Re: [clamav-users] Win.Exploit.CVE_2017 in user32.dll

These have been fixed. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Oct 30, 2017, at 7:59 AM, JD Ackle mailto:jdali...@yahoo.com.br>> wrote: Hello, A clamscan running from Linux on a Windows disk (mounted on /mnt ) produced the following re

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

This has been dropped as well. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Oct 24, 2017, at 5:11 AM, Tsutomu Oyamada mailto:oyam...@promark-inc.com>> wrote: Yes, I have submit the file many times. File name: om

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

All — This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Oct 20, 2017, at 8:30 AM, Gene Heskett mailto:ghesk...@shentel.net>> wrote: On Friday 20 October 2017 02:06:38 Al Varnell wrote: I assume we are all still t

Re: [clamav-users] Clamav log messge

on fd 11. Any suggestion /idea. Thanks Bhavin, We’ve received all five of your emails. No need to send it that many times :) -- Joel Esler Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com ___ clamav-users m

Re: [clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

This signature was fixed this morning. Sent from my iPhone On Oct 5, 2017, at 5:03 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: Please don't include signatures that apply to all file types in your email to the list as the message gets marked as infected. I'm sure some of the intermediate

Re: [clamav-users] Unsubscribe not working

s too. also, do those mail come exactly to your address use...@karmasailing.uk<mailto:use...@karmasailing.uk>? It happens sometimes that person lets old account forward mail and can't unsubscribe from new one... That email address is not a member of the list. -- Jo

Re: [clamav-users] question about fale positives

Correct. Although we are currently working on a confirmation system for receipt of and resolution of, false positives. Sent from my iPhone On Sep 30, 2017, at 4:22 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: You won't receive a response unless you subscribe to the clamav-virusdb email l

Re: [clamav-users] URL In Freshcalm

This site is permanently down. We are currently refactoring this. Sent from my iPhone On Sep 27, 2017, at 7:09 AM, Jerry mailto:je...@seibercom.net>> wrote: In the "freshclam.conf" file, there is a URL listed to collect "personal statistics". The URL is: http://www.stats.clamav.net I have be

Re: [clamav-users] OT: mailing list behaviours (Re: Part 2: Dynamic engine module for scanning media files (e.g., MP3, MP4, etc.)?)

I don’t think we need it. The only people that really need to worry about a configuration like that are people that use Mutt/Pine/etc, and generally those people know how to set those particular settings. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>

Re: [clamav-users] OT: mailing list behaviours (Re: Part 2: Dynamic engine module for scanning media files (e.g., MP3, MP4, etc.)?)

On Sep 19, 2017, at 2:48 PM, Kris Deugau mailto:kdeu...@vianet.ca>> wrote: Crystalslave wrote: Return-Path: harlequin...@gmail.com First off, my apologies for the confusion. This is my first time posting to a mailing list; I didn't really know how to handle th

[clamav-users] ClamAV® blog: ClamAV Customer Feedback Survey

dback! -- Joel Esler | Talos: Manager | jes...@cisco.com ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/c

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

This was taken care of already. Thanks! -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Sep 12, 2017, at 3:36 PM, Judd Grayzel mailto:judd_gray...@yahoo.com>> wrote: The MD5 of the false positive file that I submitted to the website:MD5 h

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Depends on your operating system, but googling “how do I find the md5 of a file” for your OS should turn of plenty of results. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Sep 11, 2017, at 5:42 PM, Judd Grayzel mailto:judd_gray...@yahoo.com>> w

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

You want to submit some false positives to us via the website, followup here with the md5s of the files you submit, the malware team can take a look. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Sep 11, 2017, at 3:06 PM, Judd Grayzel mailto:jud

Re: [clamav-users] Signatures in md5sum not in sha256sum

Reported them to bugzilla? Sent from my iPhone On Sep 11, 2017, at 5:35 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: On 8 Sep 2017, at 5:32 pm, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: We don't have a slated date yet. We've had about 6000 download

Re: [clamav-users] Signatures in md5sum not in sha256sum

We don’t have a slated date yet. We’ve had about 6000 downloads of the beta package and no reported bugs so far. So far, so good. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Sep 8, 2017, at 8:20 AM, Vijayakumar U mailto:vj1...@gmail.com&g

Re: [clamav-users] When and what version will next release be?

99.3 is out for beta. Should release September. Sent from my iPhone On Aug 31, 2017, at 6:13 PM, Scott Kitterman mailto:deb...@kitterman.com>> wrote: Last I recall hearing about the schedule, Cisco said they planned to release in July. Not sure what the plan is now. Scott K On August 31, 2

Re: [clamav-users] When and what version will next release be?

We are currently planning the roadmap for 99.4 and 99.5. So if you have features for the engine itself we’d love to hear them! -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 31, 2017, at 3:00 PM, Al Varnell mailto:alvarn...@mac.com>> wrote

Re: [clamav-users] Mirror issues and what we are doing to fix it

Dennis, The team has been cleaning this up almost all day. Expect the work to continue for awhile. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 30, 2017, at 1:11 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: I had the same thin

Re: [clamav-users] Mirror issues and what we are doing to fix it

Gene, Thanks. I’ll give this to the ops team. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 28, 2017, at 2:07 PM, Gene Heskett mailto:ghesk...@shentel.net>> wrote: On Monday 28 August 2017 13:48:32 Joel Esler (jesler) wrote: As a quick

Re: [clamav-users] DNS issue: there is a loop

Hans, We are aware of this issue, and I have opened a ticket with our operations team. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 30, 2017, at 8:46 AM, MAYER Hans mailto:hans.ma...@iiasa.ac.at>> wrote: Dear systems administrators The

Re: [clamav-users] Mirror issues and what we are doing to fix it

As a quick followup to this, we’ve removed all the mirrors in the mirror list that no longer resolve. Yes, it took us longer than it should have to realize that this needed to be done, but it’s now done. Further improvements should continue in the coming days. -- Joel Esler | Talos: Manager

[clamav-users] Mirror issues and what we are doing to fix it

orward. Please continue to bear with us a little while longer. They always say things get worse before they get better. Right now, hopefully, we are at the “worst” stage. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@

Re: [clamav-users] Freshclam failure - Still ongoing???

Al — Thanks for responding. I’m going to write an email in a separate thread, so that people see it. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 27, 2017, at 4:36 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: If I recall correctl

Re: [clamav-users] Freshclam failure - Still ongoing???

ervers. However, the reports that we are seeing here, through social media, and the direct reports via the website are telling us that you need to delete mirrors.dat and the daily.cld file that are on your systems and re-run Freshclam. -- Joel Esler | Talos: Manager | jes...@cisco.com<m

Re: [clamav-users] Freshclam failure - Still ongoing???

I am discussing this with our team, about how to make this process not suck. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 25, 2017, at 11:01 AM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: This is abysmal. # freshclam --list-m

Re: [clamav-users] Freshclam failure - Still ongoing???

On it Sent from my iPhone > On Aug 25, 2017, at 5:14 AM, Paul Dean wrote: > > Oh shoot ClamAV ppl, help please... > > -- > > > Thanks > > Paul Dean. > > "Life is not WHAT you make it, it's WHO you have in it..." > > > On Fri, 25 Aug 2017 10:47:23 +0200 > maxal wrote: > >> hi, >> >

Re: [clamav-users] Unable to download database

list? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 23, 2017, at 3:16 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: After testing several of the DNS round robin aliases I found the db.ca.clamav.net<http://db.ca.clamav.ne

[clamav-users] CVD Download issues for August 23, 2017

the future. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 beta has been released!

Copy and paste error! Good catch -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Aug 4, 2017, at 3:09 AM, Matus UHLAR - fantomas mailto:uh...@fantomas.sk>> wrote: On 03.08.17 23:04, Joel Esler (jesler) wrote: * Deprecating internal LLVM code

[clamav-users] ClamAV® blog: ClamAV 0.99.3 beta has been released!

es of 'make check VG=1' on FreeBSD 10.3 and 11.0 We ask that feedback be provided via the ClamAV mailing lists<http://www.clamav.net/contact#ml>. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> __

Re: [clamav-users] Verify Integrity of ClamAV Sources: Unable to find Sourcefire VRT key

This should be fixed with the 99.3 release, which should be coming out soon. -- Joel Esler | Talos: Manager | jes...@cisco.com <mailto:jes...@cisco.com> > On Jul 28, 2017, at 1:09 AM, Al Varnell wrote: > > See if this helps: GPG signature problem with clamav-0.99.2.

Re: [clamav-users] Please remove me

Click on the "lists" link below, and you will find directions for how to do it yourself. -- Sent from my iPhone > On Jul 10, 2017, at 08:30, Walker, Jason T. wrote: > > Thanks! > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > htt

Re: [clamav-users] New ClamAV update?

All the ones listed in that list are fixed if you are running the current version. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jul 3, 2017, at 9:54 AM, Mark Foley mailto:mfo...@novatec-inc.com>> wrote: On Sun, 02 Jul 2017 11:25:34 -070

Re: [clamav-users] sanesecurity: Permission denied

Just for the record, I think it's fine that sanesecuirty posts are on this list. -- Sent from my iPhone > On Jul 3, 2017, at 07:23, Al Varnell wrote: > > None of these are ClamAV files, so you need to take this up with the > > > -Al- > ClamXA

Re: [clamav-users] clamav-0.99.2 Installation

If you are simply looking for a free antivirus engine for Windows, but also includes ClamAV, we recommend another product we make called Immunet. It also contains ClamAV, so you get the best of both worlds, for free. -- Sent from my iPhone > On Jul 2, 2017, at 13:10, G.W. Haywood wrote: >

Re: [clamav-users] clamav-0.99.2 Installation

We no longer host any of the official downloads on Sourceforge. In fact, all projects that we maintain are moving off of sourceforge. -- Sent from my iPhone > On Jul 2, 2017, at 12:14, Andy Schmidt wrote: > > Hi David, > >>> I recently installed ClamWin (ver 0.99.1) from SourceForge << > >

Re: [clamav-users] New ClamAV update?

We are currently planning on 0.99.3 coming out near the end of July. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 29, 2017, at 5:10 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: CVE-2012-6706 concerns a VMSF_DELTA memory corruption wa

Re: [clamav-users] GPG signature problem with clamav-0.99.2.tar.gz

Jim, Thanks. This look like the vulndev key. The correct key is on the contact page of Talosintelligence.com. We'll take a look here. -- Sent from my iPhone > On Jun 30, 2017, at 13:46, Jim Michaud wrote: > > I just downloaded clamav-0.99.2.tar.gz from > https://www.clamav.net/downloads

Re: [clamav-users] Automated Signature Production

Al, I believe this is caused by another issue that we are working to resolve, one of our sample indexes is undergoing maintenance. We use this particular index to look up hashes and sizes for sample conviction. This should be fixed soon. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] issues with mirror - 194.186.47.19

#1 Correct #2 Its in my backlog. But there are only so many hours in the day. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 15, 2017, at 6:31 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: I am under the impression that the mirrors

Re: [clamav-users] issues with mirror - 194.186.47.19

I got your post just fine. Maybe just that one recipient. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 15, 2017, at 1:12 PM, Orrick, Diana mailto:orr...@fsu.edu>> wrote: I don't know why my post failed fraud detection? I don't p

Re: [clamav-users] Use on linux operating systems

Cause you provide five examples? So we can see if it's one particular error? -- Sent from my iPhone > On Jun 13, 2017, at 07:02, Paul Moreno wrote: > > There are so many it's proven difficult to recommend the use of ClamAV. > >> On 13 Jun 2017, at 12:57

Re: [clamav-users] Use on linux operating systems

Plus reports of those false positives would be fantastic. -- Sent from my iPhone > On Jun 13, 2017, at 06:53, Paul Moreno wrote: > > Thanks for the responses. As it stands now, the client get massive amounts > of false positives with seemingly no trigger. I’m working on sifting through > l

Re: [clamav-users] Use on linux operating systems

Thanks Al, there's actually far more than that. Wonder how many signatures I have written that start with ELF or even APK. -- Sent from my iPhone > On Jun 13, 2017, at 06:10, Al Varnell wrote: > > Although ClamAV was originally introduced as mail scanner and does have some > unique capabil

[clamav-users] Main CVD and Main Cdiff have been published

. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:

Re: [clamav-users] ClamAV® blog: ClamAV will be publishing a new Main.cvd on Wednesday, June 7th, 2017

We are still moving forward. But we are just waking up here in the US. -- Sent from my iPhone > On Jun 7, 2017, at 04:35, Andreas Schulze wrote: > >> Am 17.05.2017 um 16:56 schrieb Joel Esler (jesler): >> We are currently planning on cutting a new Main.cvd on Wednesday,

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

I do agree that these features need to be decoupled. We’ve marked that as a feature we’d like to develop. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jun 1, 2017, at 2:44 AM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: Am 01.06.2

Re: [clamav-users] clamav-users Digest, Vol 150, Issue 19

So is it us that needs to adjust our software for something that PayPal is doing? Or should PayPal adjust what they are doing? -- Sent from my iPhone > On May 31, 2017, at 06:38, Al Varnell wrote: > > OK, I managed to clean it up enough and added a fake header so I could run > clamscan --debu

Re: [clamav-users] Mail from Paypal wrongly identified as phishing by ClamAv

I assume G.W. means “using a URL that looks like something this”: src="https://102.112.2O7.net/b/ss/paypalglobal/1/G.4--NS/123456?pageName=system_email_PP1814” -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 18, 2017, at 1:15 PM, Re

Re: [clamav-users] about signature matching process

ClamAV will match on multiple signature types. By default it will only alert on the first match, but you can configure this differently. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 19, 2017, at 12:52 PM, Abdullah AL-Mutairy mailto:aboh

Re: [clamav-users] WannaCry Homeland Security yara script. False positives?

Yes. We strip attachments. However, are there samples that are not being caught by the ClamAV ruleset? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, at 6:30 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: I'm pretty certain

Re: [clamav-users] New Main.cvd coming

main.cvd will receive a cdiff. So, the size will be considerably smaller than a full “main” push. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, at 10:48 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: I will talk

[clamav-users] ClamAV® blog: ClamAV will be publishing a new Main.cvd on Wednesday, June 7th, 2017

this will result in a period of heavy downloading following the release, and lighter loads from smaller "daily" cvds after. We will post an estimated size in an updated post. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>

Re: [clamav-users] New Main.cvd coming

I will talk to the team internally. I was going to to push the blog post out to the mirrors list and the users list, but I had people in and out of my office yesterday and didn’t get to it. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, a

Re: [clamav-users] New Main.cvd coming

I am sure I would get violent push back if I did that. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 17, 2017, at 7:04 AM, Andreas Schulze mailto:andreas.schu...@datev.de>> wrote: Am 17.05.2017 um 11:45 schrieb Mark Allan: I spotted this

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

lamav-users-boun...@lists.clamav.net] On Behalf > Of Dennis Peterson > Sent: Tuesday, May 16, 2017 12:25 PM > To: ClamAV users ML > Subject: Re: [clamav-users] Malware/ransomware and Yara signatures with > clamav > > If not email what is the vector? > > dp > >>

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

. This is an ongoing threat. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 14, 2017, at 4:28 PM, Cedric Knight mailto:ced...@gn.apc.org>> wrote: On 14/05/17 17:42, G.W. Haywood wrote: Are clamav users protected from this ransomware? Partiall

Re: [clamav-users] Malware/ransomware and Yara signatures with clamav

ClamAV isn't only used for mail. Clamwin and Immunet client will catch this. -- Sent from my iPhone > On May 14, 2017, at 12:42, G.W. Haywood wrote: > > Hi there, > >> On Sun, 14 May 2017, Alex wrote: >> >> Are clamav users protected from this ransomware? > > To be clear about this, the c

Re: [clamav-users] Question about ClamScan

It’s not that at all. They are working on ClamAV 99.3. I’ll call their attention to the devel list. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 12, 2017, at 2:47 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 5/12/17 10:

Re: [clamav-users] LibClamAV Warning

I thought this was fixed. -- Sent from my iPhone > On May 6, 2017, at 14:01, Rudy Stebih wrote: > > I filed a bug report for this. Bug #11837 > > Cheers, > Rudy > > >> On Wed, May 3, 2017 at 1:25 PM, David Raynor wrote: >> >> Bump for visibility. I figure someone from your team should g

Re: [clamav-users] ClamAV UnOfficial Database

sigs) The hash based sigs are a method for us to automatically get sigs out right now instead of later. As we all have other things we are doing. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 4, 2017, at 5:57 PM, Benny Pedersen mailto:m...@j

Re: [clamav-users] ClamAV UnOfficial Database

3rd party signatures distributed by us, are signed. -- Sent from my iPhone > On May 4, 2017, at 08:27, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2017-05-04 14:19: >> We'd have to evaluate which feeds would be appropriate for the ClamAV >> Db. The more

Re: [clamav-users] ClamAV UnOfficial Database

We'd have to evaluate which feeds would be appropriate for the ClamAV Db. The more coverage the better, with fewest false positives. -- Sent from my iPhone > On May 4, 2017, at 08:04, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2017-05-04 13:52: >> We alr

Re: [clamav-users] ClamAV UnOfficial Database

We already distribute some third party feeds into the official database, we have a program for that which can be found on our website. We would love to incorporate Sanesecurity's feed, all they have to do is give us the okay to do it. -- Sent from my iPhone > On May 4, 2017, at 07:29, craz

Re: [clamav-users] Different results: Clamscan vs ClamWin

First thing I notice is that you are running two different versions of ClamAV. -- Sent from my iPhone > On May 2, 2017, at 20:08, Rafael Ferreira wrote: > > Can you tell us which virus you encountered? Also can you validate that the > file has the same checksum in both windows and Linux? >

Re: [clamav-users] No Signature updates for 30 hours?

Thanks all for this, it should be fixed now. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On May 1, 2017, at 9:21 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: It looks like there's a problem with the DNS text record not updating pro

Re: [clamav-users] Mirror problem

I’ve created a ticket for removal for our operations team. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 2:48 PM, Ted Hatfield mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/17 7:42 AM, Dennis Pe

Re: [clamav-users] Mirror problem

Thanks Ted. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 2:48 PM, Ted Hatfield mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/17 7:42 AM, Dennis Peterson wrote: Anyone else seeing this? Sat

Re: [clamav-users] ClamAV for EnterPrise

our false positive system, which we are continually working on. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 20, 2017, at 12:49 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Benny, Obviously Joel is in a better position to answer the

Re: [clamav-users] Another possible FP?

Are they FPs? Or just alerts? -- Sent from my iPhone > On Apr 23, 2017, at 14:17, "ad...@web-envy.com" wrote: > > I can confirm that today I did not get any of these FPs, however I am > getting a bunch of these instead. A lot of them are on older email messages > that look like normal messages

Re: [clamav-users] ClamAV for EnterPrise

Alright all — I think the conversation and arguing has gone on long enough and we’ve beat not only the topic to death, but the topics after the topic are now dead. I’ve received enough complaints at this point to call a truce. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:

Re: [clamav-users] ClamAV for EnterPrise

: Re: [clamav-users] ClamAV for EnterPrise >> >> @Joel >> >> That Sounds good but ClamAV is OpenSource.. how can we use it in >> Commercial Product ? >> >>> On 19 April 2017 at 17:07, Joel Esler (jesler) wrote: >>> >>> All -- >>&g

Re: [clamav-users] ClamAV for EnterPrise

All -- ClamAV does not have any plans on making an enterprise version or management console. We make a commercial product for that, which also uses ClamAV in its engine. I think that settles the conversation. -- Sent from my iPhone > On Apr 19, 2017, at 04:08, Reindl Harald wrote: > >

Re: [clamav-users] Sporadic signature frequency

Its an optimization to how we do deletes on the backend build. Nothing forward facing. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 17, 2017, at 2:01 PM, Rafael Ferreira mailto:r...@uvasoftware.com>> wrote: Thanks Joel, that makes sens

Re: [clamav-users] Sporadic signature frequency

, all of which require development, time, and bandwidth: 1. Make a new main.cvd and push it out (easiest fix) 2. Optimize how we do deletes But the beginning of this email is the reason. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 15, 2017, at 11

Re: [clamav-users] Identify Threat Risk Level with ClamAV

Wouldn’t all malware be a large risk? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 14, 2017, at 12:47 AM, crazy thinker mailto:crazythinke...@gmail.com>> wrote: Hi ClamAV Developers,Users I know that ClamAV is a very powerful anti-virus

Re: [clamav-users] Question about .cvd files

said in #2. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 12, 2017, at 12:13 PM, crazy thinker mailto:crazythinke...@gmail.com>> wrote: Hi ClamAV Developer, users I have below Questions on ClamAV Virus Database 1.what information bytecode.c

Re: [clamav-users] Manual cdiff update procedure

Why would freshclam not be used? -- Sent from my iPhone > On Apr 6, 2017, at 07:36, venkat swaminathan wrote: > > Thanks Allan, > Mentioned below is my current progress. > all in /tmp/clam folder > > sigtool --unpack-current=daily (Unpacked Existing CVD from /var/lib/clam) > sigtool --verify-c

Re: [clamav-users] Reporting malware/false negatives

Both of these have been marked and should ship in an upcoming CVD. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 2, 2017, at 4:44 PM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, I submitted a number of encrypted word macro viruses wit

Re: [clamav-users] False Positive of IObit product by ClamAV

This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 31, 2017, at 3:44 AM, Arnaud Jacques / SecuriteInfo.com<http://SecuriteInfo.com> mailto:webmas...@securiteinfo.com>> wrote: Received this message : -

Re: [clamav-users] Reporting malware/false negatives

I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 22, 2017, at 9:43 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, How long does it typicall

Re: [clamav-users] Reporting malware/false negatives

Inline. -- Sent from my iPhone > On Mar 21, 2017, at 20:27, Alex wrote: > > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. > > How long does it typically take for a sample to be analyzed and a > pattern

Re: [clamav-users] ClamAV for windows: GUI and chocolatey package

\ On Mar 5, 2017, at 6:01 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2017-03-05 13:42: We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. windows only imho :

Re: [clamav-users] (no subject)

These come in spurts. When we suddenly get a rash of 50-100 new people on the list for whatever reason, we get one or two of these. Part of being a member of a community. It sucks that we have these every now and again, and it can be annoying, but we just guide them to the exit and call i

Re: [clamav-users] Daily 23161 broke Clam

ng missed. -- Sent from my iPhone > On Mar 5, 2017, at 22:29, Noel Jones wrote: > >> On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote: >> The question here is, do we strive to make a package that is installable on >> more machines, (even ones that are going EOL?), or do we st

Re: [clamav-users] R: Re: R: Re: ClamAV for windows: GUI and chocolatey package

V for windows which is all except that > free > and user privacy friendly, I can take a look at immunet. > Can you tell me if immunet uses ads, adware and something similar? > > Thank you > > >> Messaggio originale >> Da: "Joel Esler (jesler)"

Re: [clamav-users] Daily 23161 broke Clam

I am still interested in people's feedback, as right now, this thread seems to be about 50/50 (in requiring pcre 7) -- Sent from my iPhone > On Mar 5, 2017, at 06:39, Ned Slider wrote: > >> On 04/03/17 22:54, Joel Esler (jesler) wrote: >> We cannot be tied to distribution

Re: [clamav-users] R: Re: ClamAV for windows: GUI and chocolatey package

We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. -- Sent from my iPhone > On Mar 5, 2017, at 05:46, "erotavlas_tu...@libero.it" > wrote: > > Hi, > whenever it is possible, I prefer to avoid using closed

Re: [clamav-users] Daily 23161 broke Clam

We cannot be tied to distribution support problems. -- Sent from my iPhone > On Mar 4, 2017, at 17:44, Benny Pedersen wrote: > > Leonardo Rodrigues skrev den 2017-03-04 23:12: >> is clamav a redhat product ?!?! I don't think so. That being said, i >> see absolutely no point at all on saying cl

Re: [clamav-users] Daily 23161 broke Clam

mply > disable pcre support in previous version of clamd that have not been upgraded? > > Thanks, > > Chris > >> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: >> A new daily with the Sig dropped. >> >> Probably what we will do to prevent this

Re: [clamav-users] Daily 23161 broke Clam

A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone > On Mar 3, 2017, at 18:08, Chris Conn wrote: > > Hello, > > I hope you don't mind my cont

Re: [clamav-users] Potentially False Positive, but I lost the file!

providing detection to others, helping others with their installs, helping with development, etc. This is a free project, so I can't offer you a refund. -- Sent from my iPhone On Jan 21, 2017, at 4:55 PM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: On 21/01/2017 18:4

Re: [clamav-users] Potentially False Positive, but I lost the file!

-- Sent from my iPhone > On Jan 21, 2017, at 11:16 AM, Alain Zidouemba > wrote: > > Antonio, > > Unfortunately, I can't find any record of us having ever published > Win.Trojan.Agent-18112140. > Could the name of the signature that caused the FP be slightly different? > > Alain > > On Sat,

Re: [clamav-users] Potentially False Positive, but I lost the file!

Groach -- Sent from my iPhone > On Jan 21, 2017, at 10:43 AM, Groach > wrote: > > I would put my house on that it was a false positive 100%. Reasons for > saying so: > > 1, It was a windows installation CD > 2, Its a file nearly 20 years old > 3, Clam signatures couldnt detect water in a

Re: [clamav-users] Submitting False Negatives

Are you using the most updated version of the tool? It should work. -- Sent from my iPhone > On Jan 11, 2017, at 11:07 AM, Tim Tepatti wrote: > > Hello, > > I recently started using ClamAV and have a small database of virus samples > on my computer. I noticed that when scanning some of these

Re: [clamav-users] Clam AV Integration with Thunderbird

What about on-access scanning ClamAV for Linux? -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 8, 2017, at 11:25 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: What you are talking about is a REALTIME protection which clam i

Re: [clamav-users] Grizzly Steppe

http://blog.talosintel.com/2017/01/grizzly-steppe.html -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 5, 2017, at 11:40 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: AMP has far more coverage than ClamAV. As the coverage can

Re: [clamav-users] Old virus databases?

I’d have to check, I am not sure we retain those. I don’t think they are available publicly anywhere either. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 5, 2017, at 1:39 PM, Michael Howard mailto:mhow...@cra.com>> wrote: Hello. The Cla

Re: [clamav-users] Grizzly Steppe

AMP has far more coverage than ClamAV. As the coverage can be generated much more quickly and without a DB to download, it happens in real time. As far as coverage for ClamAV, and Alain can correct me if I am wrong, I believe coverage has been pushed out. -- Joel Esler | Talos: Manager | jes

<    2   3   4   5   6   7   8   9   10   11   >