Hi Orion,

This time I went through daily.ldb to check all the published Urlhaus signatures and I think I updated the ones that kept "hiding" from me :) I updated my ClamAV db today in the morning and I'm not seeing any alerts on the files you shared a while back. Please let me know if you still have issues.

Best regards,

Lilia Gonzalez
Malware Research Team
Cisco Talos

On Wed, Feb 10, 2021 at 6:41 PM Orion Poplawski <orion@nwra.com> wrote:

Lilia -

Thanks for the update. We are still seeing the following get blocked
though:

Virus Urlhaus.Malware.364328-9787819-0:

https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.33.2-an+fx.xpi?filehash=sha256%3A5c3a5ef6f5b5475895053238026360020d6793b05541d20032ea9dd1c9cae451

This is with today's update.

Orion

On 2/8/21 10:39 AM, Lilia Gonzalez Medina wrote:
> Hi Orion,
>
> Apologies for taking too long to respond. After some tests I was able to
> reproduce the FPs and target type 3 LDB signatures for Urlhaus have been
> updated and published and should not alert on legitimate files anymore.
> Please update your ClamAV database and if you still have some issues
> please let me know.
>
> Best regards,
>
> Lilia Gonzalez
> Malware Research Team
> Cisco Talos
>
>
>
> On Tue, Jan 12, 2021 at 12:54 PM Orion Poplawski <orion@nwra.com
> <mailto:orion@nwra.com>> wrote:
>
> Lilia -
>
> Odd, I see it:
>
> # https_proxy= curl -o ublock_origin-1.32.4-an+fx.xpi
> 'https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>'
> # clamscan ublock_origin-1.32.4-an+fx.xpi
> ublock_origin-1.32.4-an+fx.xpi: Urlhaus.Malware.364328-9787819-0 FOUND
>
> # clamscan --version
> ClamAV 0.103.0/26046/Mon Jan 11 05:34:14 2021
>
> # clamscan urlhaus-filter-online.txt
> urlhaus-filter-online.txt: Urlhaus.Malware.364328-9787819-0 FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 8799521
> Engine version: 0.103.0
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.29 MB
> Data read: 0.14 MB (ratio 2.11:1)
> Time: 21.911 sec (0 m 21 s)
> Start Date: 2021:01:12 10:37:52
> End Date: 2021:01:12 10:38:14
>
> Other URLs:
>
> Virus Urlhaus.Malware.364328-9787819-0:
> https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>: 2
> Time(s)
>
> https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>:
> 2 Time(s)
>
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> I've attached copies.
>
> Orion
>
> On 1/8/21 9:18 PM, Lilia Gonzalez Medina wrote:
> > Orion, I haven't been able to reproduce the FP with
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>.
> >
> >
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
> >
> > If you could send me the file that alerts with
> > Urlhaus.Malware.364328-9787819-0 I could look into it.
> >
> > Best regards,
> >
> > Lilia Gonzalez
> > Malware Research Team
> > Cisco Talos
> >
> > On Thu, Jan 7, 2021 at 12:00 PM Orion Poplawski <orion@nwra.com
> <mailto:orion@nwra.com>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>>> wrote:
> >
> > Lilia -
> >
> >    Virus database is updated daily and updated last night.
> Still seeing one
> > this morning:
> >
> >    Virus Urlhaus.Malware.364328-9787819-0:
> >
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>:
> > 1 Time(s)
> >
> > Though that is a different signature.
> >
> > Orion
> >
> > On 1/7/21 7:56 AM, Lilia Gonzalez Medina wrote:
> > > Hi Orion!
> > >
> > > Those NBD signatures were updated at the beginning of the
> week and
> > should not
> > > FP anymore. Please update your ClamAV db and let us know if
> the issue
> > persists.
> > >
> > > Best regards,
> > >
> > > Lilia Gonzalez
> > > Malware Research Team
> > > Cisco Talos
> > >
> > >
> > > On Wed, Jan 6, 2021 at 4:59 PM Orion Poplawski
> <orion@nwra.com <mailto:orion@nwra.com>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> > > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>> wrote:
> > >
> > > Lilia -
> > >
> > >    Thanks for the response.   We're seeing some others
> getting
> > triggered as
> > > well:
> > >
> > >      Virus Urlhaus.Malware.490516-9766015-0:
> > >         10.21.2.5
> > >
> https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
> > >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>: 2
> > Time(s)
> > >         10.21.2.5
> > >
> >
> https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
> > >
> >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>:
> > > 2 Time(s)
> > >         10.21.2.5
> > >
> >
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
> > >
> >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>:
> > > 1 Time(s)
> > >         10.21.2.5
> > >
> >
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
> > >
> >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>:
> > > 1 Time(s)
> > >         10.21.2.5
> > >
> >
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>
> >
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>>
> > >
> >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>
> >
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>>>:
> > > 1 Time(s)
> > >
> > >    Virus Urlhaus.Malware.161756-8797115-0:
> > >    10.10.20.7
> > >
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
> > >
> >
>   <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>>:
> > > 1 Time(s)
> > >    10.11.1.3
> > >
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
> > >
> >
>   <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>>:
> > > 1 Time(s)
> > >
> > >
> > > Orion
> > >
> > > On 1/4/21 8:43 AM, Lilia Gonzalez Medina wrote:
> > > > Hi Orion!
> > > >
> > > > Thank you for reporting this. URLhaus is a partner
> that generates
> > a list of
> > > > ClamAV signatures to target malicious URLs. Signature
> > > > Urlhaus.Malware.452652-9766253-0 looks for a
> malicious URL inside HTML
> > > > files, which is why it is alerting on the URLs you
> mentioned. We
> > found these
> > > > FPs some weeks ago and added an extra check on new ClamAV
> > signatures to
> > > > prevent them from alerting on legitimate URLhaus
> content. We are
> > currently
> > > > updating older ClamAV signatures to ensure they don't
> FP on
> > non-malicious
> > > > HTML files.
> > > >
> > > > Best regards,
> > > >
> > > > Lilia Gonzalez
> > > > Malware Research Team
> > > > Cisco Talos
> > > >
> > > > On Wed, Dec 23, 2020 at 1:11 PM Orion Poplawski
> <orion@nwra.com <mailto:orion@nwra.com>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> > > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>
> > > > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>>> wrote:
> > > >
> > > > Can anyone give me some details about the
> > > Urlhaus.Malware.452652-9766253-0
> > > > signature? We're seeing following URLs trigger it:
> > > >
> > > >
> > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
> > >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>
> > > >
> >
>   <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
> > >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>>
> > > >
> > >
> >
> https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
> > >
> >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>
> > > >
> > >
> >
>    <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
> > >
> >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>>
> > > >
> > >
> >
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>
> > >
> >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>>
> > > >
> > >
> >
>    <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>
> > >
> >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>>>
> > > >
> > >
> >
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
> > >
> >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>
> > > >
> > >
> >
>    <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
> > >
> >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>>
> > > >
> > >
> >
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
> > >
> >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>
> > > >
> > >
> >
>    <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
> > >
> >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>>
> > > >
> > > > Which seems to be the online update URLs for the
> urlhaus
> > filter. Does
> > > > ClamAV
> > > > deem urlhaus a bad actor?
> > > >
> > > > Thanks,
> > > >    Orion
> > > >
> > > > --
> > > > Orion Poplawski
> > > > Manager of NWRA Technical Systems
> 720-772-5637
> > > > NWRA, Boulder/CoRA Office FAX:
> 303-415-9702
> > > > 3380 Mitchell Lane orion@nwra.com
> <mailto:orion@nwra.com>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> > > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>
> > > > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>>
> > > > Boulder, CO 80301 https://www.nwra.com/
> <https://www.nwra.com/>
> > <https://www.nwra.com/ <https://www.nwra.com/>>
> > > <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>>
> > > > <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>
> > <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>>>
> > > >
> > > > _______________________________________________
> > > >
> > > > clamav-users mailing list
> > > > clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> > <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>
> > <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>>
> > > <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> > <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>
> > <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>>>
> > > >
> https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>
> > > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>>
> > > >
> <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>
> > > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>>>
> > > >
> > > >
> > > > Help us build a comprehensive ClamAV guide:
> > > > https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>
> > > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>>
> > > > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>
> > > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>>>
> > > >
> > > > http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>
> > > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>>
> > > > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>
> > > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>>>
> > > >
> > > >
> > > > _______________________________________________
> > > >
> > > > clamav-users mailing list
> > > > clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> > <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>
> > <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>>
> > > >
> https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>
> > > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>>
> > > >
> > > >
> > > > Help us build a comprehensive ClamAV guide:
> > > > https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>
> > > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> > <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>>
> > > >
> > > > http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>
> > > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> > <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>>
> > >
> > >
> > > --
> > > Orion Poplawski
> > > Manager of NWRA Technical Systems 720-772-5637
> > > NWRA, Boulder/CoRA Office FAX: 303-415-9702
> > > 3380 Mitchell Lane orion@nwra.com <mailto:orion@nwra.com>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> > > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>
> > > Boulder, CO 80301 https://www.nwra.com/
> <https://www.nwra.com/>
> > <https://www.nwra.com/ <https://www.nwra.com/>>
> > > <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>>
> > >
> > >
> >
> >
> > --
> > Orion Poplawski
> > Manager of NWRA Technical Systems 720-772-5637
> > NWRA, Boulder/CoRA Office FAX: 303-415-9702
> > 3380 Mitchell Lane orion@nwra.com <mailto:orion@nwra.com>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> > Boulder, CO 80301 https://www.nwra.com/ <https://www.nwra.com/>
> > <https://www.nwra.com/ <https://www.nwra.com/>>
> >
>
>
> --
> Orion Poplawski
> Manager of NWRA Technical Systems 720-772-5637
> NWRA, Boulder/CoRA Office FAX: 303-415-9702
> 3380 Mitchell Lane orion@nwra.com <mailto:orion@nwra.com>
> Boulder, CO 80301 https://www.nwra.com/ <https://www.nwra.com/>
>

--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/