Re: [clamav-users] Question about ClamAV

spam_marketing.ndb from SecuriteInfo.com are good enough to protect mailboxes, because Win32 malwares are not spreaded by mail nowadays. In any other case (system protection, HTTP scanning, file hosting, etc...) you have to get Clamav official + 3rd party signatures for a maximum detection. -- Best r

Re: [clamav-users] Question about ClamAV

rimental way. ClamAV > Performance better than earlier now. To be clear : The signature databases provided by SecuriteInfo.com have to be used *with* the official ones from Clamav. The aim of our signature databases is *not* to replace official ones from Clamav. -- Best regards, Arnaud Jacques S

Re: [clamav-users] Custom database

rrors, including typo errors. Please try this : $ sigtool --md5 * > /home/test/Documents/CustomDB.hdb Then /Downloads/exe$ clamscan -r -d /home/test/Documents/CustomDB.hdb -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom

Re: [clamav-users] No Signature updates for 30 hours?

23346 has been published today morning. It seems you have a few updates late. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ clamav-users m

[clamav-users] False Positive of IObit product by ClamAV

Received this message : -- Message transmis -- Objet : False Positive of IObit product by ClamAV Date : vendredi 31 mars 2017, 14:52:42 De : beta feedback Hi ClamAV, This is Coco from IObit (www.iobit.com). Please forward this email to the person who may concern. This

Re: [clamav-users] Reporting malware/false negatives

Hello Alex, > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. Could you please send it to webmas...@securiteinfo.com too ? Thank you. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook :

Re: [clamav-users] Corrupt database and failure to start

d > /var/lib/clamav/clamav-a0e1b3646bf0af582c18764ec2fd4 This night I has upload failure for securiteinfo.hdb resulting a corrupted file. This is resolved now. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/1328725234922

Re: [clamav-users] signature memory use

Steve, > Time: 86.344 sec (1 m 26 s) That's why we should use clamdscan instead of clamscan. Clamscan reload all databases each time, this takes too much time. Btw, what was the CPU for this test ? -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.c

Re: [clamav-users] signature memory use

s :) -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/l

Re: [clamav-users] with main.cvd clamscan dead slow

Selçuk, > in redhat El 6 version thereis no clamdscan command . It is in the "clamd" package. http://rpm.pbone.net/index.php3/stat/4/idpl/34508318/dir/redhat_el_6/com/clamd-0.99.2-1.el6.x86_64.rpm.html -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www

Re: [clamav-users] with main.cvd clamscan dead slow

Hello Selçuk, > when i try to run clamscan for single file on tmp folder it takes 12 > minutes !!! Please use clamdscan. How many time it takes to scan the same file ? -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523

Re: [clamav-users] clamd restart

s when javascript.ndb has more than 50k lines. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ clamav-users mailing list clamav-users@lists.clamav.ne

Re: [clamav-users] How to Mass Submit Virus Samples?

Hi Joel, > But if you are willing to send us samples, we can get you set up as a mass > submitter, and you can mail them to us. What is the mail for mass submission ? Can we email a whole ZIP archive or should we send malwares one by one by email ? -- Best regards, Arnaud J

Re: [clamav-users] Slow database loading

s problem resolved. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.ne

Re: [clamav-users] Build ClamAV from Source for Android

Hello, > Does anybody even provide signatures for android malware? We (SecuriteInfo.com) provide 85000+ signatures for Android malwares. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfo

Re: [clamav-users] Slow database loading

Yes, maybe javascript.ndb too big for your VM. Can you remove it and retry please ? -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ clamav-u

[clamav-users] Swizzor ?

Hello, Does Swizzor detection still maintened ? I cannot see option to enable swizzor detection in clamscan --help or https://github.com/vrtadmin/clamav-devel/blob/master/etc/clamd.conf.sample -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages

Re: [clamav-users] Encrypted Word doc/phishing attack

rus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ Help us build a comprehen

[clamav-users] Community-sigs mailing list down ?

Community-sigs mailing list down or is it just me ? I tried to send an email with no result. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom

[clamav-users] Mail file not recognized as mail

Hello, A mail file is not recognized as mail, but ascii by clamscan. Clamdscan recognize it as mail. This is good ! This looks like a bug. A sample has been submitted. MD5 of submitted sample is ca13562c8f8d1ce581c627d9a007f6a0 -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook

Re: [clamav-users] Sigtool parsing issues

up > > To note, the document opens fine in Microsoft Word, and oletools has no > issues dumping out the macros. Maybe related to https://github.com/vrtadmin/clamav-devel/commit/dbd2653d835b5446aed780112d376f5b2596519f See this in the next version of Clamav. -- Best regards, Arnaud Jacq

Re: [clamav-users] ClamAV(R) blog: CRDF Joins the ClamAV Signature Partner Program!

Hello Alain, > If you could > be so kind to point them out, we'll let you know what their status is. I have sent a few email @community-sigs to point them out. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

> * Joel Esler (jesler) : > > http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html > > Are these signatures already active? Yes, since a few days -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

? If yes, the minimum is to provide news for sigmakers that sumbit their signatures (time and efforts) to community-sigs to be included in official Clamav databases. > Protecting customers is a good thing. We're always going to try and do > that. We (third parties) do

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

e final user have the choice to include them or not. > Not everyone uses ClamAV on the command line to scan mail. Not everyone > uses it on *nix. Our user base is gigantic, and spreads over nearly every > platform we've ever seen. Our signatures are good for other platfor

Re: [clamav-users] Supported Operating Systems

h with your OS version ? -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/

Re: [clamav-users] Supported Operating Systems

Hello, > Can you tell me … Can I install ClamAV to a server so that it is accessible > via HTTP? Id like to do scans from http. Mod_clamav for Apache. http://software.othello.ch/mod_clamav/ But I don't know if it compiles on HP-UX. -- Best regards, Arnaud Jacques SecuriteInfo.co

[clamav-users] fake mp3, real malware.

em is this ascii malware cannot be normalised, but it should be. The sample has been sent to http://www.clamav.net/reports/malware md5sum of malware sent is : 023bff926f5852ba0e58a72c10e77f2a -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/Secur

[clamav-users] A few signatures to remove from main.hdb

:92acc109223088b49312971c5fc8d5b5:10:Win.Trojan.Concon-4 main.hdb:478ece4c404ce1eddefe07f9b6f59bda:20:Win.Trojan.Delwin-25 main.hdb:b354aada5dc6a59ad42eb43688e5fa7d:22:Win.Trojan.Delwin-29 ... and replace them with ndb version, file type 7. It could detect much more variants. -- Best regards, Arnaud Jacques

Re: [clamav-users] clamav not in debian ?

ING: Local version: 0.99 Recommended version: 0.99.2 This has been discussed on debian-user mailin list : https://lists.debian.org/debian-user/2016/05/msg00953.html -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter

Re: [clamav-users] clamav not in debian ?

Hello, > clamav is not in the standard debian jessie repository? Yes it is : https://packages.debian.org/jessie/clamav -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfo

Re: [clamav-users] signature processing order

st regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] signature processing order

d use less RAM should be a priority. Am I wrong ? -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ Help us build a comprehensive ClamAV guid

Re: [clamav-users] signature processing order

ion. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

eck this too : https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @Sec

[clamav-users] sigtool reports an error

ctory /var/lib/clamav/daily.cld ERROR: listdb: Error listing database /var/lib/clamav/daily.cld Tested on 3 different servers. /tmp is not full. sigtool -V ClamAV 0.99/21492/Thu Apr 14 04:35:17 2016 Any clue ? -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/

Re: [clamav-users] Clamav cannot detect a malware using a signature based on html comment

Hello Alain, > Did you normalize your file? I.e. Clamscan--leave-temps? You didn't understand :) If I normalize the file, the HTML comments are deleted. I need them to create a signature. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.c

Re: [clamav-users] Clamav cannot detect a malware using a signature based on html comment

8.7 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 0.004 sec (0 m 0 s) -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286

[clamav-users] Clamav cannot detect a malware using a signature based on html comment

ascii, etc) but keeps the html comments. On my side, a signature is ready to detect hundreds of thousands of JS.Includer. I'm ready to publish it in the official Clamav database when this new engine feature is ready. This could greatly improve Clamav detection ratio. -- Best regards, Arnaud J

Re: [clamav-users] Detection in windows but not Linux

Hello Kurt, > is detecting as PHP.Shell-83, For me PHP.Shell-83 is wrong. It contains 0d0a. It means it has been created with a non-normalized ascii file. I guess it should be corrected. Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfo

Re: [clamav-users] DB update and clamav-milter delay

Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : https://twitter.com/SecuriteInfoCom ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/cla

Re: [clamav-users] /var/lib/clamav/lmd.user.hdb

db, which > symlinks to /usr/local/maldetect/tmp/.runtime.user.19086.hdb, which does > not exist. > > Any clues on this? Juste delete the missing symlinks and restart Clamav. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/1328725234

Re: [clamav-users] Freshclam problem

Port 80 is http. So I believe the problem is not certificate related. Btw, if you use a real browser, like firefox for PC, you will see my certificate have green bar, with no warning. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/

Re: [clamav-users] Freshclam problem

-- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : https://twitter.com/SecuriteInfoCom ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-

Re: [clamav-users] problem reading socket while updating database

cial Clamav databases. Furthermore, I think this is a bad idea to lower detection ratio due to a hadware limitation. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : https://twitter.com/SecuriteInfoCom _

Re: [clamav-users] Using clamscan with multiple cores

ll be run. So it will load 8 instance of signature databases into RAM. The best settings I use in my script is : ls -d bin/* |parallel clamdscan -m --no-summary {} >yourlogfile.txt As far as I know, it is faster than clamdscan -m bin/* -- Best regards, Arnaud Jacques SecuriteInfo.com Face

[clamav-users] SecuriteInfo.com now provides 0-day malware signatures for Clamav

moved in a few weeks. Don't hesitate to send me your feedbacks off list at webmas...@securiteinfo.com -- Best regards, Arnaud Jacques SecuriteInfo.com https://www.facebook.com/pages/SecuriteInfocom/132872523492286 ___ Help us build a comprehens

Re: [clamav-users] Can clamscan report the file extension?

xt > > In this case, should I rely on the first line of output? Short answer : Yes ! Long answer : PDF are containers like zip, rar, tar, etc... Different kind of files are emmbedded wintin. So the first ligne is the real file format (=file extension) -- Best regards, Arnaud Jacques Secur

Re: [clamav-users] Can clamscan report the file extension?

2>&1|grep "Recognized" -- Best regards, Arnaud Jacques SecuriteInfo.com https://www.facebook.com/pages/SecuriteInfocom/132872523492286 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] About new samples at clamav website.

P file with password : infected I will include them for my alternative signatures https://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml -- Best regards, Arnaud Jacques SecuriteInfo.com https://www.facebook.com/pages/SecuriteInfocom/132872523

Re: [clamav-users] https support for freshclam

My idea is not replacing HTTP with HTTPS. It is just adding support for HTTPS to freshclam. Many website have switched from HTTP to SSL in the last years. I guess this is the natural evolution of the web. This is my opinion. -- Best regards, Arnaud Jacques SecuriteInfo.com _

[clamav-users] https support for freshclam

r web servers. It could be a good idea if freshclam support this protocol. What do you think ? -- Best regards, Arnaud Jacques SecuriteInfo.com ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clama

Re: [clamav-users] url scanner

URLs. May be a good start. -- Best regards, Arnaud Jacques SecuriteInfo.com ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fwd: What is the signature count?

b 4509 securiteinfodos.hdb 66930 securiteinfohtml.hdb 4264 securiteinfooffice.hdb 6222 securiteinfopdf.hdb 404 securiteinfosh.hdb 1256 securiteinfoelf.hdb 377 honeynet.hdb 2055 spam_marketing.ndb Total : 417204 -- Best regards, Arnaud Jacques SecuriteIn