Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-28 Thread Olivier via clamav-users
Robert, In the configuration file user.conf for ClamAV-unofficial-sig, I set the following variable: clamd_reload_opt="/usr/local/bin/clamav-unofficial-sigs-post.pl" And the script is attached below. Best regards, Olivier clamav-unofficial-sigs-post.pl Description: Binary data --

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-28 Thread Robert Kudyba
I'd like the script and in our case the link starts with docs.google.com On Wed, Apr 28, 2021, 10:43 PM Olivier via clamav-users < clamav-users@lists.clamav.net> wrote: > Hi, > > Robert Kudyba writes: > > > [1:multipart/alternative Hide] > > > > > > [1/1:text/plain Show] > > > > > >

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-28 Thread Olivier via clamav-users
Hi, Robert Kudyba writes: > [1:multipart/alternative Hide] > > > [1/1:text/plain Show] > > > [1/2:text/html Hide Save:noname (3kB)] > > Since the signature name has .UNOFFICIAL and starts with MBL I believe that's > Malware Block List. I've > submitted a sample to fp (at) malwarepatrol.net. Is

Re: [clamav-users] Can't download daily-25402.cdiff from db.local.clamav.net

2021-04-28 Thread Richard via clamav-users
> Date: Wednesday, April 28, 2021 21:22:01 + > From: Will Watters > > I have updated the DatabaseMirror in /etc/freshclam.conf to use > database.clamav.net but still get the same issue. > > I'm unable to upgrade to 103.2 (see below). > > I'm using RHEL 6, as a customer requirement so not

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-28 Thread Steve Basford
On 28 April 2021 15:25:32 Robert Kudyba wrote: Since the signature name has .UNOFFICIAL and starts with MBL I believe that's Malware Block List. I've submitted a sample to fp (at) malwarepatrol.net. Is more than one sample needed? I'm posting here to let others know and as they don't appear

Re: [clamav-users] Can't download daily-25402.cdiff from db.local.clamav.net

2021-04-28 Thread Will Watters via clamav-users
I have updated the DatabaseMirror in /etc/freshclam.conf to use database.clamav.net but still get the same issue. I'm unable to upgrade to 103.2 (see below). I'm using RHEL 6, as a customer requirement so not able to upgrade the OS. Is this an issue due the RHEL 6

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-28 Thread Richard Graham via clamav-users
On Wed, Apr 28, 2021 at 4:25 PM Robert Kudyba wrote: > ... > sigtool --find-sigs MBL_85256034*|sigtool --decode-sigs > ... and remember that --find-sigs takes a REGEX not a glob so perhaps you meant "MBL_85256034.*", although sigtools checks the entire entry so searching for 'MBL_85256034' is

Re: [clamav-users] cdn :/

2021-04-28 Thread Benny Pedersen via clamav-users
On 2021-04-28 18:16, Joel Esler (jesler) wrote: On Apr 28, 2021, at 12:10 PM, Benny Pedersen wrote: On 2021-04-28 17:56, Joel Esler (jesler) wrote: I don’t think that’s a solution. https scales only if makeing private mirrors :/ design of torrents is ther more users the faster speeds all

Re: [clamav-users] cdn :/

2021-04-28 Thread Joel Esler (jesler) via clamav-users
> On Apr 28, 2021, at 12:10 PM, Benny Pedersen wrote: > > On 2021-04-28 17:56, Joel Esler (jesler) wrote: >> I don’t think that’s a solution. > > https scales only if makeing private mirrors :/ > > design of torrents is ther more users the faster speeds all get without > needing private

Re: [clamav-users] Can't start clamd - lchown to user failed

2021-04-28 Thread Keith Graber
Found out from a person not on the mailing list (thank you Christian Prehl!) the issue deals with AppArmor The line: capability chown, needed to be included in /etc/apparmor.d/usr.sbin.clamd Once that was added and AppArmor restated, clamd came right up. Thanks everyone for your thoughts!

Re: [clamav-users] cdn :/

2021-04-28 Thread Benny Pedersen via clamav-users
On 2021-04-28 17:56, Joel Esler (jesler) wrote: I don’t think that’s a solution. https scales only if makeing private mirrors :/ design of torrents is ther more users the faster speeds all get without needing private mirrors, so yes it does better then cloudflare is it possible to see

Re: [clamav-users] cdn :/

2021-04-28 Thread Joel Esler (jesler) via clamav-users
I don’t think that’s a solution. > On Apr 28, 2021, at 9:21 AM, Benny Pedersen via clamav-users > wrote: > > On 2021-04-28 14:42, Eero Volotinen wrote: > >> Please upgrade to supported version? > > i have that on gentoo, problem is fidxed now, finaly, how can this take so > long without

Re: [clamav-users] Can't download daily-25402.cdiff from db.local.clamav.net

2021-04-28 Thread Joel Esler (jesler) via clamav-users
Please upgrade to 103.2, as the error messages are more specific. Please change your Database settings to fetch from database.clamav.net instead of “db.local.clamav.net”. Daily-25402 is very out of date. On Apr 28, 2021, at 11:43 AM,

[clamav-users] Can't download daily-25402.cdiff from db.local.clamav.net

2021-04-28 Thread Will Watters via clamav-users
Hello, I'm unable to download definitions when running freshclam and virus db is older than 7 days. I have disabled ipv6, changed the DatabaseMirror in /etc/freshclam.conf and remvoed and reinstalled with the same issue. Any suggestions as to why it is not downloading please?

Re: [clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-28 Thread G.W. Haywood via clamav-users
Hi there, On Wed, 28 Apr 2021, Robert Kudyba wrote: Since the signature name has .UNOFFICIAL and starts with MBL I believe that's Malware Block List. I've submitted a sample to fp (at) malwarepatrol.net. Is more than one sample needed? I'm posting here to let others know and as they don't

[clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links

2021-04-28 Thread Robert Kudyba
Since the signature name has .UNOFFICIAL and starts with MBL I believe that's Malware Block List. I've submitted a sample to fp (at) malwarepatrol.net. Is more than one sample needed? I'm posting here to let others know and as they don't appear to acknowledge nor reply. Why don't these come up?

Re: [clamav-users] cdn :/

2021-04-28 Thread Benny Pedersen via clamav-users
On 2021-04-28 14:42, Eero Volotinen wrote: Please upgrade to supported version? i have that on gentoo, problem is fidxed now, finaly, how can this take so long without anyone notice it is imho scarry consider implement bittorrent protocol into freshclamd, it scales more then claoudflare

Re: [clamav-users] cdn :/

2021-04-28 Thread Eero Volotinen
Hi, Please upgrade to supported version? Eero On Wed, Apr 28, 2021 at 3:38 PM Benny Pedersen via clamav-users < clamav-users@lists.clamav.net> wrote: > > i am on cool down, yes since 10-4-2021 > > missing cdiff imho, so it try the full cvd download that is missing, > after that cool down :/ >

[clamav-users] cdn :/

2021-04-28 Thread Benny Pedersen via clamav-users
i am on cool down, yes since 10-4-2021 missing cdiff imho, so it try the full cvd download that is missing, after that cool down :/ am i alone ? ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Odd behavior when scanning eicar test files

2021-04-28 Thread Haukur Valgeirsson via clamav-users
Thanks for the reply :-) I will poke at this a little more and try to be as detailed as I can then file a bugreport. Will add a few inline replies here too. On 27.4.2021 16:09, G.W. Haywood via clamav-users wrote: This seems to be saying you have a clamd.conf, otherwise freshclam wouldn't