Re: [clamav-users] Scan very slow

2019-04-08 Thread G.W. Haywood via clamav-users
Hello again, On Mon, 8 Apr 2019, Arnaud Jacques wrote: Le 07/04/2019 ? 18:18, G.W. Haywood via clamav-users a ?crit?: > > grep -a '^Phishtank.Phishing' daily.cld | cut -d':' -f1 > > ~/phishtank.ign2 This is not optimized : Phishtank.Phishing are loaded in memory. Then ph

Re: [clamav-users] Scan very slow

2019-04-07 Thread G.W. Haywood via clamav-users
Hi there, On Sun, 7 Apr 2019, Maarten Broekman wrote: Given that the PhishTank signatures, specifically, have been causing the performance issues, no. It's not unreasonable to want to pull them, and only them, out. Having them in a separate db file would be highly beneficial to those of us

Re: [clamav-users] Procedure for Correct Action

2019-04-06 Thread G.W. Haywood via clamav-users
Hi there, On Sat, 6 Apr 2019, Robert F. Poe wrote: I need clarification for the proper action to take after finding viruses and malware. I'll try not to be misled by your questions. I use ClamAv Virus Scanner (or Clamscan) to scan my server on a weekly basis. I have the Virus Scanner via

Re: [clamav-users] looking for solution for proxy of clamd and redirecting clamdscan to go to remote clamd running on another server

2019-04-04 Thread G.W. Haywood via clamav-users
Hi there, On Thu, 4 Apr 2019, Annette (impersonating Tom Brady) wrote: I have tried using the tcpsocket parameter on the clamd.conf. I have [two] different clamd instances running on different servers. While I can get the clamdscan to talk to the local (on the same server) clamd instance, I

Re: [clamav-users] connect clamscan output to journal with systemd-cat

2019-04-03 Thread G.W. Haywood via clamav-users
Hi there, On Wed, 3 Apr 2019, Kretschmer, Jens wrote: I would like to redirect the output of clamscan to the journal ... man logger Do you have any idea what could be causing the issue? It's not clear to me which system you're using, but try man cron -- 73, Ged.

[clamav-users] Curiosity.

2019-04-02 Thread G.W. Haywood via clamav-users
Hi there, Trawling the logs (sad, I know, but I do it), I noticed this: 8<-- Received: from clammail.vrt.sourcefire.com (localhost [127.0.0.1]) by lists.clamav.net (Postfix) with ESMTP id B166D18D633; Wed, 20 Feb 2019

Re: [clamav-users] rpm files question [was: ClamAV 0.101.2 announcement?]

2019-03-29 Thread G.W. Haywood via clamav-users
Hi there, On Fri, 29 Mar 2019, Micah Snyder wrote: This won't help you right now, but our team has been discussing publishing ClamAV on Linux using Snapcraft at the time of each release. Snapcraft sounds like it may be a good option to make ClamAV accessible faster. Would you, and others

Re: [clamav-users] Installing question

2019-03-28 Thread G.W. Haywood via clamav-users
Hello, On Thu, 28 Mar 2019, MOHAMED OMAR MAKRAM wrote: I've had this for few months. The only thing i was able to do is to pay for virus protection but it is so expensive. Is there a way to find those hidden files? Do you think they are in the db or in the files? I am moving out to another

Re: [clamav-users] Are signatures for Windows only?

2019-03-27 Thread G.W. Haywood via clamav-users
Hi there, On Mon, 25 Mar 2019, Joel Esler wrote: On Mar 25, 2019, at 12:22, G.W. Haywood via clamav-users ... wrote: > ... we really only use ClamAV to scan mail. I guess we're as > untypical of a ClamAV user as you'll get. Actually, from what we understand, ClamAV is mostly used t

Re: [clamav-users] Are signatures for Windows only?

2019-03-25 Thread G.W. Haywood via clamav-users
Hi there, On Mon, 25 Mar 2019, J.R. wrote: ... I've seen an increasing amount of people posting about their non-windows platforms that are scanning their *entire* system ... People have been doing that kind of thing for years, I'm not sure how much it's increasing. Most of the time it seems

Re: [clamav-users] Slow reload

2019-03-21 Thread G.W. Haywood via clamav-users
Hi there, On Thu, 21 Mar 2019, J.R. wrote: > The simplest way to achieve this right now would probably be to use > two servers for scanning ... Or just have the mail server send a 'tempfail' and the remote mail server will retry sending usually within 10 minutes... The OP specifically

Re: [clamav-users] Slow reload

2019-03-20 Thread G.W. Haywood via clamav-users
Hi there, On Wed, 20 Mar 2019, Micah Snyder wrote: On 3/20/19, 10:04 AM, "clamav-users on behalf of Bowie Bailey" wrote: On 3/20/2019 8:42 AM, Alessandro Vesely via clamav-users wrote: On Tue 19/Mar/2019 15:35:39 +0100 Bowie Bailey wrote: ClamAV is taking about 2 1/2 minutes to reload its

Re: [clamav-users] Database updated over unencrypted connection?

2019-03-15 Thread G.W. Haywood via clamav-users
Hi there, On Fri, 15 Mar 2019, Franky Van Liedekerkewrote: Certifcates cost nothing ... CPU cycles don't. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us

Re: [clamav-users] Issue with clamav logical signature generation

2019-02-25 Thread G.W. Haywood via clamav-users
Hi there, On Mon, 25 Feb 2019, Al Varnell wrote: ... the strings you provided appear to contain an extra digit. I thought hex strings always contain an even number of digits? Just as decimal strings are strings composed of decimal digits and can be any length, hexadecimal strings are strings

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-10 Thread G.W. Haywood
Hello again, On Sun, 10 Feb 2019, Gene Heskett wrote: most of what gets my attention comes from local to the US servers Well the USA _is_ the world's number one spam source. :( , like earthlink. In addition to DNSBL stuff I operate ten local blacklists - see my blacklist list below.

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-09 Thread G.W. Haywood
Hi there, On Sat, 9 Feb 2019, Gene Heskett wrote: Has anyone rigged clamd to check what looks like questionable links contained in incoming emails? It seems over the last 2 weeks my spam has tripled, and I suspect the real payload is in the urls in the message. Trawl the logs to see where it

Re: [clamav-users] Input Stream Scanning for very large files

2019-01-28 Thread G.W. Haywood
Hi there, On Sat, 26 Jan 2019, Dennis Peterson wrote: On 1/25/19 11:38 AM, G.W. Haywood wrote: > ... I'd call it madness. Sometimes it is a management or compliance requirement. Are these not just synonyms? -- 73, Ged. ___ clamav-users mail

Re: [clamav-users] Input Stream Scanning for very large files

2019-01-25 Thread G.W. Haywood
Hi there, On Fri, 25 Jan 2019, Kushal Kumar wrote: Re: Input Stream Scanning for very large files ... how do you propose I should scan an archive of 100GB ( let's say) size. I wouldn't propose anything like that, because I'd call it madness. If you think there's a problem, why not deal

Re: [clamav-users] Fwd: CLAMD CPU usage Adam Waller

2019-01-19 Thread G.W. Haywood
Hi there, On Fri, 18 Jan 2019, Adam Waller wrote: ... clamav ... on all our VMs however ever since doing so we've noticed that clamd is consistently using up to 100% of a CPU core. Sometimes VMs do odd things, but I'm not suggesting (at least not yet) that it's likely to be the issue here.

Re: [clamav-users] sendmail w clamav-milter stops errors with: write(D) returned -1, expected 23: Broken pipe, Fedora 29

2019-01-11 Thread G.W. Haywood
Hi there, On Fri, 11 Jan 2019, Micah Snyder wrote: On Jan 9, 2019, at 2:46 PM, Robert Kudyba wrote: Anyways any idea why this error happens: Milter (clamav-milter): write(D) returned -1, expected 23: Broken pipe I'm not too familiar with sendmail client, so I'll defer this to someone else

Re: [clamav-users] Frequency of ClamAV Scan

2019-01-03 Thread G.W. Haywood
Hi there, On Thu, 3 Jan 2019, Kaushal Shriyan wrote: I am running CentOS Linux release 7.6.1810 (Core) with ClamAV installed. How frequent ClamAV scan should be run? is it once per day. We cannot know anything about how you use your system if you do not tell us. For example it may not be

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

2018-12-20 Thread G.W. Haywood
Hi there, Attempting to bring some sort of perspective to all this... The number of updates per day (or hour or minute), and the currency or otherwise of the updated data are not, I think, the things that matter. Isn't what matters most the probability that some malicious payload will get past

Re: [clamav-users] Detecting Word docs with macros

2018-12-10 Thread G.W. Haywood
Hi there, On Mon, 10 Dec 2018, Steve Basfordwrote: ... MiscreantPunch099-Low.ldb for additional detection but can hit scanning performance. Can you give any estimate (however rough) of the performance hit? -- 73, Ged. ___ clamav-users mailing

Re: [clamav-users] [OT] is clamav.securiteinfo.com no more?

2018-12-05 Thread G.W. Haywood
Hi there, On Wed, 5 Dec 2018, Dennis Peterson wrote: All the "tiny" url hosts are blacklisted here ... A list of them could be useful. Do you have such a thing, or a pointer? -- 73, Ged. ___ clamav-users mailing list

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread G.W. Haywood
Hi there, On Thu, 22 Nov 2018, Paul Kosinski wrote: I wonder how many users of ClamAV actually log their freshclam updates. I've been using ClamAV for more than a decade. I've already said on the list that I log all freshclam updates and that in general my experience is that the mirrors are

Re: [clamav-users] Specify more servers for clamdscan to pass for scanning

2018-11-05 Thread G.W. Haywood
Hi there, On Mon, 5 Nov 2018, Micah Snyder wrote: On Nov 5, 2018, at 7:48 AM, Brent Clark wrote: > How does one specify more than one server for scanning? I'd be interested to know if someone has come up with a hack for how to have clamdscan fail over to a secondary clamd instance - but I'm

Re: [clamav-users] request of support for flagging fraud domain

2018-10-22 Thread G.W. Haywood
Hi there, On Mon, 22 Oct 2018, Dennis Peterson wrote: On 10/21/18 6:09 AM, Darius Baumann wrote: I want to submit the following fraud domain for flagging in ClamAV - "servicemarket.su": If you have no reason for accepting mail from the .su top level domain then just block that and be done

Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File

2018-10-19 Thread G.W. Haywood
Hi there, On Fri, 19 Oct 2018, Paul Kosinski wrote: A sad situation. .. I had hoped he had reformed. It's never going to happen. The guy's been bounced off many lists that I've used, and I've personally blacklisted his emails for at least a couple of decades. My reason for chipping in here

Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists

2018-10-18 Thread G.W. Haywood
Hi there, On Wed, 17 Oct 2018, Dino Edwards wrote: I got a response from someone about this error but I can?t seem to find their email. Sigh. That would have been from me: Date: Wed, 10 Oct 2018 19:06:07 +0100 (BST) From: G.W. Haywood To: clamav-users@lists.clamav.net Subject: Re: /bin

Re: [clamav-users] Freshclam can't use HTTPS with PrivateMirror?

2018-10-17 Thread G.W. Haywood
Hi there, On Wed, 17 Oct 2018, Sean wrote: We have created a private mirror of clam data updates on a network that is not Internet connected. We are required to encrypt network traffic, e.g. the mirror server must redirect http -> https. This all seems a little strange. Perhaps you can

Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists

2018-10-10 Thread G.W. Haywood
Hi there, On Wed, 10 Oct 2018, Dino Edwards wrote: ... Oct 09 12:12:22 hermes systemd[1]: Starting Clam AntiVirus userspace daemon... Oct 09 12:12:22 hermes systemd[1]: Started Clam AntiVirus userspace daemon. Oct 09 12:12:22 hermes mkdir[14199]: /bin/mkdir: cannot create directory

Re: [clamav-users] 0.100.1 issues - allocation memory / pthread create failed

2018-10-08 Thread G.W. Haywood
Hi there, On Mon, 8 Oct 2018, Jamal Saleh wrote: ... Can't allocate memory ERROR ERROR: pthread_create failed Looking to get help on the aforementioned errors. On version 0.99.2 we had no issues but once we went to this version, we''ve processing outages and only a server restart / unload

Re: [clamav-users] ClamAV 0.100.1 - clamd signal 11, leaves unix domain socket behind?

2018-09-25 Thread G.W. Haywood
Hi there, On Tue, 25 Sep 2018, Micah Snyder wrote: ... as it is written now, it loads over 500MB worth of signature database content into RAM and then forks, temporarily resulting in over 1000MB of ram consumed until the parent process exits. ... Won't they share the memory (on a sane OS)?

Re: [clamav-users] ClamAV 0.100.1 - clamd signal 11, leaves unix domain socket behind?

2018-09-21 Thread G.W. Haywood
Hi there, On Fri, 21 Sep 2018, Karl Pielorz wrote: ... it gets delivered if it fails during the scan ... It doesn't have to be that way, and if someone knows a way to stop clamd then maybe they could use it to get past your defences. -- 73, Ged.

Re: [clamav-users] ClamAV 0.100.1 - clamd signal 11, leaves unix domain socket behind?

2018-09-19 Thread G.W. Haywood
Hi there, On Wed, 19 Sep 2018, Karl Pielorz wrote: Is there any way to have the socket removed when clamd dies? (i.e. even due to a signal/failure?) I do things like this with ad-hoc watchdog scripts running from cron. You could write a shell script, called from cron every few minutes or

Re: [clamav-users] Batch file for Windows.

2018-09-18 Thread G.W. Haywood
Hi there, On Tue, 18 Sep 2018, Jeff wrote: Below is all I have found for Windows: ... cmd /c clamscan.exe -r -i "%scan%" ... ... How do I tweak the code above ... However you tweak it, do please make sure that what you're doing does not make things worse rather than better. For example,

Re: [clamav-users] ClamAV benchmarking

2018-09-05 Thread G.W. Haywood
Hi there, On Wed, 5 Sep 2018, Jose Kalladanthyil wrote: I have been doing some benchmarking on ClamAv to workout the ideal configuration to get the fasted scan time. While you're doing that, you might also want to test detection efficiency, or at least read the list archives. -- 73, Ged.

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

2018-08-21 Thread G.W. Haywood
Hi there, On Tue, 21 Aug 2018, Joel Esler wrote: The amount of people using ClamAV version 0.90 and below is surprising as well. That's not really surprising to me. Most of them probably don't even know that they're running it, and those who do could easily be lying as it's trivial to forge

Re: [clamav-users] Keymarble Yara rule?

2018-08-11 Thread G.W. Haywood
Hi there, On Sat, 11 Aug 2018, Alessandro Vesely wrote: Re: Keymarble Yara rule? 4d 5a 74 68 69 73 20 69 73 20 61 20 64 75 6d 6d |MZthis is a dumm| 0010 79 20 6b 65 79 6d 61 72 62 6c 65 20 66 69 6c 65 |y keymarble file| 0020 20 63 72 65 61 74 65 64 20 66 6f 72 20 6d 61

Re: [clamav-users] Partial downloads of updates

2018-08-03 Thread G.W. Haywood
Hello again, On Fri, 3 Aug 2018, David Rosenstrauch wrote: ... wireshark screenshot at http://darose.net/packets-dropped.png which shows a download ... humming along nicely, when all of a sudden it looks like the that remote host seems to jump way ahead in the sequence numbering ... Well

Re: [clamav-users] ScanOnAccess: ... (null) FOUND

2018-08-02 Thread G.W. Haywood
Hi there, On Thu, 2 Aug 2018, Micah Snyder wrote: Suffice to say we're pretty stumped as to why you are seeing that. That's a little worrying. Have you looked in the C libraries? -- 73, Ged. ___ clamav-users mailing list

Re: [clamav-users] After 0.100.1 Update, clamd crashes

2018-07-31 Thread G.W. Haywood
Hi there, On Tue, 31 Jul 2018, Steve Basford wrote: My little issue is with this statement: "It wasn't quite clear at the offset of this bug, but ClamAV cannot support unofficial signatures from a development standpoint. For numerous reasons, we do not regress against those signatures, and in

Re: [clamav-users] Partial downloads of updates

2018-07-30 Thread G.W. Haywood
Hi there, On Mon, 30 Jul 2018, David Rosenstrauch wrote: I've been having some issues over the last few weeks with freshclam failing to download updates. FWIW here in the UK I see no problems with IPv6 downloads. This is the log for July 2018: mail6:~$ >>> grep interrupted

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-04 Thread G.W. Haywood
Hi Joel, FWIW I believe we've had no problems at all with mirrors since March 2018, when I responded to a post on 23rd March by Orion Poplawski, who saw a few timeouts. We also saw a very few timeouts in mid-late March. On Wed, 4 Jul 2018, Joel Esler wrote: ... It's the people that are

Re: [clamav-users] OT: DMARC

2018-06-28 Thread G.W. Haywood
Hi there, On Thu, 28 Jun 2018, Walter H. wrote: this is with any mailling list, because ... Before this gets any more embarrassing, please do a little research on the person to whom your lecture is addressed. -- 73, Ged. ___ clamav-users mailing

Re: [clamav-users] clamav list spf problem

2018-06-19 Thread G.W. Haywood
Hi there, On Tue, 19 Jun 2018, Andrew McGlashan wrote: ... The clamav SPF record also doesn't have an "all" value, which should be the last entry for each record. ... There is an implicit '?all' mechanism for any SPF record which does not have one explicitly set by the record author or by

Re: [clamav-users] clamav list spf problem

2018-06-19 Thread G.W. Haywood
: Mon, 18 Jun 2018 13:12:50 + From: "Joel Esler (jesler)" ... To: G.W. Haywood ... Subject: Re: The SPF record for cisco.com is broken. Nope. :( Sent from my iPhone On Jun 18, 2018, at 00:35, G.W. Haywood ... wrote: Hi Joel, Does Cisco

Re: [clamav-users] importing the main.cvd file manually

2018-06-17 Thread G.W. Haywood
Hi there, On Sat, 16 Jun 2018, Greg Knaddison wrote: It seems straightforward to automate the process of downloading the virus definition files and pushing them to these computers ... It is. Note the file you need to download periodically is not main.cvd (or main.cld) which change

Re: [clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

2018-05-23 Thread G.W. Haywood
Hi there, On Wed, 23 May 2018, Noel Jones wrote: I think the best way to handle this is "don't scan pseudo-random files" My advice would be a more general "use your loaf". :) -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] exclude-dir with clamdscan

2018-05-15 Thread G.W. Haywood via clamav-users
--- Begin Message --- Hi there, On Tue, 15 May 2018, Stefan Schumacher wrote: I would like to use clamdscan to scan an entire server but exclude sys, proc and dev. mail6:~$ >>> cat testfile /etc/perl/ mail6:~$ >>> clamdscan -f testfile /etc/perl: OK --- SCAN SUMMARY ---

Re: [clamav-users] Configure Assistance

2018-05-06 Thread G.W. Haywood
Hi there, On Sun, 6 May 2018, Christopher Tissot wrote: I'm currently trying to utilize the ./configure command with Debian Stretch. I keep getting the error towards the end "configure: error: Your OpenSSL installation is misconfigured or missing." I have looked online, and I can't seem to

Re: [clamav-users] Occasional sendmail queue delay when using clamav-milter

2018-05-03 Thread G.W. Haywood
Hello again, On Wed, 2 May 2018, Aaron Paetznick wrote: ... both very helpful, thanks! ... sorry for the late reply ... It's why we're here. Don't be. :) ... small course corrections and long periods of observation. The correct approach, IMHO. Here are my log levels:

Re: [clamav-users] Occasional sendmail queue delay when using clamav-milter

2018-05-01 Thread G.W. Haywood
Hi there, On Tue, 1 May 2018, Aaron Paetznick wrote: Occasionally a small percentage of email will seemingly unnecessarily get held in the queue when using clamav-milter, although it will get delivered successfully on the first attempt with the next queue run. The size, time, sender, and

Re: [clamav-users] clamav Installation problems

2018-04-26 Thread G.W. Haywood
Hi there, On Thu, 26 Apr 2018, Subramaniam Sankaran wrote: root@kali:~/clamav-0.100.0# make make: *** No targets specified and no makefile found. Stop. I suspect you do not have the skills which are needed to install ClamAV safely on your system. ClamAV is, after all, a product intended

Re: [clamav-users] ClamAV installation error ClamAV 0.100.0

2018-04-20 Thread G.W. Haywood
Hi there, On Fri, 20 Apr 2018, Orion Poplawski wrote: On 04/20/2018 08:48 AM, Robert Huth wrote: > 1. I am not able to install ClamAV ... > > 2. The laptop will also not be allow to connected to other networks or the > internet ... > ... > System Configuration > One standalone laptop >

Re: [clamav-users] Spam warning

2018-04-19 Thread G.W. Haywood
Hi there, On Thu, 19 Apr 2018, Gene Heskett wrote: Do not open any so-called invoice attachment that ends in an .rOO ... Er, would I...? :) getting a boatload of them ... If you could gpg/tar a few samples and let me have them I'd be grateful, I'd like to experiment with regexes for

Re: [clamav-users] Errors connecting to mirrors

2018-03-23 Thread G.W. Haywood
Hi there, On Fri, 23 Mar 2018, Orion Poplawski wrote: It seems like in the last month or so I'm seeing more timeouts connecting to the clamav DB mirrors. Is anyone else seeing this? I have a bit of a strange mirror setup so it might just be my configuration. Yes, I'm seeing some in the UK

Re: [clamav-users] ClamAV performance overhead on RHEL & Solaris

2018-03-17 Thread G.W. Haywood
Hi there, On Sat, 17 Mar 2018, Len Sanschargrin wrote: ... I'm looking for any testing or stats on potential overhead can be associated with running ClamAV. Even just anecdotal observations can help us to set expectations and of course any additional guidance is appreciated! Firstly, as

Re: [clamav-users] Limitation or bug in ClamAV's processing of Yara rules?

2018-03-17 Thread G.W. Haywood
Hi Kris, On Thu, 15 Mar 2018, Kris Deugau wrote: I'm still chasing signatures for a certain class of (very) oversized spam with malformed HTML. ... Would you be able to send me a few samples? Preferably with full headers. -- 73, Ged. ___

Re: [clamav-users] ClamAV? blog: ClamAV 0.99.4 has been released!

2018-03-08 Thread G.W. Haywood
Hi Joel, On Thu, 8 Mar 2018, Joel Esler wrote: Reindl, it is not productive, nor helpful on an Open Source product to berate people ... Don't waste your effort Joel. To my knowledge people have been telling him that for more than a decade and AFAICT it's never made the slightest difference

Re: [clamav-users] Matching variant patterns in logical or Yara signatures

2018-01-18 Thread G.W. Haywood
Hello again, On Wed, 17 Jan 2018, Kris Deugau wrote: "All over the place". ... ... hard block on Spamhaus hits and a handful of sender addresses; ... more aggressive IP blocking result in blocked legitimate mail ... local DNSBL, but ... we don't get enough volume ... also don't see these

Re: [clamav-users] Matching variant patterns in logical or Yara signatures

2018-01-16 Thread G.W. Haywood
Hi there, On Tue, 16 Jan 2018, Kris Deugau wrote: I'm trying to create signatures to match a particular series of large to very large spams whose main identifier is a

Re: [clamav-users] Recommended workstation usage?

2017-12-20 Thread G.W. Haywood
Hi there, On Wed, 20 Dec 2017, Dan Rawson wrote: Even starting the file manager took 20 or 30 seconds with that scan running. Run the scans when you're in bed. I did search through the documentation but didn't see much addressing "best practices" in a single machine environment. There

Re: [clamav-users] Solaris pkg download

2017-11-17 Thread G.W. Haywood
Hi there, On Fri, 17 Nov 2017, Jones, Bob wrote: I have no servers that are ever allowed to access the internet. Is there a way to download the pkg file not using pkgutil? If you have no Internet access, I suspect that ClamAV is just a distraction. -- 73, Ged.

Re: [clamav-users] Private mirror connection issue

2017-11-02 Thread G.W. Haywood
Hi there, On Thu, 2 Nov 2017, uk cats wrote: We have 8 RSA servers on SUSE Linux and wanted to utilize ClamAV on them. Since we didn't have a Linux guru, ClamAV guru or free time to investigate, we hired an outside consultant to set up an internal server as a private mirror (redhat linux) and

Re: [clamav-users] OT: mailing list behaviours (Re: Part 2: Dynamic engine module for scanning media files (e.g., MP3, MP4, etc.)?)

2017-09-20 Thread G.W. Haywood
Hi there, Although the subject says "OT" this is actually On the Topic. On Wed, 20 Sep 2017, several of you wrote: [hundreds of lines of repetitive and useless junk, which I've snipped] As a courtesy to other list members, and especially to those of us on the digest list - who, if for

Re: [clamav-users] Scanning IMAP traffic without user credential storage

2017-07-28 Thread G.W. Haywood
Hello again, On Fri, 28 Jul 2017, Beeblebrox wrote: > ... I think you'd need some complexity just for example to be able to > use third-party databases... GW - Not sure I'm not fully grasping this point. I thought I could install the 3rd part tools and keep them up to date with cron jobs?

Re: [clamav-users] Scanning IMAP traffic without user credential storage

2017-07-27 Thread G.W. Haywood
Hello again, On Thu, 27 Jul 2017, Beeblebrox wrote: ... I need the gateway setup to be fire-up & forget. That's a tall order. Given that requirement you don't need to add any more complexity than you already have, and to make scanning by ClamAV worth doing in the first place I think you'd

Re: [clamav-users] Scanning IMAP traffic without user credential storage

2017-07-26 Thread G.W. Haywood
Hi there, On Wed, 26 Jul 2017, Beeblebrox wrote: How can I setup IMAP incoming email scanning via ClamAV on a LAN gateway. If the clients are using IMAPS, which they probably should be doing, and I guess they probably are, then you cannot do this without being a Man In The Middle. I guess

Re: [clamav-users] Signature not detected

2017-07-18 Thread G.W. Haywood
Hi there, On Tue, 18 Jul 2017, Alex wrote: Hi guys, just submitted an "ace" archive with a .cmd inside. # sha1sum PROFORMA\ INVOICE_xls.ace 97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace We've now disabled "ace" files (who even knew they existed?) ... mail6:~$ >>> grep

Re: [clamav-users] scanning mp3-files with clamscan

2017-07-09 Thread G.W. Haywood
Hi there, On Sun, 9 Jul 2017, Rosika wrote: I want to scan an mp3-file (about 60 MB in size). Yet I get the message: "Data scanned: 0.00 MB" ... Is there any way of scanning mp3-files with clamscan? Try compressing the file with gzip first: cat file | gzip | clamscan - -- 73, Ged.

Re: [clamav-users] ClamAV comparison

2017-07-09 Thread G.W. Haywood
Hi there, On Sun, 9 Jul 2017, Michael Jeung wrote: Re: ClamAV comparison ... A cursory survey of published AV comparisons shows ClamAV being outperformed by a lot of other (commercial) products. ... In terms of efficacy, these comparisons seem to rank ClamAV very poorly. :( Having used

Re: [clamav-users] clamav-0.99.2 Installation

2017-07-02 Thread G.W. Haywood
Hi there, On Sun, 2 Jul 2017, David Stocks wrote: Re: clamav-0.99.2 Installation I recently installed ClamWin (ver 0.99.1) from SourceForge ... This is the mailing list for ClamAV. ClamWin is a separate project using much of the original ClamAV code, but for Windows operating systems

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

2017-06-22 Thread G.W. Haywood
Hello again, On May 19, 2017 Anne-Sophie Marsh wrote: Call it "reject", "bounce" or "delivery error" - the bottom line is that legitimate mail from our client (including financial communications from account holders) is not being delivered ... No, the bottom line is that you need to get a

Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-18 Thread G.W. Haywood
Hi there, On Sun, 18 Jun 2017, Paul Kosinski wrote: On Fri, 16 Jun 2017 17:22:53 +0100 (BST) "G.W. Haywood" wrote: ... We just outright reject all mail from the '.edu' TLD ... Why do you reject *all* email from ".edu". Because all connections we see from .edu are eit

Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-16 Thread G.W. Haywood
Hi there, On Jun 15, 2017, Joel Esler wrote: On Jun 15, 2017, Diana Orrick wrote: > I don't know why my post failed fraud detection? > I don't post often... I got your post just fine. Maybe just that one recipient. It wasn't us. We just outright reject all mail from the '.edu' TLD without

Re: [clamav-users] Use on linux operating systems

2017-06-13 Thread G.W. Haywood
Hi there, On Jun 13, 2017, at 06:53, Paul Moreno wrote: I'm in the process of providing a recommendation to a client on the use of ClamAV. ... As it stands now, the client get massive amounts of false positives with seemingly no trigger. I'm working on sifting through

Re: [clamav-users] cron.daily script

2017-06-10 Thread G.W. Haywood
Hi Nick, On Sat, 10 Jun 2017, Matus UHLAR - fantomas wrote: On 10.06.17 12:30, n...@collinson.fr wrote: When I run my cron.daily clamAV shell script from command line logged in as root, it works perfectly using # /etc/cron.daily/00clamscan_daily However when it runs automatically at 3am as a

Re: [clamav-users] Freshclam memory use

2017-05-26 Thread G.W. Haywood
Hi there, On Fri, 26 May 2017, Chris Colemanwrote: On Debian Jessie 8, 32 bit, 256MB ram, 14MB in use. Why is |freshclam| so memory hungry that it bombs out with |Failed to load new database| The database is updated by freshclam, but it is loaded by clamd (when it finds that a new database

Re: [clamav-users] Mail from Paypal wrongly identified as phishing by ClamAv

2017-05-18 Thread G.W. Haywood
Hi there, On Thu, 18 May 2017, Anne-Sophie Marsh wrote: Mail from our client Paypal is being wrongly flagged as phishing by ClamAv. No surprise there. We get this type of bounce erros: 554 Your email was rejected because it contains the Heuristics.Phishing.Email.SpoofedDomain virus

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

2017-05-14 Thread G.W. Haywood
Hi there, On Sun, 14 May 2017, Alex wrote: Are clamav users protected from this ransomware? To be clear about this, the current excitement is caused by a 'worm'. That means if vulnerable, network-connected systems are not protected from each other, for example by a firewall, the worm can

Re: [clamav-users] clamscan output

2017-04-24 Thread G.W. Haywood
Hi there, On Sun, 23 Apr 2017, Lyle Holmes wrote: ... /home ... ... ridiculously long emails ... Since you mentioned '/home', I'm guessing that your operating system isn't a Windows variant. But that still leaves a lot of wiggle-room. For future reference we need to know a lot more about

Re: [clamav-users] ClamAV for EnterPrise

2017-04-18 Thread G.W. Haywood
Hi there, On Tue, 18 Apr 2017, crazy thinker wrote: - I am looking for below features in Enterprise Environment - - *Antivirus/Antispyware* - *Desktop Firewall* - *Intrusion Prevention* - *Browser Protection* - *Antivirus for Mac & Linux* - *Device & Application Control* -

Re: [clamav-users] MailFollowUrl alternative?

2017-04-02 Thread G.W. Haywood
Hi there, On Sun, 2 Apr 2017, Matus UHLAR wrote: On 31.03.17 19:51, Steve Basford wrote: It did a curl on any urls found in the body ... among other, it provided spammers evidence their mail was read. Yes, almost the last thing you want to do is give some scrote feedback that he has a

Re: [clamav-users] Quarantine Copy

2017-03-10 Thread G.W. Haywood
Hi there, On Fri, 10 Mar 2017, Brad Scalio wrote: Is there a way to copy to quarantine directory if and only if the file to be copied and identified as a match against the VSD does not exist in the quarantine directory already either matching a hash or name or size? ... Sure we can exclude the

Re: [clamav-users] ClamAV for windows: GUI and chocolatey package

2017-03-05 Thread G.W. Haywood
Hi there, On Sun, 5 Mar 2017, Joel Esler wrote: On Mar 5, 2017, at 05:46, Erotavlas_turbo wrote: > > whenever it is possible, I prefer to avoid using closed source and > proprietary software... I would like to use it as standard AV for > several cases including mail scanning, real-time file

Re: [clamav-users] ClamAV for windows: GUI and chocolatey package

2017-03-04 Thread G.W. Haywood
Hi there, On Sat, 4 Mar 2017, erotavlas_tu...@libero.it wrote: I'm an user of clamAV on linux and I would like to use it on windows. You need to tell us how and preferably why you want to use it. My guess is that you are going to have to do a lot of work to achieve your objectives, and that

Re: [clamav-users] Any way to force scan as mail?

2017-03-03 Thread G.W. Haywood
Hi there, On Fri, 3 Mar 2017, Reindl Harald wrote: ... do yourself a favour and click on the "raw" link Click? My mail client is called 'Alpine'. It doesn't do 'click'. ... that's a pure raw-eml with nothing HTMLified But still not the original problem message... -- 73, Ged.

Re: [clamav-users] Any way to force scan as mail?

2017-03-02 Thread G.W. Haywood
Hi there, On Thu, 2 Mar 2017, Bowie Bailey wrote: ... Hate to say it, but you downloaded the wrong files. ... At the risk of stating the obvious, I downloaded the links that the OP gave in his post. As I said, they're HTMLified garbage. As I also said, tools are available to deal easily

Re: [clamav-users] Any way to force scan as mail?

2017-03-01 Thread G.W. Haywood
Hello again, On Wed, 1 Mar 2017, Carlos Velasco wrote: G.W. Haywood wrote: > Your conjecture is incorrect. Neither of those things is a properly > formed mail message. I'd describe them as jumbled up collections of > bits and pieces of things which might possibly once have b

Re: [clamav-users] Any way to force scan as mail?

2017-02-28 Thread G.W. Haywood
Hi there, On Tue, 28 Feb 2017, Carlos Velasco wrote: Is there any way to force clamscan to treat the file passed as a mail? Yes, for example you could turn it into a mail message. There are numerous tools which can do that, I would suggest something like 'formail'. Some days ago I stepped

Re: [clamav-users] Clamav and DLP

2017-02-21 Thread G.W. Haywood
Hi there, On Tue, 21 Feb 2017, Alex wrote: I'm interested in using clamav on fedora25 for data loss prevention ... If I were going there, I wouldn't start from here. :) If you can code in Perl (admittedly not everyone's cup of tea), then you might find something like MIMEDefang is more

Re: [clamav-users] Freshcalm issues

2017-02-11 Thread G.W. Haywood
Hi there, On Sat, 11 Feb 2017, Hugo Deprez wrote: am I the only one having that kind of issues ? On 3 January 2017 at 14:49, Hugo Deprez wrote: ... We do not know what you are doing. You need to give us more information. Have you read and followed the

Re: [clamav-users] How to determine false-v-real FOUND

2017-02-09 Thread G.W. Haywood
Hi there, On Thu, 9 Feb 2017, Brad Scalio wrote: Clamscan found a PE "visor.exe.svn-base" ... Win.Trojan.Agent-793284 FOUND. ... 11 of 56 scanners detect a signature, however the file in question is on a linux system, and hasn't been touched since 2010, and so I am not too worried as ... It

Re: [clamav-users] whitelisting sender or recipient

2017-01-19 Thread G.W. Haywood
Hi there, On Thu, 19 Jan 2017, z wrote: 2. Re: whitelisting sender or recipient ... What I want to do is whitelist a specific sender or recipient ... It's explained in the documentation, for example see man clamav-milter.conf but I personally would never use this feature in

Re: [clamav-users] Clam AV Integration with Thunderbird

2017-01-08 Thread G.W. Haywood
Hi there, On Sun, 8 Jan 2017, A6 wrote: ... wondering if it is possible to integrate ClamAV with thunderbird in a way so that any mail & attatchments i receive will be automatically scanned for viruses? Yes, of course it is. You might also wonder why it isn't common for people to do that on

Re: [clamav-users] Clamscan Error

2017-01-06 Thread G.W. Haywood
Hi there, On Thu, 5 Jan 2017, A6 wrote: ** ~ $ sudo clamscan -r --bell -i / [snipped two megabytes of garbage] That was silly. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Corrupt database and failure to start

2017-01-01 Thread G.W. Haywood
Hi there, On Sun, 1 Jan 2017, Alexwrote: Wed Dec 28 19:05:52 2016 -> Downloading securiteinfo.hdb [*] Wed Dec 28 19:05:54 2016 -> WARNING: [LibClamAV] cli_loadhash: Problem parsing database at line 3416821 Wed Dec 28 19:05:54 2016 -> WARNING: [LibClamAV] Can't load

Re: [clamav-users] the problem of endless loop

2016-12-20 Thread G.W. Haywood
Hi there, On Tue, 20 Dec 2016, Joel Esler wrote: The 0.97.x tree is EOL: http://blog.clamav.net/2016/05/clamav-097-engine-end-of-life.html I recommend upgrading to a newer version. I think the OP was suggesting that one of his two bugs (an endless loop) might still be present in the latest

Re: [clamav-users] No notice of OLE2.ContainsMacros

2016-12-20 Thread G.W. Haywood
Hi there, On Tue, 20 Dec 2016, Mark Foley wrote: ... running clamscan --block-macros=yes does find the "ContainsMacros" notice. ... (if I specify --block-macros=yes, apparently the settings in /usr/local/etc/clamd.conf aren't used). Check the documentation. The settings in clamd.conf are

  1   2   3   4   5   >