"Based on your experiences with similar setups, can you please suggest
additional ways to provide high (or at least better) AV protection?"
IMHO there isn't better free protection, because sophos or bitdefender are not
free anymore.
The sample you sent wasn't detected by my server's first laye
On 2022-04-05 23:20, Nikolaos Milas wrote:
On 5/4/2022 11:06 μ.μ., Bastian Blank wrote:
This is no 7z file, the same as was already reported here.
Exactly. However the problem was solved, as you may see in the last
mails of the thread, by installing unrar on the OS.
sure, my point is unrar i
On 5/4/2022 11:06 μ.μ., Bastian Blank wrote:
This is no 7z file, the same as was already reported here.
Exactly. However the problem was solved, as you may see in the last
mails of the thread, by installing unrar on the OS.
The malicious sender, as was mentioned earlier, tries to confuse
sc
On Tue, Apr 05, 2022 at 05:36:10PM +0300, Nikolaos Milas wrote:
> On 5/4/2022 4:42 μ.μ., Danilo Godec wrote:
> > any chance you could provide one of the bad 7z files for download?
> Of course, help yourself:
>http://iweb.noa.gr/files/REF.301129930990211_04-2022.7z
This is no 7z file, the s
On 5/4/2022 6:12 μ.μ., Damian wrote:
Look for "Found decoder for" lines on Amavis restart.
I did a localinstall of the package. After Amavis reload:
...
Apr 5 18:21:35 mailgw1 amavis[1064531]: Found decoder for .rar at
/usr/bin/unrar
...
Apr 5 18:21:35 mailgw1 amavis[1064531]: Found deco
On 2022-04-05 09:57, Nikolaos Milas wrote:
Based on your experiences with similar setups, can you please suggest
additional ways to provide high (or at least better) AV protection?
http://sanesecurity.com/foxhole-databases/ add as much of that 3dr party
signatures to clamav, disable decode i
On 5/4/2022 6:18 μ.μ., Damian wrote:
Does your setup permit executables?
We allow them in compressed archives, but it might not be a bad idea to
drop the altogether...
N
Yet, I would NOT be surprised by ClamAV not detecting it, but I would
hope some third-party db (through ExtremeSHOCK) to catch it.
Does your setup permit executables?
On 5/4/2022 5:50 μ.μ., infoomatic wrote:
I uploaded the sample, and voila:
Hmm, I am not sure if we can be 100% based on this portal's info. For
example, it shows Avira as non-detecting, whereas I tested with Avira
and it detected the virus as I already mentioned!
Yet, I would NOT be surpr
Important question: If I provide unrar to the OS, would I need to
change anything to the amavis configuration?
Ideally, no. Look for "Found decoder for" lines on Amavis restart.
Also, would that be enough for archive scanning needs or I should try
to find 7zz too
I don't know the success rates
On 5/4/2022 3:17 μ.μ., Damian wrote:
Your system lacks rar and unrar, and EPEL does not provide it any more.
I could try (as a localinstall - I checked and the package does not
require other third-party package dependencies):
https://centos.pkgs.org/8/rpmfusion-nonfree-updates-x86_64/un
the file you provided is actually not a 7z file, I could open it with unrar.
So this might be a nice trick to circumvent a not so intelligent scanner
where scanning is done via file extension - the scanner mit try to use
7z to extract files and fails.
However, in the case of clamav, the content
On 5/4/2022 1:57 μ.μ., infoomatic wrote:
out of interest, did clamav detect the local content?
You mean the exe file contained in the 7z archive?
I didn't try that, to be honest.
Nick
On 5/4/2022 4:42 μ.μ., Danilo Godec wrote:
any chance you could provide one of the bad 7z files for download?
Of course, help yourself:
http://iweb.noa.gr/files/REF.301129930990211_04-2022.7z
If you can find a successful way to scan, I would be grateful!
Cheers,
Nick
Hi,
any chance you could provide one of the bad 7z files for download?
I'd like to test my Amavis to see if it has the same problem...
Regards,
Danilo
On 5. 04. 22 09:57, Nikolaos Milas wrote:
Hello,
We have amavisd-new v2.12.1 in service with ClamAV v0.103.4 (on Rocky
Linux 8.
How about using 'unar' - a command line version of 'The Unarchiver'
(https://theunarchiver.com/) which supports a lot of formats
(including 7z, RAR, ...) and is available on several Linux distros?
Currently unsupported [1] by Amavis.
[1] https://gitlab.com/amavis/amavis/-/issues/84
On 5. 04. 22 15:35, Damian wrote:
You could give 7zip [1] a try. According to [2], 7zz integration
does not need code changes. You'd have to deploy 7zz manually,
though, as I don't see it in EPEL either.
RPM names are p7zip and p7zip-plugins on EPEL for Centos 8.
p7zip and p7zip-plugins do
You could give 7zip [1] a try. According to [2], 7zz integration does
not need code changes. You'd have to deploy 7zz manually, though, as
I don't see it in EPEL either.
RPM names are p7zip and p7zip-plugins on EPEL for Centos 8.
p7zip and p7zip-plugins do not provide 7zz, but 7z and 7za. Pe
On 4/5/22 14:17, Damian wrote:
You could give 7zip [1] a try. According to [2], 7zz integration does
not need code changes. You'd have to deploy 7zz manually, though, as I
don't see it in EPEL either.
RPM names are p7zip and p7zip-plugins on EPEL for Centos 8.
Question 1: Is there something wrong in the configuration that does
not allow 7z scanning or probably an additional software library is
needed?
Your system lacks rar and unrar, and EPEL does not provide it any more.
Question 1A: If a decoder fails, could amavis be explicitly configured
to tr
out of interest, did clamav detect the local content?
On 05.04.22 11:29, Nikolaos Milas wrote:
On 5/4/2022 11:17 π.μ., Damian wrote:
How do you know that they are infected? Is your setup not detecting
those viruses because neither Amavis nor ClamAV look inside the 7z
archive, or because ClamAV
On 5/4/2022 11:17 π.μ., Damian wrote:
How do you know that they are infected? Is your setup not detecting
those viruses because neither Amavis nor ClamAV look inside the 7z
archive, or because ClamAV has no signatures for them?
Thank you Damian for the reply,
For testing purposes, I downloade
On 05/04/2022 08:57, Nikolaos Milas wrote:
Hello,
We have amavisd-new v2.12.1 in service with ClamAV v0.103.4 (on Rocky
Linux 8.5) together with additional unofficial signatures from
eXtremeSHOK (ref.: https://github.com/extremeshok/clamav-unofficial-sigs)
Yet, we are recently receiving a lot o
Yet, we are recently receiving a lot of mails with virus-infected
attachments (usually in 7z files) which are scanned by amavis/clamav
but are NOT getting detected.
How do you know that they are infected? Is your setup not detecting
those viruses because neither Amavis nor ClamAV look inside
Hello,
We have amavisd-new v2.12.1 in service with ClamAV v0.103.4 (on Rocky
Linux 8.5) together with additional unofficial signatures from
eXtremeSHOK (ref.: https://github.com/extremeshok/clamav-unofficial-sigs)
Yet, we are recently receiving a lot of mails with virus-infected
attachments
25 matches
Mail list logo
