Re: [clamav-users] clamav-users Digest, Vol 219, Issue 5

2023-02-13 Thread Lyle Giese via clamav-users 

I am running a new Debian 11 box here.  When I run

apt search clamav

It shows 0.103.7 which is newer than 0.103.2

clamav/stable 0.103.7+dfsg-0+deb11u1 amd64
 anti-virus utility for Unix - command-line interface

clamav-base/stable 0.103.7+dfsg-0+deb11u1 all
 anti-virus utility for Unix - base package

clamav-daemon/stable 0.103.7+dfsg-0+deb11u1 amd64
 anti-virus utility for Unix - scanner daemon

For this system, I choose not to run the Debian packages of Clamav for 
other reasons. So I am running 1.0.0 on that box as I installed it via 
source downloaded from Clam.


You have options.

I will admit that compiling from source is not for everyone.

Lyle Giese

On 2/11/23 07:36, Mike Lieberman wrote:

It was suggested that:

"If FreshClam is failing and you're not sure why, you may run freshclam
-v for "Verbose Mode" to see the HTTP request & response details
(ClamAV 0.102+)."

And that:

"[If] running a version of FreshClam/ClamAV lower than 0.103.2? If so,
you should immediately upgrade to at least 0.103.2."

But am exclusively a Debian Linux site. There is no version beyond 1.0
for Linux. While I installed the code via aptitude, a Debian package
installer, I did check to see if there was a later version on
https://www.clamav.net/downloads  for Linux. There is not. 1.03 is a
Windows version.___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamscan exclude-dir on Windows

2023-01-28 Thread Lyle Giese via clamav-users 

I would try the 'short' names of these directories.

dir /X c:\

And yes the /X is case sensitive.  /X displays the short names.

Lyle Giese


On 1/28/23 08:58, clamav.mbou...@spamgourmet.com wrote:

If it's expecting a regex, perhaps try:
  --exclude-dir="/mnt/c/Program Files \(x86\)/"
without the quotes, that would probably be:
  --exclude-dir=/mnt/c/Program\ Files\ \\(x86\\)/

Depending on the flavour of regex used, the parentheses may indicate 
grouping in the regex, so may need to be escaped with a backslash to 
match literal parentheses.  In the second example, the backslashes 
forming part of the regex need to be escaped themselves to avoid being 
interpreted specially by the shell.


I'm not on Windows so can't try those to see if they do work - it was 
just a thought that might (or might not) help.


Mark.


Richard Rosner via clamav-users wrote:

Hey Marc,
that doesn't seem to be always the solution. In fact, I just 
installed clamscan in a Debian based WSL (1) instance, same problem. 
Only difference: exclusion of Program Files seems to work, but not of 
Program FIles (x86). I tried both --exclude-dir=/mnt/c/Program\ 
Files\ \(x86\)/ and --exclude-dir="/mnt/c/Program Files (x86)/". 
Didn't help.


Richard

Am Sa., 28. Jan. 2023 um 13:04 Uhr schrieb newcomer01 via 
clamav-users >:


    Hello Richard,

    maybe it is now time to switch to Linux? 
    Here we have lot of options to exculde and include paths for
    scanning (with regex support too) 
    Sorry, i have no experience with clamav on Win as reason that I
    switched long time ago to Ubuntu LTS
    But filesize problems while scan we have on Linux too.

    Hope that someone other user can support you with the Win Version of
    clamav.

    kind regards,
    Marc


    Von / From: Clamav User Mailinglist
    >
    An / To: Newcomer01 >
    CC / CC: Richard Rosner >
    Gesendet / Sent: Samstag, Januar 28, 2023 um 12:49 (at 12:49 PM) 
+0100

    Betreff / Subject: [clamav-users] clamscan exclude-dir on Windows
 > Hi,
 > I'm trying to make a full scan of my PC with clamscan.exe on
    Win10. Unfortunately, my C Volume is too big and my PC too slow to
    finish the scan in a day. So of course when I start it the next day,
    I want to exclude larger directories that already have been scanned.
    That works great with some directories, but I just can't figure out
    a way to exclude C:\Program Files\ and C:\Program Files (x86)\ from
    the scan. And I did try many variations. "C:\\Program Files
    (x86)\\", "C:\\Program Files*\\", %ProgramFiles(x86)%\\,
    C:\\"Program Files (x86)"\\ or "C:\\Program^ Files^ ^(x86^)\\" but
    nothing works. Sadly, Googling for that also doesn't bring up
    anything helpful.
 >
 > Can anybody make any suggestions? And could such tips be included
    to the documentation or somewhere else?
 >
 > Best Greeting
 > Richard
 >
 > ___
 >
 > Manage your clamav-users mailing list subscription / unsubscribe:
 > https://lists.clamav.net/mailman/listinfo/clamav-users
 >
 >
 > Help us build a comprehensive ClamAV guide:
 > https://github.com/Cisco-Talos/clamav-documentation
 >
 > https://docs.clamav.net/#mailing-lists-and-chat

    ___

    Manage your clamav-users mailing list subscription / unsubscribe:
    https://lists.clamav.net/mailman/listinfo/clamav-users


    Help us build a comprehensive ClamAV guide:
    https://github.com/Cisco-Talos/clamav-documentation

    https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] CDV file?

2022-12-14 Thread Lyle Giese via clamav-users 
If it's an old version of CLAMAV, you could be locked out of 
downloading.  The only authorized method of downloading the CVD files is 
through the use of freshclam.  If you have a windows machine 
that can get the downloads, then you can try to move those files over to 
the NAS or setup the windows machine has a host locallly for downloading 
these files from it.  The docs are your friend.


It's also been mentioned here lots of times that older NAS's may not be 
able to run the latest clamav and the needed CVD files due to lack of 
ram in the NAS and/or the manufacturer has abandoned updates to the 
firmware in your NAS.


Lyle Giese

On 12/14/22 20:38, Armando P via clamav-users wrote:
I'm sorry, I'm not Knowledgeable enough to know what that means. I 
just need to know where I can find the latest cvd file, so I can 
update the anti-virus software. Unfortunately, unlike the one 
installed in windows, it doesn't update automatic.


Armando P

On Wed, Dec 14, 2022, 21:04 newcomer01 via clamav-users 
 wrote:


.cvd files are the libraries which comes with starting freshclam
update service directly from clamav.net  cdn.



Von / From: Clamav User Mailinglist

An / To: Newcomer01 
CC / CC: Armando P 
Gesendet / Sent: Donnerstag, Dezember 15, 2022 um 02:18 (at 02:18
AM) +0100
Betreff / Subject: [clamav-users] CDV file?


I have a NAS that uses Clamav as it’s antivirus software. I
wanted to make sure that it is updated. It says it needs a *.cvd
files, but I cannot find that. I have downloaded the zip file for
windows 64 at clamav.net , but nothing with
that extension is located there. Please help. Thank you.

Sent from Mail 
for Windows


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamav milter + sendmail, sendmail not reporting reject

2022-02-08 Thread Lyle Giese via clamav-users 
I just reread my message.  Reject is good behavior. Bouncing is not.  At 
least in my opinion.  Replace reject below with bounce and you have my 
correct opinion.


Sorry,

Lyle

On 2/8/22 9:49 AM, Lyle Giese via clamav-users wrote:
But the reject may NOT be going to the server/service that sent the 
virus.


You received a bad email from hackedu...@example.com from server 
mail.badisp.ru


However the mx record for example.com is mail.example.com, not the 
sending server or ISP.


Now you have annoyed somebody that had nothing to do with the bad 
email sent.  This is quite common with any bad email.


Lyle Giese

On 2/8/22 3:50 AM, Marc wrote:
So please explain, why should I not do this, and why I should care 
about

a server that is delivering a spam message to mine?

You might not care about the server that sent a virus to you, but you
should care about the *apparent* sender, which has probably nothing to
do with this; so you should not bounce.

That is the problem of the server that is contacting mine. They 
should not be relaying such crap to me anyway.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav milter + sendmail, sendmail not reporting reject

2022-02-08 Thread Lyle Giese via clamav-users 

But the reject may NOT be going to the server/service that sent the virus.

You received a bad email from hackedu...@example.com from server 
mail.badisp.ru


However the mx record for example.com is mail.example.com, not the 
sending server or ISP.


Now you have annoyed somebody that had nothing to do with the bad email 
sent.  This is quite common with any bad email.


Lyle Giese

On 2/8/22 3:50 AM, Marc wrote:

So please explain, why should I not do this, and why I should care about

a server that is delivering a spam message to mine?

You might not care about the server that sent a virus to you, but you
should care about the *apparent* sender, which has probably nothing to
do with this; so you should not bounce.


That is the problem of the server that is contacting mine. They should not be 
relaying such crap to me anyway.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] IP List for Virus Definition Domain

2021-09-15 Thread Lyle Giese via clamav-users 
FYI, I queried from two distinct locations and got the same IP address.  
I then did a traceroute from each of those locations and it took 
different but short routes into CloudFlare's network.  I presume they 
use anycast routing.(and I could be wrong).


Lyle Giese

LCR Computer Services, Inc.

On 9/15/21 12:17 PM, G.W. Haywood via clamav-users wrote:

Hi there,

On Wed, 15 Sep 2021, James Freeman wrote:

Is there a list of IPs that the ClamAV domain used to download virus 
definition resolves to?


Here's the (very short) list that it resolves to from my location:

$ dig +short database.clamav.net
database.clamav.net.cdn.cloudflare.net.
104.16.218.84
104.16.219.84

It's a content delivery network - do the same query where you are and
you'll probably get different answers.  But you won't get a complete
list unless you qeury from locations all over the planet.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml