Re: [clamav-users] Announcing Fangfrisch release 1.9.0

* Scott Kitterman via clamav-users: > Debian 10 still has LTS security support, but that's it. I don't find > it surprising that it's too old. I am certainly not surprised, in case you were wondering. What does surprise me is that some people hold on to old software stacks for a long time, even

Re: [clamav-users] Announcing Fangfrisch release 1.9.0

* Damian via clamav-users: >> requirements.txt: >> requests >= 2.22.0 >> SQLAlchemy >= 1.4.0 > > Are those requirements sharp? I wonder if Fangfrisch could run on > older Debian systems with Debian-shipped python packages. Fangfrisch is available as a Debian package [1], but that does not change

[clamav-users] Announcing Fangfrisch release 1.9.0

Fangfrisch release 1.9.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: - The logic for on_update* has been largely rewritten. As a user-visible side effect, detailed debugging information about on_update_* tasks is now available. - For

Re: [clamav-users] Announcing Fangfrisch release 1.8.0

* energynorman: > is sqlite needed? No, SQLite is simply the most convenient option for many users. Fangfrisch stores only small amounts of data, and DB access is not performance critical. You are however free to use any database dialect supported by SQLAlchemy. According to [1], this includes

[clamav-users] Announcing Fangfrisch release 1.8.0

Fangfrisch release 1.8.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: - Sanesecurity (https://sanesecurity.com) provider default configuration overhaul. Switch to a less congested mirror site, add/remove several signature URLs. - Modernise

[clamav-users] Announcing Fangfrisch release 1.7.0

Fangfrisch release 1.7.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. Support user-defined connection timeouts. 2. Cover Python versions 3.7 to 3.12 during CI test phase. -Ralph ___ Manage your

[clamav-users] Announcing Fangfrisch release 1.6.0

Fangfrisch release 1.6.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. Fix an issue where long-running operations, e.g. slow virus definition file downloads, could exhaust SQLAlchemy's database connection pool. 2. Cover Python versions 3.7 to 3.11

Re: [clamav-users] Virus not detected

* Jorge Bastos: > It's just the link :P That matters little. Some mailing list subscriber might give in to temptation and download the virus file while not in a properly isolated environment, and trigger the payload due to incompetence or bad luck. > How would you be able to test then? ;) As

Re: [clamav-users] Virus not detected

* Jorge Bastos: > I have a virus file that came on an email, and clamav doesn't detect > [...] > Here's the file. Seriously? Do *NOT* send virus files to a public mailing list. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Announcing Fangfrisch release 1.5.0

* Ralph Seichter via clamav-users: > When running external commands, automx2 now catches all types of > exceptions [...] I of course mean Fangfrisch, not automx2. That's what I get for releasing two of my applications in short succession. ;-)

[clamav-users] Announcing Fangfrisch release 1.5.0

Fangfrisch release 1.5.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. CI tests now cover Python version 3.9 as well as 3.7 and 3.8. 2. When running external commands, automx2 now catches all types of exceptions, not only those in the subprocess

Re: [clamav-users] Running ClamAV for production workloads

* Karthik Iyer via clamav-users: > I plan to run clamav on docker instances in a kubernetes cluster. > > What would be the process of updating the pods in the cluster ? Not meaning to sound hostile, but I think it needs to be said: You appear to lack programming experience and use this mailing

Re: [clamav-users] Clam AV Cost and support for enterprise

* Karthik Iyer via clamav-users: > I keep getting this error when i try to use SendAndScanFileAsync > > "C:\KJ\Work\GEP Demos\CloudMersive Virus Scan > Demo\CloudMersiveDemo\bin\Debug\netcoreapp3.1\CloudMersiveDemo.exe > (process 22096) exited with code 0. What error are you referring to? By

[clamav-users] Announcing Fangfrisch release 1.4.0

Fangfrisch release 1.4.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. Allow the use of "url_xyz = disabled" in addition to empty values to disable URLs. 2. Remove "url_doppelstern*" and "url_crdfam_clamav" from Sanesecurity's provider section because

[clamav-users] Announcing Fangfrisch feature release 1.3.0

Fangfrisch release 1.3.0 is now available via https://pypi.org/project/fangfrisch/ Changes in this release: 1. The ScamNailer service (http://www.scamnailer.info) is no longer maintained by its authors, and the related URL in the Sanesecurity provider section is now disabled in the internal

Re: [clamav-users] Clam AV Central Management Serve

* Sudhir Kumar Maharjan: > Mainly we want Centralised deployment of the software and policies > with dashboards and real-time/historical reporting. This is not really a ClamAV-specific issue. There are various tools for infrastructure automation; see for example SaltStack, Ansible or Puppet.

Re: [clamav-users] milter

* David Beecher via clamav-users: > I am trying to set up a filter for watching for a specific keyword in > a subject line so I can tag it as spam and reject it. Milter-regex would work nicely, but you need neither a milter not ClamAV for this simple task. Sendmail can perform header checks[1],

[clamav-users] Announcing Fangfrisch feature release 1.2.0

Release 1.2.0 is now available via https://pypi.org/project/fangfrisch/ Previously, logging was limited to console output (stdout/stderr). This release adds optional syslog support, which can be enabled in the configuration file as follows: log_method = syslog log_target = /dev/log

Re: [clamav-users] Scanning emails

* Matus UHLAR: > I disagree, setting up clamav-milter is much easier than settingup > amavis. Then we'll have to agree to disagree in this matter. > I use clamav-milter and spamass-milter on my machine. So, I have both > spam and virus scanning. Didn't have big need to replace them by > amavis

Re: [clamav-users] Scanning emails

* Matus UHLAR: > clamav-milter can plug clamav to sendmail or postfix and clamd can > scan attachments directly, amavis is not really needed. Setting up Amavis with an MTA is no more complicated that setting up clamav-milter. However, as you know, Amavis allows adding additional virus scanner or

Re: [clamav-users] Scanning emails

* Bev Clues via clamav-users: > Can you tell me if clamd / clamdscan will scan email attachments as > well as the email file. Clamdscan will scan whatever you pass as an argument. However, with email it is common practice to have additional software like Amavis (https://gitlab.com/amavis/amavis)

Re: [clamav-users] freshclam errors

* Dieter Raith via clamav-users: > I will migrade to a more powerfull Cloud server with 8 GB ram and also > provide some cache. I sent a question to my provider (Hetzner), if the > can do it easily. Since you wrote you currently have 2 GB RAM, I am guessing that you are using a Hetzner CX11

Re: [clamav-users] PrivateMirror set on client machine. Disable cld downloads

* vin: > The wget option is definitely an interesting work around. Could build > a script. You could, but you don't need to. Allow me to mention "Fangfrisch" as a possible solution. While written to handle unofficial signature files, Fangfrisch is completely content-agnostic, meaning it will

[clamav-users] Announcing Fangfrisch feature release 1.1.0

Release 1.1.0 is now available via https://pypi.org/project/fangfrisch/ This is a feature relase, focused on cleaning up local files if the configuration changes over time. IMPORTANT: If you are upgrading from a previous release, you need to either delete all existing database tables or

[clamav-users] Gentoo Linux installation package for Fangfrisch is now available

It took a while for my submission to be processed, but the Gentoo Linux installation package is finally available: https://packages.gentoo.org/packages/app-antivirus/fangfrisch -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] ClamAV using high CPU and battery

* Douglas Stinnette: > I have been getting reports of ClamAV using high CPU during full scans. High CPU and I/O load while to scanning full file system? You find that surprising how, exactly, in a virus scanner? :-) -Ralph ___ clamav-users mailing

[clamav-users] Announcing Fangfrisch minor release 1.0.1

Release 1.0.1 is now available via https://pypi.org/project/fangfrisch/ There are no functional changes, only the following config defaults were modified: - Add two disabled data sources which are only available with a paid subscription to SecuriteInfo default configuration. Suggested

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

* Amish via clamav-users: > Did that already few hours back! Great minds... ;-) > I would suggest that your code detect the first run and automatically > run initdb if db_url is sqlite database and file does not exist (but > directory exist) I had thought about this before, but decided against

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

* Amish via clamav-users: > I wanted default config file such that package runs out of box. I understand. > That said, I have not disabled support for both, anyone can edit conf > file as per their requirement. You are right. Perhaps adding the two additional sections with explicit

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

* Amish via clamav-users: > Created AUR package for Arch Linux. (uses systemd timer instead of cron) Nice, thank you. May I ask why you did not enable support for both Malwarepatrol and SecuriteInfo in your packaged configuration? I have opened a pull request for Gentoo Linux today, providing

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

* Amish V.: > Is it a drop-in replacement (more or less) for clamav-unofficial-sigs? Indeed. I set out to write a replacement, one that is more secure and convenient to configure than clamav-unofficial-sigs, and that is also how I use Fangfrisch on production servers. -Ralph

[clamav-users] Announcing Fangfrisch release 1.0.0

Hello list members, since I first mentioned "Fangfrisch" here, I have added some quality- of-life functionality and further enhanced the documentation [1]. No issues were reported during testing, and I am happy to announce that Fangfrisch release 1.0.0 is now available at PyPI [2] and ready for

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

* Rxx Mxx via clamav-users: > That is a perl library pcre isnt it? I don't understand your question -- if it was actually intended for me, that is. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

* Reio Remma via clamav-users: > That's the trouble with RHEL/CentOS - they stick with the major > software versions they initially come with for the lifetime of > their distribution version. If there are no official Python 3.7 packages for these distributions, maybe community packages are

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

I just remembered that I use a feature of the subprocess module that was introduced with Python 3.7. So yes, version 3.7 is a hard requirement. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

* Reio Remma via clamav-users: > RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded > from running the script. I don't actually know if Python 3.6 would work, not having any machine with this old version available. Python version 3.7 was released in June 2018, and version 3.8

[clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

After the recent discussion of various security risks posed by the clamav-unofficial-sigs script, I have written "Fangfrisch" as a secure and convenient replacement. It was meant for personal use at first, but it works so well for me that I have taken the time to write a full documentation, in the

Re: [clamav-users] clamav-unofficial-sigs download script updated

* James Brown via clamav-users: > Have you put your concerns into the issue tracker on GitHub? The script is provided for free, and I am torn between being grateful to the author for that and telling him that his script is, in my personal opinion, flawed and badly implemented. I don't state

Re: [clamav-users] Why does clamscan take so long searching?

* Grscripts via clamav-users: > unluckly clamdscan does not honor --config-file= Since clamdscan leaves scanning to the server (which is properly configured), I have never tried to use "clamdscan --config-file=...", but according to the man-page, the option should be supported. -Ralph

Re: [clamav-users] Why does clamscan take so long searching?

* Rick Graham via clamav-users: > Perhaps a useful feature would be an extra verbose option ("-vv") that > would print more clamscan status, like loading signatures. That would not save you from using 'clamscan' when you should be using 'clamdscan'. ;-) -Ralph

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

* Micah Snyder via clamav-users: > [ClamAV] would immediately begin listening on the unix/tcp socket for > requests and fork into the background so as not to block the boot > process. To me, slowing down the boot process is just the (admittedly annoying) symptom of an underlying ClamAV issue.

Re: [clamav-users] Freshclam slows down boot on MX Linux (Debian)

* J. R. via clamav-users: > You could add a simple bash sleep statement to the appropriate > init.d/cron file. On systems using dependency based init systems like "init" or "OpenRC", services are usually started sequentially. I expect adding a sleep statement would actually slow things down even

Re: [clamav-users] Freshclam slows down boot on MX Linux (Debian)

* Paul B. via clamav-users: > I've been finding for some time now that I have a 10-15 second delay > before my machine settles down after a boot. Welcome to the club. Launching ClamAV has become so slow that I need to take steps to ensure that more important services like sshd are started before

Re: [clamav-users] Installing question

* MOHAMED OMAR MAKRAM via clamav-users: > I have a virus on my server and I have no idea where to begin to get > rid of it. I have four sites, all are personal sites and all are > drupal. If you are really certain that there is a virus on your server, my recommendation is to re-install that

Re: [clamav-users] Mailman web UI for ClamAV currently inaccessible

> https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users returns > "403 Forbidden". I should probably mention that the above URL is sent to subscribers in the 'Welcome to the "clamav-users" mailing list' message. It does not match the link in the ML footer. -Ralph

[clamav-users] Mailman web UI for ClamAV currently inaccessible

https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users returns "403 Forbidden". Could somebody please investigate? Thanks. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] ClamAV? blog: ClamAV 0.99.4 has been released!

G.W. Haywood wrote: > https://lists.gt.net/apache/dev/435169#435169 Are you keeping score? :-) If so: That's info from 2014 and therefore missing the SpamAssassin mailing list ban starting 2016. Come to think of it, this technically counts as two bans because of creeping back in using a

Re: [clamav-users] VIRUS ({HEX}EICAR.TEST.10.UNOFFICIAL) in mail FROM [198.148.79.53]

On 03.10.17 16:40, Anssi Johansson wrote: > if your virus scanner detected EICAR from my message, I dare to say > that it is broken. Check the headers in my message again, I was quoting a report generated for one of Nymblewyke's messages, not for yours. I know customer setups which will

Re: [clamav-users] VIRUS ({HEX}EICAR.TEST.10.UNOFFICIAL) in mail FROM [198.148.79.53]

> A virus was found: {HEX}EICAR.TEST.10.UNOFFICIAL > > First upstream SMTP client IP address: [198.148.79.53]:24855 lists.clamav.net > Received from: 198.148.79.53 < 127.0.0.1 < 204.29.186.62 < 172.26.252.15 < > 10.76.1.211 < 149.32.192.35 > > Return-Path:

Re: [clamav-users] ClamAV not picking up Eicar file...

On 30.08.17 19:01, Colin Rogers wrote: > Please let me know what I can provide to get to the bottom of this. Three messages of yours have been weeded out here. Please don't send virus samples to public mailing lists. -Ralph ___ clamav-users mailing

Re: [Clamav-users] OSX Boonana Trojan

On 30.10.10 09:36, Al Varnell wrote: Any idea what the holdup is? As a side note to your valid question: From what I've read, this Trojan requires quite a bit of user assistance. That is why I consider SecureMac's critical rating exaggerated and an effort to promote the company's products.

Re: [Clamav-users] ClamAV installation is OUTDATED!

Dennis Peterson wrote: I wonder if anyone ever reads the admonishments about top-posting and pruning messages. Or the FAQ. Or the manual. I really wish people would do their homework before posting to this mailing list. -R ___ Help us build a

[Clamav-users] Samba on-access scanning with ClamAV / samba-vscan still recommended? / Alternatives?

/ Sincerely Dipl. Inform. Ralph Seichter ___ http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Getting ClamAV to transparently scan all outgoing port 25 connections?

maintain. -- Mit freundlichen Grüßen / Yours sincerely Dipl. Inform. Ralph Seichter HORUS-IT Ahornweg 10 D-57635 Oberirsen Tel +49 2686 987880 Fax +49 2686 987889 http://horus-it.de/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Irina MORON/GTMH est absent(e).

Dan Egli wrote: Come again? In ENGLISH? It was yet another useless out of office message (in French, for a change). -- Mit freundlichen Grüßen / Yours sincerely Dipl. Inform. Ralph Seichter HORUS-IT Ahornweg 10 D-57635 Oberirsen Tel +49 2686 987880 Fax +49 2686 987889 http://horus-it.de

Re: [Clamav-users] Getting count of known viruses

Marin Alexey wrote: I can not find any reference how to get count of known viruses with any executable of clamav distribution. You can use sigtool -l | wc -l from a command shell. -- Mit freundlichen Gren / Yours sincerely Dipl. Inform. Ralph Seichter HORUS-IT Ahornweg 10 D-57635 Oberirsen Tel

Re: [Clamav-users] Updating on SuSE?

system clock As the error message suggests: make sure your system clock is set correctly. SuSE comes with pre-built a xntp package, it is worth installing. -- Mit freundlichen Grüßen / Yours sincerely Dipl. Inform. Ralph Seichter HORUS-IT Ahornweg 10 D-57635 Oberirsen Tel +49 2686 987880 Fax +49

Re: [Clamav-users] Updating on SuSE?

freundlichen Grüßen / Yours sincerely Dipl. Inform. Ralph Seichter HORUS-IT Ahornweg 10 D-57635 Oberirsen Tel +49 2686 987880 Fax +49 2686 987889 http://horus-it.de/ --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest