Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Joel Esler (jesler)
Thanks Alain. > On Dec 12, 2018, at 10:17 AM, Alain Zidouemba > wrote: > > The Phistank URLs being dropped from daily.cvd have nothing to do with false > positives. We are just rotating in and out the top phishing URLs based on > number DNS lookups per hour. > > - Alain > > On Wed, Dec 12,

Re: [clamav-users] Question about LLVM...

2018-12-12 Thread J.R.
> So I would like to ask, does bytecode have access to its environment > (like ActiveX unfortunately did) and, how well is bytecode sandboxed? Well, first of all, only bytecode signatures published by Cisco/Talos are considered "trusted" and will run by default. You would have to manually specify

Re: [clamav-users] clamav-users Digest, Vol 169, Issue 8

2018-12-12 Thread Webster, Matt (PIRSA)
I am in. -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of clamav-users-requ...@lists.clamav.net Sent: Monday, December 10, 2018 3:30 AM To: clamav-users@lists.clamav.net Subject: clamav-users Digest, Vol 169, Issue 8 Send clamav-users

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Alain Zidouemba
The Phistank URLs being dropped from daily.cvd have nothing to do with false positives. We are just rotating in and out the top phishing URLs based on number DNS lookups per hour. - Alain On Wed, Dec 12, 2018 at 6:23 AM Joel Esler (jesler) wrote: > Not sure. Perhaps Alain can chime in. My

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-12 Thread Paul Kosinski
The daily.cvd is still less than half as big as main.cvd: -rw-r--r-- 1 clamav clamav 117892267 Jun 7 2017 main.cvd -rw-r--r-- 1 clamav clamav 53147013 Dec 11 14:03 daily.cvd but indeed using the cdiffs could save bandwidth. I never tried using cdiffs since the FAQ said "Let freshclam

Re: [clamav-users] Question about LLVM...

2018-12-12 Thread Paul Kosinski
I've always been leery of executable code that gets downloaded "behind the scenes" and then executed for whatever purpose. In the "old days", people were warned against downloading random software and then executing it. How that's become at least half of what we do on a daily basis -- in our

[clamav-users] ClamAV protect against viruses, rootkits, malware

2018-12-12 Thread Kaushal Shriyan
Hi, I have installed ClamAV ClamAV 0.100.2/25200/Wed Dec 12 15:59:52 2018 on CentOS Linux release 7.6.1810 (Core). Does ClamAV protect against viruses, rootkits, malware like watchbog and detection of unauthorized activities? Please comment. Thanks in Advance. I look forward to hearing from

Re: [clamav-users] ClamAV protect against viruses, rootkits, malware

2018-12-12 Thread Leonardo Rodrigues
Em 12/12/2018 15:06, Kaushal Shriyan escreveu: Hi, I have installed ClamAV ClamAV 0.100.2/25200/Wed Dec 12 15:59:52 2018 on CentOS Linux release 7.6.1810 (Core). Does ClamAV protect against viruses, rootkits, malware like watchbog  and detection of unauthorized activities? Please comment.

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-12 Thread Dennis Peterson
I wonder if the file size changed when Joel regenerated the daily.cvd file  (or I had in unexplainable file size error). I still use all the technology but no longer for big dot coms. The patched files are larger because they have a lot of unneeded bits in them. dp On 12/12/18 7:43 AM, Paul

[clamav-users] cli_get_filepath_from_filedesc error when using zINSTREAM in 0.101.0

2018-12-12 Thread Joel Pettis
Greetings, I've recently started using zINSTREAM with clamd in the new version 0.101.0 and every time I scan a file, a log is written to the std out like this: LibClamAV Error: cli_get_filepath_from_filedesc: File path for fd [12] is: /tmp/clamav-e9c124cf7c3129c87ebea09868d4838f.tmp >From

Re: [clamav-users] ClamAV protect against viruses, rootkits, malware

2018-12-12 Thread Kaushal Shriyan
On Wed, Dec 12, 2018 at 11:42 PM Leonardo Rodrigues < leolis...@solutti.com.br> wrote: > Em 12/12/2018 15:06, Kaushal Shriyan escreveu: > > Hi, > > > > I have installed ClamAV ClamAV 0.100.2/25200/Wed Dec 12 15:59:52 2018 > > on CentOS Linux release 7.6.1810 (Core). Does ClamAV protect against >

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Al Varnell
Thanks for the explanation, Alain. Makes a lot of sense to keep those signatures dynamically current. Sent from my iPad -Al- On Dec 12, 2018, at 07:17, Alain Zidouemba wrote: > The Phistank URLs being dropped from daily.cvd have nothing to do with false > positives. We are just rotating in

Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

2018-12-12 Thread Al Varnell
Not sure what comment you are looking for. The warning is pretty much self explanatory. You can either wait for CentOS to update it for you when they get around to it or download, configure and install 0.101.0 yourself . Sent from my iPad -Al- ClamXAV User On

Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

2018-12-12 Thread Scott Kitterman
A larger issue in this case is that 0.100.0, as released is not suitable for distribution use to to shared library header issues (mentioned on this list a few days ago - I appreciate Cisco being forthcoming and warning people). I don't know what EPEL/CentOS will do, but 0.100.0 won't be in

Re: [clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

2018-12-12 Thread Luca Moscato
Issue is in CentOS repo (not sure if standard or EPEL additional repo) that, still, do not ship the latest stable. On this topic, AMZ Linux is still have 0.99 in standard repo Luca Il 13/12/2018 07:42, Al Varnell ha scritto: Not sure what comment you are looking for. The warning is pretty

[clamav-users] ClamAV installation is OUTDATED! as reported by freshclam utility on CentOS Linux release 7.6.1810 (Core)

2018-12-12 Thread Kaushal Shriyan
Hi, I am running CentOS Linux release 7.6.1810 (Core) with ClamAV installed. When i am running freshclam i am seeing a Warning message and the details are described below:- # freshclam ClamAV update process started at Thu Dec 13 11:49:18 2018 WARNING: Your ClamAV installation is OUTDATED!

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Steve Basford
On Wed, December 12, 2018 8:59 am, Al Varnell wrote: > You mentioned earlier that ClamAV has recently added signatures from > PhishTank, but I've noticed over the last few days that most, if not all > of them have been removed. Should I conclude that the PhishTank > organization signatures are

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Al Varnell
You mentioned earlier that ClamAV has recently added signatures from PhishTank, but I've noticed over the last few days that most, if not all of them have been removed. Should I conclude that the PhishTank organization signatures are resulting in a high False Positive count? Are they simply

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Joel Esler (jesler)
Not sure. Perhaps Alain can chime in. My team also runs the Phishtank project, so this is about making our different properties work together through the official signature set in a supported way. If false positives are reported on the phishtank sigs through ClamAV.net, they are

Re: [clamav-users] Can't detect deceptive URL's as infected !!

2018-12-12 Thread Sunny Marwah
Hi Micah, I checked the what you suggested. I put that deceptive link as an hyperlink like href=link in html file and scanned the file. Still, ClamAV did not detect that file as 'Infected'. It gave OK to that file. Regards Sunny On Wed, Dec 12, 2018 at 5:53 PM Joel Esler (jesler) wrote: >