How can I tell if MalwarePatrol is activated and working properly?

General eFa discussion
Post Reply
webguyz
Posts: 61
Joined: 26 Oct 2016 02:17

How can I tell if MalwarePatrol is activated and working properly?

Post by webguyz »

Signed up for a monthly subscription to test it and they did not send me a code but I did get a order number when I payed by PayPal. I assume that number is what I put into the MalwarePatrol setting in E.F.A. ?

Thanks!
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by pdwalker »

edit /etc/clamav-unofficial-sigs/master.conf

search for "malwarepatrol" and follow the instructions in the comments to configure your system to receive your malware patrol updates

run "sudo freshclam -v" to see if your system picks up the malware patrol signatures.

I'm not sure what will actually show up when you run freshclam, but you should find the malware patrol database in /var/lib/clamav. I ran the comand just now (I'm using the free database) and the file malwarepatrol.db is dated yesterday so there were no updates for me to pick up today.
webguyz
Posts: 61
Joined: 26 Oct 2016 02:17

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by webguyz »

Thank you very much! Just what I needed. The date of my malwarepatrol.db is the date I installed E.F.A. so it appears just doing freshclam -v failed to update it today. Will try a reboot later today.
webguyz
Posts: 61
Joined: 26 Oct 2016 02:17

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by webguyz »

Just as an FYI you can tell it how often to update the malwarepatrol download in /etc/clamav-unofficial-sigs/master.conf and I set mine to 2 hours. You can actually see what going on in the /var/log/clamav-unofficial-sigs.log as well.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by pdwalker »

Since I am using a free account, I update every 35 hours, since I don't want to be a rude guest.

If you are using a paid account, then updating several times per day should be acceptable.
Qlink
Posts: 14
Joined: 25 Dec 2016 23:43

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by Qlink »

Hi guys,

i've signed up @malwarepatrol today (free subscription).

i've also added receipt number @efa

but when i look in /var/lib/clamav there is no malwarepatrol db and when i run "sudo freshclam -v" there appears also no entry similar too malwarepatrol...

anything else i have to do to get malwarepatrol working, except adding receipt key ?

thanks in advance
Qlink
Posts: 14
Joined: 25 Dec 2016 23:43

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by Qlink »

any help would be greatly appreciated!
webguyz
Posts: 61
Joined: 26 Oct 2016 02:17

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by webguyz »

Did you check /var/log/clamav-unofficial-sigs.log ?
Qlink
Posts: 14
Joined: 25 Dec 2016 23:43

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by Qlink »

hi webguyz,

thanks for your response.

in /var/log/clamav-unofficial-sigs.log it tells me:

Code: Select all

MalwarePatrol signature database (malwarepatrol.db) did not change - skipping
is it normal MP database does not change within 3 days ? how often does an update happen normally ?

can i assume malwarepatrol is working as intended because of the above log entry ?
webguyz
Posts: 61
Joined: 26 Oct 2016 02:17

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by webguyz »

I have the paid version and see this almost every time I check (every 6 hours)

Feb 06 13:26:21 Checking for MalwarePatrol updates...
Feb 06 13:26:21 MalwarePatrol Database File Update
Feb 06 13:26:22 Testing updated MalwarePatrol database file: malwarepatrol.ndb
Feb 06 13:26:22 Clamscan reports MalwarePatrol malwarepatrol.ndb database integrity tested good
Feb 06 13:26:22 Successfully updated MalwarePatrol production database file: malwarepatrol.ndb
Qlink
Posts: 14
Joined: 25 Dec 2016 23:43

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by Qlink »

i'm also thinking about getting the paid version...

one question: is ransomware protection from paid version working good ?

two days ago a ransomware mail got through efa + malwarepatrol free, so i'm hoping paid version will get rid of this ...

Any other good protections against ransomware ?
Woger
Posts: 67
Joined: 15 Mar 2017 10:54

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by Woger »

I just enabled MalwarePatrol with a free account. However, clamav is not loading anything and freshclam is now downloading anything.

From the logs:

Mar 20 16:37:56 Mon Mar 20 16:37:56 CET 2017 - Pause complete, checking for new database files...
Mar 20 16:37:56 Sanesecurity Database File Updates
Mar 20 16:37:56 2 hours have not yet elapsed since the last sanesecurity update check
Mar 20 16:37:56 No update check was performed at this time
Mar 20 16:37:56 Next check will be performed in approximately 0 hour(s), 55 minute(s)
Mar 20 16:37:56 linuxmalwaredetect Database File Updates
Mar 20 16:37:56 6 hours have not yet elapsed since the last linux malware detect update check
Mar 20 16:37:56 No update check was performed at this time
Mar 20 16:37:56 Next check will be performed in approximately 4 hour(s), 55 minute(s)
Mar 20 16:37:56 Yara-Rules Database File Updates
Mar 20 16:37:56 24 hours have not yet elapsed since the last yararulesproject database update check
Mar 20 16:37:56 No update check was performed at this time
Mar 20 16:37:56 Next check will be performed in approximately 22 hour(s), 55 minute(s)
Mar 20 16:37:56 No updates detected, ClamAV databases were not reloaded
Mar 20 16:37:56 Issue tracker : https://github.com/extremeshok/clamav-u ... igs/issues
Mar 20 16:37:56 New version : v5.6.2 @ https://github.com/extremeshok/clamav-unofficial-sigs
Mar 20 16:37:56 Powered By https://eXtremeSHOK.com

In master.conf it says

malwarepatrol_receipt_code="f14******09"
malwarepatrol_product_code="8"
malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
# Set to no to enable the commercial subscription url.
malwarepatrol_free="yes"

So it looks it should be working. But I can't see anything regarding to a working malwarepatrol.
Did I forget anything?

Thanks,
Roger
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by shawniverson »

Don't think so, MailWarePatrol free only releases new updates periodically though.
Woger
Posts: 67
Joined: 15 Mar 2017 10:54

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by Woger »

I know, every 72 hours, but shouldn't freshclam try to get an update?

Edit: I now see that feshclam isn't running at all. Last activity in the log is from 2 days ago. Is freshclam supposed to run from cron or as a daemon?

Thanks,

Roger
solarthread
Posts: 16
Joined: 04 Mar 2015 11:17

Re: How can I tell if MalwarePatrol is activated and working properly?

Post by solarthread »

You need to do the following:

1) sudo vim /etc/clamav-unofficial-sigs/master.conf and search for the below lines

malwarepatrol_enabled="yes"

malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER"

malwarepatrol_product_code="8"
Use 8 if you have a Free account or 15 if you are a Premium customer.

malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext

malwarepatrol_free="yes"
Set to yes if you have a Free account or no if you are a Premium customer.

malwarepatrol_update_hours="2" if you are a Premium customer

2) sudo /usr/bin/clamav-unofficial-sigs.sh which will update the definitions
Post Reply