[clamav-users] [Fwd: securiteinfo problems]
Cedric Knight
cedric at gn.apc.org
Fri Apr 24 10:29:09 UTC 2015
On 23/04/15 08:24, Steve Basford wrote:
> Just a heads up for Bill Landry's ClamAV Unofficial
> Signatures Updater script users....
Many thanks for keeping us informed, Steve.
1) I note that most (all except two) of the SI databases now give 404s
and the Debian Wheezy clamav-unofficial-sigs package is warning:
Clamscan reports Sanesecurity honeynet.hdb database integrity tested BAD
- SKIPPING
rsync: link_stat "/var/cache/clamav-unofficial-sigs/si-dbs/honeynet.hdb"
failed: No such file or directory (2)
...
http://clamav.securiteinfo.com/securiteinfohtml.hdb and
http://clamav.securiteinfo.com/securiteinfo.hdb *are* still downloadable
but I assume are no longer being updated. There is a Debian bug open at
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783228>.
If Debian users don't want to edit the
/usr/share/clamav-unofficial-sigs/conf.d/ files according to Steve's
recommendations below, they can just put
si_dbs=""
into /etc/clamav-unofficial-sigs.conf.d/50-local. Either course of
action will result in the old SecuriteInfo databases being removed from
/var/lib/clamav/.
2) Is anyone else using the new SI system via freshclam willing to
report on it?
Thanks.
--
All best wishes,
Cedric Knight
GreenNet
>
> ---------------------------- Original Message ----------------------------
> Subject: securiteinfo problems
> From: "Steve Basford" <steveb_clamav at sanesecurity.com>
> Date: Thu, April 23, 2015 8:24 am
> To: sanesecurity_announce at freelists.org
> Cc: sanesecurity at freelists.org
> --------------------------------------------------------------------------
>
> On 25th March 2015, securiteinfo announced changes to their databases:
>
> http://lurker.clamav.net/message/20150325.133202.843fba9f.en.html
>
> Yesterday it appears from the slightly annoyed emails I've been reciving,
> that they removed their databases from the old clamav.securiteinfo.com and
> diverted the domain to their main website.
>
> Some users were left with either bad databases or lots of errors in their
> log files, depending on their scripts they were using.
>
> If you are seeing errors, and are using Bill Landry's ClamAV Unofficial
> Signatures Updater, please edit clamav-unofficial-sigs.conf and
>
> *** comment out these databases***
>
> as they are no longer running on clamav.securiteinfo.com
>
> # ========================
> # SecuriteInfo Database(s)
> # ========================
> # Add or remove database file names between quote marks as needed. To
> # disable any SecuriteInfo database downloads, remove the appropriate
> # lines below. To disable all SecuriteInfo database file downloads,
> # comment all of the following lines.
> si_dbs="
> honeynet.hdb
> securiteinfo.hdb
> securiteinfobat.hdb
> securiteinfodos.hdb
> securiteinfoelf.hdb
> securiteinfohtml.hdb
> securiteinfooffice.hdb
> securiteinfopdf.hdb
> securiteinfosh.hdb
> "
>
> As a side note, securiteinfo signatures are distributed by securiteinfo
> themselves and don't have anything to do with the signatures
> provided/distributed by Sanesecurity.
>
> Having said that, as they are in Bill Landry's ClamAV Unofficial
> Signatures Updater script, I'm putting this message out, to try and avoid
> even more annoyance when people hit issues caused by their changes.
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
>
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list