Re: [clamav-users] fail updates

2017-11-06 Thread Eric Tykwinski 
Sort of weird from personal experience, but OVH seems to update better than 
most.  If anyone on OVH is here, feel free to explain.
Just looking at freshclam logs on my local servers running on links with 
L3/Cogent vs OVH I seem to have less issues on the OVH mirrors.
My personal explanation is that I’m getting just what they are receiving, so I 
don’t see all the failures, and they are probably checking at a higher rate 
then my monitoring servers.  This has nothing to do with Clam, but just the 
distribution of updates amongst caching servers.

I’ve never attempted to mirror a local ClamAV update server, but I wouldn’t be 
opposed, as some of my clients are probably downloading updates as well.  But 
my guess is that you are only getting limited by the local request to the 
server.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Nov 6, 2017, at 4:45 PM, Al Varnell  wrote:
> 
> On Mon, Nov 06, 2017 at 01:21 PM, Joel Esler (jesler) wrote:
>> It would be helpful, if, starting now, deleting mirrors.dat and *then* 
>> telling us about failing mirrors…. Cause…. We’ve done many changes in the 
>> past month, it would be good to start from a clean slate.
> 
> 
> You might want to consider adding a feature to freshclam to delete 
> mirrors.dat when called for either by DNS or a code in a .cdiff update. That 
> way you could fix it for everybody after mirror configuration maintenance 
> actions.
> 
> -Al-
> -- 
> Al Varnell
> Mountain View, CA
> 
> 
> 
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

2017-11-06 Thread Paul Kosinski 
I killed our "mirrors.dat" at 2017-11-06 19:35:35 (EST). It was last
modified at 2017-11-06 18:06:29 (EST). We'll see what happens.

Paul Kosinski



On Mon, 6 Nov 2017 21:21:58 +
"Joel Esler (jesler)"  wrote:

> It would be helpful, if, starting now, deleting mirrors.dat and
> *then* telling us about failing mirrors…. Cause…. We’ve done many
> changes in the past month, it would be good to start from a clean
> slate.
> 
> 
> --
> Joel Esler | Talos: Manager |
> jes...@cisco.com

> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-milter Can't Find Clamd

2017-11-06 Thread Colony.three 
 Original Message 

> Subject: Re: [clamav-users] clamav-milter Can't Find Clamd
> Local Time: November 6, 2017 4:01 PM
> UTC Time: November 7, 2017 12:01 AM
> From: h.rei...@thelounge.net
> To: clamav-users@lists.clamav.net
>
> Am 07.11.2017 um 00:19 schrieb Colony.three:
>
>> Trying to make milter see the clam daemon but can't figure out what's wrong. 
>> CentOS7.
>> In /etc/clamd.d/clamd.conf:
>> LocalSocket /var/run/clamd.scan/clamd.sock
>> LocalSocketGroup virusgroup
>> LocalSocketMode 660
>> FixStaleSocket yes
>>
>> AllowSupplementaryGroups yes
>>
>> and you need that too in the milter configuration and postfix needs to
>> be in the same group, at least when you start everything with as less as
>> possible permissions, hence i made the comments years ago after figure
>> it out
>>
>> cat /etc/mail/clamav-milter.conf
>
> Postfix Milter-Konfiguration
>
> Pre-Queue Virenscanner
>
> Postfix muss in die "clamilt"-Usergruppe
>
> usermod -a -G clamilt postfix
>
> usermod -a -G sa-milt postfix
>
> User clamilt
> AllowSupplementaryGroups yes

Thanks, but unfortunately 'AllowSupplementaryGroups yes' is enabled in both 
clamd.conf and clamav.conf.  I've now added postfix to the additional groups.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-milter Can't Find Clamd

2017-11-06 Thread Reindl Harald 



Am 07.11.2017 um 00:19 schrieb Colony.three:

Trying to make milter see the clam daemon but can't figure out what's wrong.  
CentOS7.

In /etc/clamd.d/clamd.conf:
LocalSocket /var/run/clamd.scan/clamd.sock
LocalSocketGroup virusgroup
LocalSocketMode 660
FixStaleSocket yes


AllowSupplementaryGroups yes

and you need that too in the milter configuration and postfix needs to 
be in the same group, at least when you start everything with as less as 
possible permissions, hence i made the comments years ago after figure 
it out


cat /etc/mail/clamav-milter.conf
# Postfix Milter-Konfiguration
# Pre-Queue Virenscanner
#
# Postfix muss in die "clamilt"-Usergruppe
# usermod -a -G clamilt postfix
# usermod -a -G sa-milt postfix

User clamilt
AllowSupplementaryGroups yes
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav-milter Can't Find Clamd

2017-11-06 Thread Colony.three 
Trying to make milter see the clam daemon but can't figure out what's wrong.  
CentOS7.

In /etc/clamd.d/clamd.conf:
LocalSocket /var/run/clamd.scan/clamd.sock
LocalSocketGroup virusgroup
LocalSocketMode 660
FixStaleSocket yes

... at which point I found that Yum hadn't installed the socket for some 
reason, so:
# mkdir /var/run/clamd.scan/
# python -c "import socket as s; sock = s.socket(s.AF_UNIX); 
sock.bind('/var/run/clamd.scan/clamd.sock')"
# chown -R root:virusgroup /var/run/clamd.scan && chmod -R 660 
/var/run/clamd.scan

(user clamilt is also in virusgroup)

In /etc/mail/clamav-milter.conf:
ClamdSocket unix:/var/run/clamd.scan/clamd.sock

# ll /var/run/clamd.scan/clamd.sock
srw-rw. 1 root virusgroup 0 Nov  6 14:56 /var/run/clamd.scan/clamd.sock

... and yet in journalctl -xe:
Nov 06 15:01:01 quantum.localdomain systemd[1]: Starting Session 12 of user 
root.
-- Subject: Unit session-12.scope has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-12.scope has begun starting up.
Nov 06 15:01:02 quantum.localdomain run-parts(/etc/cron.hourly)[3324]: starting 
0anacron
Nov 06 15:01:02 quantum.localdomain run-parts(/etc/cron.hourly)[3330]: finished 
0anacron
Nov 06 15:01:39 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:01:39 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:02:09 quantum.localdomain freshclam[]: ClamAV update process 
started at Mon Nov  6 15:02:09 2017
Nov 06 15:02:09 quantum.localdomain freshclam[]: main.cld is up to date 
(version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Nov 06 15:02:10 quantum.localdomain freshclam[]: Downloading 
daily-24020.cdiff [100%]
Nov 06 15:02:14 quantum.localdomain freshclam[]: daily.cld updated 
(version: 24020, sigs: 1772767, f-level: 63, builder: neo)
Nov 06 15:02:14 quantum.localdomain freshclam[]: bytecode.cld is up to date 
(version: 316, sigs: 75, f-level: 63, builder: raynman)
Nov 06 15:02:16 quantum.localdomain freshclam[]: Database updated (6339091 
signatures) from database.clamav.net (IP: 69.12.162.28)
Nov 06 15:02:38 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:02:38 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:03:38 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:03:38 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:04:38 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:04:38 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:05:38 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:05:38 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:06:07 quantum.localdomain nice[3295]: SelfCheck: Database 
modification detected. Forcing reload.
Nov 06 15:06:32 quantum.localdomain nice[3295]: Reading databases from 
/var/lib/clamav
Nov 06 15:06:37 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:06:37 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:06:45 quantum.localdomain nice[3295]: Database correctly reloaded 
(6473680 signatures)
Nov 06 15:07:37 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:07:37 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:08:37 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:08:37 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:08:57 quantum.localdomain chronyd[554]: Source 208.76.1.123 replaced 
with 69.89.207.199
Nov 06 15:09:37 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:09:37 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:10:37 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:10:37 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:11:37 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:11:37 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:12:37 quantum.localdomain clamav-milter[3310]: No clamd server 
appears to be available
Nov 06 15:12:37 quantum.localdomain clamav-milter[3310]: WARNING: No clamd 
server appears to be available
Nov 06 15:12:50 quantum.localdomain polkitd[550]: Registered Authentication 
Agent for unix-process:3354:904237 (system bus name :1.65

Re: [clamav-users] fail updates

2017-11-06 Thread Al Varnell 
On Mon, Nov 06, 2017 at 01:21 PM, Joel Esler (jesler) wrote:
> It would be helpful, if, starting now, deleting mirrors.dat and *then* 
> telling us about failing mirrors…. Cause…. We’ve done many changes in the 
> past month, it would be good to start from a clean slate.


You might want to consider adding a feature to freshclam to delete mirrors.dat 
when called for either by DNS or a code in a .cdiff update. That way you could 
fix it for everybody after mirror configuration maintenance actions.

-Al-
-- 
Al Varnell
Mountain View, CA







smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

2017-11-06 Thread Joel Esler (jesler) 
It would be helpful, if, starting now, deleting mirrors.dat and *then* telling 
us about failing mirrors…. Cause…. We’ve done many changes in the past month, 
it would be good to start from a clean slate.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Nov 6, 2017, at 2:58 PM, Reindl Harald 
> wrote:



Am 06.11.2017 um 20:26 schrieb Benny Pedersen:
Dennis Peterson skrev den 2017-11-06 19:43:
Come to think of it, 130.59.10.36 shouldn't even still be in
mirrors.dat and that is part of the systemic problems in the system.
Nothing cleans up stale entries in mirrors.dat except rm -f
mirrors.dat.
yep, its not working well, i see freshclam using ignore hosts from freshclam 
--list-mirrors
and now worse dns seems failing, freshclam says my internet is down, no its not

that's a error message you get always when things are failing, for many years 
but to know that you would need to regulary look and not only when things are 
obvious broken - clamav updates are slightly broken most of the time
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

2017-11-06 Thread Reindl Harald 



Am 06.11.2017 um 20:26 schrieb Benny Pedersen:

Dennis Peterson skrev den 2017-11-06 19:43:

Come to think of it, 130.59.10.36 shouldn't even still be in
mirrors.dat and that is part of the systemic problems in the system.
Nothing cleans up stale entries in mirrors.dat except rm -f
mirrors.dat.


yep, its not working well, i see freshclam using ignore hosts from 
freshclam --list-mirrors


and now worse dns seems failing, freshclam says my internet is down, no 
its not


that's a error message you get always when things are failing, for many 
years but to know that you would need to regulary look and not only when 
things are obvious broken - clamav updates are slightly broken most of 
the time

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

2017-11-06 Thread Benny Pedersen 

Dennis Peterson skrev den 2017-11-06 19:43:

Come to think of it, 130.59.10.36 shouldn't even still be in
mirrors.dat and that is part of the systemic problems in the system.
Nothing cleans up stale entries in mirrors.dat except rm -f
mirrors.dat.


yep, its not working well, i see freshclam using ignore hosts from 
freshclam --list-mirrors


and now worse dns seems failing, freshclam says my internet is down, no 
its not

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Broken.Executable FOUND for core files/core dumps

2017-11-06 Thread Ravi 
Hi,

Looking forward for comments and suggestions for the below reported issue
from the community.

Thanks
Ravi

On Oct 27, 2017 4:09 PM, "Ravi"  wrote:

> Hi,
>
> We are seeing instances when customer uploads his zip files which contains
> core files/core dumps during scanning ClamAV is treating some of them as
> “Heuristics.Broken.Executable FOUND”. Currently we have turned-on this
> check in the clamd.conf as below.
>
> *# With this option clamav will try to detect broken executables (both PE
> and*
> *# ELF) and mark them as Broken.Executable.*
> *# Default: no*
> *DetectBrokenExecutables yes*
>
> The question is why ClamAV is treating core files/core dumps as
> “Heuristics.Broken.Executable FOUND”. Is it safe to turn-off this setting
> for ClamAV? or is there way to skip these checks for core files/core dumps
> in ClamAV?
>
> Thanks
> Ravi
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

2017-11-06 Thread Dennis Peterson 
Come to think of it, 130.59.10.36 shouldn't even still be in mirrors.dat and 
that is part of the systemic problems in the system. Nothing cleans up stale 
entries in mirrors.dat except rm -f mirrors.dat.


dp

On 11/6/17 9:02 AM, Benny Pedersen wrote:

freshclam --list-mirrors

Mirror #1
IP: 130.59.10.36
Successes: 391
Failures: 97
Last access: Mon Dec 19 00:46:43 2016
Ignore: No
- 


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

2017-11-06 Thread Paul Kosinski 
Here's our latest actual download (subsequent queries showed nothing new).

Note that 204.130.133.50 worked for us (from 66.31.152.192).

Paul

--  Monday 06 November 2017 at 09:06:03 EST  
--

Current working dir is /opt/clamav.d/clamav.0.99.2/share/clamav
Max retries == 4
ClamAV update process started at Mon Nov  6 09:06:03 2017
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1800
Software version from DNS: 0.99.2
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr)
daily.cvd version from DNS: 24019
Retrieving http://db.us.clamav.net/daily.cvd
Ignoring mirror 74.115.25.14 (due to previous errors)
Ignoring mirror 104.131.196.175 (due to previous errors)
Ignoring mirror 128.199.133.36 (due to previous errors)
Ignoring mirror 12.167.151.1 (due to previous errors)
Ignoring mirror 155.98.64.87 (due to previous errors)
Ignoring mirror 194.8.197.22 (due to previous errors)
Using ip '10.11.14.160' for fetching.
Trying to download http://db.us.clamav.net/daily.cvd (IP: 204.130.133.50)
Downloading daily.cvd [100%]
Loading signatures from daily.cvd
Properly loaded 1772419 signatures from new daily.cvd
daily.cvd updated (version: 24019, sigs: 1772419, f-level: 63, builder: neo)
Querying daily.24019.82.1.0.CC828532.ping.clamav.net
bytecode.cvd version from DNS: 316
bytecode.cvd is up to date (version: 316, sigs: 75, f-level: 63, builder: 
raynman)
Database updated (6338743 signatures) from db.us.clamav.net (IP: 204.130.133.50)
OnUpdateExecute: EXIT_1

--  Monday 06 November 2017 at 09:11:10 EST  
--



On Mon, 6 Nov 2017 09:15:24 -0800
Dennis Peterson  wrote:

> Your report includes mirrors that should be ignored based on last
> access. I built a list of current mirrors from freshclam logs that go
> back only to August.
> 
> grep -h Ignoring freshclam* |grep -v Reading |awk '{print $9}' |sort
> |uniq -c |sort -rn
> 
> The result is an easy to understand (if not jaw dropping) summary -
> number of times seen and the IP:
>      387 128.199.133.36
>      372 104.131.196.175
>      292 12.167.151.1
>      288 74.115.25.14
>      282 204.130.133.50
>      282 194.8.197.22
>      268 155.98.64.87
>      245 69.12.162.28
>      233 72.21.91.8
>      220 198.148.78.4
> 
> Even if these mirrors are healthy there is still a serious underlying
> systemic problem.
> 
> dp
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

2017-11-06 Thread Dennis Peterson 
Your report includes mirrors that should be ignored based on last access. I 
built a list of current mirrors from freshclam logs that go back only to August.


grep -h Ignoring freshclam* |grep -v Reading |awk '{print $9}' |sort |uniq -c 
|sort -rn


The result is an easy to understand (if not jaw dropping) summary - number of 
times seen and the IP:

    387 128.199.133.36
    372 104.131.196.175
    292 12.167.151.1
    288 74.115.25.14
    282 204.130.133.50
    282 194.8.197.22
    268 155.98.64.87
    245 69.12.162.28
    233 72.21.91.8
    220 198.148.78.4

Even if these mirrors are healthy there is still a serious underlying systemic 
problem.


dp

On 11/6/17 9:02 AM, Benny Pedersen wrote:

freshclam --list-mirrors

Mirror #1
IP: 130.59.10.36
Successes: 391
Failures: 97
Last access: Mon Dec 19 00:46:43 2016
Ignore: No
-
Mirror #2
IP: 193.1.193.64
Successes: 2122
Failures: 208
Last access: Mon Nov  6 16:44:43 2017
Ignore: Yes
-
Mirror #3
IP: 81.91.100.173
Successes: 2079
Failures: 101
Last access: Sat Nov  4 01:06:08 2017
Ignore: Yes
-
Mirror #4
IP: 129.67.1.218
Successes: 2374
Failures: 59
Last access: Sat Nov  4 00:03:02 2017
Ignore: Yes
-
Mirror #5
IP: 172.110.204.67
Successes: 160
Failures: 364
Last access: Tue May  9 14:47:24 2017
Ignore: No
-
Mirror #6
IP: 130.59.113.36
Successes: 393
Failures: 0
Last access: Thu Feb 16 21:45:53 2017
Ignore: No
-
Mirror #7
IP: 178.79.177.182
Successes: 302
Failures: 112
Last access: Sun Nov  5 05:04:18 2017
Ignore: Yes
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] fail updates

2017-11-06 Thread Benny Pedersen 

freshclam --list-mirrors

Mirror #1
IP: 130.59.10.36
Successes: 391
Failures: 97
Last access: Mon Dec 19 00:46:43 2016
Ignore: No
-
Mirror #2
IP: 193.1.193.64
Successes: 2122
Failures: 208
Last access: Mon Nov  6 16:44:43 2017
Ignore: Yes
-
Mirror #3
IP: 81.91.100.173
Successes: 2079
Failures: 101
Last access: Sat Nov  4 01:06:08 2017
Ignore: Yes
-
Mirror #4
IP: 129.67.1.218
Successes: 2374
Failures: 59
Last access: Sat Nov  4 00:03:02 2017
Ignore: Yes
-
Mirror #5
IP: 172.110.204.67
Successes: 160
Failures: 364
Last access: Tue May  9 14:47:24 2017
Ignore: No
-
Mirror #6
IP: 130.59.113.36
Successes: 393
Failures: 0
Last access: Thu Feb 16 21:45:53 2017
Ignore: No
-
Mirror #7
IP: 178.79.177.182
Successes: 302
Failures: 112
Last access: Sun Nov  5 05:04:18 2017
Ignore: Yes
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Joel Esler (jesler) 
If you have list of mirrors that are broken, it would be helpful to have that 
list, and what is broken about them.

About a month ago, we went through a removed a “ton”* of broken ones.




*ton means "a lot”.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Nov 6, 2017, at 11:12 AM, Dennis Peterson 
> wrote:

There are still a lot of broken mirrors out there aside from this problem.

dp

On 11/6/17 8:05 AM, Joel Esler (jesler) wrote:
This should be resolving itself as we speak.

--
Joel Esler | Talos: Manager | 
jes...@cisco.com







___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Dennis Peterson 

There are still a lot of broken mirrors out there aside from this problem.

dp

On 11/6/17 8:05 AM, Joel Esler (jesler) wrote:

This should be resolving itself as we speak.

--
Joel Esler | Talos: Manager | jes...@cisco.com








___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Joel Esler (jesler) 
This should be resolving itself as we speak.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On Nov 6, 2017, at 4:47 AM, Simon Mousey Smith 
> wrote:

Hi,

Same here still having problems but slightly different

ClamAV update process started at Mon Nov  6 09:46:22 2017
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
junk.ndb is up to date (version: custom database)
jurlbl.ndb is up to date (version: custom database)
phish.ndb is up to date (version: custom database)
rogue.hdb is up to date (version: custom database)
sanesecurity.ftm is up to date (version: custom database)
scam.ndb is up to date (version: custom database)
spamimg.hdb is up to date (version: custom database)
winnow_malware.hdb is up to date (version: custom database)
winnow_malware_links.ndb is up to date (version: custom database)
sigwhitelist.ign2 is up to date (version: custom database)
spamattach.hdb is up to date (version: custom database)
spear.ndb is up to date (version: custom database)
spearl.ndb is up to date (version: custom database)
blurl.ndb is up to date (version: custom database)
winnow.attachments.hdb is up to date (version: custom database)
winnow_bad_cw.hdb is up to date (version: custom database)
winnow_extended_malware.hdb is up to date (version: custom database)
bofhland_cracked_URL.ndb is up to date (version: custom database)
bofhland_malware_URL.ndb is up to date (version: custom database)
bofhland_phishing_URL.ndb is up to date (version: custom database)
bofhland_malware_attach.hdb is up to date (version: custom database)
crdfam.clamav.hdb is up to date (version: custom database)
malwarehash.hsb is up to date (version: custom database)
porcupine.ndb is up to date (version: custom database)
phishtank.ndb is up to date (version: custom database)
porcupine.hsb is up to date (version: custom database)
hackingteam.hsb is up to date (version: custom database)
badmacro.ndb is up to date (version: custom database)
Sanesecurity_sigtest.yara is up to date (version: custom database)
Sanesecurity_spam.yara is up to date (version: custom database)
Reading CVD header (main.cvd): WARNING: Can't read main.cvd header from 
database.clamav.net (IP: )
Trying again in 5 secs…

Regards

Simon

On 6 Nov 2017, at 06:16, Tsutomu Oyamada 
> wrote:

Hi,

It looks like that Updating of CVD in 
database.clamav.net is not working
(stopping).
Do you have any trouble problem happened?

We are in Japan, and it set CNAME for 
database.clamav.net as
db.jp.clamav.net.
db.jp.clamav.net has 4 IP addresses and those are 
working in roundrobin.
Every sites are working, but CVD version stops at 24010 as follows.

db.jp.clamav.net.   39  IN  A   
218.44.253.75
db.jp.clamav.net.   39  IN  A   
203.178.137.175
db.jp.clamav.net.   39  IN  A   
27.96.54.66
db.jp.clamav.net.   39  IN  A   
124.35.85.83


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam broken

2017-11-06 Thread Joel Esler (jesler) 
This should be resolving itself as we speak.  We found a lingering error to 
some mirrors and it should be fixed.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On Nov 5, 2017, at 11:49 PM, Gene Heskett 
> wrote:

On Saturday 04 November 2017 13:31:59 Markus Egg wrote:

Am 03/11/17 um 19:19 schrieb Joel Esler (jesler):
We are in the middle of replacing one of the servers that syncs the
updates from the system we make them in, down to the mirrors (and
the end users download from the mirrors), and we’ve ran into a few
speed bumps.

We should have everything back up and running in the next hour or
so, so please bear with us.  I will provide another status update
later in the day, and again, I apologize for not sending out a note
to the users list.

Any news on this?
I am now getting:

WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK (IMS)
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr) [...]

This is a variation on a theme that I've been looking at in my freshclam
logs for several days now, but the last 2 cycles look normal.

[...]

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] DLP extension

2017-11-06 Thread Al Varnell 
On Mon, Nov 06, 2017 at 02:05 AM, Zvi Kave wrote:
> Hi,
> 
> I see that only SSN and CC is checked.
> Is there a reason for that ?
> I am interesting in more DLP types.
> Is there a way to add more types ?
> Or is there an open DLP types code that can be added ?
> 
> Regards,
> 
> Zvi

See >.

> There aren't any other external controls for DLP beside the configuration
> parameters. Customization of the source code (libclamav/dlp.c) is possible
> via C programming. There are currently no active DLP development plans.
> 
> Hope this helps,
> Steve

-Al-
-- 
Al Varnell
ClamXAV User





smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] DLP extension

2017-11-06 Thread Zvi Kave 
Hi,

I see that only SSN and CC is checked.
Is there a reason for that ?
I am interesting in more DLP types.
Is there a way to add more types ?
Or is there an open DLP types code that can be added ?

Regards,

Zvi
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

2017-11-06 Thread Simon Mousey Smith 
Hi,

Same here still having problems but slightly different

ClamAV update process started at Mon Nov  6 09:46:22 2017
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
junk.ndb is up to date (version: custom database)
jurlbl.ndb is up to date (version: custom database)
phish.ndb is up to date (version: custom database)
rogue.hdb is up to date (version: custom database)
sanesecurity.ftm is up to date (version: custom database)
scam.ndb is up to date (version: custom database)
spamimg.hdb is up to date (version: custom database)
winnow_malware.hdb is up to date (version: custom database)
winnow_malware_links.ndb is up to date (version: custom database)
sigwhitelist.ign2 is up to date (version: custom database)
spamattach.hdb is up to date (version: custom database)
spear.ndb is up to date (version: custom database)
spearl.ndb is up to date (version: custom database)
blurl.ndb is up to date (version: custom database)
winnow.attachments.hdb is up to date (version: custom database)
winnow_bad_cw.hdb is up to date (version: custom database)
winnow_extended_malware.hdb is up to date (version: custom database)
bofhland_cracked_URL.ndb is up to date (version: custom database)
bofhland_malware_URL.ndb is up to date (version: custom database)
bofhland_phishing_URL.ndb is up to date (version: custom database)
bofhland_malware_attach.hdb is up to date (version: custom database)
crdfam.clamav.hdb is up to date (version: custom database)
malwarehash.hsb is up to date (version: custom database)
porcupine.ndb is up to date (version: custom database)
phishtank.ndb is up to date (version: custom database)
porcupine.hsb is up to date (version: custom database)
hackingteam.hsb is up to date (version: custom database)
badmacro.ndb is up to date (version: custom database)
Sanesecurity_sigtest.yara is up to date (version: custom database)
Sanesecurity_spam.yara is up to date (version: custom database)
Reading CVD header (main.cvd): WARNING: Can't read main.cvd header from 
database.clamav.net (IP: )
Trying again in 5 secs…

Regards

Simon

> On 6 Nov 2017, at 06:16, Tsutomu Oyamada  wrote:
> 
> Hi,
> 
> It looks like that Updating of CVD in database.clamav.net is not working
> (stopping).
> Do you have any trouble problem happened?
> 
> We are in Japan, and it set CNAME for database.clamav.net as
> db.jp.clamav.net.
> db.jp.clamav.net has 4 IP addresses and those are working in roundrobin.
> Every sites are working, but CVD version stops at 24010 as follows.
> 
> db.jp.clamav.net.   39  IN  A   218.44.253.75
> db.jp.clamav.net.   39  IN  A   203.178.137.175
> db.jp.clamav.net.   39  IN  A   27.96.54.66
> db.jp.clamav.net.   39  IN  A   124.35.85.83
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml