Re: [clamav-users] [ext] More info about detected virus

Thank you Ralf. On 6/8/2022 6:25 PM, Ralf Hildebrandt via clamav-users wrote: * Zvi Kave via clamav-users : Hi, Where can I find more information about ClamAV detected virus like Win.Trojan.N-68 or another name

[clamav-users] More info about detected virus

Hi, Where can I find more information about ClamAV detected virus like Win.Trojan.N-68 or another name ? Googling give me no additional information about the virus. Thanks, Zvi

[clamav-users] rust on IBM i PASE environment - a must ?

Hi , We have ClamAV 0.104.1 compiled from sources and working  fine in IBM i PASE environment - which is quite same architecture like IBM AIX binaries. We have a problem to compile ClamAV 0.105.0 because at present we have not rust on IBM i PASE  -

Re: [clamav-users] Yara regular expression finds only first match in ClamAV ?

) "G.W. Haywood via clamav-users" wrote: Hi there, On Sun, 22 Aug 2021, Richard Graham via clamav-users wrote: On Sun, Aug 22, 2021 at 10:41 AM Zvi Kave wrote: On 8/19/2021 9:33 PM, G.W. Haywood via clamav-u

Re: [clamav-users] Yara regular expression finds only first match in ClamAV ?

, 19 Aug 2021, Zvi Kave via clamav-users wrote: I found that yara strings like this: $re = /[0-9]{9}/ find only first 9-digit match in file. This spoils my logic ... After tearing out most

[clamav-users] Yara regular expression finds only first match in ClamAV ?

Hi, I found that yara strings like this: $re = /[0-9]{9}/ find only first 9-digit match in file. This spoils my logic in condition: for 3 i in (1..#re) ... Only this works: for 1 i in (1..#re) ... I found that this issue was already reported in 2015. Is

Re: [clamav-users] Broken media detection

Arnaud, I understand now. Thank you. Zvi On 6/24/2021 11:55 AM, Arnaud Jacques wrote: Zvi, When I try to open it, I get error message: agam.jpg:

[clamav-users] Broken media detection

Hi, I tried to use "clamscan --alert-broken-media=yes ag.jpg" to detect spoiled JPEG files by RYUK ransomware. Seems that it was not detected - ag.jpg OK. Perhaps I use it not correctly? Please advise . I use clamav 0.103.3 .

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

Hi, The SysAdmin that responsible for Firewall maintenance,  allows to open only one IP in the firewall for freshclam use. I shall check squid definitions again. Thank you, Zvi

[clamav-users] Request for guidelines to connect freshclam to Squid proxy

this proxy ? Thanks, Zvi Kave ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com

Re: [clamav-users] Terminate clamscan after specific time

Hi Ged, Can you send link to your posts about root directory scan? Thanks, Zvi On Wed, Jan 6, 2021 at 2:20 PM G.W. Haywood via clamav-users < clamav-users@lists.clamav.net> wrote: > Hi there, > > On Wed, 6 Jan 2021, Andrew C Aitchison via clamav-users wrote: > > On Wed,

Re: [clamav-users] Terminate clamscan after specific time

-users < clamav-users@lists.clamav.net> wrote: > Hi there, > > On Tue, 5 Jan 2021, Zvi Kave via clamav-users wrote: > > >Seems that the parameter --max-scantime=#n aborts scan on every file > after #n ms. > >But it continues to the next file, instead of clamscan

Re: [clamav-users] Terminate clamscan after specific time

Hi Micah, Seems that the parameter --max-scantime=#n aborts scan on every file after #n ms. But it continues to the next file, instead of clamscan termination + summary as I need. Thanks, Zvi On Mon, Dec 28, 2020 at 6:04 PM Zvi Kave via clamav-users < clamav-us

Re: [clamav-users] Terminate clamscan after specific time

Of Zvi Kave via clamav-users Sent: Monday, December 28, 2020 8:04 AM To: clamav-users@lists.clamav.net Cc: Zvi Kave Subject: [clamav-users] Terminate clamscan after specific time

[clamav-users] Terminate clamscan after specific time

Hi, Is there a way to Terminate clamscan after specific time with summary ? Regards, Zvi ___ clamav-users mailing list

[clamav-users] Terminate clamscan after specific time

Hi, Is there a way to Terminate clamscan after specific timeout with summary ? Regards, Zvi ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] ClamAV 0.102.4 crash in test directory

: Hi there, On Sun, 9 Aug 2020, Zvi Kave via clamav-users wrote: I get a crash - Memory fault(coredump) - when scanning clamav 0.102.4 test directory. Other files pass OK. I found that the crash is caused

[clamav-users] ClamAV 0.102.4 crash in test directory

Hi,   I get a crash - Memory fault(coredump) - when scanning clamav 0.102.4 test directory. Other files pass OK. I found that the crash is caused by each one of the 6 files: clam.ea05.exe, clam.ea06.exe, clam_IScab_ext.exe,

[clamav-users] DLP extension

Hi, I see that only SSN and CC is checked. Is there a reason for that ? I am interesting in more DLP types. Is there a way to add more types ? Or is there an open DLP types code that can be added ? Regards, Zvi ___ clamav-users mailing list

[clamav-users] partition-intersection ?

Where can I find deeper explanation of --partition-intersection - Not clear enough. Also: --block-encrypted - Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). Zip/rar files are secured by password. Why it says

Re: [clamav-users] ClamAV virus database not downloaded: No permission ?!

download is corrupt and will need to be re-downloaded. -Al- On Mon, May 16, 2016 at 02:33 AM, Zvi Kave wrote: Yes. Usually I got a lot of messages like this: ClamAV update process started at Sat Apr 30 03:00:50 2016 Reading CVD header (main.cvd): Trying again in 5 secs... ClamAV update process started

Re: [clamav-users] ClamAV virus database not downloaded: No permission ?!

freshclam to do this initially and thereafter to download incremental updates? Sent from Janet's iPad -Al- On May 16, 2016, at 1:29 AM, Zvi Kave<zvi.k...@razlee.com> wrote: Hi, I am trying to download daily.cvd and main.cvd by curl command as follows: curl --data-binary -

[clamav-users] ClamAV virus database not downloaded: No permission ?!

Hi, I am trying to download daily.cvd and main.cvd by curl command as follows: curl --data-binary -k "http://database.clamav.net/daily.cvd; -G -o daily.cvd Most of the time, I get this text instead of the real *.cvd file: <|DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 403 Forbidden

[clamav-users] Fwd: Re: clamav-0.98 in AIX: make, libclamav/asn1.c failed to compile

or close it there as solved. Best regards, Zvi On 01/10/13 21:37, David Raynor wrote: On Tue, Oct 1, 2013 at 2:31 PM, David Raynor dray...@sourcefire.com dray...@sourcefire.com wrote: On Tue, Oct 1, 2013 at 11:47 AM, Zvi Kave tz...@razlee.com tz...@razlee.com wrote: I hope that someone can help

[clamav-users] clamav-0.98 in AIX: make, libclamav/asn1.c failed to compile

I hope that someone can help. I got the following error on make of clamav-0.98 in AIX: CC libclamav_la-version.lo CC libclamav_la-asn1.lo asn1.c: In function `asn1_get_time': asn1.c:293: error: storage size of `t' isn't known make: The error code from the last command is

[clamav-users] W32/Autorun.worm.aaeh not found in ClamAV ?

Hi, I can not understand why the dangerous virus called W32/Autorun.worm.aaeh by McAfee can not be detected by ClamAV. http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1607456 I tried to scan it also from free Immunet 3.0 but without detection. I submitted this virus to

Re: [clamav-users] W32/Autorun.worm.aaeh not found in ClamAV ?

Sorry. I see now from McAfee link that it is low risk - http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1607456 The file is autorun.inf and it creates few other programs like: Secret.exe , Sexy.exe , Porn.exe I sent the file Sexy.exe just now under Submit malware in

Re: [clamav-users] W32/Autorun.worm.aaeh not found in ClamAV ?

Al, Just now I restored and submitted autorun.inf as well to submit malware in clamav.net From sigtool I got this MD5 signature; 3b19da4562e3729854ae6b3fe127:1123:Autorun.inf Regards, Zvi On 08/04/13 11:51, A K Varnell wrote: I'm sure it would help the team if you could provide the

[clamav-users] ZEUS virus

Hi, Is there a signature for ZEUS virus in ClamAV ? Zvi ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [clamav-users] ZEUS virus

Thank you Chuck (and Alain as well) for the list. Zvi - Original Message - From: Chuck Swiger cswi...@mac.com To: ClamAV users ML clamav-users@lists.clamav.net Sent: Thursday, February 21, 2013 8:33 PM Subject: Re: [clamav-users] ZEUS virus Hi-- On Feb 21, 2013, at 10:28 AM, Zvi

[clamav-users] Remarkable features/changes from 0.95.3 ?

Hi, I am working with clamav 0.95.3. Where can I find the features added to the newer 0.97 version ? Thanks, Zvi __ Information from ESET NOD32 Antivirus, version of virus signature database 6191 (20110608) __ The message was checked by ESET NOD32 Antivirus.

Re: [clamav-users] Remarkable features/changes from 0.95.3 ?

Edwin, Thank you, Zvi - Original Message - From: Török Edwin edwinto...@gmail.com To: clamav-users@lists.clamav.net Sent: 09 June, 2011 12:34 PM Subject: Re: [clamav-users] Remarkable features/changes from 0.95.3 ? On 06/09/2011 11:59 AM, Zvi Kave wrote: Hi, I am working

[Clamav-users] clamav-0.96.2 pthread error

I am trying to configure and make clamav-0.96.2 by AIX gcc 3.3.2, but I got the following error - someone can help ? Thanks, Zvi ./configure ... checking pthread.h usability... no checking pthread.h presence... yes

Re: [Clamav-users] clamav-0.96.2 pthread error

: Re: [Clamav-users] clamav-0.96.2 pthread error On Sun, 12 Sep 2010 12:35:14 +0200 Zvi Kave zvi.k...@razlee.com wrote: I am trying to configure and make clamav-0.96.2 by AIX gcc 3.3.2, but I got the following error - someone can help ? Thanks, Zvi ./configure ... checking pthread.h

Re: [Clamav-users] problems with virus submission

Karl, I also submitted Win32/Mabezat.A virus long time ago but it is not detected yet. So I added it by sigtool. They have sigtool to create a signature by yourself. By default you have to put it in /usr/local/share/clamav/ (or in your signature directory if you changed the default) To create

[Clamav-users] WIN32.Mabezat.A not detected

Hi, I have a virus file detected by NOD32 and AVG as WIN32.Mabezat.A. When running clamscan on this file , it says OK. when running sigtool -l | grep -i mabezat I got the list: W32.Mabezat-1 W32.Mabezat-2 W32.Mabezat W32.Mabezat-3 I sent the virus file twice to ClamAV team in last week, but

[Clamav-users] Mabezat virus

Hi all, I saw that Mabezat viruses are in virus DB, but for some reason it is not detected. Someone knows why?? Zvi ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [Clamav-users] Mabezat virus not detected

I forgot to specify that it is ClamAV 0.94.2 in Fedora 8. sigtool -l shows this: # sigtool -v -l | grep -i mabezat W32.Mabezat-1 W32.Mabezat-2 W32.Mabezat W32.Mabezat-3 NODE32 detects it from Windows as W32/Mabezat.A Zvi - Original Message - From: Zvi Kave [EMAIL PROTECTED] To: clamav

[Clamav-users] EBCDIC ClamAV version?

Is there a version or configuration option for EBCDIC computer? Regards, Zvi ___ http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Independent analysis of anti-virus solution providers

We are looking for independent 3rd party analysis of ClamAV against other leading anti-virus solution providers, which will hopefully show ClamAV's results as equaling or being superior to some of the commercial products on the market. Thank you. ___

[Clamav-users] Small number of ClamAV known viruses ?

Why ClamAV has significally small number of known viruses in comparison to other AV software ? Thanks, Zvi ___ http://lurker.clamav.net/list/clamav-users.html