Re: [clamav-users] Can't detect deceptive URL's as infected !!

In your ClamAV signature folder does there exist a safebrowsing.cvd file? dp On 12/10/18 9:46 PM, Sunny Marwah wrote: Same question again : Chrome don't open malicious links due to labeling them dangerous as per "Safebrowsing". Then why ClamAV is not able to identify such malicious links whe

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Here was the earlier reply to your question >. Sent from my iPad -Al- On Dec 10, 2018, at 21:46, Sunny Marwah mailto:sunnymar...@trepup.com>> wrote

Re: [clamav-users] Can't detect deceptive URL's as infected !!

I can see below files in /var/lib/clamav/ directory : main.cvd bytecode.cvd safebrowsing.cld daily.cld mirrors.dat But it is 'safebrowsing.cld', not 'safebrowsing.cvd'. Is it Ok ?? On Tue, Dec 11, 2018 at 1:47 PM Dennis Peterson wrote: > In your ClamAV signature folder does there exist a sa

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Hi Al, Thanks for sharing that reply. Do you mean ClamAV did not detect that file (containing deceptive link) as 'Infected" in your scanning ? FYI, i have also tried Google's Safebrowsing API to check such deceptive links. It was really strange to know that even Google's Safebrowsing lookup API

[clamav-users] Question about LLVM...

I've googled to no end, but haven't been able to come up with anything except a few snips mentioning LLVM and bytecode here and there... I'm curious exactly what the benefit would be to use LLVM, is there much of a performance gain over the built-in (non-llvm) bytecode interpreter? Is it an expand

Re: [clamav-users] Can't detect deceptive URL's as infected !!

On Tue, December 11, 2018 1:58 pm, Sunny Marwah wrote: Hi Sunny/All, Here's the summary The phishing attempt looks like this html code: h-t-t-p-s:/-/-pastebin DOT com/TL5WUJZh This first link is just a hijacked graphic and won't be in safebrowsing... h-t-t-p-s:-/-/gokdenizhealthtourism

Re: [clamav-users] Question about LLVM...

Sorry about the broken links on the website and in the clamav-faq manual pages. Our web dev team is actively working on integrating the newly remodeled user manual into the website. The bytecode interpreter was nonfunctional for a long time but was fixed a few years ago. This is why LLVM was p

Re: [clamav-users] Question about LLVM...

On Tuesday, December 11, 2018 05:59:05 PM Micah Snyder wrote: > Sorry about the broken links on the website and in the clamav-faq manual > pages. Our web dev team is actively working on integrating the newly > remodeled user manual into the website. > > The bytecode interpreter was nonfunctional

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

Ever since we set up a local mirror on our LAN, we have not been using cdiffs. The reason for this is that I followed the procedure outlined on the ClamAV website (about 2/3 down the page) at: http://www.clamav.net/documents/clamav-virus-database-faq where it says: [Q] I’m running ClamAV on a

Re: [clamav-users] Question about LLVM...

Micah & Scott, Thank you for the replies, you answered exactly what I was thinking too based on posts referring to the built-in improvements and hush on llvm. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mai

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Yes - the extension can be one or the other. The other thing to check is the file ownership and permissions, and finally to search your clamd.log file (or what ever it is called on your system) for "FOUND". If it is a useful signature source your logs should indicate clamd is finding targets fro

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

You know the daily.cvd file is now larger than the main.cvd file, so you are burning up a lot of bandwidth if your world-facing ClamAV mirror is ignoring cdiff files. If it is using freshclam then it is using cdiffs and merging them as part of the process of mirroring. In that case your clients

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

Cloudflare's cache timeout is set to 5 seconds. So, I would doubt that Cloudflare's cache is the issue, it may be an ISP thing in the middle doing the caching, which is what Paul is guessing at this point, if I am following the thread correctly. Out of an abundance of caution I did a worldwide

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Sunny, Please note that the reply was not from me, rather it was from "Micah Snyder (micasnyd)" , ClamAV Engineer. You need to ask him for any additional details. Also, you are correct that safebrowsing.cld is just an updated, decompressed version of safebrowsing.cvd. -Al- On Tue, Dec 11, 2

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

I have to support you in that this guidance has been there for many years now, but I've never really understood why that was necessary. Obviously this method is part of the problem that Joel has been describing about the number of users always downloading the .cvd and it also greatly increases l

Re: [clamav-users] Can't detect deceptive URL's as infected !!

Hi Sunny, I meant to say that if I scanned a saved email file containing the malicious URL in an HTML link (i.e. a href=link ), then it will detect the link with the safebrowsing signature. However, if the malicious URL is not an HTML link, for example if the email content is plain text, th