Dear clamav Teams,
we are using some Debian 12 servers with PiHole Systems:
OS: Debian GNU/Linux 12 (bookworm) aarch64
Host: Raspberry Pi 4 Model B Rev 1.4
Kernel: 6.1.21-v8+
Uptime: 4 hours
Packages: 2830 (dpkg), 14 (snap)
Shell: zsh 5.9
Resolution: 2560x1440
Terminal: /dev/pts/0
CPU: BCM2835 (4) @ 2.000GHz
Memory: 1754MiB / 7811MiB
and since we installed the new clamav 1.2.0 (from source an the rasapi)
or from the deb file on the other Debian servers with PiHole with amd64,
we see now these alerts:
/etc/pihole/list.74.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.22.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.83.v.firebog.net.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.65.raw.githubusercontent.com.domains: YARA.hacked_domains.UNOFFICIAL FOUND
/etc/pihole/list.120.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.52.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.25.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.6.gitlab.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.50.phishing.army.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.153.phishing.army.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.130.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.161.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.53.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.57.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.63.raw.githubusercontent.com.domains: YARA.hacked_domains.UNOFFICIAL FOUND
/etc/pihole/list.18.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.54.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.11.www.github.developerdan.com.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.64.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.js.lobbydesires.com.879.UNOFFICIAL FOUND
/etc/pihole/list.29.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.bingstyle.com.640.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8862874
Engine version: 1.2.0
Scanned directories: 717
Scanned files: 3060
Infected files: 20
Data scanned: 262.51 MB
Data read: 2517.20 MB (ratio 0.10:1)
Time: 595.687 sec (9 m 55 s)
Start Date: 2023:08:31 04:00:55
End Date: 2023:08:31 04:10:50
As we read in some chats, UNOFFICIAL could mean false/positive. So should we add those pihole lists to the clamav whitelist?
Kindly Regards,
Norman
we are using some Debian 12 servers with PiHole Systems:
OS: Debian GNU/Linux 12 (bookworm) aarch64
Host: Raspberry Pi 4 Model B Rev 1.4
Kernel: 6.1.21-v8+
Uptime: 4 hours
Packages: 2830 (dpkg), 14 (snap)
Shell: zsh 5.9
Resolution: 2560x1440
Terminal: /dev/pts/0
CPU: BCM2835 (4) @ 2.000GHz
Memory: 1754MiB / 7811MiB
and since we installed the new clamav 1.2.0 (from source an the rasapi)
or from the deb file on the other Debian servers with PiHole with amd64,
we see now these alerts:
/etc/pihole/list.74.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.22.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.83.v.firebog.net.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.65.raw.githubusercontent.com.domains: YARA.hacked_domains.UNOFFICIAL FOUND
/etc/pihole/list.120.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.52.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.25.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.6.gitlab.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.50.phishing.army.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.153.phishing.army.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.130.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.161.v.firebog.net.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.53.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.57.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL FOUND
/etc/pihole/list.63.raw.githubusercontent.com.domains: YARA.hacked_domains.UNOFFICIAL FOUND
/etc/pihole/list.18.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.54.zerodot1.gitlab.io.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL FOUND
/etc/pihole/list.11.www.github.developerdan.com.domains: YARA.davivienda.UNOFFICIAL FOUND
/etc/pihole/list.64.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.malware.js.lobbydesires.com.879.UNOFFICIAL FOUND
/etc/pihole/list.29.raw.githubusercontent.com.domains: sigs.InterServer.net.HEX.Topline.blacklisted.domain.bingstyle.com.640.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8862874
Engine version: 1.2.0
Scanned directories: 717
Scanned files: 3060
Infected files: 20
Data scanned: 262.51 MB
Data read: 2517.20 MB (ratio 0.10:1)
Time: 595.687 sec (9 m 55 s)
Start Date: 2023:08:31 04:00:55
End Date: 2023:08:31 04:10:50
As we read in some chats, UNOFFICIAL could mean false/positive. So should we add those pihole lists to the clamav whitelist?
Kindly Regards,
Norman