Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Availability of virus pettern for solaris

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


elbenchilla at googlemail

Jun 13, 2013, 3:51 AM

Post #1 of 16 (342 views)
Permalink
Availability of virus pettern for solaris
hello,

are there any pattern for viruses for solaris in the pattern db of clamav?
the regarding servers are no mail or samba servers where it makes sense...


best regards
toni
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


uhlar at fantomas

Jun 13, 2013, 4:42 AM

Post #2 of 16 (328 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On 13.06.13 12:51, Toni Habich wrote:
>are there any pattern for viruses for solaris in the pattern db of clamav?
>the regarding servers are no mail or samba servers where it makes sense...

is there any virus or common malware for solaris at all?

--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


elbenchilla at googlemail

Jun 13, 2013, 4:56 AM

Post #3 of 16 (329 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
i don't know. and that's the point. so I ask again - are there any virus
patterns for solaris 10 in the clamav pattern db???


2013/6/13 Matus UHLAR - fantomas <uhlar [at] fantomas>

> On 13.06.13 12:51, Toni Habich wrote:
>
>> are there any pattern for viruses for solaris in the pattern db of clamav?
>> the regarding servers are no mail or samba servers where it makes sense...
>>
>
> is there any virus or common malware for solaris at all?
>
> --
> Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> "Where do you want to go to die?" [Microsoft]
> ______________________________**_________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml>
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


jesler at sourcefire

Jun 13, 2013, 8:08 AM

Post #4 of 16 (322 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
There are patterns for almost all operating systems in the ClamAV db.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Jun 13, 2013, at 7:56 AM, Toni Habich <elbenchilla [at] googlemail> wrote:

> i don't know. and that's the point. so I ask again - are there any virus
> patterns for solaris 10 in the clamav pattern db???
>
>
> 2013/6/13 Matus UHLAR - fantomas <uhlar [at] fantomas>
>
>> On 13.06.13 12:51, Toni Habich wrote:
>>
>>> are there any pattern for viruses for solaris in the pattern db of clamav?
>>> the regarding servers are no mail or samba servers where it makes sense...
>>>
>>
>> is there any virus or common malware for solaris at all?
>>
>> --
>> Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> "Where do you want to go to die?" [Microsoft]
>> ______________________________**_________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml>
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


me at junc

Jun 14, 2013, 8:40 PM

Post #5 of 16 (313 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
Toni Habich skrev den 2013-06-13 13:56:
>> is there any virus or common malware for solaris at all?
> i don't know. and that's the point. so I ask again - are there any
> virus
> patterns for solaris 10 in the clamav pattern db???

first define what is a virus on solaris, is it elf or something else ?

--
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply, dont do it
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


dennispe at inetnw

Jun 18, 2013, 7:52 AM

Post #6 of 16 (303 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On 6/14/13 8:40:16PM, Benny Pedersen wrote:
> Toni Habich skrev den 2013-06-13 13:56:
>>> is there any virus or common malware for solaris at all?
>> i don't know. and that's the point. so I ask again - are there any virus
>> patterns for solaris 10 in the clamav pattern db???
>
> first define what is a virus on solaris, is it elf or something else ?
>
The answer to the OP's question, paraphrased, 'are there any signatures
in the ClamAV db files that address Solaris 10 exploits?', is a simple
yes/no. The Sourcefire people can answer. Perhaps detecting it is as
simple as them having included "Solaris" in the signature name which
would allow sigtool to reveal it. Perhaps not.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


azidouemba at sourcefire

Jun 18, 2013, 8:08 AM

Post #7 of 16 (305 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
As Joel Esler mentioned before, there are signatures for UNIX malware in
the official ClamAV DB.

- Alain
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


dennispe at inetnw

Jun 18, 2013, 12:22 PM

Post #8 of 16 (302 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On 6/18/13 8:08 AM, Alain Zidouemba wrote:
> As Joel Esler mentioned before, there are signatures for UNIX malware in
> the official ClamAV DB.
>
> - Alain


You would think such a simple question would have a simple answer. UNIX is not
Solaris. Solaris is one of a few UNIX's around. Are the UNIX signatures for
Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there are or not to
someone seeking Solaris 10 information, actually. Are there any for Solaris 10?

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


jesler at sourcefire

Jun 18, 2013, 12:30 PM

Post #9 of 16 (302 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On Jun 18, 2013, at 3:22 PM, Dennis Peterson <dennispe [at] inetnw> wrote:

> On 6/18/13 8:08 AM, Alain Zidouemba wrote:
>> As Joel Esler mentioned before, there are signatures for UNIX malware in
>> the official ClamAV DB.
>>
>> - Alain
>
>
> You would think such a simple question would have a simple answer. UNIX is not Solaris. Solaris is one of a few UNIX's around. Are the UNIX signatures for Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there are or not to someone seeking Solaris 10 information, actually. Are there any for Solaris 10?

UNIX is not Solaris. Solaris is a UNIX. If a piece of malware or PUA, etc, can be installed and ran on Unix or any of the variants (including Solaris) you mentioned above, then yes, we ship detection for it.

Are they tagged specifically "Solaris"? No. We tag malware with what it affects and the family. For example, Win.Trojan.Whatever. ("Whatever" being the name of the Trojan, that runs on Windows). We don't tag stuff as "WinXP.Trojan.Whatever".



--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


greg at donor

Jun 18, 2013, 12:35 PM

Post #10 of 16 (304 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On Tue, 2013-06-18 at 12:22 -0700, Dennis Peterson wrote:
> On 6/18/13 8:08 AM, Alain Zidouemba wrote:
> > As Joel Esler mentioned before, there are signatures for UNIX malware in
> > the official ClamAV DB.
> >
> > - Alain
>
>
> You would think such a simple question would have a simple answer. UNIX is not
> Solaris. Solaris is one of a few UNIX's around. Are the UNIX signatures for
> Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there are or not to
> someone seeking Solaris 10 information, actually. Are there any for Solaris 10?
>
> dp

How about you download the signatures, decompress them and quickly scan
them yourself? It seems as though this is a simple thing to do. Yes? I
mean you probably already have the files local in your installation...
why does someone else have to do something for you?

Why all the noise? I don't think Joel's answer was specific enough for
you... as Joel Esler responded earlier:

There are patterns for almost all operating systems in the
ClamAV db.

Why is it lately a lot of people (in many many disciplines) just want an
ANSWER and don't want to understand how to get the answer... themselves?

I'll be quiet now.
--
greg folkert - systems administration and support
web: donor.com
email: greg [at] donor
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"It's always too early to quit."
-- Norman Vincent Peale

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


dennispe at inetnw

Jun 18, 2013, 12:53 PM

Post #11 of 16 (303 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On 6/18/13 12:35 PM, Greg Folkert wrote:
> On Tue, 2013-06-18 at 12:22 -0700, Dennis Peterson wrote:
>> On 6/18/13 8:08 AM, Alain Zidouemba wrote:
>>> As Joel Esler mentioned before, there are signatures for UNIX malware in
>>> the official ClamAV DB.
>>>
>>> - Alain
>>
>>
>> You would think such a simple question would have a simple answer. UNIX is not
>> Solaris. Solaris is one of a few UNIX's around. Are the UNIX signatures for
>> Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there are or not to
>> someone seeking Solaris 10 information, actually. Are there any for Solaris 10?
>>
>> dp
>
> How about you download the signatures, decompress them and quickly scan
> them yourself? It seems as though this is a simple thing to do. Yes? I
> mean you probably already have the files local in your installation...
> why does someone else have to do something for you?
>
> Why all the noise? I don't think Joel's answer was specific enough for
> you... as Joel Esler responded earlier:
>
> There are patterns for almost all operating systems in the
> ClamAV db.
>
> Why is it lately a lot of people (in many many disciplines) just want an
> ANSWER and don't want to understand how to get the answer... themselves?
>
> I'll be quiet now.
>

Does "almost all operating systems" include Solaris 10? I've done my homework
and know the answer, actually. Did that years ago. I think unless you know the
the signature name by policy specifically indicates an OS family and specific
version you can't assume anything about the names and where the signatures
apply. That's why Sourcefire is the best group to ask the question about Solaris
10, specifically. Why the noise? Nobody answered the question. Those answers
were noise. I don't have any particular interest in the answer but did want to
help get the OPs exact question answered. And maybe I'm just bored, too. With
retirement comes a lot of free time. Or maybe this exchange will help people be
better communicators. No guarantees.

The answer is no, but Sourcefire can validate that.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


elbenchilla at googlemail

Jun 18, 2013, 1:03 PM

Post #12 of 16 (301 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
hello,

so could we all qalm down, please. the intention for my question was an plausible explanation for the security requirement of using a virus scanner on a normal solaris that doesn't work as a mail or samba server...
so i will have a look at the clamav pattern db to extract the unix specific patterns.

thx



Greg Folkert <greg [at] donor> schrieb:

>On Tue, 2013-06-18 at 12:22 -0700, Dennis Peterson wrote:
>> On 6/18/13 8:08 AM, Alain Zidouemba wrote:
>> > As Joel Esler mentioned before, there are signatures for UNIX
>malware in
>> > the official ClamAV DB.
>> >
>> > - Alain
>>
>>
>> You would think such a simple question would have a simple answer.
>UNIX is not
>> Solaris. Solaris is one of a few UNIX's around. Are the UNIX
>signatures for
>> Tru-64, HP-UX, BSD UNIX, SCO UNIX, AIX...? Doesn't matter if there
>are or not to
>> someone seeking Solaris 10 information, actually. Are there any for
>Solaris 10?
>>
>> dp
>
>How about you download the signatures, decompress them and quickly scan
>them yourself? It seems as though this is a simple thing to do. Yes? I
>mean you probably already have the files local in your installation...
>why does someone else have to do something for you?
>
>Why all the noise? I don't think Joel's answer was specific enough for
>you... as Joel Esler responded earlier:
>
> There are patterns for almost all operating systems in the
> ClamAV db.
>
>Why is it lately a lot of people (in many many disciplines) just want
>an
>ANSWER and don't want to understand how to get the answer...
>themselves?
>
>I'll be quiet now.
>--
>greg folkert - systems administration and support
>web: donor.com
>email: greg [at] donor
>phone: 877-751-3300 x416
>direct: 616-328-6449 (direct dial and fax)
>"It's always too early to quit."
> -- Norman Vincent Peale
>
>_______________________________________________
>Help us build a comprehensive ClamAV guide: visit
>http://wiki.clamav.net
>http://www.clamav.net/support/ml

--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


jesler at sourcefire

Jun 18, 2013, 1:23 PM

Post #13 of 16 (302 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On Jun 18, 2013, at 3:53 PM, Dennis Peterson <dennispe [at] inetnw> wrote:

> Does "almost all operating systems" include Solaris 10?

If I would have written back and said "ClamAV's db includes detection for malware on all operating systems" someone would have wrote back and said "all operating systems? srsly? 4real? all?"

Sorry if I wasn't super clear.

J
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


chris at westnet

Jun 18, 2013, 1:34 PM

Post #14 of 16 (301 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On Tue, 18 Jun 2013, Joel Esler wrote:

> If I would have written back and said "ClamAV's db includes detection for
> malware on all operating systems" someone would have wrote back and said
> "all operating systems? srsly? 4real? all?"

OK, who has some old Apple ][ boot sector viruses so we can actually claim
all ?

==========================================================
Chris Candreva -- chris [at] westnet -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


rickm at ummm-beer

Jun 18, 2013, 1:49 PM

Post #15 of 16 (302 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
On 2013-06-18 4:34 PM, Christopher X. Candreva wrote:
> On Tue, 18 Jun 2013, Joel Esler wrote:
>
>> If I would have written back and said "ClamAV's db includes detection for
>> malware on all operating systems" someone would have wrote back and said
>> "all operating systems? srsly? 4real? all?"
>
> OK, who has some old Apple ][ boot sector viruses so we can actually claim
> all ?
>

I actually do but I have no way to read the old disks. Even then, they
might not still be readable after all this time.

Rick


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


me at junc

Jun 20, 2013, 3:19 AM

Post #16 of 16 (272 views)
Permalink
Re: Availability of virus pettern for solaris [In reply to]
Christopher X. Candreva skrev den 2013-06-18 22:34:

> OK, who has some old Apple ][ boot sector viruses so we can actually
> claim all ?

Amiga for that matter, and dos programs running under win3.11

OS/2, CP/M ? :)

--
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply, dont do it
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.