should I worry if it's not present?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
onably still be affected
> by the vulnerabilities.
>
> I am curious though - what are your MaxFileSize / MaxScanSize
> settings? I wonder if you're seeing timeouts with the default settings
> or if you increased them.
MaxFileSize 100M
MaxScanSize 200M
MaxScanTime 12
-
: Exceeded
time limit
is this a bad Bytecode rule?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
> - Sanesecurity (https://sanesecurity.com) provider default
> configuration overhaul. Switch to a less congested mirror site,
> add/remove several signature URLs.
Thanks for that!
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz |
way as to be usable
from withn clamav (1.3.0)?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
ht
gt; page<https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.2.0-rc>.
https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.2.0-rc2
returns a 404.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalid
postrotate
if [ -d /run/systemd/system ]; then
systemctl -q is-active clamav-freshclam && systemctl kill
--signal=SIGHUP clamav-freshclam || true
else
invoke-rc.d clamav-freshclam reload-log > /dev/null ||true
fi
endscript
}
--
Ralf Hildebrand
* Al Varnell via clamav-users :
> Sent from my iPad
>
> On Sep 12, 2023, at 01:29, Ralf Hildebrandt via clamav-users
> wrote:
> > should sigtool --decode-sigs really throw an error in that case?
>
> Perhaps not, but it's been the case for as long as I've been using
clamav.net:
# dpkg -l |fgrep clam
ii clamav 1.2.0-1 amd64 ClamAV open source email, web, and end-point
anti-virus toolkit.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49
ware.redirect.ecpms.net.720".
What does this have to do with CVE-2023-20032?
# sigtool
--find-sigs=sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720 |
sigtool --decode-sig
VIRUS NAME: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720
DECODED SIGNATURE:
ecpms.net
amavis does the unpacking)
More logging is needed for the message in question.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ot;Non-LTS feature releases will be allowed access to download
signatures until at least four (4) months after the next-next feature
release is published."
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1.
ed? And: How are the updates done?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://ww
one seen this, too?
I've seen this with 1.1.0-1 as well. Maybe they're related to the
"pattern issue" I posted a while ago
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm
cli_ac_addsig: cannot use
filter for trie
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...
tc/clamav/clamd.conf /usr/local/etc/clamd.conf
service clamav-freshclam restart
service clamav-daemon restart
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Be
* JOHN URBAN :
> Not quite as easy to set up as I made it sound, as lots of pieces and people
> involved but that is exactly one of the tests we hope to run today; thanks!
Yes, ths sounds like hours of fun :/
But the insight gained will be rewarding :)
--
Ralf Hildebrandt
C
g:
strace --failed-only $program
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@charite.d
resting. I'm using the *.deb from
> > http://www.clamav.net/downloads/production/clamav-1.0.0-rc.linux.x86_64.deb
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D
> https://github.com/Cisco-Talos/clamav/issues/736
Ah, interesting. I'm using the *.deb from
http://www.clamav.net/downloads/production/clamav-1.0.0-rc.linux.x86_64.deb
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Frank
database is up-to-date (version: 62, sigs:
6647427, f-level: 90, builder: sigmgr)
Thu Oct 27 11:00:19 2022 -> bytecode.cld database is up-to-date (version: 333,
sigs: 92, f-level: 63, builder: awillia2)
Thu Oct 27 11:00:19 2022 -> ------
So the issue is wit
p-to-date (version: 333,
sigs: 92, f-level: 63, builder: awillia2)
Fri Oct 28 09:07:10 2022 -> --
Still failing.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 10
clamdscan -V /tmp/LPBB0010-10.pdf
ClamAV 0.105.1/26663/Mon Sep 19 09:56:35 2022
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel.
it finds an email containing a BASE64 encoded "readme.exe"
using the content type "audio/x-wav"... Maybe this helps:
VIRUS NAME: Win.Trojan.N-68
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
REMOVED A MIME BOUNDARY HERE
Content-Type: audio/x-wav;
name="readme.exe&
* Ralf Hildebrandt via clamav-users :
> Today I installed 0.105.0 to test the new fuzzy image signatures.
I'm a moron: "Added image fuzzy hash sub-signatures for logical
signatures" -- thus it must be an LDB file :/
> Alas, I started up my trusty editor an generated a
loading database
/var/lib/clamav/rezeptfrei.hdb
ERROR: Malformed database
So what IS the correct syntax?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel
cld
ERROR: listdb: Error listing database /var/lib/clamav/main.cld
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hilde
mav.so.9
/usr/local/lib/libclammspack.so
/usr/local/lib/libclammspack.so.0
/usr/local/lib/libclamunrar.so
/usr/local/lib/libclamunrar.so.5
/usr/local/lib/libclamunrar_iface.so
/usr/local/lib/libclamunrar_iface.so.9
/usr/local/lib/libfreshclam.so
/usr/local/lib/libfreshclam.so.2
Ralf Hildeb
* Vladislav Kurz via clamav-users :
> How about just making the file empty?
I think this causes an error in clamav/clamd
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm
> > I usually rebuild from a recent debian source (hah!)
>
> that's what I recommend.
>
> with changing version to something lower than 0.103 e.g. 0.103~backport
> - it gets upgraded to ubuntu-provided version when it's available.
Same here.
Ralf Hildebrandt
Charité
t; Do you want to take care of it since now (forever)?
>
> It is possible, but it should be easier to backport clamav e.g. version
> 0.103 from hirsute. That way, when newer version appears in ubuntu
> repository, it may get upgraded so you won't have to care.
I usually rebuild f
while extracting
objects.
Sep 18 11:47:55 proxy-cbf-1 clamd[791]: LibClamAV Error:
pdf_find_and_extract_objs: Timeout reached in the PDF parser while extracting
objects.
What is the timeout value?
Can it be configured?
Is there any way of preserving the files for further analysis?
Ralf
00020819---C000-0046}" anywhere
1: contain "CallByName" anywhere
2: contain "ThisWorkbook" anywhere
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburg
er extent SecuriteInfo).
The only offical "hit" in the top 25 is "Win.Downloader.WannaMine-6442440-2"
I see the extensibility as a major advantage. Just the other day I
created a set of patterns to detect EPOCH3 EMOTET files.
But to some extent I agree to the point you're mak
Remove autotools generated files, add autogen.sh
26 days ago
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebra...@chari
63, builder: raynman)
Tue Jul 28 18:00:53 2020 -> daily.cld updated (version: 25887, sigs: 3681654,
f-level: 63, builder: raynman)
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburg
BSIGNATURE:
words(85
So, as you can see the signature consists of 6 subsignatures numbered
0-5, ll of which must match. It sort-of looks highly specific to me.
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF
* Cliff Hayes via clamav-users :
> I have a daily cron job that runs around 3am that:
> - shuts down clamd
> - runs freshclam
> - starts clamd
Why?
freshclam usually runs all the time, updating and signalling clamd on
demand.
But you do have a point...
Ralf Hildebr
ld you, and others here, be interested in installing a ClamAV
> snap in the future?
That definitely sounds interesting!
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hin
y scans the whose mail "as is" and the text parts and
attachments sperately.
> As clam* can also do URL checks and stuff, also mails withouth attachments
> can be infected.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCam
epatrol were to
> list the specific site where the malware was reportedly found, rather
> than condemning the entire sub-domain.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de
is not a false
> positive.
>
> There is no reason to believe that the Google infrastructure doesn't
> host malware. In case you still don't want or can't block such domain,
> we advise you to whitelist it before applying our block lists."
Fucking idiots.
--
Ralf Hildebrandt
nymore. Is it worth it to keep malwarepatrol?
I'm wondering this as well. That stuff pops up every other day.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30,
* Paul Stead :
> Yet another Malwarepatrol FP:
>
> MBL_14437114 - https://drive.google.com
That's a recurring FP. Happens every week.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.c
* Philip :
> Has this been released yet by the major Distros? I'm using Debian 9 and
> can't get any higher than 0.99.x
Debian has 0.100:
https://packages.debian.org/buster/clamav
I used that source package to rebuild for my Ubuntu installaions.
--
Ralf Hildebrandt C
| socat - /var/run/clamav/clamd.ctl
PONG
# echo RELOAD | socat - /var/run/clamav/clamd.ctl
RELOADING
# echo PING | socat - /var/run/clamav/clamd.ctl
# echo PING | socat - /var/run/clamav/clamd.ctl
PONG
Yeah!
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebr
rom trying to parse the logfile?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
sig
* Joel Esler (jesler) <jes...@cisco.com>:
> You're right. That's my fault. I'll correct that here in a second after I
> read through all the emails in my ClamAV folder.
OK, tomorrow then :)
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra..
* Reindl Harald <h.rei...@thelounge.net>:
>
>
> Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt:
> > * maxal <m...@sbg.at>:
> > > nobody of clamav/cisco reading this list?
> >
> > It's 7:45AM on the east coast
>
> so what - i don't get
* lukn <lukn...@gmail.com>:
> As ClamAV/Thalos is owned by Cisco I assume all ClamAV employees are
> located in Silicon Valley area and therefore still enjoying a good
> Californian night's sleep.
Or maybe in Philadelphia.
--
Ralf Hildebrandt Charite Univ
* maxal <m...@sbg.at>:
> nobody of clamav/cisco reading this list?
It's 7:45AM on the east coast.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm
> Arguably if a bug in the signatures can lead to such massive problems
> then that is in itself a bug in the software, which might be (but
> apparently so far isn't) fixed in a later version.
Amen to that.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf
8 994 ->
/tmp/clamav-59b5548fe87bc9a454486cbe37d5c89b.tmp (deleted)
lrwx-- 1 root root 64 Jan 26 10:38 995 ->
/tmp/clamav-0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted)
...
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampu
* Reindl Harald <h.rei...@thelounge.net>:
> sounds like an issue with the official signatures given that you are not the
> first reporter and that we don't use them and have no problems
Thought so. Must be a recent signature in daily.cvd.
--
Ralf Hildebrandt
* Karl Pielorz <kpielorz_...@tdx.co.uk>:
> This ends up with a lot of wedged mail processes (and we slowly run out of
> fd's as the process table fills up).
Same here on Ubuntu 16.04 with official patterns.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
r
0.838784 952 881 fcntl
...
-- --- --- -
100.00 195.366582 47161 total
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de
futex
0.000.00 0 1 restart_syscall
-- --- --- - -
100.000.103050 3803012 total
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@char
* ANANT S ATHAVALE <a...@isac.gov.in>:
> Hi List,
>
> One of the .pptx file which was attached is getting detected as VIRUS:
> Win.Exploit.CVE_2016_3301-6210129-0. As it is a official document and can't
> to uploaded for submission. How to manually verify?
What do you want
ny discussion about this, could anyone comment?
They probably mean the exploit code used in operation Grizzly Steppe
ATP 29, APT 28, Cozybear, Fancybear, Sandworm, Sofacy etc.
https://www.dhs.gov/news/2016/12/30/executive-summary-grizzly-steppe-findings-homeland-security-assistant-
* Bengt H. <ben...@gmail.com>:
> Unsubscribe please
List-Unsubscribe:
<http://lists.clamav.net/cgi-bin/mailman/options/clamav-users>,
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http:/
* Ralf Hildebrandt <ralf.hildebra...@charite.de>:
> * Al Varnell <alvarn...@mac.com>:
> >
> > On Wed, Nov 30, 2016 at 02:33 AM, Ralf Hildebrandt wrote:
> > >
> > > * Al Varnell <alvarn...@mac.com>:
> > >> Has any
* Al Varnell <alvarn...@mac.com>:
>
> On Wed, Nov 30, 2016 at 02:33 AM, Ralf Hildebrandt wrote:
> >
> > * Al Varnell <alvarn...@mac.com>:
> >> Has anybody submitted a PDF yet?
> >
> > Of course.
>
> Hash?
8d62c398679ab6c7b85749eac
* Al Varnell <alvarn...@mac.com>:
> Has anybody submitted a PDF yet?
Of course.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 122
> and not public.
I already did a FP report. It happened with PDFs from "Springer
Medical". had to diable that signature.
> I hope there are some additional FP-Reports from other people regarding this
> virus to review this signature.
Yep.
--
Ralf Hildebrandt
> clamd to run,
No. clamdscan together with clamd eliminated the long startup time.
> does it provide any added features or functionality not already present
> with freshclam + clamscan running on-demand from cronjobs?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ral
* Joel Esler (jesler) <jes...@cisco.com>:
>
>
> http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
Are these signatures already active?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Be
mirrors are probed from freshclam?
> All of them are failing since last night on all of our servers.
>
> Probed are:
> 178.63.73.246
> 84.39.110.99
> 88.198.17.100
http://lutz.donnerhacke.de/Blog/ClamAV-aktualisiert-sich-nicht-mehr
--
Ralf Hildebrandt
. Up to now, I never got a notification, although Notify me was checked.
Indeed. I also submitted quite a lot of malware and never got a
notification (in years!)
3. Why shall we not post more than two sample files per day ?
I also wondered about that.
--
Ralf Hildebrandt
* Gene Heskett ghesk...@wdtv.com:
It's an UNOFFICIAL pattern, not a core clamav pattern
Still, is it not un-needed noise?
It's obviously a FP, but calling it un-needed noise is a bit off. If
the pattern were correct and would find a real virus, is it not
un-needed noise?
--
Ralf
/Documentation/usb/gadget_multi.txt:
MBL_400944.UNOFFICIAL FOUND
/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
MBL_400944.UNOFFICIAL FOUND
But https://virustotal.com thinks otherwise.
It's an UNOFFICIAL pattern, not a core clamav pattern
--
Ralf Hildebrandt
* Константин Белозеров codingu...@gmail.com:
Hello.
Error when building from source anti-virus in the operating system
GNU/Linux Debian 7.1 Performed make check VG=1. But to no avail.
But which error are you getting?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
* Константин Белозеров codingu...@gmail.com:
Errors are listed in log file.
Would you mind pasting them here?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm
valgrind
installed
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
else seeing this?
Yes, I'm also seeing a lot of FP's for BC.Exploit.CVE_2012_0184
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
* Joel Esler jes...@sourcefire.com:
Please run Freshclam. This has already been cleared up.
Thanks for the heads up. Time to release stuff from the quarantine.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
instance
because your client has not told it which one it wants to talk to.
It's not a client issue. It depends on my source IP.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de
-age=0
Connection: keep-alive
answer:
HTTP/1.1 503 Service Unavailable
Server: Varnish
Content-Type: text/html; charset=utf-8
Retry-After: 5
Content-Length: 284
Accept-Ranges: bytes
Date: Fri, 04 May 2012 10:29:21 GMT
X-Varnish: 221993613
Age: 0
Via: 1.1 varnish
Connection: close
--
Ralf
from varnish. Setting it to delete, on
or truncate make the page http://cgi.clamav.net/sendfp.cgi work
again. Only off causes the page to fail.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de
being logged for my source IP.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Is there an alternative way of submitting FP's?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30
* Török Edwin ed...@clamav.net:
On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote:
Is there an alternative way of submitting FP's?
Are you using this page?
http://www.clamav.net/lang/en/sendvirus/submit-fp/
Yep.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
* Török Edwin ed...@clamav.net:
On 04/19/2012 04:10 PM, Ralf Hildebrandt wrote:
I just tested and it worked fine for me.
What's exactly the problem on your side?
I keep getting:
Under maintenance. Try again later.
How big is the file that you're trying to upload?
I'm
maintenance. Try again later./h1
/body
/html
Connection closed by foreign host.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
submission page used to work for us uptill now. Hm.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30
* Török Edwin ed...@clamav.net:
Can you try flushing your varnish cache, and trying again?
It's your varnish cache :) (we don't have any here)
I already restarted my squid servers, no change. It's very odd.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
* Ralf Hildebrandt ralf.hildebra...@charite.de:
* Török Edwin ed...@clamav.net:
Can you try flushing your varnish cache, and trying again?
It's your varnish cache :) (we don't have any here)
I already restarted my squid servers, no change. It's very odd.
Now I emptied my cache
.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
BC.Exploit.CVE_2011_3412
The entry is not complete. The correct one is:
BC.Exploit.CVE_2011_3412.{CVE_2011_3412}
After applying your fix, correct?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http
What am I doing wrong here? Running clamv 0.97.3
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30
* Alain Zidouemba azidoue...@sourcefire.com:
Ralf,
We got your FP reports and will address them today.
Thanks :) But the original question remains in case I need to
whitelist a signature.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.de
* Bill Maidment b...@maidment.vu:
What am I doing wrong here? Running clamv 0.97.3
It's the same story here. We've had to switch off all bytecode rules in
the conf file. Not ideal.
Sound like one cannot whitelist a bytecode signature?
--
Ralf Hildebrandt Charite
with : but with ;
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
* Jan-Pieter Cornet joh...@xs4all.nl:
I haven't got any experience with IRIX, but I do wonder: why are you
using tits for testing purposes? That seems inappropriate.
No, he's using un-tits. Everything but tits. E.g. a canary would be an
un-tit. Like an undead is anything but dead.
PS ;-)
* Török Edwin edwinto...@gmail.com:
On 2011-06-29 17:01, Michael Scheidell wrote:
On 6/29/11 9:24 AM, Michael Scheidell wrote:
Ok, so not just me.
I am going to ask Ralf Hildebrandt what version of os he is using.
maybe we can track this down.
so, its not just on amd64
in Subject or Body)
You'd probably need to use amavisd-new
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra
nslookup database.clamav.net 85.255.112.204:
$ nslookup database.clamav.net 85.255.112.204
Server: 85.255.112.204
Address: 85.255.112.204#53
Why don't you ask your ISP?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus
* Dennis Peterson [EMAIL PROTECTED]:
My point was that it's ten times as big as it should be
Which begs the question: How big should it be, and why is that size
better than the one it is?
Size matters not!
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite
: 16.134.725
0.93: 20.247.322
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail
of addresses manually but anything containing | has the
same problem.
Please do show the logs.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30
is picking up this virus:
W32/Zhelatin.gen!eml
It seems our ClamAV is not seeing it. We get a couple hundred of these a day
and they're all the same virus.
Any ideas?
False positive? By any means, submit it to the team.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED
1 - 100 of 136 matches
Mail list logo