Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Joel Esler via clamav-users 


> On Jan 17, 2022, at 2:03 PM, Matus UHLAR - fantomas  wrote:
> 
> On 17.01.22 16:30, Nick Howitt via clamav-users wrote:
>> I give up. This is like pushing water up hill. There is no sensible way of 
>> building the packages in one pass which allows me to package the sigs 
>> automatically. It looks like Cisco will block you if you try to down load 
>> anything and fighting Cisco or trying to get them to change is a total waste 
>> of effort.
> 
> cisco does that because of multiple times explained reason.
> you are supposed to download with freshclam or use cvdupdate.
> that's the only optimisation cisco gives us. all other used to overload the
> mirrors.

This.  X 1000.  Cisco provides two tools to do this.  Both tools work perfectly 
fine.  There is actually no other reason to reinvent the wheel, Cisco has done 
it twice for you already.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] help with my system please hybrid os does not update signatures

2022-01-17 Thread colin course via clamav-users 
one more thing ged 
who is this user 121 ?is that normal to see on process properties 
and its only on clam 
it was root and thats when the scan worked but i have seen it being user 
121 before 
i am having to change permissions to stop virus running all over me 
and i have recently seen that now my root is open 
which is same meaning as second part of that word  anyways 
and i know thats not good  thing specialy when browsing the internet  
its got a shortcut to root anyways cwf folder i think 
goes straght to root from processes also found a thread in process that is 
called presure monitor  that dont sound good especially that cpu is being 
bumped  had this thing for about 5months  now started off on a windows os 
got rid of it once that was untill i installed gparted now its back 
wont let me go anywhere near vid content  maxes out my cpu so it does

regards colin 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] help with my system please hybrid os does not update signatures

2022-01-17 Thread colin course via clamav-users 
hello ged thanks for all your help 
i know changing permissions is not a good thing but when you have a 
rampant virus running around the system there is not much choice 
for restricting it to getting to other files 
would not belive the pain i am going threw just to get the browser to work 
any way thats a long story suffice it to say i have many hunndreds of binary 
files on this linux opertating system and i have indeed broke it quite a few 
times but timeshift is helping me and my enemy because i think its dipping in 
to it as well 

right last part of what i have been talking about and i beg you to look 
source first part of word 
if i give you a B?? to tast then you might like it 
second part of word 
what you throw your rubish down or what you use to jump out of a aroplane   
spelt that way 
not the spelling of what a gun does or if plant is showing any signs of 
C
put those two words together and seach that word  i will not now mention of it 
anymore  you have the souce 

now thats done let me give you something usefull as i know  i have not so far 
regarding this problem 
i looked on the clam page  Read https://www.clamav.net/documentsbut it gave me 
a headach maybe you could walk 
me threw the removal and instaltion of my system if you cant thats fine 
as you have written loads already and i will have to read it with close 
inspection 
hears what i have according to snaptic on my 32bit system first part of the 
word is there in that sentence 

0.103 .2 dfgs oubunta clamav
0.103.2  dfsg oubunta clambase
0.103 .2 dfsg oubunta clamav
clamtk 2.25-1 and then just empty space 

ok ged thats it when searching souce dont listen to the propagda as 
certain partys are leading people to the cliffs edge 

regards colin 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Current replacement for --max-ratio?

2022-01-17 Thread Kris Deugau 

G.W. Haywood via clamav-users wrote:

Hi there,

On Fri, 14 Jan 2022, Kris Deugau wrote:

I've just come across a presumed-malicious .zip file of about 500K 
that contains a ~315M ISO image, which in turn appears to contain a 
~315M executable file.


After a bit of searching and testing I see the --max-ratio option has 
been removed from clamscan, and ArchiveMaxCompressionRatio in 
clamd.conf has been deprecated.


Are there any remaining (or new?) options that might help flag 
hypercompressed files like this?


If you're using clamd, perhaps try the AlertExceedsMax option together
with the MaxScanSize and/or MaxFileSize options.  No it's not the same. :/


Hmm.  Might work for this case, I'll try some combinations.


Did this arrive in mail, Kris?


Yes.  Indications are it was sent through a cracked hosting account, 
with an envelope and reply to a GMail account.


On closer inspection, when originally received the message matched one 
of the Sanesecurity "foxhole" signatures, which could collectively be 
scored much higher on this particular receiving account (technical role 
address).  It's a hack and I'm not sure it's worth even that much effort 
since this is the first example I've seen in the wild.


-kgd

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Matus UHLAR - fantomas 

On 17/01/2022 15:26, Andrew C Aitchison wrote:


On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:




On 17/01/2022 14:33, Andrew C Aitchison wrote:
Not quite. I have taken over the packaging of this and the 
justification of packaging the sigs is partly that the tool will 
work and scan out of the box, partly for the offline consideration 
and partly because there will be a delay after installation where 
ClamAV is installed but not in a running condition. IIRC it won't 
even start without a database. This means that a yum install will 
need to pause and run freshclam before it can attempt to start 
clamd.


This has knock-on issues and, apparently, it is always best for 
yum todownload what it needs with yum and not some third party 
tool.


Last time I looked at the .spec file the signatures were marked
%config(noreplace)
Does that avoid the yum issues ?

I can see the sense in running
freshclam --datadir=...
(or cvdupdate) in the
%prep or %build section of clamav.spec
rather than in the %post.

Or even have two sub-packages clamav-db-large and clamav-db-small
both providing clamav-db ? -large has the files and -small has the 
%post script.


On 17.01.22 16:30, Nick Howitt via clamav-users wrote:
I give up. This is like pushing water up hill. There is no sensible 
way of building the packages in one pass which allows me to package 
the sigs automatically. It looks like Cisco will block you if you try 
to down load anything and fighting Cisco or trying to get them to 
change is a total waste of effort.


cisco does that because of multiple times explained reason.
you are supposed to download with freshclam or use cvdupdate.
that's the only optimisation cisco gives us. all other used to overload the
mirrors.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] help with my system please hybrid os does not update signatures

2022-01-17 Thread G.W. Haywood via clamav-users 

Hello again,

On Mon, 17 Jan 2022, colin course via clamav-users wrote:


... i have recently been changing permisions ...


Please do not romp around the operating system changing permissions on
things unless you are sure that you know what you're doing and why.
At best you will make the system insecure, at worst you will break it.


... security context usr/bin/freshclam enforce ...


This tells me that you're using an 'add-on' kind of package which adds
extra security to the system.  Unfortunately some of these packages
bring with them constraints which can sometimes make things difficult
for a beginner - especially if you blindly opt for the highest levels
of security when you configure it.  I wouldn't want to suggest that
you disable anything like that, but it might be worth your time to
find out more about it and about how to tell it what you want to do
with ClamAV, both when you dowload and install ClamAV data and when
you tell ClamAV to scan things.


...
WARNING: Ignoring deprecated option SafeBrowsing at 
/etc/clamav/freshclam.conf:22
...


The SafeBrowsing option was deprecated a long time ago.  It's just
about possible that up to date packages from current distributions
still have deprecated options in their sample configurations, but
perhaps you're using an out of date version of the ClamAV software?
Check for the latest available package for your system on the ClamAV
Website and install that using the package manager for your system if
you can (see below).  Old ClamAV versions are blocked from accessing
the database download servers because they have inefficient download
utilities compared with recent versions, and that has caused problems
for the download servers in the recent past.


...
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check 
permissions!).
...


If the freshclam utility cannot write to its log file then either
you're running freshclam as the wrong user or something is broken.
Maybe you should use the package manager to purge all the packages
which together make up ClamAV on your distribution, and then start
again by reinstalling them using the package manager.

It seems to me that your efforts to improve the security of your
systems risk doing more or less the oppposite.  A lot of talented
people with wide experience and good motivation have put huge amounts
of effort (here I'm talking in terms of at least man-centuries) into
the systems you're using.  You aren't going to improve on what they've
done without a respectable amount of study and probably quite a bit of
experimentation.  You might be better advised to take a deep breath
and spend some time learning about the systems (and their security)
before you try doing anything to improve them.  Bear in mind that even
if you get ClamAV working perfectly, just by using it carelessly you
can cause problems for an otherwise working system.  Especially note
the memory requirements; you will probably need a gigabyte of RAM for
the signature database alone, and if your configuration doesn't take
precautions you may need twice that to do a clamd database reload.
Things will probably go really slow if you make the system 'swap'.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Nick Howitt via clamav-users 



On 17/01/2022 15:26, Andrew C Aitchison wrote:


On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:




On 17/01/2022 14:33, Andrew C Aitchison wrote:
Not quite. I have taken over the packaging of this and the 
justification of packaging the sigs is partly that the tool will work 
and scan out of the box, partly for the offline consideration and 
partly because there will be a delay after installation where ClamAV 
is installed but not in a running condition. IIRC it won't even start 
without a database. This means that a yum install will need to pause 
and run freshclam before it can attempt to start clamd.


This has knock-on issues and, apparently, it is always best for yum 
todownload what it needs with yum and not some third party tool.


Last time I looked at the .spec file the signatures were marked
 %config(noreplace)
Does that avoid the yum issues ?

I can see the sense in running
 freshclam --datadir=...
(or cvdupdate) in the
%prep or %build section of clamav.spec
rather than in the %post.

Or even have two sub-packages clamav-db-large and clamav-db-small
both providing clamav-db ? -large has the files and -small has the %post 
script.


I give up. This is like pushing water up hill. There is no sensible way 
of building the packages in one pass which allows me to package the sigs 
automatically. It looks like Cisco will block you if you try to down 
load anything and fighting Cisco or trying to get them to change is a 
total waste of effort.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Nick Howitt via clamav-users 




On 17/01/2022 15:14, Maarten Broekman via clamav-users wrote:



On Mon, Jan 17, 2022 at 9:53 AM Andrew C Aitchison via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:

 > - not
 > have to install some uncommon download package and then download
them. That
 > is making people jump through unnecessary hoops. I am not trying
use a
 > segmented network and hosts can generally reach the internet. I
just want to
 > be able to package the sigs in a v0.103.5 rpm for my distro in
the same way
 > as EPEL does.

Does the EPEL build system still work ?

If cvdupdate is too obscure, you could use the freshclam program
which you have just built for your package.


Andrew makes a good point here. Since you've built the freshclam program 
at this point, you can use it to download all the databases it would 
normally download and then package those. The downside of this is, of 
course, that the daily.cvd changes daily... which means the package 
would have outdated virus definitions almost immediately. And, if it 
gets too out of date, freshclam will end up downloading the entire file 
anyway. And, after 7 days, you'll see warning messages about outdated 
definitions when clam starts up.


Depending on how many hosts a typical ClearOS end-user has, they would 
probably want to set up a private mirror so that they don't have 
multiple systems behind the same IP address trying to grab the database 
files (and then getting rate-limited as a result).


Private mirror docs: 
https://docs.clamav.net/appendix/CvdPrivateMirror.html 

All I am saying is that EPEL package a set of sigs in the same way as I 
want to for ClearOS. The EPEL build system certainly works (although we 
don't use it at ClearOS) and produces packages for EL and 8 and is 
preparing for EL9.


The package is only meant for the ClearOS gateway for gateway AV 
functions if the gateway is running a proxy, for mail AV and for 
scanning the server (largely samba shares). It is not intended for use 
on LAN devices or to serve sigs to them.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Nick Howitt via clamav-users 




On 17/01/2022 15:06, Arjen de Korte via clamav-users wrote:


Citeren Nick Howitt via clamav-users :

Not quite. I have taken over the packaging of this and the 
justification of packaging the sigs is partly that the tool will work 
and scan out of the box, partly for the offline consideration and 
partly because there will be a delay after installation where ClamAV 
is installed but not in a running condition. IIRC it won't even start 
without a database. This means that a yum install will need to pause 
and run freshclam before it can attempt to start clamd. This has 
knock-on issues and, apparently, it is always best for yum todownload 
what it needs with yum and not some third party tool.


One thing to remember is, is that if you intend your packaging tool to 
rebuild the package frequently (daily? weekly?), you'll be 
indistinguishable from abusive downloaders who download the full 
database over and over again (and don't use freshclam / cvdupdate 
instead). This will get your IP blacklisted fairly quickly as you 
empirically found out already.


One option would be to setup a local database mirror that is updated 
through either freshclam or cvdupdate and let your packaging tool 
download the database from there with whatever method you see fit (wget, 
curl). That will prevent frequent downloading the full database from the 
ClamAV servers, yet will allow you to package fresh database files as 
often as you see fit.
We only rebuild on an upstream update. At some point after it is 
installed the servers will run freshclam. Until freshclam is run you 
can't start clamd, so you perhaps need a watcher to start clamd at an 
appropriate time? madness!


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] help with my system please hybrid os does not update signatures

2022-01-17 Thread colin course via clamav-users 
i have no idear ged 
i asked my provider what there dns server was but the person i spoke to 
did not even have understanding of what dns was tech um ok 

any way i will find out what you have asked 
and hears a bit more of what i talked about last time 
on the souce which you do not have at  this present time 
there is a catholic preist italian evrebody needs to hear what he has to say 
carlos marinos varogone  ,put his life on the line 
there was an italian doctor saying the same thing but he is no longer with us 
jfks ghost would proberly say i told you so 

right down to my  bit fighting this thing on a daily basis 
ran a scan with out knowing it read out below 
now this is the strange bit i have recently been changing permisions 
when it was root on  the process tab  i am talking about 
the user was 1000 which is me.   down on the comand line bit it said ignore 
many directories to scan such as home and ect i cant rember exsactly .

Now that i have changed the permission the user is 121
and the command lins says 

security context usr/bin/freshclam enforce 
command line  usr/bin/freshclam -d --foreground true 

i tried to copy and past but was not possibe hear is the scan that came about 
by mistake  nope lost that one so hear is another though its probely of no use 
as the other one succeeded  to scan and this one did not dam!!

 WARNING: Ignoring deprecated option SafeBrowsing at 
/etc/clamav/freshclam.conf:22
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check 
permissions!).
ERROR: Problem with internal logger (UpdateLogFile = 
/var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
zone8@zone8-Latitude-D510:~$ 

kind regards colin 
















___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Arjen de Korte via clamav-users 

Citeren Joel Esler via clamav-users :

On Jan 17, 2022, at 10:17, Maarten Broekman via clamav-users  
 wrote:


And, after 7 days, you'll see warning messages about outdated  
definitions when clam starts up.


And Freshclam and cvdupdate will still download the right files.


This largely depends on your build system. In the openSUSE Build  
Service (OBS) we start out with a 'clean' build environment for every  
(re)build, so running freshclam during build, would mean it would need  
to download the full database again for each build (which probably  
would lead to blacklisting pretty quickly). That means, if we would  
have network connectivity during build (which is not the case). We  
don't consider packaging the database files useful, as these will be  
outdated almost immediately and keeping them fresh by packaging them,  
would mean *huge* downloads almost daily.


In cases where you need a database, just copy them over on a flash  
drive. If you want to install something on a compromised system  
without network connectivity, you'll need to use portable storage  
anyway.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Joel Esler via clamav-users 



> On Jan 17, 2022, at 10:17, Maarten Broekman via clamav-users 
>  wrote:
> 
> And, after 7 days, you'll see warning messages about outdated definitions 
> when clam starts up.

And Freshclam and cvdupdate will still download the right files.  

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Andrew C Aitchison via clamav-users 

On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:




On 17/01/2022 14:33, Andrew C Aitchison wrote:
Not quite. I have taken over the packaging of this and the justification of 
packaging the sigs is partly that the tool will work and scan out of the box, 
partly for the offline consideration and partly because there will be a delay 
after installation where ClamAV is installed but not in a running condition. 
IIRC it won't even start without a database. This means that a yum install 
will need to pause and run freshclam before it can attempt to start clamd.


This has knock-on issues and, apparently, it is always best for yum 
todownload what it needs with yum and not some third party tool.


Last time I looked at the .spec file the signatures were marked
%config(noreplace)
Does that avoid the yum issues ?

I can see the sense in running
freshclam --datadir=...
(or cvdupdate) in the
%prep or %build section of clamav.spec
rather than in the %post.

Or even have two sub-packages clamav-db-large and clamav-db-small
both providing clamav-db ? -large has the files and -small has the %post 
script.


--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Maarten Broekman via clamav-users 
On Mon, Jan 17, 2022 at 9:53 AM Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

> On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
>
> > - not
> > have to install some uncommon download package and then download them.
> That
> > is making people jump through unnecessary hoops. I am not trying use a
> > segmented network and hosts can generally reach the internet. I just
> want to
> > be able to package the sigs in a v0.103.5 rpm for my distro in the same
> way
> > as EPEL does.
>
> Does the EPEL build system still work ?
>
> If cvdupdate is too obscure, you could use the freshclam program
> which you have just built for your package.
>
>
Andrew makes a good point here. Since you've built the freshclam program at
this point, you can use it to download all the databases it would normally
download and then package those. The downside of this is, of course, that
the daily.cvd changes daily... which means the package would have outdated
virus definitions almost immediately. And, if it gets too out of date,
freshclam will end up downloading the entire file anyway. And, after 7
days, you'll see warning messages about outdated definitions when clam
starts up.

Depending on how many hosts a typical ClearOS end-user has, they would
probably want to set up a private mirror so that they don't have multiple
systems behind the same IP address trying to grab the database files (and
then getting rate-limited as a result).

Private mirror docs: https://docs.clamav.net/appendix/CvdPrivateMirror.html

--Maarten

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Arjen de Korte via clamav-users 

Citeren Nick Howitt via clamav-users :

Not quite. I have taken over the packaging of this and the  
justification of packaging the sigs is partly that the tool will  
work and scan out of the box, partly for the offline consideration  
and partly because there will be a delay after installation where  
ClamAV is installed but not in a running condition. IIRC it won't  
even start without a database. This means that a yum install will  
need to pause and run freshclam before it can attempt to start  
clamd. This has knock-on issues and, apparently, it is always best  
for yum todownload what it needs with yum and not some third party  
tool.


One thing to remember is, is that if you intend your packaging tool to  
rebuild the package frequently (daily? weekly?), you'll be  
indistinguishable from abusive downloaders who download the full  
database over and over again (and don't use freshclam / cvdupdate  
instead). This will get your IP blacklisted fairly quickly as you  
empirically found out already.


One option would be to setup a local database mirror that is updated  
through either freshclam or cvdupdate and let your packaging tool  
download the database from there with whatever method you see fit  
(wget, curl). That will prevent frequent downloading the full database  
from the ClamAV servers, yet will allow you to package fresh database  
files as often as you see fit.





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Joel Esler via clamav-users 
No. It would not.  Wget and curl create disasters for the ClamAV team on the 
server side, which is why it was stopped. There are still people abusing that 
system, and when I was at cisco I would block people for doing it.  If people 
would use the tools they are supposed to, that are designed to be network 
friendly, the problems wouldn’t exist. 

— 
Sent from my  iPhone

> On Jan 17, 2022, at 09:39, Nick Howitt via clamav-users 
>  wrote:
> 
> Isn't that a bit messy? It would be so much easier to be able to use curl, 
> wget or any browser to get the sigs so we can package them directly - not 
> have to install some uncommon download package and then download them. That 
> is making people jump through unnecessary hoops. I am not trying use a 
> segmented network and hosts can generally reach the internet. I just want to 
> be able to package the sigs in a v0.103.5 rpm for my distro in the same way 
> as EPEL does.
> 
>> On 17/01/2022 14:17, Joel Esler wrote:
>> This is what cvdupdate was designed for.  Please use that.
>> —
>> Sent from my  iPhone
 On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users 
  wrote:
>>> 
>>> Please tell that to EPEL as well. We want to be able to distribute a 
>>> package which, in emergency, can be transferred to a standalone (read 
>>> compromised device removed from the network) and have the rpm install 
>>> something which can directly virus scan. Without the three files, it can't. 
>>> I presume that is similar logic to EPEL.
>>> 
>>> Anyway, I've managed to get the files through a VPN so changing my IP, but 
>>> this is messy. There must be a better way to do it.
>>> 
>>> Nick
>>> 
 On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
 Running freshclam after the package is installed should pull any/all of 
 the files that are missing. That is probably the best way to do it.
 --Maarten
 On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users 
 mailto:clamav-users@lists.clamav.net>> 
 wrote:
Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
package the latest three signature files listed above with their
distributable rpm in the same way that EPEL do so they have a
working package on installation rather than requiring freshclam to
run first. Unfortunately it looks like the links to the three files
have been removed from https://www.clamav.net/downloads
 and I would like to get the
latest signatures so I can update the package. How can I get hold of
the files?
Looking at the EPEL Sources, they download from:
https://database.clamav.net/main.cvd

https://database.clamav.net/daily.cvd

https://database.clamav.net/bytecode.cvd

But I am being blocked by cloudflare:
  Error 1015
Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
You are being rate limited
What happened?
The owner of this website (database.clamav.net
) has banned you temporarily from
accessing this website.
How can I proceed as I would like to get an updated package built
for ClearOS
Thanks,
Nick
___
clamav-users mailing list
clamav-users@lists.clamav.net 
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

 ___
 clamav-users mailing list
 clamav-users@lists.clamav.net
 https://lists.clamav.net/mailman/listinfo/clamav-users
 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq
 http://www.clamav.net/contact.html#ml
>>> 
>>> ___
>>> 
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Andrew C Aitchison via clamav-users 

On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:

Isn't that a bit messy? It would be so much easier to be able to use curl, 
wget or any browser to get the sigs so we can package them directly


Unfortunately the server load was ridiculus and that had to be stopped.
Petabyte per day IIRC. Some IPs attempted thousands of downloads per 
second !


- not 
have to install some uncommon download package and then download them. That 
is making people jump through unnecessary hoops. I am not trying use a 
segmented network and hosts can generally reach the internet. I just want to 
be able to package the sigs in a v0.103.5 rpm for my distro in the same way 
as EPEL does.


Does the EPEL build system still work ?

If cvdupdate is too obscure, you could use the freshclam program
which you have just built for your package.


On 17/01/2022 14:17, Joel Esler wrote:


This is what cvdupdate was designed for.  Please use that.

—
Sent from my  iPhone

On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users 
 wrote:


Please tell that to EPEL as well. We want to be able to distribute a 
package which, in emergency, can be transferred to a standalone (read 
compromised device removed from the network) and have the rpm install 
something which can directly virus scan. Without the three files, it 
can't. I presume that is similar logic to EPEL.


Anyway, I've managed to get the files through a VPN so changing my IP, but 
this is messy. There must be a better way to do it.


Nick


On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
Running freshclam after the package is installed should pull any/all of 
the files that are missing. That is probably the best way to do it.

--Maarten
On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:

Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
package the latest three signature files listed above with their
distributable rpm in the same way that EPEL do so they have a
working package on installation rather than requiring freshclam to
run first. Unfortunately it looks like the links to the three files
have been removed from https://www.clamav.net/downloads
 and I would like to get the
latest signatures so I can update the package. How can I get hold of
the files?
Looking at the EPEL Sources, they download from:
https://database.clamav.net/main.cvd

https://database.clamav.net/daily.cvd

https://database.clamav.net/bytecode.cvd

But I am being blocked by cloudflare:
  Error 1015
Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
You are being rate limited
What happened?
The owner of this website (database.clamav.net
) has banned you temporarily from
accessing this website.
How can I proceed as I would like to get an updated package built
for ClearOS
Thanks,
Nick
___
clamav-users mailing list
clamav-users@lists.clamav.net 
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Nick Howitt via clamav-users 



On 17/01/2022 14:33, Andrew C Aitchison wrote:

On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:


Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they 
package the

latest three signature files listed above with their distributable rpm in
the same way that EPEL do so they have a working package on installation
rather than requiring freshclam to run first. Unfortunately it looks like
the links to the three files have been removed from
https://www.clamav.net/downloads and I would like to get the latest
signatures so I can update the package. How can I get hold of the files?

Looking at the EPEL Sources, they download from:
https://database.clamav.net/main.cvd
https://database.clamav.net/daily.cvd
https://database.clamav.net/bytecode.cvd

But I am being blocked by cloudflare:

 Error 1015

Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC

YOU ARE BEING RATE LIMITED

WHAT HAPPENED?

The owner of this website (database.clamav.net) has banned you 
temporarily

from accessing this website.


How can I proceed as I would like to get an updated package built for
ClearOS


There has been a lot of abuse of the downloads (some sites were downloading
multiple - thousands IIRC - copies per second and using up vast volumes of
bandwidth).
Freshclam and cvdupdate (
https://github.com/Cisco-Talos/cvdupdate
another tool from ClamAV) are tuned to minimize load on the servers
and IIRC have special access to the downloads.

Could you use cvdupdate in the package script (clamav.spec or similar) ?
Even this backs off if it is used too frequently, so watch out for that 
when testing.


You might need to use the uncompressed .cld versions (daily.cld at least)
as these are what are actually updated by the incremental updates.

Maarten suggests not including the database in the package, but
downloading it with freshclam or cvdupdate afer installing
(eg in a post-install script).
daily.cld is currently over 170MB and changes daily,
so this might be better still.

I see that you are thinking of this as a rescue tool.
Do you have a sense of how likely clamav (especially a not up to date 
version) is to actually detect a nasty ? My experience and that of

some others on this list is that it is so far short of 50% that
I would not take a pass from ClamAV as reliable.

Not quite. I have taken over the packaging of this and the justification 
of packaging the sigs is partly that the tool will work and scan out of 
the box, partly for the offline consideration and partly because there 
will be a delay after installation where ClamAV is installed but not in 
a running condition. IIRC it won't even start without a database. This 
means that a yum install will need to pause and run freshclam before it 
can attempt to start clamd. This has knock-on issues and, apparently, it 
is always best for yum todownload what it needs with yum and not some 
third party tool.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Nick Howitt via clamav-users 
Isn't that a bit messy? It would be so much easier to be able to use 
curl, wget or any browser to get the sigs so we can package them 
directly - not have to install some uncommon download package and then 
download them. That is making people jump through unnecessary hoops. I 
am not trying use a segmented network and hosts can generally reach the 
internet. I just want to be able to package the sigs in a v0.103.5 rpm 
for my distro in the same way as EPEL does.


On 17/01/2022 14:17, Joel Esler wrote:


This is what cvdupdate was designed for.  Please use that.

—
Sent from my  iPhone


On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users 
 wrote:

Please tell that to EPEL as well. We want to be able to distribute a package 
which, in emergency, can be transferred to a standalone (read compromised 
device removed from the network) and have the rpm install something which can 
directly virus scan. Without the three files, it can't. I presume that is 
similar logic to EPEL.

Anyway, I've managed to get the files through a VPN so changing my IP, but this 
is messy. There must be a better way to do it.

Nick


On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
Running freshclam after the package is installed should pull any/all of the 
files that are missing. That is probably the best way to do it.
--Maarten
On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:
Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
package the latest three signature files listed above with their
distributable rpm in the same way that EPEL do so they have a
working package on installation rather than requiring freshclam to
run first. Unfortunately it looks like the links to the three files
have been removed from https://www.clamav.net/downloads
 and I would like to get the
latest signatures so I can update the package. How can I get hold of
the files?
Looking at the EPEL Sources, they download from:
https://database.clamav.net/main.cvd

https://database.clamav.net/daily.cvd

https://database.clamav.net/bytecode.cvd

But I am being blocked by cloudflare:
  Error 1015
Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
You are being rate limited
What happened?
The owner of this website (database.clamav.net
) has banned you temporarily from
accessing this website.
How can I proceed as I would like to get an updated package built
for ClearOS
Thanks,
Nick
___
clamav-users mailing list
clamav-users@lists.clamav.net 
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Joel Esler via clamav-users 
This is what cvdupdate was designed for.  Please use that.  

— 
Sent from my  iPhone

> On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users 
>  wrote:
> 
> Please tell that to EPEL as well. We want to be able to distribute a package 
> which, in emergency, can be transferred to a standalone (read compromised 
> device removed from the network) and have the rpm install something which can 
> directly virus scan. Without the three files, it can't. I presume that is 
> similar logic to EPEL.
> 
> Anyway, I've managed to get the files through a VPN so changing my IP, but 
> this is messy. There must be a better way to do it.
> 
> Nick
> 
>> On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
>> Running freshclam after the package is installed should pull any/all of the 
>> files that are missing. That is probably the best way to do it.
>> --Maarten
>> On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users 
>> mailto:clamav-users@lists.clamav.net>> wrote:
>>Hi,
>>I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
>>package the latest three signature files listed above with their
>>distributable rpm in the same way that EPEL do so they have a
>>working package on installation rather than requiring freshclam to
>>run first. Unfortunately it looks like the links to the three files
>>have been removed from https://www.clamav.net/downloads
>> and I would like to get the
>>latest signatures so I can update the package. How can I get hold of
>>the files?
>>Looking at the EPEL Sources, they download from:
>>https://database.clamav.net/main.cvd
>>
>>https://database.clamav.net/daily.cvd
>>
>>https://database.clamav.net/bytecode.cvd
>>
>>But I am being blocked by cloudflare:
>>  Error 1015
>>Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>>You are being rate limited
>>What happened?
>>The owner of this website (database.clamav.net
>>) has banned you temporarily from
>>accessing this website.
>>How can I proceed as I would like to get an updated package built
>>for ClearOS
>>Thanks,
>>Nick
>>___
>>clamav-users mailing list
>>clamav-users@lists.clamav.net 
>>https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>Help us build a comprehensive ClamAV guide:
>>https://github.com/vrtadmin/clamav-faq
>>
>>http://www.clamav.net/contact.html#ml
>>
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/contact.html#ml
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Nick Howitt via clamav-users 
Please tell that to EPEL as well. We want to be able to distribute a 
package which, in emergency, can be transferred to a standalone (read 
compromised device removed from the network) and have the rpm install 
something which can directly virus scan. Without the three files, it 
can't. I presume that is similar logic to EPEL.


Anyway, I've managed to get the files through a VPN so changing my IP, 
but this is messy. There must be a better way to do it.


Nick

On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
Running freshclam after the package is installed should pull any/all of 
the files that are missing. That is probably the best way to do it.


--Maarten

On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
package the latest three signature files listed above with their
distributable rpm in the same way that EPEL do so they have a
working package on installation rather than requiring freshclam to
run first. Unfortunately it looks like the links to the three files
have been removed from https://www.clamav.net/downloads
 and I would like to get the
latest signatures so I can update the package. How can I get hold of
the files?

Looking at the EPEL Sources, they download from:
https://database.clamav.net/main.cvd

https://database.clamav.net/daily.cvd

https://database.clamav.net/bytecode.cvd


But I am being blocked by cloudflare:


  Error 1015

Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC


You are being rate limited


What happened?

The owner of this website (database.clamav.net
) has banned you temporarily from
accessing this website.


How can I proceed as I would like to get an updated package built
for ClearOS

Thanks,

Nick

___

clamav-users mailing list
clamav-users@lists.clamav.net 
https://lists.clamav.net/mailman/listinfo/clamav-users



Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq


http://www.clamav.net/contact.html#ml




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Maarten Broekman via clamav-users 
Running freshclam after the package is installed should pull any/all of the
files that are missing. That is probably the best way to do it.

--Maarten

On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they package
> the latest three signature files listed above with their distributable rpm
> in the same way that EPEL do so they have a working package on installation
> rather than requiring freshclam to run first. Unfortunately it looks like
> the links to the three files have been removed from
> https://www.clamav.net/downloads and I would like to get the latest
> signatures so I can update the package. How can I get hold of the files?
>
> Looking at the EPEL Sources, they download from:
> https://database.clamav.net/main.cvd
> https://database.clamav.net/daily.cvd
> https://database.clamav.net/bytecode.cvd
>
> But I am being blocked by cloudflare:
>
> Error 1015 Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC You are
> being rate limited
> What happened?
>
> The owner of this website (database.clamav.net) has banned you
> temporarily from accessing this website.
>
> How can I proceed as I would like to get an updated package built for
> ClearOS
>
> Thanks,
>
> Nick
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

2022-01-17 Thread Nick Howitt via clamav-users 

  
  
Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
package the latest three signature files listed above with their
distributable rpm in the same way that EPEL do so they have a
working package on installation rather than requiring freshclam to
run first. Unfortunately it looks like the links to the three files
have been removed from https://www.clamav.net/downloads and I would
like to get the latest signatures so I can update the package. How
can I get hold of the files?

Looking at the EPEL Sources, they download from:
https://database.clamav.net/main.cvd
https://database.clamav.net/daily.cvd
https://database.clamav.net/bytecode.cvd

But I am being blocked by cloudflare:


   Error 1015 
  Ray ID: 6cefeaa67bc1549a
• 2022-01-17
13:26:40 UTC
  You are being rate limited


  
What
  happened?
The owner of this website (database.clamav.net) has banned
  you temporarily from accessing this website.
  


How can I proceed as I would like to get an updated package built
for ClearOS

Thanks,

Nick
  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml