[clamav-users] pwdb files still supported ?
Scott Kitterman
debian at kitterman.com
Wed Feb 6 17:46:40 UTC 2019
Yes. Debian packages are built with yara support.
Scott K
On February 6, 2019 5:22:48 PM UTC, Arnaud Jacques <webmaster at securiteinfo.com> wrote:
>Hello Andrew,
>
>I use clamav provided by debian 8.11 :
>dpkg -l|grep clam
>ii clamav 0.100.2+dfsg-0+deb8u1 amd64
>anti-virus utility for Unix - command-line interface
>ii clamav-base 0.100.2+dfsg-0+deb8u1 all
>
>anti-virus utility for Unix - base package
>ii clamav-daemon 0.100.2+dfsg-0+deb8u1
>amd64 anti-virus utility for Unix - scanner daemon
>ii clamav-freshclam 0.100.2+dfsg-0+deb8u1
>amd64 anti-virus utility for Unix - virus database update
>utility
>ii clamdscan 0.100.2+dfsg-0+deb8u1 amd64
>anti-virus utility for Unix - scanner client
>ii libclamav7 0.100.2+dfsg-0+deb8u1 amd64
>anti-virus utility for Unix - libraryrt
>ii libclamunrar7 0.99-0+deb8u3
>amd64 anti-virus utility for Unix - unrar support
>
>How to know if it is compiled with yara support ? clamscan --debug does
>
>not seem to provide the information.
>
>On
>https://buildd.debian.org/status/package.php?p=clamav&suite=jessie-security,
>
>there is "no logs" for amd64
>o.O
>Other log files seems to show Debian compiles with yara support.
>For example :
>https://buildd.debian.org/status/fetch.php?pkg=clamav&arch=i386&ver=0.100.2%2Bdfsg-0%2Bdeb8u1&stamp=1540398955&raw=0
>
>Le 06/02/2019 à 17:32, Andrew Williams a écrit :
>> Hey Arnaud,
>>
>> I recently noticed a bug that causes .pwdb files to not be loaded
>from
>> the db directory when ClamAV is compiled without Yara support. Is
>> your ClamAV built with Yara support, and if not, can you try
>compiling
>> with Yara support and see whether this fixes the issue for you? This
>
>> issue will be fixed in an upcoming release.
>>
>> Thanks,
>>
>> -Andrew
>> Research Engineer
>> Malware Research Team
>>
>> On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques
>> <webmaster at securiteinfo.com <mailto:webmaster at securiteinfo.com>>
>wrote:
>>
>> Hello,
>>
>> It seems .pwdb files does not work since version 0.100.2 (may be
>> since
>> 0.100.0).
>> It has this format :
>>
>> cat passwords.pwdb
>> ZipPasswordInfected;Engine:51-255;0;infected
>>
>> This file is in ClamAV databases directory (/var/lib/clamav/) and
>> ClamAV
>> does not detect malwares when Zip is protected by the "infected"
>> password. Manually unzipped, ClamAV is enable to detect the
>malware.
>>
>> Is the format of .pwdb files has changed since 0.100.x ?
>> Is it still supported on recent ClamAV version ?
>>
>> --
>> Cordialement / Best regards,
>>
>> Arnaud Jacques
>> Gérant de SecuriteInfo.com
>>
>> Téléphone : +33-(0)3.44.39.76.46
>> E-mail : aj at securiteinfo.com <mailto:aj at securiteinfo.com>
>> Site web : https://www.securiteinfo.com
>> Facebook :
>> https://www.facebook.com/pages/SecuriteInfocom/132872523492286
>> Twitter : @SecuriteInfoCom
>>
>> Securiteinfo.com
>> La Sécurité Informatique - La Sécurité des Informations.
>> 266, rue de Villers
>> 60123 Bonneuil en Valois
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
><mailto:clamav-users at lists.clamav.net>
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list