[clamav-users] Slow PDF Scanning pt 3.

are used after tags are parsed. And neither DP nor DecodeParms are in `pdfname_actions`, so they are not affecting state. Slow PDF scanning has been a known problem for 3 years, and it would be nice to see it addressed in a new patch soon. Again, I’m happy to provide more detail

[clamav-users] Slow PDF scanning, pt.2

/5f934c16b47591157a7082b71e751c45f095e2c8/libclamav/pdf.c#L1580, we see references to parameters, but they are used after tags are parsed. And neither DP nor DecodeParms are in `pdfname_actions`, so they are not affecting state. Please check on this. Happy to provide more information. Best, Eric

[clamav-users] Slow PDF scanning

(1 m 35 s) Start Date: 2024:02:06 22:58:43 End Date: 2024:02:06 23:00:18 Thought this might be helpful for investigations. BTW, do we have an update on if this issue with slow PDF scanning will be fixed soon? Best regards, Eric CONFIDENTIALITY NOTICE

Re: [clamav-users] Bitdefender Antivirus Plus slows down my computers to a crawl

Honestly, this is actually a good question. I would have normally suggested Cisco's windows free endpoint software: https://www.immunet.com/ But as you can see, they are stopping support at the beginning of next year. Window's built-in Defender is usually good enough for me, but Cisco might have

Re: [clamav-users] Needed to whitelist Email.Phishing.RPMSG_Downloader-10004958-0

Taken care of… I think it only uploaded the one sample, but I think all three were just test emails send by the MS customer. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 11, 2023, at 5:30 PM, Micah Snyder (micasnyd) > wrote: > > You can submit FP reports t

[clamav-users] Needed to whitelist Email.Phishing.RPMSG_Downloader-10004958-0

headers or anything let me know. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build

Re: [clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

ublished > > No. Ubuntu package maintenance is separate from Debian's. > > Scott K For those interested, David Gonzales just released the patches to security-proposed on Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2007456 Sincerely, Eric Tyk

Re: [clamav-users] Question Exception Rule

I contact to get an exemption for ClamAV ("Heuristics.Phishing.Email.SpoofedDomain")? > This in my case is an absolutely legitimize sender (my Bank). It's in the documentation: https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format > Regards > Marc Sincere

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Al, > From: clamav-users On Behalf Of Al > Varnell via clamav-users > Sent: Thursday, December 15, 2022 9:20 AM > To: ClamAV users ML > Cc: Al Varnell > Subject: Re: [clamav-users] How many viruses/malware is clamav protecting us > from? > > I don't believe I understand your question.

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Michael, Here’s the update mailing list: https://lists.clamav.net/mailman/listinfo/clamav-virusdb Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Michael Kyriacou via clamav-users Sent: Thursday, December 15, 2022 9:10 AM To: ClamAV

Re: [clamav-users] GCP Management

Ged, I think he's talking about the Google Marketplace images, like AWS images. Personally instead of relying on a third party to setup the vm, I would just setup a quick docker instance and use the official ClamAV image. https://hub.docker.com/r/clamav/clamav Sincerely, Eric Tykwinski TrueNet

Re: [clamav-users] ClamAV Action is not working on WHM/cPanel

Joel, As far as I know it should be managed by cPanel, but I haven’t run it in ages. My suggestion would be to ask here: https://forums.cpanel.net/ > On Oct 13, 2022, at 4:49 PM, Joel Esler via clamav-users > wrote: > > I am betting that Inmotion is running an

[clamav-users] Anyone running a cluster on K8s?

—reload to the service to hit them all? Any guidance would be appreciated. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users

Re: [clamav-users] Please help

Jan, Look in clamd.conf for something like: LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 or TCPSocket 3310 TCPAddr xxx.xxx.xxx.xxx Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users

Re: [clamav-users] Permanently banned from clamav

tails going through SSL CAs, web transactions, et al… CGNAT on ip4 wouldn’t surprise me, as I’ve personally seen issues with other CDNs, Netflix, Disney+, et al…. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 2, 2022, at 1:57 PM, G.W. Haywood via clamav-users > wro

Re: [clamav-users] Off topic question...

Ged, > Hi there, > > On Wed, 29 Jun 2022, Eric Tykwinski via clamav-users wrote: > >> Any one have an abuse contact for Cisco IronPorts hosted service? >> >> Customer of ours received a phishing email from a Cisco client but >> wasn't sent by them, at least t

[clamav-users] Off topic question...

Any one have an abuse contact for Cisco IronPorts hosted service? Customer of ours received a phishing email from a Cisco client but wasn't sent by them, at least that what I'm being told. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

[clamav-users] How to stop receive messages.

Dear Sir, I don't want to receive any posted messages. Please tell me how to stop it. Thanks. Best regards, Eric. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build

Re: [clamav-users] DoD/IL4/Federal use case

Department of Defense (United States) Impact Level 4 It’s a grading system that should say what the requirements are to reach that level. I honestly have no clue what the requirements are, but they should be listed on the site. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429

Re: [clamav-users] Virus not detected

Jorge, There are a lot of alternative signatures. Sanesecurity: http://sanesecurity.com/ Malware Patrol: https://www.malwarepatrol.net/clamav-configuration-guide/ or you can use something like clamav-unofficial-sigs: https://github.com/extremeshok/clamav-unofficial-sigs > On Mar 21, 2022, at

Re: [clamav-users] human friendly signatures

Steve, I like the idea, but why the hex; hex? Just thinking about my recent issues with direct deposit phishing emails from gmail.com and they are written probably by people, so I can’t really hash it, and have to regex it. > On Mar 16, 2022, at 5:10 PM, Steve Basford > wrote: > > On 16

Re: [clamav-users] Current replacement for --max-ratio?

Ged, When did clamav start scanning iso files? I just tried this and found a eicar.txt file, so yes it does work. For email, I always just blocked iso extensions. Still doesn’t like MacOS cdr extensions, but a great improvement. Sincerely, Eric Tykwinski > On Jan 14, 2022, at 6:21 PM,

Re: [clamav-users] Does ClamAV scan attachments embedded in .msg files

mail and decode attachments. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Andreas Wittig Sent: Friday, January 14, 2022 6:17 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Does ClamAV scan attachments embedded in .msg files

[clamav-users] stuck at "Starting Clam AntiVirus Daemon" when rebooting.

CaJUwwSA?e=KKeYf1 BR, Eric. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0

, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Dan Jaap via clamav-users Sent: Friday, September 10, 2021 12:31 PM To: clamav-users@lists.clamav.net Cc: Dan Jaap Subject: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0 Can someone explain what

Re: [clamav-users] How to uninstall the ClamAV 0.104?

Thanks Ged. G.W. Haywood via clamav-users 於 2021年8月4日 週三 下午11:00寫道： > Hi there, > > On Wed, 4 Aug 2021, Eric Jin via clamav-users wrote: > > > I tried to uninstall the clamav 0.104 per the link: > > https://docs.clamav.net/faq/faq-uninstall.html but I can't find the

[clamav-users] How to uninstall the ClamAV 0.104?

Hi, I tried to uninstall the clamav 0.104 per the link: https://docs.clamav.net/faq/faq-uninstall.html but I can't find the install_manifest.txt. What's the problem with it? Thanks. ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Cannot ignore BC.Gif.Exploit.Agent-1425366.Agent

Guys, Found the file causing the issue. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/tests/test-images/gif-test-suite/max-width.gif Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Orion Poplawski via clamav-users

[clamav-users] Opinion?

the sender right away. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide

Re: [clamav-users] clamav-freshclam service issue

You could also just delete file # rm /etc/cron.d/clamav-update but I imagine it will be there on next update. On 7/5/2021 11:53 AM, Eric Broch wrote: Freshclam doesn't start because databases are now updated by cron job '/etc/cron.d/clamav-update' in 'freshclam.service' file. If cron job

Re: [clamav-users] clamav-freshclam service issue

ut any issue, but when I ran toaststat it stopped. On Fri, Jul 2, 2021 at 12:17 PM ChandranManikandan <mailto:kand...@gmail.com>> wrote: Hi Eric, Am running Centos 7 64 Bit with the Qmailtoaster system. Usually update through the command line . I have seen the c

Re: [clamav-users] clamav-freshclam service issue

# cat /etc/freshclam.conf Show output on list. On 7/1/2021 2:46 AM, ChandranManikandan via clamav-users wrote: Hi Folks, I have updated the below packages through the webmin panel. Jul 01 13:27:50 Updated: clamav-filesystem-0.103.2-2.el7.noarch Jul 01 13:27:51 Updated:

Re: [clamav-users] clamav-freshclam service issue

# cat /usr/lib/systemd/system/clamav-freshclam.service send output along On 7/1/2021 2:46 AM, ChandranManikandan via clamav-users wrote: Hi Folks, I have updated the below packages through the webmin panel. Jul 01 13:27:50 Updated: clamav-filesystem-0.103.2-2.el7.noarch Jul 01 13:27:51

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

read: 144370.49 MB (ratio 0.18:1) Time: 7685.714 sec (128 m 5 s) Start Date: 2021:06:16 03:15:16 End Date: 2021:06:16 05:23:22 G.W. Haywood via clamav-users 於 2021年6月16日 週三 下午10:47寫道： > Hi Eric, > > On Wed, 16 Jun 2021, Eric Jin via clamav-users wrote: > > G.W. Haywood via clamav-us

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

ser=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-siz

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

.localdomain systemd[1]: Unit clamd@scan.service entered failed state. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service failed. BR, Eric. G.W. Haywood via clamav-users 於 2021年6月16日 週三 下午2:43寫道： > Hi Eric, > > On Wed, 16 Jun 2021, Eric Jin via clamav-

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

= 8 Engine flevel: 123, dconf: 123 [root@tplinuxuhgdb2 clamd.d]# BR, Eric. G.W. Haywood via clamav-users 於 2021年6月15日 週二 下午11:15寫道： > Hi there, > > On Tue, 15 Jun 2021, Eric Jin via clamav-users wrote: > > G.W. Haywood via clamav-users 於 > 2021年6月15日 週二 下午6:40寫道： > >&

Re: [clamav-users] Failed to start Generic clamav scanner daemon.

Hi Ged, I finished the installation and configuration according to these commands in the link:https://www.opencli.com/linux/rhel-centos-install-clamav. BR, Eric. G.W. Haywood via clamav-users 於 2021年6月15日 週二 下午6:40寫道： > Hi there, > > On Tue, 15 Jun 2021, Eric Jin via clamav-us

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain...

tual underlying link: https://click.o.delta.com/u/?qs=1568763c78f67b6cdcd44df9cfac10c6bdd8a68c567c4d04238da45d4092cc1adeef2f53a3a8c4248f7140f92bd80fb33b830537983d2ad07ed440f137dd0226 If you ask me, that deserves to be quarantined. For Sendmail, it should be something like "sendmail -q" I would definitely look it up in the man pages, as I've been using postfix and

Re: [clamav-users] SSN question

, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Matus UHLAR - fantomas Sent: Tuesday, April 6, 2021 12:03 PM To: clamav-users@lists.clamav.net Subject: [clamav-users] SSN question Hello, I see that I can enable DLP by enabling

[clamav-users] Heuristics.Phishing.Email.SpoofedDomain...

Just a heads up. I noticed a bunch of American Express Statements in our quarantine. My guess is because they are using m.amex and go.amex links in the emails. DKIM and SPF pass so these definitely seem to be legit AMEX emails. >From address is "American Express" Sincerely, E

Re: [clamav-users] Linode Clam AV Updates

subscribing to these providers irl. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 19, 2021, at 7:52 PM, Joel Esler (jesler) via clamav-users > wrote: > > Linode is our second biggest abuser. > > Slow your updater down. > > Sent from my  iPho

[clamav-users] Exchange attacks...

…. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

quick: https://www.reddit.com/r/qnap/comments/dcnjzo/clamav_virus_definition_downloads_failing/ <https://www.reddit.com/r/qnap/comments/dcnjzo/clamav_virus_definition_downloads_failing/> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 7, 2021, at 5:48 PM, Joel Esler (je

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

I’ve got a QNAP at my house. Looks like it’s fine on the newest version: v4.5.3.1594 Given it’s outdated, but that doesn’t surprise me much: ClamAV 0.102.2/26100/Sat Mar 6 07:05:22 2021 Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 7, 2021, at 4:29 PM, Eero Voloti

Re: [clamav-users] ClamAv help

ntined to a ~/Documents/Quarantine/ directory so if a file simple went missing I would know where it was from and where it went to. P.S. Have a good new year everyone... Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 31, 2020, at 6:52 PM, Jay A. Schoon via clamav-users > wrot

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

ely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Orion Poplawski Sent: Wednesday, December 23, 2020 1:11 PM To: ClamAV users ML Subject: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0 Can anyone give me some details ab

Re: [clamav-users] Looks like we've gotten a new variant of Emotet getting through...

tures if I need to. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://gith

Re: [clamav-users] Looks like we've gotten a new variant of Emotet getting through...

Sorry to bother, but do you guys want raw emails or just the payload Word Docs? I just sent payloads, since they are real emails with responses and a virus attached. I can however scrub the raws and send a few of those as well. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

[clamav-users] Looks like we've gotten a new variant of Emotet getting through...

I'm going to start posting a few to https://www.clamav.net/reports/malware Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo

Re: [clamav-users] Fwd: MacOS ClamAV Configuration Errors

Sorry just noticed the last line. If you want to use check, you’ll need to install it. #brew install check After that, it should build fine... From: clamav-users On Behalf Of eric-l...@truenet.com Sent: Wednesday, November 11, 2020 3:57 PM To: 'ClamAV users ML' Subject: Re: [clamav

Re: [clamav-users] Fwd: MacOS ClamAV Configuration Errors

Wayne, Since it looks like you are using homebrew, why not just install that: eric@Erics-Mac-Pro ~ % brew info clamav clamav: stable 0.103.0 (bottled), HEAD Anti-virus software https://www.clamav.net/ /usr/local/Cellar/clamav/0.103.0 (62 files, 448.2MB) * Poured from bottle on 2020-09

Re: [clamav-users] Standard list of exclusions and a private docker registry

I agree with Ged on scanning a Docker registry, what I would be more worried about is software versions especially when pulling from something like Docker Hub. I've personally started playing around with VMware's integrated containers which do vulnerability scans, but I'm sure there's probably

Re: [clamav-users] How to package source into .pkg for mac installer to mass deploy via MDM?

for desktop users, and without something like ClamTK, I just don't see the need. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Micah Snyder (micasnyd) via clamav-users Sent: Thursday, September 24, 2020 8:34 PM To: ClamAV users

Re: [clamav-users] How to package source into .pkg for mac installer to mass deploy via MDM?

Probably not relevant too much to the list, but you'll need a developer certificate, and check out pkgbuild from X-Code. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users On Behalf Of Emil via clamav-users Sent: Thursday, September 24, 2020 1

Re: [clamav-users] Anyone have a good script for encrypted zip Emotet files?

Ged, > Hi Eric, > > > On Tue, 22 Sep 2020, Eric Tykwinski wrote: > > > >> I started writing my own, but of course I'm not catching them all. > > > > If you could let me have some samples (complete messages) I could take > > a look to see what I can

[clamav-users] Anyone have a good script for encrypted zip Emotet files?

I started writing my own, but of course I'm not catching them all. Example of my YARA file is here: https://pastebin.com/MKTbKiNX If anyone is willing to share a more comprehensive rule I would appreciate it. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

Re: [clamav-users] Services Difference & Memory Utilization

whitelisted. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Sep 14, 2020, at 8:17 PM, bobby via clamav-users > wrote: > > What is a good vps provider to use then if not DO? > > On Mon, Sep 14, 2020 at 7:10 PM Eric Tykwinski <mailto:eric-l...@truenet.com>> wr

Re: [clamav-users] Services Difference & Memory Utilization

… Use TalosIntelligence.com <http://talosintelligence.com/> before you purchase a VPS for email, it’ll probably save you a lot of hassle. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Sep 14, 2020, at 6:50 PM, G.W. Haywood via clamav-users > wrote: > > Hi ther

Re: [clamav-users] Is ClamAV On-Access Scanning model applied on Windows?

ks well for that case. Example: /usr/local/bin/fswatch -0 $HOME | xargs -0 -n1 -I {} /usr/local/bin/clamdscan -i --move=$HOME/Documents/Quarantine {} Says it can do Windows as well, but I've never attempted it and looks like it's needs Cygwin, which I wouldn't want to play with. Sincerely, Eri

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.0 release candidate

Congrats guys, non-blocking was a long awaited improvement on my end… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Aug 18, 2020, at 5:57 PM, Joel Esler (jesler) via clamav-users > wrote: > > >> >> https://blog.clamav.net/2020/08/clamav-0103

Re: [clamav-users] ClamAV Database update issue

AV Database update issue Hi Eric, Thanks for your reply but the ip posted here belongs to San Francisco will Issue in LA cause issue in San Francisco as well? I find this little strange. Thanks, -- SUDHIR KUMAR MAHARJAN Associate IT Manager Deerwalk Services Pvt. Ltd. p: +977-

Re: [clamav-users] ClamAV Database update issue

Check out CloudFlare status: https://www.cloudflarestatus.com/ If you are in the LA area, that could be a cause… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Sudhir Kumar Maharjan

Re: [clamav-users] How to determine virus database version from behind proxy?

dly, I don’t know of really any local DoH resolvers that can be used to scale, and I honestly don’t think it’ll last as long as I think most people think it will. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 9, 2020, at 6:20 PM, Eric Tykwinski wrote: > > Lol,

Re: [clamav-users] How to determine virus database version from behind proxy?

application/dns-json' >>> 'https://dns.google.com/resolve?name=current.cvd.clamav.net=A' >>> >>> ... or even just: >>> >>> curl 'https://dns.google.com/resolve?name=current.cvd.clamav.net=A' >>> >>>> On Thu, Jul 9, 2020 at 3:51 PM Eric Tykwin

Re: [clamav-users] How to determine virus database version from behind proxy?

You could query using DoH: #curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=current.cvd.clamav.net=TXT' > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of André Weidemann > Sent: Thursday, July 09,

Re: [clamav-users] clamonaccess scanning doesnot see /tmp/eicar.com

└─sdb1 8:17 0 100G 0 part ├─datavg-lv--data 253:204G 0 lvm /data └─datavg-lv--audit 253:301G 0 lvm /var/log/audit [erirhe1d@gglvboft001 tmp]$ Met vriendelijke groet, Eric van Rheenen Linux beheer Raadhuisplein 10, 9751AN Haren E-Mail: eric.van.r

[clamav-users] clamonaccess scanning doesnot see /tmp/eicar.com

every 1800 seconds. clamd[4819]: SelfCheck: Database status OK. clamd[4819]: SelfCheck: Database status OK. clamonacc: ClamInotif: watching '/tmp' (and all sub-directories) Please tell me what i'm doing wrong ? Thanks in advance, Met vriendelijke groet, Eric van Rheenen Linux beheer Raadhuis

Re: [clamav-users] Cannot install Clam AV on Ubuntu 16.04

Seriously, Nothing to do with ClamAV specifically, but RH/Cent is know to confuse the hell out of everyone with their wonderful retrograde back ports. So I’ve talked to ISC about Bind versions and they basically said ditch it… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On

Re: [clamav-users] eff.org.xpi false positive ? Mailing Lists/ClaMav/clamav-users x

Marcos, You can check out the signature for the HTTPS Everywhere extension on their page: https://www.eff.org/https-everywhere <https://www.eff.org/https-everywhere> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 25, 2020, at 2:50 PM, marcos sr via clamav-users

Re: [clamav-users] Email payload in .img container

in size but not near 4 GB… > Pretty much on par with size, a little bit bigger: 1.19 MB I’ve decided to just block them by extension for now, as I don’t think many of my customers will be emailing out ISOs or disk images directly at least. Sincerely, Eric Tykwinski

[clamav-users] Email payload in .img container

container would it have even been caught anyways, even if it was detected? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo

Re: [clamav-users] messages in freshclam.log

This was mentioned here before, and I can't remember what the status was. For this example: A dig trace leads to: ping.clamav.net.86400 IN NS ns1a.clamav.net. ;; BAD (HORIZONTAL) REFERRAL dig: too many lookups #dig daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net

Re: [clamav-users] Elmedia Player.app detection

Found an article on it: https://www.intego.com/mac-security-blog/osxproton-malware-is-back-heres-wha t-mac-users-need-to-know/ From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Al Varnell via clamav-users Sent: Tuesday, December 10, 2019 11:25 AM To: ClamAV

Re: [clamav-users] Use ClamAV to scan email in Plesk Ubuntu with Postfix

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of G.W. Haywood via clamav-users > Sent: Friday, October 04, 2019 11:52 AM > To: ClamAV Users Mailing List > Cc: G.W. Haywood > Subject: Re: [clamav-users] Use ClamAV to scan email in Plesk

Re: [clamav-users] Question

uction/clamav-0.102.0.tar.gz > Or my preference: https://github.com/Cisco-Talos/clamav-devel Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/list

Re: [clamav-users] False Positive for Txt.Coinminer.Generic-7132166-0

Brian, It’s a straight text search for 6 strings. Can’t send the decode because it will be caught in my outbound. # sigtool –find-sigs Txt.Coinminer.Generic-7132166-0 | sigtool –decode-sigs Doesn’t seem extremely likely for a lot of false positives to me, but ymmv.

Re: [clamav-users] clamav-users Digest, Vol 174, Issue 2

Dexter, Something like ansible? Use ansible's homebrew module to install ClamAV, run a scan, than use the module again to uninstall. With something like Tower or AWX just schedule it out to run whenever you want on as many computers as you want. Problem would be the time to scan as each host

Re: [clamav-users] Linux viruses

Christopher, Run #sigtool –find-sigs Unix There are quite a few which I think apply to *nix in general. From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Christopher Draper via clamav-users Sent: Friday, June 28, 2019 3:49 PM To:

Re: [clamav-users] Scanning on Mac without installation

a cron job as well for nightly scans, which it sounds like you were doing for windows, but it needs to be installed somewhere, and have file access. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On May 10, 2019, at 7:42 PM, Dexter Rivera via clamav-users > wrote: &g

Re: [clamav-users] Security 3310 SSL/TLS

I think most suggest using an SSH tunnel between server and host. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of David Hendrick Sent: Wednesday, April 10, 2019 1:19 PM To: clamav-users

Re: [clamav-users] Mailman web UI for ClamAV currently inaccessible

Typo in the URL: https://lists.clamav.net/mailman/listinfo/clamav-users Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Ralph Seichter via clamav-users > Se

Re: [clamav-users] Testing

EtpLAtz"; dkim-atps=neutral⁩ X-Smartermail-Totalspamweight: ⁨0 (Trusted Sender - User)⁩ Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-use

Re: [clamav-users] Using clamav to test for bad links in incoming emails

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Alessandro Vesely > Sent: Thursday, February 14, 2019 11:08 AM > > Shouldn't that be done with SA? > http://uribl.com/usage.shtml It really depends on your goal. For me I use ClamAV

Re: [clamav-users] Using clamav to test for bad links in incoming emails

Check out SaneSecurity: https://sanesecurity.com/usage/signatures/ <https://sanesecurity.com/usage/signatures/> Specifically: phish, winnow_phish_complete_url I’m sure there’s others as well. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Feb 8, 2019, at 6:07 PM, Gen

Re: [clamav-users] Constant CPU Usage

Have you checked out clamdtop to see what’s being done? I usually see 1 core maxed on clamd. It’s a 2012 MacPro, so not a worry for me. Might want to change from fswatch to just a nightly scan if it’s too hard on the system. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

ly, I did hop on without all the facts and was just trying to figure out on the fly what’s going on, so my bad on that. When in doubt, I usually pull a pcap on a server. There’s a lot of factors that can come into play, but actually with clam only using http, this actually

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

to the logs when the file doesn’t exist. I’m not positive on this so Micah can chime in, but I do believe you get the cdiff files from the DNS TXT somehow. If anything it’s a good lesson on how exactly freshclam works. Sincerely, Eric Tykwinski_

Re: [clamav-users] Detecting Word docs with macros

o and or passwords. Thanks, just added badmacro.ndb, so hopefully that will help. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clam

[clamav-users] Detecting Word docs with macros

-for-microsoft-office-files-co ntaining-macro/ Anyone have a suggestion? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

il. So it looks like IAD updated at 14:14:30 GMT, but BOS didn’t update till 17:09:01 GMT from his email. From back in archives, I think he’s using wget to just pull the files, but freshclam would just pull the cdiffs and keep you up to date on the next check. Sincerely, Eric Tykwinski TrueNet,

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

j:neo:1544293134 So daily.cvd is being cached on cloudflare for the first update and you might need to be running a freshclam right after a new install since it’s out of date due to caching on cloudflare’s server. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 8, 2018,

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

the source and use the updates, which pretty much is using freshclam. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 8, 2018, at 10:37 AM, Paul Kosinski wrote: > > Not sure what DNS caching would have to do with this. As I understand > "anycast", it hap

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

server that is still giving older records. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 7, 2018, at 6:20 PM, Paul Kosinski wrote: > > As some of you may be aware, ever since ClamAV began using Cloudflare, > we have seen many occasions when files like daily.cvd were not

Re: [clamav-users] freshclam. Service exited with abnormal code: 1

Robert, Looking at the freshclam return codes, it's not a problem. https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/freshclam/freshclamcodes.h FC_UPTODATE = 1, So basically it means there was no changes. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Origi

Re: [clamav-users] How do I know when new versions contain .conf file changes?

. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Oct 30, 2018, at 5:31 PM, Brian Fluet wrote: > > Thanks for the url to the release notes. > > I'm using the Win32 package from clamav.net in conjunction with > Mercury Mail Transport System which passes messages to clamd.

Re: [clamav-users] How do I know when new versions contain .conf file changes?

My suggestion would be to check out the release notes on GitHub for your specific version: https://github.com/Cisco-Talos/clamav-devel/commits/rel/0.100 Depends though on if you are running Talos, or ClamWin. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Mess

Re: [clamav-users] Mac: clamAV vs. Mojave

o /usr/local/var/log/freshclam.log under the user that installed. For multiple users I’ll run clamdscan under root, but that comes with it’s own issues for notifying users. Someone forked my work and just decided to email users which works. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-42

Re: [clamav-users] Latest report on update "delays"

You could limit with Last-Modified, but it’s dependent on the hosting server which CloudFlare can’t control. Besides, it’s usually just main.cvd that will change mostly and that’s just the first download. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Oct 19, 2018, at 5:19

Re: [clamav-users] Latest report on update "delays"

s are when they come in. Sound about right Joel, Micah? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Paul Kosinski > Sent: Thursday, October 18, 2018 1:23

  1   2   3   >