[clamav-users] Secure IOT Devices With ClamAV

Hi ClamAV DevTeam, I would like to appreciate your *great efforts* and* harwork *for* ClamAV Success*. and i'd like to see a bit more efforts from you guys.*.IOT* is a one of the * latest trending technology* the in the current world. it would be so great if we implement* secure IOT *

Re: [clamav-users] Problems with 3rd party sigs

On 31 March 2017 18:45:58 Mark Foley wrote: Per advice on this list, I downloaded and installed the clamav-unofficial-sigs scripts from the link on Sanesecurity. 2. I run a cron'd clamscan job to scan mail folders several time a day. I get the following errors

Re: [clamav-users] MailFollowUrl alternative?

Some ramsomware send an email with a link to download one zip with a excel or word docunent with a macro. This macro download another code and crypt files on pc. I need to scan all possible downloaded file for my custommers... The macro signature is present in clamav unofficial signatures, but i

Re: [clamav-users] MailFollowUrl alternative?

On 31 March 2017 19:14:36 Steven Morgan wrote: Mauro, It is not clear what MailFollowURL did. Have a look at docs/phishsigs_howto.pdf for a description of how to scan for URLs. This may have subsumed MailFollowURL. It did a curl on any urls found in the body and

Re: [clamav-users] ClamAV ScanOnAccess not scanning RHEL7

Remi, This is just a guess in the dark, but I've often encountered issues like that (service doesn't work started from systemd, yet works started from commandline) as a result of some SELinux AVC. Do you have SELinux enabled? And if so, does your test yield the desired result if you

Re: [clamav-users] Problems with 3rd party sigs

They can be ignored. For yara rules, ClamAV currently ignores any containing errors or unsupported features. Steve On Fri, Mar 31, 2017 at 2:30 PM, Mark Foley wrote: > On Fri, 31 Mar 2017 14:01:29 -0400 Steven Morgan > wrote: > > > > Thanks

Re: [clamav-users] Problems with 3rd party sigs

On Fri, 31 Mar 2017 14:01:29 -0400 Steven Morgan wrote: > Thanks Steve. Is then there a way to disable the pe rules or do I just have to ignore these messages? --Mark > Mark, > > The pe import module of yara rules is not currently implemented in ClamAV. > Other

Re: [clamav-users] MailFollowUrl alternative?

Mauro, It is not clear what MailFollowURL did. Have a look at docs/phishsigs_howto.pdf for a description of how to scan for URLs. This may have subsumed MailFollowURL. Steve On Fri, Mar 31, 2017 at 12:34 PM, Mauro Celli wrote: > Hi, > i need to scan link in email, in

[clamav-users] Problems with 3rd party sigs

Per advice on this list, I downloaded and installed the clamav-unofficial-sigs scripts from the link on Sanesecurity. I've not been able to get it running. Two problems: 1. The /etc/cron.d/clamav-unofficial-sigs cron script won't run from crond. I get an email: /bin/sh: clamav: command not

Re: [clamav-users] ClamAV ScanOnAccess not scanning RHEL7

Ah, sorry. Yes, I see the problem now. I'm not certain off-hand what could be causing the discrepancy here. My intuition tells me it's some sort of issue in how the service is getting kicked off, but it may very well be a bug that needs further investigation. If you could provide more details on

[clamav-users] MailFollowUrl alternative?

Hi, i need to scan link in email, in the past i use MailFollowUrl but now is deprecated, There are an alternative to make this test? Thanks ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] False Positive of IObit product by ClamAV

This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com On Mar 31, 2017, at 3:44 AM, Arnaud Jacques / SecuriteInfo.com > wrote: Received this message

Re: [clamav-users] False Positive of IObit product by ClamAV

On Fri, Mar 31, 2017 at 01:10 AM, Steve Basford wrote: > > On Fri, March 31, 2017 8:44 am, Arnaud Jacques / SecuriteInfo.com wrote: >> Received this message : >> >> >> -- Message transmis -- >> >> This is Coco from IObit (www.iobit.com). >> >> >> Your program ClamAV reports

Re: [clamav-users] False Positive of IObit product by ClamAV

Coco You will need to upload at least one of those to in order for an investigation to be opened. -Al- On Fri, Mar 31, 2017 at 12:44 AM, Arnaud Jacques / SecuriteInfo.com wrote: > > Received this message : > > -- Message transmis -- > >

Re: [clamav-users] False Positive of IObit product by ClamAV

On Fri, March 31, 2017 8:44 am, Arnaud Jacques / SecuriteInfo.com wrote: > Received this message : > > > -- Message transmis -- > > This is Coco from IObit (www.iobit.com). > > > Your program ClamAV reports the file RegistryDefragBootTime.exe as > Win.Trojan.Agent-5776271-0

[clamav-users] False Positive of IObit product by ClamAV

Received this message : -- Message transmis -- Objet : False Positive of IObit product by ClamAV Date : vendredi 31 mars 2017, 14:52:42 De : beta feedback Hi ClamAV, This is Coco from IObit (www.iobit.com). Please forward this email to the

Re: [clamav-users] ClamAV ScanOnAccess not scanning RHEL7

Hey Micky Thank you so much for your clear reply. However, I do feel you have missed the mark. I have configured ClamAV to execute a script upon virus detection with the VirusEvent parameter in the config file. This script will move the suspected virus into quarantine, chmod it to 400 and