On 10/31/13, 5:08 PM, Paolo De Michele wrote:
hi everybody,
I installed a web/mail server correctly with the suite ispconfig.
between the packages I installed amavis and clamav
However, the email will be populated with the object UNCECKED and the system
logs I see this:
Run the clamconf f
On 11/8/13, 7:57 AM, xxdiskoxx2011 . wrote:
/etc/cron.daily/freshclam:
ERROR: Parse error at line 17: Unknown option UpdateLogFile
ERROR: NotifyClamd: Can't find or parse configuration file /etc/clamd.conf
Type the following at the command line:
rpm -qa |grep clam
Send back the results - i
On 11/8/13, 10:59 AM, xxdiskoxx2011 . wrote:
Clamav is perfectly installed. Other i have installed GUI for CLAMAV
Il 08/nov/2013 19:40 "David Raynor" ha scritto:
Clamav is probably perfectly installed, but Clamav does not necessarily include
clamd or clamd.conf, depending on the distributio
On 11/26/13, 5:27 PM, Michael Orlitzky wrote:
On 11/26/2013 06:47 PM, Dave Pitts wrote:
Like at 4:30pm MT every day. It may play at other times. But, I can't say.
Do you have any asshole friends who've used your PC lately?
This sounds like the answer to the question, "I have my buddy Dave's
What are the zlib failure details? You will probably also need
zlib-devel to compile Clamav.
dp
On 12/23/13, 9:29:43PM, Joshua Soulwin Malayappan wrote:
Hi,
I tried to install Clam av in Red Hat Enterprise Server Release:6.3
I got the below error
Failed dependencies:
libz.s
...@lists.clamav.net
[mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dennis Peterson
Sent: Tuesday, December 24, 2013 11:40 AM
To: ClamAV users ML
Subject: Re: [clamav-users] clam av Red Hat installation
What are the zlib failure details? You will probably also need zlib-devel to
compile Clamav
On 2/4/14, 4:17 AM, Andre Hübner wrote:
Hello,
is a signatur like this HTML.CVE_2012_1526-3 really needed?
HTML.CVE_2012_1526-3:3:*:7374796c653d{-256}6d617267696e3a{-20}2d(31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|39)(30|31|32|33|34|35|36|37|38|39)656
FYI - I had some bounces this week because Gene Heskett's URI in the following
quote is trapped by uribl.com:
nslookup geneslinuxbox.net.multi.uribl.com
Server: 127.0.0.1
Address:127.0.0.1#53
Non-authoritative answer:
Name: geneslinuxbox.net.multi.uribl.com
Address: 127.0.0.2
On 2/6/14, 7:54 AM, Douglas Goddard wrote:
Looking at the original file and what was uploaded to VT, this signature is
the md5sum of 43180 null bytes. While I would say this is definitely
Junk.Corrupted, it's not malicious. I'll drop it.
Thanks for the report.
There's more you should do (and
ot below.
nslookup geneslinuxbox.net.multi.uribl.com should return address not found. If
it is 127.0.0.X then there is still an issue.
dp
On 2/6/14, 1:09 PM, Gene Heskett wrote:
On Thursday 06 February 2014 16:08:01 Dennis Peterson did opine:
Dennis, you seem to be using a very old cache of uribl, I ha
On 2/6/14, 1:54 PM, Bryan Burke wrote:
Perhaps your blackholing problem is an indication of more problems -
we can ask the members to repeat the nslookup of your domain to see
if others get the results I got below.
nslookup geneslinuxbox.net.multi.uribl.com should return address not
found. If it
PM, Richard Conto wrote:
re: Dennis Peterson denni...@inetnw.com
"nslookup geneslinuxbox.net.multi.uribl.com" is only going to tell someone
where the first (of probably many) layered DNS servers are. Ubuntu 12.04
(LTS) takes this to an extreme by running a cacheing name server on the
d
On 2/6/14, 3:12:09PM, Joel Esler (jesler) wrote:
http://blog.clamav.net/2014/02/clamav-mailing-list-maintenance-monday.html
ClamAV Mailing List Maintenance, Monday, February 10th, 2014
This notice is for the members of the ClamAV mailing lists found here:
http://lists.clamav.net/mailman/list
On 2/11/14, 8:06 AM, Andrew Kelly wrote:
So.
Nearly mid February 2014 now. 0.98.1 has been available for a
month already, and Debian is still stuck at 0.97.8.
Is there any kind of formal statement from the package maintainer,
or is this simply an orphaned project?
Andy
So. Andy - Yo
On 2/12/14, 6:29 AM, Andrew Kelly wrote:
On Tue, 2014-02-11 at 21:28 -0800, Dennis Peterson wrote:
On 2/11/14, 8:06 AM, Andrew Kelly wrote:
So.
So. Andy - You do know that this is the wrong list for complaints about
Debian support, right? You might have better luck here:
Thanks
On 2/19/14, 7:03:15PM, Jobst Schmalenbach wrote:
On Wed, Feb 19, 2014 at 09:32:18PM -0500, Shawn Webb (sw...@sourcefire.com)
wrote:
On Feb 19, 2014 9:28 PM, "Jobst Schmalenbach" wrote:
[root /tmp] #>yum list installed "clamav*"
Loaded plugins: fastestmirror
Installed Packages
clamav.x86_64
On 2/19/14, 7:32:12PM, Dennis Peterson wrote:
#> yum list installed "clam*"
clamav.x86_640.98.1-1.el6 installed
clamav-db.x86_64 0.98.1-1.el6 installed
clamav-devel.x86_64 0.98.1-1.el6 installed
clamav-unofficia
On 2/26/14, 8:08 AM, Joel Esler (jesler) wrote:
On Friday last week I put a blog post up about introducing OpenSSL into the
ClamAV ecosystem. I wanted to make sure everyone saw it, so please have a look
at the blog post here:
http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to
On 2/26/14, 12:32 PM, Shawn Webb wrote:
On Wed, Feb 26, 2014 at 1:01 PM, Dennis Peterson wrote:
On 2/26/14, 8:08 AM, Joel Esler (jesler) wrote:
On Friday last week I put a blog post up about introducing OpenSSL into
the ClamAV ecosystem. I wanted to make sure everyone saw it, so please
have
On 2/27/14, 3:43:08PM, Paul Kosinski wrote:
The blog post concerning OpenSSL being required for ClamAV only has
one reason as to why it might *benefit* ClamAV, the other reasons are
why OpenSSL *itself* in good.
That single reason is:
"We will be able to provide a better freshclam experience
On 3/2/14, 7:55 PM, Scott Snow wrote:
I'm working on a MapReduce project using Amazon's EC2. The only bottleneck
I have is that it takes ~35-40 seconds to scan each file, which seems very
high. I'm using a c program as a wrapper for ClamAV, which takes a single
file and the mode. Does anyone know
On 3/3/14, 4:28 AM, Steve Hill wrote:
I'm using clamd together with exim under Scientific Linux 6.3 and I'm having
problems with Clam not detecting many viruses - in fact, looking back through
the logs it basically only seems to be finding a few phishing emails.
Did you just send a link to a
On 3/3/14, 8:50 AM, Brian Morrison wrote:
Steve is your Exim installation set up to reject mail on spamminess,
using SpamAssassin or similar?
I find that SA detects a lot of mail using SA rules that probably
contain attachments or inline images that are virus laden, but it's
cheaper on system
On 3/12/14, 12:13:53PM, Scott Kitterman wrote:
http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependency-to-clamav/
I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding the
dependency is fine from a technical perspective, but there is, at least
currently,
On 3/17/14, 7:43 AM, Marco wrote:
I don't see log on Postfix correlated to these warning.
Just two or three error a day like this, really:
2014-03-17T12:47:34.538025+01:00 postfix2 postfix/smtpd[17215]: warning:
milter inet:example.com:7357: can't read SMFIC_MAIL reply packet header:
Connecti
On 4/11/14, 1:31 AM, Mischa Coenen wrote:
Hi,
Clamscan can scan the contents of tar-balls for virusses, when I tar only a
eicar-file than clamav detects it. But I did a test in which i have put an
eicar file in different directories including the top-directory, clamscan
cannot detect any
On 4/15/14, 7:36 AM, Steven Morgan wrote:
Good news, it works. We are considering a --warn-on-limit-exceeded option
to cover messaging in these types of cases.
Steve
I've found an interesting inconsistency when scanning archives. I tested this on
an xz compressed tar file (the ClamAV distro)
On 4/17/14, 8:10 AM, David Raynor wrote:
Though inconsistent, it is less interesting then it may appear. The scanning
behavior is the same. Both return a clean disposition if limits are reached
and no signatures alert, including a message at debug level describing which
limit was exceeded. The
On 4/17/14, 8:13 AM, Alain Zidouemba wrote:
ClamAV "does scan for linux viruses".
If you install ClamAV, you can use the sigtool command to find signatures
for unix-specific malware.
Eg:
sigtool --list-sigs /usr/local/share/clamav/daily.cld | grep -i 'unix'
.
.
.
Exploit.Shellcode.Unix-Gen-1
On 4/17/14, 8:30 AM, Greg Folkert wrote:
You wouldn't happen to be a Solaris or SCO person, would you?
I'm retired after 3+ decades of using (in no particular order) SunOS, Solaris,
AIX, HP-UX, OSF/1-Tru64, HP-3000 running MPE, VAX-11/7XX, OS/400, BSD Unix, a
brief stint with SCO Unix, and mult
On 5/2/14, 8:34 AM, Greg Mueller wrote:
Thank you for your response
I did not install clamav, it came on a used computer.(not the one I'm using
to write this email)
I can't get that computer to boot at all so I can't upgrade.
I just need to get the computer to go past the block in the boot
On 5/7/14, 6:38 PM, James Brown wrote:
Have just upgraded to version 0.98.3 from 0.98.1.
Clamd starts fine, but anytime I reload the database (e.g. running freshclam)
clamd will crash.
Would you mind pasting in the output of clamconf too, please. I'd like to see
the build options compared to
On 5/8/14, 8:23 AM, Shawn Webb wrote:
Hey Martin,
Is there a way you can get to me main.cvd.broken? I'm wondering if the
change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on
big-endian machines running Solaris. I thoroughly tested the code on a
sparc64 machine (an old SunF
On 5/8/14, 9:00 AM, Dennis Peterson wrote:
On 5/8/14, 8:23 AM, Shawn Webb wrote:
Hey Martin,
Is there a way you can get to me main.cvd.broken? I'm wondering if the
change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on
big-endian machines running Solaris. I thoro
On 5/9/14, 7:33 AM, Bowie Bailey wrote:
On 5/8/2014 10:35 PM, Eric Shubert wrote:
[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$
Inefficiency bugs me... You can do multiple patterns with a single grep using
the -e flag.
grep -v -e ^# -e ^$ clamd.conf
Try (and there are surely o
On 5/9/14, 7:26 PM, Eric Shubert wrote:
On 05/09/2014 04:41 PM, Dennis Peterson wrote:
On 5/9/14, 7:33 AM, Bowie Bailey wrote:
On 5/8/2014 10:35 PM, Eric Shubert wrote:
[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$
Inefficiency bugs me... You can do multiple patterns with a
Built and runs fine in Centos 6.5. Signature updates works, sigusr2 forces a
reload, no crashes. Works like a Mac.
dp
Platform information
uname: Linux 2.6.32-431.17.1.el6.x86_64 #1 SMP Wed May 7 23:32:49 UTC 2014
x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib versi
On 5/23/14, 11:15 AM, Matus UHLAR - fantomas wrote:
On 23.05.14 12:25, Claudio Cuqui wrote:
I would like to known if is it possible to create a virus signature that
match the subject of a mail message. I tried everything and the signature
only match when the pattern is located in the email body
On 5/27/14, 7:45 PM, Michael Heuberger wrote:
Thanks but sorry, the thread is too long and I'd prefer to get to the
point ...
Buy more memory.
dp
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clama
The OP brought up several points, none of which were addressed.
1. Nevertheless, the detection rate of viruses, trojans, etc. is not very good.
Almost every time I submit a sample file on virustotal.com ClamAV can not detect
the virus or malware.
2. Up to now, I never got a notification, alth
Quick dump of found signature results: ClamAV vs Basford et al
Unofficial sigs, total:
grep UNOFFICIAL clam* |wc -l
174
Unofficial Sane Security sigs found
grep Sanesecur.*FOUND clam* |wc -l
141
Official ClamAV sigs found:
grep FOUND clam* |grep -c -v UNOFFICIAL
10
Non-Sanesecurity unofficial
Why wouldn't ClamAV be interested in creating this signature as part of their
own distribution? It's a virus, it's what you do, no?
dp
On 6/24/14, 11:14 AM, Joel Esler (jesler) wrote:
On Jun 24, 2014, at 11:01 AM, Bowie Bailey
mailto:bowie_bai...@buc.com>> wrote:
On 6/24/2014 9:53 AM, Walter
On 6/24/14, 9:16 PM, Al Varnell wrote:
That’s certainly a valid question and deserves a ClamAV® answer, but I’ll throw
this comment out.
The signature team has always been overwhelmed by the number of new samples it
receives every day and even though the team is bigger today, so is the input.
On 6/26/14, 9:47 PM, Henrik K wrote:
Hello, HAVP developer here. I'll release a new version if it's required, but
I guess that will have to wait on the discussions. Hopefully it's not even
necessary and 0.98.4 will remain an unused dark horse version..
Cheers,
Henrik
It is here.
dp
___
On 7/4/14, 12:01 PM, René Bellora wrote:
hi!
I'm trying to compile Clamav 0.98.4 in Centos4, and i get this:
configure: error: Your OpenSSL installation is missing the X509_VERIFY_PARAM
function. Please upgrade to a more recent version of OpenSSL.
this is a server that I don't control (I wo
On 7/24/14, 12:47 PM, Bernard Thédié wrote:
Le 24/07/2014 21:08, Matus UHLAR - fantomas a écrit :
On 24.07.14 20:23, Bernard Thédié wrote:
Silly reason... my computer has a very, very noisy fan.
I'm afraid you can avoid this problem only by not using anything that eats
CPU.
well, "conservati
On 9/5/14 2:10 AM, Steve Basford wrote:
Hi All,
For those using Sanesecuriy foxhole databases, I've finally updated
their usage information:
http://sanesecurity.com/foxhole-databases/
Cheers,
Steve
Sanesecurity.com
Steve - thanks for your contribution to the success of the ClamAV products. O
On 9/16/14 2:28 PM, Al Varnell wrote:
The following file was found in Adobe PhotoShop CS6 infected with
Win.Worm.Chir-681 (apparently added to the database earlier today):
/Applications/Adobe Photoshop CS6/Adobe Photoshop
CS6.app/Contents/Required/Droplet Template.exe
I’ve submitted it as a F
Better, I think, is to start with what processes can lock the log file.
Logrotate being one such. It is a small matter to disable this and wait and see.
dp
On 9/23/14 8:50 AM, Kevin Lin wrote:
Have you tried to query what process is locking the log file?
It is possible that multiple freshclam
The question he asked is are regex expressions allowed in the whitelist file.
I've never looked into it so don't know, but it seems like it could be a useful
feature although extremely easy to abuse.
What he would like to do is replace multiple similar entries that are causing
FP's:
Zip.Suspec
On 10/3/14 8:10:24AM, Mark Allan wrote:
On 3 Oct 2014, at 03:39 pm, Gene Heskett wrote:
On Friday 03 October 2014 07:19:13 Tim Smith did opine
Over the last 24-48 hours, I submitted a number of email attachments.
RAR files that contained viruses.
Running one or two of them through VirusTotal
On 10/3/14 2:11:15PM, Charles Swiger wrote:
On Oct 3, 2014, at 1:54 PM, Leonardo Rodrigues wrote:
On 03/10/14 08:19, Tim Smith wrote:
All of the commercial vendors I submitted the samples to had analysed
and created samples in timeframes ranging from hours to one day.
At this rate I'm going t
On 10/6/14 7:21 AM, Tim Smith wrote:
Seriously, why should I mess around with creating virus signatures, its a
waste of my time.
Because that is the norm for community-supported products and because nobody but
you is ultimately responsible for protecting your systems from malware.
dp
___
On 11/9/14 4:52 AM, Saker Hamdy Mohamoud Salama wrote:
Dears,
I want to know the date of updated files (daily.cvd & main.cvd).
From a command line type:
$ cd /path_to_files && ls -l daily* main*
For example,
cd /var/lib/clamav && ls -l daily* main*
Compare the dates against your freshcla
On 11/15/14 9:22 AM, G.W. Haywood wrote:
Hi there,
On Sat, 15 Nov 2014, PJ Balsley wrote:
I use clamav on hundreds of linux systems in our network. ...
This is not a facetious question, it's one of genuine interest.
Why?
I did it too and the reason is compliance with credit card/social sec
On 11/18/14 2:11 PM, Joel Esler (jesler) wrote:
http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
ClamAV 0.98.5 has been released!
Will there be a Clamav 1.0 in my lifetime? I'm pushing 70 :)
dp
___
Help us build a comprehensive Cl
On 12/18/14 6:29 AM, polloxx wrote:
Since more and more malware is not attached to a mail but only an url to
it, detecting it is challenge. Is there any good url scanner avalable for
Clamav?
Thx,
P.
The Sendmail/Postfix milter J-Chkmail (and front end for ClamAV) can use DNS or
regular expressi
What problem are you trying to solve with https? The data contain no secrets and
are freely available to any who wish to have it, so the immediate effect of
encryption is unneeded. Secondarily, https creates a greater server load to
encrypt the data, trusted SSL certs are an added expense, and t
What a dummy - I responded to the wrong post :)
On 12/23/14 10:41 AM, Dennis Peterson wrote:
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Second try:
What problem are you trying to solve with https? The data contain no secrets and
are freely available to any who wish to have it, so the immediate effect of
encryption is unneeded. Secondarily, https creates a greater server load to
encrypt the data, trusted SSL certs are an added
protecting intellectual
property and that is justification for just about any solution you can come up with.
dp
On 12/29/14 6:43 AM, Torge Husfeldt wrote:
Hi,
Am 24.12.2014 um 12:09 schrieb Arnaud Jacques / SecuriteInfo.com:
Le mardi 23 décembre 2014, 10:56:37 Dennis Peterson a écrit :
Second
On 12/31/14 11:22 PM, Franklin Wang wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I've tried nod32, Dr. Web, AVG, clamav(the only open source one?),
comodo, F-prot on the desktop(x86_64). Why can't I find reviews for
them? There're many reviews for Windows platform, but few for Linux
de
On 1/1/15 10:26 AM, Joel Esler (jesler) wrote:
I think the answer you are going to get from the ClamAV list is ClamAV.
--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos
It is also worth pointing out to n00bs and old timers alike this tag line from
the ClamAV home page:
On 1/13/15 7:17 AM, Richard Thibaudeau wrote:
Hi everyone
For at least two weeks I'm searching the Internet to find a solution to:
root@debian:/# freshclam
ERROR: Parse error at line 4: Unknown option LocalSocket
ERROR: Can't open/parse the config file /etc/clamav/freshclam.conf
Please see the
On 1/21/15 2:26 PM, E R wrote:
Hi to all,
I made this post over at Github, my assumptions that this is Clamav's
Github?
https://github.com/vrtadmin/clamav-devel/issues/14
I'm trying to figure out how to compile clamav as only a stand alone
scanner when needed...
Any help would be apprecaited.
On 1/21/15 5:22 PM, E R wrote:
@Dennis, Al asked what platform, I said; Slack which = Slackware, hence I'm
a Slacker. ;)
What you don't think a Slacker knows how to do? ./configure --help > log :)
JUST KIDDING Dennis! :)
But seriously, there's nothing in there to really strip it down, just a f
The documentation in freshclam.conf for private mirrors says:
# This option allows you to easily point freshclam to private mirrors.
# If PrivateMirror is set, freshclam does not attempt to use DNS
# to determine whether its databases are out-of-date, instead it will
# use the If-Modified-Since r
On 1/27/15 2:32 AM, stef stef wrote:
Thanks for this. So, now I write on my freshclam.conf :PrivateMirror
192.168.0.200
And no more "Error can't find Name or service not known"
But, my client don't find .cvd :WARNING: main.cld not found on remote server
Now, how indicate to the client that it h
He wants to know if ClamAV takes any corrective action such as quarantine or
even remediate the problem by replacing corrupted files with originals. ClamAV
does neither, but it can alert tertiary software to perform quarantining and
provide notification of a need for user initiated remediation.
cted files. The documentation indicates use with care. I've not tried
them myself.
Steve
On Tue, Jan 27, 2015 at 7:40 PM, Dennis Peterson
wrote:
He wants to know if ClamAV takes any corrective action such as quarantine
or even remediate the problem by replacing corrupted files with or
Is this a deprecated feature we can/should ignore?
dp
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
10:19 AM, Joel Esler (jesler) wrote:
The feature still exists. However, I don’t believe we distribute any
“ExtraDatabase”s on the mirrors.
On Jan 29, 2015, at 7:05 AM, Dennis Peterson wrote:
Is this a deprecated feature we can/should ignore?
dp
___
It takes a lot of cores to run multiple VM's and scanning other VM's from a peer
VM across the virtual switch and creates a lot of traffic in the vSwitch layer
of the hosting system. It doesn't work to scan the vdisk of a VM itself unless
you can mount the virtual disk and scan it as you would a
On 2/17/15 3:58:02PM, Manoj Ramakrishnan wrote:
At the moment there is no settings in squidclamav to extract the
multipart form data and send only the attachment to clamd. As Kevin
mentioned, if clamd doesn't natively support parsing HTTP messages
then we need to find a way to pass correct data
On 2/22/15 12:16 PM, Daniel Spies wrote:
On 02/22/2015 07:13 PM, Matus UHLAR - fantomas wrote:
sure it makes sense to scan outgoing mail.
Maybe in a company network, yes. But I don't care for the computers of my
clients -- these are their computers. *If* they get infected somehow, I have
mea
On 2/22/15 12:32 PM, Daniel Spies wrote:
On 02/22/2015 09:18 PM, Dennis Peterson wrote:
While I disagree with everything you've said I am glad you've spoken
out. My job would be far easier if everyone did so.
Could you be more precise? The quintessence of my last message was:
1.
Features that have graduated from deprecated to deleted should have all remnants
removed from associated files. Sounds like it's past time to tidy up the
clamd.conf and freshclam.conf files.
dp
On 2/26/15 10:10 AM, Steven Morgan wrote:
Hi Vladislav,
Unfortunately there is currently not an op
Maybe it's time to run that nmap script they might have :)
Hopefully they have something more elegant, though.
dp
On 2/26/15 11:49 AM, Smith, David wrote:
Nope .. not yet! :)
[root@SERVERNAME]# wget http://database.clamav.net/daily.cvd
--2015-02-26 14:46:30-- http://database.clamav.net/dail
On 3/5/15 10:05 AM, Henry Collins wrote:
So the normal ClamAV (not daemon) is working alright and I do not have any
complaints. However, the daemon is not working or I cannot see how it is
working. When I write "ps ax", I can see that it is running, but the
problem is that I cannot find any infor
Try using db.jp.clamav.net. Lots of mirrors and they're practically next door as
under-sea cables go.
nslookup db.jp.clamav.net
Server: 127.0.0.1
Address:127.0.0.1#53
Non-authoritative answer:
Name: db.jp.clamav.net
Address: 27.96.54.66
Name: db.jp.clamav.net
Address: 120.29
s] Mirrors 65.19.179.67"
<http://lurker.clamav.net/message/20150212.145031.f8669263.en.html>
-Al-
On Wed, Mar 11, 2015 at 05:24 PM, Dennis Peterson wrote:
Mirror #12
IP: 65.19.179.67
Successes: 0
Failures: 23
Last access: Mon Feb 9 03:45:32
The string you are looking for is not necessarily the only one you should be
looking for for that exploit. More information here:
http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/
Steve at SaneSecurity has a nice document on creating your own signatures here:
http://sa
The dmg files are logical structures. They are comprised of Unix directories and
files and clam doesn't need to treat them differently than any other directory
tree. if you have support compiled in for zip, RAR, TAR, and several other
archiving formats it should decompose them and scan each of t
Forgot to include dmg files are as described when mounted - else they are disk
images (cpio). I don't know what the clam product does with unmounted disk images.
dp
On 3/26/15 11:09 PM, Dennis Peterson wrote:
The dmg files are logical structures. They are comprised of Unix directories
added a couple of versions back.
--
Joel Esler
Sent from my iPhone
On Mar 27, 2015, at 3:11 AM, Al Varnell
mailto:alvarn...@mac.com>> wrote:
On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote:
Forgot to include dmg files are as described when mounted - else they are disk
images (cp
On 3/28/15 6:48 PM, Al Varnell wrote:
On Sat, Mar 28, 2015 at 06:35 PM, Jinwon Lee wrote:
Thanks for the responses. I am not a computer expert so I might not fully
understand
all that has been discussed but it sounds like ClamXav extracts(decompose?)
archive files like zip, RAR and then scan.
On 3/28/15 10:43 PM, Jinwon Lee wrote:
Thanks for that. I guess ‘Hash Value’ refers to the ClamAV identifying the
.dmg as a known file that contains virus/es.
Jinwon
That was the case too for password protected zip files. If you can't burst the
contents you condemn the wrapper.
dp
___
On 3/29/15 12:08 AM, Al Varnell wrote:
On Sat, Mar 28, 2015 at 09:50 PM, Dennis Peterson wrote:
It should be possible to use cpio to extract the contents to a stream and feed
that into the ClamAV engine
OS X does include cpio but I have been unsuccessful in getting it to do anything with a
On 3/29/15 4:55 AM, TR Shaw wrote:
On Mar 29, 2015, at 1:45 AM, Dennis Peterson wrote:
On 3/28/15 10:43 PM, Jinwon Lee wrote:
Thanks for that. I guess ‘Hash Value’ refers to the ClamAV identifying the
.dmg as a known file that contains virus/es.
Jinwon
That was the case too for
On 4/9/15 7:31 AM, sanes wrote:
Does "clamscan --remove=yes" only delete infected file from hard disk, or
also if running in memory (RAM)?
we rather manually delete files that are infected, but not sure how to
handle
Having clamscan remove files before you review them is probably the worst
poss
My opinion is well-framed by this wikitedia page:
http://en.wikipedia.org/wiki/Heuristic_analysis
To summarize, no, I don't trust best-guesses. Not even mine.
dp
On 4/12/15 4:52 AM, Franklin Wang wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi guys,
I've been collecting reviews ab
Nice work, Steve and Adrian.
dp
On 5/14/15 6:13 AM, Steve Basford wrote:
Hi All,
Just in case this is useful to anyone:
Adrian of extremeshok-dot-com has forked Bill Landry's
clamav-unofficial-sigs script and made quite a few new changes to the
script:
Original
On 5/29/15 4:20 AM, Paul Martin wrote:
Hello,
I have many false positive when clamav detects "malware
Html.Exploit.CVE_2015_0045",
what can I do to stop these false positive ?
Thanks, Paul
___
Help us build a comprehensive ClamAV guide:
https://github
That is a pretty nice addition, Joel. Naturally somebody is going to ask if
there is an on-line rule testing utility anywhere so that might as well be me
:). I'm particularly interested in knowing if the linefeeds between the keyword
rule and the closing brace in the rules can be left out so the
d in yara rules.
Referencing other rules within a condition is one of the yara features that
is not supported in ClamAV 0.99 beta1. We are looking at how to include it
in a future release.
On Wed, Jun 10, 2015 at 10:50 AM, Dennis Peterson
wrote:
That is a pretty nice addition, Joel. Naturally somebody is
Check file permissions of the file you are scanning to ensure the clamd daemon
is allowed to read it.
dp
On 6/18/15 11:52 PM, MATSUMOTO ATSUHIRO-OMX wrote:
Dear, ClamAV-Users,
I tried ScanOnAccess at CentOS7's fanotify.
clamd scanner daemon was running, and no error logs,
I put eicar.com on
And be careful if using the -l option of clamscan.
On 6/22/15 1:13 PM, Noel Jones wrote:
On 6/22/2015 2:50 PM, MarkusGMX wrote:
Am 20/06/15 um 19:15 schrieb Markus Egg:
Hello,
how can I use clamscan on multicore CPUs ?
I found "clamdscan" with --multiscan but for some reasons
--multiscan does
Exactly.
dp
On 6/23/15 10:24 AM, MarkusGMX wrote:
Am 23/06/15 um 14:10 schrieb Gene Heskett:
On Monday 22 June 2015 19:01:34 Dennis Peterson wrote:
And be careful if using the -l option of clamscan.
And what might that result in?
Warnings like that demand a scenario describing statement
Try this:
clamconf | fold -s | grep "sysconfdir=/"
That will tell you where clam expects to find your clamd.conf file. That might
not be where you expect it. Also check the service script to see if clamd is
started with the --config-file=FILE option. It will override your compiled
sysconfigdi
The directives are very important, though. He has multiple versions of Main and
Daily and needs to remove one each of the redundant files. It would be safe to
remove the older of the files in the two pairs of files.
On 6/30/15 12:15 AM, Al Varnell wrote:
On Tue, Jun 30, 2015 at 12:10 AM, Paul
1 - 100 of 1801 matches
Mail list logo