11/9/2023 0 Comments Clamav virus databaseProtect various arguments and "POSIX-ize" script integrityĮnhanced testing with travis-ci, including clamav 0.99 Major refactoring : Normalize comments, quotes, functions, conditions Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors Xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks Replace allot of "echo | cut | sed" with bash substitutionsĪdded fallbacks/substitutions for various commands Support for clamav-devel (clamav compiled from source)Īdded full proxy support to wget and curl Update all SANESECURITY signature databases Much better error messages with possible solutions given PGP is now optional and no longer a requirement and pgp support is auto-detectedįull support for MacOS / OS X and added clamav install guideįull support for pfSense and added clamav install guideĪdded os configs for Zimbra and Debian 8 with systemd Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH Install guide is here : Version 5.6.1 (updated ) Mine is Australia Uncomment the following line and replace XY with your country code. Do not touch one below described as " is round-robin" In nf don't forget to change to your nearest server. So if you want to disable clamav scanning streamed audio/video while advance mode is enabled you can add this code to the end of nf Do not scan (streamed) videos and audiosĪbortcontent ^. I also forgot to mention once you do load advanced configuration the settings on the page will be void. The domain is an apple domain I believe. Here is my additional definitions list:Įdit: Maybe the "icon1280x768.lsr is a legit virus? I have removed the Foxhole definitions source from freshclam but that hasn't stopped the blocks above. 05:12:44 VIRUS FOUND _jsname.UNOFFICIAL 17:17:06 VIRUS FOUND _doc_js.UNOFFICIAL 21:46:03 VIRUS FOUND _JsNum_wrd.UNOFFICIAL. Here a a few examples: Date-Time Message Virus URL Host User I do till see a lot of traffic from these same apps/vendors (Apple, Sophos, Adobe, MS) making it through still though. I am having a lot of legitimate updates being blocked by these additional definitions. I tried using a different connection to email myself the tests, but it didn't seem to do anything. Junk.ndb is up to date (version: custom database)ĬlamAV update process started at Mon Sep 12 17:00:00 2016ĬlamAV update process started at Mon Sep 12 16:00:00 2016ĬlamAV update process started at Mon Sep 12 15:00:00 2016īut when I look here, I don't see them being a part of the DB? If I go to the sanesecurity website and check out the signature testing link, it gets blocked. Phish.ndb is up to date (version: custom database) Rogue.hdb is up to date (version: custom database) Scam.ndb is up to date (version: custom database)īadmacro.ndb is up to date (version: custom database)įoxhole_js.cdb is up to date (version: custom database)įoxhole_generic.cdb is up to date (version: custom database)įoxhole_filename.cdb is up to date (version: custom database) Sanesecurity.ftm is up to date (version: custom database) Sigwhitelist.ign2 is up to date (version: custom database) Main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) My ClamAV update logs looks ok (at first they were failing) Messageīytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)ĭaily.cld is up to date (version: 22205, sigs: 609122, f-level: 63, builder: neo) How do you know for sure if it's working in pfSense? I'll keep checking this thread so that any further discussion doesn't get overlooked again. did mention that the foxhole definitions (when exclusively check inside archives) blocked an Adobe update so YMMV. These definitions have worked well for me. I would love it if pfSense would host it or provide some alternate mirror but at this point it seems we are on our own. However, I can't vouch for how long these files will be hosted at this mirror as there was a bandwidth concern expressed to me. (At this point you may or may not need to go back to the General Tab and re-save.)Īs all this appears to be freely and openly distributed I'm confident I can share this. Make the changes in the DatabaseCustomURL section of nf Click Load Advanced to load the default files for editing.Ĥ. The updates can be changed in Services -> Squid Proxy Server -> AntivirusĢ. I'm so sorry and don't want to leave everyone hanging. Just came back to check and noticed there had been some activity. I thought I would get notices about new postings in the thread.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |