Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Dennis Peterson
My most effective blocks are tcpwrappers and DNS-based IP blacklists and URI blacklists. Low returns on effort go to pattern matching regular expressions in message bodies. It isn't possible to measure the effectiveness of ipset blocklists when using NNN.0.0.0/8 IP blocks but there are a lot of

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Dennis Peterson
You should probably look at http://uribl.com/ for this problem. ClamAV is targeted toward viruses and malware in email. The uribl process uses DNS just like DNS blacklists, is fairly light weight, and well maintained. dp On 12/5/18 11:33 PM, Sunny Marwah wrote: Hello Team, We are using

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Al Varnell
Frankly, I'm surprised that ClamAV finds any such URL's. They are way to dynamic (blacklisted one day and removed the next). ClamAV does malware detection over the long haul and trying to keep up with fraudulent web sites would be a full time job and better done by other means (e.g. Google Safe

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Sunny Marwah
Hi Micah, Thanks for letting me know about enabling SafeBrowsing CVD option in ClamAV. Google safe browsing put a website in 3 categories mentioned below : 1 Secure 2 Info or Not secure 3 Not secure or Dangerous Curious to know how ClamAV will categorize the HTML file. Let's say, if any "Note

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-06 Thread Micah Snyder (micasnyd)
It may be worth mentioning that in addition to the [optional] SafeBrowsing CVD that you can choose to include, ClamAV has just started including PhishTank signatures late last month. For those who curious, see https://lists.gt.net/clamav/virusdb/. PhishTank signatures are prefixed with

[clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

2018-12-06 Thread David Laxer
Hi, I am running clamav-0.100.beta on OS X 10.11.6 and got the following messages Ios.Trojan.FakeTelegram-6736161-0 FOUND Here’s my clamscan invocation: $ clamscan/clamscan -i -r --exclude-dir=/Volumes --exclude-dir=/dev --exclude-dir=/Users/davidlaxer/clamav-0.100.0-beta/test

Re: [clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

2018-12-06 Thread Al Varnell
What kind of suggestion are you looking for? They appear to be three different iPhone/iPad/iPod applications. The signatures were added to the ClamAV database on 1 Nov 2018. I would have to guess it has something to do with this Talos article:

Re: [clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

2018-12-06 Thread Eric Tykwinski
Al, I think you are probably right looking at it. > What kind of suggestion are you looking for? > > They appear to be three different iPhone/iPad/iPod applications. > > The signatures were added to the ClamAV database on 1 Nov 2018. > > I would have to guess it has something to do with this

Re: [clamav-users] Installation problem.

2018-12-06 Thread Robert Chalmers
There is something wrong with your C++ compiler. Is it actually installed? - Robert Chalmers https://robert-chalmers.uk aut...@robert-chalmers.uk @R_A_Chalmers > On 7 Dec 2018, at 7:28 am, nikos wrote: > > Hello list. > > I'm trying to install the now version of clam and it seems to be

[clamav-users] Installation problem.

2018-12-06 Thread nikos
Hello list. I'm trying to install the now version of clam and it seems to be compilation problems. I run ./configure --sysconfdir=/etc --enable-milter in the programs folder and I get the error: checking for g++... no checking for c++... no checking for gpp... no checking for aCC... no