Page 1 of 1

How can I tell if MalwarePatrol is activated and working properly?

Posted: 26 Oct 2016 15:10
by webguyz
Signed up for a monthly subscription to test it and they did not send me a code but I did get a order number when I payed by PayPal. I assume that number is what I put into the MalwarePatrol setting in E.F.A. ?

Thanks!

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 27 Oct 2016 06:42
by pdwalker
edit /etc/clamav-unofficial-sigs/master.conf

search for "malwarepatrol" and follow the instructions in the comments to configure your system to receive your malware patrol updates

run "sudo freshclam -v" to see if your system picks up the malware patrol signatures.

I'm not sure what will actually show up when you run freshclam, but you should find the malware patrol database in /var/lib/clamav. I ran the comand just now (I'm using the free database) and the file malwarepatrol.db is dated yesterday so there were no updates for me to pick up today.

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 27 Oct 2016 19:34
by webguyz
Thank you very much! Just what I needed. The date of my malwarepatrol.db is the date I installed E.F.A. so it appears just doing freshclam -v failed to update it today. Will try a reboot later today.

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 27 Oct 2016 20:00
by webguyz
Just as an FYI you can tell it how often to update the malwarepatrol download in /etc/clamav-unofficial-sigs/master.conf and I set mine to 2 hours. You can actually see what going on in the /var/log/clamav-unofficial-sigs.log as well.

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 29 Oct 2016 20:09
by pdwalker
Since I am using a free account, I update every 35 hours, since I don't want to be a rude guest.

If you are using a paid account, then updating several times per day should be acceptable.

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 25 Dec 2016 23:47
by Qlink
Hi guys,

i've signed up @malwarepatrol today (free subscription).

i've also added receipt number @efa

but when i look in /var/lib/clamav there is no malwarepatrol db and when i run "sudo freshclam -v" there appears also no entry similar too malwarepatrol...

anything else i have to do to get malwarepatrol working, except adding receipt key ?

thanks in advance

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 09 Jan 2017 10:27
by Qlink
any help would be greatly appreciated!

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 13 Jan 2017 01:34
by webguyz
Did you check /var/log/clamav-unofficial-sigs.log ?

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 24 Jan 2017 13:43
by Qlink
hi webguyz,

thanks for your response.

in /var/log/clamav-unofficial-sigs.log it tells me:

Code: Select all

MalwarePatrol signature database (malwarepatrol.db) did not change - skipping
is it normal MP database does not change within 3 days ? how often does an update happen normally ?

can i assume malwarepatrol is working as intended because of the above log entry ?

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 07 Feb 2017 19:11
by webguyz
I have the paid version and see this almost every time I check (every 6 hours)

Feb 06 13:26:21 Checking for MalwarePatrol updates...
Feb 06 13:26:21 MalwarePatrol Database File Update
Feb 06 13:26:22 Testing updated MalwarePatrol database file: malwarepatrol.ndb
Feb 06 13:26:22 Clamscan reports MalwarePatrol malwarepatrol.ndb database integrity tested good
Feb 06 13:26:22 Successfully updated MalwarePatrol production database file: malwarepatrol.ndb

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 12 Feb 2017 19:03
by Qlink
i'm also thinking about getting the paid version...

one question: is ransomware protection from paid version working good ?

two days ago a ransomware mail got through efa + malwarepatrol free, so i'm hoping paid version will get rid of this ...

Any other good protections against ransomware ?

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 20 Mar 2017 16:11
by Woger
I just enabled MalwarePatrol with a free account. However, clamav is not loading anything and freshclam is now downloading anything.

From the logs:

Mar 20 16:37:56 Mon Mar 20 16:37:56 CET 2017 - Pause complete, checking for new database files...
Mar 20 16:37:56 Sanesecurity Database File Updates
Mar 20 16:37:56 2 hours have not yet elapsed since the last sanesecurity update check
Mar 20 16:37:56 No update check was performed at this time
Mar 20 16:37:56 Next check will be performed in approximately 0 hour(s), 55 minute(s)
Mar 20 16:37:56 linuxmalwaredetect Database File Updates
Mar 20 16:37:56 6 hours have not yet elapsed since the last linux malware detect update check
Mar 20 16:37:56 No update check was performed at this time
Mar 20 16:37:56 Next check will be performed in approximately 4 hour(s), 55 minute(s)
Mar 20 16:37:56 Yara-Rules Database File Updates
Mar 20 16:37:56 24 hours have not yet elapsed since the last yararulesproject database update check
Mar 20 16:37:56 No update check was performed at this time
Mar 20 16:37:56 Next check will be performed in approximately 22 hour(s), 55 minute(s)
Mar 20 16:37:56 No updates detected, ClamAV databases were not reloaded
Mar 20 16:37:56 Issue tracker : https://github.com/extremeshok/clamav-u ... igs/issues
Mar 20 16:37:56 New version : v5.6.2 @ https://github.com/extremeshok/clamav-unofficial-sigs
Mar 20 16:37:56 Powered By https://eXtremeSHOK.com

In master.conf it says

malwarepatrol_receipt_code="f14******09"
malwarepatrol_product_code="8"
malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
# Set to no to enable the commercial subscription url.
malwarepatrol_free="yes"

So it looks it should be working. But I can't see anything regarding to a working malwarepatrol.
Did I forget anything?

Thanks,
Roger

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 21 Mar 2017 00:46
by shawniverson
Don't think so, MailWarePatrol free only releases new updates periodically though.

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 22 Mar 2017 07:19
by Woger
I know, every 72 hours, but shouldn't freshclam try to get an update?

Edit: I now see that feshclam isn't running at all. Last activity in the log is from 2 days ago. Is freshclam supposed to run from cron or as a daemon?

Thanks,

Roger

Re: How can I tell if MalwarePatrol is activated and working properly?

Posted: 27 Mar 2017 15:16
by solarthread
You need to do the following:

1) sudo vim /etc/clamav-unofficial-sigs/master.conf and search for the below lines

malwarepatrol_enabled="yes"

malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER"

malwarepatrol_product_code="8"
Use 8 if you have a Free account or 15 if you are a Premium customer.

malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext

malwarepatrol_free="yes"
Set to yes if you have a Free account or no if you are a Premium customer.

malwarepatrol_update_hours="2" if you are a Premium customer

2) sudo /usr/bin/clamav-unofficial-sigs.sh which will update the definitions