Mailing List Archive

Lilia -

Thanks for the update. We are still seeing the following get blocked
though:


Virus Urlhaus.Malware.364328-9787819-0:

https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.33.2-an+fx.xpi?filehash=sha256%3A5c3a5ef6f5b5475895053238026360020d6793b05541d20032ea9dd1c9cae451

This is with today's update.

Orion

On 2/8/21 10:39 AM, Lilia Gonzalez Medina wrote:
> Hi Orion,
>
> Apologies for taking too long to respond. After some tests I was able to
> reproduce the FPs and target type 3 LDB signatures for Urlhaus have been
> updated and published and should not alert on legitimate files anymore.
> Please update your ClamAV database and if you still have some issues
> please let me know.
>
> Best regards,
>
> Lilia Gonzalez
> Malware Research Team
> Cisco Talos
>
>
>
> On Tue, Jan 12, 2021 at 12:54 PM Orion Poplawski <orion@nwra.com
> <mailto:orion@nwra.com>> wrote:
>
> Lilia -
>
>   Odd, I see it:
>
> # https_proxy= curl -o ublock_origin-1.32.4-an+fx.xpi
> 'https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>'
> # clamscan ublock_origin-1.32.4-an+fx.xpi
> ublock_origin-1.32.4-an+fx.xpi: Urlhaus.Malware.364328-9787819-0 FOUND
>
> # clamscan --version
> ClamAV 0.103.0/26046/Mon Jan 11 05:34:14 2021
>
> # clamscan urlhaus-filter-online.txt
> urlhaus-filter-online.txt: Urlhaus.Malware.364328-9787819-0 FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 8799521
> Engine version: 0.103.0
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.29 MB
> Data read: 0.14 MB (ratio 2.11:1)
> Time: 21.911 sec (0 m 21 s)
> Start Date: 2021:01:12 10:37:52
> End Date:   2021:01:12 10:38:14
>
> Other URLs:
>
>     Virus Urlhaus.Malware.364328-9787819-0:
> https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>: 2
> Time(s)
>
> https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>:
> 2 Time(s)
>
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>:
> 1 Time(s)
>
> I've attached copies.
>
>   Orion
>
> On 1/8/21 9:18 PM, Lilia Gonzalez Medina wrote:
> > Orion, I haven't been able to reproduce the FP with
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>.
> >
> >
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
> >
> > If you could send me the file that alerts with
> > Urlhaus.Malware.364328-9787819-0 I could look into it.
> >
> > Best regards,
> >
> > Lilia Gonzalez
> > Malware Research Team
> > Cisco Talos
> >
> > On Thu, Jan 7, 2021 at 12:00 PM Orion Poplawski <orion@nwra.com
> <mailto:orion@nwra.com>
> > <mailto:orion@nwra.com <mailto:orion@nwra.com>>> wrote:
> >
> >     Lilia -
> >
> >       Virus database is updated daily and updated last night.
> Still seeing one
> >     this morning:
> >
> >         Virus Urlhaus.Malware.364328-9787819-0:
> >
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>:
> >     1 Time(s)
> >
> >     Though that is a different signature.
> >
> >     Orion
> >
> >     On 1/7/21 7:56 AM, Lilia Gonzalez Medina wrote:
> >     > Hi Orion!
> >     >
> >     > Those NBD signatures were updated at the beginning of the
> week and
> >     should not
> >     > FP anymore. Please update your ClamAV db and let us know if
> the issue
> >     persists.
> >     >
> >     > Best regards,
> >     >
> >     > Lilia Gonzalez
> >     >  Malware Research Team
> >     >  Cisco Talos
> >     >
> >     >
> >     > On Wed, Jan 6, 2021 at 4:59 PM Orion Poplawski
> <orion@nwra.com <mailto:orion@nwra.com>
> >     <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> >     > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>> wrote:
> >     >
> >     >     Lilia -
> >     >
> >     >       Thanks for the response.   We're seeing some others
> getting
> >     triggered as
> >     >     well:
> >     >
> >     >         Virus Urlhaus.Malware.490516-9766015-0:
> >     >            10.21.2.5
> >     >
> https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
> >     >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>: 2
> >     Time(s)
> >     >            10.21.2.5
> >     >
> >
> https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>:
> >     >     2 Time(s)
> >     >            10.21.2.5
> >     >
> >
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>:
> >     >     1 Time(s)
> >     >            10.21.2.5
> >     >
> >
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>:
> >     >     1 Time(s)
> >     >            10.21.2.5
> >     >
> >
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>
> >
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>
> >
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/10be1f3fc35ff760fb57a10ab7a4ba7feed5d037/urlhaus-filter-online.txt>>>:
> >     >     1 Time(s)
> >     >
> >     >         Virus Urlhaus.Malware.161756-8797115-0:
> >     >            10.10.20.7
> >     >
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
> >     >
> >
>   <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>>:
> >     >     1 Time(s)
> >     >            10.11.1.3
> >     >
> >
> https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc
> <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>
> >     >
> >
>   <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>
> >
>  <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc <https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc>>>:
> >     >     1 Time(s)
> >     >
> >     >
> >     >     Orion
> >     >
> >     >     On 1/4/21 8:43 AM, Lilia Gonzalez Medina wrote:
> >     >     > Hi Orion!
> >     >     >
> >     >     > Thank you for reporting this. URLhaus is a partner
> that generates
> >     a list of
> >     >     > ClamAV signatures to target malicious URLs. Signature
> >     >     > Urlhaus.Malware.452652-9766253-0 looks for a
> malicious URL inside HTML
> >     >     > files, which is why it is alerting on the URLs you
> mentioned. We
> >     found these
> >     >     > FPs some weeks ago and added an extra check on new ClamAV
> >     signatures to
> >     >     > prevent them from alerting on legitimate URLhaus
> content. We are
> >     currently
> >     >     > updating older ClamAV signatures to ensure they don't
> FP on
> >     non-malicious
> >     >     > HTML files.
> >     >     >
> >     >     > Best regards,
> >     >     >
> >     >     > Lilia Gonzalez
> >     >     > Malware Research Team
> >     >     > Cisco Talos
> >     >     >
> >     >     > On Wed, Dec 23, 2020 at 1:11 PM Orion Poplawski
> <orion@nwra.com <mailto:orion@nwra.com>
> >     <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> >     >     <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>
> >     >     > <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> >     <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>>> wrote:
> >     >     >
> >     >     >     Can anyone give me some details about the
> >     >     Urlhaus.Malware.452652-9766253-0
> >     >     >     signature?  We're seeing following URLs trigger it:
> >     >     >
> >     >     >
> > https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
> >     >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>
> >     >     >
> >
>   <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>
> >     >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>
> >
>  <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt
> <https://curben.gitlab.io/malware-filter/urlhaus-filter-online.txt>>>>
> >     >     >
> >     >
> >
> https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>
> >     >     >
> >     >
> >
>    <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt <https://raw.githubusercontent.com/curbengh/urlhaus-filter/master/urlhaus-filter-online.txt>>>>
> >     >     >
> >     >
> >
> https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt
> <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>>
> >     >     >
> >     >
> >
>    <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>
> >
>  <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt <https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/c499fcbe5e95f61bbe889f4e3a19d5d2e877e120/urlhaus-filter-online.txt>>>>
> >     >     >
> >     >
> >
> https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt
> <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>
> >     >     >
> >     >
> >
>    <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>
> >
>  <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt <https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt>>>>
> >     >     >
> >     >
> >
> https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt
> <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>
> >     >     >
> >     >
> >
>    <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>
> >     >
> >
>   <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>
> >
>  <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt <https://cdn.jsdelivr.net/gh/curbengh/urlhaus-filter/urlhaus-filter-online.txt>>>>
> >     >     >
> >     >     >     Which seems to be the online update URLs for the
> urlhaus
> >     filter.  Does
> >     >     >     ClamAV
> >     >     >     deem urlhaus a bad actor?
> >     >     >
> >     >     >     Thanks,
> >     >     >       Orion
> >     >     >
> >     >     >     --
> >     >     >     Orion Poplawski
> >     >     >     Manager of NWRA Technical Systems
> 720-772-5637
> >     >     >     NWRA, Boulder/CoRA Office             FAX:
> 303-415-9702
> >     >     >     3380 Mitchell Lane orion@nwra.com
> <mailto:orion@nwra.com>
> >     <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> >     >     <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>
> >     >     >     <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> >     <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>>
> >     >     >     Boulder, CO 80301 https://www.nwra.com/
> <https://www.nwra.com/>
> >     <https://www.nwra.com/ <https://www.nwra.com/>>
> >     >     <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>>
> >     >     >     <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>
> >     <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>>>
> >     >     >
> >     >     >     _______________________________________________
> >     >     >
> >     >     >     clamav-users mailing list
> >     >     > clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> >     <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>
> >     <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>>
> >     >     <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> >     <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>
> >     <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>>>
> >     >     >
> https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>
> >     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>>
> >     >     >
>  <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>
> >     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>>>
> >     >     >
> >     >     >
> >     >     >     Help us build a comprehensive ClamAV guide:
> >     >     > https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>
> >     >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>>
> >     >     >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>
> >     >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>>>
> >     >     >
> >     >     > http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>
> >     >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>>
> >     >     >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>
> >     >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>>>
> >     >     >
> >     >     >
> >     >     > _______________________________________________
> >     >     >
> >     >     > clamav-users mailing list
> >     >     > clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> >     <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>
> >     <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>
> <mailto:clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>>>
> >     >     >
> https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>
> >     >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
> >     <https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>>>
> >     >     >
> >     >     >
> >     >     > Help us build a comprehensive ClamAV guide:
> >     >     > https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>
> >     >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
> >     <https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>>>
> >     >     >
> >     >     > http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>
> >     >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
> >     <http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>>>
> >     >
> >     >
> >     >     --
> >     >     Orion Poplawski
> >     >     Manager of NWRA Technical Systems          720-772-5637
> >     >     NWRA, Boulder/CoRA Office             FAX: 303-415-9702
> >     >     3380 Mitchell Lane orion@nwra.com <mailto:orion@nwra.com>
> >     <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> >     >     <mailto:orion@nwra.com <mailto:orion@nwra.com>
> <mailto:orion@nwra.com <mailto:orion@nwra.com>>>
> >     >     Boulder, CO 80301 https://www.nwra.com/
> <https://www.nwra.com/>
> >     <https://www.nwra.com/ <https://www.nwra.com/>>
> >     >     <https://www.nwra.com/ <https://www.nwra.com/>
> <https://www.nwra.com/ <https://www.nwra.com/>>>
> >     >
> >     >
> >
> >
> >     --
> >     Orion Poplawski
> >     Manager of NWRA Technical Systems          720-772-5637
> >     NWRA, Boulder/CoRA Office             FAX: 303-415-9702
> >     3380 Mitchell Lane orion@nwra.com <mailto:orion@nwra.com>
> >     <mailto:orion@nwra.com <mailto:orion@nwra.com>>
> >     Boulder, CO 80301 https://www.nwra.com/ <https://www.nwra.com/>
> >     <https://www.nwra.com/ <https://www.nwra.com/>>
> >
>
>
> --
> Orion Poplawski
> Manager of NWRA Technical Systems          720-772-5637
> NWRA, Boulder/CoRA Office             FAX: 303-415-9702
> 3380 Mitchell Lane orion@nwra.com <mailto:orion@nwra.com>
> Boulder, CO 80301 https://www.nwra.com/ <https://www.nwra.com/>
>


--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/