ClamAV Signatures from SecuriteInfo 90% Detection Rate!

hata_ph

Well-Known Member
Nov 13, 2019
828
168
48
43
Btw, I notice latest clamav signature should detect the virus without 3rd party signature.

1644114215295.png

1644114094199.png
 

killmasta93

Well-Known Member
Aug 13, 2017
906
51
48
28
hi guys anyone else has had this issue before, currently im using the securite paid version but when i try to scan it manually i get this

Code:
clamscan -id /var/lib/clamav securiteinfo0hour.hdb /root/bademail.eml
securiteinfo0hour.hdb: No such file or directory
WARNING: securiteinfo0hour.hdb: Can't access file
/root/bademail.eml: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND

but when i check the directory it shows the .hdb file

Code:
----------- SCAN SUMMARY -----------
Known viruses: 12902762
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.66 MB
Data read: 0.30 MB (ratio 2.22:1)
Time: 37.121 sec (0 m 37 s)
Start Date: 2022:05:25 00:15:48
End Date:   2022:05:25 00:16:25


root@mail:/var/lib/clamav# ls -l -h
total 592M
-rw-r--r-- 1 clamav clamav 586K Oct 14  2020 MiscreantPunch099-Low.ldb
-rw-r--r-- 1 clamav clamav 1.5K Jul  1  2015 Sanesecurity_sigtest.yara
-rw-r--r-- 1 clamav clamav 1.3K Feb 22  2016 Sanesecurity_spam.yara
-rw-r--r-- 1 clamav clamav  98K May 16 07:48 badmacro.ndb
-rw-r--r-- 1 clamav clamav 495K May 25 00:06 blurl.ndb
-rw-r--r-- 1 clamav clamav 3.4K Oct 14  2020 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav  610 Oct 14  2020 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav 104K Oct 14  2020 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav 9.5K Oct 14  2020 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav 287K Mar  9  2021 bytecode.cvd
-rw-r--r-- 1 clamav clamav  56M May 24 03:42 daily.cvd
-rw-r--r-- 1 clamav clamav 241K May 24 11:06 foxhole_filename.cdb
-rw-r--r-- 1 clamav clamav  51K Sep 11  2020 foxhole_generic.cdb
-rw-r--r-- 1 clamav clamav 3.8K Aug 18  2017 foxhole_js.cdb
-rw-r--r-- 1 clamav clamav  230 Nov 21  2016 foxhole_js.ndb
-rw-r--r-- 1 clamav clamav   69 May 16 23:08 freshclam.dat
-rw-r--r-- 1 clamav clamav  48K Aug  5  2015 hackingteam.hsb
-rw-r--r-- 1 clamav clamav  15M May 24 01:42 javascript.ndb
-rw-r--r-- 1 clamav clamav 6.7M May 24 11:06 junk.ndb
-rw-r--r-- 1 clamav clamav 661K May 24 11:06 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 172K May 24 19:06 jurlbla.ndb
-rw-r--r-- 1 clamav clamav 240K May 12 03:06 lott.ndb
-rw-r--r-- 1 clamav clamav 163M Nov 10  2021 main.cvd
-rw-r--r-- 1 clamav clamav   73 Oct 14  2020 malware.expert.fp
-rw-r--r-- 1 clamav clamav   73 Oct 14  2020 malware.expert.hdb
-rw-r--r-- 1 clamav clamav  246 Oct 14  2020 malware.expert.ldb
-rw-r--r-- 1 clamav clamav  130 Oct 14  2020 malware.expert.ndb
-rw-r--r-- 1 clamav clamav  73K Jun 29  2017 malwarehash.hsb
-rw-r--r-- 1 clamav clamav  147 Oct 14  2020 malwarepatrol.db
-rw-r--r-- 1 clamav clamav 4.1M May 24 09:06 phish.ndb
-rw-r--r-- 1 clamav clamav 600K Feb  5 10:00 phishtank.ndb
-rw-r--r-- 1 clamav clamav  31K May 24 21:01 porcupine.hsb
-rw-r--r-- 1 clamav clamav 640K May 25 00:00 porcupine.ndb
-rw-r--r-- 1 clamav clamav 847K Mar 16 00:22 rfxn.hdb
-rw-r--r-- 1 clamav clamav 442K Dec  1  2020 rfxn.ndb
-rw-r--r-- 1 clamav clamav 401K Aug 17  2020 rfxn.yara
-rw-r--r-- 1 clamav clamav 292K May 25 00:06 rogue.hdb
-rw-r--r-- 1 clamav clamav  13K Mar 31 10:07 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1.9M May 24 04:05 scam.ndb
-rw-r--r-- 1 clamav clamav  108 Nov 16  2020 scamnailer.ndb
-rw-r--r-- 1 clamav clamav  11M May 24 21:48 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 3.7K May 16 23:08 securiteinfo.ign2
-rw-r--r-- 1 clamav clamav 1.7M May 24 13:45 securiteinfo.mdb
-rw-r--r-- 1 clamav clamav  123 May 19 10:45 securiteinfo.pdb
-rw-r--r-- 1 clamav clamav 3.3K May 16 23:09 securiteinfo.yara
-rw-r--r-- 1 clamav clamav  38K May 25 00:11 securiteinfo0hour.hdb
-rw-r--r-- 1 clamav clamav 9.1M May 24 20:17 securiteinfoandroid.hdb
-rw-r--r-- 1 clamav clamav 8.8M May 24 21:17 securiteinfoascii.hdb
-rw-r--r-- 1 clamav clamav 5.1M May 24 20:47 securiteinfohtml.hdb
-rw-r--r-- 1 clamav clamav 299M May 16 23:08 securiteinfoold.hdb
-rw-r--r-- 1 clamav clamav 210K May 24 20:17 securiteinfopdf.hdb
-rw-r--r-- 1 clamav clamav 7.2K Dec 31  2020 shelter.ldb
-rw-r--r-- 1 clamav clamav  394 Apr 21 08:11 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav  556 May  5  2017 spam.ldb
-rw-r--r-- 1 clamav clamav 4.6M May 25 00:11 spam_marketing.ndb
-rw-r--r-- 1 clamav clamav 1.4K Apr 28  2017 spamattach.hdb
-rw-r--r-- 1 clamav clamav  20K May  5 07:06 spamimg.hdb
-rw-r--r-- 1 clamav clamav  115 Oct 14  2020 spear.ndb
-rw-r--r-- 1 clamav clamav  115 Nov 27  2018 spearl.ndb
-rw-r--r-- 1 clamav clamav 987K May 25 00:09 urlhaus.ndb
-rw-r--r-- 1 clamav clamav   64 Apr 20 09:14 winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav  660 Mar  5  2018 winnow.complex.patterns.ldb
-rw-r--r-- 1 clamav clamav   66 Mar  5  2018 winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav   65 Apr 20 09:08 winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav  159 Mar  5  2018 winnow_extended_malware_links.ndb
-rw-r--r-- 1 clamav clamav   65 Apr 20 09:00 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav  15K Nov 26  2019 winnow_malware_links.ndb
-rw-r--r-- 1 clamav clamav 6.5K Nov 13  2018 winnow_phish_complete_url.ndb
-rw-r--r-- 1 clamav clamav 2.8K Nov 14  2018 winnow_spam_complete.ndb
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,949
1,073
164
clamscan -id /var/lib/clamav securiteinfo0hour.hdb /root/bademail.eml
I think you're using clamscan wrong - see the manpage: `man clamscan`

I suppose it will work if you run `clamscan -id /var/lib/clamav /root/bademail.eml` - or even just: `clamscan -i /root/bademail.eml`
 
  • Like
Reactions: killmasta93

killmasta93

Well-Known Member
Aug 13, 2017
906
51
48
28
hi @Stoiko Ivanov it seems that it reads the file but very odd how it got passed in the first place i guess ill come back if anything comes up

Code:
root@mail:~# clamscan -i /root/bademail.eml
/root/bademail.eml: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 12908794
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.66 MB
Data read: 0.30 MB (ratio 2.22:1)
Time: 44.959 sec (0 m 44 s)
Start Date: 2022:05:30 14:14:30
End Date:   2022:05:30 14:15:15


Thank you
 
  • Like
Reactions: Stoiko Ivanov

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!