[clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Reindl Harald h.reindl at thelounge.net
Thu Dec 29 15:08:34 UTC 2016 


Am 29.12.2016 um 13:06 schrieb Steve Basford:
> On Thu, December 29, 2016 9:32 am, Reindl Harald wrote:
>>
>
>> i would love to be able to *completly* exclude
>> "daily.cld", "daily.cvd" and "main.cvd" and only update
>> "safebrowsing.cvd"
>
> daily.cvd and main.cvd are compressed versions of multiple databases...
>
> --3rd-party-db-only=[=yes/no(*)]
>
> and the same thing in clamd.conf.
>
> but this may not then load safebrowsing.cvd.
>
> You may also need to keep daily.ftm as that contains filetypes

looks like you completly missed that there are already *two* instances 
of clamd with 2 differnt signature folders and one don't contain the 
official signatures - point is that freshclam should have a option to 
skip all the signatures and as example update "daily.ftm" and whatever 
should be there but leave us in peace with signatures eating hundrets of 
MB disk space and RAM with no benefit than false positives

[root at mail-gw:~]$ ls /var/lib/clamav/
insgesamt 211M
-rw-r--r-- 1 clamupdate clamupdate  75K 2016-12-28 12:53 
foxhole_filename.cdb
-rw-r--r-- 1 clamupdate clamupdate  44K 2016-06-28 09:58 foxhole_generic.cdb
-rw-r--r-- 1 clamupdate clamupdate 4,1K 2016-06-18 16:55 
thelounge_blocked_extensions.cdb
-rw-r--r-- 1 clamupdate clamupdate  79M 2016-12-29 13:25 daily.cld
-rw-r--r-- 1 clamupdate clamupdate  85K 2016-07-04 14:30 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate  26M 2016-12-18 01:25 daily.cvd
-rw-r--r-- 1 clamupdate clamupdate 105M 2016-07-04 14:29 main.cvd
-rw-r--r-- 1 clamupdate clamupdate  11K 2016-10-18 15:56 sanesecurity.ftm
-rw-r--r-- 1 clamupdate clamupdate 103K 2016-12-29 14:47 
bofhland_malware_attach.hdb
-rw-r--r-- 1 clamupdate clamupdate   82 2016-07-13 21:44 crdfam.clamav.hdb
-rw-r--r-- 1 clamupdate clamupdate  14K 2016-12-29 11:54 rogue.hdb
-rw-r--r-- 1 clamupdate clamupdate  86K 2016-12-29 14:45 
winnow_extended_malware.hdb
-rw-r--r-- 1 clamupdate clamupdate 264K 2016-12-29 14:45 winnow_malware.hdb
-rw-r--r-- 1 clamupdate clamupdate  48K 2015-08-05 09:24 hackingteam.hsb
-rw-r--r-- 1 clamupdate clamupdate  15K 2016-08-10 15:06 malwarehash.hsb
-rw-r--r-- 1 clamupdate clamupdate  11K 2016-12-29 14:46 porcupine.hsb
-rw-r--r-- 1 clamupdate clamupdate 6,7K 2016-11-25 09:56 sigwhitelist.ign2
-rw-r--r-- 1 clamupdate clamupdate  196 2016-08-10 09:57 
thelounge_whitelist.ign2
-rw-r--r-- 1 clamupdate clamupdate  56K 2016-12-27 20:39 badmacro.ndb
-rw-r--r-- 1 clamupdate clamupdate  60K 2016-12-29 14:53 blurl.ndb
-rw-r--r-- 1 clamupdate clamupdate 1012 2016-12-29 14:47 
bofhland_malware_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate 337K 2016-12-29 14:46 porcupine.ndb
-rw-r--r-- 1 clamupdate clamupdate   61 2016-10-10 19:47 
thelounge_custom_sigs.ndb
-rw-r--r-- 1 clamupdate clamupdate 1,3M 2016-12-29 14:45 
winnow_malware_links.ndb

[root at mail-gw:~]$ ls /var/lib/clamav-spam/
insgesamt 77M
-rw-r--r-- 1 clamupdate clamupdate 9,1K 2016-11-28 16:00 foxhole_all.cdb
-rw-r--r-- 1 clamupdate clamupdate 2,7K 2016-12-06 09:52 foxhole_js.cdb
-rw-r--r-- 1 clamupdate clamupdate 5,7K 2016-06-18 16:55 
thelounge_tagged_extensions.cdb
-rw-r--r-- 1 clamupdate clamupdate  85K 2016-07-04 14:30 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate  43M 2016-11-04 18:27 safebrowsing.cvd
-rw-r--r-- 1 clamupdate clamupdate  11K 2016-10-18 15:56 sanesecurity.ftm
-rw-r--r-- 1 clamupdate clamupdate 1,3K 2016-12-12 16:53 spamattach.hdb
-rw-r--r-- 1 clamupdate clamupdate 6,0K 2016-12-08 10:53 spamimg.hdb
-rw-r--r-- 1 clamupdate clamupdate 515K 2016-12-29 14:45 
winnow.attachments.hdb
-rw-r--r-- 1 clamupdate clamupdate   66 2016-12-29 14:45 winnow_bad_cw.hdb
-rw-r--r-- 1 clamupdate clamupdate 6,7K 2016-11-25 09:56 sigwhitelist.ign2
-rw-r--r-- 1 clamupdate clamupdate  196 2016-08-10 09:57 
thelounge_whitelist.ign2
-rw-r--r-- 1 clamupdate clamupdate 1011 2016-11-29 17:56 shelter.ldb
-rw-r--r-- 1 clamupdate clamupdate  556 2016-10-06 15:53 spam.ldb
-rw-r--r-- 1 clamupdate clamupdate  660 2016-12-29 14:45 
winnow.complex.patterns.ldb
-rw-r--r-- 1 clamupdate clamupdate  60K 2016-12-29 14:53 blurl.ndb
-rw-r--r-- 1 clamupdate clamupdate  656 2016-12-29 14:47 
bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate 1012 2016-12-29 14:47 
bofhland_malware_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate 2,2K 2016-12-29 14:47 
bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate 5,7K 2016-11-21 09:55 foxhole_all.ndb
-rw-r--r-- 1 clamupdate clamupdate  230 2016-11-21 09:55 foxhole_js.ndb
-rw-r--r-- 1 clamupdate clamupdate 6,5M 2016-12-20 16:53 junk.ndb
-rw-r--r-- 1 clamupdate clamupdate 230K 2016-12-29 14:53 jurlbla.ndb
-rw-r--r-- 1 clamupdate clamupdate 198K 2016-12-29 14:53 jurlbl.ndb
-rw-r--r-- 1 clamupdate clamupdate 240K 2016-07-29 18:20 lott.ndb
-rw-r--r-- 1 clamupdate clamupdate 3,8M 2016-12-28 12:53 phish.ndb
-rw-r--r-- 1 clamupdate clamupdate 3,5M 2016-12-29 14:46 phishtank.ndb
-rw-r--r-- 1 clamupdate clamupdate  14M 2016-12-29 14:45 scamnailer.ndb
-rw-r--r-- 1 clamupdate clamupdate 1,8M 2016-11-28 16:24 scam.ndb
-rw-r--r-- 1 clamupdate clamupdate  49K 2016-12-28 19:52 spearl.ndb
-rw-r--r-- 1 clamupdate clamupdate 2,0M 2016-12-28 19:48 spear.ndb
-rw-r--r-- 1 clamupdate clamupdate   61 2016-10-10 19:47 
thelounge_custom_sigs.ndb
-rw-r--r-- 1 clamupdate clamupdate  159 2016-12-29 14:45 
winnow_extended_malware_links.ndb
-rw-r--r-- 1 clamupdate clamupdate 1,3M 2016-12-29 14:45 
winnow_malware_links.ndb
-rw-r--r-- 1 clamupdate clamupdate 298K 2016-12-29 14:45 
winnow_phish_complete.ndb
-rw-r--r-- 1 clamupdate clamupdate 166K 2016-12-29 14:45 
winnow_spam_complete.ndb
-rw-r--r-- 1 clamupdate clamupdate 1,5K 2015-07-01 14:54 
Sanesecurity_sigtest.yara
-rw-r--r-- 1 clamupdate clamupdate 1,3K 2016-02-22 13:21 
Sanesecurity_spam.yara

More information about the clamav-users mailing list