The signature in the .dB file only matches on hex...
As the hex is found in it's signature name ie. "176.223.165.12" it shows a
hit.
If the sig name was changed to
sigs.InterServer.net.HEX.Topline.blacklisted.ip.controller.176_223_165_12_366
It wouldn't hit.
Steve
Sanesecurity
On 22 April 2025 17:21:01 pyllyukko via clamav-users
<[email protected]> wrote:
Ehlo.
On Tue, Apr 22, 2025 at 03:30:30PM +0200, Ralf Hildebrandt via clamav-users
wrote:
Are you downloading the signatures for clamv through the filtering
proxy itself?
Mabye it's basically blocking it's own signature files.
Seems to be the case. Here's a ClamAV scan against the sig file:
/var/lib/clamav/interservertopline.db:
sigs.InterServer.net.HEX.Topline.blacklisted.ip.controller.176.223.165.12.366.UNOFFICIAL
FOUND
--
pyllyukko
email: <[email protected]>
PGP: https://keybase.io/pyllyukko
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
