okay, now i found a permission issue.
Ubuntu sets the clamav-deamon and clamav-freshclam automatically to chmod 0644 (in /etc/init.d/) and this is completely wrong.
I have now set chmod 0755 to this files (must run as program) and now my wdb file is read by clamscan, but it noticed me, that this database is malformed.
Now i have removed all new lines and comments, maybe this solve the issue - don't know now.
Is there a detailed explanation available how to have i format this .wbd file?
I find unfortunately the clamav.net Docu is not detailed enough.
I create this wdb file in this way:
exec 3> /var/lib/clamav/daily.wdb
echo 1>&3 "Some Line"
echo 1>&3 "Some Line"
echo 1>&3 "Some Line"
exec 3>&-
Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
Gesendet / Sent: Mittwoch, Januar 04, 2023 um 16:48 (at 04:48 PM) +0100
Betreff / Subject: [clamav-users] Fwd: exception rule - help needed
no one can help me?
Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
Gesendet / Sent: Dienstag, Januar 03, 2023 um 20:03 (at 08:03 PM) +0100
Betreff / Subject: [clamav-users] exception rule - help needed
Hi @ all and happy new year!
I need help to create an exception rule for my Bank e-mails.
Currently, I have a "whitelist.wbd" file in the lib folder of clamav, but all of my rules seems not work.
Please help me to get the expected result, and it is generally no way for me, to disable this checks for all.
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://www.facebook.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://twitter.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://www.instagram.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://www.youtube.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://play.google.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://apps.apple.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> #
> X:(http:\/\/|https:\/\/)(.+)(facebook|twitter|instagram|youtube|play\.google|apps\.apple)(.+):(http:\/\/|https:\/\/)(.+)(sparkasse|sls\-direkt)\.de([\/?].*)?:20-
> M:facebook.com:mailing.sparkasse.de
> M:https://twitter.com:mailing.sparkasse.de
> M:instagram.com:mailing.sparkasse.de
> M:youtube.com:mailing.sparkasse.de
> M:play.google.com:mailing.sparkasse.de
> M:apps.apple.com:mailing.sparkasse.de
kind regards,
Marc
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Ubuntu sets the clamav-deamon and clamav-freshclam automatically to chmod 0644 (in /etc/init.d/) and this is completely wrong.
I have now set chmod 0755 to this files (must run as program) and now my wdb file is read by clamscan, but it noticed me, that this database is malformed.
Now i have removed all new lines and comments, maybe this solve the issue - don't know now.
Is there a detailed explanation available how to have i format this .wbd file?
I find unfortunately the clamav.net Docu is not detailed enough.
I create this wdb file in this way:
exec 3> /var/lib/clamav/daily.wdb
echo 1>&3 "Some Line"
echo 1>&3 "Some Line"
echo 1>&3 "Some Line"
exec 3>&-
Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
Gesendet / Sent: Mittwoch, Januar 04, 2023 um 16:48 (at 04:48 PM) +0100
Betreff / Subject: [clamav-users] Fwd: exception rule - help needed
no one can help me?
Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
Gesendet / Sent: Dienstag, Januar 03, 2023 um 20:03 (at 08:03 PM) +0100
Betreff / Subject: [clamav-users] exception rule - help needed
Hi @ all and happy new year!
I need help to create an exception rule for my Bank e-mails.
Currently, I have a "whitelist.wbd" file in the lib folder of clamav, but all of my rules seems not work.
Please help me to get the expected result, and it is generally no way for me, to disable this checks for all.
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://www.facebook.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://twitter.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://www.instagram.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://www.youtube.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://play.google.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> # LibClamAV info: Suspicious link found!
> # LibClamAV info: Real URL: https://apps.apple.com
> # LibClamAV info: Display URL: https://mailing.sparkasse.de
> #
> X:(http:\/\/|https:\/\/)(.+)(facebook|twitter|instagram|youtube|play\.google|apps\.apple)(.+):(http:\/\/|https:\/\/)(.+)(sparkasse|sls\-direkt)\.de([\/?].*)?:20-
> M:facebook.com:mailing.sparkasse.de
> M:https://twitter.com:mailing.sparkasse.de
> M:instagram.com:mailing.sparkasse.de
> M:youtube.com:mailing.sparkasse.de
> M:play.google.com:mailing.sparkasse.de
> M:apps.apple.com:mailing.sparkasse.de
kind regards,
Marc
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
