Mailing List Archive: ClamAV: users

ClamAV Virus Database Search

Index | Next | Previous | View Threaded

alvarnell at mac

Sep 24, 2011, 5:52 PM

Post #1 of 4 (525 views)
Permalink

ClamAV Virus Database Search

When I go to <http://clamav-du.securesites.net/cgi-bin/clamgrok> and enter
"OSX" I get a list of 34 hits for Mac OS signatures, but at least one is
missing.

When I open my daily.cld I can find the following:

MacOSX.Revir-1;Engine:51-255,Target:9;(0&1&2);<string>;<string>

which was added late yesterday but is not in the above list.

Any idea why it wouldn't show up?

-Al-

--
Al Varnell
Mountain View, CA

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

edwintorok at gmail

Sep 25, 2011, 12:36 AM

Post #2 of 4 (509 views)
Permalink

Re: ClamAV Virus Database Search [In reply to]

On 09/25/2011 03:52 AM, Al Varnell wrote:
> When I go to <http://clamav-du.securesites.net/cgi-bin/clamgrok> and enter
> "OSX" I get a list of 34 hits for Mac OS signatures, but at least one is
> missing.
>
> When I open my daily.cld I can find the following:
>
> MacOSX.Revir-1;Engine:51-255,Target:9;(0&1&2);<string>;<string>
>
> which was added late yesterday but is not in the above list.
>
> Any idea why it wouldn't show up?

That is a logical signature (.ldb).
Just a guess but maybe the site is using an old version
of ClamAV's sigtool that doesn't support that (0.95.3?),
or they unpack the CVD but don't search in .ldb files.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

alvarnell at mac

Sep 25, 2011, 2:41 AM

Post #3 of 4 (513 views)
Permalink

Re: ClamAV Virus Database Search [In reply to]

On Sep 25, 2011, at 12:36 AM, Török Edwin <edwintorok [at] gmail> wrote:

> On 09/25/2011 03:52 AM, Al Varnell wrote:
>> When I go to <http://clamav-du.securesites.net/cgi-bin/clamgrok> and enter
>> "OSX" I get a list of 34 hits for Mac OS signatures, but at least one is
>> missing.
>>
>> When I open my daily.cld I can find the following:
>>
>> MacOSX.Revir-1;Engine:51-255,Target:9;(0&1&2);<string>;<string>
>>
>> which was added late yesterday but is not in the above list.
>>
>> Any idea why it wouldn't show up?
>
> That is a logical signature (.ldb).
> Just a guess but maybe the site is using an old version
> of ClamAV's sigtool that doesn't support that (0.95.3?),
> or they unpack the CVD but don't search in .ldb files.

Thanks Edwin. Do you or anybody else have an email address for the tool POC so I can discuss it with them? I know that ViaVerio sponsors the host that it's on in Virginia, USA, but can't come up with a name.

Sent from Janet's iPad

-Al-
--
Al Varnell
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

luca at clamav

Sep 26, 2011, 1:36 PM

Post #4 of 4 (503 views)
Permalink

Re: ClamAV Virus Database Search [In reply to]

Hello Al,

> > of ClamAV's sigtool that doesn't support that (0.95.3?),
> > or they unpack the CVD but don't search in .ldb files.
> Thanks Edwin. Do you or anybody else have an email address for the tool POC so I can discuss it with them? I know that ViaVerio sponsors the host that it's on in Virginia, USA, but can't come up with a name.

I talked to Scott, the author, he said he fixed the problem.

Best regards

--
Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads