..additional, also these were found now by the version 1.2.0 (whitelisting?):
----------- SCAN SUMMARY ----------- Known viruses: 8862874 Engine version: 1.2.0 Scanned directories: 91 Scanned files: 416 Infected files: 0 Data scanned: 84.71 MB Data read: 39.88 MB (ratio 2.12:1) Time: 78.263 sec (1 m 18 s) Start Date: 2023:08:31 05:09:59 End Date: 2023:08:31 05:11:17/usr/lib/firefox-esr/browser/omni.ja: Sanesecurity.Foxhole.Zip_fs186.UNOFFICIAL FOUND /usr/lib/firefox-esr/browser/features/[email protected]: Sanesecurity.Foxhole.JS_Zip_19.UNOFFICIAL FOUND /usr/lib/firefox-esr/browser/features/[email protected]: Sanesecurity.Foxhole.Zip_fs676.UNOFFICIAL FOUND /usr/lib/firefox-esr/browser/features/[email protected]: Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL FOUND /usr/lib/firefox-esr/browser/features/[email protected]: Sanesecurity.Foxhole.JS_Zip_2.UNOFFICIAL FOUND /usr/lib/firefox-esr/browser/features/[email protected]: Sanesecurity.Foxhole.JS_Zip_2.UNOFFICIAL FOUND
----------- SCAN SUMMARY ----------- Known viruses: 8862874 Engine version: 1.2.0 Scanned directories: 9612 Scanned files: 63391 Infected files: 6 Data scanned: 6235.05 MB Data read: 5839.86 MB (ratio 1.07:1) Time: 3740.979 sec (62 m 20 s) Start Date: 2023:08:31 05:11:21 End Date: 2023:08:31 06:13:42 Am 31.08.2023 um 10:29 schrieb [email protected]:
Dear clamav Teams, we are using some Debian 12 servers with PiHole Systems: OS: Debian GNU/Linux 12 (bookworm) aarch64 Host: Raspberry Pi 4 Model B Rev 1.4 Kernel: 6.1.21-v8+ Uptime: 4 hours Packages: 2830 (dpkg), 14 (snap) Shell: zsh 5.9 Resolution: 2560x1440 Terminal: /dev/pts/0 CPU: BCM2835 (4) @ 2.000GHz Memory: 1754MiB / 7811MiBand since we installed the new clamav 1.2.0 (from source an the rasapi) or from the deb file on the other Debian servers with PiHole with amd64, we see now these alerts:/etc/pihole/list.74.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND /etc/pihole/list.22.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND /etc/pihole/list.83.v.firebog.net.domains: YARA.davivienda.UNOFFICIAL FOUND /etc/pihole/list.65.raw.githubusercontent.com.domains: YARA.hacked_domains.UNOFFICIAL FOUND /etc/pihole/list.120.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND /etc/pihole/list.52.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND /etc/pihole/list.25.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND /etc/pihole/list.6.gitlab.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND /etc/pihole/list.50.phishing.army.domains: YARA.davivienda.UNOFFICIAL FOUND /etc/pihole/list.153.phishing.army.domains: YARA.davivienda.UNOFFICIAL FOUND /etc/pihole/list.130.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND /etc/pihole/list.161.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND /etc/pihole/list.53.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND /etc/pihole/list.57.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND /etc/pihole/list.63.raw.githubusercontent.com.domains: YARA.hacked_domains.UNOFFICIAL FOUND /etc/pihole/list.18.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND /etc/pihole/list.54.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND /etc/pihole/list.11.www.github.developerdan.com.domains: YARA.davivienda.UNOFFICIAL FOUND /etc/pihole/list.64.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.js.lobbydesires.com.879.UNOFFICIAL FOUND /etc/pihole/list.29.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.bingstyle.com.640.UNOFFICIAL FOUND----------- SCAN SUMMARY ----------- Known viruses: 8862874 Engine version: 1.2.0 Scanned directories: 717 Scanned files: 3060 Infected files: 20 Data scanned: 262.51 MB Data read: 2517.20 MB (ratio 0.10:1) Time: 595.687 sec (9 m 55 s) Start Date: 2023:08:31 04:00:55 End Date: 2023:08:31 04:10:50As we read in some chats, UNOFFICIAL could mean false/positive. So should we add those pihole lists to the clamav whitelist?Kindly Regards, Norman
OpenPGP_0x085751009CAE3127.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
