Alessandro Vesely | 27 Oct 18:43 2014
Picon

No False Positive Detected (Heuristics)

Hi,

I submitted a sample email which was blocked with
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net

However, the site rejected the submission saying it detects no false
positive in it.  I'm running Debian, that is 0.98.4, and databases
are up to date...  See below for the hash match.

The blacklisted web site are sellers of refrigerators for bars and
coffee shops.  The mail was addressed to their suppliers.  Their web
site seems to being refurbished; does blacklisting imply it was used
for phishing?  I found nothing in PhishTank about it.

Does ClamAV host or refer to some other phishing repository?  I'd
guess there is a repository, otherwise I wonder how can the blacklist
be maintained, but maybe it's not publicly accessible or I just
didn't find it.  Can someone shred some light on this?

Here's the hash match:
LibClamAV debug: Phishcheck:Checking url http://www.gasparinifrigoriferi.it->
LibClamAV debug: Looking up hash
47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76 for gasparinifrigoriferi.it/(24)(0)
LibClamAV debug: This hash matched: 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76
LibClamAV debug: Hash matched for: http://www.gasparinifrigoriferi.it
LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted

Ciao
Ale
_______________________________________________
(Continue reading)

Rithy R | 28 Oct 08:38 2014

What is the best way to protect Windows Server in Cloud Environment?

Dear Community:
I am looking for anti-virus solution for Windows Server. Hope to hear from you soon. 

Regards,Rithy 		 	   		  
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Patrick von der Hagen | 27 Oct 13:16 2014

clamav eating CPU since Friday

Hi clamav-users,

I'm running Debian with exim4-daemon-heavy using clamav as an
antivirus-backend. It is basically the stock-debian installation. Clamav
is not doing anything but checking emails.

Usually clamav has little cpu-usage, but starting last Friday clamav
goes to 100% cpu-usage on one core, later to 100% cpu-usage on another
core, till all cores are busy running clamav at 100%.

There have been no updates and no changes recently. The volume of
messages has not increased. There might be some very strange emails sent
to my systemor there might be an issue with recent signatures?

Is there a way to revert to last Wednesdays signatures, so I can verify
wheter or not it is related to my signatures?

I'm really at a loss here. Any help would be greatly appreciated.

--

-- 
CU,
Patrick.

Attachment (smime.p7s): application/pkcs7-signature, 7202 bytes
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

(Continue reading)

Joel Esler (jesler | 14 Oct 18:00 2014
Picon

ClamAV® blog: ClamAV 0.95.5rc1 is now available for download!


> http://blog.clamav.net/2014/10/clamav-0955rc1-is-now-available-for.html <http://blog.clamav.net/2014/10/clamav-0955rc1-is-now-available-for.html>
> 
> ClamAV 0.95.5rc1 is now available for download!
> 
> ClamAV 0.95.5rc1 is now available for download.  Shown below are the notes for this release:
> 
> ClamAV 0.98.5 also includes these new features:
> 
>     - Support for the XDP file format and extracting, decoding, and
>       scanning PDF files within XDP files.
>     - Addition of shared library support for LLVM verions 3.1 - 3.4
>       for the purpose of just-in-time(JIT) compilation of ClamAV
>       bytecode signatures. Andreas Cadhalpun submitted the patch
>       implementing this support.
>     - Enhancements to the clambc command line utility to assist
>       ClamAV bytecode signature authors by providing introspection
>       into compiled bytecode programs.
>     - Resolution of many of the warning messages from ClamAV compilation.
>     - Bug fixes and other feature enhancements. See Changelog or
>       git log for details.
> 
> Thanks to the following ClamAV community members for code submissions
> and bug reporting included in ClamAV 0.98.5:
> 
> Andreas Cadhalpun
> Sebastian Andrzej Siewior
> 
> ----
> 
(Continue reading)

Cliff Hayes | 13 Oct 17:19 2014
Picon

unable to install on Scientific Linux 6.5

(I forgot to mention that OpenSSL is installed)

I tried to install latest clamav on new Scientific Linux 6.5 box using 
binary and got this error when I tried to do ./configure...

configure: error: OpenSSL not found.
even if I used ./configure --with-openssl=/usr/local/ssl

So then I tried to install using Yum everything works fine if I run 
clamd as root but if I switch it to run as clamav and start clamd this 
happens ...

ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf

... so I created a symlink for clamd.conf then I get this error ...

LibClamAV Error: cli_loaddbdir(): No supported database files found in 
/usr/local/share/clamav
ERROR: Can't open file or directory
Closing the main socket.

It was looking in /var/lib/clamav for the files but is now looking in 
/usr/local/share/clamav

... so I created more symlinks ...

ln -s /var/lib/clamav/bytecode.cvd /usr/local/share/clamav/bytecode.cvd
ln -s /var/lib/clamav/daily.cvd /usr/local/share/clamav/daily.cvd
ln -s /var/lib/clamav/main.cvd /usr/local/share/clamav/main.cvd
ln -s /var/lib/clamav/mirrors.dat /usr/local/share/clamav/mirrors.dat
(Continue reading)

Cliff Hayes | 13 Oct 17:16 2014
Picon

unable to install on Scientific Linux 6.5

I tried to install latest clamav on new Scientific Linux 6.5 box using 
binary and got this error when I tried to do ./configure...

configure: error: OpenSSL not found.
even if I used ./configure --with-openssl=/usr/local/ssl

So then I tried to install using Yum everything works fine if I run 
clamd as root but if I switch it to run as clamav and start clamd this 
happens ...

ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf

... so I created a symlink for clamd.conf then I get this error ...

LibClamAV Error: cli_loaddbdir(): No supported database files found in 
/usr/local/share/clamav
ERROR: Can't open file or directory
Closing the main socket.

It was looking in /var/lib/clamav for the files but is now looking in 
/usr/local/share/clamav

... so I created more symlinks ...

ln -s /var/lib/clamav/bytecode.cvd /usr/local/share/clamav/bytecode.cvd
ln -s /var/lib/clamav/daily.cvd /usr/local/share/clamav/daily.cvd
ln -s /var/lib/clamav/main.cvd /usr/local/share/clamav/main.cvd
ln -s /var/lib/clamav/mirrors.dat /usr/local/share/clamav/mirrors.dat

... and got this error when starting clamd ...
(Continue reading)

Prasanna Lotke | 10 Oct 08:05 2014
Picon

Fwd: What is the signature count?

Can anyone tell me how many signatures does Clam virus database have? Or
how many malwares can it detect?

--

-- 
Regards,
Prasanna Lotke.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Wouter Miltenburg | 9 Oct 20:49 2014
Picon

Re: Why are the ClamAV team so slow at creating signatures ?

Hi all,

Was subscribed to this mailing list for some time and didn't respond to
it that much, but this topic really got my attention.
> What rubbish... ClamAV always lags behind the commercial vendors in
> any comparative you wish to mention.
>
> The majority of well established vendors will also do a better job of
> detecting and pushing out definitions as it seems that ClamAV is
> reactive, not proactive on the definitions front  ....
Do you have any proof of this somewhat of accusation? It sounds to me
that you are only talking about the problem that you are facing right
now. I quickly looked through my old mails and didn't see your name pop
up nor do I see any other issues that you have highlighter in this
mailing list.

>> What other av product can you make your own virus signatures with, not usefull,  hmm
> You don't need to when they've got a decent set of analysts who are on
> the ball and push out new definitions quickly !
>
> F-Secure, Sophos, Kasperksy and others all had coverage already of this virus.
>
> Seriously, why should I mess around with creating virus signatures,
> its a waste of my time.
>
> Evangelising over how wonderful open-source anti-virus is is great....
> but if you're severely lagging on pushing out virus definitions then
> it very quickly removes the attractiveness of the product.   80% of
> people using your open-source project won't have the knowledge, time
> or inclination to hack together their own virus definitions ....
(Continue reading)

G.W. Haywood | 4 Oct 21:35 2014
Picon

Re: Why are the ClamAV team so slow at creating signatures ?

Hi Steve,

On Sat, 4 Oct 2014, Steve Basford wrote:

> Slightly off topic, does anyone have a folder full of saved malware
> zips/rars etc. they have kept over the past xxx months, if so can U
> contact me off-list...

I don't, exactly, but I do keep records and do I look at them.

Firstly I'm only interested in what's in electronic mail.  I don't run
Windows boxes, and on the odd occasion that I need one I fire up a VM.

However the several mail servers and many other Linux boxes for which
I'm responsible have the potential to assist in the propagation of
malicious software to customers, suppliers, colleagues, family and
casual acquaintances all around the world.  Although running only
Linux boxes means I can more or less forget the threat from malware to
the machines themselves, I take the view that using them to communicate
with more vulnerable systems gives me some responsibilities.  One of my
employees could, for example, forward a message with a malicious link
in it (to which the Linux box she uses is not vulnerable) to someone
using XP.  Six months after XP went EOL, over 25% of the Windows boxes
in the UK for example are still running it.

I can't say I blame people for not wanting to be shafted by Microsoft
yet again, but I don't think they're being very responsible.  Perhaps
they'd only have themselves to blame for not using Linux, but I don't
want to add to their problems, nor to those of almost everyone else,
by sending them a virus for which their machine has no defence - and
(Continue reading)

Tim Smith | 3 Oct 13:19 2014
Picon

Why are the ClamAV team so slow at creating signatures ?

Hi,

Over the last 24-48 hours, I submitted a number of email attachments.
RAR files that contained viruses.

Running one or two of them through VirusTotal today, I see ClamAV have
*STILL* not managed to produce virus definitions for them !

All of the commercial vendors I submitted the samples to had analysed
and created samples in timeframes ranging from hours to one day.

At this rate I'm going to be dumping ClamAV from my systems and
subscribing to a service from a commercial vendor .....

Looking forward to hearing the reasons why !
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Bernd Kuhls | 3 Oct 10:55 2014
Picon

Bugzilla setup, was: Re: ARM Cross Compile

Steven Morgan <smorgan <at> sourcefire.com> wrote in news:CAH-
jhOA_stD2h8pvK3zU_aa3q0rfOE0r7S_F=xWJMihhtBCAVA <at> mail.gmail.com:

> Thanks for the reports. Yes, we can fix those, I've opened bugzilla bug
> 11124 for the next ClamAV maintenance release.

Hi,

is there a problem with bugzilla?
"You are not authorized to access bug #11124." is all I see when I try to 
access the bug at https://bugzilla.clamav.net/show_bug.cgi?id=11124

Regards, Bernd

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Gmane