Re: [clamav-users] Bitdefender Antivirus Plus slows down my computers to a crawl

Honestly, this is actually a good question. I would have normally suggested Cisco's windows free endpoint software: https://www.immunet.com/ But as you can see, they are stopping support at the beginning of next year. Window's built-in Defender is usually good enough for me, but Cisco might have

Re: [clamav-users] Needed to whitelist Email.Phishing.RPMSG_Downloader-10004958-0

Taken care of… I think it only uploaded the one sample, but I think all three were just test emails send by the MS customer. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 11, 2023, at 5:30 PM, Micah Snyder (micasnyd) > wrote: > > You can submit FP reports t

[clamav-users] Needed to whitelist Email.Phishing.RPMSG_Downloader-10004958-0

headers or anything let me know. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build

Re: [clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

ublished > > No. Ubuntu package maintenance is separate from Debian's. > > Scott K For those interested, David Gonzales just released the patches to security-proposed on Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2007456 Sincerely, Eric Tyk

Re: [clamav-users] Question Exception Rule

I contact to get an exemption for ClamAV ("Heuristics.Phishing.Email.SpoofedDomain")? > This in my case is an absolutely legitimize sender (my Bank). It's in the documentation: https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format > Regards > Marc Sincere

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Al, > From: clamav-users On Behalf Of Al > Varnell via clamav-users > Sent: Thursday, December 15, 2022 9:20 AM > To: ClamAV users ML > Cc: Al Varnell > Subject: Re: [clamav-users] How many viruses/malware is clamav protecting us > from? > > I don't believe I understand your question.

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Michael, Here’s the update mailing list: https://lists.clamav.net/mailman/listinfo/clamav-virusdb Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Michael Kyriacou via clamav-users Sent: Thursday, December 15, 2022 9:10 AM To: ClamAV

Re: [clamav-users] GCP Management

Ged, I think he's talking about the Google Marketplace images, like AWS images. Personally instead of relying on a third party to setup the vm, I would just setup a quick docker instance and use the official ClamAV image. https://hub.docker.com/r/clamav/clamav Sincerely, Eric Tykwinski TrueNet

Re: [clamav-users] ClamAV Action is not working on WHM/cPanel

Joel, As far as I know it should be managed by cPanel, but I haven’t run it in ages. My suggestion would be to ask here: https://forums.cpanel.net/ > On Oct 13, 2022, at 4:49 PM, Joel Esler via clamav-users > wrote: > > I am betting that Inmotion is running an

[clamav-users] Anyone running a cluster on K8s?

—reload to the service to hit them all? Any guidance would be appreciated. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users

Re: [clamav-users] Please help

Jan, Look in clamd.conf for something like: LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 or TCPSocket 3310 TCPAddr xxx.xxx.xxx.xxx Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users

Re: [clamav-users] Permanently banned from clamav

tails going through SSL CAs, web transactions, et al… CGNAT on ip4 wouldn’t surprise me, as I’ve personally seen issues with other CDNs, Netflix, Disney+, et al…. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 2, 2022, at 1:57 PM, G.W. Haywood via clamav-users > wro

Re: [clamav-users] Off topic question...

Ged, > Hi there, > > On Wed, 29 Jun 2022, Eric Tykwinski via clamav-users wrote: > >> Any one have an abuse contact for Cisco IronPorts hosted service? >> >> Customer of ours received a phishing email from a Cisco client but >> wasn't sent by them, at least t

[clamav-users] Off topic question...

Any one have an abuse contact for Cisco IronPorts hosted service? Customer of ours received a phishing email from a Cisco client but wasn't sent by them, at least that what I'm being told. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

Re: [clamav-users] DoD/IL4/Federal use case

Department of Defense (United States) Impact Level 4 It’s a grading system that should say what the requirements are to reach that level. I honestly have no clue what the requirements are, but they should be listed on the site. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429

Re: [clamav-users] Virus not detected

Jorge, There are a lot of alternative signatures. Sanesecurity: http://sanesecurity.com/ Malware Patrol: https://www.malwarepatrol.net/clamav-configuration-guide/ or you can use something like clamav-unofficial-sigs: https://github.com/extremeshok/clamav-unofficial-sigs > On Mar 21, 2022, at

Re: [clamav-users] human friendly signatures

Steve, I like the idea, but why the hex; hex? Just thinking about my recent issues with direct deposit phishing emails from gmail.com and they are written probably by people, so I can’t really hash it, and have to regex it. > On Mar 16, 2022, at 5:10 PM, Steve Basford > wrote: > > On 16

Re: [clamav-users] Current replacement for --max-ratio?

Ged, When did clamav start scanning iso files? I just tried this and found a eicar.txt file, so yes it does work. For email, I always just blocked iso extensions. Still doesn’t like MacOS cdr extensions, but a great improvement. Sincerely, Eric Tykwinski > On Jan 14, 2022, at 6:21 PM,

Re: [clamav-users] Does ClamAV scan attachments embedded in .msg files

mail and decode attachments. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Andreas Wittig Sent: Friday, January 14, 2022 6:17 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Does ClamAV scan attachments embedded in .msg files

Re: [clamav-users] Linode Clam AV Updates

subscribing to these providers irl. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 19, 2021, at 7:52 PM, Joel Esler (jesler) via clamav-users > wrote: > > Linode is our second biggest abuser. > > Slow your updater down. > > Sent from my  iPho

[clamav-users] Exchange attacks...

…. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

quick: https://www.reddit.com/r/qnap/comments/dcnjzo/clamav_virus_definition_downloads_failing/ <https://www.reddit.com/r/qnap/comments/dcnjzo/clamav_virus_definition_downloads_failing/> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 7, 2021, at 5:48 PM, Joel Esler (je

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

I’ve got a QNAP at my house. Looks like it’s fine on the newest version: v4.5.3.1594 Given it’s outdated, but that doesn’t surprise me much: ClamAV 0.102.2/26100/Sat Mar 6 07:05:22 2021 Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 7, 2021, at 4:29 PM, Eero Voloti

Re: [clamav-users] ClamAv help

ntined to a ~/Documents/Quarantine/ directory so if a file simple went missing I would know where it was from and where it went to. P.S. Have a good new year everyone... Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 31, 2020, at 6:52 PM, Jay A. Schoon via clamav-users > wrot

Re: [clamav-users] Services Difference & Memory Utilization

whitelisted. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Sep 14, 2020, at 8:17 PM, bobby via clamav-users > wrote: > > What is a good vps provider to use then if not DO? > > On Mon, Sep 14, 2020 at 7:10 PM Eric Tykwinski <mailto:eric-l...@truenet.com>> wr

Re: [clamav-users] Services Difference & Memory Utilization

… Use TalosIntelligence.com <http://talosintelligence.com/> before you purchase a VPS for email, it’ll probably save you a lot of hassle. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Sep 14, 2020, at 6:50 PM, G.W. Haywood via clamav-users > wrote: > > Hi ther

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.0 release candidate

Congrats guys, non-blocking was a long awaited improvement on my end… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Aug 18, 2020, at 5:57 PM, Joel Esler (jesler) via clamav-users > wrote: > > >> >> https://blog.clamav.net/2020/08/clamav-0103

Re: [clamav-users] ClamAV Database update issue

kedIn | <https://twitter.com/deerwalkinc> Twitter | <https://www.facebook.com/Deerwalk> Facebook | <https://www.youtube.com/channel/UCawrNx5J26lzWs4viyaakRA> YouTube On Fri, Jul 24, 2020 at 7:07 PM Eric Tykwinski wrote: Check out CloudFlare status: https://www.clo

Re: [clamav-users] ClamAV Database update issue

Check out CloudFlare status: https://www.cloudflarestatus.com/ If you are in the LA area, that could be a cause… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Sudhir Kumar Maharjan

Re: [clamav-users] How to determine virus database version from behind proxy?

dly, I don’t know of really any local DoH resolvers that can be used to scale, and I honestly don’t think it’ll last as long as I think most people think it will. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 9, 2020, at 6:20 PM, Eric Tykwinski wrote: > > Lol,

Re: [clamav-users] How to determine virus database version from behind proxy?

application/dns-json' >>> 'https://dns.google.com/resolve?name=current.cvd.clamav.net=A' >>> >>> ... or even just: >>> >>> curl 'https://dns.google.com/resolve?name=current.cvd.clamav.net=A' >>> >>>> On Thu, Jul 9, 2020 at 3:51 PM Eric Tykwin

Re: [clamav-users] How to determine virus database version from behind proxy?

You could query using DoH: #curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=current.cvd.clamav.net=TXT' > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of André Weidemann > Sent: Thursday, July 09,

Re: [clamav-users] Cannot install Clam AV on Ubuntu 16.04

Seriously, Nothing to do with ClamAV specifically, but RH/Cent is know to confuse the hell out of everyone with their wonderful retrograde back ports. So I’ve talked to ISC about Bind versions and they basically said ditch it… Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On

Re: [clamav-users] eff.org.xpi false positive ? Mailing Lists/ClaMav/clamav-users x

Marcos, You can check out the signature for the HTTPS Everywhere extension on their page: https://www.eff.org/https-everywhere <https://www.eff.org/https-everywhere> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 25, 2020, at 2:50 PM, marcos sr via clamav-users

Re: [clamav-users] Email payload in .img container

in size but not near 4 GB… > Pretty much on par with size, a little bit bigger: 1.19 MB I’ve decided to just block them by extension for now, as I don’t think many of my customers will be emailing out ISOs or disk images directly at least. Sincerely, Eric Tykwinski

[clamav-users] Email payload in .img container

container would it have even been caught anyways, even if it was detected? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo

Re: [clamav-users] messages in freshclam.log

This was mentioned here before, and I can't remember what the status was. For this example: A dig trace leads to: ping.clamav.net.86400 IN NS ns1a.clamav.net. ;; BAD (HORIZONTAL) REFERRAL dig: too many lookups #dig daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net

Re: [clamav-users] Elmedia Player.app detection

Found an article on it: https://www.intego.com/mac-security-blog/osxproton-malware-is-back-heres-wha t-mac-users-need-to-know/ From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Al Varnell via clamav-users Sent: Tuesday, December 10, 2019 11:25 AM To: ClamAV

Re: [clamav-users] Use ClamAV to scan email in Plesk Ubuntu with Postfix

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of G.W. Haywood via clamav-users > Sent: Friday, October 04, 2019 11:52 AM > To: ClamAV Users Mailing List > Cc: G.W. Haywood > Subject: Re: [clamav-users] Use ClamAV to scan email in Plesk

Re: [clamav-users] Question

uction/clamav-0.102.0.tar.gz > Or my preference: https://github.com/Cisco-Talos/clamav-devel Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/list

Re: [clamav-users] False Positive for Txt.Coinminer.Generic-7132166-0

Brian, It’s a straight text search for 6 strings. Can’t send the decode because it will be caught in my outbound. # sigtool –find-sigs Txt.Coinminer.Generic-7132166-0 | sigtool –decode-sigs Doesn’t seem extremely likely for a lot of false positives to me, but ymmv.

Re: [clamav-users] clamav-users Digest, Vol 174, Issue 2

Dexter, Something like ansible? Use ansible's homebrew module to install ClamAV, run a scan, than use the module again to uninstall. With something like Tower or AWX just schedule it out to run whenever you want on as many computers as you want. Problem would be the time to scan as each host

Re: [clamav-users] Linux viruses

Christopher, Run #sigtool –find-sigs Unix There are quite a few which I think apply to *nix in general. From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Christopher Draper via clamav-users Sent: Friday, June 28, 2019 3:49 PM To:

Re: [clamav-users] Scanning on Mac without installation

a cron job as well for nightly scans, which it sounds like you were doing for windows, but it needs to be installed somewhere, and have file access. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On May 10, 2019, at 7:42 PM, Dexter Rivera via clamav-users > wrote: &g

Re: [clamav-users] Security 3310 SSL/TLS

I think most suggest using an SSH tunnel between server and host. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of David Hendrick Sent: Wednesday, April 10, 2019 1:19 PM To: clamav-users

Re: [clamav-users] Mailman web UI for ClamAV currently inaccessible

Typo in the URL: https://lists.clamav.net/mailman/listinfo/clamav-users Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Ralph Seichter via clamav-users > Se

Re: [clamav-users] Testing

EtpLAtz"; dkim-atps=neutral⁩ X-Smartermail-Totalspamweight: ⁨0 (Trusted Sender - User)⁩ Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-use

Re: [clamav-users] Using clamav to test for bad links in incoming emails

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Alessandro Vesely > Sent: Thursday, February 14, 2019 11:08 AM > > Shouldn't that be done with SA? > http://uribl.com/usage.shtml It really depends on your goal. For me I use ClamAV

Re: [clamav-users] Using clamav to test for bad links in incoming emails

Check out SaneSecurity: https://sanesecurity.com/usage/signatures/ <https://sanesecurity.com/usage/signatures/> Specifically: phish, winnow_phish_complete_url I’m sure there’s others as well. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Feb 8, 2019, at 6:07 PM, Gen

Re: [clamav-users] Constant CPU Usage

Have you checked out clamdtop to see what’s being done? I usually see 1 core maxed on clamd. It’s a 2012 MacPro, so not a worry for me. Might want to change from fswatch to just a nightly scan if it’s too hard on the system. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

ly, I did hop on without all the facts and was just trying to figure out on the fly what’s going on, so my bad on that. When in doubt, I usually pull a pcap on a server. There’s a lot of factors that can come into play, but actually with clam only using http, this actually

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

Dennis, > On Dec 10, 2018, at 8:26 PM, Dennis Peterson wrote: > > Helps too to read the entire thread and the thread that preceded this one. > The OP has used combinations of dig and wget in diagnosing his problems. > > dp Seriously, then he should be just trying to pull the new cdiffs to

Re: [clamav-users] Detecting Word docs with macros

o and or passwords. Thanks, just added badmacro.ndb, so hopefully that will help. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clam

[clamav-users] Detecting Word docs with macros

-for-microsoft-office-files-co ntaining-macro/ Anyone have a suggestion? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

il. So it looks like IAD updated at 14:14:30 GMT, but BOS didn’t update till 17:09:01 GMT from his email. From back in archives, I think he’s using wget to just pull the files, but freshclam would just pull the cdiffs and keep you up to date on the next check. Sincerely, Eric Tykwinski TrueNet,

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

j:neo:1544293134 So daily.cvd is being cached on cloudflare for the first update and you might need to be running a freshclam right after a new install since it’s out of date due to caching on cloudflare’s server. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 8, 2018,

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

the source and use the updates, which pretty much is using freshclam. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 8, 2018, at 10:37 AM, Paul Kosinski wrote: > > Not sure what DNS caching would have to do with this. As I understand > "anycast", it hap

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

server that is still giving older records. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 7, 2018, at 6:20 PM, Paul Kosinski wrote: > > As some of you may be aware, ever since ClamAV began using Cloudflare, > we have seen many occasions when files like daily.cvd were not

Re: [clamav-users] freshclam. Service exited with abnormal code: 1

Robert, Looking at the freshclam return codes, it's not a problem. https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/freshclam/freshclamcodes.h FC_UPTODATE = 1, So basically it means there was no changes. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Origi

Re: [clamav-users] How do I know when new versions contain .conf file changes?

. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Oct 30, 2018, at 5:31 PM, Brian Fluet wrote: > > Thanks for the url to the release notes. > > I'm using the Win32 package from clamav.net in conjunction with > Mercury Mail Transport System which passes messages to clamd.

Re: [clamav-users] How do I know when new versions contain .conf file changes?

My suggestion would be to check out the release notes on GitHub for your specific version: https://github.com/Cisco-Talos/clamav-devel/commits/rel/0.100 Depends though on if you are running Talos, or ClamWin. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Mess

Re: [clamav-users] Mac: clamAV vs. Mojave

o /usr/local/var/log/freshclam.log under the user that installed. For multiple users I’ll run clamdscan under root, but that comes with it’s own issues for notifying users. Someone forked my work and just decided to email users which works. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-42

Re: [clamav-users] Latest report on update "delays"

You could limit with Last-Modified, but it’s dependent on the hosting server which CloudFlare can’t control. Besides, it’s usually just main.cvd that will change mostly and that’s just the first download. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Oct 19, 2018, at 5:19

Re: [clamav-users] Latest report on update "delays"

s are when they come in. Sound about right Joel, Micah? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Paul Kosinski > Sent: Thursday, October 18, 2018 1:23

Re: [clamav-users] After 0.100.1 Update, clamd crashes

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Paul Kosinski > Sent: Tuesday, July 31, 2018 2:42 PM > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] After 0.100.1 Update, clamd crashes <...> > Software should *never*

Re: [clamav-users] After 0.100.1 Update, clamd crashes

successfully loaded YARA.rtf_phishing_script_lines LibClamAV debug: cli_loadyara: loaded 9 of 9 yara signatures from /var/lib/clamav/winnow_malware.yara LibClamAV debug: /var/lib/clamav/winnow_malware.yara loaded Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-

Re: [clamav-users] Create custom cvd file

They have a document on the Github site: https://raw.githubusercontent.com/vrtadmin/clamav-devel/master/docs/signatures.pdf Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Arul Raj Sent: Tuesday

Re: [clamav-users] contrib code

Personally, I don’t... Sent from my iPhone > On Jul 20, 2018, at 6:29 PM, Micah Snyder (micasnyd) > wrote: > > Hello ClamAV users and developers, > > I want to know if there are users out there who actively use, or rely on, the > code/features in the "contrib" directory in the ClamAV

Re: [clamav-users] Weird windowsx64 install issues. Unable to install because installer missing +other questions

Make sure you have VC++ 2015 redistributables installed. https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads <https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-42

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

efully they donated some, it’s a pretty solid anycast system. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jul 10, 2018, at 10:03 PM, Freddie Cash wrote: > > Joel posted pictures (in one of these update thread) of where the mirrors are > located along with the relative

Re: [clamav-users] I thought this was fixed...

ught they changed the logic, but like I said it's not really important... Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-use

[clamav-users] I thought this was fixed...

: 0.101.0 Recommended version: 0.100.0 Thu Jun 21 09:59:51 2018 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.cla

Re: [clamav-users] WARNING: Local version: 0.99.4 Recommended version: 0.100.0

CentOS7: Version : 0.99.4 It’s not like cisco has anything to do with it, but each package manager will follow it’s own rules. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jun 19, 2018, at 8:06 PM, Philip wrote: > > Has this been released yet by the major Distros?

Re: [clamav-users] importing the main.cvd file manually

If I was going to do it, I’d probably run an Ansible playbook to upload the file and reload the databases. To reload the database, it’s just clamdscan –reload –config-file=/…. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users [mailto:clamav-users-boun

Re: [clamav-users] clamsubmit missing with homebrew installation

<https://github.com/Homebrew/homebrew-core/blob/master/Formula/clamav.rb>), and it’s there… Not a clamav issue at any rate, and probably should be submitted to https://discourse.brew.sh/ <https://discourse.brew.sh/> Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On May

Re: [clamav-users] Errors connecting to mirrors

Joel, I had the same issue at 4:45PM EST, so pasted my logs to the Bugzilla site. If there’s any more information/help you guys need, please announce on the list. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 28, 2018, at 6:41 PM, Joel Esler (jesler) <jes...@cisco.com&

[clamav-users] Quick question on submissions to the ClamAV site..

see anything in the FAQs, so figured I'd ask. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build

Re: [clamav-users] No updates since Monday 26th - daily 24352 ?

I usually check the virusdb list archives: http://lists.clamav.net/pipermail/clamav-virusdb/ But yeah looks like that was the last update. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clam

Re: [clamav-users] crypto currency miner

> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Matthew Molyett > Sent: Tuesday, January 02, 2018 4:46 PM > To: ClamAV users ML > Subject: Re: [clamav-users] crypto currency miner > > L, > > minerd is being detected as tool which

Re: [clamav-users] Trouble getting cvd files from private local mirror

John, Why do you have HSTS in your config? add_header Strict-Transport-Security "max-age=31536000; includeSubDomains”; No clue if that’s causing freshclam to break, but it would a normal browser. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Dec 9, 2017, at 12:16

Re: [clamav-users] Questions about ClamAV

OSX, and it supposed to support more, but I haven’t tested them. https://github.com/emcrisostomo/fswatch Don’t know if this will help S3, but may help others. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-u

Re: [clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 false-positives

PUA's tend to have a lot of false positives due to them being Potential. I wouldn't recommend using them unless you really need a strict scan with the ability to whitelist when needed. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: clamav

Re: [clamav-users] Quick question...

Ran it through LibreOffice to extract anything, but I’m not an expert. Only thing I saw was a suspicious macro: https://pastebin.com/5Mdfjy3m <https://pastebin.com/5Mdfjy3m> Submitted to Talos, so if they find something more, I hope it helps. Sincerely, Eric Tykwinski TrueNet, Inc. P: 6

[clamav-users] Quick question...

Spam filters are catching them from SPF, and I haven’t yet analyzed the attachment, so it might just be junk. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cg

Re: [clamav-users] fail updates

ClamAV update server, but I wouldn’t be opposed, as some of my clients are probably downloading updates as well. But my guess is that you are only getting limited by the local request to the server. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Nov 6, 2017, at 4:45 PM, Al Varn

[clamav-users] If anyone can give me a hand...

sucker to work, I’ll throw it up on GitHub with my configs. Pretty basic install with homebrew and a few plist files and shell scripts, so should be easy to use ansible/remotedesktop to configure multiple workstations. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-42

Re: [clamav-users] Quick Question on clamd and OSX

Sorry for the noise... The variables are only available for the duration of the script... Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman

[clamav-users] Quick Question on clamd and OSX

On the VirusEvent section of clamd.conf, it says that it creates two environment variables. I've got clamdscan running under my user account on OS X 10.13, but not showing anything on printenv. Is there something I'm missing? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300

Re: [clamav-users] Signatur help - php injection

Hajo, > Hello list, > > Pattern is always the same, including the 5-char comments. In my case the > include string decodes to a path and includes an .ico file. > I dont understand this code to obfuscate the path. I saw some samples and all > of the lines look a different way in encoded case.

Re: [clamav-users] How to find string for a signature?

Kees, > $ clamscan --detect-pua us-cert-message > us-cert-message: PUA.Win.Trojan.Xored-1 FOUND > > --- SCAN SUMMARY --- > Known viruses: 6525318 > Engine version: 0.99 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.16 MB > Data read: 0.10 MB

Re: [clamav-users] scanning mp3-files with clamscan

> On Jul 9, 2017, at 1:21 PM, G.W. Haywood wrote: > > Hi there, > > On Sun, 9 Jul 2017, Rosika wrote: > >> I want to scan an mp3-file (about 60 MB in size). >> Yet I get the message: "Data scanned: 0.00 MB" >> ... >> Is there any way of scanning mp3-files with

Re: [clamav-users] How to know if yara rules are being run?

> On Jul 1, 2017, at 1:10 AM, Mark Foley wrote: > > I've put the expetr.yara rule from Kaspersky for the recent notPetya > ransomware > in my /var/lib/clamav directory. > > I can I tell if clamav is running it? I see nothing in /var/log/clamav.log. > > --Mark My

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

recovery harder. (source: malwarebytes) It seems more believable to me than everyone with SMB access to the public internet. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dennis

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

to test it out. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

Here's links to sample files, ie use at your own risk: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168 Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Mark Foley

[clamav-users] Bad signature?

: anvilleg) Database updated (6273481 signatures) from database.clamav.net (IP: 194.186.47.19) Clamd successfully notified about the update. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Grizzly Steppe

This was my concern about Cisco’s AMP product on ASA’s and NGIPS’s. I’m going to be beta testing stuff out shortly, but don’t have high hopes besides the Snort rules. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Jan 4, 2017, at 6:23 PM, Reindl Harald <h.rei...@theloun

[clamav-users] Apologizes if this is a repost, ClamAV on Windows

016 -> Log file size limited to 1048576 bytes. Tue Nov 22 12:44:59 2016 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav Tue Nov 22 12:44:59 2016 -> Not loading PUA signatures. Tue Nov 22 12:44:59 2016 -> Bytecode: Security m