Joel Esler (jesler | 18 May 23:20 2015
Picon

ClamAV® blog: Lurker is going End of Life


http://blog.clamav.net/2015/05/lurker-is-going-end-of-life.html

Lurker is going End of Life
For years, we've had a system named "Lurker" that displayed the archives for our mailing lists, well, we are
actually keeping the archives for the mailing lists in two places.  On Lurker, and on mailman itself.  So,
we've decided to End of Life the lurker machine, in favor of the mailman system.

The most common place that links to lurker directly is inside of the notification emails that are sent to
malware submitters when coverage is written as well as the clamav-virusdb list when the db updates are pushed.

We plan on brining lurker down and changing the links in the alert emails on Friday, May 22, 2015.

Please be patient with us as we remove this system from the ClamAV network.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Joel Esler (jesler | 14 May 23:11 2015
Picon

Fwd: [Community-sigs] Create your own ClamAV signatures with CASC

Sending this over to the users list as well:

Begin forwarded message:

From: Alain Zidouemba <azidouemba <at> sourcefire.com<mailto:azidouemba <at> sourcefire.com>>
Subject: [Community-sigs] Create your own ClamAV signatures with CASC
Date: May 14, 2015 at 9:57:00 AM PDT
To: ClamAV Community Signatures Submission List <community-sigs <at> lists.clamav.net<mailto:community-sigs <at> lists.clamav.net>>
Reply-To: ClamAV Community Signatures Submission List <community-sigs <at> lists.clamav.net<mailto:community-sigs <at> lists.clamav.net>>

http://blog.clamav.net/2015/05/create-your-own-clamav-signatures-with.html

The ClamAV community is growing and we are receiving more user-generated
ClamAV signatures through our community signatures mailing list
<http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html>.
Thanks to all who have contributed! For those who find the task of writing
your own signatures
<https://github.com/vrtadmin/clamav-devel/raw/master/docs/signatures.pdf>
daunting,
we have created something you may be interested in.

To aid users in developing better ClamAV signatures faster, Angel Villegas
created the ClamAV Signature Creator (CASC), an IDA Pro plug-in. A quick
and easy installation into IDA Pro 6.7 or higher (reduced feature set for
IDA Pro 6.6) will have you creating basic ClamAV ndb and ldb signatures in
no time. CASC allows users to select aspects of a sample's disassembly, a
function block, or a set of strings to create a sub-signature. Each
sub-signature can contain user-defined notes to keep track of information
contained within the sub-signature. Once you've selected enough
sub-signatures to get the job done, or until your heart's content, a ClamAV
(Continue reading)

Alessandro Baggi | 14 May 17:03 2015
Picon

Clamav Scan on Access

Hi list,
I'm new user on list.
I've installed on C7 (rel 1503) from epel repo clamav-* 0.98.7.
I've tried Scan On access feature, but I've noticed a strange result.
Setting OnAccessIncludePath /home clamd/fanotify protect on /home and 
not it's subdirectories, than it not recurses.

On web I've found a post where an user has the same problem on date 2014.
I don't know if recursion was added.

This is a misconfiguration or the fanotify recursion is not yet implemented?

Thanks in advance.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Steve Basford | 14 May 15:13 2015

[Fwd: [sanesecurity] extremeshok/clamav-unofficial-sigs :: version 4.3 (updated 2015-05-13)]

Hi All,

Just in case this is useful to anyone:

Adrian of extremeshok-dot-com has forked Bill Landry's
clamav-unofficial-sigs script and made quite a few new changes to the
script:

---------------------------- Original Message ----------------------------
Subject: [sanesecurity] extremeshok/clamav-unofficial-sigs :: version 4.3 
(updated 2015-05-13)
From:    "admin-at-extremeshok-dot-com" <admin <at> extremeshok.com>
Date:    Wed, May 13, 2015 7:47 pm
To:      sanesecurity <at> freelists.org
         assp-test <at> lists.sourceforge.net
--------------------------------------------------------------------------

Location:

    https://github.com/extremeshok/clamav-unofficial-sigs

    Version 4.3.0 (updated 2015-05-13)

  * eXtremeSHOK.com Maintenance
  * Code refactoring: group and move functions to top of script
  * Complete rewrite of securiteinfo support, full support for
    Free/Delayed clamav by securiteinfo.com ;-P Note: securite info
    requires you to create a free account and add your authorisation
    code to the config.
  * Config updated to 4.3
(Continue reading)

Dmitry Melekhov | 13 May 06:49 2015

virus detection status

Hello!

We are using clamav for years fo e-mail virus filtering, and it worked 
OK for us,
but last several weeks we found that clamav doesn't recognize many 
viruses like js, or xls macros.
I submitted one of viruses several weeks ago, but it is still not 
recognized by clamav, although recognized by other engines.

Could you tell me is clamav still active? Or it is time to look for 
alternative?

Thank you!

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

G.W. Haywood | 6 May 22:46 2015
Picon

Re: daily.cvd: Malformed database

Hello again Hans,

On Wed, 6 May 2015, MAYER Hans wrote:

> ...
> So it's definitely not the daily.cld which is corrupt I can say now.
> ...

Then my best guess is that you are somehow not using the correct ClamAV
library or libraries.

I can't remember if you said that ClamAV on this system was a totally
new installation or if it was upgraded from and older one.  If it was
an older installtion which has been upgraded, I would guess that some
old libraries remain which should be removed.

If you have trouble finding all the libraries you could try manually
editing the daily.cld file to remove most of the definitions to see if
you can get it accepted.

--

-- 

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

(Continue reading)

Pod | 6 May 09:16 2015
Picon

ClamAV on XP

Hi,

I've installed ClamAV on XP.
There is no icone on the desktop, and nothing in start menu.
In the folder of ClamAV there are 7 exe-files: clambc, clamconf, clamd,
clamdscan, clamscan, freshclam and sigtool.
Whitch file shoud I use?

I guess that clamdoc.pdf is for Linux users, is there something for
Windows users?

Thank you.

--

-- 
Pod

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Dale Carter | 27 Apr 17:09 2015
Picon

Re: clamav-users Digest, Vol 127, Issue 18

Thanks GED

Apologies for the lack of context, the server is Ubuntu 14.04 on Amazon running ClamAV version as below

ClamAV 0.98.6/20384/Mon Apr 27 12:36:55 2015

There is an /etc/logrotate.conf file and an /etc/logrotate.d directory

Inside the directory are two clam av files

clamav-freshclam
clamav-daemon

Clamav-freshclam contents are
/var/log/clamav/freshclam.log {
     rotate 12
     weekly
     compress
     delaycompress
     missingok
     create 640  clamav adm
     postrotate
     /etc/init.d/clamav-freshclam reload-log > /dev/null
     endscript
     }
I expect the 12 needs to be changed to 52 to get 1 year rotation

clamav-daemon contents are
/var/log/clamav/clamav.log {
     rotate 12
(Continue reading)

G.W. Haywood | 3 May 18:52 2015
Picon

Re: daily.cvd: Malformed database

Hi there,

On Sun, 3 May 2015, MAYER Hans wrote:

> ...
> Whipped out /usr/local/share/clamav
> ...

What does "Whipped out" mean?

> And when I start the deamon:
>
> # /usr/local/sbin/clamd
> LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database
> ERROR: Malformed database
> 
> I get this error above.
> When I download daily.cvd with wget it's the same.
>
> # ls -la
> total 194266
> drwxrwxr-x   2 clamav   clamav       512 May  2 21:19 .
> drwxr-xr-x  25 root     root         512 Jan 18 12:46 ..
> -rw-r--r--   1 clamav   clamav     75408 May  2 21:06 bytecode.cvd
> -rw-r--r--   1 clamav   clamav   34581471 May  2 21:05 daily.cvd
> -rw-r--r--   1 clamav   clamav   64720632 May  2 21:04 main.cvd
> -rw-------   1 clamav   clamav        52 May  2 21:07 mirrors.dat
> # md5sum daily.cvd
> 7f63e270b7e4ae1e2959db90d38848e9  daily.cvd

(Continue reading)

MAYER Hans | 2 May 21:32 2015
Picon

daily.cvd: Malformed database


Dear All,

My environment: Solaris 10 with gcc version 3.4.3
/usr/local/sbin/clamd --version
ClamAV 0.98.7/20406/Sat May  2 12:40:09 2015

I just upgraded to the latest version. 
Whipped out /usr/local/share/clamav
run: freshclam 

And when I start the deamon: 

# /usr/local/sbin/clamd
LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database
ERROR: Malformed database

I get this error above.
When I download daily.cvd with wget it's the same.

# ls -la
total 194266
drwxrwxr-x   2 clamav   clamav       512 May  2 21:19 .
drwxr-xr-x  25 root     root         512 Jan 18 12:46 ..
-rw-r--r--   1 clamav   clamav     75408 May  2 21:06 bytecode.cvd
-rw-r--r--   1 clamav   clamav   34581471 May  2 21:05 daily.cvd
-rw-r--r--   1 clamav   clamav   64720632 May  2 21:04 main.cvd
-rw-------   1 clamav   clamav        52 May  2 21:07 mirrors.dat
# md5sum daily.cvd
7f63e270b7e4ae1e2959db90d38848e9  daily.cvd
(Continue reading)

Alex Regan | 1 May 23:07 2015
Picon

Permission problem while creating tmp file

Hi,

I have a fedora20 system with amavisd-2.9.1, clamav-0.98.6, postfix, and 
spamassassin, and it's been running fine forever. I'm now having an 
issue with clamav creating temporary files for amavis. clamd is running 
as user amavis, yet it prints the following:

May  1 17:02:06 mail02 clamd[25732]: 
/var/spool/amavisd/tmp/amavis-20150501T165504-27729-5xw6dnm4/parts/p001: 
Can't create temporary directory ERROR

# ps axwwwu|grep clam
amavis   25732  2.8  1.5 823212 523148 ?       Ssl  16:47   0:21 
clamd.amavisd -c /etc/clamd.d/amavisd.conf --pid 
/var/run/clamd.amavisd/clamd.pid

If I change to the amavis user, I can create files in the tmp directory:

# ls -ld /var/spool/amavisd/tmp
drwxr-x---. 9 amavis amavis 12288 May  1 17:03 /var/spool/amavisd/tmp

Does anyone have any ideas how to troubleshoot this? Maybe there's some 
tracing I can enable to troubleshoot this?

Thanks,
Alex

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
(Continue reading)


Gmane