Hi Alex... do you have libunrar
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On Tue, November 17, 2015 11:56 am, ellanios82 wrote:
> On 11/17/2015 12:46 AM, Joel Esler (jesler) wrote:
>
>> Please submit false positive reports on the website.
> - thanks : did try but failed , due my PC runs Linux : ClamAV
> webpage RadioButtons stuck : cannot change from Windows to Linux
On Wed, November 4, 2015 6:03 am, P K wrote:
> Hi,
>
>
> I tried clamdscan with PUA enabled on go source code and seen an error.
>
issue6550.gz: PUA.File.Exploit.CVE_2012_1461
https://www.virustotal.com/en/file/c809983cf1b4f11552a1880272e3002a963a39c453b4883bf47e5c2cfc8f2a47/analysis/1446632226/
On Fri, October 30, 2015 8:07 am, Deyan Chepishev wrote:
> Hello,
>
>
> Thank you for the answer.
>
>
> There is probably something missing in the doc, because the signature is
> not properly working with the current clamav release 0.98.7
>
I confirm the same here...
I think it was a bug that's
On Wed, October 28, 2015 1:25 pm, Urban Loesch wrote:
> Hi,
>
>
> today I moved my clamav-milter and clamd installation (linux container)
> to a brand new hardware. Know I get this strange errors in the log any 3-5
> minutes.
>
Did a quick google...
On Thu, October 15, 2015 4:03 pm, Gene Heskett wrote:
> Greetings everybody;
>
>
> I added a new, not quite official database to my clamav checker, and this
> morning its fussing about several files I have on my web page:
> /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz:
>
On Wed, October 14, 2015 7:23 am, Hartmann, Jan wrote:
>
>
> Hi,
> Today we had a lot problems with exe files hidden in zip archives
>
>
> I tried to add the foxholedb to our clamav, but sadly it didnât
> recognize the exe in the zip.
>
>
> clamscan
On Wed, October 14, 2015 7:37 am, Rajesh M wrote:
>
> Sanesecurity.Foxhole.7z:CL_TYPE_7Z
> Sanesecurity.Foxhole.Rar:CL_TYPE_RAR
etc..
Hi rajesh,
Yep, the above will work... but could cause high FP's for some people
which they might find unacceptable, depending on their setup.
If anyone has a
Hi kris,
I added a sig to detect some of these in phish.ndb.
If you send me some samples I'll have a look to see if it matches.
On 8 October 2015 17:14:58 Kris Deugau wrote:
I've been seeing Javscript malware on and off where (one layer of) the
Javascript obfuscation is
On Tue, September 29, 2015 9:15 am, Marco wrote:
> I tried to relax the upgrades, but I see the problem is the time spent
> to reload the db:
>
> 2015-09-29T01:03:15.710526+02:00 av2 clamd[15201]: Reading databases
> from /var/lib/clamav 2015-09-29T01:03:53.151179+02:00 av2 clamd[15201]:
>
Just spotted this go report https://twitter.com/hanno/status/642067768616046592
Anyone else seeing issues:
https://www.reddit.com/r/sysadmin/comments/3kg08m/gmail_flagging_company_docs_as_viruses_when/
___
Help us build a comprehensive ClamAV guide:
On Thu, August 13, 2015 9:11 pm, Paul wrote:
Hi
A patch for current 0.98.7 would be much appreciated. As a simple
network outage at the wrong time causes havoc with several systems.
Paul
Hi Paul,
Just in case this helps...
On Tue, August 11, 2015 9:31 pm, Benny Pedersen wrote:
http://sanesecurity.com/ is a wordpress site that is infacted with
mailware popups :(
Ok, sweetcaptcha plugin removed.
For the technically interested...
On 11 August 2015 21:31:40 Benny Pedersen m...@junc.eu wrote:
there is download scripts that automate this, ironical
http://sanesecurity.com/ is a wordpress site that is infacted with
mailware popups :(
Everything is kept up-to-date wordpress and plugins wise but think I've
identified the
On Mon, August 10, 2015 10:58 am, kamil kapturkiewicz wrote:
Hi,
I am trying to configure Scan On Access with ProFTPD server to block
acccess to file (not only mark as FOUND):
Not my area but Found this from an archive...
--
You could write a virusevent script, put VirusEvent
Could you resend to:
samp...@sanesecurity.me.uk
On 8 August 2015 10:08:47 sebast...@debianfan.de sebast...@debianfan.de
wrote:
Hi @all,
i have 37 Files - which are not detected by clamav.
___
Help us build a comprehensive ClamAV guide:
Just in case it's useful...
Original Message
Subject: [sanesecurity] Hacking Team detection
From:Steve Basford steveb_cla...@sanesecurity.com
Date:Fri, August 7, 2015 9:43 am
To: sanesecurity_annou...@freelists.org
Cc
On Tue, July 28, 2015 3:27 pm, P K wrote:
a3e8a7602797c69f6320225e8137d063 exploit.pdf
ClamAV isn't showing detection here:
https://www.virustotal.com/en/file/61c9333604404addf7e3aaf97f89d4ed3bf6fe4d12bd3e98bc7232ebfd9f0c5b/analysis/
But does detect using PUA:
ClamAV: Possibly Unwanted
On Tue, July 28, 2015 3:41 pm, P K wrote:
So how to detect same in my clamAv?
Until a proper sig is added, you could try
clamscan --detect-pua=yes
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
___
Help us build a
On Tue, July 21, 2015 3:55 pm, Jörg Stephan wrote:
Hi there,
I guess you know that a team has released a tool to check for HackingTeam
files. The provided a test tool including the file hashes of the files.
As I am seem to be under-skilled to create a database for this, I will
hand this
On Wed, July 8, 2015 9:30 pm, Jingo Administrator wrote:
I am planning to drop the SecuriteInfo.com signature libraries first,
because these were the last I added and after that the issue began to pop
up.
I am planning to drop the SecuriteInfo.com signature libraries first,
because these
On Thu, July 9, 2015 11:11 am, Arnaud Jacques / SecuriteInfo.com wrote:
Thank you for the benchmarks Steve.
We are aware of this problem. With more than 1 million signatures, it
takes too much ram/cpu on lower hardware systems. ATM, we mainly focus on
javascript.ndb and securiteinfohtml.hdb
On Thu, June 25, 2015 10:50 pm, Steven Morgan wrote:
Steve,
One more question: is Sansecurity planning to distribute yara signatures
when 0.99 final is released? This will help with appropriate scheduling of
any parameter implementations.
Well, there's a new download script with Yara
Couple of pre-coffee questions...
1)
From what I can tell Yara signature names will be generated based on
the yara rule name provided...
eg:
testname.yara:
rule Sanesecurity.test
{
strings:
$match1 = test
$ignore1 = this1
$ignore2 = this2
condition:
$match1 and not ($ignore1 or $ignore2)
}
Hi,
Wasn't sure if this should be a bugzilla or not but...
daily.ftm seems to be out-of-sync with the latest filetypes_int.h
Eg, 4546492050415254 is missed and a few of the newer ones.
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
On Thu, June 11, 2015 3:51 pm, Steven Morgan wrote:
We've borrowed the yacc/lex code from yara project.
Hi,
Does that mean ClamAV will support this condition in the current beta:
$match1 and not ($ignore1 or $ignore2)
I'll wait to test once windows binary beta arrives... or find a bit
of
On 11 June 2015 20:41:13 Alain Zidouemba azidoue...@sourcefire.com wrote:
This has been supported since the introduction of logical signatures (ldb)
in ClamAV 0.94.
Yep, I'm already using the ldb feature but a yara rule using the feature
would make things easier to auto generate mostly,
On 11 June 2015 16:37:09 Steven Morgan smor...@sourcefire.com wrote:
Steve
Here is a quick demo for your question. The file names in this test are the
same as the file content:
rule basford
{
strings:
$match1 = bbb
$ignore1 = n
$ignore2 = zbcz
condition:
$match1 and not
Hi Tom,
I certainly don't see why Yara rules aren't going to be rsynced, I'll chat
with you off list.
On 5 June 2015 16:33:16 TR Shaw ts...@oitc.com wrote:
Steve I have my own yara rules. Are you going to accept them for rsync?
Tom
On Jun 5, 2015, at 11:02 AM, Steve Basford steveb_cla
On Wed, June 3, 2015 8:02 pm, Joel Esler (jesler) wrote:
ClamAV 0.99b Meets YARA!
The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99
Since this is such a large feature, please help us by downloading, using,
and testing this feature and reporting bugs via our usual
On Fri, May 22, 2015 4:32 pm, sebast...@debianfan.de wrote:
Are there any specialties die Sendung samples - f.e. zipping with
password ?
You can zip with password infected if you need to...but not 100% needed.
or maybe use http://free.mailbigfile.com/
Cheers,
Steve
Web : sanesecurity.com
Hi All,
Just in case this is useful to anyone:
Adrian of extremeshok-dot-com has forked Bill Landry's
clamav-unofficial-sigs script and made quite a few new changes to the
script:
Original Message
Subject: [sanesecurity]
On Wed, May 13, 2015 5:49 am, Dmitry Melekhov wrote:
Hello!
We are using clamav for years fo e-mail virus filtering, and it worked
OK for us,
but last several weeks we found that clamav doesn't recognize many viruses
like js, or xls macros. I submitted one of viruses several weeks ago, but
On Fri, April 24, 2015 8:38 am, Alessandro Vesely wrote:
Hi,
I've been getting these log it's for a couple of days now:
Clamscan reports Sanesecurity honeynet.hdb database integrity tested BAD
- SKIPPING
See this post:
http://lurker.clamav.net/message/20150423.072453.3394b584.en.html
Just a heads up for Bill Landry's ClamAV Unofficial
Signatures Updater script users
Original Message
Subject: securiteinfo problems
From:Steve Basford steveb_cla...@sanesecurity.com
Date:Thu, April 23, 2015 8:24 am
On Thu, April 23, 2015 12:03 pm, Rajesh M wrote:
i am using foxhole_all.cdb foxhole_filename.cdb foxhole_generic.cdb but
does not work
how do i block .cab extension even if they are within zip or rar or 7z
files.
Hi Rajesh
In your sample...a-to-z_moving_and_delivery.zip
Using database
On Thu, April 23, 2015 12:03 pm, Rajesh M wrote:
how do i block .cab extension even if they are within zip or rar or 7z
files.
thanks
Hi Rajesh
Can you zip all the zips up, with password infected and email to:
samp...@sanesecurity.me.uk
Cheers,
Steve
Web : sanesecurity.com
Blog:
On Thu, April 16, 2015 2:50 pm, sanes wrote:
The following exclude does not work (the scan will check the file)
clamscan -r --exclude=c:\Windows\System32\mobsync.exe c:\
Please advise why exclude not working
This works... don't think you can use a path...
C:\clamavclamscan
On Tue, April 14, 2015 6:34 pm, sanes wrote:
Please advise how to use a Text File with a list of Files to Exclude from
clamscan (Windows Version).
Have only found postings with Unix-type solutions
clamscan --exclude='text file containing list of files'
Not ideal but this sort of thing
On Tue, March 24, 2015 9:40 pm, Steve Holdoway wrote:
Hi folks,
I'm in the process of cleaning up an infected wordpress website and am
finding a number of files that contain
Shouldn't this be in there already? If there is a process to add this
can someone please point me to the docs?
Hi
Sorry for the post but being hit hard with these atm...
Original Message
Subject: remittance-advice xml malware
From:Steve Basford steveb_cla...@sanesecurity.com
Date:Wed, March 4, 2015 11:17 am
To: sanesecurity_annou
Hi All,
EquationAPT is in the news... so in case this is useful...
copy the following to EquationAPT.hdb:
03718676311de33dd0b8f4f18cffd488:376320:Sanesecurity.Rogue.EquationAPT.1
0a209ac0de4ac033f31d6ba9191a8f7a:184320:Sanesecurity.Rogue.EquationAPT.2
Hi,
Can anyone confirm...
In one of the latest source files:
+ \end{itemize}
+ \item For more information and examples please see
\url{https://wwws.clamav.net/bugzilla/show_bug.cgi?id=164}.;
The urls:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=164
and https://www.clamav.net/ for
On Mon, February 9, 2015 11:03 am, Al Varnell wrote:
Yes, Im seeing the same thing with Safari for OS X. I also get an
expired 22 Oct 2014 certificate for the wwws.clamav.net/bugzilla site.
Hi Al,
Thanks for the confirmation.
Cheers,
Steve
Web : sanesecurity.com
Blog:
On Thu, February 5, 2015 8:46 am, Virgo Pärna wrote:
Recently I have received some viruses that have scr inside zip
arhcive inside zip archive. And also there have been some cab's containing
exe files.
Might be worth having a look here too...
http://sanesecurity.com/foxhole-databases/
On Thu, February 5, 2015 9:30 am, Virgo Pärna wrote:
On Thu, 5 Feb 2015 09:11:16 -, Steve Basford
It does not match urls inside the
mail content. Also, since regexes are actually case sensitive, it does not
match *.EXE. So there's that.
Hi Virgo,
(?i) will sort that case bit out...
eg
I created exe_in_archive.cdb file in clamav database directory, that
contains:
Archived_EXE:*:*:.*\.exe:*:*:*:*:*:*
For got to add that the above sig, as you are using a *wildcard*
ContainerType, means that any exe in the following types will be blocked:
ContainerType: one of CL_TYPE_ZIP,
On Tue, December 23, 2014 6:35 pm, Alex Regan wrote:
I'd appreciate any further documents or other methods of protection that
people are using to block these?
ClamAV and Sanesecurity signatures will help block malware which is
emailed in, which can then download exploit packs, some of which
On Thu, December 18, 2014 2:29 pm, polloxx wrote:
Since more and more malware is not attached to a mail but only an url to
it, detecting it is challenge. Is there any good url scanner avalable for
Clamav?
Millions of years ago...there used to be a clamd.conf MailFollowURLs Yes
option, which
On Tue, December 9, 2014 1:23 pm, polloxx wrote:
We have the same problem with signatures we want to whitelist. Was this
problem ever solved?
Hi,
What sig name are you whitelisting?
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive
On Tue, December 9, 2014 1:33 pm, polloxx wrote:
% cat local.ign2
SecuriteInfo.com.Spammer.ec-messenger.com.UNOFFICIAL
SecuriteInfo.com.Spammer.addemar.com.UNOFFICIAL
Ah, ok...remove the .UNOFFICIAL off the end and restart clamd.
Cheers,
Steve
Sanesecurity.com
On Mon, November 24, 2014 11:21 am, stephen.b...@tanint.com wrote:
I'm hoping someone can shed some light on an issue I'm experiencing...
Seem to remember a post a while ago... to do with AllowSupplementaryGroups ?
clamd.conf...
AllowSupplementaryGroups true
Cheers,
Steve
On Fri, October 10, 2014 7:05 am, Prasanna Lotke wrote:
Can anyone tell me how many signatures does Clam virus database have? Or
how many malwares can it detect?
Not had coffee yet but here's a quick summary of counts
Current Official:
main.cld is up to date (version: 55, sigs:
On Tue, September 23, 2014 12:44 pm, Thorvald Hallvardsson wrote:
Anyone would like to point me into the right direction and help me out
with the problems I'm having ?
Report as an FPs here:
http://cgi.clamav.net/sendvirus.cgi
ClamAV team will need to add hosts to the daily.wdb database to
On Thu, September 18, 2014 5:59 am, Paul Kosinski wrote:
When ClamAV was independent, every new release had an updated
main.cvd, and the daily.cvd files were of modest size. Now the whole
0.98.x
series has the same main.cvd, and the daily.cvds keep getting bigger. The
immediately previous
On Wed, September 17, 2014 1:53 pm, James Meason wrote:
Uploaded! (Zip.Suspect.MiscDoubleExtension-zippwd-4 FOUND)
Hi James,
ClamAV team have created a signature which helps block double attachments,
in much the same way that the Sanesecurity foxhole sigs have been
doing for a while now.
On Tue, September 9, 2014 9:48 am, Denny Bortfeldt wrote:
I've got a little problem and don't know what happen to my system.
Everytime I start clamscan or freshclam I get the following error:
Hi Denny,
There's a few posts with that sort of no version information available
error...
Google:
On Mon, September 8, 2014 3:04 pm, Hajo Locke wrote:
What should i do now? Is there a trick to find a signature which fits
for all samples or i have to create a different signature for every
sample?
Hi,
Tricky :(
Copy this into@ not_tested.ndb
Hi All,
For those using Sanesecuriy foxhole databases, I've finally updated
their usage information:
http://sanesecurity.com/foxhole-databases/
Cheers,
Steve
Sanesecurity.com
___
Help us build a comprehensive ClamAV guide:
On Fri, September 5, 2014 8:21 pm, Dennis Peterson wrote:
Steve - thanks for your contribution to the success of the ClamAV
products. One question for you - how does determine the current version of
the files you distribute? One of the foxhole signature files I have is
from May, for example.
On Wed, September 3, 2014 11:56 am, Gene Heskett wrote:
Ok, I'll byte, whats a PUA?
Here's a good description...
Q. What is a Potentially Unwanted Application (PUA)?
A. The Sophos definition of a PUA is (quote) a term used to describe an
application that is not inherently malicious, but is
On Wed, September 3, 2014 12:38 pm, Gene Heskett wrote:
So as its been yonks since I setup the daily machine scan, where do I
turn off this particular PUA feature?
detect-pua switch for clamscan or disable it in the clamd.conf file.
Cheers,
Steve
Sanesecurity
On Wed, September 3, 2014 12:54 pm, Gene Heskett wrote:
detect-pua switch for clamscan or disable it in the clamd.conf file.
Which one?, I have 3 of them. This is an old ubuntu 10.04 LTS install.
Also its reported as version 98.1.
If you are using clamscan then I guess you've got a
On Wed, August 27, 2014 12:25 pm, Rajesh M. wrote:
in my clamd.conf file the size upto which the files will be scanned is 30
mb ie max email size in my smtp session.
how do we solve this issue.
Sorry for this being brief/incorrect as I'm on holiday-ish ;)
Qmail...
On Wed, July 23, 2014 10:41 am, Bernard Thédié wrote:
I'm using clamav under Linux. I've scheduled a daily scan of my home
dir. I would like to know if there's a way of telling clamscan to run more
nicely ; actually when clamscan runs, it takes between 75 and 90% of my
CPU ! I would rather
Just a thought.. Will ClamAV use LibreSSL too, as it's supposed to be drop in
On 9 July 2014 20:14:01 GMT+01:00, Joel Esler (jesler) jes...@cisco.com
wrote:
Compiling OpenSSL For Windows
In order to support more advanced features planned in future releases,
ClamAV has switched to using OpenSSL
On Tue, July 8, 2014 3:41 pm, a...@alb.de wrote:
alex:~$ dd if=mp3file.mp3 count=1 | sigtool --hex-dump
alex:~$ clamscan mp3file.exe
Hi Alex,
In the daily.ftm file, mp3 filetypes are ignored.
0:0:494433:MP3:CL_TYPE_ANY:CL_TYPE_IGNORED
Cheers,
Steve
Sanesecurity
I guess, if you *really* wanted to block mp3's being emailed you could
create a type4 ndb signature to match the mp3 base64 in the email ?
eg... email format...
==
Content-Type: audio/mpeg;
name=test.mp3
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
On Thu, July 3, 2014 2:08 pm, Chris wrote:
Below are the headers of the most recent mail that was hit the email
itself was all html. Since this is just a home system with mine and my
wifes email what's the best way to keep this from happening?
Hi Chris,
According to clamd.conf the default
On Wed, June 25, 2014 9:57 am, Paul Smith wrote:
Using ClamAV 0.97.2, since yesterday's update Freshclam gives this when
trying to download a fresh database:
Hi Paul,
Much newer binaries here (0.98.4), does it work ok with this version...
On Wed, June 25, 2014 11:00 am, Paul Smith wrote:
It looks like my version is from the ClamWin ClamAV Unofficial Win32
port. It's slightly customised which is why it's still an old version.
Ah ok.
There is also...
Native 0.98 here...
http://oss.netfarm.it/clamav/
Native 0.98.4-rc1:
Okay, great, thanks. Can you describe the risk for me? What does it do,
and what's necessary for the user to do to become infected? It appears to
be a rogue link phishing attack? So it requires the user to open the Word
doc then click the link, correct?
Hi Alex,
1. I used strings on the
On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote:
This morning I submitted the file
Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe
(MD5 ad690be247dda635781e20887fcac0e7)
on virustotal.com.
4 out of 54 scanners detected a virus
(NOD32 named it Win32/Kryptik.CFAE)
but
On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote:
About 4 hours later I checked again and
12 out of 54 scanners detected a virus in this file
but ClamAV did not detect it.
I know 4 hours sounds a long time but when you consider the current amount
of malware that is submitted /
On Sat, June 21, 2014 2:00 pm, Alex wrote:
Hi,
I'm using clamav-0.98.4 on fedora20 with the sanesecurity and safebrowsing
sigs and still seeing an unknown virus pass through our systems. I've
submitted it to the clamav false-negative upload, but haven't received a
response, and 24hrs later
Hi All,
I'm playing with .cud file creation from a couple of files...
testdb folder
COPYING
testdb.hdb
testdb.ndb
set SIGNDUSER=me
sigtool --datadir=testdb --build=testdb.cud --unsigned --cvd-version 1
WARNING: build: Signatures in testdb db files: 2674, loaded by libclamav:
5348
Total sigs:
Hi,
Does anyone have DatabaseCustomURL in their freshclam.conf:
I've just tried this format...
DatabaseCustomURL http://blahblahblah.com:/test.cud
And I get an Unknown error :)
ClamAV update process started at Thu Jun 19 14:14:24 2014
WARNING: Can't get information about
Hi,
Does anyone have DatabaseCustomURL in their freshclam.conf:
I've just tried this format...
DatabaseCustomURL http://blahblahblah.com:/test.cud
And I get an Unknown error ? :)
ie...
ClamAV update process started at Thu Jun 19 14:14:24 2014
WARNING: Can't get information about
As it stands right now, freshclam does not support custom ports. However,
we can add that functionality for a future release.
Thanks for the quick reply. I'll add a bugzila...
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV
Hi All,
I'm playing with .cud file creation from a couple of files...
testdb folder
COPYING
testdb.hdb
testdb.ndb
set SIGNDUSER=me
sigtool --datadir=testdb --build=testdb.cud --unsigned --cvd-version 1
WARNING: build: Signatures in testdb db files: 2674, loaded by libclamav:
5348
Total sigs:
On Tue, June 17, 2014 3:51 pm, Matt Olney wrote:
Due to the success of this release candidate, we would like to use the
beta/RC model going forward. Development is what it is, so we may not
always be able to do this, but my strong preference would be to use this
model. Provided nothing
On Mon, June 2, 2014 10:09 am, Julius Plenz wrote:
Hi, Alain!
* Alain Zidouemba azidoue...@sourcefire.com [2014-05-19 19:45]:
Let us know if you have any issues.
Again, the last update to daily.cvd is more than 48 hours old:
released on 30 May 2014 16:25 :0400. Is this intended?
Hi,
On Wed, May 28, 2014 9:35 am, Randal, Phil wrote:
Yet freshclam says (with and without -no-dns)
Hi Phil,
Same here...
freshclam...
ClamAV update process started at Wed May 28 10:13:11 2014
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
neo)
daily.cld is up to
On Fri, May 23, 2014 4:25 pm, Claudio Cuqui wrote:
Hello there !
I would like to known if is it possible to create a virus signature that
match the subject of a mail message. I tried everything and the signature
only match when the pattern is located in the email body.
Something like
On Tue, May 20, 2014 4:22 am, anctop wrote:
The file 42.zip was sent 2 times. If there is an antivirus in your MTA,
it might have crashed. Please check its status right now, as it is not
possible to do so remotely
Just for info...
Summary: This script sends the 42.zip recursive archive to
UNOFFICIAL means it did not come from ClamAV®.
You need to take it up with whomever maintains the MBL database.
MalwarePatrol? http://malwarepatrol.com.br/
I don't recall every subscribing to that service, and the clamav-
unofficial sigs database is not installed, and never has been.
Now
-rw-r--r-- 1 clamav adm 5958972 2013-05-03 07:51 junk.ndb
That's a bit out of date ;)
-rw-r--r-- 1 clamav adm 567741 2013-05-04 01:48 mbl.ndb JUST NUKED
I'll see if the one I just nuked comes back.
Yep, that'll be the one to watch out for...
Current download scripts are here, if
- Crashes of clamd on Windows and Mac OS X platforms when reloading
the virus signature database.
Just testing at the moment - reload issue seems to have gone and
so far so good... great work guys!
Cheers,
Steve
Sanesecurity
___
Help us build a
On Tue, May 13, 2014 8:27 am, Julian Hansmann wrote:
Regardless of its content (even if it's empty) a mail which has a file
with the suffix .JPG.zip (case sensitive) attached will be detected as
Email.Trojan-417.
Hi Julian,
I'm guessing the orignal offical signature was to catch something
On Mon, May 12, 2014 2:12 pm, Stuart Henderson wrote:
I'm running clamav on OpenBSD/amd64 5.5 (with various sanesecurity
hdb's, if that matters). Built from ports (with LLVM 3.3).
Hi,
Is is random or only on a certain email?
Do have a full copy of the email shown in your log?
If you do, does
On Mon, May 12, 2014 3:50 pm, Stuart Henderson wrote:
It also happens for clamscan (I removed all standard db's and
included only the single signature triggered by this mail so it would start
quickly).
I have only hit this crash if a signature is matched (i.e.
I haven't hit it if I remove
Just a quick report...
0.98.3 crashes... 0.98.1 no issues...
Thu May 08 15:29:06 2014 - +++ Started at Thu May 08 15:29:06 2014
Thu May 08 15:29:06 2014 - clamd daemon 0.98.3 (OS: win32, ARCH: i386,
CPU: i386)
Thu May 08 15:29:06 2014 - Log file size limited to 104857600 bytes.
Thu May 08
On Thu, May 8, 2014 5:46 pm, Shawn Webb wrote:
Hey Steve
Could you send me over a copy of your clamd.conf, please?
Thanks,
Shawn
Here you go...
http://pastebin.com/EzRLk9iW
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive
Hey Steve,
Could you send me over a copy of your clamd.conf, please?
Hi Shawn,
I can reproduce...
Installed a clamav without 3rd party stuff, fresh onto a test XP box I had
not doing anything gulp
run freshclam
run clamd
run clamdscan to prove its all working
1) clamdscan --reload to force
On Thu, May 8, 2014 5:47 pm, Kris Deugau wrote:
I have been adding MD5 signatures, and somewhat more recently, .zmd
.zip-content-filename signatures (for doubled-extension files), but I do
not have time to dig more deeply and create more general signatures.
-kgd
Hi,
You could add
Dear all,
I the past - before the latest takeover - I used the git repository to
keep track of updates and/or other changes. I notice that since the
latest takeover the git repository only is used when a new version has
been released, thus defeating the practical use of the git repository.
On 03.03.14 12:38, Dennis Peterson wrote:
Did you just send a link to a known infected file to this list?
Yes, I sent a link to something I felt people answering my question
would need to be able to see, with some text next to it *specifically
saying it was infected*.
I think a h t t p
OpenSSL will be required to both compile and run ClamAV.
Out of interest what Cipher:
http://zombe.es/post/4078724716/openssl-cipher-selection
http://security.stackexchange.com/questions/35036/different-performance-of-openssl-speed-on-the-same-hardware-with-aes-256-evp-an
Cheers,
Steve
In case this is useful for system scanning for TheMask aka Careto...
Original Message
Subject: [sanesecurity] new database: malwarehash.hsb
From:Steve Basford steveb_cla...@sanesecurity.com
Date:Mon, February 17, 2014 4:00 pm
does anyone please know where is any documentation on fireclam plugin
that is supposed to scan all files downloaded through Firefox browser
using clamav? specifically I am trying to find out if it can be
configured to produce a log or summary report of scan results
including positive
201 - 300 of 523 matches
Mail list logo