[sanesecurity] Re: Signature news
- From: "tonio@xxxxxxxxxxxxxx" <tonio@xxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Fri, 23 Oct 2009 12:44:35 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gerard a écrit :
> On Fri, 23 Oct 2009 11:46:03 +0200 tonio@xxxxxxxxxxxxxx
> <tonio@xxxxxxxxxxxxxx> replied:
>
>
>> Steve Basford a écrit :
>>> Hi All,
>>>
>>> I'm pleased to announce two new signatures databases:
>>>
>>> New Database 1:
>>>
>>> Database name: spearl.ndb
>>>
>>> Description: phishing_links is a list of generic forms used for
>>> e-mail account phishing
>>>
>>> Provider: APER Risk of FP's: low Website: http://code DOT
>>> google DOT com/p/anti-phishing-email-reply/
>>>
>>> New Database 2:
>>>
>>> Database name: scamnailer.ndb
>>>
>>> Note: this database may use more cpu resources, due to
>>> extensive use of conditional signatures
>>>
>>> Description: This uses far more than just the well-known list
>>> of phishing email addresses published on SourceForge. It also
>>> uses a very large list of addresses, which have been discovered
>>> and manually checked by a large and very well known corporation
>>> on the web, which you will definitely have heard of
>>>
>>> Provider: Julian Field/Tony Finch Risk of FP's: medium Website:
>>> www DOT scamnailer DOT info
>>>
>>> New scripts will no doubt be available soon to take advantage
>>> of these two new databases (unless you edit them yourself)
>>>
>>> In other news:
>>>
>>> a) Tweaks have been made to spear.ndb file to improve the
>>> detection rates.
>>>
>>> b) Lots of generic signatures to help block spear phishing have
>>> been added to phish.ndb (generally
>>> Sanesecurity.Phishing.Fake's)
>>>
>>> Cheers,
>>>
>>> Steve Sanesecurity
>>>
>> hi i've the same problem with scamnailer.ndb as lately with
>> signature MSRBL-SPAM and winnow_phish_complete (see previous
>> thread):
>>
>> ClamAV update process started at Fri Oct 23 11:42:43 2009
>> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42,
>> builder: sven) daily.cld is up to date (version: 9930, sigs:
>> 92347, f-level: 43, builder: guitar) LibClamAV Error:
>> mpool_malloc(): Attempt to allocate 2097152 bytes. Please report
>> to http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't
>> realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem
>> adding signature (3). LibClamAV Error: Problem parsing database
>> at line 2880 LibClamAV Error: Can't load
>> /var/lib/clamav/scamnailer.ndb: Malformed database ERROR:
>> Malformed database
>>
>> Clamav 0.95.2
>
> I am not sure how the script you are using works; however, you
> could try this.
>
> 1) Locate the offending signature file(s) A) Check if copies of the
> original downloaded files are still there 2) Delete them 3) Restart
> clamav 4) See if any errors are reported 5) Run you script with
> full logging if possible 6) Check the clamav log to see if the
> files were correctly loaded.
>
already done.
if i delete offendig file, clamd starting ok.
i'm using bill landry' script version 3.5
i've also tried to manually donwload signature file from original source:
wget http://www.mailscanner.eu/scamnailer.ndb
same error when i restart clamd:
LibClamAV Error: mpool_malloc(): Attempt to allocate 2097152 bytes.
Please report to http://bugs.clamav.net
LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable
LibClamAV Error: cli_parse_add(): Problem adding signature (3).
LibClamAV Error: Problem parsing database at line 1871
LibClamAV Error: Can't load /var/lib/clamav/scamnailer.ndb: Malformed
database
ERROR: Malformed database
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkrhiRMACgkQ8FtMlUNHQIO6IACffrKPodSXtlLDpoQohTTAq4xH
pK8AoKnYyNy62XtTPbTbO7IPLMPqzh7I
=fn8a
-----END PGP SIGNATURE-----
Other related posts:
