Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?

I think having a working URL is better than a non-working. Thank you! Of course, the information on that page is just as outdated (hypothetical) as the previous link had been. According to the information supplied 2 years ago, here a list of actually used signature prefixes:

Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?

, November 23, 2022 8:49 AM To: ClamAV users ML Cc: Andy Schmidt ; cla...@jubileegroup.co.uk Subject: Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category? I cleaned up the code and prepared a PR to assist. Currently in draft and comments are welcome. The code seems

Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?

GWH>> Try replacing the function cli_chkpua() in .../libclamav/readdb.c with << GWH>> Please feel free to correct mistakes in this and push to Github or whatever. << Thanks G.W. for looking into it and testing a potential fix. Unfortunately, I'm not running a self-compiled version, but rather one

[clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?

Dear Arnaud, Unfortunately, while will specifying "Win.Packer" or even "PUA.Win.Packer" will APPEAR to work, the program logic in ExcludePUA is completely faulty (almost arbitrary). Yes, it WILL exclude those two - but the problem is, it will exclude GENERICALLY EVERYTHING ELSE (e.g., ALL

[clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?

Problem 1 - Link in Config Sample is 404! According to the current clamd.conf.sample: # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for the complete list of PUA categories. Problem 2 - What PUA Category covers "Win.Packer.Borland." ?

[clamav-users] PUA Categories vs. reported name?

Here is the official list of PUA categories: https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md So WHICH of these categories is then: PUA.Win.Downloader.Aiis-6803892-0 ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] scanning petabyte-size filesystem

At LEAST for the Windows build of ClamAV there are 2 GB file size limitations (and bugs) due to use of old 32-bit library functions: https://bugzilla.clamav.net/show_bug.cgi?id=12251 I have not encountered the same problem with TB volumes though. -Original Message- From: Kazunori Ohki

[clamav-users] Signatures once again 2 days old

This has become a regular occurrence - but since no one else has mentioned it... according to the automated alerts I am receiving for MY server, the signature updating seems to be stuck again. The "up to date daily.cld" is now 40 hours old. Sun Mar 18 11:42:02 2018 -> ClamAV update process

Re: [clamav-users] Official Windows Build of ClamAV 0.99.4 issues bogus version warning

Thanks Micah - glad to hear it's been identified; that's all that matters. Stuff DOES happen. Have a great weekend. -Original Message- From: Micah Snyder (micasnyd) Sent: Friday, March 9, 2018 12:48 PM To: ClamAV users ML Subject:

Re: [clamav-users] Official Windows Buld of ClamAV 0.99.4 issues bogus version warning

Sent: Friday, March 9, 2018 9:44 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Subject: Re: [clamav-users] ClamAVR blog: ClamAV 0.99.4 has been released! On Thu, 8 Mar 2018, Andy Schmidt wrote: >Nah, Brian, in this case it's actually a bug, albeit a "cosmetic" one. >I ha

Re: [clamav-users] ClamAVR blog: ClamAV 0.99.4 has been released!

Nah, Brian, in this case it's actually a bug, albeit a "cosmetic" one. I have been getting the same misleading error message on every system ever since I upgraded to 0.99.4 - so I suspect many, if not all others, have too: Thu Mar 08 11:46:31 2018 -> WARNING: Local version: clamav-0.99.4

[clamav-users] Daily.cld is >25h old (15 NOV 2017 16:51 EST)

Is 24047 truly the latest - no updates in more than a day? Thu Nov 16 18:29:11 2017 -> freshclam daemon 0.99.2 (OS: win32, ARCH: x86_64, CPU: x86_64) Thu Nov 16 18:29:11 2017 -> ClamAV update process started at Thu Nov 16 18:29:11 2017 Thu Nov 16 18:29:12 2017 -> main.cld is up to date

[clamav-users] FreshClam Mirrors - daily.cld stuck at version: 24010, safebrowsing cdiff missing.

Daily.cld is > 24 hours old (11/2 @ 8:19 AM EDT), Safebrowsing.cld is almost a day old (11/2 @ 1:50 PM EDT). Since then, Freshclam claims that daily.cld is "up to date" (sample log from an hour ago), and neither the US nor the DE mirrors can get to download safebrowsing-46607.cdiff Fri Nov 03

[clamav-users] "ERROR: Malformed database" for local.ign2 with Windows Newlines

I just confirmed that the Windows builds of ClamAV 0.99.2 will fail to start ClamD if a "local.ign2" file exists in the database folder that (naturally) was created under Windows, using the standard Notepad applet. The default newline sequence for Windows is CR+LF. The default newline sequence

Re: [clamav-users] clamav-0.99.2 Installation

Hi David, >> I recently installed ClamWin (ver 0.99.1) from SourceForge << Any reason why you don't just use the official 99.2 Windows installation from the ClamAv website!? Choice of .MSI (standard Windows installer) or .ZIP in 64 bit or 32 bit? http://www.clamav.net/downloads#otherversions

Re: [clamav-users] Using paypal-communication.com for link tracking purposes

>> The domain https://epl.paypal-communication.com is used by Paypal for link tracking purposes in their emails. << There is nothing wrong with PayPal using the domain (or subdomains of) paypal-communication.com as links in their emails. Their HTML emails cannot disguise that link by showing a

Re: [clamav-users] Apparently legitimate Paypal email disguises domain name in links - thus identified as likely phishing

>> The text shown to the user is www.paypal.com but the actual URL being used is https://epl.paypal-communication.com << Agreed - if any email displays a DIFFERENT domain name to the user than the domain name used in the link, then this IS solid reason to unconditionally block an email. It is

Re: [clamav-users] DNS Caching Problem AGAIN with current.cvd.clamav.net?

Hi Al, >> I am not understanding your point here. Where are you seeing an indication that the database had been updated at the time you wrote? The first indication of an update was an email announcing daily 23390 at 8:30am PDT << Good point. I may have incorrectly assumed that no updates for

[clamav-users] DNS Caching Problem AGAIN with current.cvd.clamav.net?

The same problem had been "fixed" a few weeks ago: http://network-tools.com/nslook/Default.asp?domain=current.cvd.clamav.net =16=67.222.132.213=1=53=5000=12=7 current.cvd.clamav.net

[clamav-users] Incorporate Sanesecurity's feed

>> We already distribute some third party feeds into the official database, we have a program for that which can be found on our website. We would love to incorporate Sanesecurity's feed, all they have to do is give us the okay to do it. << Gosh that would be marvelous! I'm quite interested

[clamav-users] No Signature updates for 30 hours?

Hi, I noticed that the list archive had no more messages since 4/28. And according to the FreshClam log, the last signature update is 30 hours old (times below are EDT). Did they finally arrest the last malware author? Sun Apr 30 02:01:06 2017 -> Downloading daily-23343.cdiff [100%] Sun Apr

[clamav-users] Suggestion: Need option to "Block Skipped Files" and Scan Summary to indicate "Skipped files"

file more carefully. b)An appropriate line in the SCAN SUMMARY, e.g.: --- SCAN SUMMARY --- Infected files: 0 Skipped files: 1 Time: 1.610 sec (0 m 1 s) Thank for giving this suggestion your consideration. Best Regards Andy Schmidt