'Re: [clamav-users] Clamav does not recognize known viruses'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    Re: [clamav-users] Clamav does not recognize known viruses
From:       newcomer01 via clamav-users <clamav-users () lists ! clamav ! net>
Date:       2023-12-21 14:25:01
Message-ID: fe5ac55a-d294-492c-b637-402742c83416 () posteo ! de
[Download RAW message or body]

Hi Sebastian,

here on Ubuntu LTS i have the same issue.

Check the permission for:

-   /etc/init.d/clamav-deamon
- /etc/init.d/clamav-freshclam

By unknown reasons, they have the wrong permission by default.
It must have 0755, then it works well!

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Sebastian <mailto:sebastian@debianfan.de>
Gesendet / Sent: Donnerstag, Dezember 21, 2023 um 10:04 (at 10:04 AM) +0100
Betreff / Subject: [clamav-users] Clamav does not recognize known viruses
> Good morning,
>
> I use clamav with the additional signatures from securiteinfo.
>
> ClamAV 0.103.10/27129/Wed Dec 20 10:38:37 2023
>
> Some time ago clamav was due for an update - since then it has
> recognized almost nothing.
>
> I start the scan with:
>
> clamscan  -i   --move=/home/virusverdacht/erkannt  /home/virusverdacht
>
> /etc/clamav/freshclam.conf:
>
>
> [...]
> DatabaseOwner clamav
> UpdateLogFile /var/log/clamav/freshclam.log
> LogVerbose false
> LogSyslog false
> LogFacility LOG_LOCAL6
> LogFileMaxSize 0
> LogRotate true
> LogTime true
> Foreground false
> Debug false
> MaxAttempts 5
> DatabaseDirectory /var/lib/clamav
> DNSDatabaseInfo current.cvd.clamav.net
> ConnectTimeout 30
> ReceiveTimeout 0
> TestDatabases yes
> ScriptedUpdates yes
> CompressLocalDatabase no
> Bytecode true
> NotifyClamd /etc/clamav/clamd.conf
> # Check for new database 24 times a day
> Checks 24
> DatabaseMirror db.local.clamav.net
> DatabaseMirror database.clamav.net
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malware.expert.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
> DatabaseCustomURL
> http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
> DatabaseCustomURL
> http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
> DatabaseCustomURL
> http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
> DatabaseCustomURL
> http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
> DatabaseCustomURL
> http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
> DatabaseCustomURL
> http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
> DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
> DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxxx/securiteinfo.hdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo.ign2
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxx/javascript.ndb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/spam_marketing.ndb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfohtml.hdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfoascii.hdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfoandroid.hdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfoold.hdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfopdf.hdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo0hour.hdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo.mdb
> DatabaseCustomURL
> https://www.securiteinfo.com/get/signatures/xxxxx/securiteinfo.yara
> DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxx
> /securiteinfo.pdb
> [...]
>
>
> /etc/clamav/clamav.conf
> [...]
> LogFile /var/log/clamav.log
> LogTime yes
> LogSyslog yes
> LogFacility LOG_LOCAL2
>
> PidFile  /var/amavis/clamd.pid
> DatabaseDirectory /var/clamav
> OfficialDatabaseOnly no
> LocalSocket  /var/amavis/clamd
> LocalSocketMode 660
>
> FixStaleSocket yes
>
> DetectPUA yes
>
> IncludePUA Spy
> IncludePUA Scanner
> IncludePUA RAT
>
> AlgorithmicDetection yes
>
> ScanPE yes
>
> ScanELF yes
>
> DetectBrokenExecutables yes
>
> ScanOLE2 yes
>
> ScanPDF yes
>
> ScanMail yes
>
> ScanPartialMessages yes
>
> PhishingSignatures yes
>
> PhishingScanURLs yes
>
> PhishingAlwaysBlockSSLMismatch no
>
> PhishingAlwaysBlockCloak no
>
> HeuristicScanPrecedence yes
>
> StructuredDataDetection yes
>
> StructuredMinCreditCardCount 5
>
> StructuredMinSSNCount 5
>
> StructuredSSNFormatNormal yes
>
> StructuredSSNFormatStripped yes
>
> Bytecode yes
> [...]
>
>
>
> I suspect he ignores the additional signatures.
>
> But where is the mistake here?
>
>
> greeting
> Sebastian
>
>
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[prev in list] [next in list] [prev in thread] [next in thread] 