subject:"\[clamav\-users\] Win.Trojan.Agent\-1760811 FP with ssh\-agent"

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-12 Thread Joel Esler (jesler)

I’ve dropped this sig.

Thanks Al.



Joel Esler
jes...@cisco.com



On Oct 12, 2016, at 4:07 AM, Al Varnell 
> wrote:

Sorry for all the confusion. My testing earlier today was in error.

OpenSSH version 7.2_p2 is in fact included with macOS Sierra 10.12 and includes 
the ssh-agent process which tests as infected with Win.Trojan.Agent-1760811 and 
is therefore a False Positive.

I have submitted it to the web site at this time and has an MD5 of 
3cbe857b1bc267fb8fa5da3856008ddd.

Virus Total shows only ClamAV detection:
.

This is the third FP submitted in the last two days where ClamAV is the only 
scanner on VT showing infection of a legitimate commercial software file, so I 
have to wonder if there is some systemic issue with the signature automation 
process now.


-Al-

On Tue, Oct 11, 2016 at 08:11 PM, Al Varnell wrote:

Heard back from one user that they have OpenSSH_7.2p2, LibreSSL 2.4.1 
installed, which is not part of any standard OS X/macOS installation. I know 
where I can get 7.2p1 (MacPorts) but no idea where his 7.2p2 came from.

-Al-

On Tue, Oct 11, 2016 at 06:56 PM, Al Varnell wrote:

Sorry, I misidentified ssh-agent as part of OpenSSL. It’s actually a component 
of SSH that’s included with OS X/macOS.

I’m still trying to track down a sample of the version involved here.

-Al-

On Tue, Oct 11, 2016 at 06:39 PM, Al Varnell wrote:

I do not have a sample of ssh-agent to upload yet, so with nothing to upload, I 
cannot file.

The MD-5 of the file is the signature.

Sent from Janet's iPad

-Al-
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-12 Thread Al Varnell

Sorry for all the confusion. My testing earlier today was in error.

OpenSSH version 7.2_p2 is in fact included with macOS Sierra 10.12 and includes 
the ssh-agent process which tests as infected with Win.Trojan.Agent-1760811 and 
is therefore a False Positive. 

I have submitted it to the web site at this time and has an MD5 of 
3cbe857b1bc267fb8fa5da3856008ddd.

Virus Total shows only ClamAV detection:
.

This is the third FP submitted in the last two days where ClamAV is the only 
scanner on VT showing infection of a legitimate commercial software file, so I 
have to wonder if there is some systemic issue with the signature automation 
process now.

-Al-

On Tue, Oct 11, 2016 at 08:11 PM, Al Varnell wrote:
> 
> Heard back from one user that they have OpenSSH_7.2p2, LibreSSL 2.4.1 
> installed, which is not part of any standard OS X/macOS installation. I know 
> where I can get 7.2p1 (MacPorts) but no idea where his 7.2p2 came from.
> 
> -Al-
> 
> On Tue, Oct 11, 2016 at 06:56 PM, Al Varnell wrote:
>> 
>> Sorry, I misidentified ssh-agent as part of OpenSSL. It’s actually a 
>> component of SSH that’s included with OS X/macOS.
>> 
>> I’m still trying to track down a sample of the version involved here.
>> 
>> -Al-
>> 
>> On Tue, Oct 11, 2016 at 06:39 PM, Al Varnell wrote:
>>> 
>>> I do not have a sample of ssh-agent to upload yet, so with nothing to 
>>> upload, I cannot file.
>>> 
>>> The MD-5 of the file is the signature.
>>> 
>>> Sent from Janet's iPad
>>> 
>>> -Al-

smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell

Heard back from one user that they have OpenSSH_7.2p2, LibreSSL 2.4.1 
installed, which is not part of any standard OS X/macOS installation. I know 
where I can get 7.2p1 (MacPorts) but no idea where his 7.2p2 came from.

-Al-

On Tue, Oct 11, 2016 at 06:56 PM, Al Varnell wrote:
> 
> Sorry, I misidentified ssh-agent as part of OpenSSL. It’s actually a 
> component of SSH that’s included with OS X/macOS.
> 
> I’m still trying to track down a sample of the version involved here.
> 
> -Al-
> 
> On Tue, Oct 11, 2016 at 06:39 PM, Al Varnell wrote:
>> 
>> I do not have a sample of ssh-agent to upload yet, so with nothing to 
>> upload, I cannot file.
>> 
>> The MD-5 of the file is the signature.
>> 
>> Sent from Janet's iPad
>> 
>> -Al-


smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell

Sorry, I misidentified ssh-agent as part of OpenSSL. It’s actually a component 
of SSH that’s included with OS X/macOS.

I’m still trying to track down a sample of the version involved here.

-Al-

On Tue, Oct 11, 2016 at 06:39 PM, Al Varnell wrote:
> 
> I do not have a sample of ssh-agent to upload yet, so with nothing to upload, 
> I cannot file.
> 
> The MD-5 of the file is the signature.
> 
> Sent from Janet's iPad
> 
> -Al-

smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell

I do not have a sample of ssh-agent to upload yet, so with nothing to upload, I 
cannot file.

The MD-5 of the file is the signature.

Sent from Janet's iPad

Janet
-- 
Janet Varnell

On Oct 11, 2016, at 5:26 PM, "Joel Esler (jesler)"  wrote:

> Did you file a report on the website?
> 
> Sent from my iPhone
> 
>> On Oct 11, 2016, at 7:34 PM, Al Varnell  wrote:
>> 
>> The Win.Trojan.Agent-1760811 signature released yesterday in daily - 22342 
>> is identifying some version of OpenSSL’s ssh-agent to be reported as 
>> infected by at least three ClamXav users so far.  I have not been able to 
>> identify which version of OpenSSL it involves, but probably not the ones 
>> built in to any version of OS X/macOS.
>> 
>> VersionTracker shows that only ClamAV detects the file as infected here:
>> .
>> 
>> If nobody else can identify the version I’ll continue to search when I get 
>> more time.
>> 
>> 
>> -Al-
>> -- 
>> Al Varnell
>> Mountain View, CA
>> 
>> 
>> 
>> 
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Joel Esler (jesler)

Did you file a report on the website?

Sent from my iPhone

> On Oct 11, 2016, at 7:34 PM, Al Varnell  wrote:
> 
> The Win.Trojan.Agent-1760811 signature released yesterday in daily - 22342 is 
> identifying some version of OpenSSL’s ssh-agent to be reported as infected by 
> at least three ClamXav users so far.  I have not been able to identify which 
> version of OpenSSL it involves, but probably not the ones built in to any 
> version of OS X/macOS.
> 
> VersionTracker shows that only ClamAV detects the file as infected here:
> .
> 
> If nobody else can identify the version I’ll continue to search when I get 
> more time.
> 
> 
> -Al-
> -- 
> Al Varnell
> Mountain View, CA
> 
> 
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell

The Win.Trojan.Agent-1760811 signature released yesterday in daily - 22342 is 
identifying some version of OpenSSL’s ssh-agent to be reported as infected by 
at least three ClamXav users so far.  I have not been able to identify which 
version of OpenSSL it involves, but probably not the ones built in to any 
version of OS X/macOS.

VersionTracker shows that only ClamAV detects the file as infected here:
.

If nobody else can identify the version I’ll continue to search when I get more 
time.


-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

[clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

7 matches

Site Navigation

Mail list logo

Footer information