Pascal | 3 Dec 10:57 2014
Picon

Offline updates

Hi,

I found this on http://www.clamav.net/doc/cvd.html :
"""
* Can I download the virusdb manually?
Yes, the virusdb can be downloaded from the Latest releases section on
our home page.
"""
But I didn't the link on http://www.clamav.net/download.html :-(
Where can I find virusdb ?

Thanks, lacsaP.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Al Varnell | 3 Dec 08:29 2014
Picon

Win.Trojan.Genieo

I believe this signature has been mislabeled as Windows only. The signature comes back as:

VIRUS NAME: Win.Trojan.Genieo
TARGET TYPE: MACHO
OFFSET: *
DECODED SIGNATURE:
okup__ZL20dtor_genieo_06041979v___tcf_0 stub 

which tells me it’s an OS X executable.

Since it’s neither a false positive or false negative, I wasn’t sure how to report it.

-Al-
--

-- 
Al Varnell
Mountain View, CA

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Benny Pedersen | 30 Nov 04:32 2014
Picon

Sigtool :(

I cant figure out how to build cud files yet with 0.98.5

Is there a guide somewhere for this ?

It fails with build name, and sigtool interactive ask for the build name, 
but fails to build with the type answer :(

Env variables is not explained anywhere
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Benny Pedersen | 30 Nov 04:26 2014
Picon

Clamsubmit option -p

Is the help text correct ?

Fase possitive ?

If running clamsubmit do i need to extract content first with eg ripmine if 
content is in email or does clamsubmit self do all this ?

What is a fp and fn ?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Paul Kosinski | 28 Nov 19:47 2014

Re: Realtime scanner

Not completely sure what you mean by real-time scanner: file scanning
or scanning HTTP responses (Web browsing)?

For file scanning, there is (or used to be) Clamuko, which hooked in
to the Linux kernel. I never used it, so can't say anything about it.

For Web browsing, I use HAVP, which in turn uses the ClamAV library to
scan the HTML coming in over HTTP. It runs as a proxy, so doesn't
handle HTTPS (although I suppose one could modify Firefox or Chromium
to use pieces of HAVP, and hence libclamav, internally). 

HAVP seems to be no longer developed, but it still works. Look at
http://sourceforge.net/projects/havp/ -- Google HAVP for more info.

On Sun, 23 Nov 2014 12:00:00 -0500
clamav-users-request <at> lists.clamav.net wrote:

> Message: 5
> Date: Sun, 23 Nov 2014 10:48:20 +0530
> From: Deevakar PK <pkdeevakar <at> gmail.com>
> To: clamav-users <at> lists.clamav.net
> Subject: [clamav-users] real-time scan
> Message-ID:
> 	<CAPWV5rGv8b39JpyUNbG0=Cyuv9xjrsf76DmLDwOgJGFAMd3ZEA <at> mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
> 
> Hi Team,
> 
> Is there any real-time monitoring available in clamAV with quarantine
> option ?
(Continue reading)

Heino Backhaus | 26 Nov 13:42 2014
Picon

cannot find clamav-devel-latest.tar.gz anymore...

Hello List,

i'm using http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz as 
source for an automated daily upgrade-script since about 10 Years on 15 
+x MailScanner machines and it worked perfectly (thanks for that). My 
problem ist that this file just doesn't exist since version: ClamAV 
devel-20140826/19682/Wed Nov 26 06:40:34 2014. Haven't I searched hard 
enough ?

-- 
Mit freundlichen Gruessen

H. Backhaus

Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus <at> fink-computer.de
Web: www.fink-computer.de
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink

“I was gratified to be able to answer promptly, and I did. I said I didn’t know.”

   -Mark Twain

_______________________________________________
Help us build a comprehensive ClamAV guide:
(Continue reading)

Matthias Egger | 24 Nov 14:07 2014
Picon
Picon

Mirroring Problems with db.de.clamav.net and safebrowsing

Hello List

I just checked the logfiles back until october 2014 and saw, that we got
often "safebrowsing-<N>.cdiff not found on remote server" when we tried
downloading the file from db.de.clamav.net.

   2 times from 212.227.138.145
  15 times from 62.245.181.53
  41 times from 88.198.17.100

Are these mirrors just not aware that they should now mirror a
safebrowsing-<N>.cdiff File? Or should i use another URL
(db.??.clamav.net) to download (and which url in that case?).

Best regards
Matthias

--

-- 
Matthias Egger
ETH Zurich
Department of Information Technology          maegger <at> ee.ethz.ch
and Electrical Engineering
IT Support Group (ISG.EE), ETL/F/24.1         Phone +41 (0)44 632 03 90
Physikstrasse 3, CH-8092 Zurich               Fax   +41 (0)44 632 11 95

Attachment (smime.p7s): application/pkcs7-signature, 5543 bytes
_______________________________________________
Help us build a comprehensive ClamAV guide:
(Continue reading)

stephen.bone | 24 Nov 12:21 2014

Clamd: WARNING: lstat() failed on

Hi all,

I'm hoping someone can shed some light on an issue I'm experiencing...

I have been running Qmail, qpsmtpd, Qmail-Scanner, Spam Assassin, and 
Clamd on three mx's for some years.    Until recently I've been compiling 
my own ClamAV, and all has been well.  However in order to try to simplify 
the process  I've recently switched a test mx to using prebuilt rpms, and 
here I've been having an issue with clamd reporting WARNING: lstat() 
failed on ..., when scanning the contents of a directory.

I have tried to break the problem down.  So now I can re-create the same 
error by using clamdscan / clamd to scan the contents of a test directory. 
 I've tried running clamd as qscand (qmail-scanner user), clamav (clamav 
default), and root (only for testing).  It would appear that clamd scans a 
file in the root of the file system fine, however as soon as I point 
clamdscan to a/any directory I get 'lstat failed'.

Thinking it's a permissions issue, I've tested changing the owner of the 
directory to qscand, clamav, and root, to match the owner of the clamd 
process, as specified in clamd.conf.  I've also set permissions on the 
test directory to 755, however I'm still getting the same error.

I've spent some hours trying to diagnose the problem myself, since I get 
that your time is as valuable to you, and mine is to me!  But I'm at the 
point now where I guess I'm looking for a sanity check here...

I'm running CentOS 6.6, I've tried using ClamAV-0.98.4 from the epel repo. 
 This morning I've tried 0.98.5 from the epel-testing repo.  I have 
experience the same issue with both.
(Continue reading)

Deevakar PK | 23 Nov 06:18 2014
Picon

real-time scan

Hi Team,

Is there any real-time monitoring available in clamAV with quarantine
option ?

If yes, please let me know how to implement it?

--

-- 
Thanks & Regards,
Deevakar P K
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

MarcelGiannelia | 23 Nov 03:42 2014
Picon

detection of really old viruses?

Most of the virus definitions in the cvd files don't seem to have dates
associated with them (at least that I could see with sigtool), so I
can't tell -- are older definitions ever dropped?

That is, will clamav always be able to detect viruses from, e.g., the
1990s, or are definitions for viruses that old eventually removed from
the database?

~Felix.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Joel Esler (jesler | 19 Nov 21:48 2014
Picon

Bytecode Blog Posts

We have three blog posts concerning bytecode that will be posted to the ClamAV over the next week.  Today was
the first one:

http://blog.clamav.net/2014/11/brief-re-introduction-to-clamav.html


Please take a minute to read the blog posts if bytecode is something you are interested in or use.

If you have any interest on future blog posts you’d like us to produce, please feel free to email me.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Gmane