B0;261;0cHi there,
On Tue, 7 Feb 2012, Reynolds, David C. wrote:
I've recently installed .97.3 on an SGI Origin 3000 running TRIX
...
This is a totally Trusted Irix environment.
If it's a trusted environment, why would you put ClamAV on it?
ClamAV is certainly less than totally trustworthy.
Hi!
I'm trying to disable this signature, since it's giving my FPs for
some XLS files (yes, I already submitted it as FP today):
mail2:/var/lib/clamav# sigtool --find-sigs=BC.Exploit.CVE_2011_3412
[0001114551.cbc BYTECODE]
Ralf,
We got your FP reports and will address them today.
Thanks,
-Alain
On Tue, Feb 7, 2012 at 8:08 AM, Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
Hi!
I'm trying to disable this signature, since it's giving my FPs for
some XLS files (yes, I already submitted it as FP today):
Thanks for the quick replies. I was able to run those tests.
As to why I would install ClamAV, it is an IA requirement that we scan for
viruses on remote file transfers that go thru this system and there aren't too
many options that will run under IRIX.
--Dave Reynolds
* Alain Zidouemba azidoue...@sourcefire.com:
Ralf,
We got your FP reports and will address them today.
Thanks :) But the original question remains in case I need to
whitelist a signature.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.de
-Original message-
From: Ralf Hildebrandt ralf.hildebra...@charite.de
Sent: Wed 08-02-2012 00:16
Subject:[clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: clamav-users@lists.clamav.net;
Hi!
I'm trying to disable this signature, since it's giving my FPs for
* Bill Maidment b...@maidment.vu:
What am I doing wrong here? Running clamv 0.97.3
It's the same story here. We've had to switch off all bytecode rules in
the conf file. Not ideal.
Sound like one cannot whitelist a bytecode signature?
--
Ralf Hildebrandt Charite
On 02/07/12 15:05, Bill Maidment wrote:
-Original message-
From: Ralf Hildebrandtralf.hildebra...@charite.de
Sent: Wed 08-02-2012 00:16
Subject:[clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: clamav-users@lists.clamav.net;
Hi!
I'm trying to disable this
* Lyle Giese l...@lcrcomputer.net:
The format of local.ign is not very inituitive, IMHO.
It's local.ign2 according to the docs.
Creating signatures for ClamAV
http://www.clamav.net/doc/latest/signatures.pdf
3.8 Whitelist databases
To whitelist a specific signature from the database you just
On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
Have you tried that for a bytecode signature?
sigtool --find-sigs=BC.Exploit.CVE_2011_3412
doesn't emit a line number. Fields are not seperated with : but with ;
The bytecode loader indeed seems to ignore
On 02/07/12 16:07, Ralf Hildebrandt wrote:
* Lyle Giesel...@lcrcomputer.net:
The format of local.ign is not very inituitive, IMHO.
It's local.ign2 according to the docs.
Creating signatures for ClamAV
http://www.clamav.net/doc/latest/signatures.pdf
3.8 Whitelist databases
To whitelist a
On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm tk...@clamav.net wrote:
On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
Have you tried that for a bytecode signature?
sigtool --find-sigs=BC.Exploit.CVE_2011_3412
doesn't emit a line number. Fields are not
On 2012-2-7 18:27 , Reynolds, David C. wrote:
Thanks for the quick replies. I was able to run those tests.
As to why I would install ClamAV, it is an IA requirement that we scan for
viruses on remote file transfers that go thru this system and there aren't
too many options that will run
* Jan-Pieter Cornet joh...@xs4all.nl:
I haven't got any experience with IRIX, but I do wonder: why are you
using tits for testing purposes? That seems inappropriate.
No, he's using un-tits. Everything but tits. E.g. a canary would be an
un-tit. Like an undead is anything but dead.
PS ;-)
-Original message-
From: Tomasz Kojm tk...@clamav.net
Sent: Wed 08-02-2012 09:29
Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: clamav-users@lists.clamav.net;
On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm tk...@clamav.net wrote:
On Tue, 7 Feb
-Original message-
From: Bill Maidment b...@maidment.vu
Sent: Wed 08-02-2012 09:53
Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: clamav-users@lists.clamav.net;
-Original message-
From: Tomasz Kojm tk...@clamav.net
Sent: Wed 08-02-2012
16 matches
Mail list logo