Re: [clamav-users] how do I get an old daily. cvd and cld? file?
Am 10.02.2011 23:26 schrieb Michael Scheidell: seems the newest daily file won't work with clamav 0.95.3. how do I get an older one that will? I can turn freshclam off for now, or until this is fixed. It's fixed in 12664. -- Best regards, Sven Strickroth ClamAV, a GPL anti-virus toolkit http://www.clamav.net PGP key id F5A9D4C4 @ any key-server ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Incremental update failed, trying to download daily.cvd
am 14.05.2009 19:06 schrieb Frank Elsner: is this a serious error to worry about? There is nothing you have to worry about. As you can see the update finished and you have a working database. -- Best regards, Sven mailto:s...@clamav.net ClamAV, a GPL anti-virus toolkit http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] number of signatures decrease
Am 25.10.2008 04:16 schrieb Chris: I 'think' this was explained before but I can't remember what the reason was. If someone remembers can they refresh my memory. search for main.cvd update on this ml. -- Best regards, Sven mailto:[EMAIL PROTECTED] ClamAV, a GPL anti-virus toolkit http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Anything major going on with the clamav databases?
Am 10.08.2007 19:00 schrieb Roberto Ullfig: On 2007-08-10 12:42, Roberto Ullfig wrote: Actually, what we see is that nearly all viruses of the form: Email.Phishing.RB-12... stopped being detected on Aug 9 15:31 on all 12 of our servers. On one server I see only one of these being detected this morning. We usually get several a minute. So, what could be the cause of the absence of this virus all of a sudden? The bad guys changed the mail-layout and we had to create new signatures. And yes: We remove Email.Phishing.RB-* from time to time, when those become useless to keep a clean/small/fast database. -- Best regards, Sven mailto:[EMAIL PROTECTED] ClamAV, a GPL anti-virus toolkit http://www.clamav.net signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: 0.90.1 freshclam error
Robert Isaac schrieb: /etc/cron.daily/freshclam: connect(): Permission denied What did I miss out? Seems as if you have notify-clamd enabled and maybe you have set wrong permissions/rights on the socket-file. Sven ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Recommended update to 0.90rc3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear ClamAV users, all users of ClamAV 0.90rc2 with experimental code enabled (--enable-experimental) are highly encouraged to update to 0.90rc3 in order to avoid stability problems which might occur after a phishing database update planned on Wednesday, February 14. - -- The ClamAV team (http://www.clamav.net/team.html) - -- Best regards, Sven mailto:[EMAIL PROTECTED] ClamAV, a GPL anti-virus toolkit http://www.clamav.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) - GPGshell v3.50 iD8DBQFFxd5dFkZnpPWp1MQRAtSaAKDTcRW5DrmKm29FNTtrVE9U0tnuZgCg2Sf7 usVsK8Ox4JJcxpoaojy6EWM= =xDfj -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: daily.wdb and daily.pdb
Robert Allerstorfer schrieb: However, the current daily.cvd does no more even contain a daily.pdb file. Where can it be fetched now? There will be a few updates to the format of the daily.pdb-file in the next few days. After these changes are released, daily.pdb will be in daily.cvd again. Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: False PayPal positive [FW: Your submission to ClamAV]
Daniel Tiefnig [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] ClamAV wrote: Dear ClamAV user, The following submissions have been processed and published: - 504853 The submission was a PayPal e-mail that was falsely classified as Email.Phishing.Pay-10. Now, it is still identified as Phish. What should I do now? Submit it again? I know the DB people have a lot of work to do, so maybe one of the ClamAV people here on the list could comment on this. Please read http://permalink.gmane.org/gmane.comp.security.virus.clamav.virusdb/1935 Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: daily.wdb and daily.pdb
Robert Allerstorfer [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Hello Tomasz, oops, sorry for overseeing that. OK, so that mail will now be found by the signature-based phishing detection (via 'daily.ndb'), but still not by the new url-based phishing detection using 'daily.pdb'. Thus it seems that submitting a virus sample will not affect 'daily.pdb'. No, I update daily.pdb regularly, but this time I forgot to add this entry. I'll take care on my next update... Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: clamav-devel-20060922 reload db failed
Roman Serbski [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] clamd daemon devel-20060923 (OS: freebsd6.2, ARCH: i386, CPU: i386) Log file size limited to 1048576 bytes. Reading databases from /var/db/clamav ... Self checking every 1800 seconds. No stats for Database check - forcing reload Reading databases from /var/db/clamav ERROR: reload db failed: Unable to create temporary file Terminating because of a fatal error.Socket file removed. Pid file removed. --- Stopped at Thu Sep 28 09:01:38 2006 Looks like the same bug as: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=50 Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] first daily.pdb published
Hi, today I published the first release of daily.pdb (included in daily.cvd) for the new phishing detection algo written by Edvin Török as part of the Summer Of Code 2006. It won't break any other clamav installation. This algorithmic detection is only available in the cvs-version, which you can download at http://www.clamav.net/snapshot.html, when it is build with ./configure --enable-experimental. As you can see it's not the stable version and experimental code, we can't recommend to use it in production. To disable the algorithmic detection: use --no-phishing-scan-urls for clamscan and the corresponding PhishingScanURLs option in clamd.conf Looking forward for you ideas, comments, results (and bug reports). Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Has anyone set up a local virus definitions server?
Fulda, Paul (Mission Systems) wrote: See #26 of http://www.clamav.net/faq.html#pagestart I suppose we need freshclam to change the file-dates to the cvd-build-time in order to get the http-mode work (for the NOT-MODIFIED-check). TK: Can you implement this? Perhaps with an extra option? Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: FAQ #13 - Can phishing be considered one kindof spam?
Hi, Per Jessen [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Dennis Peterson wrote: Per Jessen wrote: It has always been possible to unpack the pattern files and remove the parts you don't like. The various parts are clearly marked. If you use the devel-version (or if the devel-version becomes the stable one), you can use the parameter --no-phishing... Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: False Positive I think
George R. Kasica [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] what do I need to do to submit it as a false positive? submit it here: http://www.clamav.net/sendvirus.html Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Phishing detection
Oliver Stöneberg [EMAIL PROTECTED] wrote in news:[EMAIL PROTECTED] That might be right, but the creator of the Phihsing signatures (Sven) is pretty serious about what he is doing. Thanks. :) The reason, because I create so much Phishing sigs is very simple: I prefer this type of malware, but I create(d) sigs for other malware as well. I'm not the only sigmaker who created/creates Phishing sigs, Trog did/does a good job, too. Also, I would add that I have submitted a few of these phishes to ClamAV's virus submission and they all seem to get discarded without comment. Very bad, I had the same problem, so at one step I decided to send the creator of the Phishing sigantures a private message with a link to all my undetected Phishings and he looked at it and two days later he did a pretty big update adding signatues for almost all my signatures and cleaning house with a lot of old submissions. I am not sure how the process is working, but if you submit samples, you can chose Phishing and I guess in the first place we will only look at those mails. I am not sure how to decide which sigantues will be added in the first place. I also had a lot of positive experiences as some actual Phishings were added within hours to the signatures. I am getting access to a big archive of Phishing mails today and I will check them and see, which still aren't detected by ClamAV and submit them. We have a automated rating-system in our interface (which counts similar submissions) and I've a lot of email-addresses where I receive phishing mails, too. - And that's how _I_ priorize the sigs/submissions. :) But _no_ submission is lost. If we get not much samples and a submission looks very exotic, we don't create a sig for it very quickly. There is a signature maker, that is only doing Phishing signatures, so that's not true, that he is busy doing virus signatures see above :-D We create sigs in our spare time, so that's another factor: I was on a boring seminar the whole last week and hadn't time to create sigs :(. I do trust you to do signatures, I even gave you a lot of mails, but I think you should really remove the signatures of the mails, that ClamAV already detects and you should also submit your undetected mails to ClamAV or Sven directly. Please submit them via the IFace (http://www.clamav.net/sendvirus.html) with the origin Phishing, so that I can find these samples quickly. Please contact me only in special cases directly. Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Phishing Stats
Steve Basford [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Virus Stats, from my ISP, for 12 hours today: Well done Sven ! Thanks and btw. I love stats :) Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Worm.vb-8 and Worm.vb-9
Abdul Rehman Gani [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] What is the relationship between these 2 signatures and nyxem.e? Do both detect nyxem.e or do they detect different variants? Both sigs should detect nyxem.e and similar variants: Worm.VB-9 detects the packed-(uuencoded)-version of Worm.VB-8. Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Re: submission of phishing msgs
[EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] I also got a lot of Phishing mails, that aren't recognised by ClamAV (mostly german). I already submitted a few of them, but neither was one of them added nor did I get any response so far, so I stopped submitting, because I didn't want to increase the amount of samples being submitted each day. Please go on submitting them. - Some sigs need some time. Thanks. Best regards, Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: CVS (20050625) compile fails
Odhiambo Washington [EMAIL PROTECTED] wrote... When do you think it will be in CVS? This was already done/fixed yesterday in CVS. - 20050626 compiles without this error. Sven ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: ClamAV -- Squid Cache Integration
Jon R. Kibler [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Hello, Looking for a way to scan all incoming web content using ClamAV. Is anyone aware of any integration of ClamAV into the Squid Cache proxy server? Similar open-source solutions? I prefer/use Dansguardian: http://www.dansguardian.org ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: ERROR: Malformed CVD header detected
Hi, this issue/bug is already known and patched in CVS. Try the lastest CVS or my attached patch. For more information see: http://thread.gmane.org/gmane.comp.security.virus.clamav.devel/1572 Greetings Sven PS: I hope the attachment plain-text :-/. begin 666 freshclam-http10.patch M+2TM([EMAIL PROTECTED]:6O9G)EVAC;%M+VUA;F%G97(N8PDR,# U M+3 Q+3(V(#(Q.C0Y.C X+C P,# P,# P, K,#$P, T**RLK(-L86UA=BTP [EMAIL PROTECTED];2]M86YA9V5R+F,),C P-2TP,2TR-B R,CHR,#HT-RXP M,# P,# P,# @*S Q,# -D! (TU-CL,3,@*S4V-RPQ,R! 0 T*( ER971U M[EMAIL PROTECTED],3#L-B @( @?0T*( T*+2 @([EMAIL PROTECTED]W1RW1R*)U9F9EBP@ M(DA45% O,2XQ(#0P-(I*2 A/2!.54Q,*2![( T**R @([EMAIL PROTECTED]W1RW1R M*)U9F9EBP@(DA45% O,2XQ(#0P-(I*2 A/2!.54Q,('Q\(AS=')S='(H M8G5F9F5R+ B2%144\Q+C @-# T(BDI($]($Y53$PI('[EMAIL PROTECTED]@6UPFEN M=8H([EMAIL PROTECTED];[EMAIL PROTECTED];F0@;VX@F5M;W1E('-EG9EEQN(BD[ M#0H@7)E='5R;B!.54Q,.PT*( @([EMAIL PROTECTED]@( @(\J(-H96-K('=H M971H97(@=AE(')EV]UF-E(ES('5P+71O+61A=[EMAIL PROTECTED]BT@( @:68H M*'-TG-TBAB=69F97(L()(5%10+S$N,2 S,#0B*2D@([EMAIL PROTECTED],3D@R - MBL@( @:68H*'-TG-TBAB=69F97(L()(5%10+S$N,2 S,#0B*2D@(3T@ M3E5,3!\? HW1RW1R*)U9F9EBP@(DA45% O,2XP(#,P-(I*2 A/2!. M54Q,*2![( T*( T*( DJ:6US(#T@,#L-B );7!R:[EMAIL PROTECTED]@*$E-4RE ;B(I.PT* ` end ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Re: clam reports MS Office 2000 Pro CD 1 as infected
Jason Haar [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Does vscan for Samba have such an max filesize option? (I don't use it myself). If it doesn't, it probably should... Samba-VScan has such an option. And additional it has an option to exclude some filetype (based on libmagic), but that doesn't work correctly on my server (I'm still trying to solve this issue). Sven ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Re: Dial-up programs ?
Hi, here is a small signature for many german dialers (not yet accepted via web-interface, also called StarDialer): Dialer.Intexus.Generic=43006f006d00700061006e0079004e0061006d00650069006e0074006500780075007300200047006d00620048004c000100460069006c0065004400650073006300720069007000740069006f006e0049006e00740065007800750073004400690061006c{1069}5261734469616c41557569644372 Trog wrote: Yes, there are about 250 sigs, and they are called *Dialer* ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users