,
Alex
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net
Hi,
I'm using clamav-0.103.8 on fedora37 with the current daily update and have
received a false positive involving the RPMSG secure download that's
apparently part of office365.
For some reason the fp is in the body of the message, not the
message_v2.rpmsg attachment. Here is the entire
Hi, this issue was reported some time ago and is still occurring. Any ideas?
./clamsbwrite.py --config /etc/clamd.d/safebrowsing.conf
./clamsbwrite.py:36: SAWarning: relationship 'SBPrefix.hashes' will copy
column sbclient_v4_prefixes.reflist_id to column
sbclient_v4_hashes.reflist_id, which
Hi,
> > Is the clamav-safebrowsing repository still maintained?
>
> https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html
Yes, that's exactly what I'm referring to - your link directs the user
to the new repo, but that has problems, and itself doesn't appear to
be developed any
Hi,
Is the clamav-safebrowsing repository still maintained?
https://github.com/Cisco-Talos/clamav-safebrowsing
It also appears the SafeBrowsing config option is no longer supported?
When running clamsbwrite.py, I'm seeing an error but have no idea of
what's involved and there doesn't seem to be
possible solutions.
-Message d'origine-
De : clamav-users De la part de G.W.
Haywood via clamav-users
Envoyé : lundi 11 avril 2022 10:08
À : alex via clamav-users
Cc : G.W. Haywood
Objet : ⚠️ Re: [clamav-users] Is the signature "Win.Tool.Hoax-9939325-0" really
problem
Hi all,
Recently, ClamAV sent us the following alert "Win.Tool.Hoax-9939325-0" on one
of our executables.
This software was developed by our teams and has not been modified since 2014.
And suddenly, an alert is lifted...
After some research in the ClamAV VirusDB announcements, I found that this
ly the recipient suffers.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
The link description is a URL and apparently doesn't match the link
itself, resulting in email from Amazon Business being marked as
malicious. Do I just add this to some kind of allow/bypass list?
How do I go about doing that?
$ clamscan -v amazon-fp.eml
Scanning /home/alex/quarantine/amazon
Hi,
> >How do I exclude this email from being tagged without having to bypass
> >the Heuristics.Phishing.Email.SpoofedDomain rule altogether?
> >
> >X-Amavis-Alert: INFECTED, message contains virus:
> >Heuristics.Phishing.Email.SpoofedDomain
>
> I think this can be enabled by disabling
Hi,
I have a fedora34 system with clamd-0.103.5 and amavisd/SA/postfix. I
have a newsletter from ncua.gov that keeps getting blocked because it
apparently contains links.gd in the body somewhere, although I can't
find it.
How do I exclude this email from being tagged without having to bypass
the
.
Thanks,
Alex
Alexander S Rombro
Linux Systems Administration
O: +1 310-647-3202
P: +1 310-203-6699
alexander.s.rom...@rtx.com<mailto:alexander.s.rom...@rtx.com>
Raytheon Technologies
Raytheon Intelligence & Space
2000 East El Segundo Blvd
El Segundo, CA 90245
RTX.com<https:
description = "block javascript"
threat_level = 3
in_the_wild = true
strings:
$a = "/JS"
$b = "<>"
condition:
$a or $b
}
$ clamscan -v JavaScriptClock.pdf
Scanning /home/alex/JavaScriptClock.pdf
/home/alex/JavaSc
d a signature for them specifically, but more generally for those
that simply contain javascript.
> Did I get anywhere near to answering your question?
Yes, and very appreciative, as always.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lis
Hi,
I'm using clamav with spamassassin and amavis on fedora33 and would
like to block content based on CL_TYPE_SCRIPT, such as javascript
within a PDF.
https://www.clamav.net/documents/clamav-file-types
How does this work?
___
clamav-users mailing
Hi,
I'm using clamav-0.103.0 on fedora33 and am interested in the DLP
options. Last I checked, support for it had been discontinued, but as
of 0.102, it appears to have been supported again, at least to block
credit cards and SSNs?
Are there other options available?
Is there more information
> > I'm attempting to use the clamsbsync and clamsbywrite Google
> > safebrowsing utils and having some issues.
> > ...
>
> I haven't seen much discussion on this list about safebrowsing, but
> you have changed that recently (and almost single-handedly: of the
> four threads which mention
Hi,
I'm attempting to use the clamsbsync and clamsbywrite Google
safebrowsing utils and having some issues.
I'm running the following on the database server directly:
python3 ./clamsbsync.py -v --config etc/safebrowsing.conf sync
This sometimes results in the following output:
UpdateClient:
Hi,
> > (MySQLdb._exceptions.OperationalError) (2006, 'MySQL server has gone away')
> > ...
>
> I don't use safebrowsing and it's a long time since I've used MySQL
> for anything serious, but last time I did this issue was one of the
> most common causes of questions. I don't know, however, if
Hi,
I'm trying to set up safebrowsing on fedora32 and having a few
problems. I've set up the Google API key and believe I had it running
successfully for some time about three weeks ago, but now I'm unable
to keep it running.
Updates using the "build" option fail with a "duplicate entry" error:
allocated for clamav to store/process 14M
signatures?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/
Hello, since I downloaded the clamav code I tried to mount it somewhere in
a way that makes some sense but I am not achieving. Can someone tell me how
to mount it and where because for example in devC ++ I get an error.
___
clamav-users mailing list
I'm talking about the source code of the antivirus, but thanks.
El sáb., 5 oct. 2019 a las 15:14, J.R. via clamav-users (<
clamav-users@lists.clamav.net>) escribió:
> > I had already seen all this, but the code itself does not know where it
> is
>
> Are you talking about the virus definitions?
I had already seen all this, but the code itself does not know where it is
El jue., 3 oct. 2019 a las 19:16, Eric Tykwinski ()
escribió:
> > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Wagde Zabit via clamav-users
> > Sent: Thursday, October 03, 2019 1:09 PM
Hi, lately I've been looking for the clamav antivirus code but I don't know
why I can't find it, could you send it to me or tell me where to find it?
Thank you so much
___
clamav-users mailing list
clamav-users@lists.clamav.net
:
clamscan -f ~/list -i -d ~/new.ldb
On Wed, 2019-03-06 at 10:50 +0100, Arnaud Jacques wrote:
> Hello Alex,
>
>
> > We do have a large IMAP ~200GB, and in order to find letters
> > containing specific "keyword",
> > grep is not good because of base64 encoding. So
Hi all,
is it worth trying?
We do have a large IMAP ~200GB, and in order to find letters containing
specific "keyword",
grep is not good because of base64 encoding. So the idea is to look
through with antivirus scanner for "virus" inside letters, which is not
a virus but a (not sure, may be)
> As a follow-up, in response to a question as to why they just block
I meant "don't just block", of course ...
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a
Hi,
> * Alex :
> > Another malwarepatrol fp for docs.google.com
> >
> > # sigtool --find-sigs MBL_17713260 |sigtool --decode-sigs
> > VIRUS NAME: MBL_17713260
> > TARGET TYPE: ANY FILE
> > OFFSET: *
> > DECODED SIGNATURE:
> > https://docs.goog
eason to believe that the Google infrastructure doesn't
host malware. In case you still don't want or can't block such domain,
we advise you to whitelist it before applying our block lists."
On Tue, Oct 23, 2018 at 8:00 PM Alex wrote:
>
> Another malwarepatrol fp for docs.google.com
>
Another malwarepatrol fp for docs.google.com
# sigtool --find-sigs MBL_17713260 |sigtool --decode-sigs
VIRUS NAME: MBL_17713260
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://docs.google.com
I don't even know what to do anymore. Is it worth it to keep malwarepatrol?
Also, my
expect. We've also contributed to Steve's effort at Sane, but
should we be relying on him?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive
On Tue, Aug 21, 2018 at 9:02 AM Steve Basford
wrote:
> On Tue, August 21, 2018 12:27 pm, Dave McMurtrie wrote:
> >
> > I'm beginning to get the feeling they don't have any type of review
> > process in place.
>
> I whitelisted the sig on the Sanesecurity mirrors this morning UK time:
>
>
Hi, fyi
# sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
VIRUS NAME: MBL_12952716
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://drive.google.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
Hi,
We've recently received a few XPS files as part of a phishing attack
that were not recognized by clamav. Has anyone done any analysis of
the odttf files contained within that they could share?
I'd like to be able to extract the text from them that contains the
URI as part of the phishing
Hi,
> That shouldn’t be part of the official ruleset.
Really? No one uses bit.ly for a legitimate purposes?
I don't mean for that to sound sarcastic - I really don't know.
Everyone's heard of / uses bit.ly I thought...
___
clamav-users mailing list
a mistake with this vendor...
On Sat, Apr 28, 2018 at 2:26 AM, Gene Heskett <ghesk...@shentel.net> wrote:
> On Saturday 28 April 2018 01:06:38 Steve Basford wrote:
>
>> Hi Alex...
>>
>> I've whitelisted the two sigs... until they fix them.. so that might
>> help
Hi,
I can't imagine outright blocking https://goo.gl is not a mistake.
$ sigtool --find-sigs MBL_6888621 | sigtool --decode-sigs
VIRUS NAME: MBL_6888621
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://goo.gl
MBL_6882958 and MBL_6888621 both hit on https://goo.gl.
I've reported this
ng to a single mirror because all others were failing. I was
thinking that was the issue for many others as well, connecting to
that same mirror.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/
We're still seeing timeouts and abysmal transfer speeds. I don't know
if it's related to the OP's issue.
Retrieving http://db.us.clamav.net/safebrowsing-47190.cdiff
Trying to download http://db.us.clamav.net/safebrowsing-47190.cdiff
(IP: 150.214.142.197)
WARNING: getfile: safebrowsing-47190.cdiff
Hi,
We're seeing a large number of false-positives with the above rule. Is
it particularly prone to false-positives? Would someone explain how it
works?
What's perhaps even more strange is that scanning the email again (or
the files within the email) don't produce the same false-positives.
Was
d, Jul 12, 2017 at 2:52 PM, Alex <mysqlstud...@gmail.com> wrote:
>
>> Hi, we've received a word virus that isn't currently being detected by
>> any scanners. I've submitted the FN, but would like to see if we can
>> get that pushed out as soon as possible.
fte...@gmail.com> wrote:
>
>
> 13.07.2017 05:32, Alex пишет:
>> On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba
>> <azidoue...@sourcefire.com> wrote:
>>> Signature will be going out shortly.
>>
>> It's now detected thanks to the amazing work by Steve f
d another unrelated to investigate.
$ sha1sum GOOGLESER.doc
d42e71932c866f9822c800fe46cd46bdf1b5e739 GOOGLESER.doc
Thanks!
>
> On Wed, Jul 12, 2017 at 2:52 PM, Alex <mysqlstud...@gmail.com> wrote:
>
>> Hi, we've received a word virus that isn't currently being detected by
>>
Hi, we've received a word virus that isn't currently being detected by
any scanners. I've submitted the FN, but would like to see if we can
get that pushed out as soon as possible.
$ sha1sum Invoice_SKMBT_20170501.doc
6cc1dd12fbc79311ebaf59e19e562ff63141f457 Invoice_SKMBT_20170501.doc
It's not
Hi,
I've noticed a large amount of phishing signature false-positives, and
just want to make sure I understand correctly how they work.
I have HeuristicScanPrecedence disabled and all the phishing settings
left as default.
I'm assuming this rule is known to produce a large amount of
further we need to do to
protect ourselves, as it relates to scanning mail at the gateway?
They're talking about more attacks coming on Monday?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/m
e signatures not updated/created in real-time? I don't see any
signatures/descriptions within the last few months.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
H
of yara rules into clamav?
I submitted two more password encrypted word macro viruses as
false-positives to the clamav team several days ago, and they still
aren't being marked properly. I need another way to more quickly
identify vulnerabilities and exploits.
Thanks,
Alex
wrote:
> I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be
> published today.
>
>
> --
> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
>
>
>
>
>
>
> On Mar 22, 2017, at 9:43 AM, Alex
> <mysqlstud..
>> I don't even bother reporting them to sophos, et al because it's
>> sometimes days before they're added. I was expecting better from
>> clamav...
>
> Interesting, considering Sophos is not a free product.
Yes, sometimes (most times?) it's days.
alex
___
Hi, I reported an encrypted word macro virus this morning, and this
evening it is still not detected by sanesecurity or clamav proper.
How long does it typically take for a sample to be analyzed and a
pattern to be created?
What is the typical procedure going on behind the scenes? Is this a
excluding them? What are the default patterns that are included?
Is there active development going on with clamav in this area?
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo
Hi,
On Fri, Dec 30, 2016 at 9:06 AM, Alex <mysqlstud...@gmail.com> wrote:
> Hi,
>
> On Thu, Dec 29, 2016 at 8:26 AM, Arnaud Jacques / SecuriteInfo.com
> <webmas...@securiteinfo.com> wrote:
>> Hello Alex,
>>
>>> Wed Dec 28 19:05:52 2016 -> Download
Hi,
On Thu, Dec 29, 2016 at 8:26 AM, Arnaud Jacques / SecuriteInfo.com
<webmas...@securiteinfo.com> wrote:
> Hello Alex,
>
>> Wed Dec 28 19:05:52 2016 -> Downloading securiteinfo.hdb [*]
>> Wed Dec 28 19:05:54 2016 -> WARNING: [LibClamAV] cli_loadhash: Problem
>&
indicates the direct download path that
can be used.
Please let me know what other information I can provide to help
troubleshoot this.
Thanks,
Alex
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo
page:
http://sanesecurity.com/usage/signatures/
Hmm.. just googled it, and found it on a mirror, but it appears to be
quite old. Perhaps it's just not relevant any longer..
Thanks,
Alex
> foxhole_all.cdb,pool memory used: 4.366 MB
> foxhole_all.ndb,pool memory used: 4.449 MB
> foxh
Hi,
I submitted a false-negative a few days ago and it still is not
detected after the most recent update. It would be helpful for these
kind of things if some kind of ticket or confirmation was issued at
the time of submission.
The only thing I can do is link to virustotal here:
Hi Joel,
On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler) <jes...@cisco.com> wrote:
>
>> On Oct 5, 2016, at 1:54 PM, Alex <mysqlstud...@gmail.com> wrote:
>>
>> Hi,
>>
>>> Are you submitting these files to ClamAV?
>>>
>>> http://
rustotal
or elsewhere:
# sigtool --find-sigs winnow.spam.ts.miscspam.1025807 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.miscspam.1025807
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
{STRING_ALTERNATIVE:.|/|@| |<}americanas.com.br{STRING_ALTERNATIVE:'|"| |/|=|>|
Thanks,
Alex
_
ust whitelist it locally. I know how to
whitelist signatures, but not domains.
Any ideas greatly appreciated.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
ject is above 8.0 and the rest is done by bayes to avoid FP and other
> rules to make sure it's crap
Can you explain how you configured systemd to start two instances of
the same clamd binary using different config files?
Thanks,
Alex
>
> [root@mail-gw:/etc/mail/spamassassin]$ cat clama
s that something that can be done? Ideas for how to actually implement it?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
> Are you submitting these files to ClamAV?
>
> http://www.clamav.net/reports/malware
Not always, primarily because the response time has been too long.
I'll try to more attentively submit them.
Thanks,
Alex
___
Help us build a comp
to at least tag them in some way so the end-user knows
it's a potential threat?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
>> Yes, I'm using all the third-party sigs, including sanesecurity, but
>> they are still getting through.
>>
> Hi Alex,
>
> What types are getting through JavaScript or docs etc.
JavaScript (.js files) is rejected outright.
I don't have any examples, particular
Hi,
>> What's being done about blocking attacks from the new crylocker and
>> the various types of cryptolocker?
> all that crap needs to make it somehow to the vicitims machine
> http://sanesecurity.com/foxhole-databases/
Yes, I'm using all the third-party sigs, including sanesecurity, but
Hi all,
What's being done about blocking attacks from the new crylocker and
the various types of cryptolocker?
https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757
Are there specific patterns that have been
ers, first match wins
[ qr'^Heuristics.OLE2.ContainsMacros'=> 0.1 ],
));
I've also created several spamassassin rules that work off of that,
but in conjunction with the clamav settings, it was causing even the
attachments with macro viruses to be forwarded on.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hi,
>> When this option is set to Yes, the
>> emails are tagged, but even emails with macro virus attachments are
>> forwarded on, not blocked
>
> problem is that you don't understand your mailsystem, clamd itself only
> hives back with signatures are hit and then the glue (amavis oder
>
Hi,
>> It appears that using OLE2BlockMacros causes attachments with macros,
>> viruses or not, to just be marked by amavis with the
>> Heuristics.OLE2.ContainsMacros. However, when it's set it no longer
>> blocks them but forwards them on.
>>
>> Is this the intended behavior?
>
>
Hi,
>> I'm using clamav on fedora23 with amavisd-new and would like to tag
>> each email that contains macros with Heuristics.OLE2.ContainsMacros.
>> I've enabled OLE2BlockMacros, but it appears it actually lets them
>> through instead of blocking them outright when this setting is made.
>>
>>
configuration of clamav to tag all emails with
macro attachments with Heuristics.OLE2.ContainsMacros as well as block
those emails with attachments that contain macro viruses?
Hopefully this is clear.
Thanks,
Alex
___
Help us build a comprehensive ClamAV
re I'm ready to whitelist the rule just yet, however.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
it display the signature with the above command?
How do I scan the quarantined message to find out exactly what
triggered this false positive?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http
to save the individual attachments before
scanning.
I can't easily send a sample, but I'd appreciate any help you may have to offer.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net
blacklist. Is this the proper
address to request a winnow removal?
I've already whitelisted it.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
wdb file:
X:.+hilton\.com:americanexpress\.com:17-
X:.+hyatt.com:www.chase.com:17-
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
.186.47.19
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
AV signatures
> are too few, too ineffective and more importantly too late.
I never saw this message. Was this posted to the list?
I've found the sanesecurity rules to work well. The securiteinfo rules
are horrible. I'd never expect to only use the default clamav rules.
Thanks,
Alex
___
ssues would still very much be appreciated.
Thanks,
Alex
>
> -Al-
>
> On Sun, Feb 21, 2016 at 03:40 PM, Alex wrote:
>>
>> Hi,
>>
>> I have a clamav-0.99-2 installation on fedora23 and periodically I
>> receive a message when running clamav-notify-servers after having
multiple
signals are sent.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
hing attack?
I actually also don't see in the message where
f.email.americanexpress.com was wrapped inside of a smartbrief.com
URL. I only see americanexpress.com/merchant, so perhaps I'm not
understanding.
Thanks,
Alex
___
Help us build a comprehensive ClamAV gu
clicktracking link
> under smartbrief.com.
Yes, I see that, but it doesn't appear to be the one clamav was
complaining about. As above:
> Looking up in regex_list: r.smartbrief.com:f.email.americanexpress.com/
> Lookup result: not in regex li
/lib/clamav
LocalSocket /var/run/clamd.amavisd/clamd.sock
TCPSocket 3310
TCPAddr 127.0.0.1
MaxThreads 10
ReadTimeout 160
User amavis
AllowSupplementaryGroups yes
DetectPUA yes
MaxScanSize 50M
MaxFileSize 8M
MaxRecursion 10
MaxFiles 2000
Thanks,
Alex
until the customer
alerted me that their desktop scanner had caught it that we were made
aware :-(
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
reciate hearing from someone regarding whether this is a
new virus or there is some other explanation about this file.
Thanks,
Alex
>
> Thanks,
>
> - Alain
>
> On Mon, Oct 19, 2015 at 7:28 PM, Alex <mysqlstud...@gmail.com> wrote:
>
>> Hi,
>> I ha
d a sample, but I'm more interested in knowing if
Microsoft is identifying this as an FP, or otherwise why clamav and
sophos aren't identifying it.
Where can I upload a binary file and hopefully ask that someone
investigate it for me?
Thanks so much,
Alex
__
:.+proofpoint\.com:.+bankofamerica\.com:17-
That appears to have solved the problem. I suppose I could be more
specific with my regex, but I think it's okay for now.
Thanks,
Alex
-Kevin
On Tue, Aug 25, 2015 at 1:11 PM, Charles Swiger cswi...@mac.com wrote:
On Aug 25, 2015, at 9:41 AM
that permanently.
I'm using postfix with amavisd-new and spamassassin on fedora.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
.
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
?
Are you talking about this URL or a component of it?
urldefense.
proofpoint.com/ http://proofpoint.com/
(26)v2/url?u=http-3A__www.bankofamerica.com_emaildisclaimerd=AwMFAgc=ewHkv9vLloTwhsKn5d4bTdoqsmB
Thanks,
Alex
___
Help us build a comprehensive
Hi,
On Tue, Aug 25, 2015 at 1:11 PM, Charles Swiger cswi...@mac.com wrote:
On Aug 25, 2015, at 9:41 AM, Alex mysqlstud...@gmail.com wrote:
Thanks very much. I've submitted an fp, but it appears to be the result of
this:
LibClamAV debug: Looking up hash
would also be nice. It appears
sometimes it uses ERROR and other times just !!. A consistent way to
track them would be nice.
Thanks so much for your help.
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http
,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
considered spam anyway?
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
quite a bit of searching online and really haven't been able
to find much regarding these viruses and clamav.
I'd appreciate any further documents or other methods of protection that
people are using to block these?
Thanks,
Alex
___
Help us build
Hello,
I'm trying to create signatures for clamav, to detect exe and mp3
files. Seems to work for exe, but strangely not for mp3, despite
the fact I did excatly the same in both cases:
Getting signatures for both files:
alex:~$ dd if=exefile.exe count=1 | sigtool --hex-dum
1+0 Datensätze ein
1
Hi,
On Sat, Jun 21, 2014 at 2:43 PM, Steve Basford
steveb_cla...@sanesecurity.com wrote:
On Sat, June 21, 2014 2:00 pm, Alex wrote:
Hi,
I'm using clamav-0.98.4 on fedora20 with the sanesecurity and
safebrowsing
sigs and still seeing an unknown virus pass through our systems. I've
to forward this to you directly or need more
information.
http://pastebin.com/5UuGrbXt
Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
1 - 100 of 288 matches
Mail list logo
