----- Original Message ----- From: Steve Basford [mailto:steveb_cla...@sanesecurity.com] To: clamav-users@lists.clamav.net Sent: Thu, 23 Apr 2015 12:29:39 +0100 Subject: Re: [clamav-users] concerning foxhole databases
On Thu, April 23, 2015 12:03 pm, Rajesh M wrote: > i am using foxhole_all.cdb foxhole_filename.cdb foxhole_generic.cdb but > does not work > > how do i block .cab extension even if they are within zip or rar or 7z > files. Hi Rajesh In your sample...a-to-z_moving_and_delivery.zip Using database foxhole_all.cdb: a-to-z_moving_and_delivery.zip: Sanesecurity.Foxhole.Cab_scr.UNFFICIAL FOUND Using database phish.ndb: a-to-z_moving_and_delivery.zip: Sanesecurity.Malware.24866.ExeHeur.Cab.UNOFFICIAL FOUND Looks like something isn't working at your end. If you clamscan --database=foxhole_all.cdb a-to-z_moving_and_delivery.zip does it work? If not, might need a debug output from above command Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml hi i am using a compiled version for qmailtoaster i do not use any other sanesecurity database files other than foxhole. if i send an email with an exe file inside a zip file then i get the error your email was rejected because it contained sanesecurity.foxhole.zip_exe. So foxhole is working. however if i first have a zip file then cab file then exe inside then as in case of a-to-z_moving_and_delivery.zip it does not get detected. OUTPUT WITH .scr inside cab inside zip # clamscan --database=/var/lib/clamav/foxhole_all.cdb a-to-z_moving_and_delivery.zip a-to-z_moving_and_delivery.zip: OK ----------- SCAN SUMMARY ----------- Known viruses: 116 Engine version: 0.98.6 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.09 MB Data read: 0.02 MB (ratio 6.00:1) Time: 0.025 sec (0 m 0 s) OUTPUT WITH .exe inside .zip # clamscan --database=/var/lib/clamav/foxhole_all.cdb a-to-z_moving_and_delivery1.zip a-to-z_moving_and_delivery1.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND ----------- SCAN SUMMARY ----------- Known viruses: 116 Engine version: 0.98.6 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.02 MB (ratio 0.00:1) Time: 0.011 sec (0 m 0 s) could you kindly let me have the link to download the latest foxhole database ie the direct link that will work with .98.6 rajesh _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml