I'm pretty certain that attachments are remove to prevent malware samples from being distributed here. Need a link to a server of some sort, such as PasteBin.
Sent from Janet's iPad -Al- -- Al Varnell Mountain View, CA On May 17, 2017, at 2:45 PM, Mark Foley wrote: > Perhaps I'm missing it, but I didn't see any attachment. > > --Mark > > On 5/17/2017 1:46 PM, João Gouveia wrote: >> Those rules are know for FP'ing a lot. >> Here's a different set you might want to check, courtesy of ReversingLabs ( >> attached ). >> >> On Wed, May 17, 2017 at 6:10 AM, Mark Foley wrote: >>> I added the yara script published by Homeland security to the clamav >>> database >>> directory. I believe I am getting a substantial number of false positives >>> on >>> this including messages containing PDF and JPG attachments, the latter >>> known to >>> be OK. >>> >>> $ clamscan "/home/HPRS/mpress/Maildir/.Sent Items/cur/1486141726. >>> M192155P10931.mail,S=188385,W=191025:2,S" >>> /home/HPRS/mpress/Maildir/.Sent Items/cur/1486141726. >>> M192155P10931.mail,S=188385,W=191025:2,S: >>> YARA.Wanna_Cry_Ransomware_Generic.UNOFFICIAL FOUND >>> >>> ----------- SCAN SUMMARY ----------- >>> Known viruses: 6284977 >>> Engine version: 0.99.2 >>> Scanned directories: 0 >>> Scanned files: 1 >>> Infected files: 1 >>> Data scanned: 0.95 MB >>> Data read: 0.18 MB (ratio 5.42:1) >>> Time: 7.567 sec (0 m 7 s) >>> >>> Is anyone else using this rule seeing this? >>> >>> --Mark _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
