date:20181206

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Dennis Peterson

My most effective blocks are tcpwrappers and DNS-based IP blacklists and URI 
blacklists. Low returns on effort go to pattern matching regular expressions in 
message bodies. It isn't possible to measure the effectiveness of ipset 
blocklists when using NNN.0.0.0/8 IP blocks but there are a lot of them in my 
firewall and hosts.deny files.


dp

On 12/6/18 12:27 AM, Al Varnell wrote:
Frankly, I'm surprised that ClamAV finds any such URL's. They are way to 
dynamic (blacklisted one day and removed the next). ClamAV does malware 
detection over the long haul and trying to keep up with fraudulent web sites 
would be a full time job and better done by other means (e.g. Google Safe 
Browsing).


-Al-

On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote:

Hello Team,

We are using clamav-0.100.2 to scan few HTML email templates.

Sometimes, there are deceptive URL's mentioned in those templates and that 
template should be detected as infected via ClamAV scan process.


I can see weird output of ClamAV scan process. Sometimes it detect such 
templates as infected and sometimes, it does not detect them as infected. And 
the URL's i am talking about, are so deceptive that even Google chrome 
browser don't let us open these URL's and show us clear warning as 
"Dangerous" about deceptive website.


Can you put your views behind such unpredictable behavior ?

If you want then i can report such URL's on your malware link for reporting.

Regards
Sunny


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Dennis Peterson

You should probably look at http://uribl.com/ for this problem. ClamAV is 
targeted toward viruses and malware in email. The uribl process uses DNS just 
like DNS blacklists, is fairly light weight, and well maintained.


dp

On 12/5/18 11:33 PM, Sunny Marwah wrote:

Hello Team,

We are using clamav-0.100.2 to scan few HTML email templates.

Sometimes, there are deceptive URL's mentioned in those templates and that 
template should be detected as infected via ClamAV scan process.


I can see weird output of ClamAV scan process. Sometimes it detect such 
templates as infected and sometimes, it does not detect them as infected. And 
the URL's i am talking about, are so deceptive that even Google chrome browser 
don't let us open these URL's and show us clear warning as "Dangerous" about 
deceptive website.


Can you put your views behind such unpredictable behavior ?

If you want then i can report such URL's on your malware link for reporting.

Regards
Sunny




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Al Varnell

Frankly, I'm surprised that ClamAV finds any such URL's. They are way to 
dynamic (blacklisted one day and removed the next). ClamAV does malware 
detection over the long haul and trying to keep up with fraudulent web sites 
would be a full time job and better done by other means (e.g. Google Safe 
Browsing).

-Al-

On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote:
> Hello Team,
> 
> We are using clamav-0.100.2 to scan few HTML email templates.
> 
> Sometimes, there are deceptive URL's mentioned in those templates and that 
> template should be detected as infected via ClamAV scan process.
> 
> I can see weird output of ClamAV scan process. Sometimes it detect such 
> templates as infected and sometimes, it does not detect them as infected. And 
> the URL's i am talking about, are so deceptive that even Google chrome 
> browser don't let us open these URL's and show us clear warning as 
> "Dangerous" about deceptive website. 
> 
> Can you put your views behind such unpredictable behavior ? 
> 
> If you want then i can report such URL's on your malware link for reporting.
> 
> Regards
> Sunny
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Sunny Marwah

Hi Micah,

Thanks for letting me know about enabling SafeBrowsing CVD option in
ClamAV.

Google safe browsing put a website in 3 categories mentioned below :
1 Secure
2 Info or Not secure
3 Not secure or Dangerous

Curious to know how ClamAV will categorize the HTML file. Let's say, if any
"Note secure or Dangerous" URL is found, will ClamAV will show it as
infected file in scanning summary ? If this is the case, i guess in case
"Secure" URL is found, it will show as OK. And what if URL is found as
"Info or Not secure" ?

Regards
Sunny


On Thu, Dec 6, 2018 at 3:19 PM Micah Snyder (micasnyd) 
wrote:

> It may be worth mentioning that in addition to the [optional] SafeBrowsing
> CVD that you can choose to include, ClamAV has just started including
> PhishTank signatures late last month.
>
> For those who curious, see https://lists.gt.net/clamav/virusdb/.
> PhishTank signatures are prefixed with Phishtank.Phishing.
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Dec 6, 2018, at 3:27 AM, Al Varnell  wrote:
>
> Frankly, I'm surprised that ClamAV finds any such URL's. They are way to
> dynamic (blacklisted one day and removed the next). ClamAV does malware
> detection over the long haul and trying to keep up with fraudulent web
> sites would be a full time job and better done by other means (e.g. Google
> Safe Browsing).
>
> -Al-
>
> On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote:
>
> Hello Team,
>
> We are using clamav-0.100.2 to scan few HTML email templates.
>
> Sometimes, there are deceptive URL's mentioned in those templates and that
> template should be detected as infected via ClamAV scan process.
>
> I can see weird output of ClamAV scan process. Sometimes it detect such
> templates as infected and sometimes, it does not detect them as infected.
> And the URL's i am talking about, are so deceptive that even Google chrome
> browser don't let us open these URL's and show us clear warning as
> "Dangerous" about deceptive website.
>
> Can you put your views behind such unpredictable behavior ?
>
> If you want then i can report such URL's on your malware link for
> reporting.
>
> Regards
> Sunny
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
Regards
Sunny
System Engineer
Mob : +91 9711155549
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Micah Snyder (micasnyd)

It may be worth mentioning that in addition to the [optional] SafeBrowsing CVD 
that you can choose to include, ClamAV has just started including PhishTank 
signatures late last month.

For those who curious, see https://lists.gt.net/clamav/virusdb/.   PhishTank 
signatures are prefixed with Phishtank.Phishing.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Dec 6, 2018, at 3:27 AM, Al Varnell 
mailto:alvarn...@mac.com>> wrote:

Frankly, I'm surprised that ClamAV finds any such URL's. They are way to 
dynamic (blacklisted one day and removed the next). ClamAV does malware 
detection over the long haul and trying to keep up with fraudulent web sites 
would be a full time job and better done by other means (e.g. Google Safe 
Browsing).

-Al-

On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote:
Hello Team,

We are using clamav-0.100.2 to scan few HTML email templates.

Sometimes, there are deceptive URL's mentioned in those templates and that 
template should be detected as infected via ClamAV scan process.

I can see weird output of ClamAV scan process. Sometimes it detect such 
templates as infected and sometimes, it does not detect them as infected. And 
the URL's i am talking about, are so deceptive that even Google chrome browser 
don't let us open these URL's and show us clear warning as "Dangerous" about 
deceptive website.

Can you put your views behind such unpredictable behavior ?

If you want then i can report such URL's on your malware link for reporting.

Regards
Sunny
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

2018-12-06 Thread Al Varnell

What kind of suggestion are you looking for?

They appear to be three different iPhone/iPad/iPod applications.

The signatures were added to the ClamAV database on 1 Nov 2018.

I would have to guess it has something to do with this Talos article:

>

-Al-
ClamXAV User

On Thu, Dec 06, 2018 at 11:08 AM, David Laxer wrote:
> Hi,
> 
> I am running clamav-0.100.beta on OS X 10.11.6 and got the following messages
> Ios.Trojan.FakeTelegram-6736161-0 FOUND
> 
> Here’s my clamscan invocation:
> 
> $  clamscan/clamscan -i -r --exclude-dir=/Volumes --exclude-dir=/dev 
> --exclude-dir=/Users/davidlaxer/clamav-0.100.0-beta/test --max-filesize=100M /
> 
> I received the following three alerts:
> 
> /Users/davidlaxer/iTunes Media/Mobile Applications/7notesHD Prem 3.2.2.ipa: 
> Ios.Trojan.FakeTelegram-6736161-0 FOUND
> /Users/davidlaxer/iTunes Media/Mobile Applications/JapanGoggles 2.6.ipa: 
> Ios.Trojan.FakeTelegram-6736161-0 FOUND
> /Users/davidlaxer/iTunes Media/Mobile Applications/Memo 3.0.0.ipa: 
> Ios.Trojan.FakeTelegram-6736161-0 FOUND
> 
> Any suggestions?
> 
> Thanks in advance!
> 
> Best,
> -Dave
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installation problem.

2018-12-06 Thread Robert Chalmers

There is something wrong with your C++ compiler.
Is it actually installed?



-
Robert Chalmers
https://robert-chalmers.uk
aut...@robert-chalmers.uk
@R_A_Chalmers


> On 7 Dec 2018, at 7:28 am, nikos  wrote:
> 
> Hello list.
> 
> I'm trying to install the now version of clam and it seems to be compilation 
> problems.
> 
> I run ./configure --sysconfdir=/etc --enable-milter in the programs folder 
> and I get the error:
> 
> checking for g++... no
> checking for c++... no
> checking for gpp... no
> checking for aCC... no
> checking for CC... no
> checking for cxx... no
> checking for cc++... no
> checking for cl.exe... no
> checking for FCC... no
> checking for KCC... no
> checking for RCC... no
> checking for xlC_r... no
> checking for xlC... no
> checking whether the C++ compiler works... no
> configure: error: in `/home/admin/clamav-0.101.0':
> configure: error: C++ compiler cannot create executables
> See `config.log' for more details
> 
> I always install clam from source, as the previous versions. The funny thing 
> is, if exctract and run configure in the previous version clamav-0.100.2 
> every works fine!
> 
> I have a server with latest centos release, full updated.
> 
> Any suggestions?
> 
> Thank you in advance, Nikos.
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Installation problem.

2018-12-06 Thread nikos


Hello list.

I'm trying to install the now version of clam and it seems to be 
compilation problems.


I run ./configure --sysconfdir=/etc --enable-milter in the programs 
folder and I get the error:


checking for g++... no
checking for c++... no
checking for gpp... no
checking for aCC... no
checking for CC... no
checking for cxx... no
checking for cc++... no
checking for cl.exe... no
checking for FCC... no
checking for KCC... no
checking for RCC... no
checking for xlC_r... no
checking for xlC... no
checking whether the C++ compiler works... no
configure: error: in `/home/admin/clamav-0.101.0':
configure: error: C++ compiler cannot create executables
See `config.log' for more details

I always install clam from source, as the previous versions. The funny 
thing is, if exctract and run configure in the previous version 
clamav-0.100.2 every works fine!


I have a server with latest centos release, full updated.

Any suggestions?

Thank you in advance, Nikos.


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Re: [clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

Re: [clamav-users] Installation problem.

[clamav-users] Installation problem.

8 matches

Site Navigation

Mail list logo

Footer information