Re: [clamav-users] LibClamAV Warning

2017-05-03 Thread David Raynor
Bump for visibility. I figure someone from your team should get in touch with him, since it is not exactly an FP report. Maybe he can still submit it as FP. Don't know. Dave R. On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih wrote: > Hi Folks, > > I've been getting the

Re: [clamav-users] Different results: Clamscan vs ClamWin

2017-05-03 Thread Peter B.
On 05/03/2017 11:38 AM, Al Varnell wrote: > Not sure what you mean by "MD5 match" but the signature is a complex logical > one, not a hash: Oh... :) That was the answer to Rafael Ferreira asking if I validated the files' checksums to match both on Linux + Windows. Yes, I did! and the MD5

Re: [clamav-users] Different results: Clamscan vs ClamWin

2017-05-03 Thread Al Varnell
Not sure what you mean by "MD5 match" but the signature is a complex logical one, not a hash: > $ sigtool --find Win.Dropper.Gephys-6117417-0|sigtool --decode-sig > VIRUS NAME: Win.Dropper.Gephys-6117417-0 > TDB: Engine:51-255,Target:1 > LOGICAL EXPRESSION: 0&1&2&3&4&5&6&7&8&9 > * SUBSIG ID 0 >

Re: [clamav-users] Different results: Clamscan vs ClamWin

2017-05-03 Thread Peter B.
Thanks for your replies! On 05/03/2017 02:18 AM, Joel Esler (jesler) wrote: > First thing I notice is that you are running two different versions of > ClamAV. I know, but: *) v0.99.1 is the most recent version of ClamWin, so I can't go higher *) ClamWin also detected the virus with

Re: [clamav-users] FilenameRegex and case sensitivity

2017-05-03 Thread kionez
#include // created 03/05/2017 09:23 > Foxhole_filename.cdb etc. use this sort of thing... > > Sanesecurity.Foxhole.test:CL_TYPE_ZIP:*:(?i)word\.xls$:*:*:*:*:*:* Ooops, before asking I read carefully the manual (signatures.pdf) and peeked in other CDB rules, but I did not notice it.. sorry

Re: [clamav-users] FilenameRegex and case sensitivity

2017-05-03 Thread Steve Basford
On Wed, May 3, 2017 8:19 am, kionez wrote: > Hi all, > > > I wonder how I can use a case-insensitive FilenameRegex in signatures > based on container metadata. > > I.E.: if I would like to match "word", "Word" and "worD" (abd so on), my > rule will be something like: > >

[clamav-users] FilenameRegex and case sensitivity

2017-05-03 Thread kionez
Hi all, I wonder how I can use a case-insensitive FilenameRegex in signatures based on container metadata. I.E.: if I would like to match "word", "Word" and "worD" (abd so on), my rule will be something like: TEST.TestFilename.001:CL_TYPE_ZIP:*:[wW][oO][rR][dD]:*:*:*:*:*:* Is there a way to