Van Dalsen, Herbie | 9 Jun 14:24 2016
Picon

Supported Operating Systems

Hi all,

I would please like to know if clamav is supported on HP-UX, and where I can get the manuals to install on HP-UX.

Kind Regards

Herbie

"BANKEMFA" made the following annotations.
------------------------------------------------------------------------------
This is a confidential communication and is intended only for the addressee indicated in the message (or
duly authorised to be responsible for the delivery of the message to such person). You are specifically
prohibited from copying this message or delivering the same, or any part thereof, to any other person,
whomsoever or howsoever, unless you receive written authorisation from us to do. 

If you are anyone other than the intended addressee, or person duly authorised and responsible for the
delivery of this message to the intended addressee, you should destroy this message and notify us
immediately. 

Please note that we accept no responsibility whatsoever in the event that this message or any other email
message or any part thereof becomes known or is communicated to anyone other than the intended recipient
or other person authorised in writing by us to receive it, howsoever arising and disclaim all liability
for any losses or damage which may be sustained by any person as a result thereof.

Permanent TSB plc. is regulated by the Central Bank of Ireland and is a tied Assurance Agent for Irish Life
Assurance plc.

Permanent TSB plc. registered in Dublin under No. 222332. Registered office is: 56-59, St. Stephen?s
Green, Dublin 2, Ireland.
==============================================================================
(Continue reading)

X-Face

fake mp3, real malware.

Hello Clamav,

A new malware is an ascii text begining by "ID3 = ".
Clamav see it as an MP3 file :

clamscan --debug SecuriteInfo.com.JS.Downloader.Agent.15736.18211.371
(...)
LibClamAV debug: Recognized MP3 file
(...)

clamscan -V
ClamAV 0.99.2/21668/Sat Jun  4 11:35:05 2016

The problem is this ascii malware cannot be normalised, but it should be.

The sample has been sent to http://www.clamav.net/reports/malware

md5sum of malware sent is : 023bff926f5852ba0e58a72c10e77f2a

--

-- 
Best regards,

Arnaud Jacques
SecuriteInfo.com

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter :  <at> SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
(Continue reading)

Nathan Parker | 4 Jun 03:19 2016
Gravatar

Re: Issue with ClamAV on Red Hat Enterprise Linux

Thanks everyone for chiming into this. Sorry it's taken me so long to respond (again).

So basically, I just need to open those two files mentioned above and edit them to get everything running?

Thanks!

Nathan Parker

President/CEO
Mallard Computer, Inc.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

tasc | 2 Jun 02:34 2016
Picon

clamd OnAccessScan issues

Hi

I am using Centos 7.2, i.e.: /proc/version =>
Linux version 3.10.0-327.18.2.el7.x86_64 (builder <at> kbuilder.dev.centos.org)
(gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu May 12
11:03:55 UTC 2016

SElinux is running.

Using Epel packages for clamav including unofficial signatures.

Using latest clamavtk as well.

Installed per
https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/.

freshclam functional
clamscan functional
clamavtk functional in KDE environment.

clamd service can be started using your sample clamd.conf.

1/ $> clamd zPING
   $> clamd PING
gives new line and then nothing. Need to terminate with control -c.

Doesn't match manual?

2/ Enabled per clamd.conf-2016-06-01-OnAccessScan attached as used for for
/etc/clamd.d/scan.conf .
(Continue reading)

Paul Kosinski | 4 Mar 00:17 2016

Re: ClamAV-users Digest

Hi,

I haven't received any Digest email since Feb 3, is the list still in
operation?

Paul Kosinski
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Eric Kom | 2 Jun 15:31 2016
Picon

TEST


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Eric C. Kom | 2 Jun 15:34 2016
Picon

Clamav failed to update after sudo freshclam

Good day all,

Please I am failing to get my clamav update in debian; see below the ERROR:

erickom <at> mail:~$ sudo freshclam
ClamAV update process started at Thu Jun  2 15:29:23 2016
Reading CVD header (main.cld): nonblock_connect: connect(): fd=4 errno=22:
Invalid argument
Can't connect to port 80 of host 30 (IP: 0.0.0.30)
Reading CVD header (main.cvd): nonblock_connect: connect(): fd=4 errno=22:
Invalid argument
Can't connect to port 80 of host 30 (IP: 0.0.0.30)
WARNING: Can't read main.cvd header from 30 (IP: )
Trying again in 5 secs...
ClamAV update process started at Thu Jun  2 15:29:28 2016
Reading CVD header (main.cld): nonblock_connect: connect(): fd=4 errno=22:
Invalid argument
Can't connect to port 80 of host 30 (IP: 0.0.0.30)
Reading CVD header (main.cvd): nonblock_connect: connect(): fd=4 errno=22:
Invalid argument
Can't connect to port 80 of host 30 (IP: 0.0.0.30)
WARNING: Can't read main.cvd header from 30 (IP: )
Trying again in 5 secs...
ClamAV update process started at Thu Jun  2 15:29:33 2016
Reading CVD header (main.cld): nonblock_connect: connect(): fd=4 errno=22:
Invalid argument
Can't connect to port 80 of host 30 (IP: 0.0.0.30)
Reading CVD header (main.cvd): nonblock_connect: connect(): fd=4 errno=22:
Invalid argument
Can't connect to port 80 of host 30 (IP: 0.0.0.30)
(Continue reading)

Raphaël | 2 Jun 06:41 2016
Picon
Gravatar

jquery-1.2.6.pack.js is now a Win.Trojan.Agent-1430626

Hi,

One of my teammate recently got notified about (more) trojans since the 21640 update
http://lists.clamav.net/pipermail/clamav-virusdb/2016-May/002964.html

A derivated version of jquery-1.2.6.pack.js now matches a known signature:

# download original JQ
$ wget http://code.jquery.com/jquery-1.2.6.pack.js

# play with whitespace to match SVN raw file
$ sed -r -e 1i$'\x0a' -e '/Date:|Rev:/s/ \$$//' -e '/Date:|Rev:/s/\$//' jquery-1.2.6.pack.js > jquery-1.2.6.pack.mod.js

$ clamscan jquery-1.2.6.pack.mod.js
> Win.Trojan.Agent-1430626 FOUND

Given the importance of today (closed-source) javascript in computing
tasks that makes sense. But I fear this wasn't not expected.

Out of curiosity, how/who/why does it comes from?
How many such false positive does the DB possibly contains already?

best regards
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

(Continue reading)

G.W. Haywood | 1 Jun 19:31 2016
Picon

Re: ClamAV in production environment

Hi there,

On Wed, 1 Jun 2016, Eljai Mohammed wrote:

> Within the framework of a project for a sensitive client, we would
> like to put in place clamAV in order to scan the users? uploaded
> files through a web interface.

I have difficulty in reconciling the concepts of a "sensitive client"
and "users uploaded files through a Web interface".

You could give more information, such as what operating system(s) you
plan to use, and what other software.

> To what extent is clamAV reliable?

MTBF measured in years on my systems, but see qualification below.

> Do you recommend it in a production environment?

A qualified 'Yes'.  The qualification being that I have only seriously
used ClamAV as filter (Sendmail milter) for scanning mail, and I don't
care very much about viruses.  Even if ClamAV has scanned an attachment
and failed to find anything malicious, if the attachment looks like an
executable it is usually quarantined here by custom MIMEDefang rules,
so the addressee sees only a message saying that an attachment has been
removed from the mail as a precaution.

> If yes, do you have references that use it in production?

(Continue reading)

Eljai Mohammed | 1 Jun 13:53 2016
Picon

ClamAV in production environment

Dear All,

Within the framework of a project for a sensitive client, we would like to
put in place clamAV in order to scan the users’ uploaded files through a
web interface.

Accordingly, we would like to know:
- To what extent is clamAV reliable?
- Do you recommend it in a production environment? If yes, do you have
references that use it in production?
- Does it worth a paid anti-virus? (KasperSky or Symantec)?

Thank you !

Best regards,

Mohammed EL JAI.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
X-Face

A few signatures to remove from main.hdb

Hello Clamav Team,

I suggest to remove the following signatures :

main.hdb:ea29050f5d5a725ff666c9198ec95676:18:Win.Trojan.FormatC-39
main.hdb:501122fcdd5b2d6633c52769432e0ab2:14:Dos.Trojan.DeltreeY-21
main.hdb:a649d63a43589f6c33d3f6375499d4ab:22:Dos.Trojan.MouseDisable-3
main.hdb:92acc109223088b49312971c5fc8d5b5:10:Win.Trojan.Concon-4
main.hdb:478ece4c404ce1eddefe07f9b6f59bda:20:Win.Trojan.Delwin-25
main.hdb:b354aada5dc6a59ad42eb43688e5fa7d:22:Win.Trojan.Delwin-29

... and replace them with ndb version, file type 7. It could detect much more 
variants.

--

-- 
Best regards,

Arnaud Jacques
SecuriteInfo.com

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter :  <at> SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Gmane