Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

ClamAV Virus Database Search

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


alvarnell at mac

Sep 24, 2011, 5:52 PM

Post #1 of 4 (878 views)
Permalink
ClamAV Virus Database Search

When I go to <http://clamav-du.securesites.net/cgi-bin/clamgrok> and enter
"OSX" I get a list of 34 hits for Mac OS signatures, but at least one is
missing.

When I open my daily.cld I can find the following:

MacOSX.Revir-1;Engine:51-255,Target:9;(0&1&2);<string>;<string>

which was added late yesterday but is not in the above list.

Any idea why it wouldn't show up?


-Al-

--
Al Varnell
Mountain View, CA



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


edwintorok at gmail

Sep 25, 2011, 12:36 AM

Post #2 of 4 (848 views)
Permalink
Re: ClamAV Virus Database Search [In reply to]

On 09/25/2011 03:52 AM, Al Varnell wrote:
> When I go to <http://clamav-du.securesites.net/cgi-bin/clamgrok> and enter
> "OSX" I get a list of 34 hits for Mac OS signatures, but at least one is
> missing.
>
> When I open my daily.cld I can find the following:
>
> MacOSX.Revir-1;Engine:51-255,Target:9;(0&1&2);<string>;<string>
>
> which was added late yesterday but is not in the above list.
>
> Any idea why it wouldn't show up?

That is a logical signature (.ldb).
Just a guess but maybe the site is using an old version
of ClamAV's sigtool that doesn't support that (0.95.3?),
or they unpack the CVD but don't search in .ldb files.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


alvarnell at mac

Sep 25, 2011, 2:41 AM

Post #3 of 4 (854 views)
Permalink
Re: ClamAV Virus Database Search [In reply to]

On Sep 25, 2011, at 12:36 AM, Török Edwin <edwintorok [at] gmail> wrote:

> On 09/25/2011 03:52 AM, Al Varnell wrote:
>> When I go to <http://clamav-du.securesites.net/cgi-bin/clamgrok> and enter
>> "OSX" I get a list of 34 hits for Mac OS signatures, but at least one is
>> missing.
>>
>> When I open my daily.cld I can find the following:
>>
>> MacOSX.Revir-1;Engine:51-255,Target:9;(0&1&2);<string>;<string>
>>
>> which was added late yesterday but is not in the above list.
>>
>> Any idea why it wouldn't show up?
>
> That is a logical signature (.ldb).
> Just a guess but maybe the site is using an old version
> of ClamAV's sigtool that doesn't support that (0.95.3?),
> or they unpack the CVD but don't search in .ldb files.

Thanks Edwin. Do you or anybody else have an email address for the tool POC so I can discuss it with them? I know that ViaVerio sponsors the host that it's on in Virginia, USA, but can't come up with a name.


Sent from Janet's iPad

-Al-
--
Al Varnell
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


luca at clamav

Sep 26, 2011, 1:36 PM

Post #4 of 4 (846 views)
Permalink
Re: ClamAV Virus Database Search [In reply to]

Hello Al,

> > of ClamAV's sigtool that doesn't support that (0.95.3?),
> > or they unpack the CVD but don't search in .ldb files.
> Thanks Edwin. Do you or anybody else have an email address for the tool POC so I can discuss it with them? I know that ViaVerio sponsors the host that it's on in Virginia, USA, but can't come up with a name.

I talked to Scott, the author, he said he fixed the problem.

Best regards

--
Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.