[clamav-users] Trouble with foxhole

Wed Oct 14 06:37:11 UTC 2015

hi

foxhole_all.cdb is basically a text file

the content is as given below which you can edit to suit your convenience. i have also attached the same file.

what i have will block all the following extensions even they are hidden within 7z, rar, zip, arj, cab files.

you would need to copy this file inside /var/lib/clamav/
or whichever folder is having your daily.cld file
and then restart clam

Sanesecurity.Foxhole.7z:CL_TYPE_7Z:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:*
Sanesecurity.Foxhole.Rar:CL_TYPE_RAR:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:*
Sanesecurity.Foxhole.Zip:CL_TYPE_ZIP:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:*
Sanesecurity.Foxhole.Arj:CL_TYPE_ARJ:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:*
Sanesecurity.Foxhole.Cab:CL_TYPE_MSCAB:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:*

rajesh

----- Original Message -----
From: Hartmann, Jan [mailto:j.hartmann at kirchhoff-automotive.com]
To: clamav-users at lists.clamav.net
Sent: Wed, 14 Oct 2015 06:23:41 +0000
Subject: [clamav-users] Trouble with foxhole

Hi,
Today we had a lot problems with exe files hidden in zip archives

I tried to add the foxholedb to our clamav, but sadly it didn’t recognize the exe in the zip.

clamscan --database=/var/lib/clamav/foxhole_generic.cdb fatuousness\ paging\ policy\ work\ regulations.zip
fatuousness paging policy work regulations.zip: OK

Mit freundlichen Grüßen / Best Regards

i. A. Jan Hartmann
IT Administrator Groupware

phone: +49 2371 820 298
mobile: +49 171 865 962 2
fax: +49 2371 211 443
e-mail: j.hartmann at kirchhoff-automotive.com

KIRCHHOFF Witte GmbH
c/o KIRCHHOFF Automotive GmbH
Stefanstrasse 2
58638 Iserlohn
Germany

KIRCHHOFF Witte GmbH | HRB 6370 Amtsgericht Iserlohn | Sitz der Gesellschaft: 58640 Iserlohn | Geschäftsführer: Dipl.-Ing. Jürgen Wolfgang Kirchhoff, Andreas Haase, Dipl.-Ing. Stefan Leitzgen | http://www.kirchhoff-automotive.com

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information.If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

----------- SCAN SUMMARY -----------
Known viruses: 185
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.05 MB
Data read: 0.02 MB (ratio 2.60:1)