[clamav-users] ign2 whitelist don't work

Hi * the follwoing rules don't make anything but troubles * created a ign2 file * again a reject of clamav-milter * tried also whitelist "Eicar-Test-Signature" * also still hits why?! ___ thelounge_whitelist.ign2: Heuristics.Phishing.Email.Spo

Re: [clamav-users] ign2 whitelist don't work

ot;; from= to=<*> proto=ESMTP helo= Jul 8 14:42:49 mail-gw postfix/cleanup[19119]: 3rmDfY2gcSzB44: milter-reject: END-OF-MESSAGE from mta103b.pmx1.epsl1.com[142.54.244.103]: 5.7.1 Virus found or dangerous attachment: "Heuristics.Phishing.Email.SpoofedDomain"; from=

Re: [clamav-users] ign2 whitelist don't work

Am 18.07.2016 um 18:14 schrieb Charles Swiger: On Jul 16, 2016, at 7:40 AM, Reindl Harald wrote: You must disable Heuristics using clamd.conf and clamscan options. that's not a useful answer since the only option is "HeuristicScanPrecedence" which don't disable anyth

Re: [clamav-users] ign2 whitelist don't work

Am 19.07.2016 um 16:02 schrieb Charles Swiger: Perhaps English isn't your native language? no, it isn't first: i know that SPF is not relevant for clamav, but since it's a clean way to verify the source of a message and clamav can't do this such spoofing rules in clamav which can't be disa

Re: [clamav-users] ign2 whitelist don't work

Am 19.07.2016 um 19:00 schrieb Charles Swiger: On Jul 19, 2016, at 10:28 AM, Reindl Harald wrote: [ ... ] 2) In the absence of MX records stating otherwise, I expect that any mailserver which sends outbound email should be willing to accept inbound mail for the same domains it terminates

Re: [clamav-users] ign2 whitelist don't work

Am 19.07.2016 um 19:19 schrieb Charles Swiger: On Jul 19, 2016, at 1:09 PM, Reindl Harald wrote: False. Assuming that there is only one correct mail architecture is a major fallacy. bla - yes there are more ways but your whole stuff about SPF was entirely wrong from the very begin in

Re: [clamav-users] Error: define server type (local and/or TCP). but LocalSocket is set

Am 24.07.2016 um 00:44 schrieb Scott Horton: [...snip...] I surmise from this that while I had clamd running without error, it was apparently starting up with defaults and not using my config file. I didn't see a question in all that, Apologies I wasn't clearer. I meant the question to be:

Re: [clamav-users] Error: define server type (local and/or TCP). but LocalSocket is set

Am 24.07.2016 um 00:53 schrieb Scott Horton: enter the message in google points here: https://bbs.archlinux.org/viewtopic.php?id=94452 So it does. Says to uncomment Localsocket. Per the original post pasted below, it was done. Did not fix. ...My conf file does have the LocalSocket line u

Re: [clamav-users] Error: define server type (local and/or TCP). but LocalSocket is set

Am 22.07.2016 um 19:17 schrieb Scott Horton: I checked what I think is that configuration file for systemctl: /usr/lib/systemd/system/clamd@.service and it appers to be using the conf file I think it is: ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --foreground=yes Not sure what the %i

Re: [clamav-users] Error: define server type (local and/or TCP). but LocalSocket is set

Am 24.07.2016 um 02:14 schrieb Scott Horton: and you are sure that *this* config file is really used? I'm not terribly sure of anything . But I appreciate anyone helping me see the trees for the forest. This is what it says: [root@tn2 ~]# ps ax|grep clamd 695 ?Ssl0:09 /usr/sbin

Re: [clamav-users] clamav-milter feature requst

Am 04.08.2016 um 19:15 schrieb G.W. Haywood: Hi there, On Thu, 4 Aug 2016, Benny Pedersen wrote: make it possible to have policy banks in clamav-milter ... Are you sure that you mean clamav-milter? it's just Benny - most time you have no chance what he is talking about but he talks much

Re: [clamav-users] clamav-milter feature requst

Am 04.08.2016 um 19:47 schrieb Benny Pedersen: On 2016-08-04 19:15, G.W. Haywood wrote: make it possible to have policy banks in clamav-milter ... Are you sure that you mean clamav-milter? its what sendmail uses imho ? and if it happens there it works just what amavisd do with make some v

Re: [clamav-users] clamav-milter feature requst

Am 04.08.2016 um 21:18 schrieb Matus UHLAR - fantomas: Am 04.08.2016 um 19:47 schrieb Benny Pedersen: reason for this is that make this clamav signature is that its more ram effitive then make native spamasssasin rules On 04.08.16 19:50, Reindl Harald wrote: different signatures for

Re: [clamav-users] Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)

Am 07.08.2016 um 15:51 schrieb Chris: On Sun, 2016-08-07 at 10:49 +0200, Tobi wrote: It might a systemd issue. Have you tried to start clamd by calling it directly on cli? Does it create the socket then? Cheers tobi I've tried that lots of times Tobi, however, it still doesn't create it:

Re: [clamav-users] Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)

Am 07.08.2016 um 17:04 schrieb Alan Stern: On Sun, 7 Aug 2016, Chris wrote: On Sun, 2016-08-07 at 10:49 +0200, Tobi wrote: It might a systemd issue. Have you tried to start clamd by calling it directly on cli? Does it create the socket then? Cheers tobi I've tried that lots of times Tobi

Re: [clamav-users] scanning windows with Linux

Am 07.08.2016 um 19:08 schrieb Ed Ahlsen-Girard: Do the Linux database files address Windows viruses? Say, for the case of dual-boot systems? clamav is mostly about windows malware at all becuase the majority of setups likely runs on inbound mailservers trying to protect their windows users

Re: [clamav-users] Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)

Am 07.08.2016 um 19:13 schrieb Chris: On Sun, 2016-08-07 at 17:02 +0200, Tobi wrote: Hi Chris sorry I was not clear enough. I did not mean to start the service via systemd but to call like sudo /usr/sbin/clamd -c /path/to/config and see then if the socket has been created in expected locati

Re: [clamav-users] Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)

Am 07.08.2016 um 19:22 schrieb Chris: Alan, I do see this in the log: Sun Aug 7 12:07:30 2016 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid Sun Aug 7 12:07:30 2016 -> --- Stopped at Sun Aug 7 12:07:30 2016 Sun Aug 7 12:10:43 2016 -> +++ Started at Sun Aug 7 12:10:43 2016 S

Re: [clamav-users] Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)

Am 07.08.2016 um 19:33 schrieb Chris: On Sun, 2016-08-07 at 19:17 +0200, Reindl Harald wrote: Am 07.08.2016 um 19:13 schrieb Chris: On Sun, 2016-08-07 at 17:02 +0200, Tobi wrote: Hi Chris sorry I was not clear enough. I did not mean to start the service via systemd but to call like

Re: [clamav-users] Scanning very large files in chunks

Am 09.08.2016 um 18:40 schrieb G.W. Haywood: Does anybody have any feedback on the proposed solution to scanning large files in chunks? Stop worrying about it, it's a waste of time and effort. The probability that you will actually find what you're looking for is very small. ... are there

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

Am 10.08.2016 um 11:32 schrieb Robert Boyle: I see that you have added Win.Exploit.CVE_2016_3316-1 to whitelist.ign2 Can you please advise when this whitelist update is available to all users? you can place your own .ign2 file in the signature folder, that's the whole point of different file

Re: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

Am 10.08.2016 um 11:52 schrieb Jan-Pieter Cornet: On 10-8-16 08:22, ANANT S ATHAVALE wrote: Hi, Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a false positive? Yes. Created a completely empty .doc file using LibreOffice on linux, and the resulting file was reco

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

Am 16.08.2016 um 18:31 schrieb Alex: I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain for capitaloneemail.com, but can't figure out how to use sigtool to determine which actual domain it thinks was spoofed. # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain | sig

Re: [clamav-users] Understanding OLE2BlockMacros

Am 24.08.2016 um 01:14 schrieb Alex: I'm using clamav on fedora23 with amavisd-new and would like to tag each email that contains macros with Heuristics.OLE2.ContainsMacros. I've enabled OLE2BlockMacros, but it appears it actually lets them through instead of blocking them outright when this se

Re: [clamav-users] Understanding OLE2BlockMacros

Am 24.08.2016 um 18:12 schrieb Alex: I'm using clamav on fedora23 with amavisd-new and would like to tag each email that contains macros with Heuristics.OLE2.ContainsMacros. I've enabled OLE2BlockMacros, but it appears it actually lets them through instead of blocking them outright when this set

Re: [clamav-users] Understanding OLE2BlockMacros

Am 24.08.2016 um 21:37 schrieb Alex: It appears that using OLE2BlockMacros causes attachments with macros, viruses or not, to just be marked by amavis with the Heuristics.OLE2.ContainsMacros. However, when it's set it no longer blocks them but forwards them on. Is this the intended behavior?

Re: [clamav-users] Understanding OLE2BlockMacros

Am 25.08.2016 um 20:39 schrieb Alex: Maybe I should have stated my question more simply: What is the purpose of the OLE2BlockMacros option? What happens when it's set to "Yes"? every message with a attachment containing macros hit clamd What happens when it's set to "No"? every message w

Re: [clamav-users] clamd does not bind to port when starting through init.d/service ubuntu 16.04

Am 27.08.2016 um 18:30 schrieb G.W. Haywood: Hi there, On Sat, 27 Aug 2016, Jeff Dyke wrote: ... if i start clamd with sudo -u clamav /usr/sbin/clamd --config-file=/etc/clamav/clamd.conf it *will* bind to that address and port. ... When starting via /etc/init.d/clamav-daemon start or sudo se

Re: [clamav-users] clamd does not bind to port when starting through init.d/service ubuntu 16.04

eals with ratware i prefer to chain it as much as possible On Sat, 27 Aug 2016 18:59:07 +0200 Reindl Harald wrote: Am 27.08.2016 um 18:30 schrieb G.W. Haywood: Hi there, On Sat, 27 Aug 2016, Jeff Dyke wrote: ... if i start clamd with sudo -u clamav /usr/sbin/clamd --config-file=/etc/clamav/

Re: [clamav-users] clamd does not bind to port when starting through init.d/service ubuntu 16.04

Am 27.08.2016 um 22:15 schrieb Alan Stern: On Sat, 27 Aug 2016, Reindl Harald wrote: Am 27.08.2016 um 18:30 schrieb G.W. Haywood: Hi there, On Sat, 27 Aug 2016, Jeff Dyke wrote: ... if i start clamd with sudo -u clamav /usr/sbin/clamd --config-file=/etc/clamav/clamd.conf it *will* bind

Re: [clamav-users] clamd does not bind to port when starting through init.d/service ubuntu 16.04

od -- a worthy successor to the capability-based systems some of us worked on at NCR 1969-1970 (contemporaneous with Unix, but totally independent), and IBM Research 1970-1971 ("Future Systems", leading to System 38 and AS/400). On Sat, 27 Aug 2016 20:52:58 +0200 Reindl Harald wro

Re: [clamav-users] clamd does not bind to port when starting through init.d/service ubuntu 16.04

Am 29.08.2016 um 15:34 schrieb Jeff Dyke: our config locations for the .service files are in slightly different areas, so do you mind saying what distro you're running Fedora but it does not matter the whole concept of systemd is when you disable a existing service and place a unit with the

Re: [clamav-users] ClamAV updates

Am 10.09.2016 um 11:04 schrieb Alan Forbes: I have since uninstalled CLAMAV and am now using COMODO, at least it updates correctly. oh yeah each time with some peice of software something goes wrong you stop using that software? how old are you and how long can you play that game until fina

Re: [clamav-users] CryLocker and Cryptolocker

Am 14.09.2016 um 17:08 schrieb Alex: What's being done about blocking attacks from the new crylocker and the various types of cryptolocker? https://fightransomware.com/ransomware-articles/crylocker-ransomware-compiles-victims-data-fake-image-file-uploads-imgur/?linkId=28721757 Are there speci

Re: [clamav-users] CryLocker and Cryptolocker

Am 14.09.2016 um 17:47 schrieb Alex: The problem with setting OLE2BlockMacros to yes is that if you don't implement your own signatures against macro code, setting OLE2BlockMacros Yes effectively causes Heuristics.OLE2.ContainsMacros to be returned and disables all official and unofficial signa

Re: [clamav-users] CryLocker and Cryptolocker

On 15.09.16 00:51, Reindl Harald wrote: which is the whole point it's impossible to get them all catched with sgnatures because they change all the time and so if you want to be sure you need to treat every office macro as bad - they don't belong into emails these days frankly i have

Re: [clamav-users] How to trick clamav

transfered *how* rsync --quiet --no-motd --times --force --recursive --delete-after --sparse --links --devices --specials --perms --owner --group --executability --acls --xattrs /var/lib/clamav/ root@targetmachine:/var/lib/clamav/ i can assure that works beause we are doing that for many year

Re: [clamav-users] freshclam error

Am 29.09.2016 um 17:05 schrieb robin.wakefi...@ubs.com: We've just noticed this has started to appear in the logs too. Any clues please? also with the outdated clamav? clamav-update-0.99.2-1.fc24.x86_64 has no problems both of you don't find it worth to tell distro and version while in cas

Re: [clamav-users] Feature request: show checksums of virus databases on the clamav.net website

Am 30.09.2016 um 01:20 schrieb SCOTT PACKARD: Some of us clamav users are behind rather substantial proxies and can't pull them easily. It's nice to have a place to download them. Just FYI. sorry, but in that case these problems needs to be solved with the fools of admins (or that admins re

Re: [clamav-users] Feature request: show checksums of virus databases on the clamav.net website

2016 at 6:40 AM, Reindl Harald wrote: Am 30.09.2016 um 01:20 schrieb SCOTT PACKARD: Some of us clamav users are behind rather substantial proxies and can't pull them easily. It's nice to have a place to download them. Just FYI. sorry, but in that case these problems needs to be solved

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 14:21 schrieb Alex: I'm starting to receive emails like this: http://pastebin.com/HpvEcT9K They're not being caught by clamav or other virus filters. Is it even possible to catch encrypted Word docs with a virus scanner? I'm using spamassassin on fedora with amavisd. Is ther

[clamav-users] clamav not looking in .tbz2 archives?

Content-Type: application/octet-stream MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Scan - 001265480.tbz2" that beast is a valid bzip2 archive and contains a windows exceutable does clamd not realize that as archive or sansecurity foxhole rules?

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 20:02 schrieb Alex: I'm using spamassassin on fedora with amavisd. Is there something that can be done to at least tag them in some way so the end-user knows it's a potential threat? reject attachments with macros or add a clamd instance connected to the clamav-sa-plugin with

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 20:37 schrieb Alex: [root@mail-gw:/etc/clamd.d]$ cat scan.conf | grep OLE2BlockMacros OLE2BlockMacros no [root@mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep OLE2BlockMacros OLE2BlockMacros yes Reindl, I appreciate your input, but I can't just outright reject docs with macr

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 20:52 schrieb Dennis Peterson: On 10/5/16 11:37 AM, Alex wrote: Can you explain how you configured systemd to start two instances of the same clamd binary using different config files? Create a second config file and give it a unique name or place it in a different directory

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 21:09 schrieb Michael Grant: I see a ton of these too. But I also have clients who get password protected documents all the time, so it's a bit difficult to just blanket block all password protected documents you don't need to - they just get a additional score in SpamAsssin

Re: [clamav-users] Whitelisting FP domains

Am 06.10.2016 um 16:08 schrieb Alex: We have reports of a domain being blacklisted and we don't think it should be: LibClamAV debug: Phishcheck:Checking url http://www.hospitalitytec.com->www.hospitalitytec.com I think its better to keep the domain listed at the moment.. https://www.virusto

Re: [clamav-users] One final clamd Frage

Am 12.10.2016 um 12:15 schrieb Brad Scalio: So if we are using only clamscan from a cronjob and freshclamd to update the VSD then no need to startup clamd correct? it's easy: if you don't use it you don't need it to start if you use clamscan and nothing else you don't use it On Oct 12, 2016

Re: [clamav-users] Unsubscribe

Am 12.10.2016 um 13:09 schrieb Al Varnell: Go to http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users and at the very bottom enter your e-mail address. no need to visit any webpage, just send the unsubscribe mail to the correct address and for *no single list on this planet* it's t

Re: [clamav-users] unsubscribe

Am 12.10.2016 um 16:40 schrieb james henrydoss: Unsubscribe are you kidding or why the hell did you not read the answers to that foolish "unsubscribe" post you are quoting? how did guys like you manage to subscribe without holding hand? List-Unsubscribe:

Re: [clamav-users] unsubscribe

Am 13.10.2016 um 01:13 schrieb John Crisp: On 12/10/16 16:57, Reindl Harald wrote: are you kidding or why the hell did you not read the answers to that foolish "unsubscribe" post you are quoting? how did guys like you manage to subscribe without holding hand? permanenttsb.ie

Re: [clamav-users] Internal freshclam SAS

Am 17.10.2016 um 19:05 schrieb Brad Scalio: Is there documentation on options and setting up your own virus signature database source if certain target systems within your network cannot resolve hostnames (no DNS) or no external internet connectivity it's pretty easy: take /var/lib/clamav on

Re: [clamav-users] Error while compiling ClamAV

Am 19.10.2016 um 15:45 schrieb crazy thinker: Can you Please Specify which linux derivative are you using? On 19 October 2016 at 10:07, ANANT S ATHAVALE wrote: Hi, I tried compiling Clamav 0.99.2 with OpenSSL 1.1.0 and was getting error OpenSSL installation is misconfigured or missing m

Re: [clamav-users] Install from source on Ubuntu 8.04 Hardy

Am 25.10.2016 um 17:41 schrieb Chris Nelson: OS Ubuntu 8.04.3 Hardy - installed ClamAV 0.99.2 yesterday, and can't seem to get the daemon / clamd to function. Installed in /usr/local/sbin - previously had 0.97 and earlier but had the mpool_malloc() loop issue so had to torch it. Here's what I

Re: [clamav-users] Installing Clamav in WAMP

Am 26.10.2016 um 17:48 schrieb Karthick Siva: Dear Team, Hope this email finds you well. I'm facing an issue while doing setup for clamav in PHP/wamp. I installed - clamav-0.99.2-win32.msi and no idea how to configure with WAMP. Can you please suggest us how to do the implementation? Apprec

Re: [clamav-users] Installing Clamav in WAMP

s a folder created in C:\Program Files\ClamAV which includes few application files. Can you help me to go forward? Karthick On Wed, Oct 26, 2016 at 7:50 PM, Reindl Harald wrote: Am 26.10.2016 um 17:48 schrieb Karthick Siva: Dear Team, Hope this email finds you well. I'm facing an

Re: [clamav-users] UN-Installing ClamXav Mac

Am 29.10.2016 um 19:50 schrieb G.W. Haywood: SSDs have a deservedly poor reliability reputation, and when they fail they tend not to fail gracefully, a few sectors at a time, like discs often do, but - instead - by going 100% unreadable somewhere inbetween consecutive CPU clock cycles with abso

Re: [clamav-users] ClamAV Remote Scanning

Am 09.11.2016 um 13:02 schrieb amit.naudi...@yahoo.co.in: I am looking out for a solution where I could use a Clamd Server (or a group of servers) to serve multiple requests from multiple servers for scanning files/group-of-files for any harmful malwares/viruses. Idea is: clients will submit

Re: [clamav-users] ClamAV RPM vs source code installation

Am 15.11.2016 um 16:31 schrieb Fouts, Christopher: How come the Centos RPM (v0.99.2) does not install everything that the compiled source code does? For example, I don’t see clams, fresh clam, and the configuration in /etc/clamav.conf, Where do I get this other utilities via RPM? by install

Re: [clamav-users] ClamAV RPM vs source code installation

Am 15.11.2016 um 18:39 schrieb Dennis Peterson: Hmm - just noticed my asterisk is missing. Should be: yum info clamav* to see all the clamav packages on what ever repos are configured the asterisk packages are also split :-) https://koji.fedoraproject.org/koji/packageinfo?packageID=5449 an

[clamav-users] digest-replies -> Re: clamav-users Digest, Vol 143, Issue 20

"Re: [clamav-users] clamav-users Digest, Vol 143, Issue 20" as subject? if you just want to read - fine, use digest otherwise change the configuration so that you can reply to a single message, with useful quoting and a meaningful subjects as everybody else does _

Re: [clamav-users] Question about Virus DB

Am 27.11.2016 um 06:27 schrieb crazy thinker: I have a doubt regarding virus db files. why ClamAV team providing common database for paltforms like windows linux and mac os x. why not they provide virus database files based on platform specific. is there any specific reason behind this? i am v

Re: [clamav-users] Install ClamAV on RHEL v7

Am 03.12.2016 um 12:00 schrieb Михаил: Hi everybody! Could you tell about what the difference is between clamd@scan.service and clamd@.service? When do these services use? I installed ClamAV on RHEL and tried to start these services. The service clamd normally started but another service cou

Re: [clamav-users] Qusestion abotu Cloud base Scanning

Am 03.12.2016 um 14:13 schrieb crazy thinker: Does ClamAV have cloud base scanning capability? i have come across requirement where i have to send local files from my local computer to Cloud server that do actual sanning process and sends results to client side not directly, but it shoul d

Re: [clamav-users] bugzilla security certificate

Am 07.12.2016 um 17:42 schrieb Steve Basford: Just a quick one... in case it confuses visitors to Bugzilla... Going to https://bugs.clamav.net/ Firefox reports: "bugs.clamav.net uses an invalid security certificate. The certificate is only valid for bugzilla.clamav.net Error code: SSL_ERROR_

Re: [clamav-users] bugzilla security certificate

Am 12.12.2016 um 00:25 schrieb timeless: Firefox reports: "bugs.clamav.net uses an invalid security certificate. The certificate is only valid for bugzilla.clamav.net Error code: SSL_ERROR_BAD_CERT_DOMAIN" You can bypass the warning if desired. (FWIW, Chrome also allows this) Benny Peder

Re: [clamav-users] Question on attachments

Am 12.12.2016 um 17:43 schrieb TR Shaw: How does ClamAV decide to unpack an attachment? In particular this is in reference to the recent Locky attachments that are zips but have the attachment extension “dip” clamav don't care about extensions as any other unix software [harry@rh:/download

Re: [clamav-users] alternative signatures

Am 13.12.2016 um 10:03 schrieb Vladislav Kurz: Hello all, In the last few months my satisfaction with clamav's virus signatures is getting worse. Viruses getting through, while clamav catches just a few. Some of them are detected few days later, but that may be too late. Also occasional false

Re: [clamav-users] Central management server?

Am 14.12.2016 um 16:27 schrieb robert k Wild: Can I install a clamav server and point all my clamav end users ie Mac Linux windows to the server to get update definitions and can I manage my clients from the server ie see if there online run scans and lock clients so they can't change settings?

Re: [clamav-users] clamav-milter and unofficial sigs

Am 14.12.2016 um 18:01 schrieb Benny Pedersen: is it possible currently to accept 3dr party virus in clamav-milter ? eq: OnUnofficial Accept where default is Rejct like OnInfected ? this will make clamav-milter more flexible just use two clamd instances * one as milter with reject * one

Re: [clamav-users] No notice of OLE2.ContainsMacros

Am 21.12.2016 um 01:32 schrieb Mark Foley: I did not know about clamdscan! Thanks for that info. I've replaced clamscan with clamdscan in my script for 2 reasons: First, while clamscan with the --block-macros=yes switch did work for .doc[x|m] quarantined messaged, it found macro enabled .xls fi

Re: [clamav-users] with main.cvd clamscan dead slow

Am 21.12.2016 um 14:38 schrieb Selcuk Yazar: Dear Arnaud in redhat El 6 version thereis no clamdscan command this is simply not true - clamav is from the EPEL repo and here you go https://koji.fedoraproject.org/koji/buildinfo?buildID=772565 the package "clamd" contains /usr/bin/clamdscan u

Re: [clamav-users] Cannot skip OLE2 checking

Am 21.12.2016 um 17:25 schrieb Mark Foley: I'm running clamdscan on Maildir folders as: clamdscan --config-file=/usr/local/etc/clamdscan.conf --multiscan \ --fdpass --allmatch --stdout /home/HPRS/user/Maildir/ I want to skip checking for OLE2 macros. The /usr/local/etc/clamdscan.conf has:

Re: [clamav-users] Cannot skip OLE2 checking

Am 21.12.2016 um 18:43 schrieb Mark Foley: On Wed, 21 Dec 2016 17:34:05 Reindl Harald wrote: Am 21.12.2016 um 17:25 schrieb Mark Foley: I'm running clamdscan on Maildir folders as: clamdscan --config-file=/usr/local/etc/clamdscan.conf --multiscan \ --fdpass --allmatch --stdout /home

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Am 29.12.2016 um 07:30 schrieb demonhunter: Samples can be easily generated by creating a blank Word or Excel document, creating an empty macro module with a single empty subroutine, and saving the Word/Excel file as a .docm or .xlsm file. Scanning one of these brand new files against a saved

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Am 29.12.2016 um 03:54 schrieb Al Varnell: Over 11,000 of them were dropped several days ago, but a few were added at the same time. I have no idea what the status of those new ones are and maybe I've lost track, but I believe only one of the new ones has been brought up here. Since all sign

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Am 29.12.2016 um 10:21 schrieb Reindl Harald: Am 29.12.2016 um 03:54 schrieb Al Varnell: Over 11,000 of them were dropped several days ago, but a few were added at the same time. I have no idea what the status of those new ones are and maybe I've lost track, but I believe only one of th

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Am 29.12.2016 um 13:06 schrieb Steve Basford: On Thu, December 29, 2016 9:32 am, Reindl Harald wrote: i would love to be able to *completly* exclude "daily.cld", "daily.cvd" and "main.cvd" and only update "safebrowsing.cvd" daily.cvd and main

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Am 29.12.2016 um 14:40 schrieb Mark Allan: On 29 Dec 2016, at 12:06 pm, Steve Basford wrote: In clamscan there is: --official-db-only[=yes/no(*)] Only load official signatures in clamd.conf there is: OfficialDatabaseOnly#Only loading official signatures. I suppose there could

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Am 29.12.2016 um 16:15 schrieb Kris Deugau: Groach wrote: If I could exclude the Clam default signatures and just continue to use Sane then I would and then I could turn back on quarantining to make our systems safe again. You can; turn off freshclam and delete the stock signature files.

Re: [clamav-users] How to get/use 3rd party signatures?

Am 29.12.2016 um 23:54 schrieb Mark Foley: On 29/12/2016 09:32, Reindl Harald wrote: Am 29.12.2016 um 10:21 schrieb Reindl Harald: state of the official sgnatures is that clamav don't catch many real malware all over the time without sanesecurity 3rd party signatures and the off

Re: [clamav-users] unsubscribe

Am 30.12.2016 um 20:27 schrieb james henrydoss: unscubscribe idiot List-Unsubscribe: <http://lists.clamav.net/cgi-bin/mailman/options/clamav-users>, <mailto:clamav-users-requ...@lists.clamav.net?subject=unsubscribe> On Wed, Oct 12, 2016 at 7:16 PM, Reindl Harald wrote: A

Re: [clamav-users] Grizzly Steppe

Am 04.01.2017 um 23:12 schrieb Al Varnell: Can somebody with access to those samples run them against a virgin ClamAV signature database to answer the question? I'd be happy to if there are samples I can access. official, virgin signatures don't and probably will never recognize recent ma

Re: [clamav-users] Clamscan Error

you posted a lot of stuff but not the clamav version the memory errors sounds like it's outdated the whole "permission denied" stuff running sudo and so with root-permissions is strange too Am 06.01.2017 um 02:35 schrieb A6: NAME="Linux Mint" VERSION="18.1 (Serena)" ID=linuxmint ID_LIKE=ubunt

Re: [clamav-users] whitelisting sender or recipient

Am 19.01.2017 um 08:02 schrieb z...@aian.de: I bet it's an easy one for you, but I couldn't find any documentation about that. What I want to do is whitelist a specific sender or recipient from the scanns. I read about the whitelist.ign2 for whitelisting signatures, but nothing about user whit

Re: [clamav-users] whitelisting sender or recipient

Am 19.01.2017 um 18:25 schrieb G.W. Haywood: On Thu, 19 Jan 2017, z wrote: 2. Re: whitelisting sender or recipient ... What I want to do is whitelist a specific sender or recipient ... It's explained in the documentation, for example see man clamav-milter.conf but I personally would

Re: [clamav-users] whitelisting sender or recipient

Am 19.01.2017 um 20:50 schrieb Paul Kosinski: What if a white-listed sender later becomes part of a botnet? However trustworthy the person is, their email isn't necessarily trustworthy. (The "From:" address could easily be a faked, for example.) than hopefully your filter setup does not rely o

Re: [clamav-users] whitelisting sender or recipient

Reindl Harald: Am 19.01.2017 um 20:50 schrieb Paul Kosinski: What if a white-listed sender later becomes part of a botnet? However trustworthy the person is, their email isn't necessarily trustworthy. (The "From:" address could easily be a faked, for example.) than hopefully your fi

Re: [clamav-users] whitelisting sender or recipient

%92.80 % (OF TOTAL BLOCKED) DNSWL 30548 90.89 % SPF 23710 70.55 % SPF/DKIM WL 13116 39.02 % SHORTCIRCUIT16259 48.37 % CUST_SUBJ 5451.62 % CUST_BODY29108.65 % BLOCKED 30999.22 % On Thu, 19 Jan 2017 20:57:28 +0100 Reindl Har

Re: [clamav-users] clamAV: problem in DB update

Am 21.01.2017 um 17:22 schrieb Cedric Bhihe: The mail sent to root when the daily DB update process has completed always is : ClamAV update process started at Thu Jan 19 13:00:01 2017 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Downloading

Re: [clamav-users] clamAV: Re: problem in DB update

"Database updated" it was updated - period google for diff and be happy that you need not always download the whole monster On 21/01/17 17:29, Reindl Harald wrote: Am 21.01.2017 um 17:22 schrieb Cedric Bhihe: The mail sent to root when the daily DB update process has completed

Re: [clamav-users] Potentially False Positive, but I lost the file!

Am 22.01.2017 um 12:40 schrieb Groach: On 21/01/2017 23:27, Joel Esler (jesler) wrote: But the amount of offlist email I receive about your communication. A good try, Joel. If this was designed to make me think people are upset by my negative feedbacks about Clam signatures then you have

Re: [clamav-users] Clamd memory usage running high?

the much better question is *why* is clamav that much memory wasting especially 385 MB for the official rules which barely hit anything and are removed here entirely from production machines for some weeks after hit nothing over the last 3 months - any catches was done by sanesecurity alone t

Re: [clamav-users] Clamd memory usage running high?

Am 02.02.2017 um 14:31 schrieb Groach: the much better question is *why* is clamav that much memory wasting > especially 385 MB for the official rules which barely hit anything and > are removed here entirely from production machines for some weeks after hit nothing over the last 3 months -

Re: [clamav-users] Clamd memory usage running high?

Am 02.02.2017 um 15:04 schrieb Benny Pedersen: Reindl Harald skrev den 2017-02-02 14:36: that maybe would fine if clamav would have the best hitrate, but by far it don't tell this maillist here where there is on that is better on memory usage and still gpl'ed, that would be much

Re: [clamav-users] clamdscan mail file

Am 13.02.2017 um 13:05 schrieb TBits.net, Mailinglists: Hi @all, clamav-milter identify an email as infected by Heuristics.Phishing.Email.SSL-Spoof. This is correct, but when I scan this file in the quarantine with clamdscan or clamscan the file is clean. It seams that the clamscan or clamdsc

Re: [clamav-users] clamdscan mail file

Am 13.02.2017 um 14:33 schrieb TBits.net, Mailinglists: On 2017-02-13 13:19, Reindl Harald wrote: Am 13.02.2017 um 13:05 schrieb TBits.net, Mailinglists: Hi @all, clamav-milter identify an email as infected by Heuristics.Phishing.Email.SSL-Spoof. This is correct, but when I scan this file

Re: [clamav-users] clamdscan mail file

Am 15.02.2017 um 13:10 schrieb TBits.net, Mailinglists: On 2017-02-13 15:07, TBits.net, Mailinglists wrote: On 2017-02-13 14:39, Reindl Harald wrote: Am 13.02.2017 um 14:33 schrieb TBits.net, Mailinglists: On 2017-02-13 13:19, Reindl Harald wrote: Am 13.02.2017 um 13:05 schrieb TBits.net

Re: [clamav-users] clamdscan mail file

: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Reindl Harald Sent: 15 February 2017 12:16 To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] clamdscan mail file Am 15.02.2017 um 13:10 schrieb TBits.net, Mailinglists: On 2017-02-13 15:07, TBits.net

Re: [clamav-users] clamdscan mail file

they indeed do not fire with "clamdscan" these mails which are *not phishings* and are the reason why i configured as second clamd and disabled that idiotic stuff in the milter-instance http://lists.clamav.net/pipermail/clamav-users/2016-July/003113.html -100 USER_IN_SPF_WHITELIST From: add

  1   2   3   4   >