date:20221229

Re: [clamav-users] Question Exception Rule

2022-12-29 Thread Al Varnell via clamav-users

I'm sure one of us could, but you need to tell us what the display and actual 
urls you want whitelisted first.

Sent from my iPad

-Al-

On Dec 29, 2022, at 08:06, newcomer01 via clamav-users 
 wrote:
> Is it possible, that you assist me in this process?
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Problem with freshclam

2022-12-29 Thread Andrew C Aitchison via clamav-users




[ Apologies, my previous reply failed to reach the list. ]

On Thu, 29 Dec 2022, newcomer01 wrote:

Yes, the "Error-Log" comes only when freshclam will be started from reboot 
via cron job


Did I understand you well?

@reboot host -t txt current.cvd.clamav.net /etc/clamav/clamav_opts sigs_update 0


Hmm. I have never used cron events such as @reboot
and I don't have a file /etc/clamav/clamav_opts
I was expecting a script /etc/cron.daily/freshclam but I must
have written mine myself (though anacron would use such a file).

Are you using Ubuntu clamav .deb packages or ones from ClamAV ?

Reading about @system cron events, I would not use it to
update the clamav database. Instead I would rely on anacron
noticing that we missed running freshclam at the proper time,
so start it now if appropriate.
That or stick with the clamv-freshclam daemon/service.


Von / From: Andrew C Aitchison 
An / To: Newcomer01 
Gesendet / Sent: Donnerstag, Dezember 29, 2022 um 18:15 (at 06:15 PM) +0100
Betreff / Subject: Re: [clamav-users] Problem with freshclam

On Thu, 29 Dec 2022, newcomer01 via clamav-users wrote:


Hi @ all,

i have this problem with freshclam since long time and I can't fix it 
(Ubuntu

22.04.1)
When i run freshclam  with a cron job (@rebot) this log come's up:

This is at reboot ?

I think the problem is that the cron job is starting freshclam
before your network - specifically your DNS - is ready.
When you run the command on a system that has been up for some time
the DNS is ready so the problem does not occur.

Two *possible* solutions:

1. Change your cron job to include the line
host -t txt current.cvd.clamav.net
 before it runs "freshclam".
 This may trigger the system to start the DNS service so that it is
 ready when freshclam wants it.

2. Switch to using the systemd service "clamav-freshclam".
 First disable your freshclam cron job, perhaps by
   moving /etc/cron.d/clamav-freshclam elsewhere (if it exists).
 Then something like
sudo systemctl enable clamav-freshclam
sudo systemctl status clamav-freshclam.service



If I am right this isn't really an issue with freshclam
but with the way that all the pieces of the system have been put together.

I note that the Ubuntu 22.10 clamav packages are designed to work with
systemd in preference to cron and I don't remember it having changed
since at least Ubuntu 20.04.



Thu Dec 29 13:36:51 2022 -> --
Thu Dec 29 13:36:51 2022 -> ClamAV update process started at Thu Dec 29
13:36:51 2022
Thu Dec 29 13:36:51 2022 -> WARNING: Can't query current.cvd.clamav.net
Thu Dec 29 13:36:51 2022 -> WARNING: Invalid DNS reply. Falling back to
HTTP mode.
Thu Dec 29 13:36:51 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:51 2022 -> WARNING: remote_cvdhead: Download failed (6)
Thu Dec 29 13:36:51 2022 -> WARNING:  Message: Couldn't resolve host name
Thu Dec 29 13:36:51 2022 -> WARNING: Failed to get daily database version
information from server: https://database.clamav.net
Thu Dec 29 13:36:51 2022 -> ERROR: check_for_new_database_version: Failed
to find daily database using server https://database.clamav.net.
Thu Dec 29 13:36:51 2022 -> Trying again in 5 secs...
Thu Dec 29 13:36:56 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:56 2022 -> WARNING: remote_cvdhead: Download failed (6)
Thu Dec 29 13:36:56 2022 -> WARNING:  Message: Couldn't resolve host name
Thu Dec 29 13:36:56 2022 -> WARNING: Failed to get daily database version
information from server: https://database.clamav.net
Thu Dec 29 13:36:56 2022 -> ERROR: check_for_new_database_version: Failed
to find daily database using server https://database.clamav.net.
Thu Dec 29 13:36:56 2022 -> Trying again in 5 secs...
Thu Dec 29 13:37:01 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Thu Dec 29 13:37:01 2022 -> OK
Thu Dec 29 13:37:01 2022 -> daily database available for download (remote
version: 26765)
Thu Dec 29 13:37:12 2022 -> Testing database:
'/var/lib/clamav/tmp.3cb7e09743/clamav-85bea499e24cfdaa871411c2b4b92e38.tmp-daily.cvd'
...
Thu Dec 29 13:37:20 2022 -> Database test passed.
Thu Dec 29 13:37:20 2022 -> daily.cvd updated (version: 26765, sigs:
2014567, f-level: 90, builder: raynman)
Thu Dec 29 13:37:20 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/main.cvd
Thu Dec 29 13:37:20 2022 -> OK
Thu Dec 29 13:37:20 2022 -> main database available for download (remote
version: 62)
Thu Dec 29 13:37:47 2022 -> Testing database:
'/var/lib/clamav/tmp.3cb7e09743/clamav-3d85cd963c0af4f35466d5a069aff5e5.tmp-main.cvd'
...
Thu Dec 29 13:37:54 2022 -> Database test passed.
Thu Dec 29 13:37:54 2022 -> main.cvd updated (version: 62, sigs: 6647427,
f-level: 90, builder: sigmgr)
Thu Dec 29 13:37:54 2022 -> Trying to retrieve CVD

Re: [clamav-users] Problem with freshclam

2022-12-29 Thread Alexander Lochmann


Hi all!

I've just ran freshclam again, and it worked.
I'll keep an eye on it.

Regards,
Alex

On 29.12.22 15:36, newcomer01 via clamav-users wrote:

Hi @ all,

i have this problem with freshclam since long time and I can't fix it 
(Ubuntu 22.04.1)

When i run freshclam  with a cron job (@rebot) this log come's up:


Thu Dec 29 13:36:51 2022 -> --
Thu Dec 29 13:36:51 2022 -> ClamAV update process started at Thu Dec 
29 13:36:51 2022

Thu Dec 29 13:36:51 2022 -> WARNING: Can't query current.cvd.clamav.net
Thu Dec 29 13:36:51 2022 -> WARNING: Invalid DNS reply. Falling back 
to HTTP mode.
Thu Dec 29 13:36:51 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:51 2022 -> WARNING: remote_cvdhead: Download failed 
(6) Thu Dec 29 13:36:51 2022 -> WARNING:  Message: Couldn't resolve 
host name
Thu Dec 29 13:36:51 2022 -> WARNING: Failed to get daily database 
version information from server: https://database.clamav.net
Thu Dec 29 13:36:51 2022 -> ERROR: check_for_new_database_version: 
Failed to find daily database using server https://database.clamav.net.

Thu Dec 29 13:36:51 2022 -> Trying again in 5 secs...
Thu Dec 29 13:36:56 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:56 2022 -> WARNING: remote_cvdhead: Download failed 
(6) Thu Dec 29 13:36:56 2022 -> WARNING:  Message: Couldn't resolve 
host name
Thu Dec 29 13:36:56 2022 -> WARNING: Failed to get daily database 
version information from server: https://database.clamav.net
Thu Dec 29 13:36:56 2022 -> ERROR: check_for_new_database_version: 
Failed to find daily database using server https://database.clamav.net.

Thu Dec 29 13:36:56 2022 -> Trying again in 5 secs...
Thu Dec 29 13:37:01 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd

Thu Dec 29 13:37:01 2022 -> OK
Thu Dec 29 13:37:01 2022 -> daily database available for download 
(remote version: 26765)
Thu Dec 29 13:37:12 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-85bea499e24cfdaa871411c2b4b92e38.tmp-daily.cvd' ...

Thu Dec 29 13:37:20 2022 -> Database test passed.
Thu Dec 29 13:37:20 2022 -> daily.cvd updated (version: 26765, sigs: 
2014567, f-level: 90, builder: raynman)
Thu Dec 29 13:37:20 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/main.cvd

Thu Dec 29 13:37:20 2022 -> OK
Thu Dec 29 13:37:20 2022 -> main database available for download 
(remote version: 62)
Thu Dec 29 13:37:47 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-3d85cd963c0af4f35466d5a069aff5e5.tmp-main.cvd' ...

Thu Dec 29 13:37:54 2022 -> Database test passed.
Thu Dec 29 13:37:54 2022 -> main.cvd updated (version: 62, sigs: 
6647427, f-level: 90, builder: sigmgr)
Thu Dec 29 13:37:54 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/bytecode.cvd

Thu Dec 29 13:37:54 2022 -> OK
Thu Dec 29 13:37:54 2022 -> bytecode database available for download 
(remote version: 333)
Thu Dec 29 13:37:54 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-e15dec8534c6c98f62a54cdab9ce00fb.tmp-bytecode.cvd' ...

Thu Dec 29 13:37:54 2022 -> Database test passed.
Thu Dec 29 13:37:54 2022 -> bytecode.cvd updated (version: 333, sigs: 
92, f-level: 63, builder: awillia2)


When I run the same command later in the day, all is fine.
What can I do to solve the issue?

Regards,Marc

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


--
Alexander LochmannPGP key: 0xBC3EF6FD


OpenPGP_signature
Description: OpenPGP digital signature
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Problem with freshclam

2022-12-29 Thread Richard via clamav-users



> Date: Thursday, December 29, 2022 14:36:28 +
> From: newcomer01 via clamav-users 
>
> i have this problem with freshclam since long time and I can't fix
> it (Ubuntu 22.04.1)
> When i run freshclam  with a cron job (@rebot) this log come's up:
> 
>> Thu Dec 29 13:36:51 2022 -> --
>> Thu Dec 29 13:36:51 2022 -> ClamAV update process started at Thu
Dec 29 13:36:51 2022 
>> Thu Dec 29 13:36:51 2022 -> WARNING: Can't query
current.cvd.clamav.net 
>> Thu Dec 29 13:36:51 2022 -> WARNING: Invalid DNS reply. Falling
back to HTTP mode. 
>> Thu Dec 29 13:36:51 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd 
>> Thu Dec 29 13:36:51 2022 -> WARNING: remote_cvdhead: Download
failed (6) 
>> Thu Dec 29 13:36:51 2022 -> WARNING:  Message: Couldn't resolve
host name
>> Thu Dec 29 13:36:51 2022 -> Trying again in 5 secs...

  . . .

>> Thu Dec 29 13:36:56 2022 -> WARNING:ﾠ Message: Couldn't resolve
host name
>> Thu Dec 29 13:36:56 2022 -> Trying again in 5 secs...

  . . . 

>> Thu Dec 29 13:37:01 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
>> Thu Dec 29 13:37:01 2022 -> OK
>> Thu Dec 29 13:37:01 2022 -> daily database available for download
(remote version: 26765)

 . . .

> When I run the same command later in the day, all is fine.
> What can I do to solve the issue?

When you have a problem like this it's good to carefully read down
through the error messages provided as you'll often find hints there.

As shown in your log, the first couple of attempts failed due to dns
name resolution failures, then it worked on its retry.

You will need to use a tool like dig to work through why your machine
is having these lookup failures. It could be latency in the response
from the nameservers you have configured or a problem is how [or
what] you have configured [as] the nameservers that this machine is
using. It is possible that there is an issue with the nameservers on
the clamav.net side, but that seems less likely as there would
probably be more general reporting of a problem if that were the case.



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Question Exception Rule

2022-12-29 Thread newcomer01 via clamav-users


Hi Eric,

i know about this support-page but i don't understand what i should have to do.
How can I create such a daily.pdb file and what should i write in it ... the 
problem is, what is the displayed url e.g.
Is it possible, that you assist me in this process?

kind regards
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Eric Tykwinski 
Gesendet / Sent: Donnerstag, Dezember 29, 2022 um 16:17 (at 04:17 PM) +0100
Betreff / Subject: Re: [clamav-users] Question Exception Rule

Marc,


-Original Message-
From: clamav-users  On Behalf Of

newcomer01 via clamav-users

Sent: Thursday, December 29, 2022 10:05 AM
To: ClamAV User Mailinglist 
Cc: newcomer01 
Subject: [clamav-users] Question Exception Rule

Hi @ all,

who can I contact to get an exemption for ClamAV

("Heuristics.Phishing.Email.SpoofedDomain")?

This in my case is an absolutely legitimize sender (my Bank).

It's in the documentation:
https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format


Regards
Marc

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Question Exception Rule

2022-12-29 Thread Eric Tykwinski via clamav-users

Marc,

> -Original Message-
> From: clamav-users  On Behalf Of
newcomer01 via clamav-users
> Sent: Thursday, December 29, 2022 10:05 AM
> To: ClamAV User Mailinglist 
> Cc: newcomer01 
> Subject: [clamav-users] Question Exception Rule
>
> Hi @ all,
>
> who can I contact to get an exemption for ClamAV
("Heuristics.Phishing.Email.SpoofedDomain")?
> This in my case is an absolutely legitimize sender (my Bank).

It's in the documentation:
https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format

> Regards
> Marc

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Question Exception Rule

2022-12-29 Thread newcomer01 via clamav-users


Hi @ all,

who can I contact to get an exemption for ClamAV 
("Heuristics.Phishing.Email.SpoofedDomain")?
This in my case is an absolutely legitimize sender (my Bank).

Regards
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Problem with freshclam

2022-12-29 Thread newcomer01 via clamav-users


Hi @ all,

i have this problem with freshclam since long time and I can't fix it (Ubuntu 
22.04.1)
When i run freshclam  with a cron job (@rebot) this log come's up:


Thu Dec 29 13:36:51 2022 -> --
Thu Dec 29 13:36:51 2022 -> ClamAV update process started at Thu Dec 29 
13:36:51 2022
Thu Dec 29 13:36:51 2022 -> WARNING: Can't query current.cvd.clamav.net
Thu Dec 29 13:36:51 2022 -> WARNING: Invalid DNS reply. Falling back to HTTP 
mode.
Thu Dec 29 13:36:51 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:51 2022 -> WARNING: remote_cvdhead: Download failed (6) Thu Dec 
29 13:36:51 2022 -> WARNING:  Message: Couldn't resolve host name
Thu Dec 29 13:36:51 2022 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Dec 29 13:36:51 2022 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Thu Dec 29 13:36:51 2022 -> Trying again in 5 secs...
Thu Dec 29 13:36:56 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:56 2022 -> WARNING: remote_cvdhead: Download failed (6) Thu Dec 
29 13:36:56 2022 -> WARNING:  Message: Couldn't resolve host name
Thu Dec 29 13:36:56 2022 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Dec 29 13:36:56 2022 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Thu Dec 29 13:36:56 2022 -> Trying again in 5 secs...
Thu Dec 29 13:37:01 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:37:01 2022 -> OK
Thu Dec 29 13:37:01 2022 -> daily database available for download (remote 
version: 26765)
Thu Dec 29 13:37:12 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-85bea499e24cfdaa871411c2b4b92e38.tmp-daily.cvd'
 ...
Thu Dec 29 13:37:20 2022 -> Database test passed.
Thu Dec 29 13:37:20 2022 -> daily.cvd updated (version: 26765, sigs: 2014567, 
f-level: 90, builder: raynman)
Thu Dec 29 13:37:20 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/main.cvd
Thu Dec 29 13:37:20 2022 -> OK
Thu Dec 29 13:37:20 2022 -> main database available for download (remote 
version: 62)
Thu Dec 29 13:37:47 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-3d85cd963c0af4f35466d5a069aff5e5.tmp-main.cvd'
 ...
Thu Dec 29 13:37:54 2022 -> Database test passed.
Thu Dec 29 13:37:54 2022 -> main.cvd updated (version: 62, sigs: 6647427, 
f-level: 90, builder: sigmgr)
Thu Dec 29 13:37:54 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/bytecode.cvd
Thu Dec 29 13:37:54 2022 -> OK
Thu Dec 29 13:37:54 2022 -> bytecode database available for download (remote 
version: 333)
Thu Dec 29 13:37:54 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-e15dec8534c6c98f62a54cdab9ce00fb.tmp-bytecode.cvd'
 ...
Thu Dec 29 13:37:54 2022 -> Database test passed.
Thu Dec 29 13:37:54 2022 -> bytecode.cvd updated (version: 333, sigs: 92, 
f-level: 63, builder: awillia2)


When I run the same command later in the day, all is fine.
What can I do to solve the issue?

Regards,Marc

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Question Exception Rule

Re: [clamav-users] Problem with freshclam

Re: [clamav-users] Problem with freshclam

Re: [clamav-users] Problem with freshclam

Re: [clamav-users] Question Exception Rule

Re: [clamav-users] Question Exception Rule

[clamav-users] Question Exception Rule

[clamav-users] Problem with freshclam

8 matches

Site Navigation

Mail list logo

Footer information