OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • ClamAV new third Party Signatures in new dev version - ready for testing!
« previous next »
  • Print
Pages: [1]

Author Topic: ClamAV new third Party Signatures in new dev version - ready for testing!  (Read 3838 times)

opnsenseuser

  • Sr. Member
  • ****
  • Posts: 381
  • Karma: 25
    • View Profile
ClamAV new third Party Signatures in new dev version - ready for testing!
« on: February 14, 2019, 10:30:43 am »
@mimugmail has added new third-party signatures to clamav and these are now included in the latest dev version.
this should significantly improve the detection rate :-)

would be great if someone could test this!

Thank you
Thx @ mimugmail for the Great work!
https://github.com/opnsense/plugins/issues/1162#issuecomment-462792936

install using:
Code: [Select]
pkg install os-clamav-devel

Regards
« Last Edit: March 08, 2019, 08:26:05 pm by opnsenseuser »
Logged
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)

fightingmasta

  • Newbie
  • *
  • Posts: 38
  • Karma: 3
    • View Profile
Re: ClamAV new third Party Signatures in new dev version - ready for testing!
« Reply #1 on: March 08, 2019, 08:18:49 pm »
Hi,

I installed it with: "pkg install os-clamav-devel" and activated all of the third-party signatures.
I've tried some urls from urlhaus, the detection rate seems to be much better! :)

Regards,
Stefan
Logged

opnsenseuser

  • Sr. Member
  • ****
  • Posts: 381
  • Karma: 25
    • View Profile
Re: ClamAV new third Party Signatures in new dev version - ready for testing!
« Reply #2 on: March 08, 2019, 08:24:46 pm »
I tried some Tests from sanesecurity but had no luck.

Would be Great if you could Tell me and all others how you tested it!

Thx for your support

Regards
Logged
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)

fightingmasta

  • Newbie
  • *
  • Posts: 38
  • Karma: 3
    • View Profile
Re: ClamAV new third Party Signatures in new dev version - ready for testing!
« Reply #3 on: March 08, 2019, 08:28:02 pm »
I tried some urls from here: https://urlhaus.abuse.ch/browse/
Unnecessary to told you, try at your own risk.  ;)

Regards,
Stefan
« Last Edit: March 08, 2019, 08:32:43 pm by fightingmasta »
Logged

opnsenseuser

  • Sr. Member
  • ****
  • Posts: 381
  • Karma: 25
    • View Profile
Re: ClamAV new third Party Signatures in new dev version - ready for testing!
« Reply #4 on: March 09, 2019, 10:03:29 am »
Quote from: fightingmasta on March 08, 2019, 08:28:02 pm
I tried some urls from here: https://urlhaus.abuse.ch/browse/
Unnecessary to told you, try at your own risk.  ;)

Regards,
Stefan

my first test works just fine, because even the main page https://urlhaus.abuse.ch/browse/ is already blocked by the C-ICAP server. see the screenshot
« Last Edit: March 09, 2019, 10:05:51 am by opnsenseuser »
Logged
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)

fightingmasta

  • Newbie
  • *
  • Posts: 38
  • Karma: 3
    • View Profile
Re: ClamAV new third Party Signatures in new dev version - ready for testing!
« Reply #5 on: March 09, 2019, 05:50:25 pm »
@opnsenseuser: Yes, with activated SSL inspection, the main page will also be blocked. I've then deactivated SSL inspection temporary to test some URLs in the urlhaus database.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • ClamAV new third Party Signatures in new dev version - ready for testing!
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2