Re: [clamav-users] VirusDB Updates Broken?
Al, Thanks. We are aware. Looking into it. Sent from my iPhone > On Jun 24, 2018, at 23:12, Al Varnell wrote: > > Yes, but all but one was empty. > > Sent from my iPad > > -Al- > >> On Jun 24, 2018, at 19:42, Paul Kosinski wrote: >> >> I've gotten several daily.cvd updates in that period. They came from >> several IP addresses associated with http://db.us.clamav.net/. >> >> >> On Sun, 24 Jun 2018 18:08:59 -0700 >> Al Varnell wrote: >> >>> Just wanted to point out that there has only been one signature added >>> to the VirusDB by daily updates in the last 32 hours. >>> >>> >>> -Al- >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] VirusDB Updates Broken?
Yes, but all but one was empty. Sent from my iPad -Al- > On Jun 24, 2018, at 19:42, Paul Kosinski wrote: > > I've gotten several daily.cvd updates in that period. They came from > several IP addresses associated with http://db.us.clamav.net/. > > > On Sun, 24 Jun 2018 18:08:59 -0700 > Al Varnell wrote: > >> Just wanted to point out that there has only been one signature added >> to the VirusDB by daily updates in the last 32 hours. >> >> >> -Al- > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] VirusDB Updates Broken?
I've gotten several daily.cvd updates in that period. They came from several IP addresses associated with http://db.us.clamav.net/. On Sun, 24 Jun 2018 18:08:59 -0700 Al Varnell wrote: > Just wanted to point out that there has only been one signature added > to the VirusDB by daily updates in the last 32 hours. > > > -Al- ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] VirusDB Updates Broken?
Just wanted to point out that there has only been one signature added to the VirusDB by daily updates in the last 32 hours. -Al- -- Al Varnell Mountain View, CA smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] off topic Re: clamav list spf problem
This reminds me of one of the reasons I dropped commercial AV software in favor of Open Source ClamAV: I decided that I would prefer somewhat less comprehensive AV rather than "full featured" AV that does things you can't control (or sometimes even know about). P.S. We also have internal email that never leaves of LAN (since we run a local Postfix server) -- Barracuda's behavior is unacceptable. On Sat, 23 Jun 2018 13:38:23 +0200 Reindl Harald wrote: > > > Am 23.06.2018 um 06:56 schrieb Andrew McGlashan: > > On 23/06/18 00:37, Gene Heskett wrote: > >> On Friday 22 June 2018 06:15:42 Reindl Harald wrote: > >> > >>> Am 22.06.2018 um 05:36 schrieb Gene Heskett: > I get what I would call minimum spam, just enough to train SA > with. A bad day is 10. When I was using my old account at the tv > station, several years ago, the spam count was often 200+ a day. > Whatever barracuda is trained to do, its doing it very well > >>> > >>> yeah, they pen links in your mails even with a local ahrwdare > >>> appliance days after messages arrived from a server in the US and > >>> call it "real time protection" > >>> > >>> i call it violation of any privacy and a reason that we killed > >>> all our contracts beause it is a no-go wehn i send a test-message > >>> to my gmail address and instead of google Barracuda Networks hits > >>> the unsubscribe-link 3 days later and then even agrues "why does > >>> this work witout confirmation?" - "because you fuckers have no > >>> business to open any links in my emails?" > >> > >> Good point, and it should be a prosecutable offense. But we all > >> know what sort of chance there is of that ever happening. There > >> will be flying pigs because hell froze over and is being used for > >> a runway. > > > > That was Barracuda that "opened" those links? Sounds like what > > Skype did with links in chat :( > > yes, but the difference here that we had a *harwdare appliance* within > our network fro the purpose of get only signature updates but our mail > traffic don't left our own ISP and bulidng which was violated > > asking that idiots the response was "this is part iof the real time > protection" -> guys go a f**k yourself when the testmail was sent on > wednesday and the bot opened the unsubscribe link in the bight to > saturday ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] apparmor="DENIED" operation="rename_src" profile="/usr/bin/freshclam"
On Sun, 2018-06-24 at 15:03 +, Scott Kitterman wrote: > > On June 24, 2018 1:52:53 PM UTC, Chris > wrote: > > > > I was out of town last week and when I got home I noticed the above > > while going through my hourly syslog snippets. The complete output > > can > > be found here - https://pastebin.com/vyjqMJwb I've restarted > > freshclam > > by running sudo /etc/init.d/clamav-freshclam and still the same > > apparmor output. It's odd that this just started last Tuesday > > especially since I'd been out of town since the day before . > > > > I'm running Ubuntu 16.04.4, clamav 99.4 > > > > Wondering if this is the right list to ask on or should I try the > > Ubuntu users list? > You should consult an Ubuntu specific resource. The apparmor profile > is not from upstream. > > Scott K Will do Scott, I was just curious whether anyone else had seen something like this. -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 12:08:46 up 8 days, 4:21, 1 user, load average: 1.27, 0.74, 0.58 Description:Ubuntu 16.04.4 LTS, kernel 4.13.0-45-generic signature.asc Description: This is a digitally signed message part ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] apparmor="DENIED" operation="rename_src" profile="/usr/bin/freshclam"
On June 24, 2018 1:52:53 PM UTC, Chris wrote: >I was out of town last week and when I got home I noticed the above >while going through my hourly syslog snippets. The complete output can >be found here - https://pastebin.com/vyjqMJwb I've restarted freshclam >by running sudo /etc/init.d/clamav-freshclam and still the same >apparmor output. It's odd that this just started last Tuesday >especially since I'd been out of town since the day before . > >I'm running Ubuntu 16.04.4, clamav 99.4 > >Wondering if this is the right list to ask on or should I try the >Ubuntu users list? You should consult an Ubuntu specific resource. The apparmor profile is not from upstream. Scott K ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] apparmor="DENIED" operation="rename_src" profile="/usr/bin/freshclam"
I was out of town last week and when I got home I noticed the above while going through my hourly syslog snippets. The complete output can be found here - https://pastebin.com/vyjqMJwb I've restarted freshclam by running sudo /etc/init.d/clamav-freshclam and still the same apparmor output. It's odd that this just started last Tuesday especially since I'd been out of town since the day before . I'm running Ubuntu 16.04.4, clamav 99.4 Wondering if this is the right list to ask on or should I try the Ubuntu users list? -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 08:23:44 up 8 days, 35 min, 1 user, load average: 1.30, 1.34, 1.85 Description:Ubuntu 16.04.4 LTS, kernel 4.13.0-45-generic signature.asc Description: This is a digitally signed message part ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav list spf problem
Am 21.06.2018 um 15:29 schrieb Gene Heskett: > On Thursday 21 June 2018 06:54:43 Andrew McGlashan wrote: > >> On 21/06/18 17:54, Tilman Schmidt wrote: >>> Am 20.06.2018 um 19:14 schrieb Andrew McGlashan: This is an opportunity to fix things, such an opportunity should not lost, especially if it helps more people to understand the problems with having too liberal SPF rules (defeating the purpose of SPF). >>> >>> I disagree. The purpose of clamav-users is to discuss ClamAV issues, >>> not to educate people on SPF, so the primary objective of fixing the >>> SPF record should be reliable delivery, not educational value. >> >> Normally, I would agree with you, but unfortunately, SPF has been a >> thing for far too long to have so many still outstanding issues; which >> can only mean that those whom need to know are not looking in the >> usual places, or they are just plain ignorant. Or perhaps they aren't >> looking anyware useful and can't see any need to do so so, the >> community (including this one) has a role to help improve awareness of >> these problems for the good of the entire community and to lessen >> ongoing SPF abuses. >> > What I'd like to see is a good description of SPF. All these acronyms > get thrown around, usually with no references as to why its even needed > or how to implement it. Does it help control the neighborhood feral cat > problem or what? what more than https://en.wikipedia.org/wiki/Sender_Policy_Framework do you need? it helps you to score messages or even whitelist them without whitelist a forged sender (SpamAssassin: whitelist_auth) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] off topic Re: clamav list spf problem
Am 23.06.2018 um 06:56 schrieb Andrew McGlashan: > On 23/06/18 00:37, Gene Heskett wrote: >> On Friday 22 June 2018 06:15:42 Reindl Harald wrote: >> >>> Am 22.06.2018 um 05:36 schrieb Gene Heskett: I get what I would call minimum spam, just enough to train SA with. A bad day is 10. When I was using my old account at the tv station, several years ago, the spam count was often 200+ a day. Whatever barracuda is trained to do, its doing it very well >>> >>> yeah, they pen links in your mails even with a local ahrwdare >>> appliance days after messages arrived from a server in the US and call >>> it "real time protection" >>> >>> i call it violation of any privacy and a reason that we killed all our >>> contracts beause it is a no-go wehn i send a test-message to my gmail >>> address and instead of google Barracuda Networks hits the >>> unsubscribe-link 3 days later and then even agrues "why does this work >>> witout confirmation?" - "because you fuckers have no business to open >>> any links in my emails?" >> >> Good point, and it should be a prosecutable offense. But we all know >> what sort of chance there is of that ever happening. There will be >> flying pigs because hell froze over and is being used for a runway. > > That was Barracuda that "opened" those links? Sounds like what Skype > did with links in chat :( yes, but the difference here that we had a *harwdare appliance* within our network fro the purpose of get only signature updates but our mail traffic don't left our own ISP and bulidng which was violated asking that idiots the response was "this is part iof the real time protection" -> guys go a f**k yourself when the testmail was sent on wednesday and the bot opened the unsubscribe link in the bight to saturday ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav list spf problem
Am 22.06.2018 um 05:36 schrieb Gene Heskett: > I get what I would call minimum spam, just enough to train SA with. > A bad day is 10. When I was using my old account at the tv station, > several years ago, the spam count was often 200+ a day. Whatever > barracuda is trained to do, its doing it very well yeah, they pen links in your mails even with a local ahrwdare appliance days after messages arrived from a server in the US and call it "real time protection" i call it violation of any privacy and a reason that we killed all our contracts beause it is a no-go wehn i send a test-message to my gmail address and instead of google Barracuda Networks hits the unsubscribe-link 3 days later and then even agrues "why does this work witout confirmation?" - "because you fuckers have no business to open any links in my emails?" ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml