Re: [clamav-users] since nearly a week unable to update signatures using freshclam ...

On 08.06.2021 14:57, Richard via clamav-users wrote: Date: Tuesday, June 08, 2021 08:00:16 +0200 From: "Walter H. I'm using an old CentOS 6, not migrated to something newer On 06.06.2021 20:04, Walter H. via clamav-users wrote: # freshclam ClamAV update process started at Sun Ju

Re: [clamav-users] since nearly a week unable to update signatures using freshclam ...

I'm using an old CentOS 6, not migrated to something newer On 06.06.2021 20:04, Walter H. via clamav-users wrote: # freshclam ClamAV update process started at Sun Jun  6 19:58:06 2021 Connecting via proxy main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: s

Re: [clamav-users] since nearly a week unable to update signatures using freshclam ...

On 07.06.2021 08:49, G.W. Haywood via clamav-users wrote: Hi there, On Sun, 6 Jun 2021, Walter H. via clamav-users wrote: # freshclam ClamAV update process started at Sun Jun  6 19:58:06 2021 ... WARNING: getfile: Unknown response from db.local.clamav.net: HTTP/1.1 403 ... please help

Re: [clamav-users] since nearly a week unable to update signatures using freshclam ...

On 07.06.2021 08:49, G.W. Haywood via clamav-users wrote: Hi there, On Sun, 6 Jun 2021, Walter H. via clamav-users wrote: # freshclam ClamAV update process started at Sun Jun  6 19:58:06 2021 ... WARNING: getfile: Unknown response from db.local.clamav.net: HTTP/1.1 403 ... please help

[clamav-users] since nearly a week unable to update signatures using freshclam ...

# freshclam ClamAV update process started at Sun Jun  6 19:58:06 2021 Connecting via proxy main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) Connecting via proxy WARNING: getfile: Unknown response from db.local.clamav.net: HTTP/1.1 403 WARNING: getpatch: Can't dow

Re: [clamav-users] Fwd: Win.Trojan.Virut-375 FOUND in libcef.dll

what sense does it have to send an email with suspicious attachments of more than 40 MBytes to a mailing list? here are pieces of the E-mail header ... X-Hold-in-Queue: Suspicious 'application/x-7z-compressed'-File=libcef.dll.7z X-Hold-in-Queue: Suspicious 'application/x-7z-compressed'-File=lib

Re: [clamav-users] ClamAV vs WannaCry

On 11.09.2020 13:08, Wirth Ervin via clamav-users wrote: Dear ClamAV Users, I was looking after "Does ClamAV catch WannaCry malware?" on Google, but I haven't found any significant answer about this. Could you answer? Thank you, Ervin Wirth ClamAV might detect signatures of WannaCry malwar

[clamav-users] I've just uploaded 6 false positives for 'Heuristics.Phishing.Email.SpoofedDomain'

Hello, these are all true Mails that came from Paypal.at and were stored in an extra folder of mail filtering box; Thanks in advance Greeting, Walter ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/l

Re: [clamav-users] Malformed database issue

On 15.07.2018 23:05, Jay Hart wrote: Hello and good afternoon, Yessterday on a Centos 6.10 server I ran the software updater application which indicated 134 packages needed to be updated, one of which was Clamav. can you remove clamav (yum remove clamav ...) and reboot, after this reinstall it

Re: [clamav-users] Freshclam IPv6 error messages on IPv4-only systems

On 04.07.2018 15:00, Matt Vander Werf wrote: This has been mentioned at various points in several threads over the past week or two (sometimes off-hand), but just wanted to somewhat consolidate them here and also add my +1 to getting this bug addressed in ClamAV soon! Per [1]: > This is a ip

Re: [clamav-users] OT: DMARC

in case this mailing list uses DKIM and sets it correctly, there is a problem with the DKIMs already found in the mail, when reaching the maillist server ... these get invalid just, when adding something to the mail at bottom or whereever; better think of a way which doesn't break S/MIME or PG

Re: [clamav-users] OT: DMARC

On Wed, June 27, 2018 20:04, Dianne Skoll wrote: > Hi, > > Not unexpectedly, this list is breaking DMARC and DKIM. Any chance of > mitigating this? > > 0.1 DKIM query returned fail (body has been altered) (d=cisco.com) > > Quarantined due to DMARC policy DMARC_POLICY_QUARANTINE for domain > cisco

Re: [clamav-users] Problems on your side (Server infrastructure)

gt; about an hour and a half ago? > > -Al- > > On Tue, Jun 19, 2018 at 02:56 AM, Walter H. wrote: >> Hello, >> >> since a few days I get several messages like these >> >> Jun 18 14:40:46 vhost01 postfix/cleanup[21415]: 1A40240FB1: discard: >>

[clamav-users] Problems on your side (Server infrastructure)

Hello, since a few days I get several messages like these Jun 18 14:40:46 vhost01 postfix/cleanup[21415]: 1A40240FB1: discard: header Authentication-Results: mail01.ipv6help.de; spf=fail smtp.mailfrom=clamav-virusdb-boun...@lists.clamav.net from local; from= to=<...>: 5.7.1 Mail is SPAM. SPF fail

[clamav-users] Problems on your side (Server infrastructure)

Hello, since a few days I get several messages like these Jun 18 14:40:46 vhost01 postfix/cleanup[21415]: 1A40240FB1: discard: header Authentication-Results: mail01.ipv6help.de; spf=fail smtp.mailfrom=clamav-virusdb-boun...@lists.clamav.net from local; from= to=<...>: 5.7.1 Mail is SPAM. SPF fail

Re: [clamav-users] clamsubmit error

On 06.05.2018 07:28, Arnaud Jacques wrote: Le 06/05/2018 à 00:27, Joel Esler (jesler) a écrit : Are you using a current version of clamsubmit? Yes. Using Debian : clamsubmit -v ClamAV 0.100.0/24544/Sun May 6 06:28:26 2018 Using CentOS 6 clamsubmit -v ClamAV 0.99.4/24541/Sat May 5 06:2

Re: [clamav-users] clamsubmit error

On 05.05.2018 07:38, Arnaud Jacques wrote: Hello, Wanted to send some files to ClamAV using clamsubmit, got this error : invalid cfduid and/or session id values provided by clamav.net/presigned. Unable to continue submission. Seems to be an error on ClamAV side... Is there something wrong ?

Re: [clamav-users] clamsubmit error

On 05.05.2018 20:55, Arnaud Jacques wrote: Hello Joel, for I in `ls -l /tmp/files/malicious` do clamsubmit $I; done ls -l ? Are you sure ? :) no just this for I in /tmp/files/malicious/*; do clamsubmit -N 'Me' -e me@domain -n $I; done smime.p7s Description: S/MIME Cryptographic Signat

[clamav-users] Fwd: [lxwaldivm-005] Virus detected in E-mail <-- False positive

see attached file/mail ... Walter Received: by lxwaldivm-005.waldi.home.arpa (Postfix, from userid 0) id E99D5B30; Tue, 5 Dec 2017 03:10:04 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 lxwaldivm-005.waldi.home.arpa E99D5B30 Authentication-Results: lxwaldivm-005.waldi.home.arpa/E99D5B

Re: [clamav-users] issues with mirror - 194.186.47.19

On Sat, June 17, 2017 18:23, Paul Kosinski wrote: > Why do you reject *all* email from ".edu". Doesn't that cut you off > from lots of useful technological info? (I don't think I *ever* see > spam from ".edu".) you are a lucky boy; whenever I get an email from ".edu" it is spam ...

Re: [clamav-users] Main CVD and Main Cdiff have been published

On 08.06.2017 04:43, Al Varnell wrote: main.cvd is 117,892,267 bytes main-58.cdiff is 8,808,462 bytes On Wed, Jun 07, 2017 at 04:55 PM, Dennis Peterson wrote: http://db.us.clamav.net/main-58.cdiff -Al- should this be correct? -rw-r--r--. 1 clam clam

Re: [clamav-users] Main CVD and Main Cdiff have been published

On 08.06.2017 00:20, Joel Esler (jesler) wrote: As promised, we were able to ship a new Main.cvd and the cdiff for the main.cvd a few minutes ago. It should have hit the mirrors in the past few minutes. As always, this will increase the amount of traffic on the mirrors from people downloading

[clamav-users] db.at.clamav.net

Hello, please remove 81.223.20.171, as this host doesn't respond ... Thanks, Walter ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:

[clamav-users] error message in freshclam's cron job ...

What does this ERROR: During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied mean? Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature ___ clamav-users mailing list clamav-users

[clamav-users] Mistake in publishing signatures

Hello, I don't think, that whenever new signatures are published, that there are always the same number of ignored signatures (Ignored Sigs: 33) Greetings, Walter smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensiv

[clamav-users] is this correct?

smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

[clamav-users] Error in signature updates

Hello, I don't think, that it is correct, that all signature update mails look like this #21954 ... #21968 and maybe more if that is not fixed ... ClamAV Signature Publishing Notice Datefile: daily Version:21954 Publisher: Alain Zidouemba New Sigs: 0 Dropped Sigs:

Re: [clamav-users] Add virus databases and signatures from third-party vendors

On 29.02.2016 10:46, Groach wrote: On 29/02/2016 10:14, Al Varnell wrote: On Sun, Feb 28, 2016 at 05:26 AM, Theodore Alcapotaxis wrote: It's industry practice that a third-party vendor, e.g. Symantec, discovers a new virus, it has to share it with other vendors such as Eset, Kapersky, McAfee

Re: [clamav-users] Add virus databases and signatures from third-party vendors

On 28.02.2016 14:26, Theodore Alcapotaxis wrote: I can’t imagine why the competition would ever be willing to share their signature databases with>anybody. It's industry practice that a third-party vendor, e.g. Symantec, discovers a new virus, it has to share it with other vendors such as Es

Re: [clamav-users] Add virus databases and signatures from third-party vendors

On 28.02.2016 08:58, Al Varnell wrote: Why would a user invest in a commercial A-V software package if they could get the same scanning protection for free? Anti-Virus solutions not only differ in signature databases ... In addition, those Companies use proprietary formats for their databases

[clamav-users] Virus DB Mails failed.

the last few mails result in the following on my Mailserver ... SMTP error: 550 5.6.0 improper use of 8-bit data in message body smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensive ClamAV guide: https://github.com

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 14:03, Steve Basford wrote: On Sun, February 7, 2016 9:08 am, Walter H. wrote: On 04.02.2016 00:55, G wrote: /\ invalid e-mail address No idea where the above header comes from, other that a "person" called "G" A new request with request id 136 has b

Re: [clamav-users] New request created with ID: ##136## from Steve basford

On 07.02.2016 11:44, Al Varnell wrote: And it’s not my system, I meant the ClamAV system itself or any other system involved in generating any kind of signatures usable by ClamAV... smime.p7s Description: S/MIME Cryptographic Signature ___ Help us

Re: [clamav-users] New request created with ID: ##136## from Steve basford

nother message ..., we are talking about Feb 4th and not Jan 18th ... as I don't know your system: what generates mails with such subjects "New request created with ID: " and what should such mail say to me? On Sun, Feb 07, 2016 at 01:08 AM, Walter H. wrote: On 04.02

Re: [clamav-users] New request created with ID: ##136## from Steve basford

: sanesecurity.com Blog: sanesecurity.blogspot.com On 18 January 2016 04:46:07 "Walter H." wrote: > Hello, > > I want an explanation, why not adding? > (as this would bring ClamAV into a total wrong view: "A Antivirus detecting > only wanted Threats and not any&

Re: [clamav-users] Virus-Datebase-Updates?

On Mon, January 18, 2016 09:38, Dennis Peterson wrote: > To expect an individual vendor to be as effective as the pool is idiocy. fail, because one system relies only on one vendor > If it were possible the pool would be unnecessary. fail, because this should only be a opinion of 3rd party and not

Re: [clamav-users] Virus-Datebase-Updates?

Hello, On Mon, January 18, 2016 07:11, Al Varnell wrote: > We’ll have to wait for the ClamAV signature team to come to work in the AM > to get an official answer, but I’m curious on how you know that all of > these submissions to VirusTotal represent proven threats? In my > experience, many files

[clamav-users] Virus-Datebase-Updates?

Hello, I want an explanation, why not adding? (as this would bring ClamAV into a total wrong view: "A Antivirus detecting only wanted Threats and not any") "ClamAV database updated (17 Jan 2016 19-07 -0500): daily.cvd Version: 21274 Submission-ID: 5023165 Sender: Virus Total Sender: John Golde

Re: [clamav-users] CentOS 7 EPEL Packages

On 15.01.2016 23:16, Peter Bonivart wrote: Not sure if it was appropriate to do, but I put a bug report into RedHat's bugzilla for EPEL as well: https://bugzilla.redhat.com/show_bug.cgi?id=1299072 I think it's the right thing to do. If I remember correctly it worked out of the box for CentOS 6 a

Re: [clamav-users] CentOS 7 EPEL Packages

that sounds quite surprising to me; as I did this with the EPEL repository but with CentOS 6 and had no problems; On 15.01.2016 21:32, John Zimmerman wrote: The clamav packages for CentOS 7 in the EPEL repository don't seem to produce a working config after installation. Anyone have any tips/w

[clamav-users] SquidClamAV and generic rules ...

Hello, not only the downloaded content is checked, also the uploaded content, as this makes it impossible uploading a file to VirusTotal, when e.g. the following inside a .cdb is active Sanesecurity.Foxhole.Zip_doc_js:CL_TYPE_ZIP:*:[. -_]([Dd][Oo][Cc])(([. _]){1,})([Jj][Ss])$:*:*:*:*:*:* (F

Re: [clamav-users] ClamAV not detecting viruses

On 03.01.2016 19:11, Andrew Wood wrote: On 01/01/16 17:56, Joel Esler (jesler) wrote: We receive millions of samples a day. Bringing the shas or md5 of the file to the list helps us look at what you guys are seeing. -- Joel Esler Manager, Talos Group Sent from my iPhone https://www.viru

Re: [clamav-users] several malware samples, clamav doesn't detect

On 25.12.2015 20:48, G.W. Haywood wrote: Hi there, On Fri, 25 Dec 2015, Walter H. wrote: ... I get these regularily ... ClamAV can't be relied upon to make up for the shortcomings of your mail system. this doesn't say anybody, as I'm new to ClamAV - as I installed it o

Re: [clamav-users] several malware samples, clamav doesn't detect

a harmful script which might be started automatically ... -Al- On Fri, Dec 25, 2015 at 12:12 AM, Walter H. wrote: Just submitted two new samples, as I received them today; SHA1(28.zip)= d0f18efb2d92c0528fab3736b134d5ad13d23be3 SHA1(29.zip)= b399b5c9e6e4567740825ac85754191a7648dfaa On

Re: [clamav-users] several malware samples, clamav doesn't detect

ent-Transfer-Encoding: base64 Content-Disposition: attachment; filename=scan-00845094.zip #content#removed# --b1_65c1451b368193580c19c5cf984dd73f-- Sent from Janet's iPad -Al- On Dec 24, 2015, at 4:03 PM, "Walter H." wrote: these were my submissions for fil

Re: [clamav-users] several malware samples, clamav doesn't detect

and I also would do it this way to you; please tell me to which email address ... I noticed that the interface, that is mentioned in the "welcome newsletter list"-mail doesn't exist (404 error) and with http://www.clamav.net/reports/malware I've got difficulties to use; or woul

Re: [clamav-users] several malware samples, clamav doesn't detect

te malware submission mechanisms. I tried the link that I gave previously and it is working for me. Steve On Wed, Dec 23, 2015 at 3:41 PM, Walter H. wrote: Hello, As I'm very new to this antivirus, which I installed just last week on my proxy server (a CentOS VM with SSL-Interception Squid); I re

Re: [clamav-users] several malware samples, clamav doesn't detect

your malware samples here (website was changed recently): http://www.clamav.net/reports/malware. Thanks, Steve On Wed, Dec 23, 2015 at 3:01 PM, Walter H. wrote: Hello, I've got several malware samples - received via E-mail - that ClamAV doesn't detect where could I email them - uploadi

[clamav-users] several malware samples, clamav doesn't detect

27;ve got difficulties to use; or would there just be an FTP where to upload them easily? Walter H. smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml