Re: [clamav-users] Is there anything to do about encrypted viruses?

When you submit it, be sure to include the password so that the ClamAV signature team can properly asses it and provide a hash signature for the zip file. -Al- > On Dec 22, 2020, at 03:32, Alessandro Vesely via clamav-users > wrote: > > Hi all, > > > today I received a message with an encr

Re: [clamav-users] ClamAv help

Jay, You might want to take a look at ClamXAV which will give you a GUI interface enabling you to do most, if not all of what you are attempting, as well as provide some additional features and protections over and above what ClamAV can do: . It does require a paid subs

Re: [clamav-users] signature exists, but not detecting

On Tue, Feb 23, 2021 at 09:30 AM, Ron Seguin via clamav-users wrote: > Hi, > > Uploaded a file to virustools.com and results show > that ClamAV detects the Unix.Trojan.Tsunami-6981155-0 exploit. I'm not familiar with virustools.com and I get a redirect when I attempt

Re: [clamav-users] signature exists, but not detecting

l.com/gui/file/d2178904c657f7226212e535581ba61d8aa5383bf01ca94184ac76b5e8b0f98a/detection > > <https://www.virustotal.com/gui/file/d2178904c657f7226212e535581ba61d8aa5383bf01ca94184ac76b5e8b0f98a/detection> > > On Tue, Feb 23, 2021 at 10:03 PM Al Varnell via clamav-users > mailto:clamav-users@lists.clam

Re: [clamav-users] signature exists, but not detecting

virustotal.com/gui/file/d2178904c657f7226212e535581ba61d8aa5383bf01ca94184ac76b5e8b0f98a/detection> > > On Tue, Feb 23, 2021 at 10:03 PM Al Varnell via clamav-users > mailto:clamav-users@lists.clamav.net>> wrote: > > > On Tue, Feb 23, 2021 at 09:30 AM, Ron Seguin via cl

Re: [clamav-users] Unable to download clamav cvd file using google cloud python function

Can't believe how many people haven't been read this forum... -Al- On Mon, Mar 08, 2021 at 11:23 AM, Joel Esler via clamav-users (jesler) wrote: > As a result of events documented in places here: > https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html >

Re: [clamav-users] Offline Updating

On Mar 17, 2021, at 02:42, Paul Smith via clamav-users wrote: > On 17/03/2021 09:34, James Mcloughlin via clamav-users wrote: >> I have a stand alone machine that is not connected to the internet or any >> other device and for security reasons it cannot be connected at all. >> >> I have looked

Re: [clamav-users] unsubscribe

You must do that for yourself near the bottom of this page: Sent from my iPad -Al- > On Mar 20, 2021, at 05:20, Larry Turner via clamav-users > wrote: > > Please unsubscribe me also. ___ cl

Re: [clamav-users] Linode Clam AV Updates

Sent from my iPad On Mar 20, 2021, at 09:51, Paul Smith via clamav-users wrote: > On 20/03/2021 04:31, Joel Esler (jesler) via clamav-users wrote: >> Please check out cvdupdate or Freshclam for your updates. Once or twice a >> day to check is fine. >> > FWIW, running cvdupdate only once or tw

Re: [clamav-users] Heuristics, only on or off?

Sent from my iPad > On Mar 23, 2021, at 18:29, Joe Acquisto-j4 wrote: > > The "spoofed domain" is the one I would rather allow to pass through without > comment or quarantine as some are "legitmate". But the docs did warn > about "false posititves". Although pedantic types (who me?) might arg

Re: [clamav-users] Detection rate

I would expect Joel would know if there were since it's his program. -Al- > On Mar 29, 2021, at 16:42, María Belén Bonino via clamav-users > wrote: > > So there are no available reports on the current detection rate? smime.p7s Description: S/MIME cryptographic signature ___

Re: [clamav-users] Getting 403 Forbidden Error

You may need to supply your IP address in order for any blocking action to be removed. Sent from my iPad -Al- > On Mar 30, 2021, at 23:29, Varun, Michael via clamav-users > wrote: > > Hello Team, > > We are receiving 403 Forbidden error for our freshclam downloads. > > We have disabled the

Re: [clamav-users] vistumbler as false positive

Without knowing the name of the infection I can't provide even a guess as to whether it is or not, but the exact answer to your question is for you to report it by filling out the form found @https://www.clamav.net/reports/fp including the file itself. Sent from my iPad -Al- On Apr 7, 2021, a

Re: [clamav-users] vistumbler as false positive

>> /root/Vistumbler_v10-7.zip: Win.Malware.Generic-9819492-0 FOUND >> So. looks like this is false positive on vistumbler.. >> Eero >> On Thu, Apr 8, 2021 at 5:03 AM Al Varnell via clamav-users >> mailto:clamav-users@lists.clamav.net> >> <mailto:clamav

Re: [clamav-users] False positive on Heuristics.Phishing.Email.SSL-Spoof, no attachment

As you have noted, this is a common situation. Anytime the actual URL does not closely match the displayed URL you'll get an alert unless it has been added to an M or X signature in the database. I haven't been convinced that anybody is maintaining that list of exceptions, so disabling it is pro

Re: [clamav-users] State of false-positive message evaluation for Img.Exploit.CVE_2017_3049-6268090-0

Prof Rulle, I believe you mean a false positive, don't you? A false negative would be a failure to report, but clearly ClamAV does detect this. The proper way to report this would be to file a False Positive Report here: . If you can also provide a hash value

Re: [clamav-users] State of false-positive message evaluation for Img.Exploit.CVE_2017_3049-6268090-0

One additional note. That signature has been in the ClamAV.ldb database since 19 Apr 2017 back when first defined, making it relatively unlikely to be a false positive at this point in time. Also note from the CVE-2017-3049 detail that it was at

Re: [clamav-users] Siganture database and certification

Sent from my iPad On Jun 8, 2021, at 02:07, CUVILLIEZ Jérôme via clamav-users wrote: > I would like to know how the signature database of ClamAV is build ? based on > which signatures ? I suggest you start by reading though this manual on Signature writing first:

Re: [clamav-users] Scanning PDF for phishing links

Joel, If that question was addressed to all on this list, then yes, I forward all spam to SpamCop and everything suspected as a phish to phishtank (among others). But it's low volume, just from my wife and my's accounts. Sent from my iPad -Al- > On Jun 29, 2021, at 12:48, Joel Esler (jesler)

Re: [clamav-users] Clamav-safebrowsing failing

I have to wonder why bother when Safari most other macOS browsers already use Google SafeBrowsing to screen for fraudulent websites, as long as you leave it enabled. -Al- Powered by Mailbutler

Re: [clamav-users] Configuration Error

Vaughn, As Ged mentioned, it is not necessary to run clamconf in order to gererate any conf flies. Installation takes care of all that. In order to see the freshclam.conf info, you need to run it as root; sudo clamconf clamav-milter is a third party ClamAV tool, so if you didn't install it, th

Re: [clamav-users] Configuration Error

Sorry, it's the clamd.conf file that normally requires clamconf to be run as root. -Al- = Vaughn, As Ged mentioned, it is not necessary to run clamconf in order to gererate any conf flies. Installation takes care of all that. In order to see the freshclam.conf info, you need to ru

Re: [clamav-users] Clam updates failing

> On Oct 22, 2021, at 11:16 AM, Paul Kosinski via clamav-users > wrote: > > On Fri, 22 Oct 2021 13:27:46 + > "Joel Esler \(jesler\) via clamav-users" > wrote: > >>> On Oct 21, 2021, at 18:55, Kenneth Porter wrote: >>> >>> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:

Re: [clamav-users] Missing Mac OS .pkg installer

Not sure where you are seeing this, but perhaps you want the Homebrew or MacPorts packages referred to at >. There is also ClamXAV > and

Re: [clamav-users] Native Version

It wasn't to support ClamXAV. -Al- > On Oct 30, 2021, at 4:14 PM, Vaughn A. Hart wrote: > > Hi Joel… et al., > > I saw the reply about the clambav version but I sent an email before stating > that there was a pkg version when this current version was in beta. Right > after I sent that email

Re: [clamav-users] ClamAV detects XMR-Stak as malicious. Is this a false positive?

I suspect that it's because there are several instances of malicious software that install xmr-stak unknowingly to the user who then become a miner bot for a cybercriminal. If I were you I would just put it in a clamav.fp file so it will ignore your installation while still identifying any oth

Re: [clamav-users] Malware found on datadog folder in centos. Is it false-positive?

First I would upload the file to https://virustotal.com to see if any other scanners identify the file as malware. Sent from my iPad -Al- > On Jan 31, 2022, at 03:21, Nick Theofanidis via clamav-users > wrote: > >  > Hello, i hope everyone is well. > > while scanning my database vps clamav

Re: [clamav-users] Malware found on datadog folder in centos. Is it false-positive?

4:22, Arnaud Jacques via clamav-users wrote: > FP confirmed (I guess) : > https://www.virustotal.com/gui/file/217ae5161a0e08c0fb873858806e3478c9775caffce5168b50ec885e358c199d > > > Le 31/01/2022 à 12:30, Al Varnell via clamav-users a écrit : >> First I would upload the file to https://vir

Re: [clamav-users] ClamAV 0.105 release candidate

freshclam (not fetchclam) or cvdupate are currently the only methods to obtain updates. -Al- == ClamXAV user > On Mar 15, 2022, at 4:15 AM, Andrew C Aitchison > wrote: > > Is there a way to get source and binaries via fetchclam or cvdupdate ? Powered by Mailbutler

Re: [clamav-users] Is the signature "Win.Tool.Hoax-9939325-0" really problematic ?

On Apr 11, 2022, at 12:05 AM, alex via clamav-users wrote: > Is there a way to bypass the lifting of this signature, without completely > ignoring it, if it ultimately proves useful against other files? You can include an .fp file. See the documentation for format:

Re: [clamav-users] Unsubscribe!

You must do that yourself from the bottom of this page: . Sent from my iPad -Al- On Apr 13, 2022, at 20:08, Eliya Voldman via clamav-users wrote: > Please unsubscribe my email > Thanks ___ cl

Re: [clamav-users] How to delete logs after scan

Translation from Italian: Good morning, is it possible to clear the logs after each scan? If so, how? Thanks On May 23, 2022, at 3:50 AM, Marco Cesareo wrote: > Buongiorno, > > è possibile cancellare i log dopo ogni scansone? Se sì come? > > Grazie > Powered by Mailbutler

Re: [clamav-users] How often can I run cvdupdate?

Almost always once a day, currently between 9:00 and 9:30 am GMT. I scanned back and the last time there was a twice a day was 23 Dec 2021 and very few no update days. -Al- > On May 25, 2022, at 9:13 AM, G.W. Haywood via clamav-users > wrote: > > Since it's just using DNS requests to check f

Re: [clamav-users] MS Word Follina - CVE-2022-30190

Actually, there are two so far, added pm June 2 and 7: % sigtool -f CVE_2022_30190-|sigtool --decode-sigs VIRUS NAME: Win.Exploit.CVE_2022_30190-9951234-1 TDB: Engine:96-255,Container:CL_TYPE_OOXML_WORD,Target:7 LOGICAL EXPRESSION: 0&1&2 * SUBSIG ID 0 +-> OFFSET: 0 +-> SIGMOD: NOCASE +-> DECOD

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

On Jun 20, 2022, at 3:28 PM, Viktor Rosenfeld via clamav-users wrote: > Hi, > > A recent scan of my system found 8 infected files. On closer inspection, > these are all nodejs binaries, either installed through Homebrew or inside > another app (e.g., Docker or Adobe). Clamav reports that they

Re: [clamav-users] false positives for firefox add-ons?

This was a false positive as discussed much earlier today on this very same list. It was corrected by a signature update over seven hours ago. Simply run freshclam and your curiosity will be history. -Al- > On Jun 25, 2022, at 5:40 AM, Christian wrote: > > Hello altogether, :-) > > > perhap

Re: [clamav-users] Permanently banned from clamav

On Jul 2, 2022, at 6:33 PM, Grant Taylor via clamav-users wrote: > I assume you are saying that "regularly" specifies what the cadence is. > > To which I maintain no it does not. > > I file my taxes /regularly/. Read /yearly/. > > I eat meals /regularly/. Read /multiple/ /times/ /a/ /day/. >

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi, Just FYI, that was added to the ClamAV daily.ldb signature database on Apr 9 of this year, which matches your FP reporting effort timeline. And the signature is: % sigtool -fWin.Dropper.Tinba-9943147-0|sigtool --decode-sigs VIRUS NAME: Win.Dropper.Tinba-9943147-0 TDB: Engine:51-255,Target:1

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

f0f07596e7d3209bc8caad767ff7f1e39ee9?nocache=1> > > "... but perhaps the above will allow you to track down what component of the > program is being detected." > > I thought about doing that, but I don't know where to start, > it would be great to understand

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Shouldn't make any difference as VirusTotal is likely using 0.105, but upgrading isn't up to me as that's something the ClamXAV developer will eventually get around to. Sent from my iPad -Al- -- ClamXAV User > On Jul 9, 2022, at 09:25, G.W. Haywood via clamav-users > wrote: > > A guess: I

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

I've never seen a user post to that list and I've subscribed to it for decades. My impression has always been it's for database update announcements only. Sent from my iPad -Al- -- ClamXAV User > On Jul 9, 2022, at 09:44, Yaron Elharar via clamav-users > wrote: > > I didn't want to create a

Re: [clamav-users] PUA detected. False Positive?

Yes, just make sure you don't have embedded spaces, carriage returns or other invisible characters. -Al- -- ClamXAV User > On Jul 15, 2022, at 8:43 PM, joe a wrote: > > That error was corrected, but now the error is "Malformed Database". > > Is it not a simple text string on a single line? >

Re: [clamav-users] PUA detected. False Positive?

wrote: > Does that include CR at the end of a line? Docs suggest multiple ignores > in one file, each on it's own line. Did I misread? (not the first time) > > joe a > >> On 7/16/2022 12:18 AM, Al Varnell via clamav-users wrote: >> Yes, just make sur

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

I downloaded and installed both current versions of Node.js 16.16.0 LTS & 18.7.0 from > and no infected files were found. -Al- -- ClamXAV user On Mon, Aug 01, 2022 at 02:50 AM, Viktor Rosenfeld via clamav-users wrote: > Hi, > > about a month ago

Re: [clamav-users] No daily sig since July 28th

There have been no such announcements on the [clamav-virusdb] email list since the 28th. Sent from my iPad -Al- -- ClamXAV User On Aug 1, 2022, at 06:48, Shawn Iverson via clamav-users wrote: > Hello, > > I've noticed that a daily hasn't been posted since the 28th of July. Are > daily sigs

Re: [clamav-users] No daily sig since July 28th

On Mon, Aug 01, 2022 at 11:57 PM, G.W. Haywood via clamav-users wrote: > Al, the real reason for this post is that you mentioned the other day > that you'd also seen no viusdb mail for CVE CVE_2021_4034 although the > signature had appeared in the DB. The mail was sent on June 4th, the > sig was t

Re: [clamav-users] False Positive?

Did you submit to >? -Al- -- ClamXAV user On Aug 11, 2022, at 11:01 AM, David Laxer wrote: > Clamav 0.105.1 > > Xls.Downloader.Emotet-fe81817e7e81807e-9951541-0 FOUND > > /Applications/Keynote.app/Contents/SharedSupport/Te

Re: [clamav-users] hello help with config please

Your wish for another response is herein granted. There has been nobody else in this forum more helpful to more people than "GED" over the last several years now. And you would certainly be well served to pay close attention to each and every comment you receive from him. I didn't see anything

Re: [clamav-users] Txt.Downloader.Generic-6298945-0 FOUND

Hi Wally, Downloaders are not generally Trojans, although they may result from a Trojan that is used to install a Downloader. This signature has been in the Clamav database since Apr 26 2017, which would tend to indicate it's validity. The signature breaks out to: > % sigtool -fTxt.Downloader.

Re: [clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities

Those are vulnerability signatures, not necessarily for any existing malware. Anything that attempts to exploit those vulnerabilities should be caught. Sent from my iPad -Al- -- ClamXAV User On Nov 6, 2022, at 07:17, Turritopsis Dohrnii Teo En Ming via clamav-users wrote: > Subject: ClamAV s

Re: [clamav-users] Information about the signature database

Yes I simply search the daily's. If you give me the signature name I can do that for you tomorrow. Sent from my iPad -Al- > On Dec 9, 2022, at 02:59, Mark Allan via clamav-users > wrote: > > Al will probably be along shortly to correct me (he's quite good at tracking > down when items were

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Sent from my iPad On Dec 15, 2022, at 06:10, Michael Kyriacou via clamav-users wrote: Hello Michael, > Hello, is there a way to see how viruses/malware clamav current protects us > from. I don't believe I understand your question. Are you asking what malware clamav is protecting you agains

Re: [clamav-users] false positive

A good start would be to tell us what the domain in question is. Sent from my iPad -Al- > On Dec 23, 2022, at 03:26, newcomer01 via clamav-users > wrote: > > Hi @ all, > > is there a way to submit a false positive "Phishing.Email.SpoofedDomain" so > that an exception can be added? > > kin

Re: [clamav-users] Question Exception Rule

I'm sure one of us could, but you need to tell us what the display and actual urls you want whitelisted first. Sent from my iPad -Al- On Dec 29, 2022, at 08:06, newcomer01 via clamav-users wrote: > Is it possible, that you assist me in this process? ___

Re: [clamav-users] exception rule - help needed

Just a guess, but perhaps by naming it daily.wbd it gets confused with the one that's embedded in daily.cvd. I always name my file local.xxx. -Al- > On Jan 5, 2023, at 5:21 AM, newcomer01 via clamav-users > wrote: > > okay, now i found a permission issue. > > Ubuntu sets the clamav-deamon a

Re: [clamav-users] What to do with this file?

It is not an actual virus, just appears to be a file capable of exploiting the flaw described in CVE-2012-1889 . Discovered in 2012 (but only recently added to CISA catalog) there's a very good chance that you aren't running the old unpatched MS W

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

Just a note that in my experience, e-mail phishing detection is routinely disabled, perhaps because of excessive false positives, but also because signature maintenance appears to be a low priority. Sent from my iPad -Al- On Mar 22, 2023, at 10:44, newcomer01 via clamav-users wrote: > Hi Pa

Re: [clamav-users] Unix.Malware.Kaiji-10003916-0

Note that the signature was dropped in daily - 26932 which was released several hours earlier than usual today.Sent from my iPad-Al-Sent from my iPad-Al-On Jun 7, 2023, at 10:43, Steve Basford via clamav-users wrote: Multi False Positive reports... Just a heads up. Cheers,SteveSanesecurity.com

Re: [clamav-users] How do I get something added to the ignore list

First get the file's hash value: sigtool --md5 /home/tmick/.config/libreoffice/4/user/basic/Standard/Module1.xba Then copy the results to an fp.local file. You will probably have to create such a file and add it to the ClamAV database. -Al- > On Jun 7, 2023, at 11:45 AM, Tim McConnell via cla

Re: [clamav-users] clamd: Is chunked scanning possible/sensible for files > 2Gbyte?

I am not an authority here, but do recall having seen previous responses to similar suggestions and such an approach was not recommended. This has to do with the way many of the signatures are designed to look for multiple ascii or hex strings that could well occur with such strings located in d

Re: [clamav-users] Antivirus Bases showing outdated main.cvd with a version dated year 2021

Sent from my iPad On Aug 30, 2023, at 13:55, Jonathan Lee via clamav-users wrote: > This confusion stems from the following statement about main.cvd containing > and I quote "signatures previously in daily.cvd." Therefore, the signature > migration into main.cvd I assumed would constitute a n

Re: [clamav-users] Cannot "decode" a SHA256 signature

Sent from my iPad On Sep 12, 2023, at 01:29, Ralf Hildebrandt via clamav-users wrote: > should sigtool --decode-sigs really throw an error in that case? Perhaps not, but it's been the case for as long as I've been using clamav...decades now. Just my approach, but I always start with -f (or --

Re: [clamav-users] more false positives?

Submit them to http://www.clamav.net/reports/fp. Sent from my iPad -Al- > On May 11, 2024, at 08:07, Richard via clamav-users > wrote: > >  > I run clamav on linux, but I also have windows 7 installed. > I mounted the windows partition and ran a clamav scan, > which found the following viru

Re: [clamav-users] clamsubmit missing with homebrew installation

--- Begin Message --- Apparently you haven't read > "Clamsubmit, at this time, is only available on the *nix systems." -Al- On Sun, May 13, 2018

Re: [clamav-users] clamsubmit missing with homebrew installation

tps://discourse.brew.sh/ <https://discourse.brew.sh/> > <https://discourse.brew.sh/ <https://discourse.brew.sh/>> > > Sincerely, > > Eric Tykwinski > TrueNet, Inc. > P: 610-429-8300 > >> On May 13, 2018, at 8:42 PM, Al Varnell via clamav-users >> ma

Re: [clamav-users] File that bombs my clamd. How to submit for review?

--- Begin Message --- https://bugzilla.clamav.net -Al- ClamXAV User On Tue, May 15, 2018 at 08:28 PM, Kevin A. McGrail via clamav-users wrote: > > > I have a file that bombs my clamd pretty instantly. I've attempted to > narrow things down with debug, etc. I don

Re: [clamav-users] Clamscan crash on Mac OS X - yara rules

--- Begin Message --- You almost certainly need to attach it to a ticket at >. I don't see how anybody would be able to make sense of a partial crash report. That being said, it's almost certainly the result of a misconfigured yara rule,

Re: [clamav-users] Issue with clamav logical signature generation

I can’t comment on whether or not there is a 65 field limit or not, though it appears to me to be obviously so based on your experience. What I will comment on is that your approach is rather unique compared to most the .ldb signatures I’ve observed in the ClamAV database. Most all of the latte

Re: [clamav-users] Issue with clamav logical signature generation

On Feb 25, 2019, at 10:44, G.W. Haywood via clamav-users wrote: > > Hi there, > > On Mon, 25 Feb 2019, Al Varnell wrote: > >> ... the strings you provided appear to contain an extra digit. I >> thought hex strings always contain an even number of digits? > > Just as decimal strings are string

Re: [clamav-users] is this realy a positive? Html.Trojan.Exploit-112 FOUND

It's been in the database for many years, so doubt that it's invalid, but could still be an FP in your specific case. The signature looks like this: VIRUS NAME: Html.Trojan.Exploit-112 TARGET TYPE: HTML OFFSET: * bc f3 e3 f2 e9 f0 f4 [I padded the hex string with spaces to prevent this e-mail fro

Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)

No! You must do a complete installation of the new ClamAV package to update the engine. Freshclam only updates signatures. Sent from my iPad -Al- On Mar 11, 2019, at 20:51, Sunhux G via clamav-users wrote: > Does freshclam auto-update Clam's engine. ___

Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)

Now that you are subscribed to this list you will get an announcement whenever a new version is released or if this list is too noisy for you, just subscribe to clamav- announce . No need to uninstall, just download, configure, compile and install new vers

Re: [clamav-users] Txt.Trojan.Kryptik-6887991-0 FOUND

All I can add is some technical information about the signature. I have no idea what kind of infection it causes and on what platform. The signature was added to the database by daily - 25386 earlier today as an .ldb. Looking for a single ascii string in any type of file: > sigtool -fTxt.Trojan

Re: [clamav-users] Detection as PUA.Andr.Trojan.Generic-6878612-0

Not sure exactly when this was added to the .ldu database, but by the name it's a Possibly Unwanted Android Application, so unlikely to be found in that many different types of files. The signature looks like this: > VIRUS NAME: PUA.Andr.Trojan.Generic-6878612-0 > TDB: Engine:51-255,FileSize:104

Re: [clamav-users] Upgrade ClamAV on Mac Problem

Updating it can only properly be done by Apple and they have never been interested in doing that since they first used it. There are some very old instructions on how to update ClamAV on an OS X Server >= 10.5.6. The author has made it clear that he won't be updating them and the question I ask

Re: [clamav-users] Database updated over unencrypted connection?

I suspect we all read your concerns, but I have a problem understanding how that translates into defining a true vulnerability and the resultant level of severity. Assuming someone goes to all the trouble of figuring out what the hard coded public key embedded in ClamAV is, signs a fake .cvd or

Re: [clamav-users] Scan very slow

Reference? First I'm hearing of any such thing. -Al- > On Mar 23, 2019, at 02:26, Jean-Michel via clamav-users > wrote: > > Hi, > Micah Snyder, Do you know if Clamav was able to trace the orgine of getting > crawled in the database "daily.cld" and was able to fix the problem? > Regards > >

Re: [clamav-users] Scan very slow

Sorry, I misinterpreted the meaning of "crawled" thinking it referred to some sort of compromise of the data. -Al- > On Mar 23, 2019, at 09:42, Jean-Michel via clamav-users > wrote: > > See Maarten Broekman tests above > https://lists.clamav.net/pipermail/clamav-users/2019-March/007737.html

Re: [clamav-users] Clamd instream scanning

Somebody with better technical knowledge than I will need to get you a complete answer, but my observations tell me that if the file requires decompressed or other type of pre-processing, then temporary files are written to disk, but scans are normally conducted in memory. Sent from my iPad -A

Re: [clamav-users] Radically Different Scan Times

Addressed earlier today: > -Al- > On Apr 5, 2019, at 20:18, Michael Newman via clamav-users > wrote: > > MacOS 10.14.4 - 2017 iMac > ClamAV 0.101.1

Re: [clamav-users] [External] Re: Scan very slow

An additional 3968 Phishtank.Phishing.PHISH_ID_??? signatures were dropped by daily-25417 on 12 April, and I can't seem to locate any more. -Al- > On Apr 17, 2019, at 02:01, Mark Allan via clamav-users > wrote: > > Hi Micah, > > Sorry to pester you, but have you any update on when the re

Re: [clamav-users] [External] Re: Scan very slow

> well? Those were causing part of the issue. > > > --Maarten > > On Wed, Apr 17, 2019 at 5:24 AM Al Varnell via clamav-users > mailto:clamav-users@lists.clamav.net>> wrote: > An additional 3968 Phishtank.Phishing.PHISH_ID_??? signatures were > dropped by

Re: [clamav-users] [External] Re: Scan very slow

, 2019, at 03:36, Maarten Broekman > <mailto:maarten.broek...@gmail.com>> wrote: >> >> Are the "Phish" REPHISH signatures still in the daily or were they removed >> as well? Those were causing part of the issue. >> >> >> --Maarten >> >&

Re: [clamav-users] Update Failure

Appears to have been a failure regarding your Internet connection at the time. Probably a short outage. I'm not seeing any issues from where I am on the West Coast at this time.The mirror FAQ doesn't exist any more and should be replaced or removed from those instructions.-Al-On Mon, Apr 22, 2019 a

Re: [clamav-users] Update Failure

Appears to have been a failure regarding your Internet connection at the time. Probably a short outage. I'm not seeing any issues from where I am on the West Coast at this time. The mirror FAQ doesn't exist any more and should be replaced or removed from those instructions. -Al- On Mon, Apr 2

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

> On Sun, May 05, 2019 at 04:39 PM, Sunhux G via clamav-users wrote: > how can I add their hashes into my Clam DB (running > on Solaris 10)?? -Al- -- Al Varnell Mountain View, CA

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

If you have the hash value then it shouldn't be that difficult to find the actual file and check it as Joel mentioned. In addition to the hash value you will need the file size to build a proper signature. To check if it is already in daily or main you will need to unpack them by running, for

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

On May 5, 2019, at 23:24, Sunhux G via clamav-users wrote: > Where can I download a copy of sigtool (that's pre-compiled) for > Solaris 10 and RHEL7? Was combing clamav site but can't locate it. > Appreciate a full URL to download it. It's built into your ClamAV installation in clamav/bin. >

Re: [clamav-users] Scanning on Mac without installation

I also cannot understand what your objective is nor what method you might have used to scan a Windows machine without installing a ClamAV somewhere. Do you want to boot an external machine or boot the Mac from an external drive and scan the Mac's internal drive? Or reach out to ClamAV on some ex

Re: [clamav-users] Segregating database definitions in different subdirectories

What's the reason for segregation? You can easily add your own unofficial signatures to the regular directory to have ClamAV use them all. Otherwise you will have to run two occurrences of ClamAV pointing to those two directories. Sent from my iPad -Al- On May 14, 2019, at 23:04, Olivier via

Re: [clamav-users] 403 on clamav-virusdb webpage

The entire lists.clamav.net server appears to be down. Sent from my iPad -Al- On May 16, 2019, at 03:08, Arnaud Jacques wrote: > Hello, > > This link generates 403 error code : > https://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb > > What's wrong ? __

Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU

I am not seeing any evidence of a duplicate database. It would appear that you have some event scheduled to update your definitions database around 3:14am. Probably no impact on your on-going scan at that time because there were no further updates at that time, but not certain. Normal practice w

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

Appears to be a malformed hex string in 3rd logical expression: * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: LibClamAV Error: cli_hex2ui(): Malformed hexstring: 1 (length: 1) ERROR: Decoding failed (1): <<4#ib4#>0xB1B0AFBA) ERROR: Decoding failed -Al- > On May 25,

Re: [clamav-users] UNSUBSCRIBE

You have to do that yourself at the bottom of Sent from my iPad -Al- ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us

Re: [clamav-users] virus/malware risk level

Not unless you are lucky enough to be able to somehow identify what the malware is. About the only ones that you stand any chance of finding would be those identified with a "CVE" number that you can look up on Mitre or NIST sites. A small number will get written up on the Talos blog site

Re: [clamav-users] Faux positif ClamAV

Translation from French: > Hello, > > It's been several weeks since I declared a false positive that we detected > since the version "25399" of the "daily.cvd", and despite my multiple > reminders, I have no news of ClamAV and the problem still exists ... > > The false positive concerns an exe

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

You must unsubscribe yourself at the bottom of this page: > -Al- > On Jun 3, 2019, at 12:54, Roberto Mazzini wrote: > > unsubscribe > smime.p7s Description: S/MIME cryptographic

Re: [clamav-users] Why is clam config so different for centos 6 and centos 7

ClamAV distributes only one package. You'll need to ask Fedora why they choose to break it up. -Al- ClamXAV User On Tue, Jun 11, 2019 at 03:17 AM, Sunny Jaisinghani via clamav-users wrote: > Hello Members, > > This is my very first post/question on this list, so please pardon my > mistakes, i

Re: [clamav-users] ClamAV reputation rating

I'm guessing you are talking about e-mail headers here? I can't say definitively, but I have never seen a signature that was looking at them. Perhaps there are unofficial signatures that do. I've always been under the impression that such headers were designed to be used by Mail clients & serve

Re: [clamav-users] ClamAV reputation rating

The OP is going to have to explain more fully, but I took the question as does ClamXAV consider any reputation ratings that are made by the e-mail systems through which a message transits which are often expressed as spam or malware scores in the header information. As I said earlier, I believe

  1   2   >