Re: [clamav-users] Freshclam seems locked and can not be unlocked.

2019-08-06 Thread SCOTT PACKARD via clamav-users 
fuser /var/log/clamav/freshclam.log



From: clamav-users  On Behalf Of Jari 
Kosonen via clamav-users
Sent: Saturday, August 03, 2019 8:09 PM
To: clamav-users@lists.clamav.net
Cc: Jari Kosonen 
Subject: [External] [clamav-users] Freshclam seems locked and can not be 
unlocked.

jari@jari-PC:~$ sudo freshclam
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).


--
  Jari

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Probably something simple but new to ClamAV

2019-06-04 Thread SCOTT PACKARD via clamav-users 
clamscan -V is all they care about.


> -Original Message-
> From: clamav-users  On Behalf Of 
> Rodney Stratford via clamav-users
> Sent: Tuesday, June 04, 2019 8:29 AM
> To: clamav-users@lists.clamav.net
> Cc: Rodney Stratford 
> Subject: [External] [clamav-users] Probably something simple but new to ClamAV
> 
> I have installed ClamAV in my PCF environment.  But security team is looking 
> at how to display the virus signature level is of the AV.  Is
> there a command or a tool that can display this?  Any help is appreciated.  
> Thanks
> 
> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] connect clamscan output to journal with systemd-cat

2019-04-03 Thread SCOTT PACKARD via clamav-users 
Logfiles are a place where a sysadmin notices a host running smoothly (lack of 
anything in logs) or has problems (error messages about the programs show up in 
the logs).
Looks like you are trying to misuse logfiles as a place to put 
successful/unsuccessful output that's produced by a program.
You'll want to create a separate log for your program, foo.log, and write it to 
/var/log/ directory.

Others can comment about scanning a host every minute.

Regards, Scott

From: clamav-users  On Behalf Of 
Kretschmer, Jens
Sent: Wednesday, April 03, 2019 1:34 AM
To: clamav-users@lists.clamav.net
Subject: [External] [clamav-users] connect clamscan output to journal with 
systemd-cat

Hi,
I would like to redirect the output of clamscan to the journal, which should by 
possible by
/usr/bin/clamscan -r /root/ 2>&1 | /usr/bin/systemd-cat --identifier="clamscan"
or
/usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan -r /root/
While both commands work when executed manually in the terminal, the output is 
not redirected when executed by a cronjob. If I put the following line into the 
file /etc/cron.d/clamav
* * * * * root /usr/bin/systemd-cat --identifier="clamscan" /usr/bin/clamscan 
-r /root/
I can see that the clamscan process is started every minute, but the output is 
not redirected to the journal.
If I put the line
* * * * * root /usr/bin/systemd-cat --identifier="clamscan" ls /root/
Into the file /etc/cron.d/clamav, it is executed every minute as well and I can 
see the output of ls in the journal.
Do you have any idea what could be causing the issue?
Best regards,
Jens

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installing question

2019-03-27 Thread SCOTT PACKARD via clamav-users 
There's almost nothing going on on your web site http://tucson-az-cpa.com/.  It 
should be an easy job to restore it from whatever offline source you have.
If all you're worried about is "visitors to your site they get a message that 
the site is unsecured", I think getting https:// going is what you're after.
Maybe go and read https://letsencrypt.org/ .

Regards, Scott

From: clamav-users  On Behalf Of MOHAMED 
OMAR MAKRAM via clamav-users
Sent: Wednesday, March 27, 2019 10:32 AM
To: ClamAV users ML 
Cc: MOHAMED OMAR MAKRAM ; J.R. 

Subject: [External] Re: [clamav-users] Installing question

I've had this for few months. The only thing i was able to do is to pay for 
virus protection but it is so expensive.
Is there a way to find those hidden files? Do you think they are in the db or 
in the files?
I am moving out to another server right now. Is there a good process to do this 
without copying the virus along with the files?

Thanks for your help
[Image removed by sender.]

On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:
> I do not know if the virus is on the server, in the files, or in the db.
> Here is what I know:
> Under each folder of each site, files appear with a name such as:
> f68z319m.php
> When visitors go to my websites, they get a message that the site is
> unsecured
>
> Does this information help identify the issue, or where to look for the
> virus?

Did you look at the contents of those files? Sounds like someone is
exploiting code to upload files which could then be used to do all
sorts of nasty things. That could be an issue with drupal or packages
on your system being out of date. Often that is just the first step
and once they upload one file they use it to upload a lot more in
hidden directories and modifying files and such...

I hope you have a recent backup...

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Mohamed Omar Makram, CPA
Osiris CPA, PLLC
Tele: (520) 906-1863
Fax: (520) 448-0706


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)

2019-03-12 Thread SCOTT PACKARD via clamav-users 



> -Original Message-
> From: clamav-users  On Behalf Of Gary 
> R. Schmidt
> Sent: Tuesday, March 12, 2019 5:42 AM
> To: clamav-users@lists.clamav.net
> Subject: [External] Re: [clamav-users] Any way to auto-update Clam engine 
> (freshclam or any other tools)
> 
> On 12/03/2019 23:23, Scott Kitterman via clamav-users wrote:
> >
> >
> > On March 12, 2019 11:22:05 AM UTC, Matus UHLAR - fantomas via clamav-users 
> >  wrote:
> >> On 12.03.19 13:58, Sunhux G via clamav-users wrote:
> >>> I'm on Solaris 10 x86 : we disabled compilers as part of our OS
> >> hardening;
> >>> much appreciated if someone can help me make/compile one for our OS.
> >>> So far I can't locate any 0.101.1 for Solaris 10 x86,  only for
> >>> RHEL/Windows.
> >>
> >> it's strange that you disable compiling from source code as part of
> >> hardening, but you are willing to take code compiled by someone else
> >> and run
> >> it locally.
> >>
> >> How do you know that the code doesn't contain backdoor?
> >
> > You are thinking about security.  This seems to be about compliance.  It's 
> > only distantly related.
> >
> True.
> 
> Looks more like Standard Auditory Compliance by Incompetence to me (but
> I'm a cynical old BOFH, so much of what goes on these days is
> thinly-disguised incompetence).


See Gene Spafford's latest blog on RSA conference, for more like-minded 
thoughts.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)

2019-03-12 Thread SCOTT PACKARD via clamav-users 
> I'm on Solaris 10 x86 : we disabled compilers as part of our OS hardening;
much appreciated if someone can help me make/compile one for our OS.
So far I can't locate any 0.101.1 for Solaris 10 x86,  only for RHEL/Windows.

Well, I'll point you to unixpackages.com.
You pay a subscription fee, they compile packages for you.
Easy to say who the source is from too, for your compliance auditor.
Once you're paid up you can request they build a newer version of ClamAV
(they're on 0.100.2 currently).
They provide just a libgcc package, to keep the whole gcc compiler off the host.
In total, you need 21 packages installed in order to satisfy all the 
dependencies.


Regards, Scott Packard


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Issue with clamav logical signature generation

2019-02-28 Thread SCOTT PACKARD via clamav-users 
> Can't remember using 12 bit words, but one of the first machines I used,
> a CDC 6600, had 60 bit data words and 18 bit addresses.
> Text was normally uppercase-only, stored in 6-bit bytes ten characters
> per word. But if you wanted to use lower case you could use a different
> encoding which would occupy two of the 6-bit bytes per character, so in
> a way you had 12-bit bytes

An instructor called it Consistency Doesn't Count (CDC).
That was the big machine on campus back in the day.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav 0.101.1 dosn't compile on solaris anymore.

2019-02-20 Thread SCOTT PACKARD 
unixpackages.com uses gcc-3.4.6 and has clamav built, along with 20 dependency 
packages.
Pointing it out because 'severely ancient' compilers aren't necessarily the 
issue here.

Regards, Scott


> -Original Message-
> From: clamav-users  On Behalf Of Gary 
> R. Schmidt
> Sent: Wednesday, February 20, 2019 4:00 AM
> To: clamav-users@lists.clamav.net
> Subject: [External] Re: [clamav-users] Clamav 0.101.1 dosn't compile on 
> solaris anymore.
> 
> On 20/02/2019 17:13, Pierluigi Frullani wrote:
> > Hi all,
> >   I was upgrading my clamav installation on solaris 10 but it doesn't
> > compile anymore:
> 
> [SNIP]
> 
> > cc1plus: error: unrecognized command line option
> > "-Wno-logical-op-parentheses"
> > cc1plus: error: unrecognized command line option "-Wno-dangling-else"
> > *** Error code 1
> > The following command caused the error:
> > echo "  CXX     " libclamunrar_la-archive.lo;/bin/bash ../libtool
> > --silent --tag=CXX   --mode=compile g++ -DHAVE_CONFIG_H -I. -I..
> > -I../libclammspack  -I.. -I./nsis -I../libltdl  -DWARN_DLOPEN_FAIL  -I..
> > -I./nsis -I../libltdl  -DWARN_DLOPEN_FAIL -DRARDLL
> > -Wno-logical-op-parentheses -Wno-switch -Wno-dangling-else -g -O2 -MT
> > libclamunrar_la-archive.lo -MD -MP -MF .deps/libclamunrar_la-archive.Tpo
> > -c -o libclamunrar_la-archive.lo `test -f '../libclamunrar/archive.cpp'
> > || echo './'`../libclamunrar/archive.cpp
> > make: Fatal error: Command failed for target `libclamunrar_la-archive.lo'
> > Current working directory /root/develop/clamav-0.101.1/libclamav
> > *** Error code 1
> >
> > Any idea on what I can check ?
> >
> > Here some specs for the environment:
> > Solaris 10 u11 ( 1/13 ) latest patches.
> > gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
> >
> That is a severely ancient GCC/G++ installation (2004!!), OpenCSW is up
> to 4.9.2/5.5.0 for S10, and I recently built 7.3.0 from source on
> Solaris 10 and 11 for $ORK.
> 
> Update your GCC/G++ to something recent, and try again.  FWIW, I've
> built clamav 0.101.1 on S11.3 using my build of GCC 7.3.0.
> 
>   Cheers,
>   GaryB-)
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"

2018-10-30 Thread SCOTT PACKARD 
You'd want to:
ls -ld /
ls -ld /var
ls -ld /var/www
l s-ld /var/www/nc_data
and make sure user www-data has at least read and execute permissions to the 
parent directories.
You probably have removed read and execute from other, so clamdscan can't go 
down in the
directory hierarchy to get to /var/www/nc_data/.

Regards, Scott


From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Doug Ingham
Sent: Tuesday, October 30, 2018 2:23 PM
To: clamav-users@lists.clamav.net
Subject: [External] [clamav-users] Clam user has read permissions, but I still 
get "lstat() failed: Permission denied"

Hi all,
 For some reason, clamdscan is returning a permissions error for files it has 
read access to.
I've copied some output below to help show the situation...

==
root@arquivos0:/var/www# grep User /etc/clamav/clamd.conf
User clamav

root@arquivos0:/var/www# grep clamav /etc/group
www-data:x:33:clamav
clamav:x:121:

root@arquivos0:/var/www# ls -ld nc_data/
drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/

root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf 
nc_data/
/var/www/nc_data: lstat() failed: Permission denied. ERROR
--- SCAN SUMMARY ---
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
root@arquivos0:/var/www# sudo -u clamav ls nc_data/
[correct directory contents listed]

root@arquivos0:/var/www# ls -al /var/log/clamav/
total 20
drwxr-xr-x  2 clamav clamav45 Out 30 12:29 .
drwxrwxr-x 16 root   syslog  4096 Out 30 15:41 ..
-rw-r-  1 clamav adm10914 Out 30 17:12 clamav.log
-rw-r-  1 clamav adm 2352 Out 30 15:17 freshclam.log

root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf 
/var/log/clamav/
/var/log/clamav: lstat() failed: Permission denied. ERROR
--- SCAN SUMMARY ---
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
==
To quote Aristotle, "WTF?"

Any help appreciated!

--
Doug
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-03 Thread SCOTT PACKARD 
Hmm, I went to recreate both cases before replying, and I can get both to work, 
sort of.
I still can't resolve DNS TXT records, but I can it seems throw the URI
http://db.us.clamav.net/daily.cvd to the proxy server and it can handle it.
Beats me what IP db.us.clamav.net resolves to.
I get the whole daily.cvd, with either wget or curl.

curl's -r 35-39 isn't honored though, when fetching externally.  I get the 
whole daily.cvd.

(I swear  this doesn't work at 6am Monday morning though. :) )

Thanks, Scott

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Dennis Peterson
> Sent: Tuesday, July 03, 2018 12:53 PM
> To: clamav-users@lists.clamav.net
> Subject: [External] Re: [clamav-users] We STILL cannot reliably get virus 
> updates (since new mirrors)
> 
> Does your wget not support the -e args to access a proxy?
> 
> Example:
> wget http://someurl.com/filename.html -e use_proxy=yes -e
> http_proxy=xxx.xxx.xxx.xxx:3128
> 
> The proxy IP or hostname can be used.
> 
> dp
> 
> On 7/3/18 11:11 AM, SCOTT PACKARD wrote:
> > The current DNS TXT does not work within my company, as a firewall fully 
> > blocks things, including DNS.
> > (as an aside, curl works, with sufficient massaging, but wget cannot, as it 
> > does not have an option to work with a proxy).
> >
> > I rely on someone in Arizona to pull definitions from, but sometimes their 
> > server goes out, other times clamav's content system
> breaks,
> > and it's a pain to figure out which one is the culprit.
> >
> > Regards, Scott
> >
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-03 Thread SCOTT PACKARD 
The current DNS TXT does not work within my company, as a firewall fully blocks 
things, including DNS.
(as an aside, curl works, with sufficient massaging, but wget cannot, as it 
does not have an option to work with a proxy).

I rely on someone in Arizona to pull definitions from, but sometimes their 
server goes out, other times clamav's content system breaks,
and it's a pain to figure out which one is the culprit.

Regards, Scott

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Christopher X. Candreva
> Sent: Tuesday, July 03, 2018 10:36 AM
> To: ClamAV users ML 
> Subject: [External] Re: [clamav-users] We STILL cannot reliably get virus 
> updates (since new mirrors)
> 
> 
> 
> For everyone (or maybe the one) asking why the DNS system exists, as the
> person who came up with the idea in the first place (or the idea of stealing
> it from the DNSbls ) I thought I would provide a link to the original
> discussion in which is was hashed out ( beaten to death) back in 2004:
> 
> https://lists.gt.net/clamav/users/11106?do=post_view_threaded
> 
> I thought the math was in this thread, but at some point the actual savings
> of being able to check for a new version with a UDP packet over a TCP/http
> HEAD command was calculated, and it was a significant amount of transfer,
> expensive at the time.
> 
> 
> I have to admit I've wondered if Cloudflare and the other CDN's meant it
> outlived it's usefullness, but it's a contribution I'm fairly proud of.
> 
> -Chris
> 
> 
> 
> On Tue, 3 Jul 2018, Joel Esler (jesler) wrote:
> 
> >
> >
> >   On Jul 2, 2018, at 1:17 PM, Reindl Harald
> >wrote:
> >
> > on a typical setup freshclam is running once or twice *daily* while a
> > webserver these days can spit out the same small static txt file many
> > thousands of times per seond with zero load
> >
> >
> > That is not the results we are seeing.  There are a LARGE amount of people
> > that check for updates once or twice a day, yes.  However, we have hundreds
> > of thousands of people that check for updates hundreds of times a day.  We
> > haven't started concentrating on these people yet (our biggest offender is
> > one IP that checks 100,000+ times a day), but clearly that's excessive.  We
> > publish approx 5-6 times a day.  So, let's say you check 50 times a day
> >  Clearly, that's enough.
> >
> > --
> > Joel Esler
> > Sr. Manager
> > Open Source, Design, Web, and Education
> > Talos Group
> > http://www.talosintelligence.com
> >
> >
> 
> ---
> 
> Chris Candreva  --  ch...@westnet.com  --  http://www.westnet.com/~chris
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions

2018-06-19 Thread SCOTT PACKARD 
> Is there a way that I can copy the files from another server internal to the 
> network out to the server in the DMZ? Without running freshclam to update? 
> And just reload clamd?

Seem like you could copy the files from another server that can pull them.
daily.cvd
main.cvd
bytecode.cvd (though probably not using that one)

Mine are in /var/lib/clamav.  That is set with "DatabaseDirectory".

Regards, Scott


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.100.0 has been released!

2018-04-12 Thread SCOTT PACKARD 
Just wanted to wave to Gary, another Solaris 11.3 user.
There aren't many of us left.

Regards, Scott

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV performance overhead on RHEL & Solaris

2018-03-16 Thread SCOTT PACKARD 
No numbers.  
I'm pretty sure Larry's EULA prevents you (and me) from publishing numbers.

Regards, Scott


> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Len Sanschargrin
> Sent: Friday, March 16, 2018 1:35 PM
> To: 'ClamAV users ML' <clamav-users@lists.clamav.net>
> Subject: [External] Re: [clamav-users] ClamAV performance overhead on RHEL & 
> Solaris
> 
> Any relative numbers you can share?
> 
> Thanks very much, Len Sanschargrin
> 
> 
> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf
> Of SCOTT PACKARD
> Sent: Friday, March 16, 2018 3:47 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] ClamAV performance overhead on RHEL & Solaris
> 
> It plays on RHEL and Solaris a lot better than Symantec.
> You should get your Solaris builds from www.unixpackages.com.
> 
> Regards, Scott
> 
> > -Original Message-
> > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> > Behalf Of Len Sanschargrin
> > Sent: Friday, March 16, 2018 10:45 AM
> > To: clamav-users@lists.clamav.net
> > Subject: [External] [clamav-users] ClamAV performance overhead on RHEL
> > & Solaris
> >
> > Hello, I have customer who is preparing to implement ClamAV on RHEL
> > and Solaris. As the Performance engineer, I'm looking for any testing
> > or stats on potential overhead can be associated with running ClamAV.
> > Even just anecdotal observations can help us to set expectations and
> > of course any additional guidance is appreciated!
> >
> >
> >
> > Thanks very much, Len
> >
> >
> >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV performance overhead on RHEL & Solaris

2018-03-16 Thread SCOTT PACKARD 
It plays on RHEL and Solaris a lot better than Symantec.
You should get your Solaris builds from www.unixpackages.com.

Regards, Scott

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Len Sanschargrin
> Sent: Friday, March 16, 2018 10:45 AM
> To: clamav-users@lists.clamav.net
> Subject: [External] [clamav-users] ClamAV performance overhead on RHEL & 
> Solaris
> 
> Hello, I have customer who is preparing to implement ClamAV on RHEL and
> Solaris. As the Performance engineer, I'm looking for any testing or stats
> on potential overhead can be associated with running ClamAV. Even just
> anecdotal observations can help us to set expectations and of course any
> additional guidance is appreciated!
> 
> 
> 
> Thanks very much, Len
> 
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.99.3 and GCC Patch

2018-02-21 Thread SCOTT PACKARD 
Bill S -
I found it confusing also; I've only gone through the website's downloads 
verbiage.

I was able to find these -4 versions by Googling on the full package name.
Once I found one, I saw I could go to https://rpmfind.net/ and look there for 
clamav, and its dependent packages.

Regards, Scott

> >>> clamav-0.99.3-4.fc26.x86_64
> >>> clamav-data-empty-0.99.3-4.fc26.noarch
> >>> clamav-filesystem-0.99.3-4.fc26.noarch
> >>> clamav-lib-0.99.3-4.fc26.x86_64
> >>> clamav-milter-0.99.3-4.fc26.x86_64
> >>> clamav-milter-systemd-0.99.3-4.fc26.noarch
> >>> clamav-scanner-0.99.3-4.fc26.noarch
> >>> clamav-scanner-systemd-0.99.3-4.fc26.noarch
> >>> clamav-server-0.99.3-4.fc26.x86_64
> >>> clamav-server-systemd-0.99.3-4.fc26.noarch

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz)

2018-01-29 Thread SCOTT PACKARD 
https://talosintelligence.com/about  click on box "Talos PGP Public Key".
Maybe that one works?  If it was its own URL I'd include it, but it looks like 
it's javascript, in the same page.

Regards, Scott

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Tomasz Papszun
> Sent: Monday, January 29, 2018 2:26 PM
> To: clamav-users@lists.clamav.net
> Subject: [External] [clamav-users] GPG key where? (was: Re: GPG signature 
> problem with clamav-0.99.2.tar.gz)
> 
> On Fri, 30 Jun 2017 at 20:12:11 +, Joel Esler (jesler) wrote:
> > Jim,
> >
> > Thanks.  This look like the vulndev key.  The correct key is on the contact 
> > page of Talosintelligence.com.
> >
> > We'll take a look here.
> 
> Hi, Joel.
> 
> I went to http://www.clamav.net/downloads, got
> http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz  and
> http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz.sig
> and wanted to verify the tarball and compile ASAP - there are bugs in
> 0.99.2 after all.
> 
> For half an hour or so I tried to find the public key at various places:
> 
> Talosintelligence.com, Cisco.com, http://labs.snort.org/contact.html
> (linked at
> https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-upgrade.md),
> a keyserver - all to no avail.
> 
> Where is the key?
> 
> 
> >
> > > On Jun 30, 2017, at 13:46, Jim Michaud  
> > > wrote:
> > >
> > > I just downloaded clamav-0.99.2.tar.gz from
> > > https://www.clamav.net/downloads and tried to check the signature
> > > using the "Talos PGP Public Key" on the same page.  It looks like it
> > > was signed with a different public key.
> > >
> > > $ gpg --import ../Talos-PGP-Public-Key
> > > gpg: key 0B3BB3A7: public key "vuln...@cisco.com " 
> > > imported
> > > gpg: Total number processed: 1
> > > gpg:   imported: 1  (RSA: 1)
> > >
> > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 
> > > 260429A0
> > > gpg: Can't check signature: No public key
> > >
> > > I was able to do some digging and did find the key using
> > > https://pgp.key-server.io/
> > > (https://pgp.key-server.io/search/Talos+GPG+Key).  However that key
> > > expired in April 2017. I'm guessing someone needs to update the
> > > signature file using the new public key.
> > >
> > > $ gpg --verify clamav-0.99.2.tar.gz.sig clamav-0.99.2.tar.gz
> > > gpg: Signature made Fri 22 Apr 2016 12:25:32 PM EDT using DSA key ID 
> > > 260429A0
> > > gpg: Good signature from "Talos (Talos GPG Key) "
> > > gpg: Note: This key has expired!
> > > Primary key fingerprint: F79F B2D0 8751 574C 5D3F  DFFB B3D5 342C 2604 
> > > 29A0
> >
> 
> --
>  Tomasz Papszun  | And it's only
>  tomek at lodz.tpsa.pl linkedin.com/in/tomaszpapszun | ones and zeros.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Solaris pkg download

2017-11-16 Thread SCOTT PACKARD 
I'm a fan of unixpackages.com.
There's a lot of dependent packages, but they have clamav-0.99.2 behind their 
paywall.
You can download them, burn them to a DVD, then carry them across an air-gap 
for installation onto a host.

# Dependency Tree for: clamav-0.99.2

autogen-5.18.5
bzip2-1.0.6
guile-1.8.8
readline-6.3
coreutils-8.21
libidn-1.28
gmp-4.2.1
gnutls-3.3.18
libtool-2.4.2
nettle-2.7.1
pcre-8.41
curl-7.55.1
openssl-1.0.2l
libiconv-1.14
libintl-3.4.0
libssh2-1.8.0
libxml2-2.9.1
ncurses-5.7
zlib-1.2.11
gcc-3.4.6
clamav-0.99.2-sol10

Regards, Scott

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Jones, Bob
> Sent: Wednesday, November 15, 2017 12:10 PM
> To: clamav-users@lists.clamav.net
> Subject: [External] [clamav-users] Solaris pkg download
> 
> I'm looking for the compiled ClamAV package download for SPARC Solaris 10 and 
> x86 Solaris 10 if it's available.  I have no way to install
> the pkg directly from the CSW site using pkgadd - I just need to get the 
> package itself it that's possible.
> 
> Thanks,
> Bob Jones
> The information contained in this e-mail and in any attachments is intended 
> only for the person or entity to which it is addressed and
> may contain confidential and/or privileged material. Any review, 
> retransmission, dissemination or other use of, or taking of any action
> in reliance upon, this information by persons or entities other than the 
> intended recipient is prohibited. This message has been
> scanned for known computer viruses.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] When and what version will next release be?

2017-08-31 Thread SCOTT PACKARD 
Do you know when you'll have a next release of clamav?
Will it be a 0.99.x or a 1.x release?

Regards, Scott
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] WannaCry

2017-05-15 Thread SCOTT PACKARD 
Thanks for posting this Steve.

Regards, Scott

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of Steve Basford
> Sent: Monday, May 15, 2017 3:12 AM
> To: clamav-users@lists.clamav.net
> Cc: sanesecur...@freelists.org
> Subject: [clamav-users] WannaCry
> 
> Sorry for the slightly off-topic post but just in case this helps...
> 
> MS17-01 Summary
> 
> 
> 1. malwarehash.hsb
> 
> 175+ hashes in malwarehash.hsb (Sanesecurity.MalwareHash.WannaCry) added
> over the weekend
> 
> 2. MS17-010 nmap network scan script
> 
> https://raw.githubusercontent.com/cldrn/nmap-nse-scripts/master/scripts/smb-vuln-ms17-010.nse
> 
> usage:
> 
> nmap -sC -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010.nse
> X.X.X.X/X
> 
> Source: https://gist.github.com/Neo23x0/60268852ff3a5776ef66bc15d50a024a
> 
> 
> 3. MS17-01 Windows Patches
> 
> http://www.catalog.update.microsoft.com/Search.aspx?q=MS17-010
> 
> --
> Cheers,
> 
> Steve
> Twitter: @sanesecurity
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question about ClamScan

2017-05-12 Thread SCOTT PACKARD 
Hi Crazy -
Could you please stop asking your questions to the clamav-users list?  Just 
stop.

Thanks.

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf 
> Of crazy thinker
> Sent: Thursday, May 11, 2017 10:29 PM
> To: ClamAV users ML ; ClamAV Development 
> 
> Subject: [clamav-users] Question about ClamScan
> 
> Hi ClamAV Developers, Users
> 
> I think Clamscan is a Single Thread Application. Am i right?. i inspected
> this for a little bit time. it  doesn't have read any config file to read
> some thing before it about to start.
> 
> 
> Thanks,
> Crazy Thinker, Inc
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Identify Threat Risk Level with ClamAV

2017-04-14 Thread SCOTT PACKARD 

> No. all malware would not be large risk.. for an example,  EICAR  test file
> is sample virus file.it can't make big damage to system.

Can you present another example, other than the EICAR test file?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Feature request: show checksums of virus databases on the clamav.net website

2016-09-29 Thread SCOTT PACKARD 
Some of us clamav users are behind rather substantial proxies and can't pull 
them easily.
It's nice to have a place to download them.  Just FYI.

-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Joel Esler (jesler)
Sent: Thursday, September 29, 2016 3:23 PM
To: ClamAV users ML 
Subject: Re: [clamav-users] Feature request: show checksums of virus databases 
on the clamav.net website

We really don’t want people downloading the cvd’s through the browser directly 
on the website.  We really want to encourage people to use Freshclam to do this.

--
Joel Esler
Manager
Talos Group
http://www.talosintelligence.com

On Sep 29, 2016, at 12:21 PM, Alexey Salmin 
> wrote:

Sorry if this had been proposed before, nothing showed up in my search.

I suggest to display checksums (MD5, SHA or both) on the website next
to CVD download links on the 
www.clamav.net/downloads page. This will
provide a user with:
1) A simple way to check if files were updated since the last
download. It takes time to fetch the main.cvd. I realize that this
should be possible with a custom HTTP query but it's not convenient in
case you're simply using a browser to get the file.
2) A quick and a standard way to validate the integrity of the file,
without going into CVD internals and digital signatures.

Thank you,
Alexey
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml