Re: [clamav-users] Newbie ClamAV install

2016-07-27 Thread Al Varnell
What platform, OS and purpose are you pursuing? Have you browsed the documentation: “Installing ClamAV" -Al- On Wed, Jul 27, 2016 at 09:16 AM, Freddy Allen wrote: > > Are there any instructions to securely guide setting up the clamav user, > and group, as

[clamav-users] Clamd is looking into the wrong database directory

2016-07-27 Thread Support Safe-Mail.nl
I have a server (RHEL 6 Enterprise) running with Amavis and ClamAv which worked fine. Today i did an update of the packages and clamav was one of them. After a reboot (kernel) it doesn't work anymore and now i get tens of clamscan processes which eats my CPU power in no time. So i tried to

Re: [clamav-users] Yara and base64 encoded body

2016-07-27 Thread G.W. Haywood
Hi there, On Wed, 27 Jul 2016, kinoez wrote: ... I want ... to run yara on entire message ... Have you looked at MIMEDefang? You can do more or less whatever you want if you can write Perl scripts. -- 73, Ged. ___ Help us build a comprehensive

[clamav-users] Newbie ClamAV install

2016-07-27 Thread Freddy Allen
Are there any instructions to securely guide setting up the clamav user, and group, as the installation prerequisite? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Connection Refused error

2016-07-27 Thread Matus UHLAR - fantomas
On 26.07.16 12:23, Ravi Maddi wrote: We are trying to avoid installing clamd in developers workstations and instead let the integration server scan email attachments for this web application we are building. install clamav on mailserver then... Is there any configuration change that lets my

Re: [clamav-users] Yara and base64 encoded body

2016-07-27 Thread kionez
#include // created 27/07/2016 10:28 [cut] > I seem to remember hitting that issue. I wrote something similar in 13/04 [1] (and here's the patch result [2]) but this request is "different". I want (if it is possibile, obiuvsly ;) ) to run yara on entire message, using rules which match

Re: [clamav-users] Yara and base64 encoded body

2016-07-27 Thread Steve basford
Hi, If it helps, could you email the YARA rule and test email offlist and I'll have a quick look. I seem to remember hitting that issue. Cheers, Steve Web: sanesecurity.com Twitter: @sanesecurity On 27 July 2016 08:35:53 kionez wrote: Hi all, I'm using custom Yara

[clamav-users] Yara and base64 encoded body

2016-07-27 Thread kionez
Hi all, I'm using custom Yara rules to detect many kind of spam directed to my customers, it's very effective and gives me many ways to intercept localized messages (i.e.: spam in italian and french). Lately those spammers are using base64 encoding in Subject: and body part, making ineffective