[clamav-users] Fwd: [clamav-virusdb] Signatures Published osx - 1

The previous update to this one was daily - 21491 which is the last update available using freshclam. What is the mechanism for bringing this update into the definitions database? -Al- > Begin forwarded message: > > From: nore...@sourcefire.com > Subject: [clamav-virusdb] Signatures

Re: [clamav-users] Error in Make -

Thanks guys. Because of a dependency of our existing system on older version of openssl we are trying an older version of clam. Make did work with 0.98.1 version. Hopefully once we get a confirmation on openssl update we can move on to latest clam. Regards, Kk -Original Message- From:

[clamav-users] yara #match does not work with regex

Using #match as a condition in a yara rule to count the occurences of $match doesn't appear to work where $match is a regex. #match only appears to work if $match is a string literal eg "abc123" Is #match intended to work with a regex ? -- David Shrimpton

Re: [clamav-users] Error in Make - How to get patch 59d05bf.patch

I think the patch he's talking about is here: https://bugzilla.clamav.net/attachment.cgi?id=5481=diff Although it is for an old version of ClamAV (0.98). Is that the version you are using? Steve ___ Help us build a comprehensive ClamAV guide:

Re: [clamav-users] winnow FP

I don’t think you are in the right place as I can’t find that signature (or any remotely resembling it) in the ClamAV official database. I suspect you are using some 3rd party UNOFFICIAL signatures that are detecting that one. -Al- On Wed, Apr 13, 2016 at 08:20 AM, Alex wrote: > > Hi, > > I

Re: [clamav-users] Error in Make -

Yes, gmake is recommended (although bsd make generally works except for 'make check'). At mbox.c:2816, I have: break; Mine is in the function rfc2047(), not rfc1341(). What is your version of ClamAV? Is it possible that your mbox.c is corrupted? Steve

Re: [clamav-users] Error in Make -

Which "make" are you using? Does Clam-AV require GNU Make as well? You might be able to install that as "gmake". (GNU Make and BSD Make aren't entirely compatible - I'm not sure where AIX Make lies on that spectrum.) --- Richard Conto DNA Sequencing Core Biomedical Research Core Facilities

Re: [clamav-users] Error in Make - How to get patch 59d05bf.patch

We have found a mailer @ http://www.gossamer-threads.com/lists/clamav/users/59376 Please share how we can get the patch (#59d05bf.patch) Regards, kk On Wed, Apr 13, 2016 at 11:59 PM, Krishnakumar Nair wrote: > Thanks for the update Steve. But its error again with gcc in

Re: [clamav-users] Error in Make -

Thanks for the update Steve. But its error again with gcc in make. Please share your valuable inputs. clam build 0.98/Aix6.1/gcc4.8.3 Error -- mbox.c: In function 'rfc1341': mbox.c:2816: error: called object '1' is not a function make: The error code from the last command is 1. Regards, kk On

Re: [clamav-users] Strange problem with custom Yara rule

Please refer to the bug report at: https://bugzilla.clamav.net/show_bug.cgi?id=11552 for the patch to resolve the issue. On Wed, Apr 13, 2016 at 1:32 PM, Kevin Lin wrote: > ClamAV, in order to optimize the AC algorithm execution, runs the filetype > signatures alongside

Re: [clamav-users] Strange problem with custom Yara rule

ClamAV, in order to optimize the AC algorithm execution, runs the filetype signatures alongside the malware detection signatures. ClamAV is set to immediately return after AC execution if a filetype signature detection occurs. This unfortunately causes the engine to skip PCRE signature execution.

Re: [clamav-users] Strange problem with custom Yara rule

Hi, Thanks for the example. I've opened bug https://bugzilla.clamav.net/show_bug.cgi?id=11552 to track. Thanks again, Steve ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Strange problem with custom Yara rule

Hi, kionez-- On Apr 13, 2016, at 8:11 AM, kionez wrote: > I'm using it on my antispam server with Debian Jessie (with clamav > 0.99+dfsg-0+deb8u2 and libpcre3 8.35-3.3+deb8u4 ) and also testing on my > laptop with Arch linux (clamav 0.99.1-2 and pcre 8.38-3). I try to >

[clamav-users] winnow FP

Hi, I don't understand why themastersbaker.com would be tagged? # sigtool --find-sigs winnow.spam.ts.untyped.966134 | sigtool --decode-sigs VIRUS NAME: winnow.spam.ts.untyped.966134 TARGET TYPE: MAIL OFFSET: * DECODED SIGNATURE: http://themastersbaker.com/ This isn't currently on any other

Re: [clamav-users] Strange problem with custom Yara rule

#include // created 13/04/2016 16:37 > Hi, > > The first question is: Do you have pcre installed and was it found by > ClamAV .\configure? [cut] Ops, I forgot to mention my system configuration.. sorry. I'm using it on my antispam server with Debian Jessie (with clamav 0.99+dfsg-0+deb8u2

Re: [clamav-users] Strange problem with custom Yara rule

Hi, The first question is: Do you have pcre installed and was it found by ClamAV .\configure? You should see something like: pcre: /usr near the end of the ./configure output. Steve ___ Help us build a comprehensive ClamAV

Re: [clamav-users] Error in Make -

Hi, gcc is needed to compile ClamAV on AIX. Web search "gcc aix" to get info on installing gcc. Steve ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV/AIX6.1/gcc4.8.3 - openssl error -X509_VERIFY_PARAM_new missing

Hi. As far as I know, the X509_VERIFY_PARAM symbol became available in the OpenSSL libraries starting from version 0.9.8. If you are trying to compile your ClamAV with an openssl package which is older than that you may encounter this problem (on my Linux servers I am using OpenSSL version

[clamav-users] Strange problem with custom Yara rule

Hi, I'm going mad with a strange behaviour of clamav with custom yara rules. I'm trying to match some nasty spam email, I decided to use yara for my custom rules but i noticed a problem: if I use only string detect clamav (either via clamscan or clamdscan) matches all the email (text + headers)

Re: [clamav-users] ClamAV/AIX6.1/gcc4.8.3 - openssl error -X509_VERIFY_PARAM_new missing

Is there any previous stable version we could try rather than 0.99 ?. -Original Message- From: "kk nair" Sent: ‎13-‎04-‎2016 05:33 PM To: "ClamAV users ML" Subject: ClamAV/AIX6.1/gcc4.8.3 - openssl error -X509_VERIFY_PARAM_new missing

[clamav-users] ClamAV/AIX6.1/gcc4.8.3 - openssl error -X509_VERIFY_PARAM_new missing

Hi team, Please suggest workarounds for this issue. We are unable to proceed with installation. checking check.h usability... no checking check.h presence... no checking for check.h... no configure: unable to compile/link with check checking for libxml2 installation... not found configure: **

Re: [clamav-users] Error in Make -

Hi Team, This is a critical blocking issue in ClamAV installation on AIX6.1 CC is xlC. Please share if any clues. Regards, kk On Wed, Apr 13, 2016 at 12:29 PM, Krishnakumar Nair wrote: > Please share inputs on this issue while we run make after configure. > > CCLD

[clamav-users] Error in Make -

Please share inputs on this issue while we run make after configure. CCLD libclamunrar_iface.la CC libclamav_la-matcher-ac.lo "clamav.h", line 170.3: 1506-191 (E) The character # is not a valid C source character. "/usr/include/sys/atomic_op.h", line 123.1: 1506-1419 (W) Pragma mc_func must