Re: [clamav-users] How to get/use 3rd party signatures?

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 23:54 schrieb Mark Foley: On 29/12/2016 09:32, Reindl Harald wrote: Am 29.12.2016 um 10:21 schrieb Reindl Harald: state of the official sgnatures is that clamav don't catch many real malware all over the time without sanesecurity 3rd party signatures and the official I'

[clamav-users] How to get/use 3rd party signatures?

2016-12-29 Thread Mark Foley
On 29/12/2016 09:32, Reindl Harald wrote: > > Am 29.12.2016 um 10:21 schrieb Reindl Harald: >> >> state of the official sgnatures is that clamav don't catch many real >> malware all over the time without sanesecurity 3rd party signatures and >> the official > I'd like to add these 3rd party signat

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Joel Esler (jesler)
Because the address is bugzilla.clamav.net. This will be fixed by removing the bugs.clamav.net dns entry. But I don't want to remove it until the links inside the tarball + any documentation has been adjusted to say bugzilla. -- Sent from my iPhone > On Dec 29, 2016, at 10:05 AM, Benny P

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 16:15 schrieb Kris Deugau: Groach wrote: If I could exclude the Clam default signatures and just continue to use Sane then I would and then I could turn back on quarantining to make our systems safe again. You can; turn off freshclam and delete the stock signature files.

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Gene Heskett
On Thursday 29 December 2016 07:06:38 Groach wrote: > On 29/12/2016 09:32, Reindl Harald wrote: > > Am 29.12.2016 um 10:21 schrieb Reindl Harald: > >> state of the official sgnatures is that clamav don't catch many > >> real malware all over the time without sanesecurity 3rd party > >> signatures

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Kris Deugau
Groach wrote: > If I could exclude the Clam default > signatures and just continue to use Sane then I would and then I could > turn back on quarantining to make our systems safe again. You can; turn off freshclam and delete the stock signature files. Also make sure that you don't use the --off

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 14:40 schrieb Mark Allan: On 29 Dec 2016, at 12:06 pm, Steve Basford wrote: In clamscan there is: --official-db-only[=yes/no(*)] Only load official signatures in clamd.conf there is: OfficialDatabaseOnly#Only loading official signatures. I suppose there could

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 13:06 schrieb Steve Basford: On Thu, December 29, 2016 9:32 am, Reindl Harald wrote: i would love to be able to *completly* exclude "daily.cld", "daily.cvd" and "main.cvd" and only update "safebrowsing.cvd" daily.cvd and main.cvd are compressed versions of multiple datab

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Benny Pedersen
On December 29, 2016 13:06:51 "Steve Basford" wrote: https://bugs.clamav.net/show_bug.cgi?id=11708 still ssl error ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us b

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Steve Basford
On Thu, December 29, 2016 1:40 pm, Mark Allan wrote: > It seems a little overkill to add a new feature for this. Couldn't you > just delete the cvd/cld file and prevent freshclam from running? Or > better yet, write a wrapper around freshclam so the update still takes > place and then unpack the

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Mark Allan
> On 29 Dec 2016, at 12:06 pm, Steve Basford > wrote: > > In clamscan there is: > > --official-db-only[=yes/no(*)] Only load official signatures > > in clamd.conf there is: > > OfficialDatabaseOnly#Only loading official signatures. > > I suppose there could be a: > > --3rd-party-

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Groach
Noted. Confirmed FP's no longer being reported. (Still looking forward to the new improved QA system, and one that doesnt require a mailing list uproar before the issues get identified). On 29/12/2016 13:14, Joel Esler (jesler) wrote: We are showing that all Toa signatures have been droppe

Re: [clamav-users] Corrupt database and failure to start

2016-12-29 Thread Arnaud Jacques / SecuriteInfo.com
Hello Alex, > Wed Dec 28 19:05:52 2016 -> Downloading securiteinfo.hdb [*] > Wed Dec 28 19:05:54 2016 -> WARNING: [LibClamAV] cli_loadhash: Problem > parsing database at line 3416821 > Wed Dec 28 19:05:54 2016 -> WARNING: [LibClamAV] Can't load > /var/lib/clamav/clamav-a0e1b3646bf0af582c18764ec2fd

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Joel Esler (jesler)
We are showing that all Toa signatures have been dropped. Please run freshclam to drop the sigs. -- Sent from my iPhone > On Dec 29, 2016, at 8:03 AM, Joel Esler (jesler) wrote: > > I'm not dismissing anything. (Except the notion that I am dismissing things). > I know one of our guys is m

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Joel Esler (jesler)
I'm not dismissing anything. (Except the notion that I am dismissing things). I know one of our guys is monitoring the list during the holiday. I'll ping him. -- Sent from my iPhone > On Dec 29, 2016, at 7:07 AM, Groach > wrote: > >> On 29/12/2016 09:32, Reindl Harald wrote: >> >>> Am 2

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Steve Basford
On Thu, December 29, 2016 9:32 am, Reindl Harald wrote: > >i would love to be able to *completly* exclude >"daily.cld", "daily.cvd" and "main.cvd" and only update >"safebrowsing.cvd" daily.cvd and main.cvd are compressed versions of multiple databases... eg. sigtool --unpack-current=daily 29/

[clamav-users] Messages with multiple infections, was CL_SCAN_ALLMATCHES (or --allmatch or -z)

2016-12-29 Thread Alessandro Vesely
How does one find out if there are multiple viruses in a single file? The problem is to avoid a possibly harmless virus to mask severe infections. Another problem, for users of older library versions, is how to know if the pointer returned is an array of strings or a single string. Is this the

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 10:21 schrieb Reindl Harald: Am 29.12.2016 um 03:54 schrieb Al Varnell: Over 11,000 of them were dropped several days ago, but a few were added at the same time. I have no idea what the status of those new ones are and maybe I've lost track, but I believe only one of the new o

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 03:54 schrieb Al Varnell: Over 11,000 of them were dropped several days ago, but a few were added at the same time. I have no idea what the status of those new ones are and maybe I've lost track, but I believe only one of the new ones has been brought up here. Since all sign

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 07:30 schrieb demonhunter: Samples can be easily generated by creating a blank Word or Excel document, creating an empty macro module with a single empty subroutine, and saving the Word/Excel file as a .docm or .xlsm file. Scanning one of these brand new files against a saved