... no error(s) when I just ran it manually.


There are lots of things in the script which look likely to cause
issues, so I'd have expected something:

1. Is your Perl interpreter in /usr/local/bin/?  It's often in usr/bin/.

2. The environment is likely to be different when the script runs via
freshclam from when it runs at the command line, and it's usually bad
form in scripts to rely on the environment anyway, so in any script of
this kind I'd use full paths to executables.  For example on my system
these would be

/bin/chown
/usr/bin/logger
and
/usr/local/bin/clamdscan

but what are they on yours?  I'd also use full paths everywhere else
instead of relative paths.  Things can go wrogn ervy kuiqly.

3. What is uid 110 on your system?  On my clamd server it's 'sshd'.
This means that if I were to run it as root as it is, the script would
change ownership of the modified files to the wrong user (which would
break future updates unless root did them) and for other users fail.

4. People store the ClamAV databases in different places.  The script
makes assumptions about them, have you changed them in the script to
suit your system, or do you have or have you the needed directories?
/var/db/clamav-unofficial-sigs/post-control/
/var/db/clamav/

5. The script does no error checking at all.  It's good practice in
scripts to check the return values of functions which provide them,
such as 'chdir', 'link', 'unlink', 'chown' and (especially) 'open'.


Is there a sigtool command I can use to check that it worked? I can
compare this against another server that I have yet to install this.


sigtool --find-sigs 

should give you an idea of what's happened.

As I warned already, do be careful with this stuff.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Robert Kudyba 
>
> >  >> next if
> /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;
> >  next if /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;
> >
> >  You could do better with a regex, see the excellent Perl documentation.
> >
> > So what's the syntax to use || (or) with this? Something like this?
> >
> > next if
> /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/ ||
> > /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;
>
> I would make it more simple:
>
> next if /^MBL_\d+:0:\*:123.../;
> next if /^MBL_\d+:0:\*:abc.../;
> next if /^MBL_\d+:0:\*:097.../;
>
> That way you can comment on each individual line what they code for and
> if you need to remove one test, you only need to comment out the
> corresponding line without messing up with the regex or the condition.
>
> This script is only run once each time you update the ClamAV unofficial
> signatures and each test is run once per line, that makes not much sense
> to try to optimize the run time of the script.
> 


Excellent thanks, no error(s) when I just ran it manually. Is there a
sigtool command I can use to check that it worked? I can compare this
against another server that I have yet to install this.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Olivier via clamav-users 
Robert Kudyba  writes:


>  >> next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;
>  next if /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;
>
>  You could do better with a regex, see the excellent Perl documentation.
>
> So what's the syntax to use || (or) with this? Something like this?
>
> next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/ ||
> /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;

I would make it more simple:

next if /^MBL_\d+:0:\*:123.../;
next if /^MBL_\d+:0:\*:abc.../;
next if /^MBL_\d+:0:\*:097.../;

That way you can comment on each individual line what they code for and
if you need to remove one test, you only need to comment out the
corresponding line without messing up with the regex or the condition.

This script is only run once each time you update the ClamAV unofficial
signatures and each test is run once per line, that makes not much sense
to try to optimize the run time of the script.

Olivier
>
> [2:text/plain Hide]
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

-- 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Robert Kudyba 
>
> On Thu, 29 Apr 2021, Olivier via clamav-users wrote:
> > Robert Kudyba  writes:
> >
> >> How would you make this work for docs.google.com as well?
> >>
> >> the following regex corresponds to
> https://urldefense.proofpoint.com/v2/url?u=https-3A__drive.google.com&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=SkwoZXN0BGYwxD3l5CHHiEWxkW3gsgDkyyRFxanK24E&s=s750n2M4VDb8ZyWHaPUG_1uRE3SwKLylqFvjoCuh4No&e=
> >> next if
> /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;
> >
> > If I remember correctly (I am at home and I have nothing to check), the
> > URL is encoded in base64 ...
>
> This is plain hexadecimal representation of the individual characters,
> not Base64 encoding.
>
> > ... so it should be:
> > 68747470733a2f2f646f637s2e676f6f676c652e636f6d
>
> The character 's' is not in the range [0-9a-f] which are normally used
> to represent hexadecimal numbers.
>
> ASCII   hex
>
> h   68
> t   74
> t   74
> p   70
> s   73
> :   3a
>
> # the following regex corresponds to
> https://urldefense.proofpoint.com/v2/url?u=https-3A__drive.google.com&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=SkwoZXN0BGYwxD3l5CHHiEWxkW3gsgDkyyRFxanK24E&s=s750n2M4VDb8ZyWHaPUG_1uRE3SwKLylqFvjoCuh4No&e=
> next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;
>
> # the following regex corresponds to
> https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=SkwoZXN0BGYwxD3l5CHHiEWxkW3gsgDkyyRFxanK24E&s=koxwoqL0T012SCZYRi1RC-KrEQTjHA2KJ2z-GDUv9iM&e=
> next if /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;
>
> You could do better with a regex, see the excellent Perl documentation.
>

So what's the syntax to use || (or) with this? Something like this?

next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/ ||
/^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread G.W. Haywood via clamav-users 

Hi there,

On Thu, 29 Apr 2021, Olivier via clamav-users wrote:

Robert Kudyba  writes:


How would you make this work for docs.google.com as well?

the following regex corresponds to https://drive.google.com
next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;


If I remember correctly (I am at home and I have nothing to check), the
URL is encoded in base64 ...


This is plain hexadecimal representation of the individual characters,
not Base64 encoding.


... so it should be:
68747470733a2f2f646f637s2e676f6f676c652e636f6d


The character 's' is not in the range [0-9a-f] which are normally used
to represent hexadecimal numbers.

ASCII   hex

h   68
t   74
t   74
p   70
s   73
:   3a

# the following regex corresponds to https://drive.google.com
next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;

# the following regex corresponds to https://docs.google.com
next if /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;

You could do better with a regex, see the excellent Perl documentation.

See also

https://www.clamav.net/documents/body-based-signature-content-format

for writing signatures and for example

man ascii

for more information about hexadecimal representation of characters.

Be careful with this stuff, it's easy to shoot yourself in the foot.
Look carefully at what's happening.  The script does try to log things
and you can easily extend that - you might need to look at for example

man syslog

HTH

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Robert Kudyba 
>
> > How would you make this work for docs.google.com as well?
> >
> > the following regex corresponds to
> https://urldefense.proofpoint.com/v2/url?u=https-3A__drive.google.com&d=DwIBAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=rEXlMfZlmblv9Z7-T3igLJxWqr_PGyZY9iAcmjGZlI8&s=WpPUlXqGbkNw_lGZL2cge923JMkot3sLI36an1salO4&e=
> > next if
> /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;
>
> If I remember correctly (I am at home and I have nothing to check), the
> URL is encoded in base64 so it should be:
> 68747470733a2f2f646f637s2e676f6f676c652e636f6d
>
> But you better double check :)


>From your comments in the script:

> the following regex corresponds to https://drive.google.com


 When I use an online base64 converter that ends up
being aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29t

But what I'm asking for is to also include an "OR" to catch
https://docs.google.com (note the 'docs', not 'drive')

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Eero Volotinen 
Well. Then you need to install proxy outside of your network and open port
to that address.



Eero

On Thu, Apr 29, 2021 at 2:59 PM Zvi Kave via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
>
> The SysAdmin that responsible for Firewall maintenance,  allows to open
> only one IP in the firewall for freshclam use.
>
> I shall check squid definitions again.
>
> Thank you,
>
> Zvi
>
> On 4/29/2021 12:41 PM, Eero Volotinen wrote:
>
>
>
>
>>
>> > We wish to open only one IP in the firewall.
>>
>> Can you explain why it matters to you how many different IPs are used
>> to provide the service?  Do you use IPv4 and IPv6 addresses?  Have you
>> also asked Google if they will only send mail to you from a single IP?
>>
>> https://www.razlee.com/
>>
>>
> In squid it's possible to whitelist addresses by dns names.
>
> Eero
>
> ___
>
> clamav-users mailing 
> listclamav-users@lists.clamav.nethttps://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV 
> guide:https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Olivier via clamav-users 
Robert Kudyba  writes:

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (3kB)]
>
> How would you make this work for docs.google.com as well?
>
> the following regex corresponds to https://drive.google.com
> next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;

If I remember correctly (I am at home and I have nothing to check), the
URL is encoded in base64 so it should be:
68747470733a2f2f646f637s2e676f6f676c652e636f6d

But you better double check :)

Olivier

>
> On Thu, Apr 29, 2021, 12:25 AM Olivier  wrote:
>
>  Robert,
>
>  In the configuration file user.conf for ClamAV-unofficial-sig, I set the
>  following variable:
>
>  clamd_reload_opt="/usr/local/bin/clamav-unofficial-sigs-post.pl"
>
>  And the script is attached below.
>
>  Best regards,
>
>  Olivier
>
>  -- 
>

-- 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-29 Thread Robert Kudyba 
How would you make this work for docs.google.com as well?

the following regex corresponds to https://drive.google.com
next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;


On Thu, Apr 29, 2021, 12:25 AM Olivier  wrote:

> Robert,
>
> In the configuration file user.conf for ClamAV-unofficial-sig, I set the
> following variable:
>
> clamd_reload_opt="/usr/local/bin/clamav-unofficial-sigs-post.pl"
>
> And the script is attached below.
>
> Best regards,
>
> Olivier
>
> --
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Zvi Kave via clamav-users 

  
  

  Hi,
  
  
  The SysAdmin
that responsible for Firewall maintenance,  allows to open only
one IP in the firewall for freshclam use.
  
  
  I shall check
squid definitions again.
  
  
  Thank you,
  
  
  Zvi
  
  
  

On 4/29/2021 12:41 PM, Eero Volotinen
  wrote:


  
  




  

> We wish to open only one IP in the firewall.

Can you explain why it matters to you how many different IPs
are used
to provide the service?  Do you use IPv4 and IPv6
addresses?  Have you
also asked Google if they will only send mail to you from a
single IP?

https://www.razlee.com/

  
  
  
  In squid it's possible to whitelist addresses by dns
names. 
  
  
  Eero 

  
  
  
  
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Eero Volotinen 
>
> > We wish to open only one IP in the firewall.
>
> Can you explain why it matters to you how many different IPs are used
> to provide the service?  Do you use IPv4 and IPv6 addresses?  Have you
> also asked Google if they will only send mail to you from a single IP?
>
> https://www.razlee.com/
>
>
In squid it's possible to whitelist addresses by dns names.

Eero

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread G.W. Haywood via clamav-users 

Hi there,

On Thu, 29 Apr 2021, Zvi Kave via clamav-users wrote:


We would like to get a manual that describes how to configure
freshclam and proxy to refresh the signature files through the proxy
(squid) and not directly.


At the shell prompt:

man freshaclam.conf

or in a browser:

https://www.clamav.net/documents/clam-antivirus-user-manual


Explanation:

Our servers are behind a firewall.

The freshclam is referred to different ClamAV mirror with different IP for each 
refresh.

We wish to open only one IP in the firewall.


Can you explain why it matters to you how many different IPs are used
to provide the service?  Do you use IPv4 and IPv6 addresses?  Have you
also asked Google if they will only send mail to you from a single IP?

https://www.razlee.com/

"A global software house delivering and integrating proprietary IT products."

Is this you?

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Eero Volotinen 
Please check out documentation. There are proxy settings inside of
freshclam configuration file.

Eero

On Thu 29. Apr 2021 at 11.08, Zvi Kave via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello Joel,
>
> We would like to get a manual that describes how to configure freshclam
> and proxy to refresh the signature files through the proxy (squid) and not
> directly.
>
> Explanation:
>
> Our servers are behind a firewall.
>
> The freshclam is referred to different ClamAV mirror with different IP for
> each refresh.
>
> We wish to open only one IP in the firewall.
>
>
> We tried to set a proxy server outside the firewall and define freshclam
> on all the other servers apply to the proxy server.
>
> We did not succeed to configure clamAV and Squid to work together.
>
>1.
>
>Is there a better solution for this problem except  proxy server?
>2.
>
>Can you please send us manual or guidelines how to use this proxy ?
>
> Thanks,
>
> Zvi Kave
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Matus UHLAR - fantomas 

On 29.04.21 11:05, Zvi Kave via clamav-users wrote:

  We would like to get a manual that describes how to configure freshclam
  and proxy to refresh the signature files through the proxy (squid) and not
  directly.


use freshclam options:

  HTTPProxyServer STR, HTTPProxyPort NUMBER


  Explanation:

  Our servers are behind a firewall.

  The freshclam is referred to different ClamAV mirror with different IP for
  each refresh.

  We wish to open only one IP in the firewall.

  We tried to set a proxy server outside the firewall and define freshclam
  on all the other servers apply to the proxy server.

  We did not succeed to configure clamAV and Squid to work together.

   1. Is there a better solution for this problem except  proxy server?


using local clamav mirror:

https://github.com/Cisco-Talos/cvdupdate


   2. Can you please send us manual or guidelines how to use this proxy ?



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Request for guidelines to connect freshclam to Squid proxy

2021-04-29 Thread Zvi Kave via clamav-users 

  
  

  Hello Joel,
We
would like to get a manual that describes how to configure
freshclam
and proxy to refresh the signature files through the proxy
(squid)
and not directly.
Explanation:
Our
servers are behind a firewall.
The
freshclam is referred to different ClamAV mirror with different
IP
for each refresh.
We
wish to open only one IP in the firewall.


We
tried to set a proxy server outside the firewall and define
freshclam on all the other servers apply to the proxy server.
 We did
not succeed to configure clamAV and Squid to work together.

  
Is there a better solution
for this problem except  proxy server?
  
  
Can you please send us
manual or guidelines how to use this proxy ?
  
  

Thanks,
Zvi
Kave
  
  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml