[clamav-users] Problems with safe browsing
TR Shaw
tshaw at oitc.com
Fri Nov 11 14:36:04 UTC 2016
You missed my point. It was it was a shame that safe browsing sigs only for of files that look like email.
> On Nov 11, 2016, at 12:43 AM, Gene Heskett <gheskett at shentel.net> wrote:
>
> On Thursday 10 November 2016 17:45:24 TR Shaw wrote:
>
>> Thanks, all.
>>
>> However its a real shame that it will not scan generic files looking
>> for bad urls rather than only scanning email files.
>>
>> I was going to to use clamav to scan disk drives for scripts that used
>> uris in safe browsing So much of that :-(
>>
>> Tom
>
> It scans disks just fine, has caught one real, and 2 fp's in the 3 years
> or so I've been using it. I also have clamscand scanning all incoming
> emails, and it has quaranteened, in the past year,
> -rw-r--r-- 1 gene mail 113710 Jun 6 08:13 virii
> So there is probably 3, maybe more, attacks in there. I usually zero
> that file out on new years day. The clamav tools can do a lot, if used
> for the jobs they were designed to do. Read the docs, then read them
> again.
>
>>> On Nov 10, 2016, at 3:46 PM, Steve basford
>>> <steveb_clamav at sanesecurity.com> wrote:
>>>
>>> Hi Tom,
>>>
>>> Create a standard header body formatted email and then insert the
>>> address at the end.
>>>
>>> It will be detected. Just placing on a line.. it won't be detected,
>>>
>>> Cheers,
>>>
>>> Steve
>>> Twitter: @sanesecurity
>>>
>>> On 10 November 2016 19:53:05 TR Shaw <tshaw at oitc.com> wrote:
>>>> I have freshclam set to load safe browsing:
>>>>
>>>> -rw-r--r-- 1 _clamav admin 57874944 Nov 10 11:51 daily.cld
>>>> -rw-r--r-- 1 _clamav admin 103419904 Nov 10 13:51
>>>> safebrowsing.cld
>>>>
>>>> I placed http://ianfette[.]org/ in a file safebrowsingtest.txt
>>>>
>>>> Then I run clam and expect to hit safe browsing but I instead I get
>>>> OK.
>>>>
>>>> $ clamscan -v safebrowsingtest.txt
>>>> Scanning safebrowsingtest.txt
>>>> safebrowsingtest.txt: OK
>>>>
>>>> ----------- SCAN SUMMARY -----------
>>>> Known viruses: 8073056
>>>> Engine version: 0.99.2
>>>> Scanned directories: 0
>>>> Scanned files: 1
>>>> Infected files: 0
>>>> Data scanned: 0.00 MB
>>>> Data read: 0.00 MB (ratio 0.00:1)
>>>> Time: 12.567 sec (0 m 12 s)
>>>>
>>>> When I place http://ianfette[.]org/ in a browser I get the safe
>>>> browsing alert. Any ideas what I am doing wrong?
>>>>
>>>> Tom
>>>>
>>>>
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users at lists.clamav.net
>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>>
>> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
>
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page <http://geneslinuxbox.net:6309/gene <http://geneslinuxbox.net:6309/gene>>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
More information about the clamav-users
mailing list