Re: [clamav-users] clamav incremental scan?
On 2021-05-04 20:19, Michael Wang wrote: It seems that this should be a common question, but I did not find a definite answer via Google search. I saw solutions to only scan files in the last 60 days, but it is not difficult for a virus file to change date, isn't it? I can think of to maintain hash table with file name and its checksum, but looks like this should be a functionality of the clamav itself. How do you do it? Just do a full scan every time? Thanks. fun part is that clamdscan needs root access, stupid virus scanning must not be done as root user, else one knows why its unsecure on unpacking already files stored as non root users can only be changed by same user if its malware, this includes change time stamps as non root, isssue a touch malwarefile.exe, new upload hope clamav team redo this insecure in clamdscan ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] cdn :/
On 2021-04-28 18:16, Joel Esler (jesler) wrote: On Apr 28, 2021, at 12:10 PM, Benny Pedersen wrote: On 2021-04-28 17:56, Joel Esler (jesler) wrote: I don’t think that’s a solution. https scales only if makeing private mirrors :/ design of torrents is ther more users the faster speeds all get without needing private mirrors, so yes it does better then cloudflare We can manage Cloudflare, and BitTorrent is banned in just about every corporate environment. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; From: "Joel Esler (jesler)" it works well cisco do there own dkim, but both dkim is untrusted by 3dr party signing, one more problem to solve is it possible to see mailman stops mangle dkim when dmarc policy is p=none; while i am on clamav, what about synology antivirus essential ? What about it? good question, maybe i just make a feedback to synology for this one ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] cdn :/
On 2021-04-28 17:56, Joel Esler (jesler) wrote: I don’t think that’s a solution. https scales only if makeing private mirrors :/ design of torrents is ther more users the faster speeds all get without needing private mirrors, so yes it does better then cloudflare is it possible to see mailman stops mangle dkim when dmarc policy is p=none; while i am on clamav, what about synology antivirus essential ? On Apr 28, 2021, at 9:21 AM, Benny Pedersen via clamav-users wrote: On 2021-04-28 14:42, Eero Volotinen wrote: Please upgrade to supported version? i have that on gentoo, problem is fidxed now, finaly, how can this take so long without anyone notice it is imho scarry consider implement bittorrent protocol into freshclamd, it scales more then claoudflare problem ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] cdn :/
On 2021-04-28 14:42, Eero Volotinen wrote: Please upgrade to supported version? i have that on gentoo, problem is fidxed now, finaly, how can this take so long without anyone notice it is imho scarry consider implement bittorrent protocol into freshclamd, it scales more then claoudflare problem ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] cdn :/
i am on cool down, yes since 10-4-2021 missing cdiff imho, so it try the full cvd download that is missing, after that cool down :/ am i alone ? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Testing
Joel Esler (jesler) skrev den 2019-02-20 23:14: Testing! for the record here is what spamassassin says when i post on postfix-maillist X-Spam-Status: No, score=-2.4, required=5.0, Autolearn=no autolearn_force=no, LastExt=2604:8d00:0:1::3 Shortcircuit=no,none X-Spam-Rules_score: ALL_TRUSTED=-1,BAYES_00=-1.9,DKIM_SIGNED=0.1, DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.7,SPF_NONE=0.7,TXREP=0.334,XSENDER_MATCH=-0.1 hope other maillists can copy that ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Eingangsbestätigung IT-Service
IT-Service Theatergemeinde Köln skrev den 2019-02-21 00:11: Vielen Dank für Ihre Nachricht. Sie ist bei uns ordnungsgemäß eingegegangen und wird so schnell wie möglich bearbeitet. i dont want to sleep with you ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Testing
Joel Esler (jesler) skrev den 2019-02-21 00:06: We are working on this currently. good, if openarc seal signing will be added to mailman and drop ownerships take over it will be perfect, its about time mailman get fixed for dkim and dmarc rejects, dont accept dmarc policy reject, but accept quarantine posters, else it will create downstream rejects, sadly i know dmarc pass and maillist is possible, it could even be with mailman if people did more carefully setup mailman for the time being i hae added this new ip for networks a ip that disable all milters here in postfix, this was simple for me to do ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Testing
Scott Kitterman skrev den 2019-02-20 23:34: I'm not sure why anyone expects anything different. you are not on maillist with original senders get dmarc pass ? :=) hint postfix where is dkimpy-milter i like to build on gentoo to get rid of most of my dkim and dmarc problems is there a guid on migrade from opendkim to dkimpy signing ? thanks for good software btw ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Testing
Joel Esler (jesler) skrev den 2019-02-20 23:14: Testing! DKIM and DMARC still fails no news there :( ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file
Vijayakumar U skrev den 2019-01-31 12:39: Do I need to raise this issue or is it taken care of already? what issue ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] warning: connect to Milter service unix:/var/run/clamav/clamav-milter.ctl: No such file or directory
Yasuhiro KIMURA skrev den 2019-01-28 15:10: -- root@kusanagi[2796]# ls -l /var/run/clamav/clamav-milter.ctl srw-rw-rw- 1 clamav clamav 0 1月 27 06:25 /var/run/clamav/clamav-milter.ctl= -- Then what is wrong? How can I fix this warning message? postfix needs read write access to this socket, most simple way is to use inet socket, if you can Config file: clamd.conf --- TCPSocket = "3310" TCPAddr = "127.0.0.1" Config file: freshclam.conf --- Config file: clamav-milter.conf --- ClamdSocket = "tcp:127.0.0.1:3310" MilterSocket = "inet:7357@localhost" MilterSocketGroup disabled MilterSocketMode disabled main.cf milter_clamav = inet:[127.0.0.1]:7357 milter_default_action = accept milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_opendkim = inet:[127.0.0.1]:8891 milter_opendmarc = inet:[127.0.0.1]:8893 milter_protocol = 6 non_smtpd_milters = $milter_opendkim smtpd_milters = $milter_clamav,$milter_opendkim,$milter_opendmarc this works for me :=) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: CLAMD CPU usage
Adam Waller skrev den 2019-01-18 17:32: We have clamav installed on all our VMs however ever since doing so we've noticed that clamd is consistently using up to 100% of a CPU core. upgrade cpu :-) Just wondering if anyone can offer any advice on how to improve this. it could be solved if clamav can save main.cvd into main.cld (uncompressed signed database) this will save or reduce cpu load on reload sigs, to make things worse clamav keeps old database loaded while reloading new databases, if all databases is compressed it takes more cpu time, its btw not a bug i kindly ask developers to make sigtool save uncompressed data files, to help reduce cpu time on reloads ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file
Vijayakumar U skrev den 2019-01-10 15:42: When a malicious file is inside zip file and if zip file contains some other corrupted zip file, the malicious file is not filtered as virus. +1 please start using foxhole 3dr party signatures to stop this malwares with double packed archives Sample link - ZXW2.6-Blackfish2.0.zip - https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB ZXW2.6.exe is undetected on gdrive, so it can be downloaded, on virustotal.com its detected on 18 out of 68 scanners :) i have sent this file to http://www.clamav.net/reports/malware as a false negative thanks for reporting and using clamav ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] One question
Gary R. Schmidt skrev den 2018-12-30 05:56: Veuillez republier vos questions dans votre langue maternelle (je présume le français) car elles n’ont aucun sens en anglais. i prefer your english aswell :=) AI works well on some mobile phones, just nok yet in clamav ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam update HTTP Error 403 Forbidden
Claudiu Albu skrev den 2018-12-21 13:56: CLAMAV VERSION is: "_WARNING: Local version: 0.100.2 Recommended version: 0.101.0_" After some reading, this seems to be the latest version in a stable CentOS EPEL stable repo - correct? no freshclam reports latest stable version, its upto centos maintainrs to put that version into there repo, 2 options now is, wait, build rpms localy self, and install that rpm update http://lifeofageekadmin.com/build-rpms-centos/ why wait ? :=) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)
Scott Kitterman skrev den 2018-12-13 18:28: Would it be possible to turn off the outdated warning until that happens? why ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)
Kaushal Shriyan skrev den 2018-12-13 07:30: I am running CentOS Linux release 7.6.1810 (Core) with ClamAV installed. When i am running freshclam i am seeing a Warning message and the details are described below:- WARNING: Local version: 0.100.2 Recommended version: 0.101.0 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav it also says dont panic :=) create a centos bug to get a bumped version into centos repo, or compiled localy latest version wanted its not anything here we could do more ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] [OT] is clamav.securiteinfo.com no more?
G.W. Haywood skrev den 2018-12-05 18:16: On Wed, 5 Dec 2018, Dennis Peterson wrote: All the "tiny" url hosts are blacklisted here ... A list of them could be useful. Do you have such a thing, or a pointer? https://github.com/rspamd/rspamd/blob/master/conf/redirectors.inc ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] CompressLocalDatabase setting & Bugzilla Certificate
J.R. skrev den 2018-11-23 22:30: In my freshclam.conf I have 'CompressLocalDatabase yes' set, yet I noticed that I have daily.cld & safebrowsing.cld instead of .cvd? I this is a time waster to enable that, i would like to know how to make the cld from cvd, so it not reload the compressed version anymore, starting clamd takes more ram and time to load the compressed cvds, sadly both cld and cvd is signed ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV mirrors have gotten worse!
Paul Kosinski skrev den 2018-11-20 03:25: # Use aaa.bbb.ccc.ddd as client address for downloading databases. # Useful for multi-homed systems. # Default: Use OS'es default outgoing IP address. LocalIPAddress 10.11.14.160 comment that line No matter, are we so unlucky -- only 1 out of 3M -- in having the sync errors reappear? Or are we simply one of far fewer users who log (and actually examine) their entire freshclam output? you did not make localmirror correct, whole 10.x.x.x/8 is non routed in rfc1918, so not external problem to solve other then make freshclam get a localmirror that works, if unsure how, comment that localipaddress ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: The ClamAV 0.101.0 release candidate is here!
Paul Kosinski skrev den 2018-11-20 02:54: Are there any other users of HAVP in conjunction with ClamAV? (HAVP was originally written to work with ClamAV as well as other AV packages, such as Kaspersky, Sophos and F-Prot.) recompile of havp should be solve it, unless havp have bugs to solve let the old havp compile runs on later versions of clamav can leed to problems if havp is bug free its just a recompile needed ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] whitelist with clamav-milter
Matus UHLAR - fantomas skrev den 2018-09-27 10:36: On 26.09.18 07:56, Jerry wrote: I am running clamav version 0.100.1 on a FreeBSD 11.2 / amd64 machine. I also have the clamav-milter installed. My problem is that even though I am trying to whitelist some addresses, they get marked as Spam. spam? clamav is s virus scanner, not spam scanner. +1 This is an example of one such address: ☀ Puritan's Pride I entered this into the white list file: From:puritanspr...@e.puritan.com I then restarted the milter. Unfortunately, the email is still marked as Spam. I thought that clamav-milter would simply ignore the file. X-Virus-Status: Infected (SecuriteInfo.com.Spam-4701.UNOFFICIAL) X-Virus-Scanned: clamav-milter 0.100.1 at scorpio.seibercom.net do you mean this under "marked as spam"? imho would be nice if clamav-milter could reject based on official signatures, and tag only on 3dr party signatures lastly i agree clamav is a good spam scanner aswell if used correct ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Malwarepatrol false positive
Kris Deugau skrev den 2018-08-31 19:44: Benny Pedersen wrote: why is https even blocked ? :( please whitelist https signatures There's no reason a hacked HTTPS website couldn't host malware. And there's no reason a spam domain couldn't get a certificate (from Let's Encrypt, or somewhere else) if they carefully time their actions. https links could not be reported to the signer ? but yes its to simple to make https links without payments at all time to block signers if thats possible ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Malwarepatrol false positive
Mark G Thomas skrev den 2018-08-31 18:51: And YET ANOTHER today. I figured others here might want the heads up. [root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool --decode-sigs VIRUS NAME: MBL_13226139 DECODED SIGNATURE: https://linkprotect.cudasvc.com/url why is https even blocked ? :( please whitelist https signatures ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter with sendmail on Fedora 28: init failed to open, to error state, initialization failed, temp failing commands
Robert Kudyba skrev den 2018-07-30 16:23: Jul 23 11:45:39 storm clamd[22351]: LibClamAV Error: yyerror(): /var/lib/clamav/packer.yar line 82 undefined identifier "pe" remove yar rules clamav is unstable with yara, google it and systemd is not working with milter interfaces ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)
Joel Esler (jesler) skrev den 2018-07-03 22:42: Yes. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily, which could be a ton. It's the people that are downloading the *same* diff 1000x an hour that are the problem. could this be solved in freshclam maxdiffupdates 50 # number of diff to max update at once minimalrechecktime 60 # minimal minutes before next recheck new diff updates adjust as needed would that atleast settle it a bit ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] update report
Gene Heskett skrev den 2018-07-02 19:20: On Monday 02 July 2018 13:12:12 Gene Heskett wrote: However, a network restart did not get rid of the ipv6 stuff in the ifconfig lo report. ? /etc/network/interfaces is also clean of any ipv6 stuffs. ? if all else fails check /etc/gai.conf change that conf to prefer ipv4 first ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] OT: DMARC
On 28. jun. 2018 18.11.18 Dianne Skoll wrote: I'm not sure what software runs the ClamAV mailing list, but I'd have thought most would have ways to work around this. I use Mailman myself, and recent versions have options to work around DMARC problems. Better not use mailman it will break dkim if change of body, mailman does not break dmarc or for rhat matter spf I think you know more on email then i do Postfix maillist does not break dkim at all, see forward to other maillist does maillist as good ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav list spf problem
G.W. Haywood skrev den 2018-06-19 18:45: More than 1 gives 'permerror', not 'fail' (see section 4.5), although I suppose you may choose to treat the two results identically. :) Received-SPF: permerror (lists.clamav.net ... cisco.com: Maximum DNS-interactive terms limit (10) exceeded) receiver=localhost.junc.eu; identity=mailfrom; envelope-from="clamav-users-boun...@lists.clamav.net"; helo=lists.clamav.net; client-ip=198.148.79.53 possible reduce lists.clamav.net to ONLY have the ipv4/ipv6 address of the list server, cisco can still have more ips, no need to list all for that host ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit error
Micah Snyder (micasnyd) skrev den 2018-05-09 19:39: The web interface, however, can do both http and https. if users can do 2 things, most will do incorrect way turning off ssl is not a good option to any problem and this maillists here still breaks dkim from cisco :( ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fp Img.Malware.Agent-6499558-0
Joel Esler (jesler) skrev den 2018-05-07 03:27: Whoops, that’s an old link https://www.clamav.net/reports/fp unclear what to do in this link, upload google home apk file ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] fp Img.Malware.Agent-6499558-0
https://www.virustotal.com/file/074fe51b41596a05f5c04ba14c578786fe2edb553659fe9c8bc1f3210ab0/analysis/1525623232/ it hits on android google apps ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit error
Joel Esler (jesler) skrev den 2018-05-05 19:56: for I in `ls -l /tmp/files/malicious` do clamsubmit $I; done +1 add option to clamav-milter.conf to extract file attachment from email, but only from 3dr party signatures that way more malware would soon be detected not needed if its already detected wish to see foxhole as std signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamsubmit error
Arnaud Jacques skrev den 2018-05-05 07:38: I did : clamsubmit -e webmas...@securiteinfo.com -N Arnaud Jacques -n myfile space is new arg ? clamsubmit -e webmas...@securiteinfo.com -N "Arnaud Jacques" -n myfile untested imho create clamsubmit.conf as a ticket for new realeases of clamav would be helpfull so it could be just clamsubmit ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Malwarepatrol false positives
Alex skrev den 2018-04-29 03:24: That shouldn’t be part of the official ruleset. Really? bit.ly have abuse handling, so its hard to report if its rejected No one uses bit.ly for a legitimate purposes? is this a question ? I don't mean for that to sound sarcastic - I really don't know. Everyone's heard of / uses bit.ly I thought... dont use malwarepatrol, thats all ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Missing /etc/clamd.conf on fedora
marcos sr skrev den 2018-03-27 15:49: http://fedoranews.org/tchung/clamav/fedoranews-clamav.pdf to get support use it Hello Thanks for attention So... The "correct" way to install clamav on fedora is yum install -y clamav clamav-update clamav-scanner clamd ? And the file used is /etc/clamd.d/scan.conf ? Sorry for the noob question, where i can find the correct way to install in my OS? that I do not make this mistake again... And with others packages I used the Operating System Specific Information to install. I'm starting using clamav i read the manual, but there's nothing about fedora... 2018-03-27 9:53 GMT-03:00 Reindl Harald <h.rei...@thelounge.net>: Am 27.03.2018 um 14:47 schrieb Benny Pedersen: marcos sr skrev den 2018-03-26 22:37: I'm missing something? no yes packages clamconf --generate-config=clamd.conf >/etc/clamd.conf please refrain as Gentoo user giving wrong advises for Fedora where the config file you generate is *not* used by daemons which are simply forgotten to install rpm -q --file /etc/clamd.d/scan.conf clamav-scanner-0.99.4-1.fc26.noarch rpm -q --file /usr/lib/systemd/system/clamd@.service clamav-server-systemd-0.99.4-1.fc26.noarch ___ cat /usr/lib/systemd/system/clamd@.service [Unit] Description = clamd scanner (%i) daemon After = syslog.target nss-lookup.target network.target [Service] Type = forking ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf Restart = on-failure now edit that config file only issue this command if it realy missing when done, run clamconf to verify that it is used with own settings but maintaners should know this is a missing thing in there pakages, not a source bug ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Missing /etc/clamd.conf on fedora
marcos sr skrev den 2018-03-26 22:37: I'm missing something? no clamconf --generate-config=clamd.conf >/etc/clamd.conf now edit that config file only issue this command if it realy missing when done, run clamconf to verify that it is used with own settings but maintaners should know this is a missing thing in there pakages, not a source bug ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
Chris skrev den 2018-02-01 18:23: nc -zv 127.0.0.1 3300-3400 nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused clamd does not listen by default on inet, its default only unix socket if you want both, configure it :=) see clamd.conf more help ?, clamconf output for clamd.conf ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 beta2 has been released!
Steven Morgan skrev den 2017-12-19 20:27: Thanks Benny, please try it now. super works now Bug 12000 was closed as a duplicate of https://bugzilla.clamav.net/show_bug.cgi?id=11999. is other bugs being solved before release of 0.99.3 ? https://bugzilla.clamav.net/show_bug.cgi?id=2316 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 beta2 has been released!
Steven Morgan skrev den 2017-12-19 17:33: https://bugzilla.clamav.net/show_bug.cgi?id=12000 is the ticket. and bug #11999 is non public ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Extradatabase import foxhole database
Emanuel skrev den 2017-12-12 17:47: what would be the correct way to execute the rsync command? *--files-from=filelist.txt???* why does download scripts exists ?, do you want unsigned signatures ? when does sigtool allow 3dr party signing ? :( ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Extradatabase import foxhole database
Emanuel skrev den 2017-12-12 15:44: it's possible import only the foxhole database from http://sanesecurity.com/usage/linux-scripts/?? how?? install the script ? configure it to only fetch wanted dbs done or wait to clamav gething more 0day sigs added ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fail updates
Dennis Peterson skrev den 2017-11-06 19:43: Come to think of it, 130.59.10.36 shouldn't even still be in mirrors.dat and that is part of the systemic problems in the system. Nothing cleans up stale entries in mirrors.dat except rm -f mirrors.dat. yep, its not working well, i see freshclam using ignore hosts from freshclam --list-mirrors and now worse dns seems failing, freshclam says my internet is down, no its not ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] fail updates
freshclam --list-mirrors Mirror #1 IP: 130.59.10.36 Successes: 391 Failures: 97 Last access: Mon Dec 19 00:46:43 2016 Ignore: No - Mirror #2 IP: 193.1.193.64 Successes: 2122 Failures: 208 Last access: Mon Nov 6 16:44:43 2017 Ignore: Yes - Mirror #3 IP: 81.91.100.173 Successes: 2079 Failures: 101 Last access: Sat Nov 4 01:06:08 2017 Ignore: Yes - Mirror #4 IP: 129.67.1.218 Successes: 2374 Failures: 59 Last access: Sat Nov 4 00:03:02 2017 Ignore: Yes - Mirror #5 IP: 172.110.204.67 Successes: 160 Failures: 364 Last access: Tue May 9 14:47:24 2017 Ignore: No - Mirror #6 IP: 130.59.113.36 Successes: 393 Failures: 0 Last access: Thu Feb 16 21:45:53 2017 Ignore: No - Mirror #7 IP: 178.79.177.182 Successes: 302 Failures: 112 Last access: Sun Nov 5 05:04:18 2017 Ignore: Yes ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV SegFault on Reload - 0.99.3-beta1
Steven Morgan skrev den 2017-09-26 18:31: Michael, Since this is intermittent, adding a custom diagnostic patch may be the best way to proceed. If you can work with this, I'll write something and send it to you. It would be great to get to the bottom of this before releasing 0.99.3. will it be possible to have freshclam support gpg signed updates supported, that way it can be more simple to just keep freshclam do it all for all 3dr party signatures aswell or will sigtool support 3dr party signer signed database sets ? i can now make database files, but still not make it signed by my own, good or bad i dont know :( all the best ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Mirror issues and what we are doing to fix it
Virgo Pärna skrev den 2017-08-30 15:32: I had to remove mirrors.dat, because all mirrors were being ignored, as the output of "freshclam -v --debug" showed. After that I got updates working again. this is imho a clearly bug, would you make bugzilla to it ? https://bugs.clamav.net/buglist.cgi?component=freshclam=ClamAV=--- note to owners of clamav.net ssl needs update, sorry if its a old url depricated, i could not find one where ssl is ok ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam or clamav-database
Bob Williams skrev den 2017-07-12 11:30: Thank you. The openSUSE updater has a method of locking packages to prevent unwanted updates, which I have now applied: # zypper al clamav-database in that case you would uninstall freshclam, else you get unstable results notify opensuse maintainers to not provide clamav-database, let freshclam do its work please i remember when clamav tarball was holding current databases, so gentoo users have to download old data to get new clamav source code, now this is solved, but seems opensuse have to learn more still :=) note freshclam is a daemon aswell as clamd, when both runs as so it works perfectly on top of that disable systemd for clamd and freshclam, this 2 things are not designed to be used from systemd at all i hate precompiled problems ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] New Main.cvd coming
Joel Esler (jesler) skrev den 2017-05-17 20:59: main.cvd will receive a cdiff. So, the size will be considerably smaller than a full “main” push. super, now we have a non compressed signed main, with on its own means faster loading but i like to see sigtool support compress uncompressed official database while keep its signess of being official, it is supported in freshclam.conf, just not in sigtool :( ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV UnOfficial Database
Joel Esler (jesler) skrev den 2017-05-05 01:39: We have some ideas here Benny, but nothing in the pipeline today. +1, thats stable software :) If we incorporated SaneSecurity’s sigs (we need permission to do so from Steve), then we could ingest them, and de-dupe any hash-based sigs that we have that other types of sigs alert on (we do this today for our own internal sigs) The hash based sigs are a method for us to automatically get sigs out right now instead of later. As we all have other things we are doing. why not just permit sig creatators to sign there own sigs ?, so it can be used entirely as a freshclam update ?, why would that be bad ? atleast if sig creators could sign sigs digitaly, it wont hurt to drop bash updates that use gpg, i can make clu database files now, but still not sign it, with imho is bad that this is not yet possible :( the dedupe is appricated, and thats is a very good reason to make sigs centraly, but that can be ensured in other ways imho how to list pua catagorys ?, what about clam stats used as a sig catagory change rule for sigs that are not in the wild, so if users not using all catagorys will not load all sigs, but users that want to use all sigs can do so ? or it could be make another cvd called archived, with contains all sigs that are considered very old and not usefull, not hitting in long time doing nothing is not a problem for stable software, but it not makeing it better even lets hear Steve why he not just send sigs to sig creators maillists, i know its a big work done even if he did not send it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV UnOfficial Database
Henrik K skrev den 2017-05-04 23:30: So we traded memory for equal disk. No surprise there, those bazillion hashes need their space. I guess someone should just serve them up in cloud somewhere like... Immunet? ^_^ and scan times is still the same ?, while load time is considred very fast since it now dont need to unzip main.cvd ? :) wish for freshclam, save cvd files in unpacked state so it does not need to unpack on load freeshclam can update cvd files and pack it with zlib, but it sigtool can unpack it to being not zlipped saved, hmm zlip packed data is only usefull for mirror updateing to save data transfer imho on diff updatees it does not get much saved oh well :=) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV UnOfficial Database
Joel Esler (jesler) skrev den 2017-05-04 14:19: We'd have to evaluate which feeds would be appropriate for the ClamAV Db. The more coverage the better, with fewest false positives. agree, but i like to know if it will be opt out or opt in aswell, would it be considered to make all 3dr party sigs into pua ?, so end users can enable pua category selecting ? i am just very open minded on asking here lastly will it ever be possible to have 3dr party signature signed ? i just begin to hate bash scripts when i know freshclam can do it better ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV UnOfficial Database
Joel Esler (jesler) skrev den 2017-05-04 13:52: We already distribute some third party feeds into the official database, we have a program for that which can be found on our website. +1 We would love to incorporate Sanesecurity's feed, all they have to do is give us the okay to do it. would it be opt in or opt out if done ? most of there signatures is spam sigs, not virus sigs :( hopefully all wake up with it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV UnOfficial Database
crazy thinker skrev den 2017-05-04 13:39: Sanesecurity signatures :*97.11%* SecuriteInfo signatures (free) : 19.03% ClamAV Official only signatures: 13.82% all this is not virus signature, so for me this does not count Number of signatures: Sanesecurity signatures : *249,766* SecuriteInfo (free) : 1,110,596 ClamAV Only : 4,137,929 if clamav should have more optimized signatures, if would need more virus signatures, not just random more signatures personly i like to see more 0day signaturees then 1 more specific signature catches Date of oldest malware Sample in test : 06.01.2015 Date of newest malware Sample in test: 05.12.2015 so thay are dead ? Optimized Database means the db having leass no of signatures and can able to give more malware detection rate so no more 3dr party signature ? and now i ask why is clamwin have more signatures engines then clamav linux ?, reading this maillists here says we all want clamav to be global not just windows specific, ironical ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV UnOfficial Database
crazy thinker skrev den 2017-05-04 13:28: Hi ClamAV Developers, Users To my curiosity, i want to remove ClamAV Official Database and plan to integrate unofficial database with clamav engine.. i heard that Sanesecurity signatures increases ClamAV performance upto 90%.. where did you read that ? so i am thinking that excluding ClamAV Official Database not afffecting ClamAV performance in this scenario. because. i guess Sanesecurity unofficial database covers signatures which is covered by ClamAV Official Database.. well if you do this you will shut your self in foots Am i right? nope The reason behind to do like this is i want to keep optimized database i would like to get some suggestions/advices on my experimental thought define a optimized database first ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV for EnterPrise
Joel Esler (jesler) skrev den 2017-04-20 01:40: Alright all — I think the conversation and arguing has gone on long enough and we’ve beat not only the topic to death, but the topics after the topic are now dead. I’ve received enough complaints at this point to call a truce. Joel i can only say you are nearly only one i still not have put autoreader on, its sad to see so many flames of me when user could stop read what i post, thats imho really sad, world would be better if all helped each other, and not trowing bomps on things that is not better after the bomp is trowed in gentoo 0.99 is last stable version, and 0.99.1 0.99.2 is masked unstable, what happende to 0.99.3 ? freshclam says 0.99.2 is latest version only thing i wish will come is to see OnUnOFFicial sigs in clamav milter so it can accept and tag 3dr party virus/spam sigs, that will save 1 clamd instance, and one clamav-milter instance that way its up to spamassassin to score on results, and if spamas-milter reject if scored to high is there plans to have more 3dr party sigs into clamav ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] password protected encrypted .docx files
Dino Edwards skrev den 2017-04-05 16:48: Any way to get clamav to block password protected Microsoft word files? Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's off by default) if not working pastebin your clamconf (clamav section only) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] freshclam exit codes
Already have, it did not help On April 5, 2017 1:25:39 PM Andreas Schulze <andreas.schu...@datev.de> wrote: Am 05.04.2017 um 12:52 schrieb Benny Pedersen: I get Access denied, can login OK, but cant see any problems at all, is there a point with open source on closed bugzillas? maybe you've simple to create an account? -- A. Schulze DATEV eG ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] freshclam exit codes
I get Access denied, can login OK, but cant see any problems at all, is there a point with open source on closed bugzillas? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] (no subject)
Reindl Harald skrev den 2017-03-10 00:42: guess what the list-footer is for (idiot - since every day anotehr one like you does the same bullshit mailing to a list of hunredts or thounsands of people) what was your point of reply public here and still complaining of abuse, hmm very clever please filter it localy, and dont make it worse on maillists, problem is that not much mua clients know how to use list-id headers for self services, users just post to maillists to be subscribed, lol :=) if you reply here i will drop all future mails from you, no need to fight with me on it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam (workaround)
Adam Gibson skrev den 2017-03-05 16:29: This whitelists those patterns so they do not even get processed to cause the crash in the regexp engine that clamd uses. Clamd started up fine for me with CentOS 5 after doing that. did you test that this is same problem in centos 7 ? come on :=) you have more problems then just clamav with centos 5 i dont care really, but now i sayed it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] R: Re: ClamAV for windows: GUI and chocolatey package
Joel Esler (jesler) skrev den 2017-03-05 13:42: We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. windows only imho :( would it be possible to see before clamavv 1.0 in linux ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Joel Esler (jesler) skrev den 2017-03-04 23:54: We cannot be tied to distribution support problems. where did i ask for that ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Leonardo Rodrigues skrev den 2017-03-04 23:12: is clamav a redhat product ?!?! I don't think so. That being said, i see absolutely no point at all on saying clamav should do this because redhat does that. good point Anyone wishing to be updated with a 10+ years rhel install, should call redhat for that :) any rpm builded systems are buggy my 0.02 cents ... anymore left ? i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature accept|quarantine|reject that will save me to have need for 2 clamd and 2 clamav-milters just my one bitcoin :) clamav-owner please stop breaking dkim ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamd memory usage running high?
Reindl Harald skrev den 2017-02-02 14:36: that maybe would fine if clamav would have the best hitrate, but by far it don't tell this maillist here where there is on that is better on memory usage and still gpl'ed, that would be much more truly to read about then just that clamav is bad, with its not i just wish the bugzilla would be more public avail then it currently is i still wish for OnUnofficial accept|reject|quarantine to be supported in clamav-milter to keep resources low with clamd yes is know one could just use 2 clamd, but that uses more memory and it will use 2 scanning pr email :( but who are listing ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Unsubscribe
On January 24, 2017 9:59:23 AM ZEMEN Draganawrote: please can you take mea out of this mailing list? sure see links below here ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?
On December 29, 2016 13:06:51 "Steve Basford"wrote: https://bugs.clamav.net/show_bug.cgi?id=11708 still ssl error ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav-milter and unofficial sigs
is it possible currently to accept 3dr party virus in clamav-milter ? eq: OnUnofficial Accept where default is Rejct like OnInfected ? this will make clamav-milter more flexible using currently here clamav from github head ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] bugzilla security certificate
Joel Esler (jesler) skrev den 2016-12-07 18:10: Thanks Steve, I’ve opened a ticket for review. using http:// redirect to the one that works, nice :=) simply kill that dns is the fastest solutiion ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] bugzilla security certificate
Steve Basford skrev den 2016-12-07 17:42: Just a quick one... in case it confuses visitors to Bugzilla... +1 Going to https://bugs.clamav.net/ well spotted ssl error Firefox reports: "bugs.clamav.net uses an invalid security certificate. The certificate is only valid for bugzilla.clamav.net Error code: SSL_ERROR_BAD_CERT_DOMAIN" hopefully clamav.net knows how to make it right You can bypass the warning if desired. worst advise you ever have giving here ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Time to remove 209.198.147.20 from db.us RR
On 2016-09-13 23:18, Ted Hatfield wrote: I was unaware that server was still in the list. I sent an email last year asking to remove it. drop the dns hostname, hopefully clamav team does not use ip addresses :( think about dual stacking ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Canot get to Virus Definition
On 2016-08-17 20:25, Young, Timothy R (IS) wrote: We operate in a classified environment and do not have internet access. So, we are limited to downloading and burning to DVD. so burn more then one DVD pr day ? what is the security of that ? thoos usb sticks where you are downloading, use freshclamd there as Joel tells you, and share that datafiles localy possible setup local mirror as described in docs ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] LibClamAV Error: yyerror(): test.yar line 6 undefined identifier "filename"
On 2016-08-11 19:32, Axb wrote: In that post aithor states: "I created some YARA rules that use the external variable „filename“ to work. LOKI and THOR use the „filename“ and other external variables by default." hmm... now how the heck do we get to happen with ClamAv? :) .. talking to myself... +1 try see foxhole rules, imho it can match filenames and sizes, but i wish it was more dokumented also logical signatures in clamav is very simple, just wish it was more dokumented try compiled yara rules with clamav, not source rules, dont know if that makes a diffrence for clamav ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] daily sig 22066 and kaspersky site Html.Exploit.CVE_2016_3326-3
On 2016-08-11 10:18, ancien compte wrote: i'v forgot :) wget -qO- http://www.kaspersky.fr/internet-security/ | clamscan - stdin: Html.Exploit.CVE_2016_3326-3 FOUND hopefully thay read it here sooneer or later ? :=) i am not good at france so hopefully there webmaster can recieve mail ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter feature requst
On 2016-08-04 19:15, G.W. Haywood wrote: make it possible to have policy banks in clamav-milter ... Are you sure that you mean clamav-milter? its what sendmail uses imho ? and if it happens there it works just what amavisd do with make some virus signature over to spam signature to be processed in spamscanner like spamasssassin reason for this is that make this clamav signature is that its more ram effitive then make native spamasssasin rules xsing fingers to see updates comming ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav-milter feature requst
make it possible to have policy banks in clamav-milter so eq one can have 3dr party signatures that just add header like it would do when accept virus, but lets be creative possible aswell make a PUA.pattern to accept or deny as virus so one policy bank for officiel signatures, and upto a random number of other policy banks as users see fit for there needs if that is aswell will be supported in clamd socket it will save alot of workarounds i think would it be possible to see that ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 22:21, Joel Esler (jesler) wrote: It basically has to do with our how signature system works. so its complicated ? i still like to know why its 3rd party, and why its not just added in ExtraDatabase marketing stats dont intrest me SafeBrowsing is a option, why is 3dr party forced ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 22:13, Joel Esler (jesler) wrote: All third party signatures have the name of the third party submitter in the signature itself. For example: * Win.Malware.Agent4285353149/CRDF-1 I understand what you are saying Benny, however, we’re rather err on the side of shipping more detection to protect users. just dont call it 3dr party then ExtraDatabase would have worked aswell ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 21:52, Joel Esler (jesler) wrote: Nothing prevents anyone from using 3rd party sigs. We just want to incorporate 3rd party sigs into the official repo, for more coverage, for more users. If ClamAV has, say, 10M users, how many of those 10M do you suppose also run 3rd party sigs? I’d say less that 5%. marketing stats On Jul 13, 2016, at 3:36 PM, Axbwrote: My guess is that Benny doens't really mean "silly" but probably is his "special" way of saying that it would be nice to be able to opt-in to third party sigs. bravo 5% understand me :( ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 21:30, Joel Esler (jesler) wrote: Why would it be silly to make life easier for millions of users? its is since users want choices why is SafeBrowsing not on pr default ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 21:11, Joel Esler (jesler) wrote: what ExtraDatabase is it in freshclam ? It’s not. It’s in the regular daily.cvd that you download from us. silly imho :( ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
On 2016-07-13 20:40, Joel Esler (jesler) wrote: http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html what ExtraDatabase is it in freshclam ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fake mp3, real malware.
On 2016-06-06 21:39, Steven Morgan wrote: Sorry, try it now. solved https://bugzilla.clamav.net/show_bug.cgi?id=11156 fail ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fake mp3, real malware.
On 2016-06-06 18:12, Steven Morgan wrote: Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582. You are not authorized to access bug #11582. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav users break dkim signed mails
On 2016-05-30 08:11, Dennis Peterson wrote: That is an unacceptable hack (removes functionality) for an unacceptable hack (DKIM). have you ever seen my dmarc pass ? if there is more then one way to make it, users choice the incorrect way ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav users break dkim signed mails
On 2016-05-30 08:07, Andreas Schulze wrote: It's simply a matter of doing it. Don't hurt: see http://dovecot.org/list/dovecot/2014-June/096547.html and Timo can reject html mails in mailmanger, no need to break dkim/dmarc ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav users break dkim signed mails
On 2016-05-30 03:30, Dennis Peterson wrote: Mail list servers and dkim are generally poorly compatible. I'm not aware of a way to send a signed message to a list then have the list resend it to all members while preserving the dkim signature. There's been no shortage of debate on the topic. Both yahoo and smtp are in a death spiral anyway so it probably won't matter soon. if yahoo users start asking why thay cant stay on maillists with dmarc reject if possible there is some admins on both clamav.org and yahoo.com that learn new things of what not to do yahoos fault is to use dmarc reject on things that is public usage in life but if both parties does not care much on this prolem it will not be fixed i hate to see my dkim fails on maillists when its not my fault CC: to you so you can test how bad my setup is ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav users break dkim signed mails
so if yahoo.com users subscribe thay will later be unsubscribed as long as clamav users break dkim i see forward to have this solved aswell for yahoo.com users its not a option for me to ask yahoo.com to fix there dmarc, but please check my dmarc fail or pass, where did it break ? hopefully mailadmins wake up ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV - References
On 2016-04-19 14:15, Leonardo Rodrigues wrote: My personal experience show that when IT teams cames with these 'we don't like free/open source software', it actually means they will NOT accept that solution, no matter how much data you gather to prove that that would be a great solution. indeed, its free so it must be very bad since alternatives cost money but i say that clamav engine does not forbid to remove cisco signatures and build own signature databases, if such signatures turns out to be very good signatures banks can submit them to cisco so it can be in daily. database later here i have learned enough to make my own local.cud database file with all my own signatures in, i keep that private since its of no use outside of localhost ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV - References
On 2016-04-19 01:33, Paul Kosinski wrote: "However, as a bank, our security department do not like to use such free opensource initiatives." 1: clamav is open source 2: clamav does not need cisco signatures what to loose here ? if banks would compiled clamav self, and add own trusted signatures there would be no loose anywhere compareing to closed source alternatives i still dont get it :( ftw: clamav-milter can run in tag only mode so later processing can use that tags for more in deep trouble problem resolving but clamav it self will not remove virus either its just a very powerfull scanning engine ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] zip, rar, jar, ... how to delete all exe's and others files?
On 2016-04-14 16:15, Kris Deugau wrote: Does anyone have any examples of valid signatures for the .cdb sigfiles? http://sanesecurity.com/foxhole-databases/ "whatever"), but based on what I've tried so far that's apparently not valid. yes i have hard to get more info on cdb format files aswell, seems undokumted as is The only thing I want to match on is the name of the files in the archive. .zmd and .rmd still work for that. take one or more of the foxhole databases, and possible if succes share that signature here, it might be usefull for more then one i prefer 0day signatures in this wondorfull world of malwares ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Locky Dridex plan
one more reason to use gentoo where i created a github master trunk ?, now i just emerge @live-rebuild to get the latest stable clamav nothing happens if users dont notifify maintainers of precompiled problems ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why does this happen?
On 2016-03-16 23:04, Steven Morgan wrote: server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf testfile.pdf /temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND Why? How do I stop this? is clamconf saying this clamd.conf is default config ? is there diff results from using clamscan --config foo and clamdscan --config foo ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why does this happen?
On 2016-03-16 23:30, Scott Galambos wrote: I had to completely restart the server, not just restart the daemons for some reason. Its off now and not scanning encrypted PDF's. glad you found the issues about it another time you can make a new default config from clamconf -g clamd.conf >/tmp/clamd.conf and then diff this with your own config to see if new or settings is changed or missing in your own config Thank you. no problem ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why did you block me clamAV page??
On 2016-03-13 14:41, Jaroslav Fojtik wrote: ould you tell me any idea how to undo this. speculation: that ip is used more then from you eq its a isp NAT connection that is from cloudflare is seen as heavy single user :( years ago all mailservers used pop-before-smtp to allow authed mail senders, it just had the exact same problem you possible have here ask your isp if you are using shared nated ip setup, if so ask them for help to possible get one that is not nated, if thats not possible ask your isp to let cloudflare know its nated ip so cloudflare can take this into account for limits best solution could be ipv6 aswell hopefully clamav.net dont mind have ipv6 webservers sorry if im out of track ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.
On 8. mar. 2016 04.00.59 "Joel Esler (jesler)"wrote: http://blog.clamav.net/2016/03/clamav-will-release-new-maincvd-and.html The estimated size of these files are 100 MB and 10 MB respectively. Daily 115M Main 156M Bytecode 402K All in uncompressed size, so the estinated is compressed ? I think about memory usage in future aswell ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No supported database files found
On 9. mar. 2016 15.56.30 farbod emamiwrote: please help Run freshclam If it fails, what settings are shown in clamconf Dont post clamconf here, if need more help pastebin it and share link to it ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ScanOLE2 yes disables macro virus detection
On 2016-02-08 22:26, Steven Morgan wrote: I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to investigate and track the issue. Plz sign up for an account at https://bugzilla.clamav.net and send me the user id and I will CC you on the bug. Once that is done, I will need for you to attach your signatures and sample files to the bug report. arg :( clamav is on github, so there is 2 bugtrackers ? You are not authorized to access bug, graet way to say we dont want your bugs https://github.com/vrtadmin/clamav-devel/issues ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Non-repudiation
On 2016-01-29 23:28, Al Varnell wrote: Not sure how you would arrive at that conclusion. SaneSecurity is not affiliated with Cisco/SourceFire/ClamAV. sadly true :( hopefully all 3dr party sigs will be sourcefire signed oneday until then gpg works ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav-milter crash
i have seen it do this so many times now that i like to know if its just me that use it or its known problem upgrade to 0.99 does not help, currently on the stable gentoo 0.98.7 is there a github version of clamav ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml