That's always been true in the past and they could be disabled in the config
file, but that isn't the case here. For whatever reason, this is a signature
which is being executed despite heuristics being disabled and it can be
included in the .ign2 file successfully.
Not sure why this change.
Using the whitelist works in this case and is sufficient for my use.
Thanks & have a nice day, folks.
Am 28.03.2017 um 13:53 schrieb Jonas Manusch:
Cheers folks,
since last weekend my clamscan states
Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
on some files. These files are from 2015 and
On Tue, March 28, 2017 1:23 pm, Reindl Harald wrote:
>
>
> Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi:
>
>> Hello.
>>
>>
>> Regarding your fist question you can execute the following
>> tools from the command line:
>>
>> sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
On 03/28/2017 02:23 PM, Reindl Harald wrote:
Heuristics are *not* signatures
Uh-oh, sorry. You are right, my mistake entirely.
Regards,
Matteo
___
clamav-users mailing list
clamav-users@lists.clamav.net
Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi:
Hello.
Regarding your fist question you can execute the following
tools from the command line:
sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
--decode-sigs
Heuristics are *not* signatures
'ZipWithJS' is for sure not
Hello.
Regarding your fist question you can execute the following
tools from the command line:
sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
--decode-sigs
'ZipWithJS' is for sure not in the ClamAV source code: it is just a part
of a string used to identify the
> 1. Where can I find information about what kind of threat this?
\.[A-Za-z]{3}\.js$
FP Source example:
https://www.mobileread.com/forums/showthread.php?p=3496981
Ie. any .js inside a zip file that's starts with 3 letters will get blocked.
--
Cheers,
Steve
Twitter: @sanesecurity
On 28/03/17 12:53, Jonas Manusch wrote:
Cheers folks,
since last weekend my clamscan states
Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
on some files. These files are from 2015 and I assume it to be false
positive. Since these files contain sensitive data I cannot hand out
to third
Am 28.03.2017 um 13:53 schrieb Jonas Manusch:
Cheers folks,
since last weekend my clamscan states
Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
on some files. These files are from 2015 and I assume it to be false
positive. Since these files contain sensitive data I cannot hand out to
third
Cheers folks,
since last weekend my clamscan states
Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
on some files. These files are from 2015 and I assume it to be false
positive. Since these files contain sensitive data I cannot hand out to
third parties. I tried to find out what the above
10 matches
Mail list logo