headers
AB tunForge | 22 May 2013 15:24

Contribution: libclamav.dll + Python

Hi everyone, 

I wrote this python code. It shows how to load libclamav.dll and call
exported functions to scan a file.

#

#  Python            version: 2.7.3

#  libclamav.dll version : 0.97.0.0

#

#  Author: Ab Arous <ab <at> tunforge.org>

#

#  This program is free software; you can redistribute it and/or modify

#  it under the terms of the GNU General Public License as published by

#  the Free Software Foundation; either version 2 of the License, or

#  (at your option) any later version.

#

#  This program is distributed in the hope that it will be useful,

#  but WITHOUT ANY WARRANTY; without even the implied warranty of
(Continue reading)

Permalink | Reply | 1 comment |
headers
G.W. Haywood | 23 Mar 2013 13:05
Picon
Favicon

Re: clamav-devel Digest, Vol 100, Issue 6

Hi there,

On Sat, 23 Mar 2013, Steven Morgan wrote:
> On Thu, 21 Mar 2013, G.W. Haywood wrote:
>
> > I want to be able to disable compilation of the bytecode interpreter
> > at configure time.
> 
> Please try running ./configure with the --disable-llvm option.

Thanks for the reply.

Does that do what I'm asking?  I've searched for any documentation and
for anything in the change logs, and I've come up with nothing to tell
me what it might do.  Can I take it that the bytecode interpreter is
this llvm thing?

--

73,
Ged.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 1 comment |
headers
Kaushik Vaidyanathan | 23 Mar 2013 01:46
Picon

Does clamav work with hex or characters?

Hi

I have a basic question. Most body-based signatures are hex based(lets
focus on fixed string signatures alone for simplicity), whereas some of the
files are hex(EXE) or character-based(HTML).

In the code I see unsigned chars used predominantly to represent patterns
and file contents. At the very core, do the string matching algorithms,
mainly extended Boyer Moore, I would like to understand how the datatypes
gets manipulated.

1) Do the character based files get translated to hex to compare with body
based signatures?

2) Does the signature get treated as a string of chars?
If yes,
Does a toy signature "fe" gets treated as two chars(8 bits each) for "f"
and "e" (or)
Does the code read the signature "fe" and maps into one character based on
the ASCII table (for example)?

Thank you..
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 6 comments |
headers
G.W. Haywood | 22 Mar 2013 17:47
Picon
Favicon

Re: New Version of ClamAV

Hi there,

On Thu, 21 Mar 2013, Matt Olney wrote:

> ... I wanted to solicit some feedback from our users about what you
> might be interested in seeing.

I want to be able to disable compilation of the bytecode interpreter
at configure time.

--

73,
Ged.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 1 comment |
headers
Matt Olney | 20 Mar 2013 15:35

New Version of ClamAV

Hey all,

We're currently scoping out the next version of ClamAV.  We have a number
of ideas in house, but I wanted to solicit some feedback from our users
about what you might be interested in seeing.

Before you ask, we don't have a lot of information that we're ready to
share on our end about what we're planning, so I don't want to promise
anything yet.  In general we're looking to expand the detection capability,
the engine's stability and make the system a little more usable.  As we
firm things up, we'll let you guys know more about what we're working on.

We will also be interested, as we get further down the road, in beta
testers.  I think you'll see a lot of new functionality in ClamAV and we'd
appreciate as many eyes as possible on it once we're ready to show it off.

And no, we don't have an estimated release date :)

Thanks in advance for your ideas!  Please send your ideas to this list so
we can track them.

Matt
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 19 comments |
headers
David F. Skoll | 19 Mar 2013 16:45
Favicon

Re: ClamAV 0.97.7 has been released!

From: Matt Olney <molney <at> sourcefire.com>

> There is additional information in the bugs associated with the fixes:

[...]

Thanks for those Bugzilla links.

Regards,

David.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 0 comments |
headers
Andy Singer | 17 Mar 2013 03:49

Contribute signatures

Hi,
I am interested in writing signatures for ClamAV. I plan on doing this
regularly; should I email them to someone or upload them on the virus
submission page? I tried contacting Alain / Joel, but I never got a
response. I wrote a few signatures below, mostly for malware cryptors. If
you don't want to publish them, could I publish them here:
http://www.clamav.net/lang/en/download/cvd/3rdparty?

ndb
Trojan.Packed:1:EP+0:558BEC{-40}8B45??50E8????????83C4048BE55DC3
Trojan.Packed-1:1:EP+0:558BEC{-4}89????????00E8????FFFF5DC3
Trojan.Packed-2:1:*:8B2C2483C404C3
Trojan.Packed-3:1:*:54536A006A006A006A006A
Trojan.Packed-4:1:EP+0:33F6{-2}81??????400083EE??8B??FF6A
Trojan.Packed-5:1:EP+0:2BF6{-2}81??????400083EE??8B??FF6A
Trojan.Zbot:1:*:C745F801000000C745F8C10C00008B45FC05
Trojan.Zbot-1:1:EP+0:5589E583EC18C7042402000000FF1528614000E8F8FEFFFF
Rogue.Installer:1:*:8D4DE0895DE0895DE4895DE8E8160F0000568D4D8C895D8C895D90895D94E804
Trojan.Downloader.Cutwail:1:*:5B3C83C3188B531C2B55088D9B880000008B1B33C085DB74
Trojan.Banker:1:*:50617373776F72643D6D7476323030383B5065727369737420536563757269747920496E666F3D547275653B557365722049443D686F6E646130315F6D6174726978
Trojan.FakeAlert:1:EP+0:83E30033C066B8D741C1E008B00096BF00????0003FBB900040000F3A581EF0001000081EF0001000081EF0001000081EF0001000081EF0001000081EF0001

lbd
Trojan.Generic.Medfos;Engine:55-255,Target:1,NumberOfSections:4-4;(0&(1|2));EP+0:6A??68????0010E8??0000;S1+2:0200????0200????0200????0200????0200????0200????0200????0200????0200????0200????0200????0200????0200????0200;S1+2:0100????0100????0100????0100????0100????0100????0100????0100????0100????0100????0100????0100????0100????0100
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 1 comment |
headers
David F. Skoll | 16 Mar 2013 14:57
Favicon

Re: ClamAV 0.97.7 has been released!

On Sat, 16 Mar 2013 12:00:01 +0100
clamav-devel-request <at> lists.clamav.net wrote:

> "ClamAV 0.97.7 addresses several reported potential security bugs.
> Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the
> Google Security Team for finding and reporting these issues."

Is there a CVE or similar that details the nature of these potential
security bugs?  Or is Sourcefire not disclosing them?

Regards,

David.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 1 comment |
headers
G.W. Haywood | 16 Mar 2013 12:12
Picon
Favicon

Re: ClamAV 0.97.7 has been released!

Hi there,

On Sat, 16 Mar 2013, Joel Esler wrote:

The latest news at

http://www.clamav.net/lang/en/category/security/

is entitled

"End of Life Announcement: ClamAV 0.94.x"

and dated

"October 5th, 2009 Posted by - jesler."

Am I looking in the wrong place to find out what these security issues
might be?

--

73,
Ged.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 1 comment |
headers
Joel Esler | 15 Mar 2013 15:04

ClamAV 0.97.7 has been released!

Dear ClamAV users,

"ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to Felix Groebert, Mateusz
Jurczyk and Gynvael Coldwind of the Google Security Team for finding and reporting these issues."

Download: http://downloads.sourceforge.net/clamav/clamav-0.97.7.tar.gz 
PGP sig: http://downloads.sourceforge.net/clamav/clamav-0.97.7.tar.gz.sig
ChangeLog: https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog

--
The ClamAV team (http://www.clamav.net/lang/en/about/team/)
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 2 comments |
headers
Dour Fest | 25 Feb 2013 15:50
Picon

smaller db ?

Hello,

I notice that clamav DB size is growing really fast,  there is 500K records
more than in last november,
I guess it's good point for the security level of clamav.

I'm personnaly using clamav on small memory devices, more records means
more RAM and it becomes
complicated to use clamav on such devices. I know that lot of people
consider that memory is cheap today
but for embedded devices it's not the case !

Do you plan to provide a shorter DB ? Maybe a reduced DB with viruses
into-the-wild (wildlist.org) should be a good option.

By the way, the daily.cvd (800K entries) size is closed to the main.cvd
(1000K entries), do you plan to generate a new main.cvd ?

Best Regards
Dour
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 5 comments |

Gmane