Re: [clamav-users] How to know if yara rules are being run?

2017-07-03 Thread Mark Foley
On Sat, 1 Jul 2017 09:21:50 -0400 Eric Tykwinski wrote: > > On Jul 1, 2017, at 1:10 AM, Mark Foley wrote: > > > > I've put the expetr.yara rule from Kaspersky for the recent notPetya > > ransomware > > in my /var/lib/clamav directory. > > > > How can I tell if clamav is running it? I see nothi

Re: [clamav-users] New ClamAV update?

2017-07-03 Thread Joel Esler (jesler)
All the ones listed in that list are fixed if you are running the current version. -- Joel Esler | Talos: Manager | jes...@cisco.com On Jul 3, 2017, at 9:54 AM, Mark Foley mailto:mfo...@novatec-inc.com>> wrote: On Sun, 02 Jul 2017 11:25:34 -0700 Al Varnell mailto

Re: [clamav-users] New ClamAV update?

2017-07-03 Thread Mark Foley
On Sun, 02 Jul 2017 11:25:34 -0700 Al Varnell wrote > On Jul 2, 2017, at 7:44 AM, Mark Foley wrote: > > On Jun 29, 2017, at 5:10 PM, Al Varnell wrote: > >> The list of CVE's known to apply to ClamAV can be found here: > >>

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-07-03 Thread David Pullman
Hi, as mentioned previously we have a number of servers where the freshclam run is failing with result code 137. I just wanted to check if anyone has seen this and was it a lack of memory causing the failure? We're interpreting this as a kill -9 from the OS (there is no other facility on these boxe

Re: [clamav-users] sanesecurity: Permission denied

2017-07-03 Thread Steve Basford
On Mon, July 3, 2017 11:58 am, Reindl Harald wrote: > issues like below are also reported by a friend on his machines for some > days, randomly with different files I'm looking into it -- will email off-list -- Cheers, Steve Twitter: @sanesecurity _

Re: [clamav-users] sanesecurity: Permission denied

2017-07-03 Thread Joel Esler (jesler)
Just for the record, I think it's fine that sanesecuirty posts are on this list. -- Sent from my iPhone > On Jul 3, 2017, at 07:23, Al Varnell wrote: > > None of these are ClamAV files, so you need to take this up with the > > > -Al- > ClamXA

Re: [clamav-users] sanesecurity: Permission denied

2017-07-03 Thread Reindl Harald
Am 03.07.2017 um 13:22 schrieb Al Varnell: None of these are ClamAV files tell me something new, this is still a users-list so you need to take this up with the since guys from sanesecurity are posting regulary here i guess they will see it

Re: [clamav-users] sanesecurity: Permission denied

2017-07-03 Thread Al Varnell
None of these are ClamAV files, so you need to take this up with the -Al- ClamXAV User On Mon, Jul 03, 2017 at 03:58 AM, Reindl Harald wrote: > > issues like below are also reported by a friend on his machines for some > days, randomly with diffe

[clamav-users] sanesecurity: Permission denied

2017-07-03 Thread Reindl Harald
issues like below are also reported by a friend on his machines for some days, randomly with different files Jul 3 12:25:04 buildserver bash: rsync: send_files failed to open "/MiscreantPunch099-Low.ldb" (in sanesecurity): Permission denied (13) Jul 3 12:25:05 buildserver bash: rsync: send_file