Re: [clamav-users] Error 429 when updating database

On Apr 8, 2021, at 11:52 AM, Marko Randjelovic mailto:marko...@eunet.rs>> wrote: On Thu, 8 Apr 2021 16:44:46 +0200 Matus UHLAR - fantomas mailto:uh...@fantomas.sk>> wrote: On 08.04.21 16:37, marko...@eunet.rs wrote: I use ClamAV on a Devuan ASCII (based on Debian

Re: [clamav-users] vistumbler as false positive

> > Not sure about this as it is open source, but if I were paying for > the software I would expect them to liase with the AV companies. > Well. not sure if this software is malware or not. a bit worried about that. Eero ___ clamav-users mailing

Re: [clamav-users] Error 429 when updating database

On Apr 8, 2021, at 2:26 PM, Matus UHLAR - fantomas mailto:uh...@fantomas.sk>> wrote: On 08.04.21 16:23, Joel Esler (jesler) via clamav-users wrote: Advice, for literally anyone: Upgrade to 103.2. The FreshClam there is much better and will resolve the issues. I don't think this is easily

Re: [clamav-users] Error 429 when updating database

On 08.04.21 16:37, marko...@eunet.rs wrote: I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and when try to update databases I get error 429 from server (logged in /var/log/clamav/freshclam.log): Thu Apr 8 14:23:32 2021 -> WARNING: downloadFile:

Re: [clamav-users] Error 429 when updating database

On Thu, 8 Apr 2021 16:44:46 +0200 Matus UHLAR - fantomas wrote: > On 08.04.21 16:37, marko...@eunet.rs wrote: > >I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and > >when try to update databases I get error 429 from server (logged in > >/var/log/clamav/freshclam.log): > > >

Re: [clamav-users] Error 429 when updating database

On Thu, 8 Apr 2021, Joel Esler (jesler) via clamav-users wrote: Still, 102.4 should work properly, shouldn't it? It does. But 103.2 handles the downloads and interactions SO MUCH BETTER (I’ve been watching the updates for 103.2’s FreshClam all morning, and it’s working so much better.

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

So it's actually kinda funny you should ask that. In 0.103.2 we deprecated the SafeBrowsing option in freshclam.conf which means it will no longer add safebrowsing to the list of desired databases. FreshClam has two options "ExcludeDatabase" and "ExtraDatabase" for adding/removing official

Re: [clamav-users] Error 429 when updating database

Feel free if you have the ability to do so. We’re poking in all directions already. Sent from my  iPhone > On Apr 8, 2021, at 17:34, Andrew C Aitchison wrote: > >  >> On Thu, 8 Apr 2021, Joel Esler (jesler) via clamav-users wrote: >> Still, 102.4 should work properly, shouldn't it? >>

Re: [clamav-users] vistumbler as false positive

got response: ” There are three downloads available for 10.7 The SHA256 of those files should be Vistumbler_v10-7.exe - ECA2ACE14102F623E1C2490257FB645611314C918E45A845AE7337CEFA6FFD01 Vistumbler_v10-7.zip - 7CC806B74131BCCA5AE11EE81E39152DBC61F1477108FFDE7E416927C196DBA0

Re: [clamav-users] Scanning a large file through HTTP

Hi there, On Wed, 7 Apr 2021, Micah Snyder (micasnyd) via clamav-users wrote: There’s a lot of technical work to be done to safely raise that limitation, as large files of various file types types have never been tested. In my milter I've a pretty general-purpose Perl harness which can send

Re: [clamav-users] vistumbler as false positive

Thanks. I submitted files via that url. clamscan Vistumbler_v1* / root/Vistumbler_v10-7.exe: OK /root/Vistumbler_v10-7_Portable.zip: Win.Malware.Generic-9819492-0 FOUND /root/Vistumbler_v10-7.zip: Win.Malware.Generic-9819492-0 FOUND So. looks like this is false positive on vistumbler.. Eero

Re: [clamav-users] Scanning a large file through HTTP

Hi there, On Wed, 7 Apr 2021, Paul Kosinski via clamav-users wrote: Seems to me that this behavior, advertising a 4GB limit while silently imposing a 2GB limit and reporting "OK" for anything in between, is a *major* security flaw: ClamAV *must* report that the file was too big to deal with

Re: [clamav-users] vistumbler as false positive

Hello, At first look, ClamAV is not the only one that flags it as malware : https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection Le 08/04/2021 à 11:41, Eero Volotinen a écrit : Thanks. I submitted files via that url.  clamscan

Re: [clamav-users] [Clamav-announce] ClamAV® blog: ClamAV 0.103.2 security patch release

Hi there, On Wed, 7 Apr 2021, Joel Esler (jesler) wrote: ... FreshClam will now exit with a failure in daemon mode if an HTTP 403 (Forbidden) was received, because retrying later won't help any. The FreshClam user will have to take actions to get unblocked. ... Won't some dumb system utility

Re: [clamav-users] vistumbler as false positive

That signature has been in the ClamAV daily.ldb database since Jan 15 and appears to be looking for some relatively unique strings: % sigtool -fWin.Malware.Generic-9819492-0|sigtool --decode-sigs VIRUS NAME: Win.Malware.Generic-9819492-0 TDB: Engine:81-255,Target:1 LOGICAL EXPRESSION: 0&1&2&3&4

Re: [clamav-users] vistumbler as false positive

comment from developer ” Unfortunately autoit, which vistumbler is written in, gets flagged as a false positive a lot. Vistumbler has struggled with this since the beginning. I recently submitted the 10.7 release files to microsoft for false detection and they removed the false detection, so i

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users napsal(a): > Are you still attempting to download safebrowsing.cvd? > > It has come to our attention that a few of you (about 515,000 of you, to > be more accurate), are still attempting to download the

Re: [clamav-users] [ext] Re: ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

* Vladislav Kurz via clamav-users : > How about just making the file empty? I think this causes an error in clamav/clamd Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 |

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

On Apr 8, 2021, at 10:06 AM, Vladislav Kurz via clamav-users mailto:clamav-users@lists.clamav.net>> wrote: Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users napsal(a): https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html

[clamav-users] Error 429 when updating database

Hello, I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and when try to update databases I get error 429 from server (logged in /var/log/clamav/freshclam.log): Thu Apr 8 14:23:32 2021 -> ClamAV update process started at Thu Apr 8 14:23:32 2021 Thu Apr 8 14:23:32 2021 ->

Re: [clamav-users] Error 429 when updating database

On 08.04.21 16:37, marko...@eunet.rs wrote: I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and when try to update databases I get error 429 from server (logged in /var/log/clamav/freshclam.log): Thu Apr 8 14:23:32 2021 -> ClamAV update process started at Thu Apr 8

Re: [clamav-users] Error 429 when updating database

Dear Marko, Thanks for your email. I believe you will find what you are looking for here: https://www.clamav.net/documents/freshclam-faq under “Error Codes" -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group https://www.talosintelligence.com | https://www.snort.org |

Re: [clamav-users] [ext] Re: ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

Dne čtvrtek 8. dubna 2021 16:17:24 CEST, Ralf Hildebrandt via clamav-users napsal(a): > * Vladislav Kurz via clamav-users : > > How about just making the file empty? > > I think this causes an error in clamav/clamd Then just make is as small as possible - e.g. leave only one signature in the

Re: [clamav-users] vistumbler as false positive

On Thu, 8 Apr 2021, Eero Volotinen wrote: https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe Looks like this is (vistumbler) detected as false positive. and On Thu, 8 Apr 2021, Arnaud Jacques wrote: At first look, ClamAV is not the only one

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users napsal(a): > > https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html > > > l> > > > > Are you still attempting to download

Re: [clamav-users] [ext] Re: ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

On Apr 8, 2021, at 10:48 AM, Vladislav Kurz via clamav-users mailto:clamav-users@lists.clamav.net>> wrote: Dne čtvrtek 8. dubna 2021 16:17:24 CEST, Ralf Hildebrandt via clamav-users napsal(a): * Vladislav Kurz via clamav-users mailto:clamav-users@lists.clamav.net>>: How about just making the