Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-28 Thread Joel Esler (jesler)
When I say “disable an engine” I mean, disabling the conviction engine on my side that convicts those files. It’s been turned off for several days now. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 23, 2016, at 6:23 AM, Al Varnell

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-28 Thread Joel Esler (jesler)
Mark, Thanks. I’ve set these to drop, so they should disappear in an upcoming release. Not sure why they were convicted in the first place, I have safe guards that should have prevented this, I’ll look into it. -- Joel Esler | Talos: Manager | jes...@cisco.com

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-23 Thread Mark Allan
> On 23 Nov 2016, at 11:23 am, Al Varnell wrote: > > Sorry, I didn't realize that Html.Malware.Agent-1834906 was part of the > problem. It too was dropped in daily - 22584. Oops, you're right. I must have copied any pasted that from the wrong list. Sorry. > Also, Joel

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-23 Thread Al Varnell
Sorry, I didn't realize that Html.Malware.Agent-1834906 was part of the problem. It too was dropped in daily - 22584. Also, Joel mentioned something about disabling an engine, but I don't really know how that is accomplished and whether it's reported to us as part of a daily.cdiff. -Al- On

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-23 Thread Mark Allan
Thanks for dropping those 3, Joel, however there are still at least 24 signatures causing problems: Html.Malware.Agent-1835906 Txt.Malware.Agent-1835883 Txt.Malware.Agent-1835884 Txt.Malware.Agent-1835885 Txt.Malware.Agent-1835886 Txt.Malware.Agent-1835887 Txt.Malware.Agent-1835888

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-22 Thread Al Varnell
I see that Daily - 22584 drops three of them: * Txt.Malware.Agent-1811885 * Txt.Malware.Agent-1835895 * Txt.Malware.Agent-1835897 -Al- On Tue, Nov 22, 2016 at 11:17 AM, Maarten Broekman wrote: > > I am seeing these mostly on files that comprise the OpenLayers library in > phpMyAdmin

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-22 Thread Maarten Broekman
I am seeing these mostly on files that comprise the OpenLayers library in phpMyAdmin 4. On Tue, Nov 22, 2016 at 2:11 PM, Joel Esler (jesler) wrote: > Mark, > > Thanks for the feedback, you are right, I am experiencing some high counts > in the Txt.Malware.Agent family. > >

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-22 Thread Joel Esler (jesler)
Mark, Thanks for the feedback, you are right, I am experiencing some high counts in the Txt.Malware.Agent family. I’ve disabled this engine for now. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 22, 2016, at 12:02 PM, Mark Allan

[clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-22 Thread Mark Allan
Hi all, I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] containing a number of files which ClamAV incorrectly detects as various strains of Txt.Malware.Agent My experience may be slightly skewed, but it seems that the rate of FPs has increased a lot lately, and they