[clamav-users] clamav-users Digest, Vol 169, Issue 9

Alan Sadaky Hernandez Cervantes ahernandez at innovador.com.mx
Mon Dec 10 12:17:58 EST 2018



-----Mensaje original-----
De: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] En nombre de clamav-users-request at lists.clamav.net
Enviado el: lunes, 10 de diciembre de 2018 11:00 a. m.
Para: clamav-users at lists.clamav.net
Asunto: clamav-users Digest, Vol 169, Issue 9

Send clamav-users mailing list submissions to
clamav-users at lists.clamav.net

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
or, via email, send a message with subject or body 'help' to
clamav-users-request at lists.clamav.net

You can reach the person managing the list at
clamav-users-owner at lists.clamav.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of clamav-users digest..."


When responding, please don't respond with the entire Digest.  Please trim your response.


Today's Topics:

   1. Re: Installation problem. (nikos)
   2. Re: Installation problem. (Robert Chalmers)
   3. Re: Installation problem. (nikos)
   4. Re: Installation problem. (Robert Chalmers)
   5. Clamav download (Robert Chalmers)
   6. Detecting Word docs with macros (Eric Tykwinski)
   7. Re: Detecting Word docs with macros (Steve Basford)
   8. Re: Detecting Word docs with macros (Eric Tykwinski)


----------------------------------------------------------------------

Message: 1
Date: Mon, 10 Dec 2018 09:36:15 +0200
From: nikos <nikos at qbit.gr>
To: clamav-users at lists.clamav.net
Subject: Re: [clamav-users] Installation problem.
Message-ID: <88a7b346-a52f-9a08-e3e9-6ecb60cbb437 at qbit.gr>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20181210/69fceb98/attachment-0001.html>

------------------------------

Message: 2
Date: Mon, 10 Dec 2018 07:50:30 +0000
From: Robert Chalmers <racuk12 at gmail.com>
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] Installation problem.
Message-ID: <D4F71F93-9723-4DE5-A80E-B48BF885D2C2 at gmail.com>
Content-Type: text/plain; charset="utf-8"


Ok, try this first.
./configure tidy
./configure clean
./configure <options>

make



-----
Robert Chalmers
https://robert-chalmers.uk
author at robert-chalmers.uk
@R_A_Chalmers


> On 10 Dec 2018, at 7:36 am, nikos <nikos at qbit.gr> wrote:
>
> Hello list.
>
> I tried Robert, but nothing change.
>
> I think is something with configure file. I copy the configure file from previous version and work with no problem. So there is no problem with the C++ compiler. Can I do the installation with the previous configure file?
>
> I try download it again but nothing change, same problem.
>
> Any suggestions?
>
> Thank you.
>
>
>
>> On 7/12/2018 7:00 ?.?., clamav-users-request at lists.clamav.net wrote:
>> My reasons for querying C++ is this in your log
>>
>>
>>> checking for cc++... no
>>
>>> checking whether the C++ compiler works... no
>>
>>
>>
>> and as you are building 101, if you want to stop freshclam dumping an exit error in your logs - it still work, just gives a false error. change this
>>
>> freshclam/freshclamcodes.h from
>>
>> typedef enum fc_error_tag {
>>     FC_SUCCESS          = 0,
>>     FC_UPTODATE         = 1,
>>
>> to
>>
>> typedef enum fc_error_tag {
>>     FC_SUCCESS          = 0,
>>     FC_UPTODATE         = 0,
>>
>> The clamav code maintainers are aware of this???
>>
>> robert
>>
>>> On 7 Dec 2018, at 07:28, nikos <nikos at qbit.gr> wrote:
>>>
>>> Hello list.
>>>
>>> I'm trying to install the now version of clam and it seems to be compilation problems.
>>>
>>> I run ./configure --sysconfdir=/etc --enable-milter in the programs folder and I get the error:
>>>
>>> checking for g++... no
>>> checking for c++... no
>>> checking for gpp... no
>>> checking for aCC... no
>>> checking for CC... no
>>> checking for cxx... no
>>> checking for cc++... no
>>> checking for cl.exe... no
>>> checking for FCC... no
>>> checking for KCC... no
>>> checking for RCC... no
>>> checking for xlC_r... no
>>> checking for xlC... no
>>> checking whether the C++ compiler works... no
>>> configure: error: in `/home/admin/clamav-0.101.0':
>>> configure: error: C++ compiler cannot create executables
>>> See `config.log' for more details
>>>
>>> I always install clam from source, as the previous versions. The funny thing is, if exctract and run configure in the previous version clamav-0.100.2 every works fine!
>>>
>>> I have a server with latest centos release, full updated.
>>>
>>> Any suggestions?
>>>
>>> Thank you in advance, Nikos.
>>>
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>
>> Robert Chalmers
>> https://robert-chalmers.uk
>> author at robert-chalmers.uk
>> @R_A_Chalmers
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20181210/aba6d139/attachment-0001.html>

------------------------------

Message: 3
Date: Mon, 10 Dec 2018 11:01:14 +0200
From: nikos <nikos at qbit.gr>
To: clamav-users at lists.clamav.net
Subject: Re: [clamav-users] Installation problem.
Message-ID: <04cac6c3-03f2-2df8-4f45-4533dcbf7a74 at qbit.gr>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20181210/5784ef97/attachment-0001.html>

------------------------------

Message: 4
Date: Mon, 10 Dec 2018 10:36:43 +0000
From: Robert Chalmers <racuk12 at icloud.com>
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] Installation problem.
Message-ID: <ADAA681E-9844-439C-8180-715A1307EE0D at icloud.com>
Content-Type: text/plain; charset="utf-8"


Ok, try
make clean

To cleanup the build first.

What sort of OS are you on? You may have said but I can?t remember.
So, delete the current directory you have it in and make sure you are downloading the correct sources.
https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/Installing.md

Or
https://github.com/Cisco-Talos/clamav-faq/blob/master/manual/UserManual/Installation-Unix.md

Ensure your environment points to your compiler. and libraries etc.

Read the INSTALL.MD

Other than that, not sure what could be wrong.

-----
Robert Chalmers
https://robert-chalmers.uk
author at robert-chalmers.uk
@R_A_Chalmers


> On 10 Dec 2018, at 9:01 am, nikos <nikos at qbit.gr> wrote:
>
> Robert,
>
> Both ./configure tidy and ./configure clean give:
>
> configure: WARNING: you should use --build, --host, --target
> checking for clean-g++... no
> checking for clean-c++... no
> checking for clean-gpp... no
> checking for clean-aCC... no
> checking for clean-CC... no
> checking for clean-cxx... no
> checking for clean-cc++... no
> checking for clean-cl.exe... no
> checking for clean-FCC... no
> checking for clean-KCC... no
> checking for clean-RCC... no
> checking for clean-xlC_r... no
> checking for clean-xlC... no
> checking for g++... no
> checking for c++... no
> checking for gpp... no
> checking for aCC... no
> checking for CC... no
> checking for cxx... no
> checking for cc++... no
> checking for cl.exe... no
> checking for FCC... no
> checking for KCC... no
> checking for RCC... no
> checking for xlC_r... no
> checking for xlC... no
> checking whether the C++ compiler works... no
> configure: error: in `/home/qbit/Downloads/clamav-0.101.0':
> configure: error: C++ compiler cannot create executables
> See `config.log' for more details
>
> Thank you.
>
>
> Ok, try this first.
> ./configure tidy
> ./configure clean
> ./configure <options>
>
> make
>
>
>
> -----
> Robert Chalmers
> https://robert-chalmers.uk
> author at robert-chalmers.uk
> @R_A_Chalmers
>
>
> > On 10 Dec 2018, at 7:36 am, nikos <nikos at qbit.gr> wrote:
> >
> > Hello list.
> >
> > I tried Robert, but nothing change.
> >
> > I think is something with configure file. I copy the configure file from previous version and work with no problem. So there is no problem with the C++ compiler. Can I do the installation with the previous configure file?
> >
> > I try download it again but nothing change, same problem.
> >
> > Any suggestions?
> >
> > Thank you.
> >
> >
> >
> >> On 7/12/2018 7:00 ?.?., clamav-users-request at lists.clamav.net wrote:
> >> My reasons for querying C++ is this in your log
> >>
> >>
> >>> checking for cc++... no
> >>
> >>> checking whether the C++ compiler works... no
> >>
> >>
> >>
> >> and as you are building 101, if you want to stop freshclam dumping an exit error in your logs - it still work, just gives a false error. change this
> >>
> >> freshclam/freshclamcodes.h from
> >>
> >> typedef enum fc_error_tag {
> >>     FC_SUCCESS          = 0,
> >>     FC_UPTODATE         = 1,
> >>
> >> to
> >>
> >> typedef enum fc_error_tag {
> >>     FC_SUCCESS          = 0,
> >>     FC_UPTODATE         = 0,
> >>
> >> The clamav code maintainers are aware of this???
> >>
> >> robert
> >>
> >>> On 7 Dec 2018, at 07:28, nikos <nikos at qbit.gr> wrote:
> >>>
> >>> Hello list.
> >>>
> >>> I'm trying to install the now version of clam and it seems to be compilation problems.
> >>>
> >>> I run ./configure --sysconfdir=/etc --enable-milter in the programs folder and I get the error:
> >>>
> >>> checking for g++... no
> >>> checking for c++... no
> >>> checking for gpp... no
> >>> checking for aCC... no
> >>> checking for CC... no
> >>> checking for cxx... no
> >>> checking for cc++... no
> >>> checking for cl.exe... no
> >>> checking for FCC... no
> >>> checking for KCC... no
> >>> checking for RCC... no
> >>> checking for xlC_r... no
> >>> checking for xlC... no
> >>> checking whether the C++ compiler works... no
> >>> configure: error: in `/home/admin/clamav-0.101.0':
> >>> configure: error: C++ compiler cannot create executables
> >>> See `config.log' for more details
> >>>
> >>> I always install clam from source, as the previous versions. The funny thing is, if exctract and run configure in the previous version clamav-0.100.2 every works fine!
> >>>
> >>> I have a server with latest centos release, full updated.
> >>>
> >>> Any suggestions?
> >>>
> >>> Thank you in advance, Nikos.
> >>>
> >>>
> >>> _______________________________________________
> >>> clamav-users mailing list
> >>> clamav-users at lists.clamav.net
> >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>>
> >>>
> >>> Help us build a comprehensive ClamAV guide:
> >>> https://github.com/vrtadmin/clamav-faq
> >>>
> >>> http://www.clamav.net/contact.html#ml
> >>
> >> Robert Chalmers
> >> https://robert-chalmers.uk
> >> author at robert-chalmers.uk
> >> @R_A_Chalmers
> > _______________________________________________
> > clamav-users mailing list
> > clamav-users at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20181210/99a83d61/attachment-0001.html>

------------------------------

Message: 5
Date: Mon, 10 Dec 2018 10:42:00 +0000
From: Robert Chalmers <racuk12 at gmail.com>
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: [clamav-users] Clamav download
Message-ID: <D410FF1E-8DA1-4877-BF2B-E49F5D830667 at gmail.com>
Content-Type: text/plain; charset="us-ascii"

http://www.clamav.net/downloads



-----
Robert Chalmers
https://robert-chalmers.uk
author at robert-chalmers.uk
@R_A_Chalmers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20181210/106be632/attachment-0001.html>

------------------------------

Message: 6
Date: Mon, 10 Dec 2018 09:58:25 -0500
From: "Eric Tykwinski" <eric-list at truenet.com>
To: "'ClamAV users ML'" <clamav-users at lists.clamav.net>
Subject: [clamav-users] Detecting Word docs with macros
Message-ID: <016e01d49098$cd19dd00$674d9700$@truenet.com>
Content-Type: text/plain; charset="us-ascii"

Default clam sigs obviously are not catching these, but wondering if anyone
has them included in a third party that rather FP friendly.

I also just tested a yara from here, and it seems to work, but not certain
about FPs from it either.

https://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-co
ntaining-macro/



Anyone have a suggestion?



Sincerely,



Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20181210/3249c646/attachment-0001.html>

------------------------------

Message: 7
Date: Mon, 10 Dec 2018 15:17:24 -0000
From: "Steve Basford" <steveb_clamav at sanesecurity.com>
To: "ClamAV users ML" <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] Detecting Word docs with macros
Message-ID:
<cf5f5c7b68146540924ddb1a3ae24ba4.squirrel at sanesecurity.com>
Content-Type: text/plain;charset=utf-8


On Mon, December 10, 2018 2:58 pm, Eric Tykwinski wrote:
> Default clam sigs obviously are not catching these, but wondering if
> anyone has them included in a third party that rather FP friendly.
>
> I also just tested a yara from here, and it seems to work, but not
> certain about FPs from it either.
>
Sanesecurity badmacro.ndb and phish.ndb and rogue.hdb will pretty much
cover a lot of those... MiscreantPunch099-Low.ldb for additional detection
but can hit scanning performance.

ClamAV settings in clamd.conf can also be tweaked to block documents with
macro and or passwords.


--
Cheers,

Steve
Twitter: @sanesecurity



------------------------------

Message: 8
Date: Mon, 10 Dec 2018 10:46:46 -0500
From: "Eric Tykwinski" <eric-list at truenet.com>
To: <steveb_clamav at sanesecurity.com>, "'ClamAV users ML'"
<clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] Detecting Word docs with macros
Message-ID: <019301d4909f$8ea14340$abe3c9c0$@truenet.com>
Content-Type: text/plain;charset="us-ascii"

Steve.

> Sanesecurity badmacro.ndb and phish.ndb and rogue.hdb will pretty much
> cover a lot of those... MiscreantPunch099-Low.ldb for additional detection
> but can hit scanning performance.
>
> ClamAV settings in clamd.conf can also be tweaked to block documents with
> macro and or passwords.


Thanks, just added badmacro.ndb, so hopefully that will help.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300




------------------------------

Subject: Digest Footer

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


------------------------------

End of clamav-users Digest, Vol 169, Issue 9
********************************************

________________________________

PRODUCTOS INNOVADOR, S.A DE C.V., con domicilio en Km. 31.5, Carretera México-Cuautitlán, Bodega 9, Colonia Conjunto Industrial Cuautitlán, Cuautitlán Estado de México, C.P. 54800, utilizará los datos personales recabados para: i) Proveer los servicios y productos que ha solicitado; ii) Informarle sobre servicios que prestamos; iii) Notificarle sobre nuevos servicios o productos que tengan relación con los ya contratados o adquiridos; iv) Comunicarle sobre los cambios en los mismos; v) Dar cumplimiento a las obligaciones que hemos contraído con usted; vi) Hacerle llegar alguna cotización solicitada; entre otros. Se hace de su conocimiento que en cumplimiento a la Ley Federal de Protección de Datos Personales en Posesión de los Particulares ha emitido un AVISO DE PRIVACIDAD, el cual puede ser consultado a través de nuestra página de internet www.innovador.com.mx
Si desea ejercer cualquiera de los Derechos ARCO sobre los datos que PRODUCTOS INNOVADOR, S.A DE C.V., ha recabado, contacte a nuestro encargado en privacidad at innovador.com.mx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Nave 28_C?mara3_192.168.2.64_20181210062829_20181210062849_163949_201812....wmv
Type: video/x-ms-wmv
Size: 2583305 bytes
Desc: Nave 28_C?mara3_192.168.2.64_20181210062829_20181210062849_163949_201812....wmv
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181210/ad4fafcb/attachment.wmv>


More information about the clamav-users mailing list