Hi,
Please find the details requested
>There are many different ways to solve your problem, but we need a lot more
information from you. How do you receive these files?
Mainly, we get these virus via E-mail. We have Mail Gateways which are used
for filtering mails for your customer mail servers. So, daily we get viruses
which are not detected by ClamAV running on our Mail Gateways.
>This is not unusual. Can you let us have your ClamAV configuration?
[root@mailin-04 ~]# clamconf -n
Checking configuration files in /etc
Config file: clamd.d/scan.conf
------------------------------
LogFile = "/var/log/clamd.scan"
LogTime = "yes"
LogClean = "yes"
LogSyslog = "yes"
PidFile = "/var/run/clamd.scan/clamd.pid"
LocalSocket = "/var/run/clamd.scan/clamd.sock"
LocalSocketGroup = "mtagroup"
User = "clamscan"
OLE2BlockMacros = "yes"
*** AllowSupplementaryGroups is DEPRECATED ***
Config file: freshclam.conf
---------------------------
DatabaseMirror = "database.clamav.net"
mail/clamav-milter.conf not found
Software settings
-----------------
Version: 0.103.0
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2
ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 19:26:15 2019
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 21:42:33 2019
daily.cld: version 26056, sigs: 4199611, built on Thu Jan 21 18:04:40 2021
bytecode.cvd: version 331, sigs: 94, built on Thu Sep 19 21:42:33 2019
[3rd Party] hackingteam.hsb: 435 sigs
[3rd Party] porcupine.hsb: 121 sigs
[3rd Party] rfxn.ndb: 2039 sigs
[3rd Party] rfxn.hdb: 12927 sigs
[3rd Party] securiteinfoascii.hdb: 90606 sigs
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 19:26:15 2019
[3rd Party] sanesecurity.ftm: 170 sigs
[3rd Party] sigwhitelist.ign2: 10 sigs
[3rd Party] blurl.ndb: 1558 sigs
[3rd Party] junk.ndb: 60121 sigs
[3rd Party] jurlbl.ndb: 1540 sigs
[3rd Party] malwarehash.hsb: 771 sigs
[3rd Party] phish.ndb: 28027 sigs
[3rd Party] rogue.hdb: 372 sigs
[3rd Party] scam.ndb: 12742 sigs
[3rd Party] spamattach.hdb: 14 sigs
[3rd Party] spamimg.hdb: 200 sigs
[3rd Party] badmacro.ndb: 614 sigs
[3rd Party] jurlbla.ndb: 1561 sigs
[3rd Party] lott.ndb: 2335 sigs
[3rd Party] shelter.ldb: 49 sigs
[3rd Party] spam.ldb: 2 sigs
[3rd Party] spear.ndb: 1 sig
[3rd Party] spearl.ndb: 1 sig
[3rd Party] malware.expert.hdb: 1 sig
[3rd Party] malware.expert.fp: 1 sig
[3rd Party] malware.expert.ldb: 1 sig
[3rd Party] malware.expert.ndb: 1 sig
[3rd Party] foxhole_filename.cdb: 2613 sigs
[3rd Party] foxhole_generic.cdb: 212 sigs
[3rd Party] foxhole_js.cdb: 48 sigs
[3rd Party] foxhole_js.ndb: 4 sigs
[3rd Party] winnow_bad_cw.hdb: 1 sig
[3rd Party] winnow_extended_malware.hdb: 245 sigs
[3rd Party] winnow_malware_links.ndb: 133 sigs
[3rd Party] winnow_malware.hdb: 293 sigs
[3rd Party] winnow_phish_complete_url.ndb: 54 sigs
[3rd Party] winnow.attachments.hdb: 182 sigs
[3rd Party] urlhaus.ndb: 8201 sigs
[3rd Party] winnow_extended_malware_links.ndb: 1 sig
[3rd Party] winnow_spam_complete.ndb: 26 sigs
[3rd Party] winnow.complex.patterns.ldb: 3 sigs
[3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs
[3rd Party] scamnailer.ndb: 1 sig
[3rd Party] bofhland_cracked_URL.ndb: 40 sigs
[3rd Party] bofhland_malware_attach.hdb: 1836 sigs
[3rd Party] bofhland_malware_URL.ndb: 4 sigs
[3rd Party] bofhland_phishing_URL.ndb: 72 sigs
[3rd Party] phishtank.ndb: 9270 sigs
[3rd Party] porcupine.ndb: 6805 sigs
[3rd Party] securiteinfo.hdb: 127854 sigs
[3rd Party] securiteinfohtml.hdb: 52920 sigs
[3rd Party] securiteinfo.ign2: 142 sigs
[3rd Party] customsig.ndb: 3 sigs
[3rd Party] ebrandidc.ndb: 155 sigs
[3rd Party] ebrandidc.hdb: 12 sigs
Total number of signatures: 13758152
Platform information
--------------------
uname: Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020
x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
platform id: 0x0a2179790800000002040805
Build information
-----------------
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
-fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
-Wl,--as-needed -lprelude
Configure: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--program-prefix='
'--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--enable-milter' '--disable-clamav'
'--disable-static' '--disable-zlib-vcheck' '--disable-unrar'
'--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav'
'--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath'
'--disable-silent-rules' '--enable-clamdtop' '--enable-prelude'
'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
-Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64
-mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 121, dconf: 121
[root@mailin-04 ~]#
>but please tell us more about your ClamAV installation - for example what
operating system you're using to run it. For more >information about what
information will be useful see some of my previous posts in the list
archives, which can be found for >example at
ClamAV is installed in our Mail Gateways as the Virus Scanner. ClamAV is
integrated with MailScanner running on each mail gateway.
[root@mailin-04 ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
>Perhaps you can put samples somewhere (safe) on the Web for us to see.
I can put the viruses in a FTP server and share them with you.
>You do not need to do that. You can submit the files to the ClamAV team,
and for example to one of the third parties which >provide signatures, e.g.
Sanesecurity or Securiteinfo. If you submit samples, then in addition to
solving your own problem you >also provide a useful service to the
community:
Usually, I forward the virus mails to Sanesecurity.
I hope that I have provided the sufficient information for you.
Thanks for your support.
Regards
Chaminda Indrajith
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml