Hi ClamAV Developers, ClamAV Users
what will happen if I configure more than 2 threads(for say example , I
keep MaxThreads attribute value 10 in clamd.conf) on Dual Core Processor
Systems.
How exactly ClamAV (clamd) will work in this kind of scenarios?
Kindly waiting for knowledgable info
Hi ClamAV Developers,Users
As per My Understnading , Virus Signatures are Classified into two types
1.Static Virus Signatures(short/fixed length virus signatures)
2.Dynamic Virus Signatures(long length Signatures with Regular Expression)
So I guess, ClamAV performing both Signature Based
Hi ClamAV Developers,
I have compiled the ClamAV source code on Mac OS X and investigating
libclamav.dylib and libclamav.7.dylib internal files information for my
curiousity.. Surprisingly i got below info when i ran grep with some
pattern
*admin-macbookPro-2:clamav-devel-0.99.2
Hi ClamAV Developers, Users
Sorry.. i missed proper info in my previous mail thread.. please find
correct info below
I have compiled the ClamAV source code on Mac OS X and investigating
libclamav.dylib and libclamav.7.dylib internal files information for my
curiousity.. Surprisingly i got
Hi ClamAV Developers, Users
I have compiled the ClamAV source code on Mac OS X and investigating
libclamav.dylib and libclamav.7.dylib internal files information for my
curiousity.. Surprisingly i got below info when i ran grep with some
pattern
*admin-macbookPro-2:clamav-devel-0.99.2
Hi ClamAV Developer, users
I have below Questions on ClamAV Virus Database
1.what information bytecode.cvd contatins? and how it is useful in malware
detection?
2.Why not ClamAV release virus databse in terms of platform specific like
Windows,Linux,Mac OS X,Androind,BSD etc? is there any
, April 11, 2017 12:31 AM
To: ClamAV Development <clamav-devel@lists.clamav.net>
Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll
Thanks for your quick response. I believe that, I can start from this point.
Sent using Boxer
On Apr 11, 2017 12:23 AM, Brandon Perry <bpe
the value to "cl_scandesc" Native method. Am I right?.
>
> Yes, I believe that’s correct.
>
>>
>>
>> Regards,
>> Suresh Shanmugam.
>>
>> -Original Message-
>> From: clamav-devel [mailto:clamav-devel-boun...@lists.clamav.net] O
nmugam.
>>
>> -Original Message-
>> From: clamav-devel [mailto:clamav-devel-boun...@lists.clamav.net] On Behalf
>> Of Brandon Perry
>> Sent: Monday, April 10, 2017 9:12 PM
>> To: ClamAV Development <clamav-devel@lists.clamav.net>
>&
10, 2017 9:12 PM
> To: ClamAV Development <clamav-devel@lists.clamav.net>
> Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll
>
>
>> On Apr 10, 2017, at 9:00 AM, Shanmugam, Suresh (Conduent)
>> <suresh.shanmu...@conduent.com> wrote:
>>
>&
lf
> Of Brandon Perry
> Sent: Monday, April 10, 2017 9:12 PM
> To: ClamAV Development <clamav-devel@lists.clamav.net>
> Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll
>
>
>> On Apr 10, 2017, at 9:00 AM, Shanmugam, Suresh (Conduent)
>> <suresh.shanm
-
From: clamav-devel [mailto:clamav-devel-boun...@lists.clamav.net] On Behalf Of
Brandon Perry
Sent: Monday, April 10, 2017 9:12 PM
To: ClamAV Development <clamav-devel@lists.clamav.net>
Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll
> On Apr 10, 2017, at 9:00 AM
> On Apr 10, 2017, at 9:00 AM, Shanmugam, Suresh (Conduent)
> wrote:
>
> Hi Developers,
>
> I've an query about doing the scan using byte[] help of LibClamAV.dll(win32).
> If anyone know the methods to pass the byte[] provide the details?.
>
> Note:
> I able
Hi Developers,
I've an query about doing the scan using byte[] help of LibClamAV.dll(win32).
If anyone know the methods to pass the byte[] provide the details?.
Note:
I able to do the scan a physical path file. But not able to do with byte[].
Please help me.
Regards,
Suresh Shanmugam.
Hi ClamAV User, Developer
I like ClamAV tool and have below question
does ClamAV able to detect below malware types?
*1.adware*
*2.spyware*
*3.virus*
*4.torjan*
*5.worm*
*6.rootkit*
*7.backdoors*
*8.keyloggers*
*9.rouge security software*
*10.ransomware*
*11.browser hijacker*
Hi All,
It is known that ClamAV uses Pattern Matching to Catch infected files. In
this case,Can We use Pattern Removal Statergy to repair infected files.
could anyone of you help me to get steps that follow for repairing
infected files
___
We have a question about mpool_malloc() error of version 0.97.8, as follows.
We know this error is caused by small value of fragsz[](defined
libclamav/mpool.c).
Is this understanding correct?
Is there any reason why it doesnot stop unusually (abnormally), when the error
was happened.
(It seems
Hi all,
I am doing research on anti-virus engines. for my research , i downloaded
clamav source code and built from source. when i debugged source code,i
came to know that ClamAV internally 14 Engine instances for pefrom
Scanning files against virus db files
Could any one of you know, why
Hi all,
I have a doubt regarding virus db files. why ClamAV team providing common
database for paltforms like windows linux and mac os x. why not they
provide virus database files based on platform specific. is there any
specific reason behind this? i am very curious about know it.
Thanks,
Hi all,
I am browsing clam av source code and i think currently clam av using
bloom fliter data-structure in pre-filtering step. could some one help me
to understand internal logic of signature stoarge in depth
what information bloom fliter contains about virus signature? and does
full
On Wed, Aug 15, 2012 at 11:35 PM, David Raynor dray...@sourcefire.comwrote:
On Wed, Aug 15, 2012 at 6:58 AM, Chatsiri Ratana insider...@gmail.com
wrote:
Hello Dave R,
1) How to ClamAV categories virus signature in SHA1, SHA256, MD5 and
Hexdump types?
2) What's estimate
Hi Chatsiri,
PE section MD5 signatures are more useful than MD5 signatures of the entire
file (because it allows the other section of the PE to vary, thus catching more
samples with a single signature. Moreover, updating becomes easy this way.
Hope you got your answer.
On Thu, Aug 16, 2012 at
On Thu, Aug 16, 2012 at 8:01 PM, Vishrut Sharma v.vish...@gmail.com wrote:
Hi Chatsiri,
PE section MD5 signatures are more useful than MD5 signatures of the entire
file (because it allows the other section of the PE to vary, thus catching
more
samples with a single signature. Moreover,
On Wed, Jul 4, 2012 at 4:25 AM, David Raynor dray...@sourcefire.com wrote:
On Mon, Jul 2, 2012 at 5:07 PM, Alexandre Dias lexx...@gmail.com wrote:
Hello,
I'm studying multi-pattern matching and I was browsing the source code
for
ClamAV's implementation of a multi-pattern matcher
On Wed, Aug 15, 2012 at 6:58 AM, Chatsiri Ratana insider...@gmail.comwrote:
Hello Dave R,
1) How to ClamAV categories virus signature in SHA1, SHA256, MD5 and
Hexdump types?
2) What's estimate signature types of virus load to A-C and B-M on
ClamAV? I see flags --ac-only for loading
On Mon, Jul 2, 2012 at 5:07 PM, Alexandre Dias lexx...@gmail.com wrote:
Hello,
I'm studying multi-pattern matching and I was browsing the source code for
ClamAV's implementation of a multi-pattern matcher (Wu-Maber based)
algorithm.
I've got a question regarding the block and minimum size
Hello,
I'm studying multi-pattern matching and I was browsing the source code for
ClamAV's implementation of a multi-pattern matcher (Wu-Maber based)
algorithm.
I've got a question regarding the block and minimum size values.
At the moment, both the block size and the minimum pattern length are
On Wed Mar 07 2012 01:21:25 GMT+0100 (CET)
Alexandre Dias lexx...@gmail.com wrote:
Hello,
I am doing my Msc thesis work in pattern matching, and I am using
ClamAV's signature database.
I've got a question about two specific wildcards that are stated in
the signatures.pdf file (titled
On Thu, 26 Aug 2010 19:33:44 -0700 (PDT)
outstandingcandy outstandingca...@gmail.com wrote:
Hi all!
Does anybody know what is the following signature mean
(especially the last two sections)?
VBS.Redlof-1:3:*:666f73b2079706f735b695d3d79:0:26
See signatures.pdf, the last two are minimum
Hi all!
Does anybody know what is the following signature mean (especially the last
two sections)?
VBS.Redlof-1:3:*:666f73b2079706f735b695d3d79:0:26
2010-08-27
outstandingcandy
-
定时提醒您处理邮件、高效办公不费心,请用网易闪电邮(fm.163.com)!
On 7/28/2010 6:18 PM, thyago wrote:
I'm researching ways of updating a signature database on-the-fly, so the way
clamAV does it, can really help me out...
I mean, what structures are there? how is it implemented?
Is there a data structure used to store the signatures on memory? If so, how
/**
* @file /magma/providers/external/clamav.c
*
* @brief Interface for the ClamAV library.
*
* $Author: Ladar Levison $
* $Date: 2010/08/13 10:32:38 $
* $Revision: ecaee526d4ba88a141c5b889dd023b13c05c2654 $
// Scan the message. The OLE code has a bug in it that causes
On 8/14/2010 3:19 AM, Török Edwin wrote:
// Scan the message. The OLE code has a bug in it that causes segfaults.
What bug ??
That comment was related to a bug I found in Feb/2008 and v0.92.1, but
has long since been patched. See this email thread for details:
On 8/14/2010 5:30 AM, Török Edwin wrote:
Heuristics.Phishing.* will not stop the scan, and report only if
nothing else is found.
Other engine detections could be changed to behave the same way.
Signature based detections however always stop on first match, and that
is not configurable.
If you
I'm researching ways of updating a signature database on-the-fly, so the way
clamAV does it, can really help me out...
I mean, what structures are there? how is it implemented?
Is there a data structure used to store the signatures on memory? If so, how
exactly is it updated?
what type of data
Hi Edwin,
On Apr 27, 2010, at 7:19 AM, Török Edwin wrote:
On 04/26/2010 10:20 PM, Mohammed Al-Saleh wrote:
Hi Edwin,
Thanks for your reply.
I need to know the cases where ClamAV has performance bottlenecks or issues.
The best way to do that is by measuring it.
Read the last part of
On 05/18/2010 09:09 PM, Mohammed Al-Saleh wrote:
Hi Edwin,
On Apr 27, 2010, at 7:19 AM, Török Edwin wrote:
On 04/26/2010 10:20 PM, Mohammed Al-Saleh wrote:
Hi Edwin,
Thanks for your reply.
I need to know the cases where ClamAV has performance bottlenecks or issues.
The best way to do
On 04/24/2010 11:39 PM, Mohammed Al-Saleh wrote:
Does ClamAV use Aho-Corasick algorithm to match files against static
signatures and Boyer-Moore against signatures that have *'s and ??'s ?
No it is not as simple as that, and it is usually the other way around.
read the cli_parse_add()
Does ClamAV use Aho-Corasick algorithm to match files against static signatures
and Boyer-Moore against signatures that have *'s and ??'s ?
Thanks much,
~Moe
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our
--- Calin A. Culianu [EMAIL PROTECTED] wrote:
On Mon, 14 Mar 2005, John Giammarche wrote:
Hello everyone and thanks for reading my message.
I want to use clamd to scan files that are
uploaded to
a Java Servlet. So far, I've connected to clamd
and
clamd answered the PORT that I
--- John Giammarche [EMAIL PROTECTED] wrote:
--- Calin A. Culianu [EMAIL PROTECTED] wrote:
On Mon, 14 Mar 2005, John Giammarche wrote:
Hello everyone and thanks for reading my
message.
I want to use clamd to scan files that are
uploaded to
a Java Servlet. So far, I've
--- Calin A. Culianu [EMAIL PROTECTED] wrote:
On Tue, 15 Mar 2005, John Giammarche wrote:
Well, then I have another problem.
I have a file that is known to be infected with a
virus. It's the ps executable from a server,
inside
a .tar.bz2.
Scanned in the console, the
-8871 x4322 - 480-215-5218 (Cell)
Original Message
Subject: [Clamav-devel] Question about STREAM
scanning
From: John Giammarche [EMAIL PROTECTED]
Date: Mon, March 14, 2005 2:15 pm
To: ClamAV Development
clamav-devel@lists.clamav.net
Hello everyone and thanks
On Mon, 14 Mar 2005, John Giammarche wrote:
Hello everyone and thanks for reading my message.
I want to use clamd to scan files that are uploaded to
a Java Servlet. So far, I've connected to clamd and
clamd answered the PORT that I should connect to send
the file. So far so good.
When I connect to
Hi,
Is clam.exe test signature a MD5 one ? How many MD5 signatures are in
database ? Is this kind of signatures become be useless if memory scan
would be implemented ? Just wondering
Boguslaw Brandys
___
Hi,
Could somebody (probably from developers team) tell me if GMP library is
used in clamav only for CVD file verification or it's wrong assumption ?
Is it used in scanning or MD5 signatures support also?
I found only that is used in cli_versig function, but I 'd like to be
sure.Working with
On Thu, 04 Nov 2004 12:12:19 +0100
Bogus³aw Brandys [EMAIL PROTECTED] wrote:
Hi,
Could somebody (probably from developers team) tell me if GMP library
is used in clamav only for CVD file verification or it's wrong
Yes, it is.
assumption ? Is it used in scanning or MD5 signatures support
Tomasz Kojm wrote:
On Thu, 04 Nov 2004 12:12:19 +0100
Bogusaw Brandys [EMAIL PROTECTED] wrote:
Hi,
Could somebody (probably from developers team) tell me if GMP library
is used in clamav only for CVD file verification or it's wrong
Yes, it is.
assumption ? Is it used in scanning or MD5
Bogusaw Brandys schrieb:
No so big, becouse I can use DLL file generated under mingw+Msys using
freshclam sources :-) Anyway libclamav should be ported to MSVC ,
becouse there is no other choice for file system driver development to
implement on-access scanner for Windows NT/XP.
Why? The DDK
On Thu, 04 Nov 2004 14:28:05 +0100
Bogus³aw Brandys [EMAIL PROTECTED] wrote:
A lack of GMP support would be a BIG BUG.
No so big, becouse I can use DLL file generated under mingw+Msys using
I must re-state it: a lack of digital signature verification would be a
terrible shortcoming.
--
50 matches
Mail list logo