[clamav-users] eicar test virus logged twice during daily scan

2015-10-15 Thread c chupela
Centos 6.6,  clam av 0.98.7 I have a cron job setup to do a daily scan, and as a test for developing an alerting mechanism/parsing of logfile, I placed the eicar test signature in /tmp. The scan runs and identifies the file correctly, but it logs it twice as evidenced below:  Is there something

[clamav-users] ClamAV® blog: ClamAV 0.99 Release Candidate has been posted!

2015-10-15 Thread Joel Esler (jesler)
http://blog.clamav.net/2015/10/clamav-099-release-candidate-has-been.html ClamAV 0.99 Release Candidate has been posted! ClamAV 0.99 Release Candidate has been posted for download! Please check out the below release notes: This the first release of ClamAV that is being done on both ClamAV.net

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira
Odd, we run Debian (Jessie) Linux and we see this problem on quite a few of our hosts; nothing obviously relevant seems to have changed on our side. We will keep looking and report back. > On Oct 15, 2015, at 1:15 PM, Steven Morgan wrote: > > Thanks, that is working for me with ClamAV 0.98.7.

Re: [clamav-users] [Clamav-announce] ClamAV® blog: ClamAV.org relaunch, now with on page downloads!

2015-10-15 Thread Joel Esler (jesler)
On Oct 15, 2015, at 4:32 PM, Quanah Gibson-Mount mailto:qua...@zimbra.com>> wrote: --On Thursday, October 15, 2015 9:07 PM + "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: http://blog.clamav.net/2015/10/clamavorg-relaunch-now-with-on-page.html ClamAV.org relaunch, now wi

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Steven Morgan
Thanks, that is working for me with ClamAV 0.98.7. It even worked using http://scanii-assets.s3.amazonaws.com/daily.cvd. What OS and hardware are you using? On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira wrote: > 0.98.7 > > > On Oct 15, 2015, at 8:46 AM, Steven Morgan > wrote: > > > > Rafael,

[clamav-users] ClamAV® blog: ClamAV.org relaunch, now with on page downloads!

2015-10-15 Thread Joel Esler (jesler)
http://blog.clamav.net/2015/10/clamavorg-relaunch-now-with-on-page.html ClamAV.org relaunch, now with on page downloads! Those of you that have visited ClamAV.org recently may have noticed a slight change in our procedures for downloads. For years, we've be

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Alain Zidouemba
Can you paste here the output of running "sigtool -i" against your daily.cvd? Thanks, - Alain On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira wrote: > 0.98.7 > > > On Oct 15, 2015, at 8:46 AM, Steven Morgan > wrote: > > > > Rafael, > > > > I don't see this. Which version of ClamAV are you us

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira
0.98.7 > On Oct 15, 2015, at 8:46 AM, Steven Morgan wrote: > > Rafael, > > I don't see this. Which version of ClamAV are you using? > > Steve > > > On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira > wrote: > >> Howdy folks, we started noticing problems with daily.cvd: >> >> Retrieving h

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 12:19:19 Peter Bonivart wrote: > On Thu, Oct 15, 2015 at 5:55 PM, Gene Heskett wrote: > >> http://sanesecurity.co.uk/foxhole-databases/ > > > > Unfortunatly, nothing seems to be linked, the only thing I can save > > is the web page itself with either iceweasel or chro

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Peter Bonivart
On Thu, Oct 15, 2015 at 5:55 PM, Gene Heskett wrote: >> http://sanesecurity.co.uk/foxhole-databases/ > > Unfortunatly, nothing seems to be linked, the only thing I can save is > the web page itself with either iceweasel or chromium. And I did enable > cookies, in chromium, to no avail. That's ju

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Benny Pedersen
Gene Heskett skrev den 2015-10-15 17:32: Amanda will have them yet for about 29 more days. But they are very very old, with lots newer versions readily downloadable. so amanda is not usefull here Can freshclam be used to keep it up to date? If so, how? yes, but in case dns is spoffed yo

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 11:22:21 Steve Basford wrote: > http://sanesecurity.co.uk/foxhole-databases/ Unfortunatly, nothing seems to be linked, the only thing I can save is the web page itself with either iceweasel or chromium. And I did enable cookies, in chromium, to no avail. I am also

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Benny Pedersen
Gene Heskett skrev den 2015-10-15 17:27: Ok, but how do I keep clamscan from using it, when its clamdscan, scanning the incoming mail via this recipe in my .procmailrc add --official-db-only=yes to clamscan or for clamdscan search for this option in clamd.conf more info in man clamscan VI

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Steven Morgan
Rafael, I don't see this. Which version of ClamAV are you using? Steve On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira wrote: > Howdy folks, we started noticing problems with daily.cvd: > > Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd > > Trying to download http://scanii-asset

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 11:15:54 Benny Pedersen wrote: > On October 15, 2015 5:04:36 PM Gene Heskett wrote: > > So they will be gone from tomoorows scan report. > > no backup ? Amanda will have them yet for about 29 more days. But they are very very old, with lots newer versions readily do

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 11:15:54 Benny Pedersen wrote: > On October 15, 2015 5:04:36 PM Gene Heskett wrote: > > So they will be gone from tomoorows scan report. > > no backup ? > > > Clamav user list, comments please? > > foxhole is 0day signatures, so you find files that match it in > localh

[clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira
Howdy folks, we started noticing problems with daily.cvd: Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd (IP: 54.231.34.41) Downloading daily.cvd [100%] Loading signatures from daily.cvd WARNING: [LibClamAV] cli_par

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Al Varnell
Yes, please try not to bring up any more UNOFFICIAL database issues here. -Al- On Thu, Oct 15, 2015 at 08:03 AM, Gene Heskett wrote: > > Clamav user list, comments please? > Cheers, Gene Heskett smime.p7s Description: S/MIME cryptographic signature _

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Steve Basford
On Thu, October 15, 2015 4:03 pm, Gene Heskett wrote: > Greetings everybody; > > > I added a new, not quite official database to my clamav checker, and this > morning its fussing about several files I have on my web page: > /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz: > Sanesecurity.Foxh

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread J. Tozo
Hi, When you have "UNOFFICIAL" in the Clamav findings, means that a signature was created with a sigtool either for md5 or hex-dump and added manually in the .hdb or .ndb files. I strongly encourage you not to use any database you dont know, because the signatures may be written for a purpouse

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Steve Basford
On Thu, October 15, 2015 4:03 pm, Gene Heskett wrote: > Greetings everybody; > > > I added a new, not quite official database to my clamav checker, and this > morning its fussing about several files I have on my web page: > /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz: > Sanesecurity.Foxh

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Benny Pedersen
On October 15, 2015 5:04:36 PM Gene Heskett wrote: So they will be gone from tomoorows scan report. no backup ? Clamav user list, comments please? foxhole is 0day signatures, so you find files that match it in localhost does not mean its virus ___

[clamav-users] Fwd: Cron /usr/bin/clamscan -i -r /home/gene --exclude-dir=/home/gene/.clamtk/viruses --exclude-dir=/home/gene/src --log=$HOME/.clamtk/history/$(date +%b-%d-%Y).log 2>/dev

2015-10-15 Thread Gene Heskett
Greetings clamav folks; I don't believe the foxhole database is very good at scanning linux stuff. -- Forwarded Message -- Subject: Cron /usr/bin/clamscan -i -r /home/gene --exclude-dir=/home/gene/.clamtk/viruses --exclude-dir=/home/gene/src --log=$HOME/.clamtk/history/$(

[clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
Greetings everybody; I added a new, not quite official database to my clamav checker, and this morning its fussing about several files I have on my web page: /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz: Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND /var/www/html/gene/Genes-os9-stf/print4dw.