Re: [clamav-users] LibClamAV Warning

2017-04-20 Thread Angel Villegas 
This is caused by a subset of the detection pattern used in the bytecode
signature BC.Win.Exploit.CVE_2017_0060-6099223-0. This is a warning and
doesn't impact detection of the bytecode in ClamAV. An updated version of
this signature was pushed out this morning in the latest bytecode CVD. You
may need to run freshclam to update to the latest bytecode cvd.

Hope that helps,
Angel M. Villegas

On Thu, Apr 20, 2017 at 12:27 PM, mario jayamaha 
wrote:

> Hi,
>
> I'm very new to Linux and have little technical knowledge.
>
> I installed ClamAV and ran a scan (sudo clamscan). I received the
> following warnings:
>
> LibClamAV Warning: Don't know how to create filter for:
> BC.Win.Exploit.CVE_2017_0060-6099223-0.{}
> LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
>
> Could a kind soul please explain what they are and how I may fix them?
> Thank you for your attention to my post.
>
> With best wishes,Mario
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Bad signature?

2017-04-20 Thread Angel Villegas 
This is caused by a subset of the detection pattern used in the bytecode
signature BC.Win.Exploit.CVE_2017_0060-6099223-0. This is a warning and
doesn't impact detection of the bytecode in ClamAV. An updated version of
this signature will be published to replace the current version.

Thanks,
Angel M. Villegas

On Thu, Apr 20, 2017 at 8:40 AM, Eric Tykwinski 
wrote:

> This doesn't seem to be impacting anything, but getting the following error
> on ClamAV reload:
> LibClamAV Warning: Don't know how to create filter for:
> BC.Win.Exploit.CVE_2017_0060-6099223-0.{}
> LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
>
> Freshclam log:
> --
> ClamAV update process started at Thu Apr 20 08:32:52 2017
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.99 Recommended version: 0.99.2
> DON'T PANIC! Read http://www.clamav.net/support/faq
> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder:
> amishhammer)
> Downloading daily-23312.cdiff [100%]
> Downloading daily-23313.cdiff [100%]
> daily.cld updated (version: 23313, sigs: 2054633, f-level: 63, builder:
> neo)
> Can't query daily.23313.81.1.1.C2BA2F13.ping.clamav.net
> bytecode.cld is up to date (version: 292, sigs: 58, f-level: 63, builder:
> anvilleg)
> Database updated (6273481 signatures) from database.clamav.net (IP:
> 194.186.47.19)
> Clamd successfully notified about the update.
>
> Sincerely,
>
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
>
>
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] error when starting clamd: LibClamAV Warning: Don't know how to create filter for: BC.Win.Exploit.CVE_2017_0060-6099223-0.{}

2017-04-19 Thread Angel Villegas 
This is caused by a subset of the detection pattern used in the bytecode
signature BC.Win.Exploit.CVE_2017_0060-6099223-0. This is a warning and
doesn't impact detection of the bytecode in ClamAV. An updated version of
this signature will be published to replace the current version.

On Apr 19, 2017 8:51 PM, "Dennis Peterson"  wrote:

Which version of ClamAV are you running?

dp


On 4/19/17 5:46 PM, Jobst Schmalenbach wrote:

> Hi
>
> Upon starting clamd I am receiving following messages:
>
>Starting clamd: LibClamAV Warning: Don't know how to create filter for:
> BC.Win.Exploit.CVE_2017_0060-6099223-0.{}
>LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
>
> Searched the net, found nothing.
> Any ideas?
>
> thanks
>
>
>
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Swf.Exploit.CVE_2015_5548 giving FP's

2015-11-17 Thread Angel Villegas 
Please report ClamAV FPs at http://www.clamav.net/reports/fp.

Thanks,
Angel M. Villegas

On Tue, Nov 17, 2015 at 1:54 AM, Gene Heskett  wrote:

> On Tuesday 17 November 2015 01:33:15 Al Varnell wrote:
>
> > Swf.Exploit.CVE_2015_5548 was added to the database today:
> > > ClamAV database updated (16 Nov 2015 07-00 -0500): daily.cvd
> > > Version: 21062
> >
> > and has resulted in three OS X users, so far, reporting various Adobe
> > files as infected, in addition to even more reporting infected browser
> > cache files.
> >
> > I have asked those with Adobe hits to upload to your False Positive
> > Report site.
> >
> > -Al-
>
> No clue were that site is Al, but my scan, on a wheezy box, just reported
> 10 copies of Swf.Exploit.CVE_2015_5548
>
> In the mozilla and chrome caches,  I just nuked the lot of them.
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml