Re: [clamav-users] Question about ClamScan

It’s not that at all. They are working on ClamAV 99.3. I’ll call their attention to the devel list. -- Joel Esler | Talos: Manager | jes...@cisco.com On May 12, 2017, at 2:47 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 5/12/17 10:19 AM, crazy thi

Re: [clamav-users] LibClamAV Warning

I thought this was fixed. -- Sent from my iPhone > On May 6, 2017, at 14:01, Rudy Stebih wrote: > > I filed a bug report for this. Bug #11837 > > Cheers, > Rudy > > >> On Wed, May 3, 2017 at 1:25 PM, David Raynor wrote: >> >> Bump for visibility. I figure someone from your team should g

Re: [clamav-users] ClamAV UnOfficial Database

We have some ideas here Benny, but nothing in the pipeline today. If we incorporated SaneSecurity’s sigs (we need permission to do so from Steve), then we could ingest them, and de-dupe any hash-based sigs that we have that other types of sigs alert on (we do this today for our own internal sig

Re: [clamav-users] ClamAV UnOfficial Database

3rd party signatures distributed by us, are signed. -- Sent from my iPhone > On May 4, 2017, at 08:27, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2017-05-04 14:19: >> We'd have to evaluate which feeds would be appropriate for the ClamAV >> Db. The more

Re: [clamav-users] ClamAV UnOfficial Database

We'd have to evaluate which feeds would be appropriate for the ClamAV Db. The more coverage the better, with fewest false positives. -- Sent from my iPhone > On May 4, 2017, at 08:04, Benny Pedersen wrote: > > Joel Esler (jesler) skrev den 2017-05-04 13:52: >> We alr

Re: [clamav-users] ClamAV UnOfficial Database

We already distribute some third party feeds into the official database, we have a program for that which can be found on our website. We would love to incorporate Sanesecurity's feed, all they have to do is give us the okay to do it. -- Sent from my iPhone > On May 4, 2017, at 07:29, craz

Re: [clamav-users] Different results: Clamscan vs ClamWin

First thing I notice is that you are running two different versions of ClamAV. -- Sent from my iPhone > On May 2, 2017, at 20:08, Rafael Ferreira wrote: > > Can you tell us which virus you encountered? Also can you validate that the > file has the same checksum in both windows and Linux? >

Re: [clamav-users] No Signature updates for 30 hours?

Thanks all for this, it should be fixed now. -- Joel Esler | Talos: Manager | jes...@cisco.com On May 1, 2017, at 9:21 AM, Mark Allan mailto:markjal...@gmail.com>> wrote: It looks like there's a problem with the DNS text record not updating properly. It still sh

Re: [clamav-users] Mirror problem

I’ve created a ticket for removal for our operations team. -- Joel Esler | Talos: Manager | jes...@cisco.com On Apr 20, 2017, at 2:48 PM, Ted Hatfield mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/17 7:42 AM, Dennis Peterson wrote:

Re: [clamav-users] Mirror problem

Thanks Ted. -- Joel Esler | Talos: Manager | jes...@cisco.com On Apr 20, 2017, at 2:48 PM, Ted Hatfield mailto:t...@io-tx.com>> wrote: On Thu, 20 Apr 2017, Kristen R. wrote: On 4/20/17 7:42 AM, Dennis Peterson wrote: Anyone else seeing this? Sat Apr 1 14:02:39

Re: [clamav-users] ClamAV for EnterPrise

se than a fellow user, but I'll give some of it a try. On Wed, Apr 19, 2017 at 08:05 PM, Benny Pedersen wrote: Joel Esler (jesler) skrev den 2017-04-20 01:40: Alright all — I think the conversation and arguing has gone on long enough and we’ve beat not only the topic to death, but the topics af

Re: [clamav-users] Another possible FP?

Are they FPs? Or just alerts? -- Sent from my iPhone > On Apr 23, 2017, at 14:17, "ad...@web-envy.com" wrote: > > I can confirm that today I did not get any of these FPs, however I am > getting a bunch of these instead. A lot of them are on older email messages > that look like normal messages

Re: [clamav-users] ClamAV for EnterPrise

Alright all — I think the conversation and arguing has gone on long enough and we’ve beat not only the topic to death, but the topics after the topic are now dead. I’ve received enough complaints at this point to call a truce. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] ClamAV for EnterPrise

: Re: [clamav-users] ClamAV for EnterPrise >> >> @Joel >> >> That Sounds good but ClamAV is OpenSource.. how can we use it in >> Commercial Product ? >> >>> On 19 April 2017 at 17:07, Joel Esler (jesler) wrote: >>> >>> All -- >>&g

Re: [clamav-users] ClamAV for EnterPrise

All -- ClamAV does not have any plans on making an enterprise version or management console. We make a commercial product for that, which also uses ClamAV in its engine. I think that settles the conversation. -- Sent from my iPhone > On Apr 19, 2017, at 04:08, Reindl Harald wrote: > >

Re: [clamav-users] Sporadic signature frequency

e, what's is the issue with the current deletion strategy? On Apr 17, 2017, at 9:33 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Yes — Since more and more content is being shipped, it’s taking longer and longer to build the daily.cvd. So if the build of a daily is locked w

Re: [clamav-users] Sporadic signature frequency

Yes — Since more and more content is being shipped, it’s taking longer and longer to build the daily.cvd. So if the build of a daily is locked when it comes around to build the next one, it doesn’t build the second one. Hence why they are coming more spaced out. Couple remedies for this, all

Re: [clamav-users] Identify Threat Risk Level with ClamAV

Wouldn’t all malware be a large risk? -- Joel Esler | Talos: Manager | jes...@cisco.com On Apr 14, 2017, at 12:47 AM, crazy thinker mailto:crazythinke...@gmail.com>> wrote: Hi ClamAV Developers,Users I know that ClamAV is a very powerful anti-virus scanner.i am lo

Re: [clamav-users] Question about .cvd files

1. bytecode.cvd contains AV signatures written in our bytecode language. This allows us to have very advanced processing of files for detection. 2. Malware may not be specific to one OS. Or malware may be copied from OS to OS. 3. I don’t think you’d wan to do this, based upon what I just sai

Re: [clamav-users] Manual cdiff update procedure

Why would freshclam not be used? -- Sent from my iPhone > On Apr 6, 2017, at 07:36, venkat swaminathan wrote: > > Thanks Allan, > Mentioned below is my current progress. > all in /tmp/clam folder > > sigtool --unpack-current=daily (Unpacked Existing CVD from /var/lib/clam) > sigtool --verify-c

Re: [clamav-users] Reporting malware/false negatives

1d7c2 pbj5a57gw5-pMlSuWbYRjT1.docx 440f44ac9ca212b8ecf38e48faa9dfac g9kfak164-NZlttUtz.docx If you're reading this and would also like a sample of these, let me know. On Wed, Mar 22, 2017 at 9:50 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: I just added Doc.Dropper.Agent-6136

Re: [clamav-users] False Positive of IObit product by ClamAV

This signature has been dropped. -- Joel Esler | Talos: Manager | jes...@cisco.com On Mar 31, 2017, at 3:44 AM, Arnaud Jacques / SecuriteInfo.com mailto:webmas...@securiteinfo.com>> wrote: Received this message : -- Message trans

Re: [clamav-users] Reporting malware/false negatives

I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today. -- Joel Esler | Talos: Manager | jes...@cisco.com On Mar 22, 2017, at 9:43 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, How long does it typically take for a sample

Re: [clamav-users] Reporting malware/false negatives

Inline. -- Sent from my iPhone > On Mar 21, 2017, at 20:27, Alex wrote: > > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. > > How long does it typically take for a sample to be analyzed and a > pattern

Re: [clamav-users] ClamAV for windows: GUI and chocolatey package

\ On Mar 5, 2017, at 6:01 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2017-03-05 13:42: We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. windows only imho :

Re: [clamav-users] (no subject)

These come in spurts. When we suddenly get a rash of 50-100 new people on the list for whatever reason, we get one or two of these. Part of being a member of a community. It sucks that we have these every now and again, and it can be annoying, but we just guide them to the exit and call i

Re: [clamav-users] Daily 23161 broke Clam

ng missed. -- Sent from my iPhone > On Mar 5, 2017, at 22:29, Noel Jones wrote: > >> On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote: >> The question here is, do we strive to make a package that is installable on >> more machines, (even ones that are going EOL?), or do we st

Re: [clamav-users] R: Re: R: Re: ClamAV for windows: GUI and chocolatey package

V for windows which is all except that > free > and user privacy friendly, I can take a look at immunet. > Can you tell me if immunet uses ads, adware and something similar? > > Thank you > > >> Messaggio originale >> Da: "Joel Esler (jesler)"

Re: [clamav-users] Daily 23161 broke Clam

I am still interested in people's feedback, as right now, this thread seems to be about 50/50 (in requiring pcre 7) -- Sent from my iPhone > On Mar 5, 2017, at 06:39, Ned Slider wrote: > >> On 04/03/17 22:54, Joel Esler (jesler) wrote: >> We cannot be tied to distribution

Re: [clamav-users] R: Re: ClamAV for windows: GUI and chocolatey package

We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free. -- Sent from my iPhone > On Mar 5, 2017, at 05:46, "erotavlas_tu...@libero.it" > wrote: > > Hi, > whenever it is possible, I prefer to avoid using closed

Re: [clamav-users] Daily 23161 broke Clam

We cannot be tied to distribution support problems. -- Sent from my iPhone > On Mar 4, 2017, at 17:44, Benny Pedersen wrote: > > Leonardo Rodrigues skrev den 2017-03-04 23:12: >> is clamav a redhat product ?!?! I don't think so. That being said, i >> see absolutely no point at all on saying cl

Re: [clamav-users] Daily 23161 broke Clam

mply > disable pcre support in previous version of clamd that have not been upgraded? > > Thanks, > > Chris > >> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: >> A new daily with the Sig dropped. >> >> Probably what we will do to prevent this

Re: [clamav-users] Daily 23161 broke Clam

A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone > On Mar 3, 2017, at 18:08, Chris Conn wrote: > > Hello, > > I hope you don't mind my cont

Re: [clamav-users] Potentially False Positive, but I lost the file!

providing detection to others, helping others with their installs, helping with development, etc. This is a free project, so I can't offer you a refund. -- Sent from my iPhone On Jan 21, 2017, at 4:55 PM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: On 21/01/2017 18:4

Re: [clamav-users] Potentially False Positive, but I lost the file!

-- Sent from my iPhone > On Jan 21, 2017, at 11:16 AM, Alain Zidouemba > wrote: > > Antonio, > > Unfortunately, I can't find any record of us having ever published > Win.Trojan.Agent-18112140. > Could the name of the signature that caused the FP be slightly different? > > Alain > > On Sat,

Re: [clamav-users] Potentially False Positive, but I lost the file!

Groach -- Sent from my iPhone > On Jan 21, 2017, at 10:43 AM, Groach > wrote: > > I would put my house on that it was a false positive 100%. Reasons for > saying so: > > 1, It was a windows installation CD > 2, Its a file nearly 20 years old > 3, Clam signatures couldnt detect water in a

Re: [clamav-users] Submitting False Negatives

Are you using the most updated version of the tool? It should work. -- Sent from my iPhone > On Jan 11, 2017, at 11:07 AM, Tim Tepatti wrote: > > Hello, > > I recently started using ClamAV and have a small database of virus samples > on my computer. I noticed that when scanning some of these

Re: [clamav-users] Clam AV Integration with Thunderbird

What about on-access scanning ClamAV for Linux? -- Joel Esler | Talos: Manager | jes...@cisco.com On Jan 8, 2017, at 11:25 AM, Groach mailto:groachmail-stopspammin...@yahoo.com>> wrote: What you are talking about is a REALTIME protection which clam in its native

Re: [clamav-users] Grizzly Steppe

http://blog.talosintel.com/2017/01/grizzly-steppe.html -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 5, 2017, at 11:40 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: AMP has far more coverage than ClamAV. As the coverage can

Re: [clamav-users] Old virus databases?

I’d have to check, I am not sure we retain those. I don’t think they are available publicly anywhere either. -- Joel Esler | Talos: Manager | jes...@cisco.com On Jan 5, 2017, at 1:39 PM, Michael Howard mailto:mhow...@cra.com>> wrote: Hello. The ClamAV download p

Re: [clamav-users] Grizzly Steppe

AMP has far more coverage than ClamAV. As the coverage can be generated much more quickly and without a DB to download, it happens in real time. As far as coverage for ClamAV, and Alain can correct me if I am wrong, I believe coverage has been pushed out. -- Joel Esler | Talos: Manager | jes..

Re: [clamav-users] Grizzly Steppe

Where did you sent them? -- Joel Esler | Talos: Manager | jes...@cisco.com On Jan 4, 2017, at 7:12 PM, TR Shaw mailto:ts...@oitc.com>> wrote: I have offered sigs to ClamAV official but have heard nothing back yet. On Jan 4, 2017, at 6:52 PM, Eric Tykwinski mailt

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Because the address is bugzilla.clamav.net. This will be fixed by removing the bugs.clamav.net dns entry. But I don't want to remove it until the links inside the tarball + any documentation has been adjusted to say bugzilla. -- Sent from my iPhone > On Dec 29, 2016, at 10:05 AM, Benny P

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

We are showing that all Toa signatures have been dropped. Please run freshclam to drop the sigs. -- Sent from my iPhone > On Dec 29, 2016, at 8:03 AM, Joel Esler (jesler) wrote: > > I'm not dismissing anything. (Except the notion that I am dismissing things). > I know o

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

I'm not dismissing anything. (Except the notion that I am dismissing things). I know one of our guys is monitoring the list during the holiday. I'll ping him. -- Sent from my iPhone > On Dec 29, 2016, at 7:07 AM, Groach > wrote: > >> On 29/12/2016 09:32, Reindl Harald wrote: >> >>> Am 2

Re: [clamav-users] Submitted false-negative still not detected

Alex, Regarding the ticket and confirmation piece, we are working on that. -- Sent from my iPhone > On Dec 27, 2016, at 8:21 PM, Alex wrote: > > Hi, > > I submitted a false-negative a few days ago and it still is not > detected after the most recent update. It would be helpful for these >

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato wrote: > > In keeping with one false positive reports > I have 8 CentOS servers report below after Signatures Published daily - 22782 > update: > > All attachme

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

I believe that signature has been dropped. -- Sent from my iPhone > On Dec 26, 2016, at 11:08 PM, Christian Balzer wrote: > > > Hello, > >> On Tue, 27 Dec 2016 03:06:31 +0000 Joel Esler (jesler) wrote: >> >> We QA against thousands of clean files for each

Re: [clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0

We QA against thousands of clean files for each signature. But we don't have s copy of every foe in the world to QA against. When people send in false positives, if we determine them to be actually clean, we add them to the FP farm as well. That's why FPs are important to send in, not just

Re: [clamav-users] the problem of endless loop

The 0.97.x tree is EOL: http://blog.clamav.net/2016/05/clamav-097-engine-end-of-life.html I recommend upgrading to a newer version. -- Joel Esler | Talos: Manager | jes...@cisco.com On Dec 19, 2016, at 6:56 PM, Tsutomu Oyamada mailto:oyam...@promark-inc.com>> wro

Re: [clamav-users] Central management server?

This is probably found exclusively in an enterprise system. We have it in our AMP product that we sell (which uses ClamAV as one of its engines), but I am not aware of any free enterprise management of AV software. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] Question on attachments

File types are based upon their contents. Not their extensions. -- Joel Esler | Talos: Manager | jes...@cisco.com On Dec 12, 2016, at 11:43 AM, TR Shaw mailto:ts...@oitc.com>> wrote: How does ClamAV decide to unpack an attachment? In particular this is in refere

Re: [clamav-users] bugzilla security certificate

ClamAV is not the only project we run. When you all (or we) discover an issue, I take that information, file a ticket with our operations team, and the issues are resolved as we get to them, just like any other infrastructure. Not only do we run ClamAV, but we run Snort, and entire Talos infra

Re: [clamav-users] Building ClamAV for Android PC

Throughout the years of the project we've had many people say they want to do this, but I've never heard of anyone that actually has. -- Sent from my iPhone > On Dec 10, 2016, at 12:14 PM, crazy thinker wrote: > > Hi All, > > i have installed remix os on personal laptop for expermential wor

Re: [clamav-users] clamav remote server / client setup scenario

What you are looking for is the ability to setup a private mirror. http://www.clamav.net/documents/private-local-mirrors -- Joel Esler | Talos: Manager | jes...@cisco.com On Dec 7, 2016, at 12:19 PM, Priya Seth mailto:se...@us.ibm.com>> wrote: Hi All, I am new

Re: [clamav-users] bugzilla security certificate

Thanks Steve, I’ve opened a ticket for review. -- Joel Esler | Talos: Manager | jes...@cisco.com On Dec 7, 2016, at 11:42 AM, Steve Basford mailto:steveb_cla...@sanesecurity.com>> wrote: Just a quick one... in case it confuses visitors to Bugzilla... Going to htt

Re: [clamav-users] Question about Repairing infected files

Most are hash? Sure. They are auto generated. But there are still a good bit of more advanced signatures shipping every day On Dec 4, 2016, 7:06 AM -0500, Al Varnell , wrote: On Dec 3, 2016, at 9:02 PM, crazy thinker wrote: Hi All, It is known that ClamAV uses Pattern Matching to Catch infecte

Re: [clamav-users] How to Mass Submit Virus Samples?

I meant spamcop.net. Not .org. Sorry about that. -- Sent from my iPhone > On Dec 2, 2016, at 7:19 AM, Joel Esler (jesler) wrote: > > We can accept either the attachments or the entire spam email. We also run > the spamcop.org anti-spam project, and that helps us tremendo

Re: [clamav-users] How to Mass Submit Virus Samples?

We set up each mass submitter with a different address in the system. It's not a shared address. -- Sent from my iPhone > On Dec 2, 2016, at 7:26 AM, Arnaud Jacques / SecuriteInfo.com > wrote: > > Hi Joel, > >> But if you are willing to send us samples, we can get you set up as a mass >> s

Re: [clamav-users] How to Mass Submit Virus Samples?

We can accept either the attachments or the entire spam email. We also run the spamcop.org anti-spam project, and that helps us tremendously as well. But if you are willing to send us samples, we can get you set up as a mass submitter, and you can mail them to us. -- Sent from my iPhone

Re: [clamav-users] How to Mass Submit Virus Samples?

What amount of samples are we talking? Do you want to submit whole spam or just the attachments? -- Sent from my iPhone > On Dec 2, 2016, at 5:46 AM, Benoit Panizzon wrote: > > Hello ClamAvers! > > I work at an ISP and we operate a large email infrastructure. We use > ClamAV as our mail vir

Re: [clamav-users] db.at.clamav.net

Thanks. -- Joel Esler | Talos: Manager | jes...@cisco.com On Dec 1, 2016, at 6:52 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Confirming no response to Ping, Traceroute or Port Scan. Lookup 81.223.20.171 -> clamav.inode.at whois 81.22

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

Thanks for the feedback Jeff. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 30, 2016, at 6:16 PM, Jeff Dyke mailto:jeff.d...@gmail.com>> wrote: Just a user or not Al, thanks for the quick update!! Also thank you to the folks that looked into this. I jus

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

Jeff On Wed, Nov 30, 2016 at 10:21 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Gene, Al was simply asking, as he knows we may ask, and it helps us identify the file faster. Otherwise we have to search through and look for the sender email, which, sometimes does not match u

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

Gene, Al was simply asking, as he knows we may ask, and it helps us identify the file faster. Otherwise we have to search through and look for the sender email, which, sometimes does not match up. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 30, 2016

Re: [clamav-users] feedback on Installing ClamAV instructions

This is fantastic feedback. I’ve incorporated the fixes (and missing pages!) you’ve suggested below. Much of this content was migrated from our wiki that we took offline years ago, and despite my review, I’ve obviously missed a few pages and links. Always feel free to send this feedback in, or

Re: [clamav-users] Bytecode Update [was:Many Empty Updates]

They have been added now, thanks Al for pointing this out to us. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 23, 2016, at 6:31 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Although I didn't receive any feedback on this one, I did note that the 10/

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

ent-1835897 -Al- On Tue, Nov 22, 2016 at 11:17 AM, Maarten Broekman wrote: I am seeing these mostly on files that comprise the OpenLayers library in phpMyAdmin 4. On Tue, Nov 22, 2016 at 2:11 PM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Mark, Thanks for the feedback, you

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

ware.Agent-1835897 -Al- On Tue, Nov 22, 2016 at 11:17 AM, Maarten Broekman wrote: I am seeing these mostly on files that comprise the OpenLayers library in phpMyAdmin 4. On Tue, Nov 22, 2016 at 2:11 PM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: Mark, Thanks for the feedb

Re: [clamav-users] Question about Virus DB

Al nailed it. -- Sent from my iPhone > On Nov 27, 2016, at 1:15 AM, Al Varnell wrote: > > That's an easy one. As I understand it's history, ClamAV was originally > designed to scan incoming messages to e-mail servers. Since it's impossible > to know the final destination platform of these me

Re: [clamav-users] Many Empty Updates

This has been fixed! -- Sent from my iPhone > On Nov 17, 2016, at 6:54 AM, Joel Esler (jesler) wrote: > > Thank you Al. > > -- > Sent from my iPhone > >> On Nov 17, 2016, at 6:31 AM, Al Varnell wrote: >> >> The last significant update was daily - 2

Re: [clamav-users] Build ClamAV from Source for Android

We provide a ton of them. I had them automated for awhile, but it was flooding the system, so I had to turn them off. But yes, there is plenty of mobile malware in the space, and lots of ClamAV installations are catching them via side-load. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

Mark, Thanks for the feedback, you are right, I am experiencing some high counts in the Txt.Malware.Agent family. I’ve disabled this engine for now. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 22, 2016, at 12:02 PM, Mark Allan mailto:markjal...@gmail

Re: [clamav-users] CRDF databases and clamav

from my iPhone > On Nov 20, 2016, at 4:46 PM, Dennis Peterson wrote: > > Will the ClamAV team handle CRDF FP's and other issues? > > dp > >> On 11/20/16 11:10 AM, Joel Esler (jesler) wrote: >> There is at least one or two more we are working on right now to incor

Re: [clamav-users] CRDF databases and clamav

There is at least one or two more we are working on right now to incorporate to make everyone's lives easier, increase detection, give credit to the correct signature developer, false positives to the signature developer (when submitted into ClamAV.net). It's a win for literally everyone. --

Re: [clamav-users] CRDF databases and clamav

Yes. That is correct. -- Sent from my iPhone > On Nov 20, 2016, at 11:54 AM, Rafael Ferreira wrote: > > Howdy folks, am I correct to say that based on this announcement > (http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html >

Re: [clamav-users] Many Empty Updates

Thank you Al. -- Sent from my iPhone > On Nov 17, 2016, at 6:31 AM, Al Varnell wrote: > > The last significant update was daily - 22543 posted 36 hours ago. > > Since that time there have been only one new daily signature, three new > bytecode signatures and two dropped signatures. > > -A

Re: [clamav-users] ClamAV malware report: include info from Malwr?

To answer the automation question, 100% of what people submit is handled automatically. It is ran through our sandboxes if needs be, (the sandboxes used by our commercial customers) along with a ton of other factors, but yes, it's 100% automated. Humans have to deal with what cannot be automat

Re: [clamav-users] Clamwin will not update or so Slow it's Impractical to try

rote: Looks like either there is a related discussion or the same one taking place at <http://forums.clamwin.com/viewtopic.php?t=4544>. Sent from Janet's iPad -Al- On Nov 12, 2016, at 5:19 PM, "Joel Esler (jesler)" wrote: Who is “they”? Us? Or ClamWin? -- Joel Esler | Talos:

Re: [clamav-users] Clamwin will not update or so Slow it's Impractical to try

Who is “they”? Us? Or ClamWin? -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 12, 2016, at 5:02 PM, Rudy Stebih mailto:clamavmir...@gmail.com>> wrote: It's because their mirrors are extremely slow and they won't add any new mirrors. What you are waitin

Re: [clamav-users] Issue with daily-22474

le safely? Also, given the cdiff file was > approximately the same size as the entire daily db, would it have been better > simply to skip that cdiff, causing everyone to re-download a new daily.cvd? > Or is that not advisable for some reason? > > Thanks. > Mark > >>

Re: [clamav-users] Virus Signature Submitted on 17/10/2016

The processing that comes in through the website is largely automated. Submitting signatures should be done through the community-sigs list, until we make a submission method through the website. Sent from my iPad > On Nov 7, 2016, at 6:45 AM, Richard McCombie > wrote: > > Good morning, >

Re: [clamav-users] Issue with daily-22474

Oh my, I apologize, it just dawned on me that I sent a note to the mirrors list, but not to the users list. A "larger than normal" cdiff to the Daily.cvd was published. Unfortunately with the timeline that we had to publish it, and my personal travel schedule, I was not able to put out a note

Re: [clamav-users] License

Probably not. What did you have in mind? -- Sent from my Apple Watch > If the default license can be changed for a user for a fee. > > > On 04/11/2016 20:11, Joel Esler (jesler) wrote: >> What would you like to know? >> >> Sent from my iPhone >> >>>

Re: [clamav-users] License

What would you like to know? Sent from my iPhone > On Nov 4, 2016, at 4:04 PM, Michael Mckeown > wrote: > > Is there someone I could contact via email about the license or rather > could someone from clamav contact me on this email? > > Thanks. > _

Re: [clamav-users] Documentation for creating ndb signatures?

Dave, Check out: https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf Thanks. -- Joel Esler | Talos: Manager| jes...@cisco.com On Oct 26, 2016, at 8:45 AM, Dave McMurtrie mailto:dav...@andrew.cmu.edu>> wrote: Hi, I know it exists, because I

Re: [clamav-users] Last Seven daily Updates have been almost empty

We’re building a new daily now that should fix the issue. -- Joel Esler | Talos: Manager| jes...@cisco.com On Oct 24, 2016, at 2:56 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Never quite sure when I should bring this up, but daily 22415 through 22421 have inc

Re: [clamav-users] Last Seven daily Updates have been almost empty

Thanks Al. -- Joel Esler | Talos: Manager| jes...@cisco.com On Oct 24, 2016, at 2:56 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Never quite sure when I should bring this up, but daily 22415 through 22421 have included exactly one new signature and one dropped

Re: [clamav-users] Memory error

Correct. That version is EOL. Sent from my iPhone > On Oct 22, 2016, at 4:41 PM, Yuri Voinov wrote: > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > First of all, upgrade. Current version is 0.99.2. Your version is simple > ancient and rancid years ago. > > > 23.10.2016 2:39,

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

eb_cla...@sanesecurity.com>> wrote: On Wed, October 19, 2016 3:12 pm, Joel Esler (jesler) wrote: Heino, Can you clarify which sig caught it? Doc.Dropper.Agent-177659 is not an actual sig number. Damn cut and paste... it's: Doc.Dropper.Agent-1776597 (a hash) -- Cheers, Steve Twitt

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

So to be clear, it is not detected or it is detected? -- Joel Esler | Talos: Manager| jes...@cisco.com On Oct 19, 2016, at 9:50 AM, Heino Backhaus mailto:heino.backh...@fink-computer.de>> wrote: Hello List, we've received totay early in the morning mails with a wo

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

, October 19, 2016 3:05 pm, Joel Esler (jesler) wrote: So to be clear, it is not detected or it is detected? I think here's saying... * It *should* have been blocked with OLE2BlockMacros yes option but *wasn't* * It is now detected as Doc.Dropper.Agent-177659 -- Cheers, Steve

Re: [clamav-users] Encrypted Word doc/phishing attack

51040770 HRB: 2143 Gießen GF: Fredi Fink "In retrospect it becomes clear that hindsight is definitely overrated!" -Alfred E. Neumann Am 12.10.2016 um 16:03 schrieb Joel Esler (jesler): Alex, I’ll follow up off list to verify what email you submitted them under. Joel Esler jes...@cis

Re: [clamav-users] Java.Malware.Agent-1756221 false positive still detected

Signature has been dropped. Thank you. -- joel esler |Talos: manager|jes...@cisco.com On Oct 12, 2016, at 11:44 AM, Andy Keller mailto:andykel...@decisionlens.com>> wrote: Will do, thanks. Sorry for the clutter. -- Andy Keller Cloud Security Manager | CISSP, CCSK,

Re: [clamav-users] Encrypted Word doc/phishing attack

Alex, I’ll follow up off list to verify what email you submitted them under. Joel Esler jes...@cisco.com<mailto:jes...@cisco.com> On Oct 12, 2016, at 8:21 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi Joel, On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler) mailto:jes.

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

I’ve dropped this sig. Thanks Al. Joel Esler jes...@cisco.com On Oct 12, 2016, at 4:07 AM, Al Varnell mailto:alvarn...@mac.com>> wrote: Sorry for all the confusion. My testing earlier today was in error. OpenSSH version 7.2_p2 is in fact included with macOS Sierra

Re: [clamav-users] export classification

All, I'm getting a definite answer here before I throw anything out. As far as import/export, ClamAV is 100% owned by Cisco. Sent from my iPhone > On Oct 11, 2016, at 8:19 PM, Al Varnell wrote: > > That was certainly the situation in the past, but i don't see how it can > still be true i

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

Did you file a report on the website? Sent from my iPhone > On Oct 11, 2016, at 7:34 PM, Al Varnell wrote: > > The Win.Trojan.Agent-1760811 signature released yesterday in daily - 22342 is > identifying some version of OpenSSL’s ssh-agent to be reported as infected by > at least three ClamXav

Re: [clamav-users] Encrypted Word doc/phishing attack

> On Oct 5, 2016, at 1:54 PM, Alex wrote: > > Hi, > >> Are you submitting these files to ClamAV? >> >> http://www.clamav.net/reports/malware > > Not always, primarily because the response time has been too long. > I'll try to more attentively submit them. > It shouldn’t be anymore. This is

Re: [clamav-users] Encrypted Word doc/phishing attack

Alex, Are you submitting these files to ClamAV? http://www.clamav.net/reports/malware -- Joel > On Oct 5, 2016, at 8:21 AM, Alex wrote: > > Hi, > I'm starting to receive emails like this: > > http://pastebin.com/HpvEcT9K > > They're not being caught by clamav or other virus filters. Is it

<    2   3   4   5   6   7   8   9   10   >