Re: [clamav-users] more false positives?

Submit them to http://www.clamav.net/reports/fp. Sent from my iPad -Al- > On May 11, 2024, at 08:07, Richard via clamav-users > wrote: > >  > I run clamav on linux, but I also have windows 7 installed. > I mounted the windows partition and ran a clamav scan, > which found the following

Re: [clamav-users] Cannot "decode" a SHA256 signature

Sent from my iPad On Sep 12, 2023, at 01:29, Ralf Hildebrandt via clamav-users wrote: > should sigtool --decode-sigs really throw an error in that case? Perhaps not, but it's been the case for as long as I've been using clamav...decades now. Just my approach, but I always start with -f (or

Re: [clamav-users] Antivirus Bases showing outdated main.cvd with a version dated year 2021

Sent from my iPad On Aug 30, 2023, at 13:55, Jonathan Lee via clamav-users wrote: > This confusion stems from the following statement about main.cvd containing > and I quote "signatures previously in daily.cvd." Therefore, the signature > migration into main.cvd I assumed would constitute a

Re: [clamav-users] clamd: Is chunked scanning possible/sensible for files > 2Gbyte?

I am not an authority here, but do recall having seen previous responses to similar suggestions and such an approach was not recommended. This has to do with the way many of the signatures are designed to look for multiple ascii or hex strings that could well occur with such strings located in

Re: [clamav-users] How do I get something added to the ignore list

First get the file's hash value: sigtool --md5 /home/tmick/.config/libreoffice/4/user/basic/Standard/Module1.xba Then copy the results to an fp.local file. You will probably have to create such a file and add it to the ClamAV database. -Al- > On Jun 7, 2023, at 11:45 AM, Tim McConnell via

Re: [clamav-users] Unix.Malware.Kaiji-10003916-0

Note that the signature was dropped in daily - 26932 which was released several hours earlier than usual today.Sent from my iPad-Al-Sent from my iPad-Al-On Jun 7, 2023, at 10:43, Steve Basford via clamav-users wrote: Multi False Positive reports... Just a heads up. 

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

Just a note that in my experience, e-mail phishing detection is routinely disabled, perhaps because of excessive false positives, but also because signature maintenance appears to be a low priority. Sent from my iPad -Al- On Mar 22, 2023, at 10:44, newcomer01 via clamav-users wrote: > Hi

Re: [clamav-users] What to do with this file?

It is not an actual virus, just appears to be a file capable of exploiting the flaw described in CVE-2012-1889 . Discovered in 2012 (but only recently added to CISA catalog) there's a very good chance that you aren't running the old unpatched MS

Re: [clamav-users] exception rule - help needed

Just a guess, but perhaps by naming it daily.wbd it gets confused with the one that's embedded in daily.cvd. I always name my file local.xxx. -Al- > On Jan 5, 2023, at 5:21 AM, newcomer01 via clamav-users > wrote: > > okay, now i found a permission issue. > > Ubuntu sets the clamav-deamon

Re: [clamav-users] Question Exception Rule

I'm sure one of us could, but you need to tell us what the display and actual urls you want whitelisted first. Sent from my iPad -Al- On Dec 29, 2022, at 08:06, newcomer01 via clamav-users wrote: > Is it possible, that you assist me in this process?

Re: [clamav-users] false positive

A good start would be to tell us what the domain in question is. Sent from my iPad -Al- > On Dec 23, 2022, at 03:26, newcomer01 via clamav-users > wrote: > > Hi @ all, > > is there a way to submit a false positive "Phishing.Email.SpoofedDomain" so > that an exception can be added? > >

Re: [clamav-users] How many viruses/malware is clamav protecting us from?

Sent from my iPad On Dec 15, 2022, at 06:10, Michael Kyriacou via clamav-users wrote: Hello Michael, > Hello, is there a way to see how viruses/malware clamav current protects us > from. I don't believe I understand your question. Are you asking what malware clamav is protecting you

Re: [clamav-users] Information about the signature database

Yes I simply search the daily's. If you give me the signature name I can do that for you tomorrow. Sent from my iPad -Al- > On Dec 9, 2022, at 02:59, Mark Allan via clamav-users > wrote: > > Al will probably be along shortly to correct me (he's quite good at tracking > down when items

Re: [clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities

Those are vulnerability signatures, not necessarily for any existing malware. Anything that attempts to exploit those vulnerabilities should be caught. Sent from my iPad -Al- -- ClamXAV User On Nov 6, 2022, at 07:17, Turritopsis Dohrnii Teo En Ming via clamav-users wrote: > Subject: ClamAV

Re: [clamav-users] Txt.Downloader.Generic-6298945-0 FOUND

Hi Wally, Downloaders are not generally Trojans, although they may result from a Trojan that is used to install a Downloader. This signature has been in the Clamav database since Apr 26 2017, which would tend to indicate it's validity. The signature breaks out to: > % sigtool

Re: [clamav-users] hello help with config please

Your wish for another response is herein granted. There has been nobody else in this forum more helpful to more people than "GED" over the last several years now. And you would certainly be well served to pay close attention to each and every comment you receive from him. I didn't see anything

Re: [clamav-users] False Positive?

Did you submit to >? -Al- -- ClamXAV user On Aug 11, 2022, at 11:01 AM, David Laxer wrote: > Clamav 0.105.1 > > Xls.Downloader.Emotet-fe81817e7e81807e-9951541-0 FOUND > >

Re: [clamav-users] No daily sig since July 28th

On Mon, Aug 01, 2022 at 11:57 PM, G.W. Haywood via clamav-users wrote: > Al, the real reason for this post is that you mentioned the other day > that you'd also seen no viusdb mail for CVE CVE_2021_4034 although the > signature had appeared in the DB. The mail was sent on June 4th, the > sig was

Re: [clamav-users] No daily sig since July 28th

There have been no such announcements on the [clamav-virusdb] email list since the 28th. Sent from my iPad -Al- -- ClamXAV User On Aug 1, 2022, at 06:48, Shawn Iverson via clamav-users wrote: > Hello, > > I've noticed that a daily hasn't been posted since the 28th of July. Are > daily

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

I downloaded and installed both current versions of Node.js 16.16.0 LTS & 18.7.0 from > and no infected files were found. -Al- -- ClamXAV user On Mon, Aug 01, 2022 at 02:50 AM, Viktor Rosenfeld via clamav-users wrote: > Hi, > > about a month

Re: [clamav-users] PUA detected. False Positive?

a wrote: > Does that include CR at the end of a line? Docs suggest multiple ignores > in one file, each on it's own line. Did I misread? (not the first time) > > joe a > >> On 7/16/2022 12:18 AM, Al Varnell via clamav-users wrote: >> Yes, just make sure you

Re: [clamav-users] PUA detected. False Positive?

Yes, just make sure you don't have embedded spaces, carriage returns or other invisible characters. -Al- -- ClamXAV User > On Jul 15, 2022, at 8:43 PM, joe a wrote: > > That error was corrected, but now the error is "Malformed Database". > > Is it not a simple text string on a single line?

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

I've never seen a user post to that list and I've subscribed to it for decades. My impression has always been it's for database update announcements only. Sent from my iPad -Al- -- ClamXAV User > On Jul 9, 2022, at 09:44, Yaron Elharar via clamav-users > wrote: > > I didn't want to create

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Shouldn't make any difference as VirusTotal is likely using 0.105, but upgrading isn't up to me as that's something the ClamXAV developer will eventually get around to. Sent from my iPad -Al- -- ClamXAV User > On Jul 9, 2022, at 09:25, G.W. Haywood via clamav-users > wrote: > > A guess: I

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

ad767ff7f1e39ee9?nocache=1> > > "... but perhaps the above will allow you to track down what component of the > program is being detected." > > I thought about doing that, but I don't know where to start, > it would be great to understand what is happening, and

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi, Just FYI, that was added to the ClamAV daily.ldb signature database on Apr 9 of this year, which matches your FP reporting effort timeline. And the signature is: % sigtool -fWin.Dropper.Tinba-9943147-0|sigtool --decode-sigs VIRUS NAME: Win.Dropper.Tinba-9943147-0 TDB:

Re: [clamav-users] Permanently banned from clamav

On Jul 2, 2022, at 6:33 PM, Grant Taylor via clamav-users wrote: > I assume you are saying that "regularly" specifies what the cadence is. > > To which I maintain no it does not. > > I file my taxes /regularly/. Read /yearly/. > > I eat meals /regularly/. Read /multiple/ /times/ /a/ /day/.

Re: [clamav-users] false positives for firefox add-ons?

This was a false positive as discussed much earlier today on this very same list. It was corrected by a signature update over seven hours ago. Simply run freshclam and your curiosity will be history. -Al- > On Jun 25, 2022, at 5:40 AM, Christian wrote: > > Hello altogether, :-) > > >

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

On Jun 20, 2022, at 3:28 PM, Viktor Rosenfeld via clamav-users wrote: > Hi, > > A recent scan of my system found 8 infected files. On closer inspection, > these are all nodejs binaries, either installed through Homebrew or inside > another app (e.g., Docker or Adobe). Clamav reports that they

Re: [clamav-users] MS Word Follina - CVE-2022-30190

Actually, there are two so far, added pm June 2 and 7: % sigtool -f CVE_2022_30190-|sigtool --decode-sigs VIRUS NAME: Win.Exploit.CVE_2022_30190-9951234-1 TDB: Engine:96-255,Container:CL_TYPE_OOXML_WORD,Target:7 LOGICAL EXPRESSION: 0&1&2 * SUBSIG ID 0 +-> OFFSET: 0 +-> SIGMOD: NOCASE +->

Re: [clamav-users] How often can I run cvdupdate?

Almost always once a day, currently between 9:00 and 9:30 am GMT. I scanned back and the last time there was a twice a day was 23 Dec 2021 and very few no update days. -Al- > On May 25, 2022, at 9:13 AM, G.W. Haywood via clamav-users > wrote: > > Since it's just using DNS requests to check

Re: [clamav-users] How to delete logs after scan

Translation from Italian: Good morning, is it possible to clear the logs after each scan? If so, how? Thanks On May 23, 2022, at 3:50 AM, Marco Cesareo wrote: > Buongiorno, > > è possibile cancellare i log dopo ogni scansone? Se sì come? > > Grazie > Powered by Mailbutler

Re: [clamav-users] Unsubscribe!

You must do that yourself from the bottom of this page: . Sent from my iPad -Al- On Apr 13, 2022, at 20:08, Eliya Voldman via clamav-users wrote: > Please unsubscribe my email > Thanks ___

Re: [clamav-users] Is the signature "Win.Tool.Hoax-9939325-0" really problematic ?

On Apr 11, 2022, at 12:05 AM, alex via clamav-users wrote: > Is there a way to bypass the lifting of this signature, without completely > ignoring it, if it ultimately proves useful against other files? You can include an .fp file. See the documentation for format:

Re: [clamav-users] ClamAV 0.105 release candidate

freshclam (not fetchclam) or cvdupate are currently the only methods to obtain updates. -Al- == ClamXAV user > On Mar 15, 2022, at 4:15 AM, Andrew C Aitchison > wrote: > > Is there a way to get source and binaries via fetchclam or cvdupdate ? Powered by Mailbutler

Re: [clamav-users] Malware found on datadog folder in centos. Is it false-positive?

via clamav-users wrote: > FP confirmed (I guess) : > https://www.virustotal.com/gui/file/217ae5161a0e08c0fb873858806e3478c9775caffce5168b50ec885e358c199d > > > Le 31/01/2022 à 12:30, Al Varnell via clamav-users a écrit : >> First I would upload the file to https://virustotal.com to see i

Re: [clamav-users] Malware found on datadog folder in centos. Is it false-positive?

First I would upload the file to https://virustotal.com to see if any other scanners identify the file as malware. Sent from my iPad -Al- > On Jan 31, 2022, at 03:21, Nick Theofanidis via clamav-users > wrote: > >  > Hello, i hope everyone is well. > > while scanning my database vps

Re: [clamav-users] ClamAV detects XMR-Stak as malicious. Is this a false positive?

I suspect that it's because there are several instances of malicious software that install xmr-stak unknowingly to the user who then become a miner bot for a cybercriminal. If I were you I would just put it in a clamav.fp file so it will ignore your installation while still identifying any

Re: [clamav-users] Native Version

It wasn't to support ClamXAV. -Al- > On Oct 30, 2021, at 4:14 PM, Vaughn A. Hart wrote: > > Hi Joel… et al., > > I saw the reply about the clambav version but I sent an email before stating > that there was a pkg version when this current version was in beta. Right > after I sent that

Re: [clamav-users] Missing Mac OS .pkg installer

Not sure where you are seeing this, but perhaps you want the Homebrew or MacPorts packages referred to at >. There is also ClamXAV > and

Re: [clamav-users] Clam updates failing

> On Oct 22, 2021, at 11:16 AM, Paul Kosinski via clamav-users > wrote: > > On Fri, 22 Oct 2021 13:27:46 + > "Joel Esler \(jesler\) via clamav-users" > wrote: > >>> On Oct 21, 2021, at 18:55, Kenneth Porter wrote: >>> >>> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:

Re: [clamav-users] Configuration Error

Sorry, it's the clamd.conf file that normally requires clamconf to be run as root. -Al- = Vaughn, As Ged mentioned, it is not necessary to run clamconf in order to gererate any conf flies. Installation takes care of all that. In order to see the freshclam.conf info, you need to

Re: [clamav-users] Configuration Error

Vaughn, As Ged mentioned, it is not necessary to run clamconf in order to gererate any conf flies. Installation takes care of all that. In order to see the freshclam.conf info, you need to run it as root; sudo clamconf clamav-milter is a third party ClamAV tool, so if you didn't install it,

Re: [clamav-users] Clamav-safebrowsing failing

I have to wonder why bother when Safari most other macOS browsers already use Google SafeBrowsing to screen for fraudulent websites, as long as you leave it enabled. -Al- Powered by Mailbutler

Re: [clamav-users] Scanning PDF for phishing links

Joel, If that question was addressed to all on this list, then yes, I forward all spam to SpamCop and everything suspected as a phish to phishtank (among others). But it's low volume, just from my wife and my's accounts. Sent from my iPad -Al- > On Jun 29, 2021, at 12:48, Joel Esler (jesler)

Re: [clamav-users] Siganture database and certification

Sent from my iPad On Jun 8, 2021, at 02:07, CUVILLIEZ Jérôme via clamav-users wrote: > I would like to know how the signature database of ClamAV is build ? based on > which signatures ? I suggest you start by reading though this manual on Signature writing first:

Re: [clamav-users] State of false-positive message evaluation for Img.Exploit.CVE_2017_3049-6268090-0

older applications for economic or other reasons. -Al- Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark_medium=email_campaign=watermark-essential-email>, the email extension that does it all On May 7, 2021, at 00:59, Al Varnell wrote: > Prof Rulle, >

Re: [clamav-users] State of false-positive message evaluation for Img.Exploit.CVE_2017_3049-6268090-0

Prof Rulle, I believe you mean a false positive, don't you? A false negative would be a failure to report, but clearly ClamAV does detect this. The proper way to report this would be to file a False Positive Report here: . If you can also provide a hash value

Re: [clamav-users] False positive on Heuristics.Phishing.Email.SSL-Spoof, no attachment

As you have noted, this is a common situation. Anytime the actual URL does not closely match the displayed URL you'll get an alert unless it has been added to an M or X signature in the database. I haven't been convinced that anybody is maintaining that list of exceptions, so disabling it is

Re: [clamav-users] vistumbler as false positive

gt;> /root/Vistumbler_v10-7.zip: Win.Malware.Generic-9819492-0 FOUND >> So. looks like this is false positive on vistumbler.. >> Eero >> On Thu, Apr 8, 2021 at 5:03 AM Al Varnell via clamav-users >> mailto:clamav-users@lists.clamav.net> >> <mailto:clamav-user

Re: [clamav-users] vistumbler as false positive

Without knowing the name of the infection I can't provide even a guess as to whether it is or not, but the exact answer to your question is for you to report it by filling out the form found @https://www.clamav.net/reports/fp including the file itself. Sent from my iPad -Al- On Apr 7, 2021,

Re: [clamav-users] Getting 403 Forbidden Error

You may need to supply your IP address in order for any blocking action to be removed. Sent from my iPad -Al- > On Mar 30, 2021, at 23:29, Varun, Michael via clamav-users > wrote: > > Hello Team, > > We are receiving 403 Forbidden error for our freshclam downloads. > > We have disabled

Re: [clamav-users] Detection rate

I would expect Joel would know if there were since it's his program. -Al- > On Mar 29, 2021, at 16:42, María Belén Bonino via clamav-users > wrote: > > So there are no available reports on the current detection rate? smime.p7s Description: S/MIME cryptographic signature

Re: [clamav-users] Heuristics, only on or off?

Sent from my iPad > On Mar 23, 2021, at 18:29, Joe Acquisto-j4 wrote: > > The "spoofed domain" is the one I would rather allow to pass through without > comment or quarantine as some are "legitmate". But the docs did warn > about "false posititves". Although pedantic types (who me?) might

Re: [clamav-users] Linode Clam AV Updates

Sent from my iPad On Mar 20, 2021, at 09:51, Paul Smith via clamav-users wrote: > On 20/03/2021 04:31, Joel Esler (jesler) via clamav-users wrote: >> Please check out cvdupdate or Freshclam for your updates. Once or twice a >> day to check is fine. >> > FWIW, running cvdupdate only once or

Re: [clamav-users] unsubscribe

You must do that for yourself near the bottom of this page: Sent from my iPad -Al- > On Mar 20, 2021, at 05:20, Larry Turner via clamav-users > wrote: > > Please unsubscribe me also. ___

Re: [clamav-users] Offline Updating

On Mar 17, 2021, at 02:42, Paul Smith via clamav-users wrote: > On 17/03/2021 09:34, James Mcloughlin via clamav-users wrote: >> I have a stand alone machine that is not connected to the internet or any >> other device and for security reasons it cannot be connected at all. >> >> I have looked

Re: [clamav-users] Unable to download clamav cvd file using google cloud python function

Can't believe how many people haven't been read this forum... -Al- On Mon, Mar 08, 2021 at 11:23 AM, Joel Esler via clamav-users (jesler) wrote: > As a result of events documented in places here: > https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html >

Re: [clamav-users] signature exists, but not detecting

total.com/gui/file/d2178904c657f7226212e535581ba61d8aa5383bf01ca94184ac76b5e8b0f98a/detection> > > On Tue, Feb 23, 2021 at 10:03 PM Al Varnell via clamav-users > mailto:clamav-users@lists.clamav.net>> wrote: > > > On Tue, Feb 23, 2021 at 09:30 AM, Ron Seguin via clam

Re: [clamav-users] signature exists, but not detecting

/gui/file/d2178904c657f7226212e535581ba61d8aa5383bf01ca94184ac76b5e8b0f98a/detection > > <https://www.virustotal.com/gui/file/d2178904c657f7226212e535581ba61d8aa5383bf01ca94184ac76b5e8b0f98a/detection> > > On Tue, Feb 23, 2021 at 10:03 PM Al Varnell via clamav-users > mailto:clamav-users@lists.clamav.ne

Re: [clamav-users] signature exists, but not detecting

On Tue, Feb 23, 2021 at 09:30 AM, Ron Seguin via clamav-users wrote: > Hi, > > Uploaded a file to virustools.com and results show > that ClamAV detects the Unix.Trojan.Tsunami-6981155-0 exploit. I'm not familiar with virustools.com and I get a redirect when I attempt

Re: [clamav-users] ClamAv help

Jay, You might want to take a look at ClamXAV which will give you a GUI interface enabling you to do most, if not all of what you are attempting, as well as provide some additional features and protections over and above what ClamAV can do: . It does require a paid

Re: [clamav-users] Is there anything to do about encrypted viruses?

When you submit it, be sure to include the password so that the ClamAV signature team can properly asses it and provide a hash signature for the zip file. -Al- > On Dec 22, 2020, at 03:32, Alessandro Vesely via clamav-users > wrote: > > Hi all, > > > today I received a message with an

Re: [clamav-users] ClamAV Scan - Data Read vs Data Scanned

The eicar test file is 68 bytes long which is .68 MB which rounded to two significant digits is 0.00 MB both scanned and read. There are various limits, depending on file and archive types as to how much is read and/or scanned. In most cases they will be exactly the same. -Al- > On Nov 1,

Re: [clamav-users] recently noted that scanning firefox browser cache reports many errors

Exactly, which is why I consider cache scanning to be a total waste of time. Most of what will be found is just adware and if it caused any issues, that would already have taken place. Cache files are just history files and perfectly harmless by themselves. Sent from my iPad -Al- ClamXAV User

Re: [clamav-users] Unsubscribe

That's not the way it works. You must unsubscribe yourself at the bottom of , a link included at the bottom of every email you receive from this list. Sent from my iPad -Al- > On Oct 6, 2020, at 02:26, Steve Wragge > wrote: > >

Re: [clamav-users] Problem with cld archive

Quick answer: ScriptedUpdates no But you should make sure you have complied with everything else outlined in Option 2 of . Sent from my iPad -Al- ClamXAV User On Oct 4, 2020, at 23:31, Jose Manuel Valseca Echevarria wrote: > Good

Re: [clamav-users] ransomware

I'm certain that the answer to your first question is yes, as there are almost 15,000 signatures in the current database that specifically address ransomware and have been since they first appeared. Most address the Windows platform. Ransomware detection and removal is no different from that

Re: [clamav-users] Malware reporting question

It would help the staff if you can provide hash values of the files you provided. -Al- > On Sep 17, 2020, at 19:24, Dismas Axel (Thomas) via clamav-users > wrote: > > Hello, > > I have submitted reports for some malwares hidden in docs and xlsx format at >

Re: [clamav-users] ClamAV - Emotet - Malware not detected

By transmitted, do you mean by email? If so, what are you using to feed email messages to ClamAV? Also, what platform and version are you running and what version of ClamAV? Sent from my iPad -Al- On Sep 16, 2020, at 01:44, SG/SNUM/UNI/DETN/GMCD emis par AECK Cyril - SG/SNUM/UNI/DETN/GMCD

Re: [clamav-users] ClamAV vs WannaCry

I'm a macOS user, so cannot give you a definitive answer, but at the time it was so common that I can't imagine that all necessary signatures for the original and all subsequent variants were added years ago. I'm also under the impression that most versions of Windows OS have been patched to

Re: [clamav-users] Way to access .cvd file

I'm sure you are correct that few, if any, would used --debut routinely, but I would definitely do so if I had a need to whitelist a safebrowsing entry. OTOH, that database is quite dynamic with Google adding and deleting entries multiple times a day, so I would more likely want to take up any

Re: [clamav-users] ClamAV® blog: Freshclam, cdiffs and bandwidth are your friends

On Tue, Jul 28, 2020 at 16:01 PM, Paul Kosinski via clamav-users wrote: > Are there *never* any urgent virus updates released in between? I may have missed it, but I had to go back to the end of January 2019 to find an occurrence of more than one update on a given day. -Al- smime.p7s

Re: [clamav-users] Problem with one virus definition

Html.Exploit.CVE_2017_0011-5752098-0 was added to the ClamAV database by daily 23249 on Mar 29, 2017 and dropped by daily 25820 on May 22. -Al- > On May 26, 2020, at 13:03, Luis Herrada via clamav-users > wrote: > > Hello ClamAV team: > > Starting May 22th , the new update on the virus

Re: [clamav-users] CHANGING TIME

020, at 22:29, Steven Hutcherson via clamav-users > wrote: > > 10.14.6 PURCHASED ONLINE AND INSTALLED BY ME. THANKS > >> On May 4, 2020, at 9:17 PM, Al Varnell via clamav-users >> wrote: >> >> Scan initiPations are totally controlled by some process external to

Re: [clamav-users] CHANGING TIME

Al- ClamXAV User > On May 4, 2020, at 22:29, Steven Hutcherson via clamav-users > mailto:clamav-users@lists.clamav.net>> wrote: > > 10.14.6 PURCHASED ONLINE AND INSTALLED BY ME. THANKS > >> On May 4, 2020, at 9:17 PM, Al Varnell via clamav-users >> mailto:c

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

at signature despite already using pcre2 in our build. > > Mark > > > On 2 May 2020, at 3:45 am, Al Varnell via clamav-users > mailto:clamav-users@lists.clamav.net>> wrote: > > Although I complete support what Mark has recommended, I would caution that > there c

Re: [clamav-users] CHANGING TIME

Scan initiations are totally controlled by some process external to to ClamAV software, so you are going to have to share with us what platform, OS and whether ClamAV came as part of your installation, came as part of a 3rd party package or was installed by you from source. Sent from my iPad

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

Although I complete support what Mark has recommended, I would caution that there could easily be a future signature that will cause this same issue if the root cause of not upgrading to pcre2 is not accomplished, and figuring out what signature that is won’t be easy. Sent from my iPad -Al-

Re: [clamav-users] ClamAV users

Dan, Did you even read what Micah wrote? You have to do it yourself at the site he showed and it’s also at the bottom of every message you have ever received from this list. Sent from my iPad -Al- > On Apr 10, 2020, at 13:33, Dan Fiore via clamav-users > wrote: > > UNSUBSCRIBE > >

Re: [clamav-users] Heuristics.Limits.Exceeded FOUND

Much of that time is almost certainly being consumed by loading the signature database into RAM. How long does it take using clamdscan? Sent from my iPad -Al- On Apr 6, 2020, at 12:29, Paul Kosinski via clamav-users wrote: > > It *does* take more than 120 secs for the clamscan command to

Re: [clamav-users] Status of SafeBrowsing CVD

I know that Google sets a time limit on it’s database which doesn’t allow a detection to be reported unless the database meets that limit. I would assume that ClamAV enforces such limits and that any user who has enabled SafeBrowsing has not been actually protected by this database since

Re: [clamav-users] eff.org.xpi false positive ? Mailing Lists/ClaMav/clamav-users x

Note that it’s labeled “UNOFFICIAL” which means that it wasn’t a ClamAV signature that identified it as infected. You really need to contact the author of whatever unofficial signature you subscribe to that was used, for an authoritative answer. Sent from my iPad -Al- ClamXAV User On Mar 25,

Re: [clamav-users] Clamav 0.99.2 and new virus definitions

You asked the same question two days ago with no response, so it’s a good bet that none of the readers here have a solution. Sent from my iPad -Al- On Feb 20, 2020, at 09:31, 99r c via clamav-users wrote: > Hi I have found that our older clamav is failing on the pcre compilation > we cannot

Re: [clamav-users] EICAR Intermittently Not Detected with Latest Definitions

There was a previous discussion on this the day that the EICAR signature was apparently moved to the ignore list which caused the Clamav.Test.File-7 signature to begin identifying such files. After a few days the testfile signature was dropped, but nobody from the ClamAV signature staff ever

Re: [clamav-users] Failing eicarcom2.zip test after recent DB update

Today's daily-2572 update drops the Osx.Malware.Agent-1714718 signature. That would seem to mean that ClamAV will no longer detect an eicar test file. -Al- ClamXAV User On Mon, Feb 10, 2020 at 08:58 PM, Al Varnell wrote: > Yes, I think we all knew most of that from the OP. Is "S

Re: [clamav-users] Failing eicarcom2.zip test after recent DB update

0 at 11:01 AM, David Raynor wrote: > So the "testfile" is Sample ID 33522083, which is > 44d88612fea8a8f36de82e1278abb02f and 68 bytes. Researching. > > Dave R. > > On Sat, Feb 8, 2020 at 1:57 AM Al Varnell via clamav-users > mailto:clamav-users@lists.clamav.net&

Re: [clamav-users] Failing eicarcom2.zip test after recent DB update

A bit of a guess on my part, but I since the hash values for both signatures are identical, normally only the first one encountered would be reported. Looks like daily-25717 added one signature to the ignore list, which is where my guess that it was “Eicar-Test-Signature” comes in. That would

Re: [clamav-users] Why clamscan is slow loading the certificate?

Loading signatures. And please don't hijack a thread by replying to a previous posting and changing the Subject. There are hidden headers that cause it to appear in the same conversation as the original posting. -Al- > On Jan 31, 2020, at 21:56, kaifeng zeng via clamav-users > wrote: > >

Re: [clamav-users] What would be a basic scan of my file system (Linux, CentOS 7)?

I'll let a CentOS runner respond to your first question. > On Jan 31, 2020, at 21:28, Eduardo Lúcio Amorim Costa via clamav-users > wrote: > > I have two questions... > > I - What would be a "basic scan" of my file system (Linux, CentOS 7) using > clamscan? That is, what parameters should I

Re: [clamav-users] Question

Sent from my iPad On Jan 12, 2020, at 16:49, Mason, Aj via clamav-users wrote: > I have to update definitions on my offline Linux file and I needed assistance > with how to copy the files to my Linux system. I have already downloaded all > three files already. Is there a repository to > >

Re: [clamav-users] Osx.Adware.TotalAdviseSearch-7489207-0 FOUND

daily 25690 was released five minutes ago and included the following entry: > Dropped Detection Signatures: > >* Osx.Adware.TotalAdviseSearch-7489207-0 -Al- ClamXAV User = On Jan 9, 2020, at 10:03, Douglas Stinnette mailto:dstin...@vcu.edu>> wrote: > Could you

Re: [clamav-users] Osx.Adware.TotalAdviseSearch-7489207-0 FOUND

On Jan 9, 2020, at 10:03, Douglas Stinnette wrote: > Could you let me know the name of the next update? Should be daily - 25690 released about twelve hours from now. > Any suggestions on how I can restore the files locally? If you are using the basic ClamAV and those files were deleted, you'll

Re: [clamav-users] Why clamdscan and clamscan may give different results

That's correct and AFAIK, has always been the case. clamscan configurations is accomplished during the compile stage leading to installation and clamd.conf options only apply to clamd and clamdscan. -Al- On Jan 8, 2020, at 18:25, Paul Kosinski via clamav-users wrote: > > It seems to be

Re: [clamav-users] Freshclam 0.102.1 ignores "--disable-ipv6"

I’m fairly certain this was previously discussed. Might want to check the archives. I have not run across any site yet that is IPv6 only, but I suspect users in Asia have. Sent from my iPad -Al- > On Jan 6, 2020, at 18:12, Paul Kosinski via clamav-users > wrote: > > Even though I built

Re: [clamav-users] How to purge a CustomDatabaseURL File from clamav completely?

Sent from my iPad On Jan 3, 2020, at 00:32, i...@schroeffu.ch wrote: > >>> And report the false positive to the ClamAV team? >> >> All false positives from SecuriteInfo.com signatures should be sent to >> webmas...@securiteinfo.com. >> Thank you. > > As this false positive was from unofficial

Re: [clamav-users] Clamscan taking a very long time

Sent from my iPad On Jan 2, 2020, at 22:38, Michael Newman via clamav-users wrote: > I’ve searched and looked through the ClamAV documentation but haven’t been > smart enough to find a definition for "Total errors:". Does anyone know what > it means? Most error reports involve files that

Re: [clamav-users] Why virus definition DB download url is not https?

Each DB's integrity is protected by an embedded signature, so https adds little or nothing to security here. -Al- On Dec 12, 2019, at 11:45, kaifeng zeng via clamav-users wrote: > > Hi, > > One of the recommended way to get the latest Virus definition DB is through > the following link.

Re: [clamav-users] Elmedia Player.app detection

That signature has been in the database since Oct 20, 2017 and is a hash signature, so there's little chance of it being an FP. [daily.hsb] 17fe5ebacff74bfb6028eb371ceeaf2b:2484384:Osx.Trojan.Proton-6352635-0:73 -Al- ClamXAV User On Tue, Dec 10, 2019 at 06:02 AM, Douglas Stinnette wrote: >

Re: [clamav-users] local.pdb database

I know of no reason why it shouldn’t be working. I’ve used a variety of other types of local.xxx databases over the years and they all appeared to be working at the time. Do you have some indication that it isn’t working? Have you tried scanning a file that should match to test? Sent from my

  1   2   3   4   5   6   7   8   9   10   >