Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Benny Pedersen
On October 15, 2015 5:04:36 PM Gene Heskett wrote: So they will be gone from tomoorows scan report. no backup ? Clamav user list, comments please? foxhole is 0day signatures, so you find files that match it in localhost does not mean its virus

[clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira
Howdy folks, we started noticing problems with daily.cvd: Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd (IP: 54.231.34.41) Downloading daily.cvd [100%] Loading signatures from daily.cvd WARNING: [LibClamAV]

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 11:15:54 Benny Pedersen wrote: > On October 15, 2015 5:04:36 PM Gene Heskett wrote: > > So they will be gone from tomoorows scan report. > > no backup ? Amanda will have them yet for about 29 more days. But they are very very old, with lots newer

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread J. Tozo
Hi, When you have "UNOFFICIAL" in the Clamav findings, means that a signature was created with a sigtool either for md5 or hex-dump and added manually in the .hdb or .ndb files. I strongly encourage you not to use any database you dont know, because the signatures may be written for a purpouse

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Benny Pedersen
Gene Heskett skrev den 2015-10-15 17:27: Ok, but how do I keep clamscan from using it, when its clamdscan, scanning the incoming mail via this recipe in my .procmailrc add --official-db-only=yes to clamscan or for clamdscan search for this option in clamd.conf more info in man clamscan

[clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
Greetings everybody; I added a new, not quite official database to my clamav checker, and this morning its fussing about several files I have on my web page: /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz: Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Steve Basford
On Thu, October 15, 2015 4:03 pm, Gene Heskett wrote: > Greetings everybody; > > > I added a new, not quite official database to my clamav checker, and this > morning its fussing about several files I have on my web page: > /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz: >

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Al Varnell
Yes, please try not to bring up any more UNOFFICIAL database issues here. -Al- On Thu, Oct 15, 2015 at 08:03 AM, Gene Heskett wrote: > > Clamav user list, comments please? > Cheers, Gene Heskett smime.p7s Description: S/MIME cryptographic signature

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 11:15:54 Benny Pedersen wrote: > On October 15, 2015 5:04:36 PM Gene Heskett wrote: > > So they will be gone from tomoorows scan report. > > no backup ? > > > Clamav user list, comments please? > > foxhole is 0day signatures, so you find files that

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 11:22:21 Steve Basford wrote: > http://sanesecurity.co.uk/foxhole-databases/ Unfortunatly, nothing seems to be linked, the only thing I can save is the web page itself with either iceweasel or chromium. And I did enable cookies, in chromium, to no avail. I am also

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Steven Morgan
Rafael, I don't see this. Which version of ClamAV are you using? Steve On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira wrote: > Howdy folks, we started noticing problems with daily.cvd: > > Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd > > Trying to

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Peter Bonivart
On Thu, Oct 15, 2015 at 5:55 PM, Gene Heskett wrote: >> http://sanesecurity.co.uk/foxhole-databases/ > > Unfortunatly, nothing seems to be linked, the only thing I can save is > the web page itself with either iceweasel or chromium. And I did enable > cookies, in chromium, to

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira
Odd, we run Debian (Jessie) Linux and we see this problem on quite a few of our hosts; nothing obviously relevant seems to have changed on our side. We will keep looking and report back. > On Oct 15, 2015, at 1:15 PM, Steven Morgan wrote: > > Thanks, that is working

[clamav-users] ClamAV® blog: ClamAV.org relaunch, now with on page downloads!

2015-10-15 Thread Joel Esler (jesler)
http://blog.clamav.net/2015/10/clamavorg-relaunch-now-with-on-page.html ClamAV.org relaunch, now with on page downloads! Those of you that have visited ClamAV.org recently may have noticed a slight change in our procedures for downloads. For years, we've

Re: [clamav-users] [Clamav-announce] ClamAV® blog: ClamAV.org relaunch, now with on page downloads!

2015-10-15 Thread Joel Esler (jesler)
On Oct 15, 2015, at 4:32 PM, Quanah Gibson-Mount > wrote: --On Thursday, October 15, 2015 9:07 PM + "Joel Esler (jesler)" > wrote:

[clamav-users] eicar test virus logged twice during daily scan

2015-10-15 Thread c chupela
Centos 6.6,  clam av 0.98.7 I have a cron job setup to do a daily scan, and as a test for developing an alerting mechanism/parsing of logfile, I placed the eicar test signature in /tmp. The scan runs and identifies the file correctly, but it logs it twice as evidenced below:  Is there something

[clamav-users] ClamAV® blog: ClamAV 0.99 Release Candidate has been posted!

2015-10-15 Thread Joel Esler (jesler)
http://blog.clamav.net/2015/10/clamav-099-release-candidate-has-been.html ClamAV 0.99 Release Candidate has been posted! ClamAV 0.99 Release Candidate has been posted for download! Please check out the below release notes: This the first release of ClamAV that is being done on both

Re: [clamav-users] Interesting report from clamscan after adding new database

2015-10-15 Thread Gene Heskett
On Thursday 15 October 2015 12:19:19 Peter Bonivart wrote: > On Thu, Oct 15, 2015 at 5:55 PM, Gene Heskett wrote: > >> http://sanesecurity.co.uk/foxhole-databases/ > > > > Unfortunatly, nothing seems to be linked, the only thing I can save > > is the web page itself with

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Alain Zidouemba
Can you paste here the output of running "sigtool -i" against your daily.cvd? Thanks, - Alain On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira wrote: > 0.98.7 > > > On Oct 15, 2015, at 8:46 AM, Steven Morgan > wrote: > > > > Rafael, > > > > I

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira
0.98.7 > On Oct 15, 2015, at 8:46 AM, Steven Morgan wrote: > > Rafael, > > I don't see this. Which version of ClamAV are you using? > > Steve > > > On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira > wrote: > >> Howdy folks, we started