issue with clamav filter?

K

killmasta93

Renowned Member
Aug 13, 2017
974
59
68
31
Hi
i was wondering if someone else has had this issue before, Currently on PMG 6.4.4 and these emails keep coming in attaching file,

i checked the updates on clamav seems to be ok

1652881152888.png
 

Attachments

killmasta93 said:
and these emails keep coming in attaching file,
Click to expand...
You're right ClamAV in it's default config - with the default signatures does not detect this as a virus.

you can consider installing another antivirus:
https://pmg.proxmox.com/wiki/index....ith_Proxmox_Mail_Gateway#Second_virus_scanner
(avast detected it)
additionally in my tests - it seems that the securiteinfo signatures would have also detected it:
https://www.securiteinfo.com/servic...e-of-zero-day-malwares-for-clamav.shtml?lg=en

(cannot not speak to whether either of both helps in general though - we really do get very few viruses via mail)

killmasta93 said:
Currently on PMG 6.4.4
Click to expand...
consider upgrading to 7.1 soon - PMG 6.4 will be EOL in a few months

https://pmg.proxmox.com/wiki/index.php/Upgrade_from_6.x_to_7.0

I hope this helps!
 
  • Like
Reactions: killmasta93
thank you yeah just bought the avast hope it helps odd that securiteinfo didnt get that either
 
killmasta93 said:
odd that securiteinfo didnt get that either
Click to expand...
it did here on a test-intall of mine?

Code: 
clamdscan /tmp/bademail.txt 
/tmp/bademail.txt: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.037 sec (0 m 0 s)
Start Date: 2022:05:18 18:10:59
End Date:   2022:05:18 18:10:59
 
thank you so much for the reply,
Currently im getting this

Code: 
root@mail:~# clamdscan bademail.eml
/root/bademail.eml: File path check failure: Permission denied. ERROR
/root/bademail.eml: File path check failure: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 2
Time: 0.001 sec (0 m 0 s)
Start Date: 2022:05:25 00:03:24
End Date:   2022:05:25 00:03:24

i also tried

Code: 
root@mail:~# clamscan -id securiteinfo0hour.hdb bademail.eml

     LibClamAV Error: cl_load(): No such file or directory:      securiteinfo0hour.hdb

     ERROR: Can't get file status

    

     ----------- SCAN SUMMARY -----------

     Known viruses: 0

     Engine version: 0.103.5

     Scanned directories: 0

     Scanned files: 0

     Infected files: 0

     Data scanned: 0.00 MB

     Data read: 0.00 MB (ratio 0.00:1)

     Time: 0.000 sec (0 m 0 s)

Start Date: 2022:05:25 00:03:24

End Date:   2022:05:25 00:03:24
 
it seems that i needed to correct the route, but getting this outcome

Code: 
clamscan -id /var/lib/clamav securiteinfo0hour.hdb /root/bademail.eml

Code: 
securiteinfo0hour.hdb: No such file or directory
WARNING: securiteinfo0hour.hdb: Can't access file
/root/bademail.eml: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 12902762
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.66 MB
Data read: 0.30 MB (ratio 2.22:1)
Time: 37.121 sec (0 m 37 s)
Start Date: 2022:05:25 00:15:48
End Date:   2022:05:25 00:16:25


root@mail:/var/lib/clamav# ls -l -h
total 592M
-rw-r--r-- 1 clamav clamav 586K Oct 14  2020 MiscreantPunch099-Low.ldb
-rw-r--r-- 1 clamav clamav 1.5K Jul  1  2015 Sanesecurity_sigtest.yara
-rw-r--r-- 1 clamav clamav 1.3K Feb 22  2016 Sanesecurity_spam.yara
-rw-r--r-- 1 clamav clamav  98K May 16 07:48 badmacro.ndb
-rw-r--r-- 1 clamav clamav 495K May 25 00:06 blurl.ndb
-rw-r--r-- 1 clamav clamav 3.4K Oct 14  2020 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav  610 Oct 14  2020 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav 104K Oct 14  2020 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav 9.5K Oct 14  2020 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav 287K Mar  9  2021 bytecode.cvd
-rw-r--r-- 1 clamav clamav  56M May 24 03:42 daily.cvd
-rw-r--r-- 1 clamav clamav 241K May 24 11:06 foxhole_filename.cdb
-rw-r--r-- 1 clamav clamav  51K Sep 11  2020 foxhole_generic.cdb
-rw-r--r-- 1 clamav clamav 3.8K Aug 18  2017 foxhole_js.cdb
-rw-r--r-- 1 clamav clamav  230 Nov 21  2016 foxhole_js.ndb
-rw-r--r-- 1 clamav clamav   69 May 16 23:08 freshclam.dat
-rw-r--r-- 1 clamav clamav  48K Aug  5  2015 hackingteam.hsb
-rw-r--r-- 1 clamav clamav  15M May 24 01:42 javascript.ndb
-rw-r--r-- 1 clamav clamav 6.7M May 24 11:06 junk.ndb
-rw-r--r-- 1 clamav clamav 661K May 24 11:06 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 172K May 24 19:06 jurlbla.ndb
-rw-r--r-- 1 clamav clamav 240K May 12 03:06 lott.ndb
-rw-r--r-- 1 clamav clamav 163M Nov 10  2021 main.cvd
-rw-r--r-- 1 clamav clamav   73 Oct 14  2020 malware.expert.fp
-rw-r--r-- 1 clamav clamav   73 Oct 14  2020 malware.expert.hdb
-rw-r--r-- 1 clamav clamav  246 Oct 14  2020 malware.expert.ldb
-rw-r--r-- 1 clamav clamav  130 Oct 14  2020 malware.expert.ndb
-rw-r--r-- 1 clamav clamav  73K Jun 29  2017 malwarehash.hsb
-rw-r--r-- 1 clamav clamav  147 Oct 14  2020 malwarepatrol.db
-rw-r--r-- 1 clamav clamav 4.1M May 24 09:06 phish.ndb
-rw-r--r-- 1 clamav clamav 600K Feb  5 10:00 phishtank.ndb
-rw-r--r-- 1 clamav clamav  31K May 24 21:01 porcupine.hsb
-rw-r--r-- 1 clamav clamav 640K May 25 00:00 porcupine.ndb
-rw-r--r-- 1 clamav clamav 847K Mar 16 00:22 rfxn.hdb
-rw-r--r-- 1 clamav clamav 442K Dec  1  2020 rfxn.ndb
-rw-r--r-- 1 clamav clamav 401K Aug 17  2020 rfxn.yara
-rw-r--r-- 1 clamav clamav 292K May 25 00:06 rogue.hdb
-rw-r--r-- 1 clamav clamav  13K Mar 31 10:07 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1.9M May 24 04:05 scam.ndb
-rw-r--r-- 1 clamav clamav  108 Nov 16  2020 scamnailer.ndb
-rw-r--r-- 1 clamav clamav  11M May 24 21:48 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 3.7K May 16 23:08 securiteinfo.ign2
-rw-r--r-- 1 clamav clamav 1.7M May 24 13:45 securiteinfo.mdb
-rw-r--r-- 1 clamav clamav  123 May 19 10:45 securiteinfo.pdb
-rw-r--r-- 1 clamav clamav 3.3K May 16 23:09 securiteinfo.yara
-rw-r--r-- 1 clamav clamav  38K May 25 00:11 securiteinfo0hour.hdb
-rw-r--r-- 1 clamav clamav 9.1M May 24 20:17 securiteinfoandroid.hdb
-rw-r--r-- 1 clamav clamav 8.8M May 24 21:17 securiteinfoascii.hdb
-rw-r--r-- 1 clamav clamav 5.1M May 24 20:47 securiteinfohtml.hdb
-rw-r--r-- 1 clamav clamav 299M May 16 23:08 securiteinfoold.hdb
-rw-r--r-- 1 clamav clamav 210K May 24 20:17 securiteinfopdf.hdb
-rw-r--r-- 1 clamav clamav 7.2K Dec 31  2020 shelter.ldb
-rw-r--r-- 1 clamav clamav  394 Apr 21 08:11 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav  556 May  5  2017 spam.ldb
-rw-r--r-- 1 clamav clamav 4.6M May 25 00:11 spam_marketing.ndb
-rw-r--r-- 1 clamav clamav 1.4K Apr 28  2017 spamattach.hdb
-rw-r--r-- 1 clamav clamav  20K May  5 07:06 spamimg.hdb
-rw-r--r-- 1 clamav clamav  115 Oct 14  2020 spear.ndb
-rw-r--r-- 1 clamav clamav  115 Nov 27  2018 spearl.ndb
-rw-r--r-- 1 clamav clamav 987K May 25 00:09 urlhaus.ndb
-rw-r--r-- 1 clamav clamav   64 Apr 20 09:14 winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav  660 Mar  5  2018 winnow.complex.patterns.ldb
-rw-r--r-- 1 clamav clamav   66 Mar  5  2018 winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav   65 Apr 20 09:08 winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav  159 Mar  5  2018 winnow_extended_malware_links.ndb
-rw-r--r-- 1 clamav clamav   65 Apr 20 09:00 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav  15K Nov 26  2019 winnow_malware_links.ndb
-rw-r--r-- 1 clamav clamav 6.5K Nov 13  2018 winnow_phish_complete_url.ndb
-rw-r--r-- 1 clamav clamav 2.8K Nov 14  2018 winnow_spam_complete.ndb
 
Last edited:
You must log in or register to reply here.
Top Bottom