[sanesecurity] Re: I am getting a lot of these messages when I run:

  • From: "Brian Kesting" <bkesting@xxxxxxxxxxxxxxx>
  • To: <sanesecurity@xxxxxxxxxxxxx>
  • Date: Wed, 24 Nov 2010 10:56:17 -0600

Though I do notice now on the updates for the SecuriteInfo signatures that I 
get:
 
Clamscan reports SecuriteInfo (database name) database integrity tested BAD - 
SKIPPING
 
Is this anything to be concerned about?  honeynet.hdb, securiteinfo.hdb, and 
vx.hdb tested good.  The files such as securiteinfopdf.hdb, elf.hdb, 
office.hdb, etc. were the ones that tested BAD.
 
Brian

>>> "Brian Kesting" <bkesting@xxxxxxxxxxxxxxx> 11/24/2010 10:52 AM >>>
Thanks for the tip Bill.
 
I removed those two, and also I did not have the rsync port (873) open inbound 
on my firewall rules, so I opened it.  Then went and cut and paste all the 
database names instead of typing them.  That seems to have fixed my problem.
 
Thanks for again everyone for the advice.
 
Brian

>>> Bill Landry <bill@xxxxxxxxxxx> 11/24/2010 10:35 AM >>>
On 11/24/2010 7:16 AM, Brian Kesting wrote:
> I am getting a lot of these messages when I run:
> /usr/local/bin/clamav-unofficial-sigs.sh -c /etc/clamav-unofficial-sigs.conf
> rsync.inetmsg.com - 173.10.94.185
> Connection to mail.inetmsg.com 173.10.94.185 failed - Trying next mirror
> site...
> Sanesecurity mirror site used: saturn.retrosnub.co.uk 178.18.118.26
> Sanesecurity Phishing and Scam Signatures for ClamAV
> Hosted by Retrosnub Internet Services
> http://www.retrosnub.co.uk/
> Connection to saturn.retrosnub.co.uk 178.18.118.26 failed - Trying next
> mirror site...
> My current listing of signatures I am trying to update is:

[...]

From a quick look at your signature database names, these 2 entries 
stand out immediately:

    MSRBL-SPAM.ndb
    MSRBL-Images.hdb

These are *not* Sanesecurity distributed databases and should not be 
listed in the Sanesecurity section of you config file.  Also, these 
MSRBL signature databases are no longer maintained and haven't been for 
over 2 years - simply remove them altogether.

Regards,

Bill

Other related posts: