G.W. Haywood | 17 Apr 18:49 2015
Picon

Re: Postfix 21 integration issue

Hi there,

On Fri, 17 Apr 2015, Richard Troy wrote:

> ...
> Here's what I have installed:
>
>    postfix-2.11.3-1.fc21.x86_64
>
>    clamav-0.98.6-1.fc21.x86_64
>    clamav-filesystem-0.98.6-1.fc21.noarch
>    clamav-data-0.98.6-1.fc21.noarch
>    clamav-lib-0.98.6-1.fc21.x86_64
> ...
>    # systemctl enable clamav.service
>    Failed to execute operation: No such file or directory

I don't use postfix (I'm a dyed-in-the-wool Sendmail person), and it
must be well over a decade since I've used anything from Raleigh, but
you *might* just be missing the clamav-milter package.

--

-- 

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
(Continue reading)

Richard Troy | 16 Apr 21:28 2015

Postfix 21 integration issue


Hello All,

following hardware failure, I upgraded my server's OS to Fedora 21 and 
decided to add ClamAV to my mail configuration. It seems that this version 
of Fedora is a substantial enough departure from previous versions that 
the configuration advice / guidance I've found so far is wrong.

Here's what I have installed:

    postfix-2.11.3-1.fc21.x86_64

    clamav-0.98.6-1.fc21.x86_64
    clamav-filesystem-0.98.6-1.fc21.noarch
    clamav-data-0.98.6-1.fc21.noarch
    clamav-lib-0.98.6-1.fc21.x86_64

I went to what I think is supposed to be the distribution's information 
source, /usr/share/doc/clamav, however, no joy there:  The README, 
ChangeLog, AUTHORS, BUGS, and NEWS files are of no help, FAQ is empty, and 
of the two URLs in UPGRADE, one doesn't work and the other is of no help. 
That leaves the three PDFs which are unreadable on a non-windowing system 
like this one is, and have to be moved (PITA), which I of course did. Of 
these, clamdoc.pdf was very interesting, but no help here, and 
phishsigs_howto.pdf and signatures.pdf were also no help. I did find a 
different version of clamdoc.pdf on the official web site and read through 
it too, again no help on these issues.

There are several issues with the installation. One of these is that when 
I try and enable the service, I get:
(Continue reading)

sanes | 16 Apr 15:50 2015

clamscan --exclude=REGEX

The following exclude does not work (the scan will check the file)

clamscan -r --exclude="c:\Windows\System32\mobsync.exe" c:\

Please advise why exclude not working

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

sanes | 15 Apr 15:50 2015

Clamscan infection that is not infected

Why does clamscan show this file infection, but a scan with VirusTotal.com
shows file is safe?  Which source should I trust?

c:\Windows\System32\mobsync.exe: Win.Trojan.Agent-863936 FOUND

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

sanes | 14 Apr 19:34 2015

Exclude multiple files with Windows version of clamscan

Please advise how to use a Text File with a list of Files to Exclude from
clamscan (Windows Version).

Have only found postings with Unix-type solutions

clamscan --exclude='text file containing list of files'

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Franklin Wang | 12 Apr 13:52 2015

Do you trust the Heuristic Analysis of clamav?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi guys,

I've been collecting reviews about the security software on Linux or
BSD, and it's not very well of the review result of clamav. So I
installed dr. web several months ago. And the bitdefender for personal
may not be comfortable for kernel 3.16.x. What's your opinion?

Frank  

- -- 
Skype: touch21st, Gtalk: touch21st, Yahoo/MSN:franklinwang36 <at> yahoo.com
Xing/Linkedin: Franklin Wang
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlUqXIUACgkQHNPJJKP5NjbQnAD/cywjTXkKkRbh0OOeEh2dufTz
xA4YDVsCFanpjnoFN9QA/3nzMvcjrKsxpqYqMDw7EPGGCSR49Y1cqCGj0NkuJw9/
=bBw8
-----END PGP SIGNATURE-----

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

(Continue reading)

Steve Tye | 9 Apr 21:43 2015

Whonix

Looking for a way to successfully run ClamAV on a Whonix Gateway.

I get this error:
Can't get information about db.local.clamav.net

Also can't do a simple nslookup

Adjust /etc/resolv.conf
Comment out the Tor DNS
Uncomment out the virtual box DNS
Can do a nslookup
BUT get
Can't query current.cvd.clamav.net

Any advice here?  I am totally okay with making a change running freshclam then changing back.

Thanks

Steve

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

sanes | 9 Apr 16:31 2015

How to manually delete infected file

Does "clamscan --remove=yes" only delete infected file from hard disk, or
also if running in memory (RAM)?

we rather manually delete files that are infected, but not sure how to
handle

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Kris Deugau | 8 Apr 22:31 2015
Picon

Heuristics.Phishing.Email.SpoofedDomain again

How do I whitelist all combinations of TLD 1 and TLD 2 with/without
subdomains in one entry?

I've just had a series of FP reports, all appear to be triggered by a
Scotiabank internal mail system URL that shows scotiabank.com (with a
host/subdomain in some messages, without in others) and a real link
target of scotiamail.bns (again, may or may not have a host/subdomain).

M:scotiabank.com:scotiamail.bns

works on *some* messages... but not all of them.  Apparently the
host/domain isn't consistently cut down to the bare TLD.

I don't want to have to add "many" variant entries, because I don't know
what variations might appear.  For the time being I've added 4 entries
that seem to cover the variants I have on hand currently.

-kgd
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Zanes Data Services | 8 Apr 17:43 2015

Where to find info about Virus found with scan

Which URL contains information about a virus found with clamscan, where we
can read exactly what the virus does?

Trying to find information about win.adware.outbrowse-4 before deleting the
file with the infection

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Steve Brazill | 27 Mar 20:01 2015
Picon
Picon

Re: daily.cvd out of date?

At least 2 of the sites referenced by the "db.local.clamav.net" IP pool, are not responding (this
morning), and my "wget" of the files last weekend, failed with ('emeksensin.com' does 'not' resolve to
any of the IP's in the DNS 'pool') :
** Initiating File Download Process **Sun Mar 22 08:55:01 PDT
2015http://emeksensin.com/main.cvd:2015-03-22 08:55:02 ERROR 407: Proxy Authentication
Required.http://emeksensin.com/daily.cvd:2015-03-22 08:55:02 ERROR 407: Proxy Authentication
Required.http://emeksensin.com/bytecode.cvd:2015-03-22 08:55:02 ERROR 407: Proxy
Authentication Required.http://emeksensin.com/safebrowsing.cvd:2015-03-22 08:55:02 ERROR 407:
Proxy Authentication Required.Sun Mar 22 08:55:02 PDT 2015** File Download Process Completed **

> nslookup emeksensin.comNon-authoritative answer:Name: emeksensin.comAddress: 78.46.82.212

> nslookup db.local.clamav.netNon-authoritative answer:db.local.clamav.net canonical name =
db.us.rr.clamav.net.Name: db.us.rr.clamav.netAddress: 209.198.147.20Name:
db.us.rr.clamav.netAddress: 66.18.18.59Name: db.us.rr.clamav.netAddress: 78.46.84.244Name:
db.us.rr.clamav.netAddress: 150.214.142.197Name: db.us.rr.clamav.netAddress:
194.186.47.19Name: db.us.rr.clamav.netAddress: 200.236.31.1

On Monday 16 March 2015 18:59:30 Al Varnell wrote:> It would certainly seem so. A few users either prefer or
must disable> scripted updates and download the full daily.cvd each time. I would have> to guess the major
reason is to provide a local mirror to service a> network of computers, all using ClamAV®. In those cases
they rely on the> daily.cvd being up-to-date with the latest releases included. I don’t> know what
method the mirror network uses to make sure all servers are in> sync, but something must have failed with
regard to 150.214.142.197.> > -Al-≥ > On Mon, Mar 16, 2015 at 06:04PM, Gene Heskett wrote:> > On Monday 16
March 2015 12:46:56 Al Varnell wrote:> >> daily.cvd is compressed to save time and bandwidth when you need
the> >> entire daily database downloaded. If you use scripted update> >> (default) then it’s
decompressed to become daily.cld and each> >> daily.cdiff is then added to it. So yes, at any given point in
time> >> for the same version number, they are the same thing, but different> >> sizes.> >> > I see, so I won't
waste the effort to add it to the freshclam refresh.> >> > Thank you. But I have to assume the Original
Posters problem still> > exists as his is not being refreshed.> >> > Any SWAG's?> >> > Thanks Al.> >> >>
(Continue reading)


Gmane