Today's daily-2572 update drops the Osx.Malware.Agent-1714718 signature. That would seem to mean that ClamAV will no longer detect an eicar test file.
-Al- ClamXAV User On Mon, Feb 10, 2020 at 08:58 PM, Al Varnell wrote: > Yes, I think we all knew most of that from the OP. Is "Sample ID 33522083" an > internal reference number of some sort and exactly what is being researched? > > I think the only question remaining is why is the "Eicar-Test-Signature" now > being ignored? > > -Al- > > On Mon, Feb 10, 2020 at 11:01 AM, David Raynor wrote: >> So the "testfile" is Sample ID 33522083, which is >> 44d88612fea8a8f36de82e1278abb02f and 68 bytes. Researching. >> >> Dave R. >> >> On Sat, Feb 8, 2020 at 1:57 AM Al Varnell via clamav-users >> <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote: >> A bit of a guess on my part, but I since the hash values for both signatures >> are identical, normally only the first one encountered would be reported. >> >> Looks like daily-25717 added one signature to the ignore list, which is >> where my guess that it was “Eicar-Test-Signature” comes in. That would cause >> the second signature to be the one now reported. >> >> Maybe the signature staff can comment on if and why Eicar is now ignored and >> if it is allowed to continue perhaps you’ll need to modify your code tests >> somehow. >> >> Sent from my iPad >> >> -Al- >> >> > On Feb 7, 2020, at 22:44, WagdeZ via clamav-users >> > <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> >> > wrote: >> > >> > >> > The eicarcom2.zip was always identified with: >> > LibClamAV debug: FP SIGNATURE: >> > 44d88612fea8a8f36de82e1278abb02f:68:Eicar-Test-Signature >> > but for some reason after the last DB update: >> > main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: >> > sigmgr) >> > daily.cvd is up to date (version: 25717, sigs: 2177826, f-level: 63, >> > builder: raynman) >> > bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: >> > anvilleg) >> > it is recognizded as: >> > LibClamAV debug: FP SIGNATURE: >> > 44d88612fea8a8f36de82e1278abb02f:68:Clamav.Test.File-7 >> > and it causes some failure in my code tests >> > What am I missing?
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
