Re: [clamav-users] clamav incremental scan?

[Benny Pedersen via clamav-users]

On 2021-05-04 20:19, Michael Wang wrote:

It seems that this should be a common question, but I did not find a
definite answer via Google search. I saw solutions to only scan files
in the last 60 days, but it is not difficult for a virus file to
change date, isn't it? I can think of to maintain hash table with file
name and its checksum, but looks like this should be a functionality
of the clamav itself. How do you do it? Just do a full scan every
time? Thanks.


fun part is that clamdscan needs root access, stupid

virus scanning must not be done as root user, else one knows why its 
unsecure on unpacking


already files stored as non root users can only be changed by same user 
if its malware, this includes change time stamps


as non root, isssue a touch malwarefile.exe, new upload

hope clamav team redo this insecure in clamdscan

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] cdn :/

[Benny Pedersen via clamav-users]

On 2021-04-28 18:16, Joel Esler (jesler) wrote:

On Apr 28, 2021, at 12:10 PM, Benny Pedersen  wrote:

On 2021-04-28 17:56, Joel Esler (jesler) wrote:

I don’t think that’s a solution.


https scales only if makeing private mirrors :/

design of torrents is ther more users the faster speeds all get 
without needing private mirrors, so yes it does better then cloudflare


We can manage Cloudflare, and BitTorrent is banned in just about every
corporate environment.


DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=cisco.onmicrosoft.com;

From: "Joel Esler (jesler)" 

it works well

cisco do there own dkim, but both dkim is untrusted by 3dr party 
signing, one more problem to solve


is it possible to see mailman stops mangle dkim when dmarc policy is 
p=none;


while i am on clamav, what about synology antivirus essential ?


What about it?


good question, maybe i just make a feedback to synology for this one


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] cdn :/

[Benny Pedersen via clamav-users]

On 2021-04-28 17:56, Joel Esler (jesler) wrote:

I don’t think that’s a solution.


https scales only if makeing private mirrors :/

design of torrents is ther more users the faster speeds all get without 
needing private mirrors, so yes it does better then cloudflare


is it possible to see mailman stops mangle dkim when dmarc policy is 
p=none;


while i am on clamav, what about synology antivirus essential ?



On Apr 28, 2021, at 9:21 AM, Benny Pedersen via clamav-users 
 wrote:


On 2021-04-28 14:42, Eero Volotinen wrote:


Please upgrade to supported version?


i have that on gentoo, problem is fidxed now, finaly, how can this 
take so long without anyone notice it is imho scarry


consider implement bittorrent protocol into freshclamd, it scales more 
then claoudflare problem


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] cdn :/

[Benny Pedersen via clamav-users]

On 2021-04-28 14:42, Eero Volotinen wrote:


Please upgrade to supported version?


i have that on gentoo, problem is fidxed now, finaly, how can this take 
so long without anyone notice it is imho scarry


consider implement bittorrent protocol into freshclamd, it scales more 
then claoudflare problem


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] cdn :/

[Benny Pedersen via clamav-users]

i am on cool down, yes since 10-4-2021

missing cdiff imho, so it try the full cvd download that is missing, 
after that cool down :/


am i alone ?

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Testing

[Benny Pedersen via clamav-users]

Joel Esler (jesler) skrev den 2019-02-20 23:14:

Testing!


for the record here is what spamassassin says when i post on 
postfix-maillist


X-Spam-Status: No, score=-2.4, required=5.0, Autolearn=no 
autolearn_force=no,

LastExt=2604:8d00:0:1::3 Shortcircuit=no,none
X-Spam-Rules_score: ALL_TRUSTED=-1,BAYES_00=-1.9,DKIM_SIGNED=0.1,
DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,MAILING_LIST_MULTI=-1,
SPF_HELO_NONE=0.7,SPF_NONE=0.7,TXREP=0.334,XSENDER_MATCH=-0.1

hope other maillists can copy that
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Eingangsbestätigung IT-Service

[Benny Pedersen via clamav-users]

IT-Service Theatergemeinde Köln skrev den 2019-02-21 00:11:

Vielen Dank für Ihre Nachricht. Sie ist bei uns ordnungsgemäß
eingegegangen und wird so schnell wie möglich bearbeitet.


i dont want to sleep with you
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Testing

[Benny Pedersen via clamav-users]

Joel Esler (jesler) skrev den 2019-02-21 00:06:

We are working on this currently.


good, if openarc seal signing will be added to mailman and drop 
ownerships take over it will be perfect, its about time mailman get 
fixed for dkim and dmarc rejects, dont accept dmarc policy reject, but 
accept quarantine posters, else it will create downstream rejects, sadly


i know dmarc pass and maillist is possible, it could even be with 
mailman if people did more carefully setup mailman


for the time being i hae added this new ip for networks a ip that 
disable all milters here in postfix, this was simple for me to do

___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Testing

[Benny Pedersen via clamav-users]

Scott Kitterman skrev den 2019-02-20 23:34:


I'm not sure why anyone expects anything different.


you are not on maillist with original senders get dmarc pass ? :=)

hint postfix

where is dkimpy-milter i like to build on gentoo to get rid of most of 
my dkim and dmarc problems


is there a guid on migrade from opendkim to dkimpy signing ?

thanks for good software btw
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Testing

[Benny Pedersen]

Joel Esler (jesler) skrev den 2019-02-20 23:14:

Testing!


DKIM and DMARC still fails

no news there :(
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

[Benny Pedersen]

Vijayakumar U skrev den 2019-01-31 12:39:

Do I need to raise this issue or is it taken care of already?


what issue ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] warning: connect to Milter service unix:/var/run/clamav/clamav-milter.ctl: No such file or directory

[Benny Pedersen]

Yasuhiro KIMURA skrev den 2019-01-28 15:10:


--
root@kusanagi[2796]# ls -l /var/run/clamav/clamav-milter.ctl
srw-rw-rw- 1 clamav clamav 0  1月 27 06:25 
/var/run/clamav/clamav-milter.ctl=

--

Then what is wrong? How can I fix this warning message?


postfix needs read write access to this socket, most simple way is to 
use inet socket, if you can



Config file: clamd.conf
---
TCPSocket = "3310"
TCPAddr = "127.0.0.1"

Config file: freshclam.conf
---

Config file: clamav-milter.conf
---
ClamdSocket = "tcp:127.0.0.1:3310"
MilterSocket = "inet:7357@localhost"
MilterSocketGroup disabled
MilterSocketMode disabled


main.cf

milter_clamav = inet:[127.0.0.1]:7357
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} 
{auth_authen}

milter_opendkim = inet:[127.0.0.1]:8891
milter_opendmarc = inet:[127.0.0.1]:8893
milter_protocol = 6
non_smtpd_milters = $milter_opendkim
smtpd_milters = $milter_clamav,$milter_opendkim,$milter_opendmarc


this works for me :=)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fwd: CLAMD CPU usage

[Benny Pedersen]

Adam Waller skrev den 2019-01-18 17:32:


We have clamav installed on all our VMs however ever since doing so
we've noticed that clamd is consistently using up to 100% of a CPU
core.


upgrade cpu :-)


Just wondering if anyone can offer any advice on how to improve this.


it could be solved if clamav can save main.cvd into main.cld 
(uncompressed signed database) this will save or reduce cpu load on 
reload sigs, to make things worse clamav keeps old database loaded while 
reloading new databases, if all databases is compressed it takes more 
cpu time, its btw not a bug


i kindly ask developers to make sigtool save uncompressed data files, to 
help reduce cpu time on reloads

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

[Benny Pedersen]

Vijayakumar U skrev den 2019-01-10 15:42:


When a malicious file is inside zip file and if zip file contains some
other corrupted zip file, the malicious file is not filtered as virus.


+1

please start using foxhole 3dr party signatures to stop this malwares 
with double packed archives



Sample link - ZXW2.6-Blackfish2.0.zip -
https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB


ZXW2.6.exe is undetected on gdrive, so it can be downloaded, on 
virustotal.com its detected on 18 out of 68 scanners :)


i have sent this file to http://www.clamav.net/reports/malware as a 
false negative


thanks for reporting and using clamav
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] One question 

[Benny Pedersen]

Gary R. Schmidt skrev den 2018-12-30 05:56:


Veuillez republier vos questions dans votre langue maternelle (je
présume le français) car elles n’ont aucun sens en anglais.


i prefer your english aswell :=)

AI works well on some mobile phones, just nok yet in clamav
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam update HTTP Error 403 Forbidden

[Benny Pedersen]

Claudiu Albu skrev den 2018-12-21 13:56:


CLAMAV VERSION is:
"_WARNING: Local version: 0.100.2 Recommended version: 0.101.0_"
After some reading, this seems to be the latest version in a stable
CentOS EPEL stable repo - correct?


no

freshclam reports latest stable version, its upto centos maintainrs to 
put that version into there repo, 2 options now is, wait, build rpms 
localy self, and install that rpm update


http://lifeofageekadmin.com/build-rpms-centos/

why wait ? :=)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

[Benny Pedersen]

Scott Kitterman skrev den 2018-12-13 18:28:
Would it be possible to turn off the outdated warning until that 
happens?


why ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

[Benny Pedersen]

Kaushal Shriyan skrev den 2018-12-13 07:30:

I am running CentOS Linux release 7.6.1810 (Core) with ClamAV
installed. When i am running freshclam i am seeing a Warning message
and the details are described below:-



WARNING: Local version: 0.100.2 Recommended version: 0.101.0
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav


it also says dont panic :=)

create a centos bug to get a bumped version into centos repo, or 
compiled localy latest version wanted


its not anything here we could do more
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [OT] is clamav.securiteinfo.com no more?

[Benny Pedersen]

G.W. Haywood skrev den 2018-12-05 18:16:


On Wed, 5 Dec 2018, Dennis Peterson wrote:

All the "tiny" url hosts are blacklisted here ...
A list of them could be useful.  Do you have such a thing, or a 
pointer?


https://github.com/rspamd/rspamd/blob/master/conf/redirectors.inc
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CompressLocalDatabase setting & Bugzilla Certificate

[Benny Pedersen]

J.R. skrev den 2018-11-23 22:30:

In my freshclam.conf I have 'CompressLocalDatabase yes' set, yet I
noticed that I have daily.cld & safebrowsing.cld instead of .cvd? I


this is a time waster to enable that, i would like to know how to make 
the cld from cvd, so it not reload the compressed version anymore, 
starting clamd takes more ram and time to load the compressed cvds, 
sadly


both cld and cvd is signed
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV mirrors have gotten worse!

[Benny Pedersen]

Paul Kosinski skrev den 2018-11-20 03:25:


  # Use aaa.bbb.ccc.ddd as client address for downloading databases.
  # Useful for multi-homed systems.
  # Default: Use OS'es default outgoing IP address.
  LocalIPAddress 10.11.14.160


comment that line


No matter, are we so unlucky -- only 1 out of 3M -- in having the sync
errors reappear? Or are we simply one of far fewer users who log (and
actually examine) their entire freshclam output?


you did not make localmirror correct, whole 10.x.x.x/8 is non routed in 
rfc1918, so not external problem to solve other then make freshclam get 
a localmirror that works, if unsure how, comment that localipaddress

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: The ClamAV 0.101.0 release candidate is here!

[Benny Pedersen]

Paul Kosinski skrev den 2018-11-20 02:54:


Are there any other users of HAVP in conjunction with ClamAV? (HAVP was
originally written to work with ClamAV as well as other AV packages,
such as Kaspersky, Sophos and F-Prot.)


recompile of havp should be solve it, unless havp have bugs to solve

let the old havp compile runs on later versions of clamav can leed to 
problems


if havp is bug free its just a recompile needed
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] whitelist with clamav-milter

[Benny Pedersen]

Matus UHLAR - fantomas skrev den 2018-09-27 10:36:

On 26.09.18 07:56, Jerry wrote:
I am running clamav version 0.100.1 on a FreeBSD 11.2 / amd64 machine. 
I
also have the clamav-milter installed. My problem is that even though 
I am

trying to whitelist some addresses, they get marked as Spam.


spam? clamav is s virus scanner, not spam scanner.


+1

This is an example of one such address: ☀ Puritan's Pride 



I entered this into the white list file: 
From:puritanspr...@e.puritan.com


I then restarted the milter. Unfortunately, the email is still marked 
as

Spam. I thought that clamav-milter would simply ignore the file.

X-Virus-Status: Infected (SecuriteInfo.com.Spam-4701.UNOFFICIAL)
X-Virus-Scanned: clamav-milter 0.100.1 at scorpio.seibercom.net


do you mean this under "marked as spam"?


imho would be nice if clamav-milter could reject based on official 
signatures, and tag only on 3dr party signatures


lastly i agree clamav is a good spam scanner aswell if used correct
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Malwarepatrol false positive

[Benny Pedersen]

Kris Deugau skrev den 2018-08-31 19:44:

Benny Pedersen wrote:

why is https even blocked ? :(

please whitelist https signatures


There's no reason a hacked HTTPS website couldn't host malware.  And
there's no reason a spam domain couldn't get a certificate (from Let's
Encrypt, or somewhere else) if they carefully time their actions.


https links could not be reported to the signer ?

but yes its to simple to make https links without payments at all

time to block signers if thats possible
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Malwarepatrol false positive

[Benny Pedersen]

Mark G Thomas skrev den 2018-08-31 18:51:


And YET ANOTHER today. I figured others here might want the heads up.

[root@imx0 conf]# sigtool --find-sigs MBL_13226139 |  sigtool 
--decode-sigs


VIRUS NAME: MBL_13226139
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url


why is https even blocked ? :(

please whitelist https signatures
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-milter with sendmail on Fedora 28: init failed to open, to error state, initialization failed, temp failing commands

[Benny Pedersen]

Robert Kudyba skrev den 2018-07-30 16:23:


Jul 23 11:45:39 storm clamd[22351]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 82 undefined identifier "pe"


remove yar rules

clamav is unstable with yara, google it

and systemd is not working with milter interfaces
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

[Benny Pedersen]

Joel Esler (jesler) skrev den 2018-07-03 22:42:


Yes.  But measuring those numbers is the difficult part.  A fresh
install of ClamAV is going to download the main, the daily, then all
the diffs since the last daily, which could be a ton.  It's the people
that are downloading the *same* diff 1000x an hour that are the
problem.


could this be solved in freshclam

maxdiffupdates 50 # number of diff to max update at once
minimalrechecktime 60 # minimal minutes before next recheck new diff 
updates


adjust as needed

would that atleast settle it a bit ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Benny Pedersen]

Gene Heskett skrev den 2018-07-02 19:20:

On Monday 02 July 2018 13:12:12 Gene Heskett wrote:
However, a network restart did not get rid of the ipv6 stuff in the
ifconfig lo report. ?  /etc/network/interfaces is also clean of any
ipv6 stuffs. ?



if all else fails

check /etc/gai.conf

change that conf to prefer ipv4 first
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] OT: DMARC

[Benny Pedersen]

On 28. jun. 2018 18.11.18 Dianne Skoll  wrote:




I'm not sure what software runs the ClamAV mailing list, but I'd have
thought most would have ways to work around this.  I use Mailman myself,
and recent versions have options to work around DMARC problems.


Better not use mailman it will break dkim if change of body, mailman does 
not break dmarc or for rhat matter spf


I think you know more on email then i do

Postfix maillist does not break dkim at all, see forward to other maillist 
does maillist as good



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

[Benny Pedersen]

G.W. Haywood skrev den 2018-06-19 18:45:


More than 1 gives 'permerror', not 'fail' (see section 4.5), although
I suppose you may choose to treat the two results identically. :)


Received-SPF: permerror (lists.clamav.net ... cisco.com: Maximum 
DNS-interactive terms limit (10) exceeded) receiver=localhost.junc.eu; 
identity=mailfrom; 
envelope-from="clamav-users-boun...@lists.clamav.net"; 
helo=lists.clamav.net; client-ip=198.148.79.53


possible reduce lists.clamav.net to ONLY have the ipv4/ipv6 address of 
the list server, cisco can still have more ips, no need to list all for 
that host

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamsubmit error

[Benny Pedersen]

Micah Snyder (micasnyd) skrev den 2018-05-09 19:39:


The web interface, however, can do both http and https.


if users can do 2 things, most will do incorrect way

turning off ssl is not a good option to any problem

and this maillists here still breaks dkim from cisco :(
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fp Img.Malware.Agent-6499558-0

[Benny Pedersen]

Joel Esler (jesler) skrev den 2018-05-07 03:27:

Whoops, that’s an old link

https://www.clamav.net/reports/fp


unclear what to do in this link, upload google home apk file ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] fp Img.Malware.Agent-6499558-0

[Benny Pedersen]

https://www.virustotal.com/file/074fe51b41596a05f5c04ba14c578786fe2edb553659fe9c8bc1f3210ab0/analysis/1525623232/

it hits on android google apps
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamsubmit error

[Benny Pedersen]

Joel Esler (jesler) skrev den 2018-05-05 19:56:

for I in `ls -l /tmp/files/malicious` do clamsubmit $I; done


+1

add option to clamav-milter.conf to extract file attachment from email, 
but only from 3dr party signatures


that way more malware would soon be detected

not needed if its already detected

wish to see foxhole as std signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamsubmit error

[Benny Pedersen]

Arnaud Jacques skrev den 2018-05-05 07:38:


I did :
clamsubmit -e webmas...@securiteinfo.com -N Arnaud Jacques -n myfile


space is new arg ?

clamsubmit -e webmas...@securiteinfo.com -N "Arnaud Jacques" -n myfile

untested

imho create clamsubmit.conf as a ticket for new realeases of clamav 
would be helpfull


so it could be just clamsubmit 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Malwarepatrol false positives

[Benny Pedersen]

Alex skrev den 2018-04-29 03:24:


That shouldn’t be part of the official ruleset.

Really?


bit.ly have abuse handling, so its hard to report if its rejected


No one uses bit.ly for a legitimate purposes?


is this a question ?


I don't mean for that to sound sarcastic - I really don't know.
Everyone's heard of / uses bit.ly I thought...


dont use malwarepatrol, thats all
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Missing /etc/clamd.conf on fedora

[Benny Pedersen]

marcos sr skrev den 2018-03-27 15:49:

http://fedoranews.org/tchung/clamav/fedoranews-clamav.pdf

to get support use it


Hello

Thanks for attention

So... The "correct" way to install clamav on fedora is

yum install -y clamav clamav-update clamav-scanner clamd ?

And the file used is /etc/clamd.d/scan.conf ?

Sorry for the noob question,  where i can find the correct way to
install in my OS? that I do not make this mistake again... And with
others packages

I used the Operating System Specific Information to install.

I'm starting using clamav i read the manual, but there's nothing about
fedora...

2018-03-27 9:53 GMT-03:00 Reindl Harald <h.rei...@thelounge.net>:


Am 27.03.2018 um 14:47 schrieb Benny Pedersen:

marcos sr skrev den 2018-03-26 22:37:


I'm missing something?


no


yes packages


clamconf --generate-config=clamd.conf >/etc/clamd.conf


please refrain as Gentoo user giving wrong advises for Fedora where
the
config file you generate is *not* used by daemons which are simply
forgotten to install

rpm -q --file /etc/clamd.d/scan.conf
clamav-scanner-0.99.4-1.fc26.noarch

rpm -q --file /usr/lib/systemd/system/clamd@.service
clamav-server-systemd-0.99.4-1.fc26.noarch

___

cat /usr/lib/systemd/system/clamd@.service
[Unit]
Description = clamd scanner (%i) daemon
After = syslog.target nss-lookup.target network.target

[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
Restart = on-failure


now edit that config file

only issue this command if it realy missing

when done, run clamconf to verify that it is used with own

settings


but maintaners should know this is a missing thing in there

pakages, not

a source bug

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Missing /etc/clamd.conf on fedora

[Benny Pedersen]

marcos sr skrev den 2018-03-26 22:37:


I'm missing something?


no

clamconf --generate-config=clamd.conf >/etc/clamd.conf

now edit that config file

only issue this command if it realy missing

when done, run clamconf to verify that it is used with own settings

but maintaners should know this is a missing thing in there pakages, not 
a source bug

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused

[Benny Pedersen]

Chris skrev den 2018-02-01 18:23:


nc -zv 127.0.0.1 3300-3400
nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused


clamd does not listen by default on inet, its default only unix socket

if you want both, configure it :=)

see clamd.conf

more help ?, clamconf output for clamd.conf
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 beta2 has been released!

[Benny Pedersen]

Steven Morgan skrev den 2017-12-19 20:27:

Thanks Benny, please try it now.


super works now


Bug 12000 was closed as a duplicate of
https://bugzilla.clamav.net/show_bug.cgi?id=11999.


is other bugs being solved before release of 0.99.3 ?

https://bugzilla.clamav.net/show_bug.cgi?id=2316
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 beta2 has been released!

[Benny Pedersen]

Steven Morgan skrev den 2017-12-19 17:33:

https://bugzilla.clamav.net/show_bug.cgi?id=12000 is the ticket.


and bug #11999 is non public
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Extradatabase import foxhole database

[Benny Pedersen]

Emanuel skrev den 2017-12-12 17:47:

what would be the correct way to execute the rsync command?

*--files-from=filelist.txt???*


why does download scripts exists ?, do you want unsigned signatures ?

when does sigtool allow 3dr party signing ? :(
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Extradatabase import foxhole database

[Benny Pedersen]

Emanuel skrev den 2017-12-12 15:44:


it's possible import only the foxhole database from
http://sanesecurity.com/usage/linux-scripts/??

how??


install the script ?

configure it to only fetch wanted dbs

done

or wait to clamav gething more 0day sigs added
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fail updates

[Benny Pedersen]

Dennis Peterson skrev den 2017-11-06 19:43:

Come to think of it, 130.59.10.36 shouldn't even still be in
mirrors.dat and that is part of the systemic problems in the system.
Nothing cleans up stale entries in mirrors.dat except rm -f
mirrors.dat.


yep, its not working well, i see freshclam using ignore hosts from 
freshclam --list-mirrors


and now worse dns seems failing, freshclam says my internet is down, no 
its not

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] fail updates

[Benny Pedersen]

freshclam --list-mirrors

Mirror #1
IP: 130.59.10.36
Successes: 391
Failures: 97
Last access: Mon Dec 19 00:46:43 2016
Ignore: No
-
Mirror #2
IP: 193.1.193.64
Successes: 2122
Failures: 208
Last access: Mon Nov  6 16:44:43 2017
Ignore: Yes
-
Mirror #3
IP: 81.91.100.173
Successes: 2079
Failures: 101
Last access: Sat Nov  4 01:06:08 2017
Ignore: Yes
-
Mirror #4
IP: 129.67.1.218
Successes: 2374
Failures: 59
Last access: Sat Nov  4 00:03:02 2017
Ignore: Yes
-
Mirror #5
IP: 172.110.204.67
Successes: 160
Failures: 364
Last access: Tue May  9 14:47:24 2017
Ignore: No
-
Mirror #6
IP: 130.59.113.36
Successes: 393
Failures: 0
Last access: Thu Feb 16 21:45:53 2017
Ignore: No
-
Mirror #7
IP: 178.79.177.182
Successes: 302
Failures: 112
Last access: Sun Nov  5 05:04:18 2017
Ignore: Yes
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV SegFault on Reload - 0.99.3-beta1

[Benny Pedersen]

Steven Morgan skrev den 2017-09-26 18:31:

Michael,

Since this is intermittent, adding a custom diagnostic patch may be the
best way to proceed. If you can work with this, I'll write something 
and

send it to you. It would be great to get to the bottom of this before
releasing 0.99.3.


will it be possible to have freshclam support gpg signed updates 
supported, that way it can be more simple to just keep freshclam do it 
all for all 3dr party signatures aswell


or will sigtool support 3dr party signer signed database sets ?

i can now make database files, but still not make it signed by my own, 
good or bad i dont know :(


all the best
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Mirror issues and what we are doing to fix it

[Benny Pedersen]

Virgo Pärna skrev den 2017-08-30 15:32:

I had to remove mirrors.dat, because all mirrors were being
ignored, as the output of "freshclam -v --debug" showed. After that I
got updates working again.


this is imho a clearly bug, would you make bugzilla to it ?

https://bugs.clamav.net/buglist.cgi?component=freshclam=ClamAV=---

note to owners of clamav.net ssl needs update, sorry if its a old url 
depricated, i could not find one where ssl is ok

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam or clamav-database

[Benny Pedersen]

Bob Williams skrev den 2017-07-12 11:30:


Thank you. The openSUSE updater has a method of locking packages to
prevent unwanted updates, which I have now applied:

# zypper al clamav-database


in that case you would uninstall freshclam, else you get unstable 
results


notify opensuse maintainers to not provide clamav-database, let 
freshclam do its work please


i remember when clamav tarball was holding current databases, so gentoo 
users have to download old data to get new clamav source code, now this 
is solved, but seems opensuse have to learn more still :=)


note freshclam is a daemon aswell as clamd, when both runs as so it 
works perfectly


on top of that disable systemd for clamd and freshclam, this 2 things 
are not designed to be used from systemd at all


i hate precompiled problems
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New Main.cvd coming

[Benny Pedersen]

Joel Esler (jesler) skrev den 2017-05-17 20:59:

main.cvd will receive a cdiff.   So, the size will be considerably
smaller than a full “main” push.


super, now we have a non compressed signed main, with on its own means 
faster loading


but i like to see sigtool support compress uncompressed official 
database while keep its signess of being official, it is supported in 
freshclam.conf, just not in sigtool :(

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

[Benny Pedersen]

Joel Esler (jesler) skrev den 2017-05-05 01:39:

We have some ideas here Benny, but nothing in the pipeline today.


+1, thats stable software :)


If we incorporated SaneSecurity’s sigs (we need permission to do so
from Steve), then we could ingest them, and de-dupe any hash-based
sigs that we have that other types of sigs alert on (we do this today
for our own internal sigs)  The hash based sigs are a method for us to
automatically get sigs out right now instead of later.  As we all have
other things we are doing.


why not just permit sig creatators to sign there own sigs ?, so it can 
be used entirely as a freshclam update ?, why would that be bad ?


atleast if sig creators could sign sigs digitaly, it wont hurt to drop 
bash updates that use gpg, i can make clu database files now, but still 
not sign it, with imho is bad that this is not yet possible :(


the dedupe is appricated, and thats is a very good reason to make sigs 
centraly, but that can be ensured in other ways imho


how to list pua catagorys ?, what about clam stats used as a sig 
catagory change rule for sigs that are not in the wild, so if users not 
using all catagorys will not load all sigs, but users that want to use 
all sigs can do so ?


or it could be make another cvd called archived, with contains all sigs 
that are considered very old and not usefull, not hitting in long time


doing nothing is not a problem for stable software, but it not makeing 
it better even


lets hear Steve why he not just send sigs to sig creators maillists, i 
know its a big work done even if he did not send it

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

[Benny Pedersen]

Henrik K skrev den 2017-05-04 23:30:


So we traded memory for equal disk. No surprise there, those bazillion
hashes need their space.  I guess someone should just serve them up in 
cloud

somewhere like...  Immunet?  ^_^


and scan times is still the same ?, while load time is considred very 
fast since it now dont need to unzip main.cvd ? :)


wish for freshclam, save cvd files in unpacked state so it does not need 
to unpack on load


freeshclam can update cvd files and pack it with zlib, but it sigtool 
can unpack it to being not zlipped saved, hmm


zlip packed data is only usefull for mirror updateing to save data 
transfer imho on diff updatees it does not get much saved


oh well :=)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

[Benny Pedersen]

Joel Esler (jesler) skrev den 2017-05-04 14:19:

We'd have to evaluate which feeds would be appropriate for the ClamAV
Db.  The more coverage the better, with fewest false positives.


agree, but i like to know if it will be opt out or opt in aswell, would 
it be considered to make all 3dr party sigs into pua ?, so end users can 
enable pua category selecting ?


i am just very open minded on asking here

lastly will it ever be possible to have 3dr party signature signed ?

i just begin to hate bash scripts when i know freshclam can do it better
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

[Benny Pedersen]

Joel Esler (jesler) skrev den 2017-05-04 13:52:

We already distribute some third party feeds into the official
database, we have a program for that which can be found on our
website.


+1


We would love to incorporate Sanesecurity's feed, all they have to do
is give us the okay to do it.


would it be opt in or opt out if done ?

most of there signatures is spam sigs, not virus sigs :(

hopefully all wake up with it
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

[Benny Pedersen]

crazy thinker skrev den 2017-05-04 13:39:


Sanesecurity signatures :*97.11%*
SecuriteInfo  signatures (free) :  19.03%
ClamAV Official only signatures: 13.82%


all this is not virus signature, so for me this does not count


Number of signatures:

Sanesecurity signatures :  *249,766*
SecuriteInfo (free) :  1,110,596
ClamAV Only  : 4,137,929


if clamav should have more optimized signatures, if would need more 
virus signatures, not just random more signatures


personly i like to see more 0day signaturees then 1 more specific 
signature catches



Date of oldest malware Sample in test : 06.01.2015
Date of newest malware Sample in test: 05.12.2015


so thay are dead ?

Optimized Database means the db having leass no of signatures and can 
able

to give more malware detection rate


so no more 3dr party signature ?

and now i ask why is clamwin have more signatures engines then clamav 
linux ?, reading this maillists here says we all want clamav to be 
global not just windows specific, ironical ?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

[Benny Pedersen]

crazy thinker skrev den 2017-05-04 13:28:

Hi ClamAV Developers, Users

To my curiosity, i want  to remove ClamAV Official Database and plan to
integrate unofficial database with clamav engine.. i heard that
Sanesecurity signatures increases  ClamAV  performance upto 90%..


where did you read that ?


so i am
thinking  that  excluding ClamAV Official Database not afffecting 
ClamAV

performance in this scenario. because. i guess Sanesecurity unofficial
database covers signatures which is covered by ClamAV Official 
Database..


well if you do this you will shut your self in foots


Am i right?


nope


The reason behind to do like this is  i  want to keep
optimized database
i would like to get  some suggestions/advices on my experimental  
thought


define a optimized database first
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV for EnterPrise

[Benny Pedersen]

Joel Esler (jesler) skrev den 2017-04-20 01:40:

Alright all —

I think the conversation and arguing has gone on long enough and we’ve
beat not only the topic to death, but the topics after the topic are
now dead.

I’ve received enough complaints at this point to call a truce.


Joel i can only say you are nearly only one i still not have put 
autoreader on, its sad to see so many flames of me when user could stop 
read what i post, thats imho really sad, world would be better if all 
helped each other, and not trowing bomps on things that is not better 
after the bomp is trowed


in gentoo 0.99 is last stable version, and 0.99.1 0.99.2 is masked 
unstable, what happende to 0.99.3 ?


freshclam says 0.99.2 is latest version

only thing i wish will come is to see OnUnOFFicial sigs in clamav milter 
so it can accept and tag 3dr party virus/spam sigs, that will save 1 
clamd instance, and one clamav-milter instance


that way its up to spamassassin to score on results, and if 
spamas-milter reject if scored to high


is there plans to have more 3dr party sigs into clamav ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] password protected encrypted .docx files

[Benny Pedersen]

Dino Edwards skrev den 2017-04-05 16:48:

Any way to get clamav to block password protected Microsoft word files?


Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's
off by default)

if not working pastebin your clamconf (clamav section only)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam exit codes

[Benny Pedersen]

Already have, it did not help


On April 5, 2017 1:25:39 PM Andreas Schulze <andreas.schu...@datev.de> wrote:


Am 05.04.2017 um 12:52 schrieb Benny Pedersen:
I get Access denied, can login OK, but cant see any problems at all, is 
there a point with open source on closed bugzillas?


maybe you've simple to create an account?

--
A. Schulze
DATEV eG

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam exit codes

[Benny Pedersen]

I get Access denied, can login OK, but cant see any problems at all, is 
there a point with open source on closed bugzillas?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Benny Pedersen]

Reindl Harald skrev den 2017-03-10 00:42:

guess what the list-footer is for (idiot - since every day anotehr one
like you does the same bullshit mailing to a list of hunredts or
thounsands of people)


what was your point of reply public here and still complaining of abuse, 
hmm very clever


please filter it localy, and dont make it worse on maillists, problem is 
that not much mua clients know how to use list-id headers for self 
services, users just post to maillists to be subscribed, lol :=)


if you reply here i will drop all future mails from you, no need to 
fight with me on it

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam (workaround)

[Benny Pedersen]

Adam Gibson skrev den 2017-03-05 16:29:

This whitelists those patterns so they do not even get processed to 
cause
the crash in the regexp engine that clamd uses.  Clamd started up fine 
for

me with CentOS 5 after doing that.


did you test that this is same problem in centos 7 ?

come on :=)

you have more problems then just clamav with centos 5

i dont care really, but now i sayed it
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] R: Re: ClamAV for windows: GUI and chocolatey package

[Benny Pedersen]

Joel Esler (jesler) skrev den 2017-03-05 13:42:

We make Immunet.  It combines a cloud based detection engine with the
offline capability of clamav.   It's extremely effective and free.


windows only imho :(

would it be possible to see before clamavv 1.0 in linux ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

[Benny Pedersen]

Joel Esler (jesler) skrev den 2017-03-04 23:54:

We cannot be tied to distribution support problems.


where did i ask for that ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

[Benny Pedersen]

Leonardo Rodrigues skrev den 2017-03-04 23:12:

is clamav a redhat product ?!?! I don't think so. That being said, i
see absolutely no point at all on saying clamav should do this because
redhat does that.


good point


Anyone wishing to be updated with a 10+ years rhel install, should
call redhat for that :)


any rpm builded systems are buggy


my 0.02 cents ...


anymore left ?

i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature 
accept|quarantine|reject


that will save me to have need for 2 clamd and 2 clamav-milters

just my one bitcoin :)

clamav-owner please stop breaking dkim
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd memory usage running high?

[Benny Pedersen]

Reindl Harald skrev den 2017-02-02 14:36:

that maybe would fine if clamav would have the best hitrate, but by far 
it don't


tell this maillist here where there is on that is better on memory usage 
and still gpl'ed, that would be much more truly to read about then just 
that clamav is bad, with its not


i just wish the bugzilla would be more public avail then it currently is

i still wish for OnUnofficial accept|reject|quarantine to be supported 
in clamav-milter to keep resources low with clamd


yes is know one could just use 2 clamd, but that uses more memory and it 
will use 2 scanning pr email :(


but who are listing ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Unsubscribe

[Benny Pedersen]

On January 24, 2017 9:59:23 AM ZEMEN Dragana  wrote:


please can you take mea out of this mailing list?


sure see links below here
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

[Benny Pedersen]

On December 29, 2016 13:06:51 "Steve Basford" 
 wrote:



https://bugs.clamav.net/show_bug.cgi?id=11708


still ssl error
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav-milter and unofficial sigs

[Benny Pedersen]

is it possible currently to accept 3dr party virus in clamav-milter ?

eq:

OnUnofficial Accept

where default is Rejct like OnInfected ?

this will make clamav-milter more flexible

using currently here clamav from github head
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] bugzilla security certificate

[Benny Pedersen]

Joel Esler (jesler) skrev den 2016-12-07 18:10:

Thanks Steve,

I’ve opened a ticket for review.


using http:// redirect to the one that works, nice :=)

simply kill that dns is the fastest solutiion
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] bugzilla security certificate

[Benny Pedersen]

Steve Basford skrev den 2016-12-07 17:42:

Just a quick one... in case it confuses visitors to Bugzilla...


+1


Going to https://bugs.clamav.net/


well spotted ssl error


Firefox reports:

"bugs.clamav.net uses an invalid security certificate. The certificate 
is
only valid for bugzilla.clamav.net Error code: 
SSL_ERROR_BAD_CERT_DOMAIN"


hopefully clamav.net knows how to make it right


You can bypass the warning if desired.


worst advise you ever have giving here
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Time to remove 209.198.147.20 from db.us RR

[Benny Pedersen]

On 2016-09-13 23:18, Ted Hatfield wrote:

I was unaware that server was still in the list.

I sent an email last year asking to remove it.


drop the dns hostname, hopefully clamav team does not use ip addresses 
:(


think about dual stacking


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Canot get to Virus Definition

[Benny Pedersen]

On 2016-08-17 20:25, Young, Timothy R (IS) wrote:


We operate in a classified environment and do not have internet
access.  So, we are limited to downloading and burning to DVD.


so burn more then one DVD pr day ?

what is the security of that ?

thoos usb sticks

where you are downloading, use freshclamd there as Joel tells you, and 
share that datafiles localy


possible setup local mirror as described in docs ?


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Error: yyerror(): test.yar line 6 undefined identifier "filename"

[Benny Pedersen]

On 2016-08-11 19:32, Axb wrote:

In that post aithor states:

"I created some YARA rules that use the external variable „filename“
to work. LOKI and THOR use the „filename“ and other external variables
by default."

hmm...  now how the heck do we get to happen with ClamAv? :)

.. talking to myself...


+1

try see foxhole rules, imho it can match filenames and sizes, but i wish 
it was more dokumented


also logical signatures in clamav is very simple, just wish it was more 
dokumented


try compiled yara rules with clamav, not source rules, dont know if that 
makes a diffrence for clamav



___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] daily sig 22066 and kaspersky site Html.Exploit.CVE_2016_3326-3

[Benny Pedersen]

On 2016-08-11 10:18, ancien compte wrote:

i'v forgot  :)

wget -qO- http://www.kaspersky.fr/internet-security/  | clamscan -
stdin: Html.Exploit.CVE_2016_3326-3 FOUND


hopefully thay read it here sooneer or later ? :=)

i am not good at france so hopefully there webmaster can recieve mail
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-milter feature requst

[Benny Pedersen]

On 2016-08-04 19:15, G.W. Haywood wrote:


make it possible to have policy banks in clamav-milter ...

Are you sure that you mean clamav-milter?


its what sendmail uses imho ?

and if it happens there it works just what amavisd do with make some 
virus signature over to spam signature to be processed in spamscanner 
like spamasssassin


reason for this is that make this clamav signature is that its more ram 
effitive then make native spamasssasin rules


xsing fingers to see updates comming


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav-milter feature requst

[Benny Pedersen]

make it possible to have policy banks in clamav-milter so eq one can 
have 3dr party signatures that just add header like it would do when 
accept virus, but lets be creative possible aswell make a PUA.pattern to 
accept or deny as virus


so one policy bank for officiel signatures, and upto a random number of 
other policy banks as users see fit for there needs


if that is aswell will be supported in clamd socket it will save alot of 
workarounds i think


would it be possible to see that ?


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

[Benny Pedersen]

On 2016-07-13 22:21, Joel Esler (jesler) wrote:

It basically has to do with our how signature system works.


so its complicated ?

i still like to know why its 3rd party, and why its not just added in 
ExtraDatabase


marketing stats dont intrest me

SafeBrowsing is a option, why is 3dr party forced ?
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

[Benny Pedersen]

On 2016-07-13 22:13, Joel Esler (jesler) wrote:

All third party signatures have the name of the third party submitter
in the signature itself.  For example:

   * Win.Malware.Agent4285353149/CRDF-1

I understand what you are saying Benny, however, we’re rather err on
the side of shipping more detection to protect users.


just dont call it 3dr party then

ExtraDatabase would have worked aswell
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

[Benny Pedersen]

On 2016-07-13 21:52, Joel Esler (jesler) wrote:

Nothing prevents anyone from using 3rd party sigs.  We just want to
incorporate 3rd party sigs into the official repo, for more coverage,
for more users.

If ClamAV has, say, 10M users, how many of those 10M do you suppose
also run 3rd party sigs?  I’d say less that 5%.


marketing stats


On Jul 13, 2016, at 3:36 PM, Axb  wrote:

My guess is that Benny doens't really mean "silly" but probably is his 
"special" way of saying that it would be nice to be able to opt-in to 
third party sigs.


bravo 5% understand me :(
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

[Benny Pedersen]

On 2016-07-13 21:30, Joel Esler (jesler) wrote:

Why would it be silly to make life easier for millions of users?


its is since users want choices

why is SafeBrowsing not on pr default ?
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

[Benny Pedersen]

On 2016-07-13 21:11, Joel Esler (jesler) wrote:


what ExtraDatabase is it in freshclam ?

It’s not.  It’s in the regular daily.cvd that you download from us.


silly imho :(
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

[Benny Pedersen]

On 2016-07-13 20:40, Joel Esler (jesler) wrote:

http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html


what ExtraDatabase is it in freshclam ?
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fake mp3, real malware.

[Benny Pedersen]

On 2016-06-06 21:39, Steven Morgan wrote:

Sorry, try it now.


solved

https://bugzilla.clamav.net/show_bug.cgi?id=11156 fail
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fake mp3, real malware.

[Benny Pedersen]

On 2016-06-06 18:12, Steven Morgan wrote:

Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582.


You are not authorized to access bug #11582.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav users break dkim signed mails

[Benny Pedersen]

On 2016-05-30 08:11, Dennis Peterson wrote:

That is an unacceptable hack (removes functionality) for an
unacceptable hack (DKIM).


have you ever seen my dmarc pass ?

if there is more then one way to make it, users choice the incorrect way
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav users break dkim signed mails

[Benny Pedersen]

On 2016-05-30 08:07, Andreas Schulze wrote:


It's simply a matter of doing it.
Don't hurt: see http://dovecot.org/list/dovecot/2014-June/096547.html


and Timo can reject html mails in mailmanger, no need to break 
dkim/dmarc

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav users break dkim signed mails

[Benny Pedersen]

On 2016-05-30 03:30, Dennis Peterson wrote:

Mail list servers and dkim are generally poorly compatible. I'm not
aware of a way to send a signed message to a list then have the list
resend it to all members while preserving the dkim signature. There's
been no shortage of debate on the topic. Both yahoo and smtp are in a
death spiral anyway so it probably won't matter soon.


if yahoo users start asking why thay cant stay on maillists with dmarc 
reject if possible there is some admins on both clamav.org and yahoo.com 
that learn new things of what not to do


yahoos fault is to use dmarc reject on things that is public usage in 
life


but if both parties does not care much on this prolem it will not be 
fixed


i hate to see my dkim fails on maillists when its not my fault

CC: to you so you can test how bad my setup is
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav users break dkim signed mails

[Benny Pedersen]

so if yahoo.com users subscribe thay will later be unsubscribed as long 
as clamav users break dkim


i see forward to have this solved aswell for yahoo.com users

its not a option for me to ask yahoo.com to fix there dmarc, but please 
check my dmarc fail or pass, where did it break ?


hopefully mailadmins wake up
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV - References

[Benny Pedersen]

On 2016-04-19 14:15, Leonardo Rodrigues wrote:


My personal experience show that when IT teams cames with these
'we don't like free/open source software', it actually means they will
NOT accept that solution, no matter how much data you gather to prove
that that would be a great solution.


indeed, its free so it must be very bad since alternatives cost money

but i say that clamav engine does not forbid to remove cisco signatures 
and build own signature databases, if such signatures turns out to be 
very good signatures banks can submit them to cisco so it can be in 
daily. database later


here i have learned enough to make my own local.cud database file with 
all my own signatures in, i keep that private since its of no use 
outside of localhost

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV - References

[Benny Pedersen]

On 2016-04-19 01:33, Paul Kosinski wrote:

"However, as a bank, our security department do not like to use such
free opensource initiatives."


1: clamav is open source
2: clamav does not need cisco signatures

what to loose here ?

if banks would compiled clamav self, and add own trusted signatures 
there would be no loose anywhere


compareing to closed source alternatives i still dont get it :(

ftw: clamav-milter can run in tag only mode so later processing can use 
that tags for more in deep trouble problem resolving


but clamav it self will not remove virus either its just a very 
powerfull scanning engine

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] zip, rar, jar, ... how to delete all exe's and others files?

[Benny Pedersen]

On 2016-04-14 16:15, Kris Deugau wrote:

Does anyone have any examples of valid signatures for the .cdb 
sigfiles?


http://sanesecurity.com/foxhole-databases/


"whatever"), but based on what I've tried so far that's apparently not
valid.


yes i have hard to get more info on cdb format files aswell, seems 
undokumted as is



The only thing I want to match on is the name of the files in the
archive.  .zmd and .rmd still work for that.


take one or more of the foxhole databases, and possible if succes share 
that signature here, it might be usefull for more then one


i prefer 0day signatures in this wondorfull world of malwares
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Locky Dridex plan

[Benny Pedersen]

one more reason to use gentoo where i created a github master trunk ?, now 
i just emerge @live-rebuild to get the latest stable clamav


nothing happens if users dont notifify maintainers of precompiled problems
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why does this happen?

[Benny Pedersen]

On 2016-03-16 23:04, Steven Morgan wrote:


server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf
testfile.pdf
/temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
Why?  How do I stop this?


is clamconf saying this clamd.conf is default config ?

is there diff results from using clamscan --config foo and clamdscan 
--config foo ?

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why does this happen?

[Benny Pedersen]

On 2016-03-16 23:30, Scott Galambos wrote:

I had to completely restart the server, not just restart the daemons
for some reason.  Its off now and not scanning encrypted PDF's.


glad you found the issues about it

another time you can make a new default config from clamconf -g 
clamd.conf >/tmp/clamd.conf and then diff this with your own config to 
see if new or settings is changed or missing in your own config



Thank you.


no problem
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Why did you block me clamAV page??

[Benny Pedersen]

On 2016-03-13 14:41, Jaroslav Fojtik wrote:


ould you tell me any idea how to undo this.


speculation:

that ip is used more then from you eq its a isp NAT connection that is 
from cloudflare is seen as heavy single user :(


years ago all mailservers used pop-before-smtp to allow authed mail 
senders, it just had the exact same problem you possible have here


ask your isp if you are using shared nated ip setup, if so ask them for 
help to possible get one that is not nated, if thats not possible ask 
your isp to let cloudflare know its nated ip so cloudflare can take this 
into account for limits


best solution could be ipv6 aswell

hopefully clamav.net dont mind have ipv6 webservers

sorry if im out of track
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

[Benny Pedersen]

On 8. mar. 2016 04.00.59 "Joel Esler (jesler)"  wrote:


http://blog.clamav.net/2016/03/clamav-will-release-new-maincvd-and.html
The estimated size of these files are 100 MB and 10 MB respectively.


Daily 115M
Main 156M
Bytecode 402K

All in uncompressed size, so the estinated is compressed ?

I think about memory usage in future aswell
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] No supported database files found

[Benny Pedersen]

On 9. mar. 2016 15.56.30 farbod emami  wrote:


please help


Run freshclam

If it fails, what settings are shown in clamconf

Dont post clamconf here, if need more help pastebin it and share link to it
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

[Benny Pedersen]

On 2016-02-08 22:26, Steven Morgan wrote:


I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to
investigate and track the issue. Plz sign up for an account at
https://bugzilla.clamav.net and send me the user id and I will CC you 
on
the bug. Once that is done, I will need for you to attach your 
signatures

and sample files to the bug report.


arg :(

clamav is on github, so there is 2 bugtrackers ?

You are not authorized to access bug, graet way to say we dont want your 
bugs


https://github.com/vrtadmin/clamav-devel/issues
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam Non-repudiation

[Benny Pedersen]

On 2016-01-29 23:28, Al Varnell wrote:

Not sure how you would arrive at that conclusion. SaneSecurity is not
affiliated with Cisco/SourceFire/ClamAV.


sadly true :(

hopefully all 3dr party sigs will be sourcefire signed oneday

until then gpg works
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav-milter crash

[Benny Pedersen]

i have seen it do this so many times now that i like to know if its just 
me that use it or its known problem


upgrade to 0.99 does not help, currently on the stable gentoo 0.98.7

is there a github version of clamav ?
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml