Re: [clamav-users] update mirror trouble?

isco.com> On Nov 6, 2017, at 11:12 AM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote: There are still a lot of broken mirrors out there aside from this problem. dp On 11/6/17 8:05 AM, Joel Esler (jesler) wrote: This should be resolving itself as we speak.

Re: [clamav-users] Cannot send virus sample through https://www.clamav.net/reports/malware

What is the error you are receiving from Cloudflare? I need some details. -- Joel Esler | Talos: Manager | jes...@cisco.com On Dec 11, 2017, at 3:48 AM, Matteo Italia > wrote: Hello, I'm trying to submit a virus

Re: [clamav-users] Cannot send virus sample through https://www.clamav.net/reports/malware

veral actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. Cloudflare Ray ID: 3cb8f72fcc300e5a • Your IP: 79.1.45.152 Il 11/12/2017 14:58, Joel Esler (jesler) ha scritto: What is the error you are receiving from Cloudfla

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

-6336209-0 has been solved, but the issue of Html.Exploit.CVE_2017_8757-6336185-0 has not been solved yet. Could you Drop this signature as well ? On Fri, 20 Oct 2017 14:47:24 + "Joel Esler (jesler)" <jes...@cisco.com<mailto:jes...@cisco.com>> wrote: All ? This signature has been dropped

Re: [clamav-users] Win.Exploit.CVE_2017 in user32.dll

These have been fixed. -- Joel Esler | Talos: Manager | jes...@cisco.com On Oct 30, 2017, at 7:59 AM, JD Ackle > wrote: Hello, A clamscan running from Linux on a Windows disk (mounted on /mnt ) produced the

Re: [clamav-users] Recommended workstation usage?

You may want to add “ELF….” To your count. Perhaps even “OSX….” -- Joel Esler | Talos: Manager | jes...@cisco.com On Dec 20, 2017, at 7:02 AM, Maarten Broekman > wrote: There are far more than 31

Re: [clamav-users] fp Img.Malware.Agent-6499558-0

Whoops, that’s an old link https://www.clamav.net/reports/fp Sent from my iPhone On May 6, 2018, at 21:24, Joel Esler (jesler) <jes...@cisco.com<mailto:jes...@cisco.com>> wrote: Dear Benny, You should submit a false positive report. The false positive submission form can be foun

Re: [clamav-users] fp Img.Malware.Agent-6499558-0

Dear Benny, You should submit a false positive report. The false positive submission form can be found here: http://www.clamav.net/lang/en/sendvirus/submit-fp/ Sent from my iPhone > On May 6, 2018, at 20:55, Benny Pedersen wrote: > >

Re: [clamav-users] clamsubmit error

Arnaud, Is that you sending us all those submissions?! Fantastic amount! > On May 9, 2018, at 10:07 AM, Arnaud Jacques > wrote: > > Hello, > >> clamsubmit with ClamAV 0.100.0 should work fine. I am surprised to see that >> error. We fixed code in the near

Re: [clamav-users] how long i will get up-to-date AV signatures for version 0.99.2

0.99.2 is still supported, and will remain supported officially until we ship 0.101.0, according to our EOL guidelines. But I will also tell you that we keep testing older versions for awhile, right up until they break. I think we test as far back as 0.97ish, I'd have to check to be sure.

Re: [clamav-users] Is it legal to use ClamAV on a Windows Server in a SMB environment?

ClamAV's license is GPLv2. I don't see why it wouldn't be legal to do so. On May 9, 2018, at 2:11 PM, Allen Morrow > wrote: Is it legal to use ClamAV on a Windows Server in a SMB environment?

Re: [clamav-users] clamsubmit error

On May 9, 2018, at 3:43 PM, Benny Pedersen > wrote: Micah Snyder (micasnyd) skrev den 2018-05-09 19:39: The web interface, however, can do both http and https. if users can do 2 things, most will do incorrect way turning off ssl is not a good option to any

Re: [clamav-users] clamsubmit error

Files that come in via the website, for the most part, are processed automatically. There is a lot of automation going on with web submissions. > On May 5, 2018, at 4:29 PM, Benny Pedersen <m...@junc.eu> wrote: > > Joel Esler (jesler) skrev den 2018-05-05 19:56: >> for I

Re: [clamav-users] clamsubmit error

Are you using a current version of clamsubmit? > On May 5, 2018, at 3:21 PM, Walter H. wrote: > > On 05.05.2018 07:38, Arnaud Jacques wrote: >> Hello, >> >> Wanted to send some files to ClamAV using clamsubmit, got this error : >> >> invalid cfduid and/or session

Re: [clamav-users] clamsubmit error

for I in `ls -l /tmp/files/malicious` do clamsubmit $I; done > On May 5, 2018, at 8:30 AM, Benny Pedersen wrote: > > Arnaud Jacques skrev den 2018-05-05 07:38: > >> I did : >> clamsubmit -e webmas...@securiteinfo.com -N Arnaud Jacques -n myfile > > space is new arg ? > >

Re: [clamav-users] clamsubmit error

I like this idea. > On May 5, 2018, at 8:30 AM, Benny Pedersen wrote: > > Arnaud Jacques skrev den 2018-05-05 07:38: > >> I did : >> clamsubmit -e webmas...@securiteinfo.com -N Arnaud Jacques -n myfile > > space is new arg ? > > clamsubmit -e webmas...@securiteinfo.com -N

Re: [clamav-users] Mirrors not responding?

Try removing your mirrors.dat. Sent from my iPhone > On May 19, 2018, at 05:45, Brian Morrison <b...@fenrir.org.uk> wrote: > > On Fri, 18 May 2018 15:18:06 +0000 > "Joel Esler (jesler)" <jes...@cisco.com> wrote: > >> db.gb was overlooked in

[clamav-users] Db.cn was moved to CDN last night, and more CDN stuff

We are letting the traffic settle back down after the transfer of dB.cn. What we have discovered are there a ton of ClamAV installations that have not been able to update in a long time or are pointed at a dead mirror in the zone. When we transfer a zone to Cloudflare, (our CDN provider,

Re: [clamav-users] Mirrors not responding?

What zone? Sent from my iPhone > On May 20, 2018, at 08:34, Brian Morrison <b...@fenrir.org.uk> wrote: > > On Sat, 19 May 2018 12:23:29 +0000 > "Joel Esler (jesler)" <jes...@cisco.com> wrote: > >> Try removing your mirrors.dat. > > Fix

Re: [clamav-users] Mirrors not responding?

Oh sorry, dB.gb. Very interesting. Thank you for the follow up Sent from my iPhone > On May 20, 2018, at 11:06, Joel Esler (jesler) <jes...@cisco.com> wrote: > > What zone? > > Sent from my iPhone > >> On May 20, 2018, at 08:34, Brian Morrison <b...@fenrir

Re: [clamav-users] DNS entry of db.jp.clamav.net disappeared?

Sorry for my lack of response. We went to fix it, and I didn’t acknowledge your email. Sent from my iPhone > On May 20, 2018, at 03:06, Yasuhiro KIMURA wrote: > > From: Al Varnell > Subject: Re: [clamav-users] DNS entry of db.jp.clamav.net disappeared?

Re: [clamav-users] Test Message

ailed information for our analysts and technicians. -Original Message- From: clamav-users <clamav-users-boun...@lists.clamav.net<mailto:clamav-users-boun...@lists.clamav.net>> on behalf of "Joel Esler (jesler) via clamav-users" <clamav-users@lists.clamav.net<m

Re: [clamav-users] Test Message

Date: Friday, May 18, 2018 at 3:04 PM > To: ClamAV users ML <clamav-users@lists.clamav.net> > Subject: Re: [clamav-users] Test Message > >Test 2 worked for me. > > From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of > "Joel Esler (jes

Re: [clamav-users] Attachments

This should be fixed. On May 15, 2018, at 8:13 AM, Groach via clamav-users > wrote: From: Groach > Subject: Re: [clamav-users] Attachments Date:

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

It may be the TTL I have set on the cache. Let me get to my desk and remove the TTL and flush the cache and have you try again Sent from my iPhone > On Jul 2, 2018, at 00:01, Al Varnell wrote: > > Seems to me that it's only a problem if it takes a significant amount of time > between the

Re: [clamav-users] Is there any documentation on what signatures mean?

Who needs to add a link to what, and what would you like to see? Sent from my iPhone > On Jun 29, 2018, at 19:11, Nikita Yerenkov-Scott > wrote: > > Is there any chance that they will add a way of people giving a > description of why they think that it is malware?

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Okay, I just did this and I flushed the cache on all the largest PoP cache servers. If you are connected to db.us, please test? Sent from my iPhone > On Jul 2, 2018, at 07:59, Joel Esler (jesler) wrote: > > It may be the TTL I have set on the cache. Let me get to my desk a

Re: [clamav-users] VirusDB Updates Broken?

>> >> On Tue, Jun 26, 2018, at 06:41, Robin Bourne wrote: >>> Joel, >>> >>> I'm now getting "WARNING: Mirror 104.16.188.138 is not >>> synchronized." when using the CDN. Could it be related to the >>> changes made to fix

[clamav-users] Tweet by ClamAV - Cloudflare

I generally wouldn’t copy a Tweet over to the mailing list, but I though you all might like to see this. — Joel ClamAV (‪@clamav‬) 6/27/18, 10:13 Improvements since we've moved the update infrastructure to

Re: [clamav-users] Tweet by ClamAV - Cloudflare

uldn't they have had really good service to begin with? On Wed, 27 Jun 2018 14:25:47 + "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: I generally wouldn’t copy a Tweet over to the mailing list, but I though you all might like to see this. — Joel ClamAV (‪@clamav‬<https:

Re: [clamav-users] Tweet by ClamAV - Cloudflare

y default way > of browsing). > > > On Wed, 27 Jun 2018 15:02:25 + > "Joel Esler (jesler)" wrote: > >> It's a little deceiving at that scale, the dark green dot in that >> area is actually San Diego. >> >> [cid:F8F422B1-7EDD-40BE-

Re: [clamav-users] Mirror Load + ClamAV Updates

Esler (jesler) mailto:jes...@cisco.com>> wrote: Team -- Today we were able to add 100% of the mirror infrastructure to our CDN, Cloudflare. We are currently measuring the load and evaluating the viability and problems (if any) with this solution. We are currently pushing approx 12GB a

Re: [clamav-users] VirusDB Updates Broken?

Al, Thanks. We are aware. Looking into it. Sent from my iPhone > On Jun 24, 2018, at 23:12, Al Varnell wrote: > > Yes, but all but one was empty. > > Sent from my iPad > > -Al- > >> On Jun 24, 2018, at 19:42, Paul Kosinski wrote: >> >> I've gotten several daily.cvd updates in that

Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions

Plus the diff files, if you are using freshclam. We much prefer that you download using freshclam, so that diff Cvds are available. Saves on bandwidth. Sent from my iPhone On Jun 19, 2018, at 07:45, SCOTT PACKARD wrote: >> Is there a way that I can copy the files from another server

Re: [clamav-users] VirusDB Updates Broken?

Jun 26, 2018 at 05:40 PM, Joel Esler (jesler) wrote: I just purged db.us<http://db.us/>’s cache. Can you try? Sent from my iPhone On Jun 26, 2018, at 20:24, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Joel, Sorry to have been somewhat cryptic: I assumed the context of the

Re: [clamav-users] VirusDB Updates Broken?

"not synchronized". > > The result of all this confusion is that the last time I got a > daily.cvd via freshclam was before CloudFlare: > > Monday 25 June 2018 at 09:06:26 > Database updated (6556585 signatures) from db.us.clamav.net (IP: > 200.236.31.1) > >

Re: [clamav-users] VirusDB Updates Broken?

Just fixed it. Sent from my iPhone > On Jun 27, 2018, at 04:54, Michael Da Cova wrote: > > same here getting errors with the gb sites > > >> On 27/06/18 09:45, Steve Basford wrote: >>> On Wed, June 27, 2018 2:42 am, Joel Esler (jesler) wrote: >>> Db.

Re: [clamav-users] VirusDB Updates Broken?

Okay, that should be fixed. Sent from my iPhone > On Jun 27, 2018, at 04:46, Steve Basford > wrote: > > >> On Wed, June 27, 2018 2:42 am, Joel Esler (jesler) wrote: >> Db.us<http://Db.us> should be good on both now. >> > >> Worked perfe

[clamav-users] Mirror Load + ClamAV Updates

Team -- Today we were able to add 100% of the mirror infrastructure to our CDN, Cloudflare. We are currently measuring the load and evaluating the viability and problems (if any) with this solution. We are currently pushing approx 12GB a second through their Tier 1 POP locations. We are

Re: [clamav-users] VirusDB Updates Broken?

iPhone > On Jun 27, 2018, at 06:40, Steve Basford > wrote: > > >> On Wed, June 27, 2018 11:32 am, Joel Esler (jesler) wrote: >> Just fixed it. >> >> > Thanks Joel... all working now... > > main.cld is up to date (version: 58, sigs: 4566249, f-l

Re: [clamav-users] update report

On Jul 2, 2018, at 1:56 PM, Gene Heskett mailto:ghesk...@shentel.net>> wrote: but even on my setups which have this for years freshclam repetaly produces ipv6 crap-messages which is simpyl wrong If thats the case, and I'll find out by this time tomorrow, then I can't help but agree, its a

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I’m not at a large keyboard right now. But with Cloudflare currently acting as our mirror network, none of the current assumptions about how the mirror network works is accurate. We have not changed the donated mirror network, as our discussions with cloudflare are on going. Sent from

Re: [clamav-users] update report

Gentlemen, we’ve descended into a “who is better” contest. I suggest we stop. Sent from my iPhone > On Jul 1, 2018, at 10:43, Gary R. Schmidt wrote: > >> On 02/07/2018 00:35, Reindl Harald wrote: >> >>> Am 01.07.2018 um 16:33 schrieb Gary R. Schmidt: >>> On 01/07/2018 22:37, Reindl

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Ping.clamav.net is an identification lookup. Helps us see what versions people are running out there and what version of ClamAV people are using. It’s failure shouldn’t stop the update process. Please give us a debug. Sent from my iPhone > On Jun 30, 2018, at 19:28, Paul Kosinski wrote: >

Re: [clamav-users] update report

Interesting. Can you give us a -debug? Sent from my iPhone > On Jun 30, 2018, at 20:22, Gene Heskett wrote: > > I'm still logging this about every other freshclam run: > > Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101: > Network is unreachable > Sat Jun 30

Re: [clamav-users] lost the thread, but my ipv6 noise in the freshclam log has vanished

What does that mean? Sent from my iPhone > On Jul 3, 2018, at 06:39, Gene Heskett wrote: > > > -- > Cheers, Gene Heskett > -- > "There are four boxes to be used in defense of liberty: > soap, ballot, jury, and ammo. Please use in that order." > -Ed Howdershelt (Author) > Genes Web page

Re: [clamav-users] Malwarepatrol false positives

That shouldn’t be part of the official ruleset. Sent from my iPhone > On Apr 28, 2018, at 17:32, Alex wrote: > > Hi, > > So I decided to check which MBL hits there were today, and it seems > they're now blocking https://bit.ly > > $ sigtool --find-sigs MBL_6913896

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

All — This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com On Oct 20, 2017, at 8:30 AM, Gene Heskett > wrote: On Friday 20 October 2017 02:06:38 Al Varnell wrote: I assume we are all

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:46 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler): On Jul 3, 2018, at 3:59 PM, Reindl Harald mailto:h.rei...@thelounge.net> <mailto:h.rei...@thelounge.net>> wrote: voila - all new connecti

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:50 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2018-07-03 22:42: Yes. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 10:37 AM, Benoit Panizzon mailto:benoit.paniz...@imp.ch>> wrote: Sorry I was not following that discussion... Host: db.us.clamav.net User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Error 1003 Ray ID: 4349da2f33f4ae20 •

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 2, 2018, at 2:10 PM, Brian Morrison mailto:b...@fenrir.org.uk>> wrote: On Mon, 2 Jul 2018 19:50:55 +0200 Reindl Harald wrote: For me freshclam runs roughly every 2 hours, so I think that the load is an order of magnitude higher than you state. I will confess that I don't know about the

[clamav-users] ClamAV® blog: ClamAV List Server Upgrade

http://blog.clamav.net/2018/01/clamav-list-server-upgrade.html Tomorrow (10/Jan/2018) at 9:00 EST, we will be upgrading the ClamAV Mailman list hosting server. This will result in the clamav-users, clamav-devel, community-sigs, clamav-virusdb, etc will be down during the outage. We will send

[clamav-users] ClamAV® blog: ClamAV Version number adjustment

http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html?utm_source=dlvr.it_medium=twitter_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29 ClamAV Version number adjustment This is a heads up to the ClamAV community, we are changing our version numbering scheme as follows. Our versions

Re: [clamav-users] Announcement missing

You're right. That's my fault. I'll correct that here in a second after I read through all the emails in my ClamAV folder. -- Joel Esler | Talos: Manager | jes...@cisco.com On Jan 26, 2018, at 8:22 AM, Andreas Schulze

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

On Jan 26, 2018, at 9:49 AM, Reindl Harald <h.rei...@thelounge.net<mailto:h.rei...@thelounge.net>> wrote: Am 26.01.2018 um 15:40 schrieb Joel Esler (jesler): As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will need to completely uninstall it an

[clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html ClamAV 0.99.3 has been released! Join us as we welcome ClamAV 0.99.3 to the family! As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will need to completely uninstall it and do a fresh install

[clamav-users] Max Open File Descriptors issue found this morning

hat? Unfortunately Reindl, from what you reported, and your eloquent description, I'm not sure what the issue is. I'm not seeing that issue on my side. Am 26.01.2018 um 15:40 schrieb Joel Esler (jesler): As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will ne

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

Steve Morgan, a developer here at Cisco that worked on ClamAV for about the past five years or so, decided to retire. Monday was his last day. On top of that, one our other developers (Micah) was out of the office today for a holiday, and so that only left, essentially myself and a couple

Re: [clamav-users] Unable to upload a false positive.

We know about this issue and are currently working on fixing the issue. Please bear with us. It’s a specific corner case that some people are running into. For instance, are you uploading the file before you file out the form? Sent from my iPad > On Jan 17, 2018, at 3:53 PM, Ramos Alexiou

Re: [clamav-users] Whither ClamAV 0.99.2.1 ?

Mark, Yes. I apologize for that. I put out the blog post, but then we retracted it as we are looking into any issues caused by the version numbering we are planning on using. We've been made aware of a couple issues, and are working through them now. -- Joel Esler | Talos: Manager |

[clamav-users] ClamAV® blog: Update on the recent "File Descriptors" issue in ClamAV

http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html Update on the recent "File Descriptors" issue in ClamAV A signature introduced in daily.cvd version 24256 triggered bug that exists in all current stable releases of ClamAV. The symptoms on a Linux/Unix machine

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

There are outside issues that prevented us from announcing the CVEs at that time. It's not because we were trying to hide something. -- Joel Esler | Talos: Manager | jes...@cisco.com On Jan 26, 2018, at 2:39 PM, Andreas Schulze

Re: [clamav-users] Daily version 24256

This shouldn't be necessary, we're way past that on Daily.cvd files now, and the issue has been corrected. -- Joel Esler | Talos: Manager | jes...@cisco.com On Jan 30, 2018, at 8:56 AM, Paul Kosinski > wrote:

Re: [clamav-users] Daily version 24256

jes...@cisco.com> On Jan 30, 2018, at 11:57 AM, Reindl Harald <h.rei...@thelounge.net<mailto:h.rei...@thelounge.net>> wrote: Am 30.01.2018 um 17:50 schrieb Joel Esler (jesler): This shouldn't be necessary, we're way past that on Daily.cvd files now, and the issue has be

Re: [clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz)

nt: Monday, January 29, 2018 2:26 PM To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> Subject: [External] [clamav-users] GPG key where? (was: Re: GPG signature problem with clamav-0.99.2.tar.gz) On Fri, 30 Jun 2017 at 20:12:11 +, Joel Esler (jesler) wrote: Jim, T

Re: [clamav-users] submitting phish samples - stripped

So, there's two things you can do here, I think. Phish can be submitted to ClamAV in the same way you submit malware. Phish can also be sent in to phishtank.com (also a project ran by my team) which allows community voting on phish to product a blacklist for users to

[clamav-users] ClamAV® blog: ClamAV 0.100.0 beta has been released!

http://blog.clamav.net/2018/02/clamav-01000-beta-has-been-released.html ClamAV 0.100.0 beta has been released! ClamAV 0.100.0-beta is the successor to the previous 0.99.3-beta2. The 0.99.3 patch release on January 25th was required to address vulnerability fixes in a timely manner, so the

Re: [clamav-users] submitting phish samples - stripped

etected :) side question: is it fine to strip sample of an e-mail of private data like recipient mail address, Received: headers etc? On 08.02.18 18:54, Joel Esler (jesler) wrote: So, there's two things you can do here, I think. Phish can be submitted to ClamAV in the same way you submit malware. P

[clamav-users] Failing Mirrors (or other Mirror issues)

All -- We are looking for bugs for failing mirrors or any issues with mirrors, just to get them all in once place, it would be fantastic if you see failing mirrors, to throw us a ticket here: https://bugzilla.clamav.net/enter_bug.cgi?product=Mirror%20Issues Thank you. -- Joel Esler | Talos:

Re: [clamav-users] Please guide me

As the community manager for both Immunet and ClamAV, Al is correct. Sent from my iPhone > On Feb 14, 2018, at 02:11, Al Varnell wrote: > > Again, I'll point out that Immunet comes from > the same developer as does ClamAV, so not 3rd party

Re: [clamav-users] Commercial License

We've thought about doing something like this, but it's problematic on several levels.I'd want to be sensitive to how the community receives the database. I don't think we'd have a "Early release" database. But maybe an exclusive database, that only covered certain things.. It's an idea.

Re: [clamav-users] Possible FP on Doc.Dropper.Agent-6447876-0?

It is possible, using a service we have here: https://talosintelligence.com/sha_searches To look up some additional details about files, if interested. SHA256 required. -- Joel Esler | Talos: Manager | jes...@cisco.com

[clamav-users] test

Feel free to ignore this. -- Joel Esler | Talos: Manager | jes...@cisco.com ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a

Re: [clamav-users] clamav list spf problem

> On Jun 21, 2018, at 3:54 AM, Tilman Schmidt wrote: > >> Am 20.06.2018 um 19:14 schrieb Andrew McGlashan: >> >> This is an opportunity to fix things, such an opportunity should not >> lost, especially if it helps more people to understand the problems with >> having too liberal SPF rules

Re: [clamav-users] False positive

What is the md5? On Aug 3, 2018, at 2:36 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: An overnight scan has just pulled out a false positive on a program. Its against Winscp (file transfer program) that is a genuine download and been used for years. It's not the first

Re: [clamav-users] Partial downloads of updates

Try the freshclam that is included with version 0.100.1 and see if you still see the error. > On Jul 30, 2018, at 12:14 PM, David Rosenstrauch wrote: > > On 07/30/2018 11:28 AM, David Rosenstrauch wrote: >> I've been having some issues over the last few weeks with freshclam failing >> to

Re: [clamav-users] Still over 1/3 signature update sync errors

Thanks Paul, this is super useful. > On Jul 31, 2018, at 1:47 PM, Paul Kosinski wrote: > > There are still over 1/3 signature update sync errors with the new > ClamAV mirrors. > > You may remember that I previously added code to our ClamAV update > protocol to verify that the actually

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

I actually just made an adjustment today to see if that will resolve the issues. Please keep these coming?! Sent from my iPad > On Aug 11, 2018, at 2:10 PM, Paul Kosinski wrote: > > Here is the latest report for ClamAV virus update mirror delays since > the end of July. DNS TXT vs actual

Re: [clamav-users] Same file, different signatures detected

Correct. Jar files are essentially zip files. Sent from my iPhone > On Aug 7, 2018, at 07:00, Maarten Broekman wrote: > > JAR files can be unpacked like tarballs so it is likely that there is a > common file in each that matches those hashes. > > Maarten > Sent from a tiny keyboard > >>

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

-15 22:03:01 No delay > 2018-08-16 05:03:02 No delay > 2018-08-16 14:03:02 01:00:01 delay > 2018-08-16 21:18:01 00:14:59 delay > 2018-08-17 06:03:01 No delay > 2018-08-17 13:33:02 00:30:01 delay > 2018-08-17 21:03:02 No delay > > > On Thu, 16 Aug 2018

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

blem in a similar fashion. But I didn't want to fork a fairly > complicated program which mainly does stuff that has nothing to do with > this particular problem. > > > > On Mon, 20 Aug 2018 15:43:14 + > "Joel Esler (jesler)" wrote: > >> Thank you. We h

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

On Aug 21, 2018, at 12:32 PM, G.W. Haywood mailto:cla...@jubileegroup.co.uk>> wrote: Hi there, On Tue, 21 Aug 2018, Joel Esler wrote: The amount of people using ClamAV version 0.90 and below is surprising as well. That's not really surprising to me. Most of them probably don't even know

Re: [clamav-users] ERROR 403: Forbidden

You’re going to have to send me the IP that is getting blocked so I can look into why. Sent from my iPhone On Aug 28, 2018, at 09:03, Maarten Broekman mailto:maarten.broek...@gmail.com>> wrote: Yeah. One thing that might help is getting the full output of the error. Using the following will

Re: [clamav-users] Yet another synchronization failure!

Let me look into troubleshooting this. I am working with Cloudflare on this constantly. Sent from my iPhone > On Jul 18, 2018, at 15:38, Paul Kosinski wrote: > > A few days ago, I programmed some pre-tests so as to avoid running > freshclam until *both* the DNS TXT record and the first few

Re: [clamav-users] Data Base

The database files are the same. Regardless of Os. Sent from my iPhone > On Jul 21, 2018, at 11:25, Paul Thompson wrote: > > I'm using SuSE LEAP 42.3 and it has gotten corrupted. Before reinstalling it > I wanted to try ClamAV. The Linux internet connection is now so poor I have > been

Re: [clamav-users] ERROR 403: Forbidden

Try now? On Aug 28, 2018, at 9:31 AM, Jon Roberts mailto:j...@racksrv.net>> wrote: Hi Joel, The seemingly blocked IP is 213.5.176.169 Regards, Jon From: clamav-users mailto:clamav-users-boun...@lists.clamav.net>> on behalf of Joel Esler (jesler

Re: [clamav-users] secure download of .cvd files ?

You should be able to do it it now. However, freshclam doesn’t support ssl. When we get ssl built into freshclam, https redirection would be available. But I couldn’t do it before with the mirrors the way they were. We can now. Sent from my iPhone > On Aug 31, 2018, at 07:07, Arnaud

Re: [clamav-users] secure download of .cvd files ?

Agreed. But it wasn’t something we could support. Now we can. It that it matters, but at least we can now. Sent from my iPhone > On Aug 31, 2018, at 07:16, Al Varnell wrote: > > And the answer is the same as it was then. There is nothing to be gained by > supporting https. There is

Re: [clamav-users] Is ClamAV available on the hypervisor?

ClamAV is not for traffic. Snort is for traffic. (www.snort.org) On Jul 5, 2018, at 12:52 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: "* If the question is about using ClamAV to analyze traffic then no, that is not the function of ClamAV. ClamAV analyzes

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

ecessary enforcing) a clear > *protocol* would fully protect the mirrors against overload or abuse. > > > On Wed, 4 Jul 2018 19:12:48 + > "Joel Esler (jesler)" wrote: > >> Okay. Here’s a good conversation. Why? >> >> If the tool is provi

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

For the people who have this issue, can you change your mirror to "database.clamav.net" and see if this error occurs any more? -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com On Jul 2, 2018, at 10:22 AM,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Thanks for this feedback everyone. This is extremely useful. > On Jul 10, 2018, at 11:26 AM, Paul Kosinski wrote: > > Last night our new method of getting cvd updates showed that it was > *one hour* from the time the DNS TXT record claimed a new cvd was > available to the time when our quick

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

, especially if expected delays are spelled out in an SLA. On Tue, 10 Jul 2018 22:11:46 + "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: > Thanks for this feedback everyone. This is extremely useful. > > > > On Jul 10, 2018, at 11:26 AM, Paul Kosinski

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

[cid:5D12CA40-9AC5-4A67-8169-BAD1535C8B23@vrt.sourcefire.com] On Jul 11, 2018, at 2:46 PM, Kevin A. McGrail mailto:kmcgr...@pccc.com>> wrote: On 7/11/2018 2:33 PM, Joel Esler (jesler) wrote: It is very solid. We are using *all* of their regions. As a result of this, we've been able

[clamav-users] ClamAV 0.100.1 has been released!

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities. • Fixes for the following CVE's: • CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only).

Re: [clamav-users] freshclam works for me

On Jul 3, 2018, at 11:38 AM, Noel Jones mailto:njo...@megan.vbhcs.org>> wrote: Using Cloudflare changes the dynamics of updates. I wonder if it might be better if everyone pointed to db.clamav.net and all the direct mirrors are dropped. Let Cloudflare decide what is

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 2:11 PM, SCOTT PACKARD mailto:scott.pack...@raytheon.com>> wrote: I rely on someone in Arizona to pull definitions from, but sometimes their server goes out, other times clamav's content system breaks, and it's a pain to figure out which one is the culprit. Well,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 2, 2018, at 1:17 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: on a typical setup freshclam is running once or twice *daily* while a webserver these days can spit out the same small static txt file many thousands of times per seond with zero load That is not the results we

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 1:36 PM, Christopher X. Candreva mailto:ch...@westnet.com>> wrote: I have to admit I've wondered if Cloudflare and the other CDN's meant it outlived it's usefullness, but it's a contribution I'm fairly proud of. That's what we are evaluating. It's a great system. The

<    1   2   3   4   5   6   7   8   9   10   >