[clamav-users] is clamav.securiteinfo.com no more?

Discussion:

Dennis Peterson

2018-12-05 03:09:10 UTC

I don't see a dns response for that site and logs show no recent connection.

dp

_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Arnaud Jacques

2018-12-05 03:17:19 UTC

Permalink

Hello Dennis,

Yes it is dead since years.
It has been replaced by this : http://ow.ly/LqfdL

Post by Dennis Peterson
I don't see a dns response for that site and logs show no recent connection.
dp

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : ***@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clam

Al Varnell

2018-12-05 04:26:07 UTC

Permalink

Arnaud,

Please don't use url shortness here, especially one that apparently doesn't allow previews of the actual url I'm being redirected to. Way too many phishing attempts use such tools.

Sent from my iPad

-Al-

Post by Arnaud Jacques
Hello Dennis,
Yes it is dead since years.
It has been replaced by this : http://ow.ly/LqfdL

Post by Dennis Peterson
I don't see a dns response for that site and logs show no recent connection.
dp

--
Cordialement / Best regards,
Arnaud Jacques

_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

h

Arnaud Jacques

2018-12-05 05:08:32 UTC

Permalink

Al,

Did you speak the official voice of Cisco/Sourcefire/ClamAV ? Is it
official rule of this mailing list ?
If not, then your personal point of view could be sent directly to my email.
Thank you, Al.

Anyway I don't understand why securiteinfo.com related questions are not

Post by Al Varnell
Arnaud,
Please don't use url shortness here, especially one that apparently doesn't allow previews of the actual url I'm being redirected to. Way too many phishing attempts use such tools.

Al Varnell

2018-12-05 05:38:14 UTC

Permalink

Not official, but it's a pretty standard response from those of us in the computer security business when we see it. I'm surprised that you haven't observed it before, but I posted it publicly as a PSA to anybody else who might be subscribed to this list. Sorry if you were offended by my doing so.

Sent from my iPad

-Al-

Did you speak the official voice of Cisco/Sourcefire/ClamAV ? Is it official rule of this mailing list ?
If not, then your personal point of view could be sent directly to my email.

Arnaud Jacques

2018-12-05 05:40:44 UTC

Permalink

Thank you for your answer Al.
I am not offended, I'm just asking question to be sure to understand.
Have a good day !

Post by Al Varnell
Not official, but it's a pretty standard response from those of us in the computer security business when we see it. I'm surprised that you haven't observed it before, but I posted it publicly as a PSA to anybody else who might be subscribed to this list. Sorry if you were offended by my doing so.
Sent from my iPad
-Al-

Did you speak the official voice of Cisco/Sourcefire/ClamAV ? Is it official rule of this mailing list ?
If not, then your personal point of view could be sent directly to my email.

_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml

Dennis Peterson

2018-12-05 05:46:50 UTC

Permalink

All the "tiny" url hosts are blacklisted here because I don't need the grief
they disguise. But he did answer my question. I haven't subscribed to those BL's
in a very long time and was surprised to see them pop up in my log file.

dp

Did you speak the official voice of Cisco/Sourcefire/ClamAV ? Is it official rule of this mailing list ?
If not, then your personal point of view could be sent directly to my email.

Dennis Peterson

2018-12-05 05:43:27 UTC

Permalink

I think it must have gotten re-activated when I upgraded ClamAV to 0.100.2
recently. I haven't seen those log entries until today.

Thanks.

dp

Post by Arnaud Jacques
Hello Dennis,
Yes it is dead since years.
It has been replaced by this : http://ow.ly/LqfdL

Post by Dennis Peterson
I don't see a dns response for that site and logs show no recent connection.
dp

Bryan Blackwell

2018-12-05 13:02:05 UTC

Permalink

Post by Arnaud Jacques
Yes it is dead since years.
It has been replaced by this : http://ow.ly/LqfdL

AKA:

https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml

--Bryan
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

G.W. Haywood

2018-12-05 17:16:40 UTC

Permalink

Hi there,

All the "tiny" url hosts are blacklisted here ...

A list of them could be useful. Do you have such a thing, or a pointer?
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Benny Pedersen

2018-12-05 17:21:48 UTC

Permalink

Post by G.W. Haywood

All the "tiny" url hosts are blacklisted here ...

A list of them could be useful. Do you have such a thing, or a pointer?

https://github.com/rspamd/rspamd/blob/master/conf/redirectors.inc
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Dennis Peterson

2018-12-05 17:31:16 UTC

Permalink

It is implemented here as a DNS URLBL and used by a milter.

dp

Post by Benny Pedersen

All the "tiny" url hosts are blacklisted here ...

A list of them could be useful. Do you have such a thing, or a pointer?

https://github.com/rspamd/rspamd/blob/master/conf/redirectors.inc
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml

J.R.

2018-12-05 22:27:34 UTC

Permalink

The secureiteinfo files require you to signup (it's free) then you get
your own token to use in the URLs, which you can configure freshclam
to check / update automatically...

i.e. one of the files would look like this in the freshclam.conf

DatabaseCustomURL
http://www.securiteinfo.com/get/signatures/<LONG_Unique_Token>/securiteinfo.hdb

Post by Dennis Peterson
I think it must have gotten re-activated when I upgraded ClamAV to 0.100.2
recently. I haven't seen those log entries until today.
Thanks.
dp