OPNsense Forum

English Forums => Development and Code Review => Topic started by: opnsenseuser on February 14, 2019, 10:30:43 am

Title: ClamAV new third Party Signatures in new dev version - ready for testing!
Post by: opnsenseuser on February 14, 2019, 10:30:43 am
@mimugmail has added new third-party signatures to clamav and these are now included in the latest dev version.
this should significantly improve the detection rate :-)

would be great if someone could test this!

Thank you
Thx @ mimugmail for the Great work!
https://github.com/opnsense/plugins/issues/1162#issuecomment-462792936 (https://github.com/opnsense/plugins/issues/1162#issuecomment-462792936)

install using:
Code: [Select]
pkg install os-clamav-devel

Regards
Title: Re: ClamAV new third Party Signatures in new dev version - ready for testing!
Post by: fightingmasta on March 08, 2019, 08:18:49 pm
Hi,

I installed it with: "pkg install os-clamav-devel" and activated all of the third-party signatures.
I've tried some urls from urlhaus, the detection rate seems to be much better! :)

Regards,
Stefan
Title: Re: ClamAV new third Party Signatures in new dev version - ready for testing!
Post by: opnsenseuser on March 08, 2019, 08:24:46 pm
I tried some Tests from sanesecurity but had no luck.

Would be Great if you could Tell me and all others how you tested it!

Thx for your support

Regards
Title: Re: ClamAV new third Party Signatures in new dev version - ready for testing!
Post by: fightingmasta on March 08, 2019, 08:28:02 pm
I tried some urls from here: https://urlhaus.abuse.ch/browse/
Unnecessary to told you, try at your own risk.  ;)

Regards,
Stefan
Title: Re: ClamAV new third Party Signatures in new dev version - ready for testing!
Post by: opnsenseuser on March 09, 2019, 10:03:29 am
I tried some urls from here: https://urlhaus.abuse.ch/browse/
Unnecessary to told you, try at your own risk.  ;)

Regards,
Stefan

my first test works just fine, because even the main page https://urlhaus.abuse.ch/browse/ is already blocked by the C-ICAP server. see the screenshot
Title: Re: ClamAV new third Party Signatures in new dev version - ready for testing!
Post by: fightingmasta on March 09, 2019, 05:50:25 pm
@opnsenseuser: Yes, with activated SSL inspection, the main page will also be blocked. I've then deactivated SSL inspection temporary to test some URLs in the urlhaus database.