Re: [clamav-users] ERROR 403: Forbidden

2018-08-29 Thread Jon Roberts
Sadly not: /usr/local/cpanel/3rdparty/bin/freshclam --verbose Current working dir is /usr/local/cpanel/3rdparty/share/clamav Max retries == 3 ClamAV update process started at Wed Aug 29 21:32:41 2018 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1520 Software version from DNS:

Re: [clamav-users] Malwarepatrol false positive

2018-08-29 Thread Steve Basford
Had a reply back regarding the false positives Hello, ? ?Thank you for contacting us and for reporting potential problems with our ClamAV signatures. The two entries mentioned were removed from the block lists and data feeds a few days ago. Our users and customers should be able to

Re: [clamav-users] FP with Heuristics.Phishing.Email.SpoofedDomain

2018-08-29 Thread Kris Deugau
Paul wrote: Hi I have 2 emails which have tripped Heuristics.Phishing.Email.SpoofedDomain (4 times in each email using clamscan -x option) Is the output from clamscan -x --debug shown below indicate the offending url pair triggering Heuristics.Phishing.Email.SpoofedDomain? LibClamAV

Re: [clamav-users] ERROR 403: Forbidden

2018-08-29 Thread Joel Esler (jesler)
Try now? On Aug 28, 2018, at 9:31 AM, Jon Roberts mailto:j...@racksrv.net>> wrote: Hi Joel, The seemingly blocked IP is 213.5.176.169 Regards, Jon From: clamav-users mailto:clamav-users-boun...@lists.clamav.net>> on behalf of Joel Esler (jesler)

Re: [clamav-users] Malwarepatrol false positive

2018-08-29 Thread Steve Basford
On Tue, August 21, 2018 12:31 pm, Al Varnell wrote: > OK, I don't think there is anything that ClamAV can do about it since > it's an UNOFFICIAL. > > Maybe Steve Basford from SaneSecurity can put some pressure on them. He > usually reads what's posted here. I've just sent them an email and a

Re: [clamav-users] Malwarepatrol false positive

2018-08-29 Thread Mark G Thomas
Hi, Apparently the cudasvc.com URLs are a function of Barracuda for their customers, replacing dangerous public URLs in messages with private links to barracuda-hosted warnings or screening pages, to prevent customers from receiving and following original potentially malicious URLs. Microsoft

[clamav-users] FP with Heuristics.Phishing.Email.SpoofedDomain

2018-08-29 Thread Paul
Hi I have 2 emails which have tripped Heuristics.Phishing.Email.SpoofedDomain (4 times in each email using clamscan -x option) Is the output from clamscan -x --debug shown below indicate the offending url pair triggering Heuristics.Phishing.Email.SpoofedDomain? LibClamAV debug: Phishing: