Re: [clamav-users] Another possible FP?

2017-04-23 Thread Al Varnell 
Joel & Alain,

Finally had some time to check and now see that I am also observing this in 22 
messages, most, if not all of which are the same ones identified in the first 
case. I suspect that these detections were not previously made because they 
were masked by Email.Phishing.VOF1-6295284-0 which identified 47 messages.

I uploaded one of several mailings from my water district:
d81b0950ab1f524ef325b78beee34166:71221:9676.emlx

-Al-

On Apr 23, 2017, at 11:42 AM, Joel Esler (jesler)  wrote:

> Are they FPs?  Or just alerts?
> 
> --
> Sent from my iPhone
> 
>> On Apr 23, 2017, at 14:17, "ad...@web-envy.com"  wrote:
>> 
>> I can confirm that today I did not get any of these FPs, however I am
>> getting a bunch of these instead. A lot of them are on older email messages
>> that look like normal messages:
>> 
>> 
>> 
>>  Email.Phishing.VOF1-6295446-0
>> 
>> 
>> 
>> 
>> 
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Another possible FP?

2017-04-23 Thread Joel Esler (jesler) 
Are they FPs?  Or just alerts?

--
Sent from my iPhone

> On Apr 23, 2017, at 14:17, "ad...@web-envy.com"  wrote:
> 
> I can confirm that today I did not get any of these FPs, however I am
> getting a bunch of these instead. A lot of them are on older email messages
> that look like normal messages:
> 
> 
> 
>   Email.Phishing.VOF1-6295446-0
> 
> 
> 
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Another possible FP?

2017-04-23 Thread admin 
Today I am getting a bunch of these messages. A lot of them are on older
email messages that look like normal messages:

   Email.Phishing.VOF1-6295446-0 FOUND

 

 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Another possible FP?

2017-04-23 Thread Al Varnell 
 and report back with hash.

-Al-

On Apr 23, 2017, at 11:16 AM, ad...@web-envy.com wrote:

> I can confirm that today I did not get any of these FPs, however I am
> getting a bunch of these instead. A lot of them are on older email messages
> that look like normal messages:
> 
> 
> 
>   Email.Phishing.VOF1-6295446-0
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamscan output

2017-04-23 Thread Noel Jones 
On 4/23/2017 10:20 AM, Lyle Holmes wrote:
> Probably simple to resolve. Clamscan sends the results of the daily scan
> in an email. Results similar to the one below for each directory in
> /home. Unfortunately clamscan is appending the new results to the prior
> day's results; making a ridiculously long email. I would like to
> overwrite the prior day's results. Not sure how/where to do this.
> Thanks. 
> 
> --- SCAN SUMMARY ---
> Known viruses: 6258909
> Engine version: 0.99.2
> Scanned directories: 324
> Scanned files: 3414
> Infected files: 0
> Data scanned: 152.86 MB
> Data read: 159.49 MB (ratio 0.96:1)
> Time: 128.806 sec (2 m 8 s) 
> 


clamscan does not do daily scans, nor does clamscan send email.
Whatever custom script you're using for those functions is not part
of clam.

If you don't remember what you did to get this daily scan, start
with looking at your crontab to see what runs daily.

After you find your offending script, fix the script so it creates a
new file every day rather than appending to a file.

The fix is probably as easy as changing a '>>'  to a single '>', but
finding it is the challenge.  We can't help with that.



  -- Noel Jones
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Another possible FP?

2017-04-23 Thread admin 
I can confirm that today I did not get any of these FPs, however I am
getting a bunch of these instead. A lot of them are on older email messages
that look like normal messages:

 

   Email.Phishing.VOF1-6295446-0

 

 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamscan output

2017-04-23 Thread Lyle Holmes 
Probably simple to resolve. Clamscan sends the results of the daily scan
in an email. Results similar to the one below for each directory in
/home. Unfortunately clamscan is appending the new results to the prior
day's results; making a ridiculously long email. I would like to
overwrite the prior day's results. Not sure how/where to do this.
Thanks. 

--- SCAN SUMMARY ---
Known viruses: 6258909
Engine version: 0.99.2
Scanned directories: 324
Scanned files: 3414
Infected files: 0
Data scanned: 152.86 MB
Data read: 159.49 MB (ratio 0.96:1)
Time: 128.806 sec (2 m 8 s) 

-- 
Thanks, 

LYLE HOLMES
 206.920.3693
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml