Re: [clamav-users] Detecting Word docs with macros

2018-12-10 Thread Steve Basford
On 10 December 2018 17:21:05 "G.W. Haywood" wrote: Hi there, On Mon, 10 Dec 2018, Steve Basfordwrote: ... MiscreantPunch099-Low.ldb for additional detection but can hit scanning performance. Can you give any estimate (however rough) of the performance hit? Scanning a small file...

Re: [clamav-users] Clamav download

2018-12-10 Thread Joel Esler (jesler)
Correct. > On Dec 10, 2018, at 5:42 AM, Robert Chalmers wrote: > > http://www.clamav.net/downloads > > > > - > Robert Chalmers > https://robert-chalmers.uk > aut...@robert-chalmers.uk >

Re: [clamav-users] Detecting Word docs with macros

2018-12-10 Thread G.W. Haywood
Hi there, On Mon, 10 Dec 2018, Steve Basfordwrote: ... MiscreantPunch099-Low.ldb for additional detection but can hit scanning performance. Can you give any estimate (however rough) of the performance hit? -- 73, Ged. ___ clamav-users mailing

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Dennis Peterson
Exactly right. We can't be blaming the ClamAV process when we don't use the ClamAV process. People that don't use freshclam should have no expectation of high reliability. In fact any expectations are baseless when the wrong tools are employed. dp On 12/9/18 5:44 AM, Joel Esler (jesler)

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Eric Tykwinski
Paul, Sorry some of this confusion is probably my fault trying to help without going back to the whole thread. > On Dec 10, 2018, at 9:34 PM, Paul Kosinski wrote: > > We ARE using freshclam to perform the actual update. And always have > been! > > We've only been using curl (not wget, if

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-10 Thread Sunny Marwah
Same question again : Chrome don't open malicious links due to labeling them dangerous as per "Safebrowsing". Then why ClamAV is not able to identify such malicious links when "Safebrowsing" option is already enabled ?? On Sat, Dec 8, 2018 at 9:00 PM Micah Snyder (micasnyd) wrote: > Our replies

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Eric Tykwinski
Dennis, > On Dec 10, 2018, at 8:26 PM, Dennis Peterson wrote: > > Helps too to read the entire thread and the thread that preceded this one. > The OP has used combinations of dig and wget in diagnosing his problems. > > dp Seriously, then he should be just trying to pull the new cdiffs to

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Dennis Peterson
You were using curl (I did remember that after I posted as I'd helped you sort out curl options to do what you wanted) to explore what was available on the servers compared to what was on the DNS TXT record, and that was outside process. It also ignored cdiff files that may have been available

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Gary R. Schmidt
On 11/12/2018 11:46, Dennis Peterson wrote: Exactly right. We can't be blaming the ClamAV process when we don't use the ClamAV process. People that don't use freshclam should have no expectation of high reliability. In fact any expectations are baseless when the wrong tools are employed.

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Paul Kosinski
We ARE using freshclam to perform the actual update. And always have been! We've only been using curl (not wget, if that matters) to pull the first few bytes of the cvd to see if its version number matches what the DNS TXT query said. We do this because, after the conversion to Cloudflare, we

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Dennis Peterson
Helps too to read the entire thread and the thread that preceded this one. The OP has used combinations of dig and wget in diagnosing his problems. dp On 12/10/18 5:22 PM, Gary R. Schmidt wrote: On 11/12/2018 11:46, Dennis Peterson wrote: Exactly right. We can't be blaming the ClamAV process

Re: [clamav-users] Installation problem.

2018-12-10 Thread nikos
Robert, Both ./configure tidy and ./configure clean give:   configure: WARNING: you should use --build, --host, --target checking for clean-g++... no checking for clean-c++... no checking for clean-gpp... no checking for clean-aCC... no checking for clean-CC... no checking for

Re: [clamav-users] Installation problem.

2018-12-10 Thread Robert Chalmers
Ok, try make clean To cleanup the build first. What sort of OS are you on? You may have said but I can’t remember. So, delete the current directory you have it in and make sure you are downloading the correct sources. https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/Installing.md Or

[clamav-users] Clamav download

2018-12-10 Thread Robert Chalmers
http://www.clamav.net/downloads - Robert Chalmers https://robert-chalmers.uk aut...@robert-chalmers.uk @R_A_Chalmers ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help

[clamav-users] Detecting Word docs with macros

2018-12-10 Thread Eric Tykwinski
Default clam sigs obviously are not catching these, but wondering if anyone has them included in a third party that rather FP friendly. I also just tested a yara from here, and it seems to work, but not certain about FPs from it either.

Re: [clamav-users] Detecting Word docs with macros

2018-12-10 Thread Steve Basford
On Mon, December 10, 2018 2:58 pm, Eric Tykwinski wrote: > Default clam sigs obviously are not catching these, but wondering if > anyone has them included in a third party that rather FP friendly. > > I also just tested a yara from here, and it seems to work, but not > certain about FPs from it

Re: [clamav-users] Detecting Word docs with macros

2018-12-10 Thread Eric Tykwinski
Steve. > Sanesecurity badmacro.ndb and phish.ndb and rogue.hdb will pretty much > cover a lot of those... MiscreantPunch099-Low.ldb for additional detection > but can hit scanning performance. > > ClamAV settings in clamd.conf can also be tweaked to block documents with > macro and or passwords.