Re: [clamav-users] ClamAV Info

2019-05-22 Thread Joel Esler (jesler) via clamav-users
It can. –move will do it. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com From: clamav-users on behalf of Christopher Do - IQ-C via clamav-users Reply-To: ClamAV users ML Date: Wednesday, May 22, 2019 at 10:52 AM To: ClamAV users

Re: [clamav-users] 403 on clamav-virusdb webpage

2019-05-19 Thread Joel Esler (jesler) via clamav-users
Nope. Just going to the wrong server. https://lists.clamav.net is where everything is at. From: clamav-users on behalf of Al Varnell via clamav-users Sent: Thursday, May 16, 2019 8:35 PM To: ClamAV users ML Cc: Al Varnell Subject: Re: [clamav-users] 403 on

Re: [clamav-users] 403 on clamav-virusdb webpage

2019-05-17 Thread Joel Esler (jesler) via clamav-users
The wrong link. Head to https://lists.clamav.net Sent from my  iPhone > On May 16, 2019, at 19:53, Arnaud Jacques wrote: > > Hello, > > This link generates 403 error code : > https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb > > What's wrong ? > > -- > Cordialement / Best

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Joel Esler (jesler) via clamav-users
Run clamscan against the file? Or if you want to see what is published each release, you should subscribe to the clamav-virusdb list. Sent from my  iPad > On May 5, 2019, at 19:40, Sunhux G via clamav-users > wrote: > > Hi > > How can I check if a a specific malware (by providing a

Re: [clamav-users] Update Failure

2019-04-23 Thread Joel Esler (jesler) via clamav-users
We should probably remove that "official-mirror-faq" link from freshclam. There are no "mirrors" anymore. :) -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com On Apr 22, 2019, at 5:43 PM, Michael Newman via clamav-users

Re: [clamav-users] reg clamav un-Authenticated Command Exception Vulnerablity

2019-04-22 Thread Joel Esler (jesler) via clamav-users
What CVE are you referring to? > On Apr 18, 2019, at 2:18 PM, Manasa Rupireddy via clamav-users > wrote: > > Hi All, > > I have installed latest version of ClamAV which is 0.101.2 version,but i was > still facing the clamav un-Authenticated Command Exception Vulnerablity. > > Could anyone

Re: [clamav-users] Scan very slow

2019-04-07 Thread Joel Esler (jesler) via clamav-users
Let us take a look at separating them. Sent from my  iPhone > On Apr 7, 2019, at 14:03, Steve Basford > wrote: > >> On 7 April 2019 17:25:56 Arnaud Jacques wrote: >> >> >> ... and one day I created a *huge* ign2 file and it crashed clamd. Ign2 >> files may not be appropriate to ignore

Re: [clamav-users] Clamav for educational institutions ?

2019-04-05 Thread Joel Esler (jesler) via clamav-users
Debian does a pretty good job as a clamav distributor. > > Scott K > >> On April 6, 2019 12:21:05 AM UTC, "Joel Esler (jesler)" >> wrote: >> Correct. Which is why we recommend people compile from source for full >> functionality. >> >> Se

Re: [clamav-users] Clamav for educational institutions ?

2019-04-05 Thread Joel Esler (jesler) via clamav-users
t; >> EDIT - There is the GPLv2 contained in the COPYING file. I just >> realized each of those files gives the licence for each part of >> ClamAV. Probably the most notable is the unrar licence, which if I >> recall RHEL/CentOS disables due to licence conflicts? >>

Re: [clamav-users] Clamav for educational institutions ?

2019-04-05 Thread Joel Esler (jesler) via clamav-users
That’s the content on the website. ClamAV, the software, is governed by the GPLv2 and other associates licenses as indicated by the LICENSE file contained therein. Sent from my  iPhone > On Apr 5, 2019, at 17:18, J.R. via clamav-users > wrote: > > At the bottom of the page on the

Re: [clamav-users] Clamav for educational institutions ?

2019-04-05 Thread Joel Esler (jesler) via clamav-users
It’s free for everyone regardless. Sent from my  iPhone > On Apr 5, 2019, at 17:11, Timi koli via clamav-users > wrote: > > Hi Guys, > > Does anyone knows if the usage of the clamav for linux is free for > educational institutions or does it have to be a paid one. > > I tried to find it

Re: [clamav-users] Scan very slow

2019-04-05 Thread Joel Esler (jesler) via clamav-users
> On Apr 5, 2019, at 09:13, Mark Allan via clamav-users > wrote: > > Also CC'ing Micah directly as the mailing list would appear to be offline (at > least lists.clamav.net isn't responding to http requests anyway May want to try https. smime.p7s Description: S/MIME cryptographic signature

Re: [clamav-users] Updating multiple servers

2019-04-04 Thread Joel Esler (jesler) via clamav-users
You can run a local mirror. That might be a good alternative. Sent from my  iPhone > On Apr 4, 2019, at 21:03, Tim Hawkins wrote: > > We have a large number of services running inside kubernetes that need to > have access to clamav, given the sheer number, i dont want to have to run >

Re: [clamav-users] ClamAV 0.101.2 announcement?

2019-03-29 Thread Joel Esler (jesler) via clamav-users
This was my fault. Thanks JR. > On Mar 27, 2019, at 10:17 AM, J.R. via clamav-users > wrote: > > I saw 0.101.2 was released yesterday (3/26/2019) but I can't find an > announcement anywhere? > > Anything noteworthy on this release? > > ___ > >

[clamav-users] ClamAV® blog: ClamAV 0.101.2 and 0.100.3 patches have been released!

2019-03-29 Thread Joel Esler (jesler) via clamav-users
> > https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html > > > ClamAV 0.101.2 and 0.100.3 patches have been released! > > ClamAV 0.101.2 > > ClamAV 0.101.2 is a patch release to address a handful

Re: [clamav-users] Are signatures for Windows only?

2019-03-25 Thread Joel Esler (jesler) via clamav-users
ts for > many reasons, not least its extensibility! > > Graeme > > ________ > From: clamav-users on behalf of Joel > Esler (jesler) via clamav-users > Sent: 25 March 2019 19:36 > To: ClamAV users ML > Cc: Joel Esler (jesler); G.W. Haywood > Subject: Re: [clamav-users] Are signatu

Re: [clamav-users] Are signatures for Windows only?

2019-03-25 Thread Joel Esler (jesler) via clamav-users
Actually, from what we understand, ClamAV is mostly used to scan email. Sent from my  iPhone > On Mar 25, 2019, at 12:22, G.W. Haywood via clamav-users > wrote: > > Although we share files with Windows platforms we really > only use ClamAV to scan mail. I guess we're as untypical of a

Re: [clamav-users] Are signatures for Windows only?

2019-03-25 Thread Joel Esler (jesler) via clamav-users
Our signatures cover all platforms. Sorry, can’t type on watch. :) Sent from my  iPad > On Mar 25, 2019, at 08:20, Joel Esler (jesler) via clamav-users > wrote: > > Our signature is cover all platforms. > > Sent from my Apple Watch > >> On Mar 25, 2019, at 0

Re: [clamav-users] Are signatures for Windows only?

2019-03-25 Thread Joel Esler (jesler) via clamav-users
Our signature is cover all platforms. Sent from my Apple Watch On Mar 25, 2019, at 08:13, J.R. via clamav-users wrote: > I keep thinking about this from time to time, but keep forgetting to > post before I get sidetracked doing something else... > > Are the ClamAV default signature files

Re: [clamav-users] Slow reload

2019-03-20 Thread Joel Esler (jesler) via clamav-users
All these times, I would imagine, would be based on the amount of CPU and RAM, even disk read speed, available to the machine loading. So these times are relative. Sent from my  iPhone > On Mar 20, 2019, at 07:48, Steve Basford > wrote: > >> On 2019-03-19 14:35, Bowie Bailey wrote: >>

Re: [clamav-users] Database updated over unencrypted connection?

2019-03-17 Thread Joel Esler (jesler) via clamav-users
As Micah said, when we roll out the new version of freshclam that supports https, this will be a done deal. Technically, https on the cdn is available now. Freshclam just doesn’t know how to use it. We want people to freshclam. As the way it functions does so in a way that reduces load on

Re: [clamav-users] Mailman web UI for ClamAV currently inaccessible

2019-03-16 Thread Joel Esler (jesler) via clamav-users
Thank you. Sent from my  iPhone On Mar 14, 2019, at 11:40, Ralph Seichter via clamav-users wrote: >> https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users returns >> "403 Forbidden". > > I should probably mention that the above URL is sent to subscribers in > the 'Welcome to the

[clamav-users] Freshclam / mirror updates

2019-02-28 Thread Joel Esler (jesler) via clamav-users
Yesterday we made some updates to our CDN that distributes our CVD / CLD / CDIFF files. These changes should result in a faster and more reliable download of these files. Please let me know if you see any issues positive or negative! Thanks! -- Joel Esler Manager, Communities Division Cisco

Re: [clamav-users] Testing

2019-02-26 Thread Joel Esler (jesler) via clamav-users
This should be corrected now. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com > On Feb 20, 2019, at 5:19 PM, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2019-02-20 23:14: >> Testing! > > DKIM

Re: [clamav-users] Eingangsbestätigung IT-Service

2019-02-20 Thread Joel Esler (jesler) via clamav-users
Removed from list. Sent from my  iPhone > On Feb 20, 2019, at 18:12, IT-Service Theatergemeinde Köln > wrote: > > Vielen Dank für Ihre Nachricht. Sie ist bei uns ordnungsgemäß eingegegangen > und wird so schnell wie möglich bearbeitet. > > Mit freundlichen Grüßen > > Ihr IT-Service der

Re: [clamav-users] Testing

2019-02-20 Thread Joel Esler (jesler) via clamav-users
We are working on this currently. Sent from my  iPhone > On Feb 20, 2019, at 18:05, Benny Pedersen via clamav-users > wrote: > > Scott Kitterman skrev den 2019-02-20 23:34: > >> I'm not sure why anyone expects anything different. > > you are not on maillist with original senders get dmarc

Re: [clamav-users] Testing

2019-02-20 Thread Joel Esler (jesler)
May take time for DNS to get out. Sent from my  iPhone > On Feb 20, 2019, at 17:20, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2019-02-20 23:14: >> Testing! > > DKIM and DMARC still fails > > no news there :( >

[clamav-users] Testing

2019-02-20 Thread Joel Esler (jesler)
Testing! Sent from my  iPhone smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:

Re: [clamav-users] Do you see clamav's exact detection rate and error detection rate?

2019-02-15 Thread Joel Esler (jesler)
I think that Shadowservers statistics are drastically wrong and haven’t changed in about 5 years. That’s number one. Sent from my  iPhone > On Feb 15, 2019, at 04:26, 조정환 wrote: > > Hello everyone ~ > > I looked around the other site bulletin board for .clamav, and I had a > question, so

[clamav-users] ClamAV® blog: Bugzilla Maintenance tomorrow Feb 12th

2019-02-11 Thread Joel Esler (jesler)
> https://blog.clamav.net/2019/02/bugzilla-maintenance-tomorrow-feb-12th.html > Notice to all ClamAV users, our bugzilla instance at bugzilla.clamav.net will be experiencing some downtime tomorrow at 9am EST,

[clamav-users] Qnap

2019-01-30 Thread Joel Esler (jesler)
I’ve suddenly started receive a lot of emails from Qnap users saying they can’t update ClamAV anymore. Anyone have a Qnap system that is technically inclined that can help me troubleshoot? Sent from my  iPhone ___ clamav-users mailing list

Re: [clamav-users] False Positives - Heuristics.Phishing.Email.SpoofedDomain

2019-01-08 Thread Joel Esler (jesler)
Check out http://www.clamav.net/documents/miscellaneous-faq > On Jan 8, 2019, at 2:43 PM, Ken Campney wrote: > > Emails from credit card companies I deal with have since 12/10/18 been > getting flagged by

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

2019-01-08 Thread Joel Esler (jesler)
Solaris is definitely not one of the OSs in our build farm. Just FYI. > On Jan 8, 2019, at 1:05 AM, Gary R. Schmidt wrote: > > On 08/01/2019 05:33, Joel Esler (jesler) wrote: >>> >>> https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html >&g

[clamav-users] ClamAV® blog: ClamAV 0.101.1 Patch has been released

2019-01-07 Thread Joel Esler (jesler)
> > https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html > > > ClamAV 0.101.1 Patch has been released > > ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 > specifically

Re: [clamav-users] ClamAV Scan results

2019-01-04 Thread Joel Esler (jesler)
Likely not. I would bet that there are some poorly written yara sigs in your environment. Sent from my  iPhone > On Jan 4, 2019, at 07:28, Kaushal Shriyan wrote: > > Hi, > > I have the below details > > [root@ clamav]# clamscan --version > ClamAV 0.100.2/25267/Fri Jan 4 06:17:25 2019

Re: [clamav-users] My second server is under 100.2

2018-12-29 Thread Joel Esler (jesler)
You mean: https://blog.clamav.net/2018/12/libclamav-missing-headers-issue.html ? -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com > On Dec 29, 2018, at 4:19 PM,

Re: [clamav-users] One question 

2018-12-29 Thread Joel Esler (jesler)
I’m sorry. I don’t understand the question. Sent from my  iPhone > On Dec 29, 2018, at 03:54, Dorian ROSSE wrote: > > Hello, > > > Do an e-mail server without machine learning script hasn't right to your last > clamav production 0.101.0 instead 0.100.2? > > Thank you in advance to

Re: [clamav-users] Freshclam update HTTP Error 403 Forbidden

2018-12-21 Thread Joel Esler (jesler)
Yours is a separate issue that I have to look into. I have to pull the logs and see why you are being blocked. Sent from my  iPhone > On Dec 21, 2018, at 14:22, Claudiu Albu wrote: > > Micah, Al and all, > > > Thanks a lot again for your prompt reply and willingness to assist. > > I

Re: [clamav-users] Freshclam update HTTP Error 403 Forbidden

2018-12-21 Thread Joel Esler (jesler)
Please see other other email. Sent from my  iPhone > On Dec 21, 2018, at 06:11, Claudiu Albu wrote: > > Hello all, > > > Been browsing through similar previous occurrences but found nothing > conclusive to our particular scenario. > > We’ve installed ClamAV on a Centos7 server

Re: [clamav-users] Freshclam update HTTP Error 403 Forbidden

2018-12-21 Thread Joel Esler (jesler)
Please see other email. Sent from my  iPhone > On Dec 21, 2018, at 06:15, Claudiu Albu wrote: > > Hello all, > > > Been browsing through similar previous occurrences but found nothing > conclusive to our particular scenario. > > We’ve installed ClamAV on a Centos7 server somewhere in

Re: [clamav-users] Freshclam update HTTP Error 403 Forbidden

2018-12-21 Thread Joel Esler (jesler)
What IP are you coming from? What version ClamAV are you using? Sent from my  iPhone > On Dec 21, 2018, at 06:27, Claudiu Albu wrote: > > Hello all, > > > Been browsing through similar previous occurrences but found nothing > conclusive to our particular scenario. > > We’ve installed

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

2018-12-20 Thread Joel Esler (jesler)
Right. We only publish at certain times a day. I think a check once an hour is probably fine. Sent from my  iPhone > On Dec 20, 2018, at 09:55, Paul Kosinski wrote: > > Only DNS TXT queries are done 3-5 times per hour. Freshclam itself is > only run whenever that reports that there is

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

2018-12-20 Thread Joel Esler (jesler)
Inline > On Dec 19, 2018, at 4:08 PM, J.R. wrote: > > Joel - In regards to the comment on pointing everyone to Cloudflare... > I'm guessing that statement means you are using a mix of the > Cloudflare CDN and the original volunteer mirrors still? No. Cloudflare is currently handling

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

2018-12-17 Thread Joel Esler (jesler)
> On Dec 17, 2018, at 3:01 PM, Dennis Peterson wrote: > > On 12/17/18 11:57 AM, Joel Esler (jesler) wrote: >> Inline: >> >>> On Dec 15, 2018, at 6:23 PM, Paul Kosinski >> <mailto:clamav-us...@iment.com>> wrote: >>> >>> I don'

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

2018-12-17 Thread Joel Esler (jesler)
Inline: > On Dec 15, 2018, at 6:23 PM, Paul Kosinski wrote: > > I don't know if flushing the daily.cvd cache would be adequate, since > there are probably some downstream caches that wouldn't follow suit. Actually I had someone correct me after I wrote this email, we already have been doing

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

2018-12-15 Thread Joel Esler (jesler)
When Sourcefire acquired ClamAV "back in the day", we stopped accepting donations, as accounting for them on a corporate revenue side is more of a hassle than it is worth, so we just support it out of pocket. That being said, this thread is long and I wanted to reply to is. What if I flushed

Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

2018-12-14 Thread Joel Esler (jesler)
It’s not a service we can turn off. This is a string match. Sent from my  iPhone > On Dec 13, 2018, at 19:17, Scott Kitterman wrote: > > If they are relying on it, it'd be a service to turn it off until 0.101.1 is > released. > > Scott K > >> On Thursday, December 13, 2018 06:49:08 PM

Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

2018-12-13 Thread Joel Esler (jesler)
ClamAV cannot control when the package distros update their packages. Also, some of the package maintainers, I suspect, rely on updates like that to tell them when they need to go update packages. > On Dec 13, 2018, at 12:28 PM, Scott Kitterman wrote: > > Would it be possible to turn off the

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Joel Esler (jesler)
lain > > On Wed, Dec 12, 2018 at 6:23 AM Joel Esler (jesler) <mailto:jes...@cisco.com>> wrote: > Not sure. Perhaps Alain can chime in. My team also runs the Phishtank > project, so this is about making our different properties work together > through the official signa

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Joel Esler (jesler)
Not sure. Perhaps Alain can chime in. My team also runs the Phishtank project, so this is about making our different properties work together through the official signature set in a supported way. If false positives are reported on the phishtank sigs through ClamAV.net, they are

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-11 Thread Joel Esler (jesler)
Cloudflare's cache timeout is set to 5 seconds. So, I would doubt that Cloudflare's cache is the issue, it may be an ISP thing in the middle doing the caching, which is what Paul is guessing at this point, if I am following the thread correctly. Out of an abundance of caution I did a

Re: [clamav-users] Clamav download

2018-12-10 Thread Joel Esler (jesler)
Correct. > On Dec 10, 2018, at 5:42 AM, Robert Chalmers wrote: > > http://www.clamav.net/downloads > > > > - > Robert Chalmers > https://robert-chalmers.uk > aut...@robert-chalmers.uk >

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-09 Thread Joel Esler (jesler)
As it should be. No one should be downloading the daily and main, (although thousands are), cdiffs were created for a reason. Sent from my  iPhone > On Dec 9, 2018, at 06:58, Eric Tykwinski wrote: > > From back in archives, I think he’s using wget to just pull the files, but > freshclam

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-08 Thread Joel Esler (jesler)
Not sure what you’re saying here. Are you saying that the daily on the cache is out of date? Sent from my  iPhone > On Dec 8, 2018, at 20:30, Eric Tykwinski wrote: > > J.R. > > You are falling into the same trap I followed. The txt record is: > current.cvd.clamav.net.1749INTXT

Re: [clamav-users] "Can't query daily..." entries in log since 0.101.0

2018-12-07 Thread Joel Esler (jesler)
Can you give us the full logs please? Not just that one line. Sent from my  iPhone > On Dec 7, 2018, at 15:49, Brian Fluet wrote: > > Hi All, > > Since installing Win32 portable v0.101.0 I am seeing the following > entry in the fresclam.log at each download: > > Can't query

Re: [clamav-users] freshclam. Service exited with abnormal code: 1

2018-12-04 Thread Joel Esler (jesler)
You'd have to talk to the maintainer for homebrew for ClamAV. To my knowledge, we don't control that. > On Dec 4, 2018, at 10:23 AM, Robert Chalmers wrote: > > @Mica Snyder, > > Is there any chance that this update will make it to the Homebrew repo soon? > It’s not causing me any problems

[clamav-users] ClamAV® blog: ClamAV 0.101.0 has been released!

2018-12-03 Thread Joel Esler (jesler)
> > https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html > > > ClamAV 0.101.0 has been released! > > We are pleased to announce the release of ClamAV 0.101.0! Please take a look > at the below release notes

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-26 Thread Joel Esler (jesler)
0-99/52542292 > < Server: cloudflare >< CF-RAY: 47fd0b8064d9c1b8-IAD >< >{ [data not shown] >* Closing connection 0 >ClamAV-VDB:26 Nov 2018 09-14 > -0500:25155:2160841:63:9817036334370e1482f3fc58c6ed745a:MDvX2VW3tQr3ba4 > >--

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Joel Esler (jesler)
The “be” error was my fault. Plain and simple. I misconfigured a dns entry. Sent from my  iPhone On Nov 23, 2018, at 04:28, Pierre Dehaen wrote: >> On 11/22/18 8:51 PM, Paul Kosinski wrote: >> I wonder how many users of ClamAV actually log their freshclam updates. >> Those who don't

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-20 Thread Joel Esler (jesler)
proxying / caching the ClamAV files -- and doing it badly. If that's the case, I don't know what we can do about it. On Tue, 20 Nov 2018 13:09:54 + "Joel Esler (jesler)" mailto:jes...@cisco.com>> wrote: Any particular reason that you are using a local mirror? I mean, if

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-20 Thread Joel Esler (jesler)
ually examine) their entire freshclam output? > > P.S. I have very recently updated our clamavs to 0.100.2. I wonder if > that will improve things in this regard. > > > > On Thu, 15 Nov 2018 19:40:43 + > "Joel Esler (jesler)" wrote: > >> Judging

[clamav-users] ClamAV® blog: The ClamAV 0.101.0 release candidate is here!

2018-11-19 Thread Joel Esler (jesler)
https://blog.clamav.net/2018/11/the-clamav-01010-release-candidate-is.html The ClamAV 0.101.0 release candidate is here! The ClamAV 0.101.0 release candidate is here! We have also made significant improvements to our User

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-15 Thread Joel Esler (jesler)
Judging by the 60+TB of traffic we are transferring a day, it's working for at least 3M+ users. > On Nov 15, 2018, at 1:34 PM, Dennis Peterson wrote: > > On 11/13/18 12:04 PM, Paul Kosinski wrote: >> "Why are you looking at October reports?" >> >> It was the first one. And it also shows that

Re: [clamav-users] Issue with freshclam in an IBM Cloud Private environment

2018-11-15 Thread Joel Esler (jesler)
What is the public IP? Feel free to answer off list, so I can check the logs. > On Nov 15, 2018, at 11:50 AM, Mark Johnson wrote: > > We are using 0.100.2 release, I’m not sure where the .93 is coming from. The > IP is a private IP address in our ICP environment. >

Re: [clamav-users] Issue with freshclam in an IBM Cloud Private environment

2018-11-15 Thread Joel Esler (jesler)
This says you are running 0.93? Is that correct? What is the IP you are coming from? On Nov 14, 2018, at 5:19 PM, Mark Johnson mailto:mark.johnson...@gmail.com>> wrote: Hey everyone, We are trying to run clamAV in an IBM Cloud Private (ICP) environment. The issue that we are running into

Re: [clamav-users] Problem with BE db

2018-11-12 Thread Joel Esler (jesler)
.be.clamav.net)|104.16.185.138|:80... > connected. > HTTP request sent, awaiting response... 200 OK > > Thank you very much, > Pierre > > On 12 Nov 2018 at 18:12, Joel Esler (jesler) wrote: > > Can you try now? > >> On Nov 12, 2018, at 12:31 PM, Pierre Deh

Re: [clamav-users] Problem with BE db

2018-11-12 Thread Joel Esler (jesler)
t; soon. > > Thanks, > Pierre > > On 12 Nov 2018 at 16:41, Joel Esler (jesler) wrote: > > Okay, so a couple things. > > Wget probably isn't going to work in the manner you expect. Which is why you > got the 530 > response. > > What version of fresh

Re: [clamav-users] Problem with BE db

2018-11-12 Thread Joel Esler (jesler)
Okay, so a couple things. Wget probably isn't going to work in the manner you expect. Which is why you got the 530 response. What version of freshclam are you using? > On Nov 11, 2018, at 11:18 AM, Pierre Dehaen wrote: > > Hi, > > It seems the db.be.clamav.net does not work any more since

Re: [clamav-users] Updates from ClamAV blocked by Cloudflare

2018-11-07 Thread Joel Esler (jesler)
I need more details (feel free to email me directly). Version of ClamAV you are attempting to update. Your IP The RAYId from Cloudflare. We have plenty of blocks in Cloudflare of people that are abusing the system. Hopefully that's not you :) > On Nov 6, 2018, at 9:57 PM, twee...@secmail.pro

Re: [clamav-users] Updates from ClamAV blocked by Cloudflare

2018-11-07 Thread Joel Esler (jesler)
On Nov 6, 2018, at 10:37 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: Look under “Virus Definitions” here . Download daily.cvd and replace daily.cld file with it. Which gets it from Cloudflare :) ___ clamav-users

Re: [clamav-users] Question about sending sample process

2018-11-06 Thread Joel Esler (jesler)
On Nov 6, 2018, at 4:46 AM, Luca Moscato mailto:l...@funambol.com>> wrote: Question 1 - Is this process correct to send samples? Please update the version of clamsubmit you are using. You are several versions behind. ___ clamav-users mailing list

[clamav-users] ClamAV 0.101.0 beta has been posted!

2018-10-30 Thread Joel Esler (jesler)
Welcome to the ClamAV 0.101.0 beta! Important notes about this release: • Changes to the libclamav API: • Those who build applications around our shared library will need to change how they declare and pass scanning options to libclamav. Please take a look at the change to our example

Re: [clamav-users] Latest report on update "delays"

2018-10-24 Thread Joel Esler (jesler)
If you are testing connectivity, please state what version of ClamAV you are using. If you are not using the most up to date, please try that. Sent from my iPhone > On Oct 24, 2018, at 04:00, Michael Da Cova wrote: > > Hi > >> On 24/10/2018 04:09, Dave Warren wrote: >>> On Tue, Oct 23,

Re: [clamav-users] Latest report on update "delays"

2018-10-23 Thread Joel Esler (jesler)
We are aware that fresh clam is part of the issue. We are going to introduce some new code to freshclam (and have in the past two releases, IIRC) to prevent stuff like this happening. More updates to freshclam will come in future versions as well. That being said, it's important to realize

Re: [clamav-users] Latest report on update "delays"

2018-10-20 Thread Joel Esler (jesler)
udflare *should* have (if you can't explicitly upload >>> a file), is a mechanism to tell it that a file is out of date. This >>> mechanism could operate very quickly. Then, what Cloudflare would >>> do is either to stall the HTTP response -- I doubt it would have to >>>

Re: [clamav-users] Latest report on update "delays"

2018-10-20 Thread Joel Esler (jesler)
s a mechanism to tell it that a file is out of date. This >> mechanism could operate very quickly. Then, what Cloudflare would do is >> either to stall the HTTP response -- I doubt it would have to stall for >> long -- or reply with the appropriate HTTP status code warning the >>

Re: [clamav-users] Latest report on update "delays"

2018-10-19 Thread Joel Esler (jesler)
-- or reply with the appropriate HTTP status code warning the > requester that something is amiss. (Codes 503, 504 or 409 might be > applicable.) > > > On Thu, 18 Oct 2018 22:34:03 + > "Joel Esler (jesler)" wrote: > >> Cloudflare will grab the file

Re: [clamav-users] Latest report on update "delays"

2018-10-18 Thread Joel Esler (jesler)
Cloudflare will grab the file from our infrastructure once it's been requested. (Otherwise it wouldn't know it was there, we can't push into Cloudflare.). But we have discussed a few ideas internally that I think will fix this, let us try a couple things and see if it cuts down on this. On

Re: [clamav-users] Latest report on update "delays"

2018-10-18 Thread Joel Esler (jesler)
The DNS announcement is made as the last step in the process. The lag that may be seen is the lag in between when the DNS update is posted, and before the file is pushed out to the Tier 1 CDN servers. It has to be requested at the CDN server before it is cached. On Oct 18, 2018, at 12:07

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Joel Esler (jesler)
After several complaints in this thread and three others that have written me off list, I've gone ahead and made the decision to removed Reindl from the ClamAV-users list. Present conduct on the list is reflective of past behavior that he has been warned about. -- Joel Esler Manager,

Re: [clamav-users] ClamAV Central Management tools

2018-10-16 Thread Joel Esler (jesler)
Not to my knowledge. On Oct 16, 2018, at 12:36 PM, Mike Pmike mailto:pmik...@yahoo.com>> wrote: Hello. We are looking for ClamAV Central Management tools . The main thing is to be able to see an overview of the AV status on the our Ubuntu hosts so if there are any issues for instance

Re: [clamav-users] ClamAV 0.100.2 has been released!

2018-10-04 Thread Joel Esler (jesler)
the style of Mozilla's "significant change" to > Firefox, which has just about destroyed it (IMHO, anyway). > > > On Thu, 4 Oct 2018 07:00:00 + > "Joel Esler (jesler)" wrote: > >> :) >> >> We have some thoughts around 1.0. We want it t

Re: [clamav-users] ClamAV 0.100.2 has been released!

2018-10-04 Thread Joel Esler (jesler)
:) We have some thoughts around 1.0. We want it to be a significant change, not just an incremental improvement. Sent from my iPhone On Oct 3, 2018, at 23:48, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 10/3/18 10:37 AM, Joel Esler (jesler) wrote: https://blog.clamav.net/2

[clamav-users] ClamAV 0.100.2 has been released!

2018-10-03 Thread Joel Esler (jesler)
https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html ClamAV 0.100.2 has been released! ClamAV 0.100.2 is a patch release to address a set of vulnerabilities. * Fixes for the following ClamAV vulnerabilities: *

Re: [clamav-users] updates

2018-09-13 Thread Joel Esler (jesler)
>>> by cron under userid clamav (same as clamd) every so often >>> (currently every 15 mins) to determine if there are any relevant > > -- > > On Wed, 12 Sep 2018 20:59:45 + > "Joel Esler (jesler)" wrote: > >> What is the interval

Re: [clamav-users] updates

2018-09-12 Thread Joel Esler (jesler)
ys) found. > > We keep various recent versions of ClamAV in /opt/clamav.d, both for > testing, and in case we have to backtrack. Thus, /opt/clamav is a > symlink to the current version, as in: > > /opt/clamav -> /opt/clamav.d/clamav.0.100.1 > > > Enjoy! > Paul Kosi

Re: [clamav-users] updates

2018-09-12 Thread Joel Esler (jesler)
Paul, Can you give me some more information on how you do this? How often is the check ran, etc. I am working with cloudflare on the issue now. On Sep 7, 2018, at 2:25 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Here is our recent CVD delay report showing how long the actual

Re: [clamav-users] updates

2018-09-12 Thread Joel Esler (jesler)
We are going to need more information than that Sent from my iPhone > On Sep 12, 2018, at 06:58, Michael Da Cova wrote: > > Hi > > is anyone else getting sync errors > > Michael > > > >> On 07/09/18 10:11, Michael Da Cova wrote: >> Hi >> >> I still get "WARNING: Mirror 104.16.187.138 is

Re: [clamav-users] secure download of .cvd files ?

2018-08-31 Thread Joel Esler (jesler)
Agreed. But it wasn’t something we could support. Now we can. It that it matters, but at least we can now. Sent from my iPhone > On Aug 31, 2018, at 07:16, Al Varnell wrote: > > And the answer is the same as it was then. There is nothing to be gained by > supporting https. There is

Re: [clamav-users] secure download of .cvd files ?

2018-08-31 Thread Joel Esler (jesler)
You should be able to do it it now. However, freshclam doesn’t support ssl. When we get ssl built into freshclam, https redirection would be available. But I couldn’t do it before with the mirrors the way they were. We can now. Sent from my iPhone > On Aug 31, 2018, at 07:07, Arnaud

Re: [clamav-users] ERROR 403: Forbidden

2018-08-29 Thread Joel Esler (jesler)
Try now? On Aug 28, 2018, at 9:31 AM, Jon Roberts mailto:j...@racksrv.net>> wrote: Hi Joel, The seemingly blocked IP is 213.5.176.169 Regards, Jon From: clamav-users mailto:clamav-users-boun...@lists.clamav.net>> on behalf of Joel Esler (jesler

Re: [clamav-users] ERROR 403: Forbidden

2018-08-28 Thread Joel Esler (jesler)
You’re going to have to send me the IP that is getting blocked so I can look into why. Sent from my iPhone On Aug 28, 2018, at 09:03, Maarten Broekman mailto:maarten.broek...@gmail.com>> wrote: Yeah. One thing that might help is getting the full output of the error. Using the following will

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

2018-08-21 Thread Joel Esler (jesler)
On Aug 21, 2018, at 12:32 PM, G.W. Haywood mailto:cla...@jubileegroup.co.uk>> wrote: Hi there, On Tue, 21 Aug 2018, Joel Esler wrote: The amount of people using ClamAV version 0.90 and below is surprising as well. That's not really surprising to me. Most of them probably don't even know

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

2018-08-21 Thread Joel Esler (jesler)
blem in a similar fashion. But I didn't want to fork a fairly > complicated program which mainly does stuff that has nothing to do with > this particular problem. > > > > On Mon, 20 Aug 2018 15:43:14 + > "Joel Esler (jesler)" wrote: > >> Thank you. We h

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

2018-08-20 Thread Joel Esler (jesler)
-15 22:03:01 No delay > 2018-08-16 05:03:02 No delay > 2018-08-16 14:03:02 01:00:01 delay > 2018-08-16 21:18:01 00:14:59 delay > 2018-08-17 06:03:01 No delay > 2018-08-17 13:33:02 00:30:01 delay > 2018-08-17 21:03:02 No delay > > > On Thu, 16 Aug 2018

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

2018-08-16 Thread Joel Esler (jesler)
Paul, how are things looking from your side? -- Joel Esler Sr. Manager Community, Branding, and Open Source Talos Group http://www.talosintelligence.com On Aug 11, 2018, at 6:12 PM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: I actually just made an adjustment today

Re: [clamav-users] ClamAV signature update sync errors have gotten worse

2018-08-11 Thread Joel Esler (jesler)
I actually just made an adjustment today to see if that will resolve the issues. Please keep these coming?! Sent from my iPad > On Aug 11, 2018, at 2:10 PM, Paul Kosinski wrote: > > Here is the latest report for ClamAV virus update mirror delays since > the end of July. DNS TXT vs actual

Re: [clamav-users] Same file, different signatures detected

2018-08-07 Thread Joel Esler (jesler)
Correct. Jar files are essentially zip files. Sent from my iPhone > On Aug 7, 2018, at 07:00, Maarten Broekman wrote: > > JAR files can be unpacked like tarballs so it is likely that there is a > common file in each that matches those hashes. > > Maarten > Sent from a tiny keyboard > >>

Re: [clamav-users] False positive

2018-08-03 Thread Joel Esler (jesler)
What is the md5? On Aug 3, 2018, at 2:36 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: An overnight scan has just pulled out a false positive on a program. Its against Winscp (file transfer program) that is a genuine download and been used for years. It's not the first

Re: [clamav-users] Many reports / false positives since a couple of days

2018-08-01 Thread Joel Esler (jesler)
I am dropping these signatures now. > On Aug 1, 2018, at 9:57 AM, David Rosenstrauch wrote: > > > > On 07/31/2018 04:53 AM, Albrecht, Peter wrote: >> Hello, >> Since Saturday (2018-07-28) we are seeing many reports from clamscan having >> found (possibly) infected files. I suspect these are

  1   2   3   4   5   6   7   >