[clamav-users] Can't detect deceptive URL's as infected !!

Dennis Peterson dennispe at inetnw.com
Tue Dec 11 17:25:47 EST 2018


Yes - the extension can be one or the other. The other thing to check is the 
file ownership and permissions, and finally to search your clamd.log file (or 
what ever it is called on your system) for "FOUND". If it is a useful signature 
source your logs should indicate clamd is finding targets from the safebrowsing 
signature file. In your freshclam log you should see the safebrowing file is 
being updated from time to time. My own system, with rare exception, only ever 
finds Sane Security signatures, and most http links are caught by my milter via 
dns-based URLBL blacklists before it sends the messages to Clamd.

dp

On 12/11/18 3:54 AM, Sunny Marwah wrote:
> I can see below files in /var/lib/clamav/ directory :
>
> main.cvd
> bytecode.cvd
> safebrowsing.cld
> daily.cld
> mirrors.dat
>
> But it is 'safebrowsing.cld', not 'safebrowsing.cvd'.
>
> Is it Ok ??
>
>
>
> On Tue, Dec 11, 2018 at 1:47 PM Dennis Peterson <dennispe at inetnw.com 
> <mailto:dennispe at inetnw.com>> wrote:
>
>     In your ClamAV signature folder does there exist a safebrowsing.cvd file?
>
>     dp
>
>     On 12/10/18 9:46 PM, Sunny Marwah wrote:
>     >
>     > Same question again : Chrome don't open malicious links due to labeling
>     them
>     > dangerous as per "Safebrowsing". Then why ClamAV is not able to identify
>     such
>     > malicious links when "Safebrowsing" option is already enabled ??
>
>     _______________________________________________
>     clamav-users mailing list
>     clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
>     Help us build a comprehensive ClamAV guide:
>     https://github.com/vrtadmin/clamav-faq
>
>     http://www.clamav.net/contact.html#ml
>
>
>
> -- 
> Regards
> Sunny
> System Engineer
> Mob : +91 9711155549
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181211/5322cf1c/attachment.html>


More information about the clamav-users mailing list