[clamav-users] Email.Phishing.DblDom-60 -- issue

Andrew McGlashan andrew.mcglashan at affinityvision.com.au
Sun Apr 3 03:55:31 UTC 2016 

Hi Al,

On 3/04/2016 12:34 PM, Alain Zidouemba wrote:
> Are you up to date with your signatures? Email.Phishing.DblDom-60 was
> removed on 4/1/2016.

Okay, using older Wheezy, not yet updated to 7.10 ... that will probably
update things.
  [doing the update to 7.10 now]

Also added in missing wheezy/updates entry for apt-get

   deb http://mirror.aarnet.edu.au/debian/     wheezy-updates main
contrib non-free



Before the update, the logs show the following:

# cat clamav.log
Sun Apr  3 06:53:25 2016 -> SelfCheck: Database status OK.
Sun Apr  3 07:54:33 2016 -> SelfCheck: Database status OK.
Sun Apr  3 08:54:51 2016 -> SelfCheck: Database status OK.
Sun Apr  3 09:56:15 2016 -> SelfCheck: Database status OK.
Sun Apr  3 10:56:21 2016 -> SelfCheck: Database status OK.
Sun Apr  3 11:58:40 2016 -> SelfCheck: Database status OK.
Sun Apr  3 13:00:37 2016 -> SelfCheck: Database status OK.


# tail freshclam.log
Sun Apr  3 12:26:22 2016 -> --------------------------------------
Sun Apr  3 13:26:22 2016 -> Received signal: wake up
Sun Apr  3 13:26:22 2016 -> ClamAV update process started at Sun Apr  3
13:26:22 2016
Sun Apr  3 13:26:22 2016 -> WARNING: Your ClamAV installation is OUTDATED!
Sun Apr  3 13:26:22 2016 -> WARNING: Local version: 0.98.7 Recommended
version: 0.99.1
Sun Apr  3 13:26:22 2016 -> DON'T PANIC! Read
http://www.clamav.net/support/faq
Sun Apr  3 13:26:22 2016 -> main.cvd is up to date (version: 57, sigs:
4218790, f-level: 60, builder: amishhammer)
Sun Apr  3 13:26:22 2016 -> daily.cld is up to date (version: 21484,
sigs: 83932, f-level: 63, builder: neo)
Sun Apr  3 13:26:22 2016 -> bytecode.cvd is up to date (version: 275,
sigs: 45, f-level: 63, builder: amishhammer)
Sun Apr  3 13:26:29 2016 -> --------------------------------------


So, the signatures appear to be up to date from those logs.

> FYI:
> 
> $ echo -n 'Email.Phishing.DblDom-60:4:*:2f2e70617970616c2e636f6d' | sigtool
> --decode-sigs
> VIRUS NAME: Email.Phishing.DblDom-60
> TARGET TYPE: MAIL
> OFFSET: *
> DECODED SIGNATURE:
> /[dot]paypal[dot]com

Just to clarify, this queries the sigs, it doesn't change them, is that
right?


Thanks
AndrewM

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160403/1b07e3a4/attachment.sig>

More information about the clamav-users mailing list