[sanesecurity] Re: Signature news
- From: Gerard <gerard@xxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Fri, 23 Oct 2009 06:15:51 -0400
On Fri, 23 Oct 2009 11:46:03 +0200
tonio@xxxxxxxxxxxxxx <tonio@xxxxxxxxxxxxxx> replied:
> Steve Basford a écrit :
> > Hi All,
> >
> > I'm pleased to announce two new signatures databases:
> >
> > New Database 1:
> >
> > Database name: spearl.ndb
> >
> > Description: phishing_links is a list of generic forms used for
> > e-mail account phishing
> >
> > Provider: APER
> > Risk of FP's: low
> > Website: http://code DOT google DOT com/p/anti-phishing-email-reply/
> >
> > New Database 2:
> >
> > Database name: scamnailer.ndb
> >
> > Note: this database may use more cpu resources, due to extensive
> > use of conditional signatures
> >
> > Description: This uses far more than just the well-known list of
> > phishing email addresses published on SourceForge. It also uses a
> > very large list of addresses, which have been discovered and
> > manually checked by a large and very well known corporation on the
> > web, which you will definitely have heard of
> >
> > Provider: Julian Field/Tony Finch
> > Risk of FP's: medium
> > Website: www DOT scamnailer DOT info
> >
> > New scripts will no doubt be available soon to take advantage of
> > these two new databases (unless you edit them yourself)
> >
> > In other news:
> >
> > a) Tweaks have been made to spear.ndb file to improve the detection
> > rates.
> >
> > b) Lots of generic signatures to help block spear phishing have
> > been added to phish.ndb (generally Sanesecurity.Phishing.Fake's)
> >
> > Cheers,
> >
> > Steve
> > Sanesecurity
> >
> hi
> i've the same problem with scamnailer.ndb as lately with signature
> MSRBL-SPAM and winnow_phish_complete (see previous thread):
>
> ClamAV update process started at Fri Oct 23 11:42:43 2009
> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42,
> builder: sven)
> daily.cld is up to date (version: 9930, sigs: 92347, f-level: 43,
> builder: guitar)
> LibClamAV Error: mpool_malloc(): Attempt to allocate 2097152 bytes.
> Please report to http://bugs.clamav.net
> LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable
> LibClamAV Error: cli_parse_add(): Problem adding signature (3).
> LibClamAV Error: Problem parsing database at line 2880
> LibClamAV Error: Can't load /var/lib/clamav/scamnailer.ndb: Malformed
> database
> ERROR: Malformed database
>
> Clamav 0.95.2
I am not sure how the script you are using works; however, you could
try this.
1) Locate the offending signature file(s)
A) Check if copies of the original downloaded files are still there
2) Delete them
3) Restart clamav
4) See if any errors are reported
5) Run you script with full logging if possible
6) Check the clamav log to see if the files were correctly loaded.
--
Gerard
gerard@xxxxxxxxxxxxx
|::::=======
|::::=======
|===========
|===========
|
What foods these morsels be!
Other related posts:
