issue with clamav filter?

killmasta93

Well-Known Member
Aug 13, 2017
906
51
48
28
Hi
i was wondering if someone else has had this issue before, Currently on PMG 6.4.4 and these emails keep coming in attaching file,

i checked the updates on clamav seems to be ok

1652881152888.png
 

Attachments

  • bademail.txt
    307.7 KB · Views: 3

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,968
1,080
164
and these emails keep coming in attaching file,
You're right ClamAV in it's default config - with the default signatures does not detect this as a virus.

you can consider installing another antivirus:
https://pmg.proxmox.com/wiki/index....ith_Proxmox_Mail_Gateway#Second_virus_scanner
(avast detected it)
additionally in my tests - it seems that the securiteinfo signatures would have also detected it:
https://www.securiteinfo.com/servic...e-of-zero-day-malwares-for-clamav.shtml?lg=en

(cannot not speak to whether either of both helps in general though - we really do get very few viruses via mail)

Currently on PMG 6.4.4
consider upgrading to 7.1 soon - PMG 6.4 will be EOL in a few months

https://pmg.proxmox.com/wiki/index.php/Upgrade_from_6.x_to_7.0

I hope this helps!
 
  • Like
Reactions: killmasta93

killmasta93

Well-Known Member
Aug 13, 2017
906
51
48
28
thank you yeah just bought the avast hope it helps odd that securiteinfo didnt get that either
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,968
1,080
164
odd that securiteinfo didnt get that either
it did here on a test-intall of mine?

Code:
clamdscan /tmp/bademail.txt 
/tmp/bademail.txt: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.037 sec (0 m 0 s)
Start Date: 2022:05:18 18:10:59
End Date:   2022:05:18 18:10:59
 

killmasta93

Well-Known Member
Aug 13, 2017
906
51
48
28
thank you so much for the reply,
Currently im getting this

Code:
root@mail:~# clamdscan bademail.eml
/root/bademail.eml: File path check failure: Permission denied. ERROR
/root/bademail.eml: File path check failure: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 2
Time: 0.001 sec (0 m 0 s)
Start Date: 2022:05:25 00:03:24
End Date:   2022:05:25 00:03:24

i also tried

Code:
root@mail:~# clamscan -id securiteinfo0hour.hdb bademail.eml

     LibClamAV Error: cl_load(): No such file or directory:      securiteinfo0hour.hdb

     ERROR: Can't get file status

    

     ----------- SCAN SUMMARY -----------

     Known viruses: 0

     Engine version: 0.103.5

     Scanned directories: 0

     Scanned files: 0

     Infected files: 0

     Data scanned: 0.00 MB

     Data read: 0.00 MB (ratio 0.00:1)

     Time: 0.000 sec (0 m 0 s)

Start Date: 2022:05:25 00:03:24

End Date:   2022:05:25 00:03:24
 

killmasta93

Well-Known Member
Aug 13, 2017
906
51
48
28
it seems that i needed to correct the route, but getting this outcome

Code:
clamscan -id /var/lib/clamav securiteinfo0hour.hdb /root/bademail.eml

Code:
securiteinfo0hour.hdb: No such file or directory
WARNING: securiteinfo0hour.hdb: Can't access file
/root/bademail.eml: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 12902762
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.66 MB
Data read: 0.30 MB (ratio 2.22:1)
Time: 37.121 sec (0 m 37 s)
Start Date: 2022:05:25 00:15:48
End Date:   2022:05:25 00:16:25


root@mail:/var/lib/clamav# ls -l -h
total 592M
-rw-r--r-- 1 clamav clamav 586K Oct 14  2020 MiscreantPunch099-Low.ldb
-rw-r--r-- 1 clamav clamav 1.5K Jul  1  2015 Sanesecurity_sigtest.yara
-rw-r--r-- 1 clamav clamav 1.3K Feb 22  2016 Sanesecurity_spam.yara
-rw-r--r-- 1 clamav clamav  98K May 16 07:48 badmacro.ndb
-rw-r--r-- 1 clamav clamav 495K May 25 00:06 blurl.ndb
-rw-r--r-- 1 clamav clamav 3.4K Oct 14  2020 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav  610 Oct 14  2020 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav 104K Oct 14  2020 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav 9.5K Oct 14  2020 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav 287K Mar  9  2021 bytecode.cvd
-rw-r--r-- 1 clamav clamav  56M May 24 03:42 daily.cvd
-rw-r--r-- 1 clamav clamav 241K May 24 11:06 foxhole_filename.cdb
-rw-r--r-- 1 clamav clamav  51K Sep 11  2020 foxhole_generic.cdb
-rw-r--r-- 1 clamav clamav 3.8K Aug 18  2017 foxhole_js.cdb
-rw-r--r-- 1 clamav clamav  230 Nov 21  2016 foxhole_js.ndb
-rw-r--r-- 1 clamav clamav   69 May 16 23:08 freshclam.dat
-rw-r--r-- 1 clamav clamav  48K Aug  5  2015 hackingteam.hsb
-rw-r--r-- 1 clamav clamav  15M May 24 01:42 javascript.ndb
-rw-r--r-- 1 clamav clamav 6.7M May 24 11:06 junk.ndb
-rw-r--r-- 1 clamav clamav 661K May 24 11:06 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 172K May 24 19:06 jurlbla.ndb
-rw-r--r-- 1 clamav clamav 240K May 12 03:06 lott.ndb
-rw-r--r-- 1 clamav clamav 163M Nov 10  2021 main.cvd
-rw-r--r-- 1 clamav clamav   73 Oct 14  2020 malware.expert.fp
-rw-r--r-- 1 clamav clamav   73 Oct 14  2020 malware.expert.hdb
-rw-r--r-- 1 clamav clamav  246 Oct 14  2020 malware.expert.ldb
-rw-r--r-- 1 clamav clamav  130 Oct 14  2020 malware.expert.ndb
-rw-r--r-- 1 clamav clamav  73K Jun 29  2017 malwarehash.hsb
-rw-r--r-- 1 clamav clamav  147 Oct 14  2020 malwarepatrol.db
-rw-r--r-- 1 clamav clamav 4.1M May 24 09:06 phish.ndb
-rw-r--r-- 1 clamav clamav 600K Feb  5 10:00 phishtank.ndb
-rw-r--r-- 1 clamav clamav  31K May 24 21:01 porcupine.hsb
-rw-r--r-- 1 clamav clamav 640K May 25 00:00 porcupine.ndb
-rw-r--r-- 1 clamav clamav 847K Mar 16 00:22 rfxn.hdb
-rw-r--r-- 1 clamav clamav 442K Dec  1  2020 rfxn.ndb
-rw-r--r-- 1 clamav clamav 401K Aug 17  2020 rfxn.yara
-rw-r--r-- 1 clamav clamav 292K May 25 00:06 rogue.hdb
-rw-r--r-- 1 clamav clamav  13K Mar 31 10:07 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1.9M May 24 04:05 scam.ndb
-rw-r--r-- 1 clamav clamav  108 Nov 16  2020 scamnailer.ndb
-rw-r--r-- 1 clamav clamav  11M May 24 21:48 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 3.7K May 16 23:08 securiteinfo.ign2
-rw-r--r-- 1 clamav clamav 1.7M May 24 13:45 securiteinfo.mdb
-rw-r--r-- 1 clamav clamav  123 May 19 10:45 securiteinfo.pdb
-rw-r--r-- 1 clamav clamav 3.3K May 16 23:09 securiteinfo.yara
-rw-r--r-- 1 clamav clamav  38K May 25 00:11 securiteinfo0hour.hdb
-rw-r--r-- 1 clamav clamav 9.1M May 24 20:17 securiteinfoandroid.hdb
-rw-r--r-- 1 clamav clamav 8.8M May 24 21:17 securiteinfoascii.hdb
-rw-r--r-- 1 clamav clamav 5.1M May 24 20:47 securiteinfohtml.hdb
-rw-r--r-- 1 clamav clamav 299M May 16 23:08 securiteinfoold.hdb
-rw-r--r-- 1 clamav clamav 210K May 24 20:17 securiteinfopdf.hdb
-rw-r--r-- 1 clamav clamav 7.2K Dec 31  2020 shelter.ldb
-rw-r--r-- 1 clamav clamav  394 Apr 21 08:11 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav  556 May  5  2017 spam.ldb
-rw-r--r-- 1 clamav clamav 4.6M May 25 00:11 spam_marketing.ndb
-rw-r--r-- 1 clamav clamav 1.4K Apr 28  2017 spamattach.hdb
-rw-r--r-- 1 clamav clamav  20K May  5 07:06 spamimg.hdb
-rw-r--r-- 1 clamav clamav  115 Oct 14  2020 spear.ndb
-rw-r--r-- 1 clamav clamav  115 Nov 27  2018 spearl.ndb
-rw-r--r-- 1 clamav clamav 987K May 25 00:09 urlhaus.ndb
-rw-r--r-- 1 clamav clamav   64 Apr 20 09:14 winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav  660 Mar  5  2018 winnow.complex.patterns.ldb
-rw-r--r-- 1 clamav clamav   66 Mar  5  2018 winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav   65 Apr 20 09:08 winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav  159 Mar  5  2018 winnow_extended_malware_links.ndb
-rw-r--r-- 1 clamav clamav   65 Apr 20 09:00 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav  15K Nov 26  2019 winnow_malware_links.ndb
-rw-r--r-- 1 clamav clamav 6.5K Nov 13  2018 winnow_phish_complete_url.ndb
-rw-r--r-- 1 clamav clamav 2.8K Nov 14  2018 winnow_spam_complete.ndb
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!