Hello Clamav Team,
To detect some JS includers, I need to create a signature based on HTML
comment. Here is an example
# cat test.html
I *need* to include the comment tags to avoid false positives. I tried several
signatures :
# cat test.ndb
test:7:*:3c212d2d20546869732069732061206d616c77
On Tue, January 26, 2016 10:49 am, Arnaud Jacques / SecuriteInfo.com wrote:
> Hello Clamav Team,
>
> I *need* to include the comment tags to avoid false positives. I tried
> several signatures : # cat test.ndb
I've seen the same sometimes I've had to end up using type 0, instead
of 3/4/7 whic
Hello Steve,
> I've seen the same sometimes I've had to end up using type 0, instead
> of 3/4/7 which isn't ideal.
Even with filetype 0 this doesn't match :
# cat test.ndb
test:7:*:3c212d2d20546869732069732061206d616c77617265202d2d3e
test:7:*:3c212d2d20746869732069732061206d616c77617265202d2
On Tue, January 26, 2016 11:54 am, Arnaud Jacques / SecuriteInfo.com wrote:
> Hello Steve,
>
>
>> I've seen the same sometimes I've had to end up using type 0,
>> instead of 3/4/7 which isn't ideal.
>
> Even with filetype 0 this doesn't match :
Hi Arnaud,
Can you attach a sample... see if I c
Arnaud:
Did you normalize your file? I.e. Clamscan--leave-temps?
- Alain
-Alain
> On Jan 26, 2016, at 6:55 AM, Arnaud Jacques / SecuriteInfo.com
> wrote:
>
> Hello Steve,
>
>> I've seen the same sometimes I've had to end up using type 0, instead
>> of 3/4/7 which isn't ideal.
>
> Even wit
Hello Alain,
> Did you normalize your file? I.e. Clamscan--leave-temps?
You didn't understand :)
If I normalize the file, the HTML comments are deleted. I need them to create
a signature.
--
Best regards,
Arnaud Jacques
SecuriteInfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfoc
i have seen it do this so many times now that i like to know if its just
me that use it or its known problem
upgrade to 0.99 does not help, currently on the stable gentoo 0.98.7
is there a github version of clamav ?
___
Help us build a comprehensive C
On Tue, January 26, 2016 2:26 pm, Benny Pedersen wrote:
> is there a github version of clamav ?
> ___
https://github.com/vrtadmin/clamav-devel
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
__
If this is still a problem with the most current software on github, please
create a bug report at http://bugzilla.clamav.net.
Please attach samples that result in the crash.
Steve
On Tue, Jan 26, 2016 at 9:26 AM, Benny Pedersen wrote:
> i have seen it do this so many times now that i like to
Hi,
I had a spate of reports about an FP in the SaneSecurity SpearL list. It
included a URL that’s attached by MessaageLabs when it scans outbound mail from
the University of Brighton (which is just over the road from us).
However, the reports that came in referred variously to
Sanesecurity.Sp
On Tue, January 26, 2016 4:21 pm, Ian Eiloart wrote:
> Hi,
>
>
> I had a spate of reports about an FP in the SaneSecurity SpearL list. It
> included a URL thatâs attached by MessaageLabs when it scans outbound
> mail from the University of Brighton (which is just over the road from
> us).
Hi Ian
I have rolled out clamd to a handful of Red Hat systems and they all seem
to have high CPU usage when clamdscan runs at 2am. The rest of the day,
clamd drops down to minimal usage. There isn't a lot of change on these
systems so I can't imagine it's finding much, but it really pegs the CPU's.
What
On 2016-01-26 16:46, Steven Morgan wrote:
If this is still a problem with the most current software on github,
please
create a bug report at http://bugzilla.clamav.net.
Please attach samples that result in the crash.
this is the hard part if not recieved
i have added clamav- now to fidon
Hi there,
On Tue, 26 Jan 2016, Benny Pedersen wrote:
i have seen it [crash] so many times now that i like to know if its
just me that use it or its known problem
It might just be you.
I've been using clamav-milter on various mail servers for more than a
decade and I can't remember ever seein
test.html
THIS IS A MALWARE
Test signatures:
this is a malware
This is a malware
test.ndb
test1:3:*:3c212d2d20546869732069732061206d616c77617265202d2d3e
test2:3:*:3c212d2d20746869732069732061206d616c77617265202d2d3e
test3:3:*:20746869732069732061206d616c7761726520
test4:3:*:205468697
What's "high cpu" in this instance ... you should expect system resources
to be consumed when the on-demand scans run, are you seeing high load
averages, what are you using to diagnose high cpu, is it simply a per core
spike?
On Jan 26, 2016 13:27, "Jeff Johnson" wrote:
> I have rolled out clamd
The "nice" utility is your very best friend. It yields CPU time to other
operations but will run like crazy of nothing else is a higher priority. Clam is
a disk IO heavy process for obvious reasons, and can drive disk waits up quite
high. It is also CPU intensive but should occupy a single core.
17 matches
Mail list logo
