Re: [clamav-users] Announcing Fangfrisch release 1.9.0
* Scott Kitterman via clamav-users: > Debian 10 still has LTS security support, but that's it. I don't find > it surprising that it's too old. I am certainly not surprised, in case you were wondering. What does surprise me is that some people hold on to old software stacks for a long time, even though an upgrade path is readily available. In any case, returning to the original question: Fangfrisch's requirements are not the result of arbitrary choices. -Ralph ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Announcing Fangfrisch release 1.9.0
* Damian via clamav-users: >> requirements.txt: >> requests >= 2.22.0 >> SQLAlchemy >= 1.4.0 > > Are those requirements sharp? I wonder if Fangfrisch could run on > older Debian systems with Debian-shipped python packages. Fangfrisch is available as a Debian package [1], but that does not change the requirements. Besides, Requests 2.22.0 and SQLAlchemy 1.4.0 were released in 2019 and 2021, respectively, with numerous bugfixes and feature releases since. Fangfrisch is already lenient when it comes to requirements. -Ralph [1] https://packages.debian.org/en/sid/fangfrisch ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Announcing Fangfrisch release 1.9.0
Fangfrisch release 1.9.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: - The logic for on_update* has been largely rewritten. As a user-visible side effect, detailed debugging information about on_update_* tasks is now available. - For improved flexibility, configuration sections may now override global on_update_exec and on_update_timeout. Eearlier Fangfrisch versions only examined the DEFAULTS section. - I added internal default configurations for two new providers; InterServer [1] and Fangfrisch News [2]. As per usual, these new providers are disabled by default. [1] https://www.interserver.net/ [2] https://rseichter.github.io/fangfrisch/#ffnews I am also happy to report that the new HTTP mirror for SaneSecurity signature files is chugging along nicely. Over the last days, I have counted 4672 unique client connections accessing these files, with a slow but steady increase in numbers according to the logs. -Ralph ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Announcing Fangfrisch release 1.8.0
* energynorman: > is sqlite needed? No, SQLite is simply the most convenient option for many users. Fangfrisch stores only small amounts of data, and DB access is not performance critical. You are however free to use any database dialect supported by SQLAlchemy. According to [1], this includes MariaDB. [1] http://docs.sqlalchemy.org/en/latest/dialects/mysql.html -Ralph ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Announcing Fangfrisch release 1.8.0
Fangfrisch release 1.8.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: - Sanesecurity (https://sanesecurity.com) provider default configuration overhaul. Switch to a less congested mirror site, add/remove several signature URLs. - Modernise Python build re PEP 517 (https://peps.python.org/pep-0517/). This should make packaging for modern Python versions easier. Attention package maintainers: If you bundle a custom configuration file, please make sure to verify its contents against Fangfrisch default settings (see https://rseichter.github.io/fangfrisch/#internalconf) and adjust as necessary. References to the previous mirror ftp.swin.edu.au should be removed. Thank you. -Ralph ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Announcing Fangfrisch release 1.7.0
Fangfrisch release 1.7.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. Support user-defined connection timeouts. 2. Cover Python versions 3.7 to 3.12 during CI test phase. -Ralph ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Announcing Fangfrisch release 1.6.0
Fangfrisch release 1.6.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. Fix an issue where long-running operations, e.g. slow virus definition file downloads, could exhaust SQLAlchemy's database connection pool. 2. Cover Python versions 3.7 to 3.11 during CI test phase. -Ralph ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Virus not detected
* Jorge Bastos: > It's just the link :P That matters little. Some mailing list subscriber might give in to temptation and download the virus file while not in a properly isolated environment, and trigger the payload due to incompetence or bad luck. > How would you be able to test then? ;) As was already pointed out in other responses, maintainers of virus signatures usually describe how best to submit virus samples on their respective web sites. > ok won't send again.. Thanks. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus not detected
* Jorge Bastos: > I have a virus file that came on an email, and clamav doesn't detect > [...] > Here's the file. Seriously? Do *NOT* send virus files to a public mailing list. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Announcing Fangfrisch release 1.5.0
* Ralph Seichter via clamav-users: > When running external commands, automx2 now catches all types of > exceptions [...] I of course mean Fangfrisch, not automx2. That's what I get for releasing two of my applications in short succession. ;-) -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Announcing Fangfrisch release 1.5.0
Fangfrisch release 1.5.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. CI tests now cover Python version 3.9 as well as 3.7 and 3.8. 2. When running external commands, automx2 now catches all types of exceptions, not only those in the subprocess exception hierarchy. This allows refresh operations to continue if one of them raised an exception. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Running ClamAV for production workloads
* Karthik Iyer via clamav-users: > I plan to run clamav on docker instances in a kubernetes cluster. > > What would be the process of updating the pods in the cluster ? Not meaning to sound hostile, but I think it needs to be said: You appear to lack programming experience and use this mailing list to ask for general information. You also don't seem to have a solid foundation of Kubernetes knowledge, and again you ask here. This mailing list is meant to discuss ClamAV *specifics*, not a general support forum for things you are lacking. My advice is for you to read docs, and take some courses in the basics of your everyday work. The volunteers on this mailing list are not some free-of-charge support crew, and quite frankly, you need to do your homework first. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam AV Cost and support for enterprise
* Karthik Iyer via clamav-users: > I keep getting this error when i try to use SendAndScanFileAsync > > "C:\KJ\Work\GEP Demos\CloudMersive Virus Scan > Demo\CloudMersiveDemo\bin\Debug\netcoreapp3.1\CloudMersiveDemo.exe > (process 22096) exited with code 0. What error are you referring to? By convention, exit code 0 signals "no error". > This is my code. At a quick glance, your code exits with code 0 no matter what value scanResult.Result has, even in the case when no test condition matches, which might not be what you want. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Announcing Fangfrisch release 1.4.0
Fangfrisch release 1.4.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. Allow the use of "url_xyz = disabled" in addition to empty values to disable URLs. 2. Remove "url_doppelstern*" and "url_crdfam_clamav" from Sanesecurity's provider section because the related signatures are no longer maintained and/or no longer distributed by Sanesecurity. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Announcing Fangfrisch feature release 1.3.0
Fangfrisch release 1.3.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. The ScamNailer service (http://www.scamnailer.info) is no longer maintained by its authors, and the related URL in the Sanesecurity provider section is now disabled in the internal Fangfrisch config. If you are still using ScamNailer, I recommend you manually remove /var/lib/clamav/scamnailer.ndb soonish. Thanks to GitHub user Fregf for reporting the discontinued service. 2. Individual URLs can now be disabled by setting their value to an empty string; see documentation section 5.3. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam AV Central Management Serve
* Sudhir Kumar Maharjan: > Mainly we want Centralised deployment of the software and policies > with dashboards and real-time/historical reporting. This is not really a ClamAV-specific issue. There are various tools for infrastructure automation; see for example SaltStack, Ansible or Puppet. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] milter
* David Beecher via clamav-users: > I am trying to set up a filter for watching for a specific keyword in > a subject line so I can tag it as spam and reject it. Milter-regex would work nicely, but you need neither a milter not ClamAV for this simple task. Sendmail can perform header checks[1], even though the syntax is horrible, as usual. [1] https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html#header_checks Just check for a match of your trigger expression in "Subject:" and reject the message if a match is found. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Announcing Fangfrisch feature release 1.2.0
Release 1.2.0 is now available via https://pypi.org/project/fangfrisch/ Previously, logging was limited to console output (stdout/stderr). This release adds optional syslog support, which can be enabled in the configuration file as follows: log_method = syslog log_target = /dev/log Syslog targets can be either Linux domain sockets, hostnames, or hostname:port pairs. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning emails
* Matus UHLAR: > I disagree, setting up clamav-milter is much easier than settingup > amavis. Then we'll have to agree to disagree in this matter. > I use clamav-milter and spamass-milter on my machine. So, I have both > spam and virus scanning. Didn't have big need to replace them by > amavis here. /me shrugs Relying on a single virus scanner is insufficient in the production environments I maintain. To each his own. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning emails
* Matus UHLAR: > clamav-milter can plug clamav to sendmail or postfix and clamd can > scan attachments directly, amavis is not really needed. Setting up Amavis with an MTA is no more complicated that setting up clamav-milter. However, as you know, Amavis allows adding additional virus scanner or filters like SpamAssassin to the mix very easily. None of my customers was ever satisfied with a virus scanner alone, once they began to take email protection seriously. That is why I personally recommend Amavis in good conscience. Also, I am a member of the Amavis developer team. ;-) -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning emails
* Bev Clues via clamav-users: > Can you tell me if clamd / clamdscan will scan email attachments as > well as the email file. Clamdscan will scan whatever you pass as an argument. However, with email it is common practice to have additional software like Amavis (https://gitlab.com/amavis/amavis) that splits mail into its MIME parts, including attachments, and then call ClamAV to check the segments. I can heartily recommend using Amavis plus ClamAV instead of invoking clamdscan some custom fashion. Every popular Linux distribution should have Amavis pre-packaged. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] freshclam errors
* Dieter Raith via clamav-users: > I will migrade to a more powerfull Cloud server with 8 GB ram and also > provide some cache. I sent a question to my provider (Hetzner), if the > can do it easily. Since you wrote you currently have 2 GB RAM, I am guessing that you are using a Hetzner CX11 cloud server? In that case, you can simply use the "Rescale" option (see https://console.hetzner.cloud/projects) to upgrade to a CX21 (4 GB) or CX31 (8 GB). This only takes a few minutes, and the existing installation remains intact. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] PrivateMirror set on client machine. Disable cld downloads
* vin: > The wget option is definitely an interesting work around. Could build > a script. You could, but you don't need to. Allow me to mention "Fangfrisch" as a possible solution. While written to handle unofficial signature files, Fangfrisch is completely content-agnostic, meaning it will download any binary data you point it to, as long as your choose a supported URL scheme (usually HTTP or HTTPS). # Example fangfrisch.conf settings for a server on IP 10.1.2.3. # See https://rseichter.github.io/fangfrisch/ for full documentation. [internalmirror] enabled = yes integrity_check = disabled prefix = http://10.1.2.3/ url_daily = ${prefix}daily.cvd url_main = ${prefix}main.cvd This works as it is, but downloads the full data whenever called. If you like to be more efficient, you can generate checksums on your mirror after each download like so: #!/usr/bin/env bash for x in /path/to/datadir/*.cvd ; do sha256sum -b ${x} > ${x}.sha256 done Then, use "integrity_check = sha256" (this is actually the default setting), causing Fangfrisch to download new files only if their checksum has changed. By the way, in the olden days we used "rsync" to distribute files across machines. Maybe that would also be an option for you. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Announcing Fangfrisch feature release 1.1.0
Release 1.1.0 is now available via https://pypi.org/project/fangfrisch/ This is a feature relase, focused on cleaning up local files if the configuration changes over time. IMPORTANT: If you are upgrading from a previous release, you need to either delete all existing database tables or create a new DB, followed by running "fangfrisch initdb". * Clean up previously downloaded files when their local path changes. This can happen when "filename_xyz" entries are added or modified. Suggested by @amishmm. * When a provider section is disabled, clean up associated virus signature files. This feature can optionally be disabled using the new "cleanup" configuration parameter. Suggested by @amishmm. * Running "fangfrisch --force initdb" will attempt to drop existing tables. * Introduce the "dumpmappings" action. This allows passing URL-to-filepath mappings recorded in the database to utilities like "awk" without accessing the DB directly. Thanks to Amish for his suggestions and for testing the new features. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Gentoo Linux installation package for Fangfrisch is now available
It took a while for my submission to be processed, but the Gentoo Linux installation package is finally available: https://packages.gentoo.org/packages/app-antivirus/fangfrisch -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV using high CPU and battery
* Douglas Stinnette: > I have been getting reports of ClamAV using high CPU during full scans. High CPU and I/O load while to scanning full file system? You find that surprising how, exactly, in a virus scanner? :-) -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Announcing Fangfrisch minor release 1.0.1
Release 1.0.1 is now available via https://pypi.org/project/fangfrisch/ There are no functional changes, only the following config defaults were modified: - Add two disabled data sources which are only available with a paid subscription to SecuriteInfo default configuration. Suggested by Arnaud Jacques. - Reduce default SecuriteInfo interval to one hour. Suggested by Arnaud Jacques. Enjoy. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
* Amish via clamav-users: > Did that already few hours back! Great minds... ;-) > I would suggest that your code detect the first run and automatically > run initdb if db_url is sqlite database and file does not exist (but > directory exist) I had thought about this before, but decided against it. IMO, having admins invoke 'initdb' manually once is not too much to ask. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
* Amish via clamav-users: > I wanted default config file such that package runs out of box. I understand. > That said, I have not disabled support for both, anyone can edit conf > file as per their requirement. You are right. Perhaps adding the two additional sections with explicit enabled=false might be an option, and maybe also include a link to the documentation? For comparison, I install this [1] configuration file for Gentoo Linux, plus a disabled crontab. The installation process reminds the user to edit the config before first launch. Only if the user ignores this a HTTP error will be displayed, which is fine by me. Of course, this is merely a suggestion of mine that you don't need to take. ;-) [1] https://github.com/rseichter/gentoo/blob/fangfrisch-200222/app-antivirus/fangfrisch/files/conf -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
* Amish via clamav-users: > Created AUR package for Arch Linux. (uses systemd timer instead of cron) Nice, thank you. May I ask why you did not enable support for both Malwarepatrol and SecuriteInfo in your packaged configuration? I have opened a pull request for Gentoo Linux today, providing an ebuild for a new package called app-antivirus/fangfrisch. I hope it won't take long for it to be processed. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
* Amish V.: > Is it a drop-in replacement (more or less) for clamav-unofficial-sigs? Indeed. I set out to write a replacement, one that is more secure and convenient to configure than clamav-unofficial-sigs, and that is also how I use Fangfrisch on production servers. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Announcing Fangfrisch release 1.0.0
Hello list members, since I first mentioned "Fangfrisch" here, I have added some quality- of-life functionality and further enhanced the documentation [1]. No issues were reported during testing, and I am happy to announce that Fangfrisch release 1.0.0 is now available at PyPI [2] and ready for use in production environments. [1] https://rseichter.github.io/fangfrisch/ [2] https://pypi.org/project/fangfrisch/ I hope some of you will find this utility useful and spread the word. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
* Rxx Mxx via clamav-users: > That is a perl library pcre isnt it? I don't understand your question -- if it was actually intended for me, that is. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
* Reio Remma via clamav-users: > That's the trouble with RHEL/CentOS - they stick with the major > software versions they initially come with for the lifetime of > their distribution version. If there are no official Python 3.7 packages for these distributions, maybe community packages are available? Failing that, there is also the alternative of building Python from its sources. I don't mean to pressure you, of course, but I also don't feel like limiting my code to Python 3.6, as you can surely understand. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
I just remembered that I use a feature of the subprocess module that was introduced with Python 3.7. So yes, version 3.7 is a hard requirement. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
* Reio Remma via clamav-users: > RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded > from running the script. I don't actually know if Python 3.6 would work, not having any machine with this old version available. Python version 3.7 was released in June 2018, and version 3.8 in October 2019. Are you certain the Linux distributions you mentioned have no way of installing Python 3.7 ? -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV
After the recent discussion of various security risks posed by the clamav-unofficial-sigs script, I have written "Fangfrisch" as a secure and convenient replacement. It was meant for personal use at first, but it works so well for me that I have taken the time to write a full documentation, in the hope that others might also find Fangfrisch useful. Documentation is available here: https://rseichter.github.io/fangfrisch/ The Python code has 100% test coverage and works reliably on my own servers, so I am confident that it has reached the necessary maturity for a public beta test. If you wish to give Fangfrisch a spin, check out the link above for detailed instructions on setup and usage. I'd be grateful for your feedback. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-unofficial-sigs download script updated
* James Brown via clamav-users: > Have you put your concerns into the issue tracker on GitHub? The script is provided for free, and I am torn between being grateful to the author for that and telling him that his script is, in my personal opinion, flawed and badly implemented. I don't state this opinion lightly, but it is still just an opinion (even if shared by others). The best approach would be redesigning and rewriting the script, and I don't think it is fair to expect this from somebody else. If I don't invest the time myself, I can hardly blame the author for sticking with the existing, problematic script. Opening a ticket reading "Your script is broken and should be rewritten from the ground up" does not seem a viable option to me. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why does clamscan take so long searching?
* Grscripts via clamav-users: > unluckly clamdscan does not honor --config-file= Since clamdscan leaves scanning to the server (which is properly configured), I have never tried to use "clamdscan --config-file=...", but according to the man-page, the option should be supported. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why does clamscan take so long searching?
* Rick Graham via clamav-users: > Perhaps a useful feature would be an extra verbose option ("-vv") that > would print more clamscan status, like loading signatures. That would not save you from using 'clamscan' when you should be using 'clamdscan'. ;-) -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?
* Micah Snyder via clamav-users: > [ClamAV] would immediately begin listening on the unix/tcp socket for > requests and fork into the background so as not to block the boot > process. To me, slowing down the boot process is just the (admittedly annoying) symptom of an underlying ClamAV issue. Based on the delays that we have seen over the past months, I'd say that ClamAV's database handling does not scale well enough, and I think that's what needs fixing. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam slows down boot on MX Linux (Debian)
* J. R. via clamav-users: > You could add a simple bash sleep statement to the appropriate > init.d/cron file. On systems using dependency based init systems like "init" or "OpenRC", services are usually started sequentially. I expect adding a sleep statement would actually slow things down even further in these cases. > IIRC some systems will run cron jobs that were missed while the system > was turned off... There are indeed cron implementations that work in this fashion, like Anacron. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam slows down boot on MX Linux (Debian)
* Paul B. via clamav-users: > I've been finding for some time now that I have a 10-15 second delay > before my machine settles down after a boot. Welcome to the club. Launching ClamAV has become so slow that I need to take steps to ensure that more important services like sshd are started before ClamAV, so as not to block the servers. We're talking 64 GB RAM and quad-core i7-7700 CPU here, by the way. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Installing question
* MOHAMED OMAR MAKRAM via clamav-users: > I have a virus on my server and I have no idea where to begin to get > rid of it. I have four sites, all are personal sites and all are > drupal. If you are really certain that there is a virus on your server, my recommendation is to re-install that server from scratch. Of course, you need to be careful when restoring data from your backups not to include the virus. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Mailman web UI for ClamAV currently inaccessible
> https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users returns > "403 Forbidden". I should probably mention that the above URL is sent to subscribers in the 'Welcome to the "clamav-users" mailing list' message. It does not match the link in the ML footer. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Mailman web UI for ClamAV currently inaccessible
https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users returns "403 Forbidden". Could somebody please investigate? Thanks. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml