On 31 August 2023 09:30:46 energynorman--- via clamav-users
<[email protected]> wrote:
Dear clamav Teams,
we are using some Debian 12 servers with PiHole Systems:
OS: Debian GNU/Linux 12 (bookworm) aarch64
Host: Raspberry Pi 4 Model B Rev 1.4
Kernel: 6.1.21-v8+
Uptime: 4 hours
Packages: 2830 (dpkg), 14 (snap)
Shell: zsh 5.9
Resolution: 2560x1440
Terminal: /dev/pts/0
CPU: BCM2835 (4) @ 2.000GHz
Memory: 1754MiB / 7811MiB
and since we installed the new clamav 1.2.0 (from source an the rasapi)
or from the deb file on the other Debian servers with PiHole with amd64,
we see now these alerts:
/etc/pihole/list.74.raw.githubusercontent.com.domains:
sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL
FOUND
/etc/pihole/list.22.v.firebog.net.domains:
sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL
FOUND
/etc/pihole/list.83.v.firebog.net.domains: YARA.davivienda.UNOFFICIAL FOUND
The above signatures while 3rd party are produced by me.
There must be downloaded from a script... So worth checking configuration
for pihole or other download scripts.
Cheers,
Steve
Sanesecurity.com
Twitter: @sanesecurity
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
