Re: [clamav-users] False positive for sure

That's a PUA alert. That's not on by default. -- Joel Esler Sent from my iPhone > On Sep 3, 2014, at 6:40, "Gene Heskett" wrote: > > Greetings; > > This report from last nights clamscan is absolutely a false positive: > /home/gene/Downloads/Download/DriveWire4_linux_i386.tar.gz: > PUA.Mis

[clamav-users] ClamAV®: The new ClamAV.net is here!

http://blog.clamav.net/2014/08/the-new-clamavnet-is-here.html For the past several months we've been working diligently on a complete refresh of several Open Source websites, designs and logos. The first website we rolled out a refresh of was Snort.org back in June. At the s

Re: [clamav-users] false positive sample

On Aug 25, 2014, at 12:56 PM, G.W. Haywood mailto:cla...@jubileegroup.co.uk>> wrote: Hi there, On Mon, 25 Aug 2014, it was difficult to figure out who wrote: Good thing I only use Linux now, where the effectiveness of antivirus software isn't too important. I just wish ClamAV developers were mo

Re: [clamav-users] false positive sample

On Aug 22, 2014, at 6:44 PM, Daniel Quintiliani mailto:d...@runbox.com>> wrote: On Fri, 22 Aug 2014 18:26:37 -0400, Dan McDaniel mailto:d...@dm3.us>> wrote: I submitted a false positive awhile ago -- probably back in May. It hasn't been fixed yet. Should I submit it again? Also, on the web for

Re: [clamav-users] false positive sample

On Aug 22, 2014, at 8:24 PM, Dan McDaniel mailto:d...@dm3.us>> wrote: On Fri 22.Aug.14 15:36, Al Varnell wrote: On Aug 22, 2014, at 3:26 PM, Dan McDaniel mailto:d...@dm3.us>> wrote: I submitted a false positive awhile ago -- probably back in May. It hasn't been fixed yet. Should I submit it agai

[clamav-users] ClamAV®: ClamAV 0.96 Engine End of Life Announcement

> http://blog.clamav.net/2014/07/clamav-096-engine-end-of-life.html > > ClamAV 0.96 Engine End of Life Announcement > > ClamAV Community, > > This notice is to inform you that effective immediately ClamAV 0.96 (and all > minor versions) is no longer supported in accordance with ClamAV's EOL po

[clamav-users] ClamAV®: Compiling OpenSSL For Windows

Compiling OpenSSL For Windows In order to support more advanced features planned in future releases, ClamAV has switched to using OpenSSL for hashing. The ClamAV Visual Studio project included with ClamAV's source code requires the OpenSSL distributables to be placed in a specific directory. T

[clamav-users] ClamAV®: ClamAV 0.98.5 beta has been posted!

ClamAV 0.98.5 beta has been posted! The ClamAV team is proud to announce the availability of ClamAV 0.98.5 beta ready for testing! http://blog.clamav.net/2014/07/clamav-0985-beta-has-been-posted.html -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team ___

Re: [clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29

> On Jul 8, 2014, at 5:11, "DUCARROZ Birgit" wrote: > > Platform: You mean the platform where clamav is installed, not the platform > the virus is for, just? Yes. The platform where ClamAV is. > What do you mean I must attach with "raw message"? The output of the > virus-scan? Or the file

Re: [clamav-users] Reporting false positives fails

Thank you for brining it to our attention Michael, I’ll take a look. On Jun 27, 2014, at 1:49 PM, Michael Graham wrote: > I think google is linking to an old version of the page. > > I googled "clamav report" and clicked the top link: > http://cgi.clamav.net/sendvirus.cgi > > But if I got to t

Re: [clamav-users] Bad detection rate

On Jun 25, 2014, at 4:23 AM, Walter Bürger wrote: > bestellung_9AF6AAE4.exe > (MD5 186a1745b54467fa168309da93960df4) > 18 out of 54 scanners detected a trojan > (F-Secure named it Trojan.Injector.AWD) > but ClamAV did not detect it. > > I submitted both files to > http://www.clamav.net/lang/en/s

Re: [clamav-users] Malformed database?

On Jun 25, 2014, at 7:15 AM, Paul Smith mailto:p...@pscs.co.uk>> wrote: Oh? The FAQ says that the latest two major versions (0.97 and 0.98 ?) are tested against the DB, so it should work as far as I can see. You’re right. I’m sorry. My brain must have transposed “0.97.2” to “0.92.7” ___

Re: [clamav-users] Malformed database?

> On Jun 25, 2014, at 5:22, "Steve Basford" > wrote: > > >> On Wed, June 25, 2014 9:57 am, Paul Smith wrote: >> Using ClamAV 0.97.2, since yesterday's update Freshclam gives this when >> trying to download a fresh database: > > Hi Paul, > > Much newer binaries here (0.98.4), does it work ok

Re: [clamav-users] Bad detection rate

> On Jun 25, 2014, at 0:17, "Al Varnell" wrote: > > The signature team has always been overwhelmed by the number of new samples > it receives every day and even though the team is bigger today, so is the > input. Right. We have several people working on malware full time. But we receive well

Re: [clamav-users] Bad detection rate

On Jun 25, 2014, at 2:34, "Al Varnell" wrote: >> Tue, Jun 24, 2014 at 10:40 PM, Dennis Peterson wrote: >> >> It wouldn't hurt to have a youtube video that shows admins how to generate >> simple day 0 check sum sigs that they can deploy locally while waiting for a >> Cisco/SourceFire signature

Re: [clamav-users] Bad detection rate

> On Jun 25, 2014, at 1:40, "Dennis Peterson" wrote: > >> On 6/24/14, 9:16 PM, Al Varnell wrote: >> That’s certainly a valid question and deserves a ClamAV® answer, but I’ll >> throw this comment out. >> >> The signature team has always been overwhelmed by the number of new samples >> it rece

Re: [clamav-users] Bad detection rate

On Jun 24, 2014, at 11:01 AM, Bowie Bailey mailto:bowie_bai...@buc.com>> wrote: On 6/24/2014 9:53 AM, Walter Bürger wrote: Hi dear ClamAV team, I submitted the same file as yesterday to virustotal.com: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 a

Re: [clamav-users] Bad detection rate

Always, as a reminder, we have the ClamAV Community sigs list, which anyone in the world can submit signatures to us, which we’ll put through the system and they’ll go out in the official list. http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html -- Joel Esler Open Source

Re: [clamav-users] FN with unknown virus attachment

Thanks Alex, We'll have a look. -- Joel Esler Sent from my iPhone > On Jun 21, 2014, at 9:00, "Alex" wrote: > > Hi, > I'm using clamav-0.98.4 on fedora20 with the sanesecurity and safebrowsing > sigs and still seeing an unknown virus pass through our systems. I've > submitted it to the clama

[clamav-users] ClamAV®: ClamAV 0.98.4 has been released!

http://blog.clamav.net/2014/06/clamav-0984-has-been-released.html ClamAV 0.98.4 has been released! The ClamAV team is pleased to announce the release of ClamAV 0.98.4! Below are the release notes for 0.98.4: 0.98.4 -- ClamAV 0.98.4 is a bug fix release. The following issues are now reso

Re: [clamav-users] Bitcoin : Chainstate : Virii [SEC=UNOFFICIAL]

From: clamav-users-boun...@lists.clamav.net > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Joel Esler > (jesler) > Sent: Wednesday, 11 June 2014 8:52 AM > To: ClamAV users ML > Subject: Re: [clamav-users] Bitcoin : Chainstate : Virii > > Thanks Ellan. &g

Re: [clamav-users] Bitcoin : Chainstate : Virii

Thanks Ellan. What is your question here? -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Jun 10, 2014, at 10:49 AM, ellanios82 mailto:ellanio...@gmail.com>> wrote: Hello List i notice link : https://bitcointalk.org/index.php?topic=574691.0 .

Re: [clamav-users] ClamAv updates not being published properly?

Thanks all. We'll take a look! -- Joel Esler Sent from my iPhone > On May 28, 2014, at 6:34, "Jim Popovitch" wrote: > > On Wed, May 28, 2014 at 4:39 AM, Randal, Phil > wrote: >> Oops, left off the latest version of patterns - 19041, allegedly, yet we're >> stuck on 19037. > > Same here. DNS

Re: [clamav-users] Version 0.98.3 fails on Solaris

On May 13, 2014, at 4:24 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: On Tue, May 13, 2014 at 01:04 AM, James Lee wrote: (Please don't top post.) Please leave moderation functions to the moderators. There could possibly be a rule preventing it, but I’m unaware of any and there are example

[clamav-users] ClamAV®: ClamAV 0.98.4rc1 is now available!

http://blog.clamav.net/2014/05/clamav-0984rc1-is-now-available.html ClamAV 0.98.4rc1 is now available for download. Shown below are the notes concerning this release: 0.98.4rc1 -- ClamAV 0.98.4 is a bug fix release. The following issues are now resolved: - Various build problems on Solar

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

On May 12, 2014, at 3:08 PM, Gary mailto:o...@ibsltd.ca>> wrote: I have been using ClamAV for years and never had any issues!! Oh well... - a good run indeed. Mac OSX 10.5.8 You realize that Apple’s support for that OS ended, probably 4 years ago? -- Joel Esler Open Source Manager Threat Intel

Re: [clamav-users] Support question.

On May 12, 2014, at 2:57 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: On Mon, May 12, 2014 at 11:41 AM, J MCN wrote: Hello, I am writing with a question about the EOL policy here: https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-eol.md I have a few 0.97.7 instances still out ther

Re: [clamav-users] Version 0.98.3 fails on Solaris

On May 8, 2014, at 12:50 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 5/8/14, 9:00 AM, Dennis Peterson wrote: On 5/8/14, 8:23 AM, Shawn Webb wrote: Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed p

Re: [clamav-users] Version 0.98.3 fails on Solaris

On May 8, 2014, at 12:00 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 5/8/14, 8:23 AM, Shawn Webb wrote: Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on big-endian machines

Re: [clamav-users] Clamav is not finding any viruses

We exchange samples with many groups, companies, and people. Bringing in over 650,000 unique samples a day. Which highlights the "understaffed" issue. -- Joel Esler Sent from my iPhone > On May 9, 2014, at 4:59, "Al Varnell" wrote: > > Thorvald, > > Just another user here, but I don’t und

[clamav-users] ClamAV®: ClamAV 0.98.3 has been released!

http://blog.clamav.net/2014/05/clamav-0983-has-been-released.html ClamAV 0.98.3 has been released, and is available here: http://sourceforge.net/projects/clamav/files/clamav/0.98.3/, below are the highlighted changes and fixes from this release! 0.98.3 -- Here are the new features and im

[clamav-users] ClamAV 0.98.2

ClamAV Community, As some of you may have noticed, ClamAV 0.98.2 has been pulled down from the site temporarily due to unforeseen issues. More news will be forthcoming and it should be fixed soon. Thanks for your patience in the meantime. -- Joel Esler Open Source Manager Threat Intelligence

[clamav-users] ClamAV®: ClamAV 0.98.2 has been released!

http://blog.clamav.net/2014/05/clamav-0982-has-been-released.html ClamAV 0.98.2 has been released! ClamAV 0.98.2 has been released, and is available here: http://sourceforge.net/projects/clamav/files/clamav/0.98.2/, below are the highlighted changes and fixes from this release! 0.98.2 --

[clamav-users] ClamAV®: ClamXAv in the top ten free Apps in the Mac OSX App Store!

http://blog.clamav.net/2014/04/clamxav-in-top-ten-free-apps-in-mac-osx.html ClamXAv in the top ten free Apps in the Mac OSX App Store! Congratulations to Mark Allan, developer of the ClamXav project (the OSX GUI front-end to ClamAV) for making the top ten list in the fr

Re: [clamav-users] git repository

On Apr 11, 2014, at 3:14 AM, Steve Basford mailto:steveb_cla...@sanesecurity.com>> wrote: Dear all, I the past - before the latest takeover - I used the git repository to keep track of updates and/or other changes. I notice that since the latest takeover the git repository only is used when a n

Re: [clamav-users] Mass sample submission

Bohdan, I'd be glad to set you up with a submission method. I'll email you separately offlist. -- Joel Esler Sent from my iPhone > On Apr 5, 2014, at 5:53, "Bohdan Turkynewych" wrote: > > Hi everyone, > > I have up to several thousand already detected malware samples each day > that are not

[clamav-users] ClamAV®: ClamAV 0.95 Engine End of Life Announcement

http://blog.clamav.net/2014/03/clamav-095-engine-end-of-life.html ClamAV 0.95 Engine End of Life Announcement ClamAV Community, This notice is to inform you that effective immediately ClamAV 0.95 (and all minor versions) is no longer supported in accordance with ClamAV's EOL policy which can b

[clamav-users] Snort.org Blog: Open Source Community Webinar

http://blog.snort.org/2014/03/open-source-community-webinar.html Open Source Community Webinar Open Source community, First off, we’d like to thank everyone for their continued use of our projects and products here at Sourcefire, now a part of Cisco. We love making great software, and we lo

Re: [clamav-users] as unsubscribe from list ?

http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Bottom of the page. -- Joel Esler | Threat Intelligence Team Lead | Open Source Manager | Vulnerability Research Team On Mar 3, 2014, at 9:06 AM, Erwin Castillo wrote: thanks ___ Help us

Re: [clamav-users] Introducing OpenSSL as a dependency to ClamAV

On Feb 28, 2014, at 7:34 AM, Shawn Webb mailto:sw...@sourcefire.com>> wrote: On Fri, Feb 28, 2014 at 10:27 AM, Mark Allan mailto:markjal...@blueyonder.co.uk>>wrote: As this is first time ClamAV has had an external dependency, would it be worth making it an opt-out configure option for people wh

[clamav-users] Introducing OpenSSL as a dependency to ClamAV

On Friday last week I put a blog post up about introducing OpenSSL into the ClamAV ecosystem. I wanted to make sure everyone saw it, so please have a look at the blog post here: http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html -- Joel Esler | Threat Intelligence Team Le

Re: [clamav-users] [Clamav-announce] ClamAV®: ClamAV Mailing List Maintenance, Monday, February 10th, 2014

On Feb 6, 2014, at 8:19 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 2/6/14, 3:12:09PM, Joel Esler (jesler) wrote: http://blog.clamav.net/2014/02/clamav-mailing-list-maintenance-monday.html ClamAV Mailing List Maintenance, Monday, February 10th, 2014 This notice is f

[clamav-users] ClamAV®: ClamAV Mailing List Maintenance, Monday, February 10th, 2014

http://blog.clamav.net/2014/02/clamav-mailing-list-maintenance-monday.html ClamAV Mailing List Maintenance, Monday, February 10th, 2014 This notice is for the members of the ClamAV mailing lists found here: http://lists.clamav.net/mailman/listinfo/clamav-users On Monday, February 10th, 2014 s

Re: [clamav-users] request for feature

On Feb 2, 2014, at 9:39 AM, Gene Heskett mailto:ghesk...@wdtv.com>> wrote: On Sunday 02 February 2014 09:37:59 Joel Esler (jesler) did opine: Because these are two separate systems. In two different parts of the network. We haven't consolidated everything that we took over when t

Re: [clamav-users] request for feature

Because these are two separate systems. In two different parts of the network. We haven't consolidated everything that we took over when the original clam team left yet. -- Joel Esler Sent from my iPhone > On Jan 31, 2014, at 14:59, "Gene Heskett" wrote: > > On Friday 31 January 2014 14:5

[clamav-users] Vote for ClamAV as the Sourceforge Project of the Month!

Sourceforge has fired up their monthly "Project of the Month" process again, and they were kind enough to choose ClamAV for this months vote! You can read more about the process on their blog post here: https://sourceforge.net/blog/revival-of-weekly-featured-projects-and-project-of-the-month-vot

Re: [clamav-users] Virus update notices from month's ago.

Rick, That was me. There were a bunch stuck in the queue, and I cleared it out. Sorry about that. On Jan 15, 2014, at 1:31 PM, Rick Macdougall wrote: > Hi, > > I'm getting all sorts of virus update notifications that are months old and > huge in size. > > Headers for one at http://pasteb

Re: [clamav-users] ClamAV v0.98.1

Thanks Steve. I was having an email issue yesterday and my announcement email was stuck in the queue. -- Joel Esler Intelligence Lead Open Source Manager Vulnerability Research Team On Jan 15, 2014, at 8:07 AM, Steve Basford mailto:steveb_cla...@sanesecurity.com>> wrote: Looks like 0.98.1 is

Re: [clamav-users] Debian packaging

> On Dec 17, 2013, at 5:28, "Simon Hobson" wrote: > > Well since no-one's come back with something like "the package maintainer's > gone AWOL" or similar, I'll keep bumping that bug ticket. Does seem strange, > I don't recall such a long delay in the past. > Updating from source isn't really a

Re: [clamav-users] 0.98-exp / LibClamAV Warning

> On Dec 23, 2013, at 11:23, "gin(e)" wrote: > > But why "file" programm doesn't say that? I have pasted the output for > that reason. File only looks at certain parts of a file to determine the type of file. For flash it only has to look at the first three characters of the file. _

Re: [clamav-users] some questions about malware statistics

> On Dec 23, 2013, at 10:58, "黄海涛" wrote: > > 1.http://www.clamav.net/rss/clamsigs-top10.rss, what's statistical duration? > one month? Not sure. This was left over from the old ClamAV team and we haven't redone it yet. Yes, we have plans to. > 2.can I get all rankings but not top 10. >

Re: [clamav-users] lost

What is this “daily interruption of Console” that you are referring to? Can you give us a screenshot or something so we can reference? Also, ClamXav is probably one of the best GUI clients for ClamAV that I’ve seen so far. -- Joel Esler Intelligence Lead Open Source Manager Vulnerability Resea

Re: [clamav-users] False Positive not being corrected

On Dec 11, 2013, at 6:12 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: On Wed, Dec 11, 2013 at 02:19 AM, Andrew Carter wrote: I have submitted a file several times (email and Excel attachment) to be corrected at http://www.clamav.net/lang/en/sendvirus/submit-fp/ however this is still being m

<    5   6   7   8   9   10