Mailing List Archive

>
> I have setup a private mirror for ClamAV. I have pointed it to the private
> mirror on freshclam.conf. My question is how do i test this to make sure I am
> pulling the most up to date definitions from the private mirror to the server
> being scanned? Thanks in advance.
>

turn off gateway / change routing
tcpdump
block with iptables

etc
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Hello,

You can use this command to print the build information which will include the date it was published:

sigtool --info /path/to/database?

For example:

? sigtool --info /var/lib/clamav/daily.cld
File: /var/lib/clamav/daily.cld
Build time: 30 Jan 2023 03:24 -0500
Version: 26797
Signatures: 2018753
Functionality level: 90
Builder: raynman
Verification OK.

Is that what you're looking for?

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Bryan Whipkey via clamav-users <clamav-users@lists.clamav.net>
Sent: Sunday, January 29, 2023 2:01 AM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Bryan Whipkey <cloud81186@live.com>
Subject: [clamav-users] ClamAV Private Mirror Question

Hello,

I have setup a private mirror for ClamAV. I have pointed it to the private mirror on freshclam.conf. My question is how do i test this to make sure I am pulling the most up to date definitions from the private mirror to the server being scanned? Thanks in advance.

Sent from my iPhone. Please excuse any typos.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

additional you can do this little more complcated like me:

$(host -W "60" -t TXT "current.cvd.clamav.net")

and cut all needed informations from descriptive text

for example:

# current.cvd.clamav.net descriptive text "0.103.7:62:26777:1673344800:1:90:49192:333"

0.103.7 is the suggested software version
62 is version of main.cld or main.cvd
26777 is version of daily.cld or cvd
1673344800 unixdate when the files created from clamav
90 is the f-level for daily.cld or daily.cvd
49192 is probably the version of freshclam.dat (i'm not sure, but it can't really be anything else)
333 is the version of bytecode.cvd

Am I right Micah?

i had once found an explanation of the descriptive txt but i can't find it anymore


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Micah Snyder \(Micasnyd\) <mailto:micasnyd@cisco.com>, Bryan Whipkey <mailto:cloud81186@live.com>
Gesendet / Sent: Montag, Januar 30, 2023 um 18:33 (at 06:33 PM) +0100
Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question
> Hello,
>
> You can use this command to print the build information which will include the date it was published:
>
> |sigtool --info /path/to/database|?
>
> For example:
>
> ? sigtool --info /var/lib/clamav/daily.cld
> File: /var/lib/clamav/daily.cld
> Build time: 30 Jan 2023 03:24 -0500
> Version: 26797
> Signatures: 2018753
> Functionality level: 90
> Builder: raynman
> Verification OK.
>
> Is that what you're looking for?
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Bryan Whipkey via clamav-users <clamav-users@lists.clamav.net>
> *Sent:* Sunday, January 29, 2023 2:01 AM
> *To:* clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
> *Cc:* Bryan Whipkey <cloud81186@live.com>
> *Subject:* [clamav-users] ClamAV Private Mirror Question
> Hello,
>
> I have setup a private mirror for ClamAV. I have pointed it to the private mirror on freshclam.conf. My question is how do i test this to make sure I am pulling the most up to date definitions from the private mirror to the server being scanned? Thanks in advance.
>
> Sent from my iPhone. Please excuse any typos.
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Very close. The 49192 number is for the version of (now defunct) safebrowsing.cvd.

But yes, if they're able to access DNS and compare the version of daily/main/bytecode with what is in the DNS record then that will also be useful.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
Sent: Monday, January 30, 2023 10:43 AM
To: ClamAV User Mailinglist <clamav-users@lists.clamav.net>
Cc: newcomer01 <newcomer01@posteo.de>
Subject: Re: [clamav-users] ClamAV Private Mirror Question

additional you can do this little more complcated like me:

$(host -W "60" -t TXT "current.cvd.clamav.net")

and cut all needed informations from descriptive text

for example:

# current.cvd.clamav.net descriptive text "0.103.7:62:26777:1673344800:1:90:49192:333"

0.103.7 is the suggested software version
62 is version of main.cld or main.cvd
26777 is version of daily.cld or cvd
1673344800 unixdate when the files created from clamav
90 is the f-level for daily.cld or daily.cvd
49192 is probably the version of freshclam.dat (i'm not sure, but it can't really be anything else)
333 is the version of bytecode.cvd

Am I right Micah?

i had once found an explanation of the descriptive txt but i can't find it anymore


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Micah Snyder \(Micasnyd\) <mailto:micasnyd@cisco.com>, Bryan Whipkey <mailto:cloud81186@live.com>
Gesendet / Sent: Montag, Januar 30, 2023 um 18:33 (at 06:33 PM) +0100
Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question
> Hello,
>
> You can use this command to print the build information which will include the date it was published:
>
> |sigtool --info /path/to/database|?
>
> For example:
>
> ? sigtool --info /var/lib/clamav/daily.cld
> File: /var/lib/clamav/daily.cld
> Build time: 30 Jan 2023 03:24 -0500
> Version: 26797
> Signatures: 2018753
> Functionality level: 90
> Builder: raynman
> Verification OK.
>
> Is that what you're looking for?
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Bryan Whipkey via clamav-users <clamav-users@lists.clamav.net>
> *Sent:* Sunday, January 29, 2023 2:01 AM
> *To:* clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
> *Cc:* Bryan Whipkey <cloud81186@live.com>
> *Subject:* [clamav-users] ClamAV Private Mirror Question
> Hello,
>
> I have setup a private mirror for ClamAV. I have pointed it to the private mirror on freshclam.conf. My question is how do i test this to make sure I am pulling the most up to date definitions from the private mirror to the server being scanned? Thanks in advance.
>
> Sent from my iPhone. Please excuse any typos.
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

thanks for the hint Micah.

unfortunately Ubuntu doesn't have a field in "stat" to store the version number (or am i blind?), then you could really compare the already existing versions with the currently delivered version and only update when versions differ.

Currently you have only a chance to do something like this, when you read the creation date from the txt and set that as the modification date of the file (touch -m -t yyyymmdd.ss), then you can compare these times (file time from the existing ones and the "new" file time).

Or change clamscan or clamdscan this dates while running?

Regards,
Marc

Von / From: Micah Snyder (Micasnyd) <mailto:micasnyd@cisco.com>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
Gesendet / Sent: Montag, Januar 30, 2023 um 20:16 (at 08:16 PM) +0100
Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question
> Very close.  The 49192 number is for the version of (now defunct) safebrowsing.cvd.
>
> But yes, if they're able to access DNS and compare the version of daily/main/bytecode with what is in the DNS record then that will also be useful.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
> *Sent:* Monday, January 30, 2023 10:43 AM
> *To:* ClamAV User Mailinglist <clamav-users@lists.clamav.net>
> *Cc:* newcomer01 <newcomer01@posteo.de>
> *Subject:* Re: [clamav-users] ClamAV Private Mirror Question
> additional you can do this little more complcated like me:
>
> $(host -W "60" -t TXT "current.cvd.clamav.net")
>
> and cut all needed informations from descriptive text
>
> for example:
>
> # current.cvd.clamav.net descriptive text "0.103.7:62:26777:1673344800:1:90:49192:333"
>
> 0.103.7 is the suggested software version
> 62 is version of main.cld or main.cvd
> 26777 is version of daily.cld or cvd
> 1673344800 unixdate when the files created from clamav
> 90 is the f-level for daily.cld or daily.cvd
> 49192 is probably the version of freshclam.dat (i'm not sure, but it can't really be anything else)
> 333 is the version of bytecode.cvd
>
> Am I right Micah?
>
> i had once found an explanation of the descriptive txt but i can't find it anymore
>
>
> Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
> An / To: Newcomer01 <mailto:newcomer01@posteo.de <mailto:newcomer01@posteo.de>>
> CC / CC: Micah Snyder \(Micasnyd\) <mailto:micasnyd@cisco.com <mailto:micasnyd@cisco.com>>, Bryan Whipkey <mailto:cloud81186@live.com <mailto:cloud81186@live.com>>
> Gesendet / Sent: Montag, Januar 30, 2023 um 18:33 (at 06:33 PM) +0100
> Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question
> > Hello,
> >
> > You can use this command to print the build information which will include the date it was published:
> >
> > |sigtool --info /path/to/database|?
> >
> > For example:
> >
> > ? sigtool --info /var/lib/clamav/daily.cld
> > File: /var/lib/clamav/daily.cld
> > Build time: 30 Jan 2023 03:24 -0500
> > Version: 26797
> > Signatures: 2018753
> > Functionality level: 90
> > Builder: raynman
> > Verification OK.
> >
> > Is that what you're looking for?
> >
> > Regards,
> > Micah
> >
> > Micah Snyder
> > ClamAV Development
> > Talos
> > Cisco Systems, Inc.
> >
> > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> > *From:* clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Bryan Whipkey via clamav-users <clamav-users@lists.clamav.net>
> > *Sent:* Sunday, January 29, 2023 2:01 AM
> > *To:* clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
> > *Cc:* Bryan Whipkey <cloud81186@live.com>
> > *Subject:* [clamav-users] ClamAV Private Mirror Question
> > Hello,
> >
> > I have setup a private mirror for ClamAV. I have pointed it to the private mirror on freshclam.conf. My question is how do i test this to make sure I am pulling the most up to date definitions from the private mirror to the server being scanned? Thanks in advance.
> >
> > Sent from my iPhone. Please excuse any typos.
> > _______________________________________________
> >
> > Manage your clamav-users mailing list subscription / unsubscribe:
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/Cisco-Talos/clamav-documentation
> >
> > https://docs.clamav.net/#mailing-lists-and-chat
> >
> > _______________________________________________
> >
> > Manage your clamav-users mailing list subscription / unsubscribe:
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/Cisco-Talos/clamav-documentation
> >
> > https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat