Re: [clamav-users] feedback on Installing ClamAV instructions

On Mon, Nov 28, 2016 at 6:56 PM, Joel Esler (jesler) wrote: > There are a number of package maintainers for ClamAV on Solaris. The > installation method differs for each. > > I tried to figure out what this was saying a couple of times. > I've decided that it's trying to say

Re: [clamav-users] feedback on Installing ClamAV instructions

This is fantastic feedback. I’ve incorporated the fixes (and missing pages!) you’ve suggested below. Much of this content was migrated from our wiki that we took offline years ago, and despite my review, I’ve obviously missed a few pages and links. Always feel free to send this feedback in,

Re: [clamav-users] Bytecode Update [was:Many Empty Updates]

They have been added now, thanks Al for pointing this out to us. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 23, 2016, at 6:31 AM, Al Varnell > wrote: Although I didn't receive any feedback on this one, I

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

When I say “disable an engine” I mean, disabling the conviction engine on my side that convicts those files. It’s been turned off for several days now. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 23, 2016, at 6:23 AM, Al Varnell

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

Mark, Thanks. I’ve set these to drop, so they should disappear in an upcoming release. Not sure why they were convicted in the first place, I have safe guards that should have prevented this, I’ll look into it. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] Maximize availability during rule loading

Hi, As this question comes back now and then (from me in the past as well), I have a proposal IF you have enough RAM. On reload: - start a second instance with a slightly different config file containing "LocalSocket .../clamd.sock.new" - wait in the logs for "Database correctly reloaded" -

Re: [clamav-users] Whitelist based on sign *and* filename?

Of course, if anybody is able to find out what the magic filename is, they could mount a targeted attack. How are the PDFs generated? Would it be possible to attach a cryptographic signature to asset to their validity? (That would probably require an additional step on receipt as well as

Re: [clamav-users] Whitelist based on sign *and* filename?

On Mon, November 28, 2016 1:56 pm, Mathieu D. wrote: > Hello, > > > Is there any way to whitelist a file based on it's signature *and* it's > filename? > Not that I know of... I guess this *might* be an option. 1. Find something common in your pdf you want to "whitelist", say "Your company

[clamav-users] Whitelist based on sign *and* filename?

Hello, Is there any way to whitelist a file based on it's signature *and* it's filename? My case is about a legit PDF file embedding JavaScript sent by users by email. Its signature is "PUA.Script.PDF.EmbeddedJavaScript", but its MD5 hash is always different (probably because users are saving

Re: [clamav-users] TTL of DNS recode

Tsutomu Oyamada wrote: > Our environment is a local mirror. > However, it does not matter. > > I wanted to know if there is the case that the DNS TXT of ClamAV have > not been updated for few days. > Could it be possibe? > Is this issue caused by the problem on our

Re: [clamav-users] TTL of DNS recode

Our environment is a local mirror. However, it does not matter. I wanted to know if there is the case that the DNS TXT of ClamAV have not been updated for few days. Could it be possibe? Is this issue caused by the problem on our enviroment of querying DNS? The daily.cvd is updated in real time