[clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker

2021-04-17 Thread Pedro Guedes via clamav-users
Hi guys What does Heuristics.Broken.Media.JPEG.JFIFdupAppMarker mean? Thanks Pedro ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://

Re: [clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker

2021-04-17 Thread G.W. Haywood via clamav-users
Hi there, On Sat, 17 Apr 2021, Pedro Guedes via clamav-users wrote: What does Heuristics.Broken.Media.JPEG.JFIFdupAppMarker mean? It means that libclamav found something questionable in data which it identified as of type JPEG. It's only reported by clamd if an option in the configuration is

Re: [clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker

2021-04-17 Thread Pedro Guedes via clamav-users
Hi Thanks for the answer. Yes, I did already look at the C code as something to do with jpeg format. So JFIFdupAppMarker is an attention to something being wrong? And yes I have AlertBrokenMedia yes in clamd.conf Well, I keep looking. I have ClamAV as a milter in sendmail.cf so this jpeg was in em

Re: [clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker

2021-04-17 Thread G.W. Haywood via clamav-users
Hi there, On Sat, 17 Apr 2021, Pedro Guedes via clamav-users wrote: G.W. Haywood via clamav-users ... sábado, 17/04/2021 ... On Sat, 17 Apr 2021, Pedro Guedes via clamav-users wrote: What does Heuristics.Broken.Media.JPEG.JFIFdupAppMarker mean? It means that libclamav found something questi

Re: [clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker

2021-04-17 Thread Pedro Guedes via clamav-users
Hi again. Well, the source ... .. you known users most of the time have no idea what are doing. Seems a usual correspondent but, who knows. Since mail is responsible for 99% of malware and dirt and because users hate security, bad for day to day work the only solution is using clamav-milter white

Re: [clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker

2021-04-17 Thread Pedro Guedes via clamav-users
Hi again. Well, the source ... .. you known users most of the time have no idea what are doing. Seems a usual correspondent but, who knows. Since mail is responsible for 99% of malware and dirt and because users hate security, bad for day to day work the only solution is using clamav-milter white

Re: [clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker

2021-04-17 Thread Paul Kosinski via clamav-users
It's worse than that. Not only do almost all users ignore security (as do many organizations), it seems that every new piece or version of software or hardware *reduces* security. And this applies to some new protocols (remember WiFi's WEP debacle?) and some extensions to or uses of existing one

Re: [clamav-users] ClamAV MD5 sum based whitelists (*.fp) don’t work in Ubuntu MATE 20.04.2

2021-04-17 Thread Richard Graham via clamav-users
Very curious! It seems to work as expected on my Fedora 32 system. If you run clamscan with the --debug option, you can see it load the ".fp" files (all lots and lots of other stuff too!). *$ clamscan --versionClamAV 0.103.2/26143/Sat Apr 17 13:06:39 2021* *$ cat /var/lib/clamav/xmr-stak-li

[clamav-users] Help, we are still seeing issues

2021-04-17 Thread Joel Esler (jesler) via clamav-users
Please take a few moments to check your ClamAV freshclam installations. Are you removing your mirrors.dat file after every run of Freshclam or cvdupdate? We are seeing a few IPs, who have upgraded to 103.2 still downloading the entire daily.cvd and main.cvd every update. I am thinking this is

Re: [clamav-users] Help, we are still seeing issues

2021-04-17 Thread Robert M. Stockmann via clamav-users
On Sat, 17 Apr 2021, Joel Esler (jesler) via clamav-users wrote: > Date: Sat, 17 Apr 2021 18:58:04 + > From: "Joel Esler (jesler) via clamav-users" > > To: "Joel Esler (jesler) via clamav-users" > Cc: "Joel Esler (jesler)" > Subject: [clamav-users] Help, we are still seeing issues > >

Re: [clamav-users] ClamAV MD5 sum based whitelists (*.fp) don’t work in Ubuntu MATE 20.04.2

2021-04-17 Thread Richard Graham via clamav-users
Oops, my first email text formatting may have destroyed the contents. Here's another try. On Sat, Apr 17, 2021 at 8:55 PM Richard Graham wrote: > > > > Very curious! It seems to work as expected on my Fedora 32 system. If > you run clamscan with the --debug option, you can see it load the ".fp"

Re: [clamav-users] Help, we are still seeing issues

2021-04-17 Thread G.W. Haywood via clamav-users
Hi there, On Sat, 17 Apr 2021, Robert M. Stockmann via clamav-users wrote: ... one would expect the daily.cvd to be the smallest file ... Nope. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mai