Re: [clamav-users] Malware alert???

2018-10-13 Thread Jean-Francois Tasse 
Thanks a lot for the info 


JF


De : clamav-users  de la part de Al 
Varnell 
Envoyé : 13 octobre 2018 17:46:17
À : ClamAV users ML
Objet : Re: [clamav-users] Malware alert???

It's not unusual to see such things on machines running multiple A-V software 
packages. Vendors do their best to obfuscate and protect signatures for that 
reason, but it usually happens during updates when the signatures are unpacked 
to a tmp area as plain text before moving them to a protected area. If both are 
using the same strings as signatures, they will undoubtedly see such updates as 
matching.

-Al-

On Sat, Oct 13, 2018 at 09:40 AM, Jean-Francois Tasse wrote:
no, when I wanted to get it out of quarantine I was unable to get it because it 
came from a tmp folder during the update.  I have attached a screenshot to this 
email, that is the best I can do.  To translate it, it's saying that it is a 
trojan that is downloading other programs.

I have 3 virtual machine with Avast, AVG and Avira, I will see if I can 
reproduce it with the other antivirus.  Up to now AVG did not see anything 
wrong.

JF

De : clamav-users 
mailto:clamav-users-boun...@lists.clamav.net>>
 de la part de Alain Zidouemba 
mailto:azidoue...@sourcefire.com>>
Envoyé : 13 octobre 2018 11:59:57
À : ClamAV users ML
Objet : Re: [clamav-users] Malware alert???

Do you have the specific signature name that alerted?

-Alain

On Oct 13, 2018, at 11:12 AM, Matthes, Marc 
mailto:matt...@iowacentral.edu>> wrote:

Same here

Marc Matthes
Director of Computer Networking Programs
Iowa Central CC
5155741099


From: clamav-users 
mailto:clamav-users-boun...@lists.clamav.net>>
 on behalf of Jean-Francois Tasse 
mailto:jft_que...@hotmail.com>>
Sent: Saturday, October 13, 2018 10:10:56 AM
To: ClamAV users ML
Subject: [clamav-users] Malware alert???

Today during ClamWin update:
main.cvd version 58
daily.cvd version 25033
bytecode version 327

Windows Defender stopped the update process saying that 
"TrojanDownloader:JS/Nemucod" was present.  Scanned all of my system nothing 
found and tried updating ClamWin again and everything was ok.

anyone else got a weird message like that today?

JF
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Malware alert???

2018-10-13 Thread Jean-Francois Tasse 
no, when I wanted to get it out of quarantine I was unable to get it because it 
came from a tmp folder during the update.  I have attached a screenshot to this 
email, that is the best I can do.  To translate it, it's saying that it is a 
trojan that is downloading other programs.


I have 3 virtual machine with Avast, AVG and Avira, I will see if I can 
reproduce it with the other antivirus.  Up to now AVG did not see anything 
wrong.


JF


De : clamav-users  de la part de Alain 
Zidouemba 
Envoyé : 13 octobre 2018 11:59:57
À : ClamAV users ML
Objet : Re: [clamav-users] Malware alert???

Do you have the specific signature name that alerted?

-Alain

On Oct 13, 2018, at 11:12 AM, Matthes, Marc 
mailto:matt...@iowacentral.edu>> wrote:

Same here

Marc Matthes
Director of Computer Networking Programs
Iowa Central CC
5155741099


From: clamav-users 
mailto:clamav-users-boun...@lists.clamav.net>>
 on behalf of Jean-Francois Tasse 
mailto:jft_que...@hotmail.com>>
Sent: Saturday, October 13, 2018 10:10:56 AM
To: ClamAV users ML
Subject: [clamav-users] Malware alert???


Today during ClamWin update:

main.cvd version 58

daily.cvd version 25033

bytecode version 327


Windows Defender stopped the update process saying that 
"TrojanDownloader:JS/Nemucod" was present.  Scanned all of my system nothing 
found and tried updating ClamWin again and everything was ok.


anyone else got a weird message like that today?


JF

___
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Malware alert???

2018-10-13 Thread Jean-Francois Tasse 
Today during ClamWin update:

main.cvd version 58

daily.cvd version 25033

bytecode version 327


Windows Defender stopped the update process saying that 
"TrojanDownloader:JS/Nemucod" was present.  Scanned all of my system nothing 
found and tried updating ClamWin again and everything was ok.


anyone else got a weird message like that today?


JF
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] could it help...

2018-09-28 Thread Jean-Francois Tasse 
Thanks a lot 


JF


De : clamav-users  de la part de Al 
Varnell 
Envoyé : 28 septembre 2018 19:39:58
À : ClamAV users ML
Objet : Re: [clamav-users] could it help...

I suspect that somebody from the ClamAV signature team will jump on here when 
they get a chance to make arrangements for you to submit all 30 samples 
directly, without your having to go to all that trouble, so hang on for a bit. 
Probably doesn’t help that it's at the start of the weekend.

Sent from my iPad

-Al-

On Sep 28, 2018, at 16:22, Jean-Francois Tasse 
mailto:jft_que...@hotmail.com>> wrote:


Hello everyone, I am new to the users list.  I have search in some of the past 
archives about this subject and I cannot seem to find anything similar.


Long story short, I am testing clamav on linux against viruses that is from 
http://virusshare.com/  more precisely the ones aimed at Linux.


Out of 100 infected files, clamav only see 70 of it.


My question is, can I use the 30 that is not detected, have them pass through 
VirusTotal and gradually upload them to the 
www.clamav.net/reports/malware<http://www.clamav.net/reports/malware> page.


So would it help to make clamav better or is it going to be just very annoying 
and get myself banned


I sure would like to have clamav detect at least 90% of the lot.  It would be a 
long process but my health is not good and I am stuck home with nothing to do.  
Doing that would at least make me feel useful a little.


my email: jft_que...@hotmail.com<mailto:jft_que...@hotmail.com>


JF

P.S. sorry english is not my first language


___
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] could it help...

2018-09-28 Thread Jean-Francois Tasse 
Hello everyone, I am new to the users list.  I have search in some of the past 
archives about this subject and I cannot seem to find anything similar.


Long story short, I am testing clamav on linux against viruses that is from 
http://virusshare.com/  more precisely the ones aimed at Linux.


Out of 100 infected files, clamav only see 70 of it.


My question is, can I use the 30 that is not detected, have them pass through 
VirusTotal and gradually upload them to the 
www.clamav.net/reports/malware page.


So would it help to make clamav better or is it going to be just very annoying 
and get myself banned


I sure would like to have clamav detect at least 90% of the lot.  It would be a 
long process but my health is not good and I am stuck home with nothing to do.  
Doing that would at least make me feel useful a little.


my email: jft_que...@hotmail.com


JF

P.S. sorry english is not my first language

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml