[clamav-users] pwdb files still supported ?
Arnaud Jacques
webmaster at securiteinfo.com
Wed Feb 6 17:22:48 UTC 2019
Hello Andrew,
I use clamav provided by debian 8.11 :
dpkg -l|grep clam
ii clamav 0.100.2+dfsg-0+deb8u1 amd64
anti-virus utility for Unix - command-line interface
ii clamav-base 0.100.2+dfsg-0+deb8u1 all
anti-virus utility for Unix - base package
ii clamav-daemon 0.100.2+dfsg-0+deb8u1
amd64 anti-virus utility for Unix - scanner daemon
ii clamav-freshclam 0.100.2+dfsg-0+deb8u1
amd64 anti-virus utility for Unix - virus database update utility
ii clamdscan 0.100.2+dfsg-0+deb8u1 amd64
anti-virus utility for Unix - scanner client
ii libclamav7 0.100.2+dfsg-0+deb8u1 amd64
anti-virus utility for Unix - libraryrt
ii libclamunrar7 0.99-0+deb8u3
amd64 anti-virus utility for Unix - unrar support
How to know if it is compiled with yara support ? clamscan --debug does
not seem to provide the information.
On
https://buildd.debian.org/status/package.php?p=clamav&suite=jessie-security,
there is "no logs" for amd64
o.O
Other log files seems to show Debian compiles with yara support.
For example :
https://buildd.debian.org/status/fetch.php?pkg=clamav&arch=i386&ver=0.100.2%2Bdfsg-0%2Bdeb8u1&stamp=1540398955&raw=0
Le 06/02/2019 à 17:32, Andrew Williams a écrit :
> Hey Arnaud,
>
> I recently noticed a bug that causes .pwdb files to not be loaded from
> the db directory when ClamAV is compiled without Yara support. Is
> your ClamAV built with Yara support, and if not, can you try compiling
> with Yara support and see whether this fixes the issue for you? This
> issue will be fixed in an upcoming release.
>
> Thanks,
>
> -Andrew
> Research Engineer
> Malware Research Team
>
> On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques
> <webmaster at securiteinfo.com <mailto:webmaster at securiteinfo.com>> wrote:
>
> Hello,
>
> It seems .pwdb files does not work since version 0.100.2 (may be
> since
> 0.100.0).
> It has this format :
>
> cat passwords.pwdb
> ZipPasswordInfected;Engine:51-255;0;infected
>
> This file is in ClamAV databases directory (/var/lib/clamav/) and
> ClamAV
> does not detect malwares when Zip is protected by the "infected"
> password. Manually unzipped, ClamAV is enable to detect the malware.
>
> Is the format of .pwdb files has changed since 0.100.x ?
> Is it still supported on recent ClamAV version ?
>
> --
> Cordialement / Best regards,
>
> Arnaud Jacques
> Gérant de SecuriteInfo.com
>
> Téléphone : +33-(0)3.44.39.76.46
> E-mail : aj at securiteinfo.com <mailto:aj at securiteinfo.com>
> Site web : https://www.securiteinfo.com
> Facebook :
> https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> Twitter : @SecuriteInfoCom
>
> Securiteinfo.com
> La Sécurité Informatique - La Sécurité des Informations.
> 266, rue de Villers
> 60123 Bonneuil en Valois
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : aj at securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190206/7ab63666/attachment.htm>
More information about the clamav-users
mailing list