Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

The new database was just made available, so I recommend you hold off until you have the new mail.cvd v57 and daily.cvd v21466 before getting too excited about this. -Al- On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote: > > As of the latest daily update, running ClamAV against the

Re: [clamav-users] freshclam error

This is a wild guess, but try to configure ClamAV with --enable-llvm=no. Otherwise, open a bug at bugzilla.clamav.net. Steve ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

[clamav-users] URL Links

I just did a fresh install of ClamAV on a FreeBSD machine. While configuring the program,I found that the following URLs were broken: http://www.clamav.net/download/cvd/3rdparty http://www.stats.clamav.net -- Jerry ___ Help us build a comprehensive Cla

Re: [clamav-users] [SPAM] javascript ZIP virus not caught?

Hello, try to use these signatures http://sanesecurity.com/foxhole-databases/ Jan Dne 15.3.2016 v 04:03 Scott Galambos napsal(a): I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it still is not catching all these ZIP files with .js files inside them. Is clamav suppose to stop

Re: [clamav-users] no new signatures

On Fri, 18 Mar 2016 14:45:49 +0100 polloxx wrote: > Dear, > > Since the migration we have no new signatures: > freshclam.log shows: > > Fri Mar 18 14:34:15 2016 -> -- > Fri Mar 18 14:34:15 2016 -> ClamAV update process started at Fri Mar 18 > 14:34:15 2016 > Fr

Re: [clamav-users] freshclam error

I'm thinking this is the same problem as https://bugzilla.clamav.net/show_bug.cgi?id=11309 . You'll find a few other ./configure options there. Steve ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clama

Re: [clamav-users] Problem with mirrors overnight?

Hi, On Thu, Mar 17, 2016 at 12:49:11PM +, Joel Esler (jesler) wrote: > It's possible they are overloaded. We released a new main.cvd and daily late > last night. But why are always the same 3 of 13 german mirrors are probed from freshclam? All of them are failing since last night on all of

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Does anyone that's chimed in work on the signatures team? -J On Thu, Mar 17, 2016 at 10:31 AM, Al Varnell wrote: > There have not been any additional updates released yet, so nothing could > have changed. > > -Al- > > On Thu, Mar 17, 2016 at 10:25 AM, Jason Williams wrote: > > > > Is anyone sti

[clamav-users] virus submission email acknowledgement

Hi, I used to receive an email acknowledging my submission of a virus file to clamav.net. For the past 3 days I have submitted new virus files, but not received any email confirmation. Is this new policy, or a symptom of a system that is overwhelmed? ___

Re: [clamav-users] ClamAV(R) blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

Still no updates? On Thu, Mar 17, 2016 at 4:24 AM, Joel Esler (jesler) wrote: > > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.htm< > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html?m=1 > >l > > ClamAV Signature Interface maintenance is now com

Re: [clamav-users] URL Links

On Thu, 17 Mar 2016 11:10:32 +, Joel Esler (jesler) stated: > Where are those? We need to remove them. In the "freshclam.conf" file. -- Jerry ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clama

Re: [clamav-users] [Community-sigs] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

Thank you, and you're right. This project has been close to two years in the making. As far as the name of the cvd's, I don't believe the names are changing. -- Joel Esler iPhone On Mar 16, 2016, at 11:58 PM, Rafael Ferreira mailto:r...@uvasoftware.com>> wrote: Joel, First congrats to you a

Re: [clamav-users] no new signatures

Thanks for the answers folks. One last question: will the new databases still work on version 0.98.1? On Fri, Mar 18, 2016 at 4:01 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > > On Fri, March 18, 2016 2:05 pm, Helmut Hullen wrote: > > Hallo, polloxx, > > > > > > Du meintest am 18.

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

No. I'm sure they are trying to recover from this week's activities and rarely have time to follow this list anyway. It would likely be Alain Zidouemba the sig team lead. To get feedback on FP's you would need to subscribe to the clamav-virusdb list and it often takes weeks under normal circum

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Well, so? ClamAV Community Threat Tracking System is down? The answer is yes or no? 20.03.16 2:24, Dennis Peterson ?: > My proxy had stale cache data as shown in the last post and that is why I was > seeing what appeared to be an active sit

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

It no longer exists by design but the IP is still on an active system just to confuse things. dp On 3/19/16 1:27 PM, Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Well, so? ClamAV Community Threat Tracking System is down? The answer is yes or no? 20.03.16 2:24, Denn

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

sigtool --unpack=main.cvd rm -f main.cvd grep EICAR main.* main.hdb:44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1 main.hsb:275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f:68:Win.Test.EICAR_HSB-1 main.mdb:45056:3ea7d00dedd30bcdf46191358c36ffa4:Win.Test.EICAR_MDB-1 main

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

My proxy had stale cache data as shown in the last post and that is why I was seeing what appeared to be an active site. I should have explained better in that post rather than assume everyone knows what squid logs show us. The stats site web server is down but clamav.net DNS is providing the IP

Re: [clamav-users] clamav on virus total

Those are unique. -- Joel Esler iPhone On Mar 17, 2016, at 4:41 PM, C.D. Cochrane mailto:c...@post.com>> wrote: Thank you all for the replies. Just wanted to make sure my approach was logical, and VT is a reliable reference point for clamav comparison scanning. "millions of samples" received

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Are you really sure this host is works? root @ cthulhu / # dig www.stats.clamav.net ; <<>> DiG 9.6-ESV-R11-P4 <<>> www.stats.clamav.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37863 ;; flags: qr

[clamav-users] FYI clamdmon not working - due to change in Eicar name

Hi all, I use the clamdmon utility for monitoring the health of my clamd daemon. Since receiving the new main, daily, and bytecode this evening my clamdmon is no longer working. I found the source code for clamdmon which shows the issue. The code is looking for a "Eicar-Test-Signature" strin

Re: [clamav-users] Where do I send the latest zip with a ransomware viri in it?

On Wednesday 16 March 2016 18:43:04 James Brown wrote: > http://www.clamav.net/reports/malware Site will not take it, shows the crossout cursor, red circle with slashbar when I move the mouse to the submit button. Let me know on the list when it works.. > > Also email it to samp...@sanesecurit

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Is anyone still seeing this or have they fixed it? -J Sent via iPhone > On Mar 17, 2016, at 02:44, Mark Allan wrote: > > Just to confirm, I'm also seeing everything being flagged as > Win.Trojan.Trojan-476 with the new main/daily.cvd files. > > Mark > >> On 17 Mar 2016, at 6:49 am, Al Varne

Re: [clamav-users] Problem with mirrors overnight?

It's possible they are overloaded. We released a new main.cvd and daily late last night. -- Joel Esler iPhone On Mar 17, 2016, at 8:41 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, Is there currently an issue with the mirrors? I have at least two systems on two different networks that a

[clamav-users] no new signatures

Dear, Since the migration we have no new signatures: freshclam.log shows: Fri Mar 18 14:34:15 2016 -> -- Fri Mar 18 14:34:15 2016 -> ClamAV update process started at Fri Mar 18 14:34:15 2016 Fri Mar 18 14:34:15 2016 -> WARNING: Your ClamAV installation is OUTDA

Re: [clamav-users] clamav on virus total

My impression has always been yes, but you would probably have to ask VT about that. Sent from Janet's iPad -Al- On Mar 17, 2016, at 1:05 PM, "C.D. Cochrane" wrote: > Hi, > Over the last 2 months of use I have collected and submitted 20+ virus > attachments to clamav. I always check the files

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

That's the way it used to be. Used to have openid as a log in option. -- Joel Esler iPhone On Mar 19, 2016, at 10:52 AM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: The DNS configuration for www.stats.clamav.net are suspect. I just looked at the squid logs

[clamav-users] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html ClamAV Signature Interface maintenance is now complete! New Main.cvd! Our ClamAV Signature Interface maintenance is now complete. While we ap

Re: [clamav-users] clamscan false positives

Best thing to do is submit them as false positives on ClamAV.net -- Joel Esler iPhone On Mar 17, 2016, at 6:54 AM, Thomas Stein mailto:himbe...@meine-oma.de>> wrote: Hello Clamav users. Last week i started to check a gentoo distfiles directory with clamscan. To my big surpr

Re: [clamav-users] clamav on virus total

Yes. They update constantly. We just aren't able to get to the millions of samples we receive a day. -- Joel Esler iPhone On Mar 17, 2016, at 4:04 PM, Helmut Hullen mailto:hul...@t-online.de>> wrote: Hallo, C.D., Du meintest am 17.03.16: My only question: Is clamav on virustotal kept up to

Re: [clamav-users] clamscan false positives

Am 17.03.16 um 12:01 schrieb Joel Esler (jesler): > Best thing to do is submit them as false positives on > ClamAV.net Thanks for the tipp. Will do so. cheers t. > -- > Joel Esler > iPhone > > On Mar 17, 2016, at 6:54 AM, Thomas Stein > mailto:himbe...@meine-oma.de>> wrote:

Re: [clamav-users] no new signatures

Hallo, polloxx, Du meintest am 18.03.16: > Fri Mar 18 14:34:15 2016 -> ClamAV update process started at Fri Mar > 18 14:34:15 2016 > Fri Mar 18 14:34:15 2016 -> WARNING: Your ClamAV installation is > OUTDATED! So what - updated or not updated? Viele Gruesse! Helmut ___

Re: [clamav-users] no new signatures

On 18 March 2016 13:46:42 polloxx wrote: Dear, Since the migration we have no new >signatures: It's not your config, it's just that sig updates were put on hold on Friday. I would think it's wise to have hold off updates until the team know all went well with the sig changes and until th

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

The DNS configuration for www.stats.clamav.net are suspect. I just looked at the squid logs and see this: 1458401557.097598 TCP_CLIENT_REFRESH_MISS/503 890 GET http://www.stats.clamav.net/ - DIRECT/188.40.140.240 text/html 1458401566.520599 TCP_REFRESH_HIT/200 1431 GET http://www.sta

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Disregard, I found it here after they got the new main.cvd:

[clamav-users] DIgest mode not working

I have long had a subscription to the ClamAV users mailing list in "digest" mode, but starting about 3 Feb 2016, I no longer got any postings. Thinking that something had gone wrong with the list server, I unsubscribed, got an emailed notice, created a new email address (this one) and resubscribed

[clamav-users] Where do I send the latest zip with a ransomware viri in it?

Greetings all; I got a zip this morning, addressed to me from me. Dropped on virustotal, show 9 hits from other viri detectors. Opening this will ruin your day. Its ransomware. I'm now nuking that real source address on the mail server. No clue if that will help, but when a class D attacks

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://i.imgur.com/1IujS9w.png http://i.imgur.com/dWI5TZx.png There is no matter. You really sure this URL works now? 19.03.16 21:19, Dennis Peterson ?: > The png file shows you're using the wrong URL. http://www.stats.clamav.net > > dp > >

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

The png file shows you're using the wrong URL. http://www.stats.clamav.net dp On 3/19/16 8:12 AM, Yuri Voinov wrote: ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

Yes - I just looked a short time ago. Is that (stats) site still not working for you? It does respond here. dp On 3/19/16 8:09 AM, Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 BTW, freshclam.conf.sample still contains old info abot this service. You know that? 19.03

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://i.imgur.com/HOLS7Qk.png 19.03.16 21:11, Dennis Peterson ?: > Yes - I just looked a short time ago. Is that (stats) site still not working > for you? It does respond here. > > dp > > On 3/19/16 8:09 AM, Yuri Voinov wrote: > freshclam.co

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 BTW, freshclam.conf.sample still contains old info abot this service. You know that? 19.03.16 20:37, Dennis Peterson ?: > A reference to it is in legacy freshclam.conf files. Some people don't update > the conf files during RPM updates so th

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://i.imgur.com/msYVACr.png 19.03.16 21:11, Dennis Peterson ?: > Yes - I just looked a short time ago. Is that (stats) site still not working > for you? It does respond here. > > dp > > On 3/19/16 8:09 AM, Yuri Voinov wrote: > freshclam.co

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wow. :) But what is RPM you said? 19.03.16 20:37, Dennis Peterson ?: > A reference to it is in legacy freshclam.conf files. Some people don't update > the conf files during RPM updates so that information lingers forever. > > dp > > On 3/18/

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

A reference to it is in legacy freshclam.conf files. Some people don't update the conf files during RPM updates so that information lingers forever. dp On 3/18/16 6:41 PM, Joel Esler (jesler) wrote: Afaik, this hasn't been up in a long time. We took it down, I thought, when we redid the webs

[clamav-users] Signature updates?`

Am I right that there have been no new signatures available in the past 5 days (60 hours)? Paul Kosinski ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with mirrors overnight?

* Matthias Hank : > Hi, > > On Thu, Mar 17, 2016 at 12:49:11PM +, Joel Esler (jesler) wrote: > > It's possible they are overloaded. We released a new main.cvd and daily > > late last night. > > But why are always the same 3 of 13 german mirrors are probed from freshclam? > All of them are f

Re: [clamav-users] Why does this happen?

On 2016-03-16 23:04, Steven Morgan wrote: server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf testfile.pdf /temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND Why? How do I stop this? is clamconf saying this clamd.conf is default config ? is there diff results from using clamsca

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

There have not been any additional updates released yet, so nothing could have changed. -Al- On Thu, Mar 17, 2016 at 10:25 AM, Jason Williams wrote: > > Is anyone still seeing this or have they fixed it? > > -J > > Sent via iPhone > >> On Mar 17, 2016, at 02:44, Mark Allan wrote: >> >> Jus

Re: [clamav-users] no new signatures

On Fri, March 18, 2016 2:05 pm, Helmut Hullen wrote: > Hallo, polloxx, > > > Du meintest am 18.03.16: > > >> Fri Mar 18 14:34:15 2016 -> ClamAV update process started at Fri Mar >> 18 14:34:15 2016 >> Fri Mar 18 14:34:15 2016 -> WARNING: Your ClamAV installation is >> OUTDATED! >> > > > So what -

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

We're not yet sure if it's broken or a result of renaming signatures. dp On 3/17/16 10:25 AM, Jason Williams wrote: Is anyone still seeing this or have they fixed it? -J Sent via iPhone On Mar 17, 2016, at 02:44, Mark Allan wrote: Just to confirm, I'm also seeing everything being flagged

[clamav-users] freshclam error

This is a new installation of clamav on a FreeBSD 11 amd64 system. I am encountering errors in the freshclam.log file. This is the output from a clean start with debug messages enabled. Fri Mar 18 10:30:49 2016 -> -- Fri Mar 18 10:30:49 2016 -> Current working d

[clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

As of the latest daily update, running ClamAV against the EICAR test string reports Win.Trojan.Trojan-605 instead of Eicar-Test-Signature. -J ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/c

[clamav-users] New ClamnAV database....test results for Clamwin

For your info: I run Clamwin, with the additional Clamd, and supplemented with Sane security definitions. I was VERY apprehensive about today and the pessamist inside (for good reason!) was expecting a range of problems. However, I just performed a forced DB update download, and an EICAR te

Re: [clamav-users] Signature updates?`

Paul, You are correct. We're going through testing right now, expect an announcement from me shortly. -- Joel Esler iPhone On Mar 16, 2016, at 11:04 AM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: Paul Kosinski ___ Help us build a compr

Re: [clamav-users] clamav on virus total

Hallo, C.D., Du meintest am 17.03.16: > My only question: Is clamav on virustotal kept up to date with the > latest versions of things? thanks, virustotal tells how old the signature file is. Viele Gruesse! Helmut ___ Help us build a comprehensive Cl

Re: [clamav-users] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

On Wednesday 16 March 2016 23:24:37 Joel Esler (jesler) wrote: > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance. >htmce.html?m=1>l > > ClamAV Signature Interface maintenance is now complete! New Main.cvd!

Re: [clamav-users] [Community-sigs] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

Joel, First congrats to you and the team, from the sounds of it, this took a lot of late nights and caffeine. Quick question, are any of the official sigs {main/daily/bytecode} changing names (or extensions)? That does not seem to be the case but I figure it would be good to confirm in order t

[clamav-users] Problem with mirrors overnight?

Hi, Is there currently an issue with the mirrors? I have at least two systems on two different networks that are having difficulty downloading updates from the clamav mirrors. The sanesecurity and other rulesets aren't having the same problem. This is after a series of "Ignoring mirror 200.236.31.

Re: [clamav-users] no new signatures

It should. I’ve heard no complaints so far. But it still won’t be able to use some of the new signature formats introduced with 0.99. -Al- On Fri, Mar 18, 2016 at 08:16 AM, polloxx wrote: > > Thanks for the answers folks. > One last question: will the new databases still work on version 0.98.

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Thanks. Hopefully it'll sync up soon. I'm getting weird download errors out of freshclam: WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 200.236.31.1): Operation now in progress WARNING: getpatch: Can't download daily-21465.cdiff from db.local.clamav.net nonblock_recv

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

I just ran a scan against the ClamAV test files contained in the 0.99.1 source file and I’m getting all Win.Trojan.Trojan-476: File Name Infection Name Status /Users/avarnell/Desktop/•Download/clamav-0.99.1/unit_tests/clam-phish-exe Win.Trojan.Trojan-476 /Users/avarnell/Desktop/•

Re: [clamav-users] [clamav-virusdb] Signatures Published daily - 21467

FYI, if I ignore "Win.Trojan.Trojan-476” ([main.hdb] aa15bcf478d165efd2065190eb473bcb:544) all of the test files below are identified as “Clamav.Test.File-6” ([daily.hdb] aa15bcf478d165efd2065190eb473bcb:544). -Al- On Fri, Mar 18, 2016 at 07:40 PM, Al Varnell wrote: > > Not sure exactly what

Re: [clamav-users] URL Links

Where are those? We need to remove them. -- Joel Esler iPhone On Mar 17, 2016, at 7:05 AM, Jerry mailto:je...@seibercom.net>> wrote: I just did a fresh install of ClamAV on a FreeBSD machine. While configuring the program,I found that the following URLs were broken: http://www.clamav.net/down

Re: [clamav-users] Problem with mirrors overnight?

Hi Ralf, On Thu, Mar 17, 2016 at 04:10:32PM +0100, Ralf Hildebrandt wrote: > > But why are always the same 3 of 13 german mirrors are probed from > > freshclam? > > All of them are failing since last night on all of our servers. > http://lutz.donnerhacke.de/Blog/ClamAV-aktualisiert-sich-nicht-m

[clamav-users] clamscan false positives

Hello Clamav users. Last week i started to check a gentoo distfiles directory with clamscan. To my big surprise clamscan found a lot of infected files. Taking a closer look leads to the assumption all of them are false positives because most of them are debugging tools. ClamAV update process star

Re: [clamav-users] New ClamnAV database....test results for Clamwin

On Thursday 17 March 2016 07:16:42 Groach wrote: > No problem. See, I can do praise too. :-) > > I even did a scan of my usual drive that is susceptible to showing > false positives and it all completed without unwanted reports. > > A relief, a surprise, and a happy chap (for today) ;-) > > So,

Re: [clamav-users] no new signatures

Hallo, SternData, Du meintest am 18.03.16: >> The signatures haven't been updated since Friday. [...] > I had a similar issue. After deleting /var/lib/clamav/mirrors.dat, > the updates started working again. No - that's another problem. I've just tried "freshclam" with deleted "mirrors.dat" -

Re: [clamav-users] clamav on virus total

Thank you all for the replies.  Just wanted to make sure my approach was logical, and VT is a reliable reference point for clamav comparison scanning.   "millions of samples" received daily, wow!  But how many are unique?  Or, putting on my "pretend bad guy" hat - if I was a virus writer I would

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Pulled down 21466 (and force restarted clamd) but it's still classifying EICAR as Win.Trojan.Trojan: https://gist.github.com/williamsjj/b8104402e80f44475df5 Databases are up to date now: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Empty script daily-2146

[clamav-users] clamav on virus total

Hi, Over the last 2 months of use I have collected and submitted 20+ virus attachments to clamav. I always check the files on virustotal dot com before submitting to clamav. To date, only one of the files is detected by clamav as a virus on virustotal (and on my server), while other vendor detec

Re: [clamav-users] Why does this happen?

Scott, In that case, please open a bug report. On Tue, Mar 15, 2016 at 5:37 PM, Scott Galambos wrote: > testfile.pdf is an encrypted and password protected file. I have > "ArchiveBlockEncrypted No" in clamd.conf. > > And a scan still finds it infected. > > server(/tmp): clamdscan --config-file

Re: [clamav-users] Why does this happen?

I had to completely restart the server, not just restart the daemons for some reason. Its off now and not scanning encrypted PDF's. Thank you. On 2016-03-16 6:18 PM, Benny Pedersen wrote: On 2016-03-16 23:04, Steven Morgan wrote: server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.

Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

Check the archives as I believe that was reported/discussed earlier. Sent from Janet's iPad -Al- On Mar 18, 2016, at 2:50 PM, Yuri Voinov wrote: > > http://www.stats.clamav.net is not responding either via HTTP or HTTPS. > > Is > > > ClamAV Community Threat Tracking System > > down? > > W

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Hey Al, I submitted a FP report with one attached. Just put the EICAR string into a txt file and that'll trigger it. -J Sent via iPhone > On Mar 16, 2016, at 22:16, Al Varnell wrote: > > I don’t know why sanesecurity-porcupine.ndb is causing this, but I can now > see that the signatures fo

Re: [clamav-users] Why does this happen?

On 2016-03-16 23:30, Scott Galambos wrote: I had to completely restart the server, not just restart the daemons for some reason. Its off now and not scanning encrypted PDF's. glad you found the issues about it another time you can make a new default config from clamconf -g clamd.conf >/tmp/c