Re: [clamav-users] freshclam: warnings

e, but the log indicates that the latest main.cvd and daily.cvd files were just downloaded, so those would have to be the latest. -Al- On Tue, Jun 30, 2015 at 12:19 AM, Dennis Peterson wrote: The directives are very important, though. He has multiple versions of Main and Daily and needs to remov

Re: [clamav-users] problem reading socket while updating database

It seems to be the elephant in the room, but the root cause of your problem is you have a resource-constrained system. You don't have enough RAM or CPU to do what you want. I had the same problem with older Solaris systems running SPARC processors and no amount of cleverness on my part helped.

Re: [clamav-users] problem reading socket while updating database

On 7/8/15 8:11 AM, Jingo Administrator wrote: Scanning is not the bottleneck, reloading the database is. Because you're wrong about this you cannot correct the real problem. The bottleneck is the platform. Nothing else. dp ___ Help us build a compreh

Re: [clamav-users] problem reading socket while updating database

f the clamav service. Imho that's the real problem. On 07/08/2015 05:54 PM, Dennis Peterson wrote: On 7/8/15 8:11 AM, Jingo Administrator wrote: Scanning is not the bottleneck, reloading the database is. Because you're wrong about this you cannot correct the real problem. The bottl

Re: [clamav-users] Worrying clamscan timing trend

Check your logs and see if it was scanning any network/USB devices. The number of files scanned jumped quite a bit. Other than the number of scanned files growing has there been any other changes made on the system that might compete with disk IO, CPU, and memory? dp On 7/9/15 8:02 AM, Chris

Re: [clamav-users] offline updates

If you have a stand-alone system with no networking and presumably no shared storage (scsi or SAN, by example) then you have to span the air gap manually. Your isolated system will only be as safe as the last networked system used to manually span the air gap. A work-around for that is to have a

Re: [clamav-users] [Fwd: [sanesecurity] Hacking Team detection]

On 8/7/15 7:44 PM, Gene Heskett wrote: On Friday 07 August 2015 22:08:10 Scott Kitterman wrote: On August 7, 2015 9:17:44 PM EDT, Gene Heskett wrote: On Friday 07 August 2015 18:34:30 Scott Kitterman wrote: On August 7, 2015 6:30:42 PM EDT, Gene Heskett wrote: On Friday 07 August 2015 16

Re: [clamav-users] DB update and clamav-milter delay

On 9/29/15 3:41 AM, Joel Esler (jesler) wrote: Al, Thanks for brining that up. Once a minute? That’s fairly excessive. Once an hour is appropriate… Overdoing it, but more appropriate. Keep in mind that the mirrors are donated to ClamAV and the bandwidth you are consuming is probably fairl

Re: [clamav-users] ClamAV sends lots of False Positives : Heuristics.Structured.CreditCardNumber FOUND

Yes - of course it can. clamscan --help |egrep "include|exclude" dp On 10/27/15 12:23 AM, Zeal Vora wrote: Hi We have ClamAV on servers and it sends a lot of False Positives related to : Heuristics.Structured.CreditCardNumber FOUND Almost 99% of the alerts are the same. Can we have ClamAV

Re: [clamav-users] ClamAV sends lots of False Positives : Heuristics.Structured.CreditCardNumber FOUND

:44 AM, Dennis Peterson wrote: Yes - of course it can. clamscan --help |egrep "include|exclude" dp On 10/27/15 12:23 AM, Zeal Vora wrote: Hi We have ClamAV on servers and it sends a lot of False Positives related to : Heuristics.Structured.CreditCardNumber FOUND Almost 99% of

Re: [clamav-users] negate part of signature

Awesome news on the PCRE inclusion. Looking forward to that. dp On 10/29/15 4:13 PM, Alain Zidouemba wrote: FYI, PCRE support is coming in ClamAV 0.99. There is a release candidate here if you want to try it: http://www.clamav.net/downloads ___

Re: [clamav-users] Unable to run clamd in /opt/directory

What are the directory permissions/extended permissions for /opt? Did you try sudo -u clamdUserName cat /opt/clamd.conf to see if the clamd user has permission to access the file? dp On 11/4/15 6:15 AM, P K wrote: Hi Guys, I am seeing config file parse error when using config file inside /o

Re: [clamav-users] Unable to run clamd in /opt/directory

use this option, behavior is selected automatically, which for scans where clamd and clamdscan are started on the same machine, is clamd to try to directly scan the directory, which causes troubles if his user do not have permissions to traverse the directory/files. Regards, Deyan Dennis

Re: [clamav-users] Still getting this:

Write a local whitelist record? dp On 11/18/15 11:32 PM, Al Varnell wrote: I just submitted my FP to them 48 hours ago and have not received confirmation on it’s acceptance yet. Not terribly unusual, but given that it impacts Adobe apps, I did expect to have some feedback by now. -Al- On W

Re: [clamav-users] Still getting this:

e did for ClamXav users, but given that it’s a cross-platform vulnerability, ClamAV needs to re-write or remove it, as well. -Al- On Wed, Nov 18, 2015 at 11:34 PM, Dennis Peterson wrote: Write a local whitelist record? dp On 11/18/15 11:32 PM, Al Varnell wrote: I just submitted my FP to th

Re: [clamav-users] Clamav fails to detect exe within rar

The libunrar license discourages vendors from building in libunrar support in product distributions. It is a long boring story. dp On 11/20/15 8:18 AM, Kees Theunissen wrote: On Fri, 20 Nov 2015, Steve basford wrote: Hi Alex... do you have libunrar On Debian linux systems (and probably on

Re: [clamav-users] crdf threatcenter

On 12/30/15 11:44 AM, Steve Basford wrote: Hi Sebastian, I tweeted them a few days ago, they said they were having a few issues and would be fixed after their vacation. Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com Thanks for being everywhere, Steve. Your contribution

Re: [clamav-users] SquidClamAV and generic rules ...

Whitelist it, send your sample, then remove the whitelist. dp On 1/3/16 11:57 AM, Walter H. wrote: Hello, not only the downloaded content is checked, also the uploaded content, as this makes it impossible uploading a file to VirusTotal, when e.g. the following inside a .cdb is active Sanese

Re: [clamav-users] CentOS 7 EPEL Packages

I've been using the SRPM files from Fedora to build my own distribution. It is a fairly simple matter to edit the specfile to create an rpm file that uses directory structures and user/groups that you want. Here's a trail head tutorial to get you started. https://wiki.centos.org/HowTos/Rebuild

Re: [clamav-users] Virus-Datebase-Updates?

The VirusTotal site provides a distorted view of virus detection. Their (Google $$) server farm uses every available tool out there to determine the status of a submission. The even say they make no effort of their own to detect malware, but rely on the hard work of the teams that do the heavy l

Re: [clamav-users] clamav on centos 7: changing runas user

/var/run is a link to /run which is a tmpfs file system. Look in /etc/sysconfig/tmpfiles.d for a config file for clamav and see man tmpfiles.d to understand the file format. It is sometimes (well, frequently) helpful to download an rpm package and look inside it to see all the files that will

Re: [clamav-users] clamav on centos 7: changing runas user

Correction on the path - should be /etc/tmpfiles.d. dp On 1/20/16 10:28 AM, Dennis Peterson wrote: /var/run is a link to /run which is a tmpfs file system. Look in /etc/sysconfig/tmpfiles.d for a config file for clamav and see man tmpfiles.d to understand the file format. It is sometimes

Re: [clamav-users] Spam:*******, Re: clamav on centos 7: changing runas user

Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Dennis Peterson Sent: Thursday, January 21, 2016 3:21 AM To: ClamAV users ML Subject: Spam:***, Re: [clamav-users] clamav on centos 7: changing runas user Correction on the path - should be /etc

Re: [clamav-users] Clamav cannot detect a malware using a signature based on html comment

test.html THIS IS A MALWARE Test signatures: this is a malware This is a malware test.ndb test1:3:*:3c212d2d20546869732069732061206d616c77617265202d2d3e test2:3:*:3c212d2d20746869732069732061206d616c77617265202d2d3e test3:3:*:20746869732069732061206d616c7761726520 test4:3:*:205468697

Re: [clamav-users] Clamd high CPU during clamdscan

The "nice" utility is your very best friend. It yields CPU time to other operations but will run like crazy of nothing else is a higher priority. Clam is a disk IO heavy process for obvious reasons, and can drive disk waits up quite high. It is also CPU intensive but should occupy a single core.

Re: [clamav-users] Freshclam Non-repudiation

See the config file for freshclam. It will pull sigs from where ever you specify. The default is to use the ClamAV signature server farm and are known to the ClamAv team. Checksums are examined. Others will have to speak to the credentials expected of those volunteers who make up the server fa

Re: [clamav-users] Clamd vs clamscan

Clamd is for on-demand scanning and purpose built for email scanning. It runs as an unprivileged user which makes it awkward for scanning arbitrary files. Clamscan is for user initiated or scheduled scanning of arbitrary files, and can be run as any system user. Clamscan is undesirable as an on-

Re: [clamav-users] clamscan doesn't have a BlockMacros option

I swear when I first read the subject I thought it said BlockMorons and immediately thought it would be a good feature. :) dp On 2/10/16 1:05 AM, David Shrimpton wrote: Hi, clamscan doesn't appear to have an option equivalent to the OLE2BlockMacros in clamd.conf for clamdscan. clamdscan will

Re: [clamav-users] making clamdscan noisier when it has found something

The most useful information I get is from the milter (J-Chkmail) that manages scanning via clamd. Sun Feb 7 05:57:59 2016 -> /var/spool/jchkmail/56B74D61.000.: Sanesecurity.Foxhole.Zip_doc_js.UNOFFICIAL FOUND The serial number maps directly to the message id in sendmail's log which has

Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

My experience with these kind of failures is that the pattern is not properly anchored or the writer doesn't understand greedy grep patterns or both. Fallout from the new pcregrep, perhaps? I've not analyzed it so am speculating here, but lessons learned after decades of doing this is of regex r

Re: [clamav-users] clamav-milter reject and quarantine?

What you want to do is best done using the local mailer and not SMTP. Technically and literally you have accepted the message in your scheme and are therefore responsible for delivery. You can't both send a reject and deliver the mail - it violates the protocol and integrity of the messaging sys

Re: [clamav-users] clamav-milter reject and quarantine?

On 2/18/16 9:21 AM, Michael Grant wrote: The reason I want to do this is that I want to reject virus messages while >>the smtp connection is still alive, but after the fact, if there was a >>false positive, I'd like to be able to send the message on through anyway >>after the fact. You say here y

Re: [clamav-users] clamav-milter reject and quarantine?

On 2/18/2016 11:21 AM, Michael Grant wrote: I don't want to deliver the message, I want to quarantine it (like put it in a directory somewhere), and then refuse it at the milter/smtp level. There is not a violation of the protocol here. On 18 February 2016 at 17:59, Dennis Peterson wrote:

Re: [clamav-users] clamav-milter reject and quarantine?

rejected at the SMTP level before the SMTP connection goes away. On 18 February 2016 at 18:25, Dennis Peterson wrote: On 2/18/16 9:21 AM, Michael Grant wrote: The reason I want to do this is that I want to reject virus messages while the smtp connection is still alive, but after the fact, if

Re: [clamav-users] Filename Regex

^New\ Doc.* (<- that is from the below example but is actually a poorly constructed regex because it will search to end of line/string) should work to escape the space char but that is one of the oddities of regex - knowing which implementation is being used. dp On 2/18/16 3:13 PM, Steven Mor

Re: [clamav-users] clamav-milter reject and quarantine?

This isn't the place for this debate, but if you accept a message you own it and are compelled to deliver it. If you reject it before the final protocol ". [cr] you can to anything you want with it forensically, but you can't deliver it. The sender still owns it. If people don't accept this then

Re: [clamav-users] Submission Status

This is the clamav-users list. We're all a bunch of nobodies here. There are other lists that may be more appropriate for you and your problem. The recommendation to not send samples to this list is a general case and a good one. If people come to believe it will get faster results then the like

Re: [clamav-users] clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response

# grep FOUND /var/log/clamav/clamd.log* |grep -c UNOFFICIAL 80 # grep FOUND /var/log/clamav/clamd.log* |grep -v -c UNOFFICIAL 0 # grep FOUND /var/log/clamav/clamd.log* |grep -c -i sanesecurity 38 # grep FOUND /var/log/clamav/clamd.log* |grep -c -i winnow 42 My logs go back only to January, but th

Re: [clamav-users] clamav-virusdb mailing list - what is the use?

This is the list clamav users and administrators use to troubleshoot, debug, install, and configure the product. The support staff also participate and answer questions that can't be answered by reading the manual. It is intended for product support. The other lists are for product improvement t

Re: [clamav-users] clamav-virusdb mailing list - what is the use?

ned in my first post). On 11/03/2016 17:29, Dennis Peterson wrote: This is the list clamav users and administrators use to troubleshoot, debug, install, and configure the product. The support staff also participate and answer questions that can't be answered by reading the manual. It

Re: [clamav-users] javascript ZIP virus not caught?

Already in the wild. http://www.foxnews.com/tech/2016/03/07/new-mac-os-x-ransomware-targets-apple-users.html On 3/15/16 3:10 AM, Al Varnell wrote: Thanks, that’s what I suspected when I saw they all appeared to be downloaders. Probably won’t be long until they figure out how to attack OS X wi

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

Subject line was URL links on 3/17/2016. That was when Joel suggested the stats link should be removed. dp On 3/18/16 3:38 PM, Al Varnell wrote: Check the archives as I believe that was reported/discussed earlier. Sent from Janet's iPad -Al- On Mar 18, 2016, at 2:50 PM, Yuri Voinov wrote:

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Sorry - didn't intend to send this to the list. On 3/17/16 12:02 AM, Dennis Peterson wrote: sigtool --unpack=main.cvd rm -f main.cvd grep EICAR main.* main.hdb:44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1 main.hsb:275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

We're not yet sure if it's broken or a result of renaming signatures. dp On 3/17/16 10:25 AM, Jason Williams wrote: Is anyone still seeing this or have they fixed it? -J Sent via iPhone On Mar 17, 2016, at 02:44, Mark Allan wrote: Just to confirm, I'm also seeing everything being flagged

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

redid the website. -- Joel Esler iPhone On Mar 18, 2016, at 6:30 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: Subject line was URL links on 3/17/2016. That was when Joel suggested the stats link should be removed. dp On 3/18/16 3:38 PM, Al Varnell wrote: Check the archives as I

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

? 19.03.16 20:37, Dennis Peterson ?: A reference to it is in legacy freshclam.conf files. Some people don't update the conf files during RPM updates so that information lingers forever. dp On 3/18/16 6:41 PM, Joel Esler (jesler) wrote: Afaik, this hasn't been up in a long time. We to

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

The png file shows you're using the wrong URL. http://www.stats.clamav.net dp On 3/19/16 8:12 AM, Yuri Voinov wrote: ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

The DNS configuration for www.stats.clamav.net are suspect. I just looked at the squid logs and see this: 1458401557.097598 TCP_CLIENT_REFRESH_MISS/503 890 GET http://www.stats.clamav.net/ - DIRECT/188.40.140.240 text/html 1458401566.520599 TCP_REFRESH_HIT/200 1431 GET http://www.sta

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

connect to remote host: Connection refused I remember it uses Open ID as authenthcation. But this host is not listening port 80 or 443 as shown above. 19.03.16 21:51, Dennis Peterson ?: The DNS configuration for www.stats.clamav.net are suspect -

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

sigtool --unpack=main.cvd rm -f main.cvd grep EICAR main.* main.hdb:44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1 main.hsb:275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f:68:Win.Test.EICAR_HSB-1 main.mdb:45056:3ea7d00dedd30bcdf46191358c36ffa4:Win.Test.EICAR_MDB-1 main

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

, Dennis Peterson ?: My proxy had stale cache data as shown in the last post and that is why I was seeing what appeared to be an active site. I should have explained better in that post rather than assume everyone knows what squid logs show us. The stats site web server is down but clamav.net DNS

Re: [clamav-users] Why has clam started updating itself every 3 hours?

On 3/21/16 2:21 PM, Andy Keller wrote: This is new behavior, as far as I know. We’ve not seen this sort of thing before. I’m noticing (via OSSEC) that our ClamAV deployments are updating themselves every 3 hours. This is far in excess of the cron we set up to run Freshclam. Any idea what could

Re: [clamav-users] No updates with signatures for last few days.

Ignore the signature count - it is not a good indicator of change. Signatures are removed and added regularly and can cancel. Look only at the version number which just now is 21469. Some days ago it was 21467. It will never go down. daily.cld updated (*version: 21469*, sigs: 83891, f-level: 63

Re: [clamav-users] Curious clamd behavior

The blank line ends the header section. In a simple message it would typically follow the Subject: line. dp On 3/24/16 6:44 AM, Dave McMurtrie wrote: On Thu, 2016-03-24 at 11:05 +, Dave McMurtrie wrote: Hi, I created a local pdb database so I can catch phishing attempts when URLs in an e

Re: [clamav-users] Locky Dridex plan

There are not and have never been guarantees that any particular Linux distribution would always have the newest version of a particular package. You need to be prepared to deal with Linux issues personally. Some vendors have stopped supporting the version of PHP that is standard in Centos 6, fo

Re: [clamav-users] Latest samba source contains Win.Trojan.Qhost-106?

This appears to be both a legitimate test file (wintest.py) and a useful signature. Clamav has a built-in solution for resolving these conflicts. You create a *.fp file that contains the checksum of the specific file and it will be ignored after the next reload. sigtool --md5 wintest.py >samba

Re: [clamav-users] update

ClamAV doesn't have a gui. dp On 4/7/16 11:21 AM, Rick wrote: ClamAV On 04/07/2016 02:12 PM, Al Varnell wrote: No, I mean is it ClamWin or ClamXav or something else? You will need to ask the GUI developer about their product. -Al- On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote: version 4.4

Re: [clamav-users] update

There are some trouble shooting tips at that link that may be helpful. dp On 4/7/16 11:44 AM, Al Varnell wrote: It’s possible you will run into another such user here, but Cisco/ClamAV isn’t responsible for ClamTk, so you’ll probably get an answer faster by contacting Dave M at the link I gav

Re: [clamav-users] Freshclam vs the new Main

On 4/8/16 6:35 AM, Dan C wrote: On Mar 16, 2016, at 11:24 PM, Joel Esler (jesler) wrote: ClamAV Signature Interface maintenance is now complete! New Main.cvd! [snip] This new main is 109Mb in size, and contains 4 million signatures I’ve got a flakey connection to the ‘net right now, so Freshcl

Re: [clamav-users] Remove clamav-unofficial-sigs

I don't see why this is important. The means of fetching signatures from any vendor is automated and requires no thought. There are probably some very good reasons why 3rd party authors might wish to own the distribution as an adjunct to other professional services, for example. They also work t

Re: [clamav-users] yum-installing ClamAV in Amazon Linux

Use clamconf to see what features were compiled in. This will show any reference to pcre: clamconf | grep -i pcre Running ldd against clamd may possibly show the pcrelib. ldd /sbin/clamd (your clamd may be located elsewhere) dp On 5/13/16 6:52 PM, Mich Rodz wrote: When we install ClamAV in

Re: [clamav-users] Clam & safe browsing question/problem

On 5/22/16 11:03 PM, Al Varnell wrote: Perhaps this has something to do with it? -Al- We will know if v4 works when google.com is listed as an unsafe link. OT and all that. Move on - nothing to see here. dp __

Re: [clamav-users] Clam & safe browsing question/problem

On 5/22/16 11:24 PM, Al Varnell wrote: On Sun, May 22, 2016 at 11:11 PM, Dennis Peterson wrote: On 5/22/16 11:03 PM, Al Varnell wrote: Perhaps this has something to do with it? <https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html> We will know if v4 works when goog

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Everything about ClamAV is open source and free. Including the signatures. There is nothing stopping any of us from filling the gaps in signatures. dp On 5/23/16 9:45 AM, Groach wrote: On 23/05/2016 14:44, C.D. Cochrane wrote: Hi Michael, I made a similar inquiry last week (Signature update

Re: [clamav-users] clamav not in debian ?

The Debian packagers have not caught up with the ClamAV version. Same is true for folks running Centos6 - it is still back-leveled on that repo. This is not an important problem - I actually don't expect to see the current version become available for Centos6 and don't care because it takes just

Re: [clamav-users] clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response

Forgot to respond to this earlier - this can happen if an update begins before a previous update finishes. And this can happen if you have multiple scripts fetching signatures from multiple vendors. Some scripts have a built in random delay that attempts to prevent every user from updating on th

Re: [clamav-users] clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response

In addition to what has been discussed, the selfcheck that clamd does can overlap a freshclam or other signature process and produce the same warning. This is particularly true for signature installers or admins that don't do atomic file operations. That is to say, if you scp/sftp/mv/copy files

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Are these true viruses or otherwise harmful (and if so how is that known) or does the list include messages that are unwanted junk mail? If junk mail, which is subjective, there will always be differences between vendor signatures because nobody agrees about what is and is not junk mail. dp O

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Probably worth pointing out that the black hats have an excellent tool at their disposal to test their day zero viruses and that would be Virus Total which happens to use ClamAV among others. It's not a fair fight when we give them the means to defeat us. dp On 5/28/16 7:46 PM, Joel Esler (j

Re: [clamav-users] clamav users break dkim signed mails

Mail list servers and dkim are generally poorly compatible. I'm not aware of a way to send a signed message to a list then have the list resend it to all members while preserving the dkim signature. There's been no shortage of debate on the topic. Both yahoo and smtp are in a death spiral anyway

Re: [clamav-users] Issue with ClamAV on Red Hat Enterprise Linux

If you completely installed ClamAV from RPM packages one would have installed sample copies of freshclam.conf and clamd.conf. Those files need to be edited after they're installed. Information for doing so can be found in the documentation at clamav.net. Specifically, freshclam.conf has the fo

Re: [clamav-users] clamav users break dkim signed mails

That is an unacceptable hack (removes functionality) for an unacceptable hack (DKIM). dp On 5/29/16 11:07 PM, Andreas Schulze wrote: Dennis Peterson: I'm not aware of a way to send a signed message to a list then have the list resend it to all members while preserving the dkim sign

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On 5/30/16 10:04 AM, C.D. Cochrane wrote: Password protection requires a little bit of typing, which gives the victim a little more time to think, and possibly just enough time to do the right thing. Virus writers just want dumb users who click, click, click as fast as possible, until it's too

Re: [clamav-users] ClamAV in production environment

I've run it successfully in several of Seattle's large ecommerce data centers for over 10 years. Because of the nearly infinite configurability it outperformed commercial systems and became a much better fit in RHEL Linux and Oracle Linux systems, and Sun/Oracle Solaris than the less flexible co

Re: [clamav-users] How to unsubscribe - was: Supported Operating Systems

On 6/10/16 9:54 AM, Joe Frattura wrote: Hey Sorry to attack here but how do I remove myself from this email group. regards Everything you need to know is in the raw headers of every list message. dp ___ Help us build a comprehensive ClamAV guide: h

Re: [clamav-users] clamscan not obeying the --exclude-dir directives

Modify the command to allow better logging. Replace -i with -v then view the log to see what is and is not excluded. It is assumed that your command is one long line of text or several lines where the linefeed is escaped with a "\". It should not be necessary to use exclude-dir and exclude fo

Re: [clamav-users] Connection Refused error

Try a simple test of the clamd connection with: echo "PING" | nc localhost 3310 It should return "PONG". If it does your problem is not related to clamd. dp On 7/25/16 7:44 AM, Ravi Maddi wrote: Hi Al, I am new to clamav. I am able to install it on RHEL AWS environment and enabled it to run

Re: [clamav-users] ClamWin finds malware, ClamAV doesn't.

ClamAV is both an email/attachment scanner and a file system scanner. It is pointless to set the email scanner to scan files larger than your MTA is configured to accept. Secondarily, the interface between the MTA and ClamAV frequently has a max filesize parameter, too. This is to prevent DOS'in

Re: [clamav-users] Connection Refused error

e response. We are looking into firewall settings. Appreciate your swift response. Best regards, Ravi On Mon, Jul 25, 2016 at 12:39 PM, Dennis Peterson wrote: Try a simple test of the clamd connection with: echo "PING" | nc localhost 3310 It should return "PONG". If it does

Re: [clamav-users] Connection Refused error

server scan file(s)? We can enable ports if needed within the organization. Thanks for your help! Ravi On Tue, Jul 26, 2016 at 12:11 PM, Dennis Peterson wrote: Your previous post showed your clamd instance is bound to the loopback interface and as such other systems cannot connect. But even

Re: [clamav-users] Clamd is looking into the wrong database directory

Where are your clamd.conf and freshclam.conf files located? Those packages expect them to be in /etc. Also try: locate clamd.conf and locate freshclam.conf just to be sure you don't have them scattered around your system. dp On 7/27/16 12:22 PM, Support Safe-Mail.nl wrote: I have a server (

Re: [clamav-users] Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)

On 8/7/16 11:00 AM, Chris wrote: I understand what you're saying now. I do have a /clamav folder under /run however the owner is root and it probably should be clamav. I'll work on this and see if I can get it all straightened out. Thanks to all who replied and offered help Chris Because the

Re: [clamav-users] Understanding OLE2BlockMacros

ClamAV has no part in tagging, forwarding, or deleting. It simply tells the calling process what the result of the scan was. It is left to the calling process to deal with it per local policy. dp On 8/24/16 12:37 PM, Alex wrote: Hi, It appears that using OLE2BlockMacros causes attachments w

Re: [clamav-users] Understanding OLE2BlockMacros

In the source code for clamd this is found: if(optget(opts, "ScanOLE2")->enabled) { logg("OLE2 support enabled.\n"); options |= CL_SCAN_OLE2; if(optget(opts, "OLE2BlockMacros")->enabled) { logg("OLE2: Blocking all VBA macros.\n"); options |= CL_

Re: [clamav-users] Understanding OLE2BlockMacros

On 8/25/16 1:10 PM, Bowie Bailey wrote: On 8/25/2016 3:10 PM, Steve Basford wrote: Try this: 1) Enable OLE2BlockMacros and restart clamd 2) Use clamdscan to test your sample message and note the results 3) Disable OLE2BlockMacros and restart clamd 4) Use clamdscan to test your sample message aga

Re: [clamav-users] (no subject)

Is the file currently being written to by another process? dp On 9/3/16 2:07 AM, Gérard Lemarié wrote: Hello, When I run a clamscan on my computer, clamav returns to me an lot of similar error messages : LibClamaV Warning: fmap_readpage : preadfail : asked for 4085 bytes@offset11, got 0

Re: [clamav-users] How to get each file status when scan a ditrtectory using clamdscan

You have access to the source code. Make it do what you want that it does not already do. dp On 10/3/16 10:05 AM, crazy thinker wrote: Hi, when i scanned a dirtectory using clamdscan, i could get only error and virus file infected files status in output.but i would like to see each file sta

Re: [clamav-users] Encrypted Word doc/phishing attack

On 10/5/16 11:37 AM, Alex wrote: Can you explain how you configured systemd to start two instances of the same clamd binary using different config files? Thanks, Alex # clamd --help Clam AntiVirus Daemon 0.99.2 By The ClamAV Team: http://www.clamav.net/about.h

Re: [clamav-users] Running 'freshclam' between crontab timers

It won't hurt anything to run freshclam manually. dp On 10/14/16 5:23 AM, Tennis Smith wrote: Hi, My "FRESHCLAM_MOD" value is set to 180 (per the example in the docs). If, for some reason, 'freshclam' is run during that 180 minutes, what happens? Will it break anything? That isn't clear in th

Re: [clamav-users] ClamAV RPM vs source code installation

There's more than one package. Not everyone needs every part of clamav and some distros partition it. run yum info clamav dp On 11/15/16 7:31 AM, Fouts, Christopher wrote: How come the Centos RPM (v0.99.2) does not install everything that the compiled source code does? For example, I don’t s

Re: [clamav-users] ClamAV RPM vs source code installation

Hmm - just noticed my asterisk is missing. Should be: yum info clamav* to see all the clamav packages on what ever repos are configured dp ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/c

Re: [clamav-users] clamscan (NOT clamdscan) log file setup in *.conf file?

The clamscan tool is a stand-along utility that runs without clamd being installed and and isn't aware of and doesn't use or need any of the clamd or clamdscan configurations. It does read the freshclam.conf file to learn where the signatures are stored. The command line accepts a rich assortmen

Re: [clamav-users] CRDF databases and clamav

Will the ClamAV team handle CRDF FP's and other issues? dp On 11/20/16 11:10 AM, Joel Esler (jesler) wrote: There is at least one or two more we are working on right now to incorporate to make everyone's lives easier, increase detection, give credit to the correct signature developer, false p

Re: [clamav-users] TTL of DNS recode

The TTL for the TXT record at current.cvd.clamav.net is 1800 seconds. You can retrieve with curl or wget older versions of the signature by specifying the full file name, for example daily-22590.cdiff dp On 11/23/16 8:03 PM, Al Varnell wrote: On Nov 23, 2016, at 7:10 PM, Tsutomu Oyamada wrote

Re: [clamav-users] TTL of DNS recode

lly limited to once an hour, a ttl of 30 minutes should be OK for most. I can see where it might be a factor for those that find a need to check at the maximum limit of four times per hour using a country coded freshclam.conf. -Al- On Wed, Nov 23, 2016 at 08:08 PM, Dennis Peterson wrote: The TT

Re: [clamav-users] TTL of DNS recode

: nslookup -type=txt -debug current.cvd.clamav.net 208.201.249.238 The IP is one of the round robin addresses when doing a lookup on cvd.clamav.net. Example: dig ns cvd.clamav.net On 11/23/16 9:00 PM, Dennis Peterson wrote: You are seeing the time remaining in the cached lookup on your system

Re: [clamav-users] TTL of DNS recode

Read your freshclam.log file and see if there is any useful information in their to help solve your problem. dp On 11/24/16 1:11 AM, Tsutomu Oyamada wrote: Hi, Al. Thank you for your reply. I tested in the following environments. ClamAV .net | (Mirroring once every day) My local up

Re: [clamav-users] Question about Virus DB

A good AV server protects the environment, not a particular platform. This is something you can easily alter because you ultimately decide what signatures to install. ClamAV gives you all the tools you need to filter official and unofficial signatures to target any platform of interest you have.

Re: [clamav-users] Central management server?

You could probably configure CFEngine or Puppet to help do that. I did that years ago and it worked fine. dp On 12/14/16 7:27 AM, robert k Wild wrote: Hi all, Can I install a clamav server and point all my clamav end users ie Mac Linux windows to the server to get update definitions and can I

Re: [clamav-users] clamd/clamdscan and IPv6

Thanks for closing the event here. It doesn't happen enough. dp On 12/14/16 2:54 PM, Steven Morgan wrote: Thanks, there was a little coding error. Following the connect() failure on the local socket, the code was not checking if the TCPAddr option is enabled. Steve On Wed, Dec 14, 2016 at 3:1

<    1   2   3   4   5   6   7   8   9   10   >