Tag: clamav

Written by #xxaxxelxx

Gentoo + Squid + Radius Auth + sslBump + remote SquidClamav + SquidGuard // intransparent official proxy in corporate environment

What to know: Squid caches and breaks clients encryption in MITM style. After clients request he establishes conections to both server and client. To the server he impersonates a client and checks servers certificates. Dismissed Server certs will be reported to the real client. To the client he acts like a server. After a succeful […]

Written by #xxaxxelxx

ClamAV | homebrewing signature files

Quick and Dirty: from mpack tools: munpack YOURMAILFILE sigtool –md5 ../XFILES/DocumentXNoX1076196.xls >> MYSIG.hdb Better: https://objective-see.com/blog/blog_0x17.html https://www.decalage.info/vba_tools https://www.decalage.info/python/olevba http://www.pwnage.io/2013/06/fun-with-clamav.html?m=1 http://blog.clamav.net/2011/02/how-to-create-custom-signatures-for.html?m=1 Click to access blah.pdf http://blog.adamsweet.org/?p=250 https://packages.gentoo.org/packages/net-mail/mpack https://www.idrsolutions.com/online-pdf-to-html5-converter/ http://blog.talosintelligence.com/2008/09/logical-signatures-in-clamav-094.html http://hexacorn.com/d/PESectionExtractor.pl Click to access signatures.pdf http://hiddenillusion.blogspot.de/2012/06/xdp-files-and-clamav.html

Written by #xxaxxelxx

ClamAV as remote accessable server

On debian simply run dpkg-reconfigure clamav-daemon Test it with telnet $IP $PORT Type PING Get PONG Config files: clamd.conf #Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details TCPSocket 3310 TCPAddr 192.168.100.8 # TemporaryDirectory is not set to its default /tmp here to make overriding # the default […]