Re: [clamav-users] Clamav error using YARA

Hello again, On Mon, 11 Nov 2019, Philippe Lefèvre wrote: thanks for your post Ged. You're very welcome. :) ... it seems that neither Clamav nor Maldet installed on my Debian box have the right rfxn.* files I'm not familiar with these programs but I would like to understand if clamav is

Re: [clamav-users] clamd onaccess scanning NFS

Mark Parker via clamav-users wrote: Hi all,     I'm investigating clamav as a solution for a couple hundred linux boxes. We need onaccess scanning but I'm running into an issue. For clamd to do onaccess scanning it needs to be run as root to use the inotify components, but since we export

Re: [clamav-users] clamd onaccess scanning NFS

Hi there, On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote: On 11/11/2019 12:05 PM, G.W. Haywood via clamav-users wrote: On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote: ... need onaccess scanning but .. clamd .. doesn't have permissions to view a user's home directory

Re: [clamav-users] Clamav error using YARA

Hi all, thanks for your post Ged. I have a maldet 6.1.4 installed under /usr/local: #maldet -version === Linux Malware Detect v1.6.4     (C) 2002-2019, R-fx Networks     (C) 2019, Ryan MacDonald This program may be freely redistributed under the terms of the

Re: [clamav-users] clamd onaccess scanning NFS

Well, I don't want to change permissions on 30 million files to make this work. Seems like the wrong thing to do. On 11/11/2019 12:05 PM, G.W. Haywood via clamav-users wrote: Hi there, On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote: ... need onaccess scanning but .. clamd ..

Re: [clamav-users] clamd onaccess scanning NFS

Hi there, On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote: ... need onaccess scanning but .. clamd .. doesn't have permissions to view a user's home directory contents. Am I missing something? Group read? -- 73, Ged. ___ clamav-users

[clamav-users] clamd onaccess scanning NFS

Hi all,     I'm investigating clamav as a solution for a couple hundred linux boxes. We need onaccess scanning but I'm running into an issue. For clamd to do onaccess scanning it needs to be run as root to use the inotify components, but since we export our NFS volumes with root_squash, it

Re: [clamav-users] Clamav error using YARA

Hi there, On Mon, 11 Nov 2019, Philippe Lefèvre wrote: # grep -n is__elf /var/lib/clamav/rfxn.yara 9112:    is__elf and all of ($s*) Maybe this will help: https://www.rfxn.com/downloads/maldetect-current.tar.gz 8<--

Re: [clamav-users] Clamav error using YARA

I'm not entirely familiar with yara, but based on https://yara.readthedocs.io/en/latest/modules/elf.html , there is no such function as "is__elf". Based on a whole search in the yara doc, there's only is_dll, is_32bit and is_64bit. Further googling shows this:

Re: [clamav-users] Clamav error using YARA

Hello, thanks for your reply :-) here is: = # grep -n is__elf /var/lib/clamav/rfxn.yara 9112:    is__elf and all of ($s*) = Le 11/11/2019 à 01:02, G.W. Haywood via clamav-users a écrit : grep -n is__elf