Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread bitfuzzy
Actually it appears that only "part" of AVG detects it. Virustotal indicates that AVG cleared the file as being "clean" however the second site (garyshood.com) seemed to use AVG "command line" Given the reputation of some of the scanners referenced by Virustotal, not to mention the sheer

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Al Varnell
So it seems to me if only one scanner detects this “test” file then it’s far from being the universal industry standard test file that EICAR is. Maybe I’m missing something, but your penetration testers would appear to be a fraud or shill for AVG or both? I’m not sure why the Cisco/ClamAV

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
Thanks Al. virustotal.com doesn't show any problems with the file, but a site called Gary's Hood does: https://www.virustotal.com/en/file/14b2420f7490e612b9f0c65af180268b2ad41c3ec209b42f4d085aacb8ef973f/analysis/1478535605/

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Al Varnell
Try uploading it to and give us the link to the analysis page. I don’t find that anything with that MD5 has been uploaded. -Al- On Mon, Nov 07, 2016 at 07:25 AM, Richard McCombie wrote: > > I uploaded a small ASCII-format file, which, like the EICAR test file, is

Re: [clamav-users] Issue with daily-22474

2016-11-07 Thread Al Varnell
Thanks for the explanation, but all the user issues observed by Mark and I involved scan engine 0.99.2. -Al- On Mon, Nov 07, 2016 at 06:48 AM, Joel Esler (jesler) wrote: > > We split the daily into two, essentially, from what I understand. Then > changed the flevel on the second set. This

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
I uploaded a small ASCII-format file, which, like the EICAR test file, is supposed to trigger a warning from AV software. I'd be happy to email this to the appropriate address, but I won't do that until someone can confirm which address I can use without breaking any rules. Thank you for your

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Al Varnell
I’m a bit confused by this. Did you send a virus signature or did you upload malware? Those are not at all the same thing. -Al- On Mon, Nov 07, 2016 at 06:05 AM, Richard McCombie wrote: > > Thanks Joel. > > I have subscribed to community-sigs; the welcome message informs me that > virus

Re: [clamav-users] Issue with daily-22474

2016-11-07 Thread Joel Esler (jesler)
We split the daily into two, essentially, from what I understand. Then changed the flevel on the second set. This will allow older versions of ClamAV to receive updates, without crashing and newer versions of ClamAV to handle everything. Maybe the speed of the connection or the mirror?

Re: [clamav-users] Issue with daily-22474

2016-11-07 Thread Mark Allan
Hi Joel, Thanks for the explanation. I'm still confused/surprised as to why such a large cdiff should cause freshclam to hang though. What is the file size limit that freshclam can handle safely? Also, given the cdiff file was approximately the same size as the entire daily db, would it have

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
Thanks Joel. I have subscribed to community-sigs; the welcome message informs me that virus samples are not to be sent to the list: Welcome to the community-s...@lists.clamav.net mailing list! DO NOT SEND VIRUS SAMPLES HERE!!! Send them through our web interface at

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Joel Esler (jesler)
The processing that comes in through the website is largely automated. Submitting signatures should be done through the community-sigs list, until we make a submission method through the website. Sent from my iPad > On Nov 7, 2016, at 6:45 AM, Richard McCombie >

Re: [clamav-users] Issue with daily-22474

2016-11-07 Thread Joel Esler (jesler)
Oh my, I apologize, it just dawned on me that I sent a note to the mirrors list, but not to the users list. A "larger than normal" cdiff to the Daily.cvd was published. Unfortunately with the timeline that we had to publish it, and my personal travel schedule, I was not able to put out a note

[clamav-users] Issue with daily-22474

2016-11-07 Thread Mark Allan
Hi folks, Was "daily-22474.cdiff" supposed to be ~20MB in size? The freshclam binary seems to hang whilst processing it, and if left long enough, you end up with a corrupt daily.cld database. I'm surprised no-one else has reported this here, so I'm wondering was it only the UK mirrors that

[clamav-users] Virus Signature Submitted on 17/10/2016

2016-11-07 Thread Richard McCombie
Good morning, I submitted a virus signature (at http://www.clamav.net/reports/malware) on 17th October. I used the name Richard McCombie for this. It would be great if you could incorporate this virus sample into your database of virus signatures. I am working on helping a client pass their