Hello Andrew,
I use clamav provided by debian 8.11 :
dpkg -l|grep clam
ii clamav 0.100.2+dfsg-0+deb8u1 amd64
anti-virus utility for Unix - command-line interface
ii clamav-base 0.100.2+dfsg-0+deb8u1 all
anti-virus utility for Unix - base package
ii clamav-daemon 0.100.2+dfsg-0+deb8u1
amd64 anti-virus utility for Unix - scanner daemon
ii clamav-freshclam 0.100.2+dfsg-0+deb8u1
amd64 anti-virus utility for Unix - virus database update utility
ii clamdscan 0.100.2+dfsg-0+deb8u1 amd64
anti-virus utility for Unix - scanner client
ii libclamav7 0.100.2+dfsg-0+deb8u1 amd64
anti-virus utility for Unix - libraryrt
ii libclamunrar7 0.99-0+deb8u3
amd64 anti-virus utility for Unix - unrar support
How to know if it is compiled with yara support ? clamscan --debug does
not seem to provide the information.
On
https://buildd.debian.org/status/package.php?p=clamav&suite=jessie-security,
there is "no logs" for amd64
o.O
Other log files seems to show Debian compiles with yara support.
For example :
https://buildd.debian.org/status/fetch.php?pkg=clamav&arch=i386&ver=0.100.2%2Bdfsg-0%2Bdeb8u1&stamp=1540398955&raw=0
Le 06/02/2019 à 17:32, Andrew Williams a écrit :
Hey Arnaud,
I recently noticed a bug that causes .pwdb files to not be loaded from
the db directory when ClamAV is compiled without Yara support. Is
your ClamAV built with Yara support, and if not, can you try compiling
with Yara support and see whether this fixes the issue for you? This
issue will be fixed in an upcoming release.
Thanks,
-Andrew
Research Engineer
Malware Research Team
On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques
<webmas...@securiteinfo.com <mailto:webmas...@securiteinfo.com>> wrote:
Hello,
It seems .pwdb files does not work since version 0.100.2 (may be
since
0.100.0).
It has this format :
cat passwords.pwdb
ZipPasswordInfected;Engine:51-255;0;infected
This file is in ClamAV databases directory (/var/lib/clamav/) and
ClamAV
does not detect malwares when Zip is protected by the "infected"
password. Manually unzipped, ClamAV is enable to detect the malware.
Is the format of .pwdb files has changed since 0.100.x ?
Is it still supported on recent ClamAV version ?
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com <mailto:a...@securiteinfo.com>
Site web : https://www.securiteinfo.com
Facebook :
https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
