On 18 September 2018 16:33:28 Paul Stead wrote:
Yet another Malwarepatrol FP:
MBL_14437114
White listing as we speak... Sigh
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Yet another Malwarepatrol FP:
MBL_14437114 - https://drive.google.com
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Direct: 01706 902018
Web: zen.co.uk
Winner of 'Services Company of the Year' at the UK IT Industry Awards
This message is private and confidential. If you have r
On 4 September 2018 18:52:04 Mark G Thomas wrote:
Hi,
Good grief! Yet another. So much for Malware patrol!
Sigh.
# sigtool --find-sigs MBL_13497693| sigtool --decode-sigs
Pushing out a whitelist entry to the mirrors as I type.
Cheers,
Steve
Twitter: @sanesecurity
_
Hi,
Good grief! Yet another. So much for Malware patrol!
# sigtool --find-sigs MBL_13497693| sigtool --decode-sigs
VIRUS NAME: MBL_13497693
DECODED SIGNATURE:
https://drive.google.com
Mark
On Fri, Aug 31, 2018 at 06:25:10PM +0100, Steve Basford wrote:
>
> On 31 August 2018 17:52:26 Mark G T
Kris Deugau skrev den 2018-08-31 19:44:
Benny Pedersen wrote:
why is https even blocked ? :(
please whitelist https signatures
There's no reason a hacked HTTPS website couldn't host malware. And
there's no reason a spam domain couldn't get a certificate (from Let's
Encrypt, or somewhere else
Benny Pedersen wrote:
why is https even blocked ? :(
please whitelist https signatures
There's no reason a hacked HTTPS website couldn't host malware. And
there's no reason a spam domain couldn't get a certificate (from Let's
Encrypt, or somewhere else) if they carefully time their actions.
On 31 August 2018 17:52:26 Mark G Thomas wrote:
Hi,
And YET ANOTHER today. I figured others here might want the heads up.
[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool --decode-sigs
Sigh.
I've just added to the main Sansecurity whitelist.
Thanks for the heads up.
Cheers
Mark G Thomas skrev den 2018-08-31 18:51:
And YET ANOTHER today. I figured others here might want the heads up.
[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool
--decode-sigs
VIRUS NAME: MBL_13226139
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url
why is https even bloc
Hi,
And YET ANOTHER today. I figured others here might want the heads up.
[root@imx0 conf]# sigtool --find-sigs MBL_13226139 | sigtool --decode-sigs
VIRUS NAME: MBL_13226139
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url
-Mark
On Wed, Aug 29, 2018 at 09:12:34PM +0100, Steve Basford wr
Am 27.08.2018 um 20:16 schrieb Mark G Thomas:
> This seems to be an ongoing trend.
>
> I can't believe someone thought this would be a good idea!
>
> # sigtool --find-sigs MBL_13087222 | sigtool --decode-sigs
> VIRUS NAME: MBL_13087222
> DECODED SIGNATURE:
> https://docs.google
Had a reply back regarding the false positives
Hello,
?
?Thank you for contacting us and for reporting potential problems with our
ClamAV signatures. The two entries mentioned were removed from the block
lists and data feeds a few days ago. Our users and customers should be able
to downlo
On Tue, August 21, 2018 12:31 pm, Al Varnell wrote:
> OK, I don't think there is anything that ClamAV can do about it since
> it's an UNOFFICIAL.
>
> Maybe Steve Basford from SaneSecurity can put some pressure on them. He
> usually reads what's posted here.
I've just sent them an email and a con
Hi,
Apparently the cudasvc.com URLs are a function of Barracuda for their
customers, replacing dangerous public URLs in messages with private
links to barracuda-hosted warnings or screening pages, to prevent
customers from receiving and following original potentially malicious URLs.
Microsoft h
Hi
cudasvc was recently listed on Spamhaus' DBL. Looks like Barracuda has
some kind of issues with their service.
The other question is, why do people use such link cloakers?
On 27.08.2018 22:44, Mark G Thomas wrote:
> Hi,
>
> But, there are more. This is nuts.
>
> # sigtool --find-sigs MB
Hi,
But, there are more. This is nuts.
# sigtool --find-sigs MBL_13112740 | sigtool --decode-sigs
VIRUS NAME: MBL_13112740
DECODED SIGNATURE:
https://linkprotect.cudasvc.com/url
Mark
On Mon, Aug 27, 2018 at 07:41:27PM +0100, Steve Basford wrote:
> Just whitelisted for those usin
Just whitelisted for those using download scripts.. using the ign2 file on
the Sanesecurity mirrors.
Cheers,
Steve
Twitter: @sanesecurity
On 27 August 2018 19:16:49 Mark G Thomas wrote:
Hi,
This seems to be an ongoing trend.
I can't believe someone thought this would be a good idea!
#
Hi,
This seems to be an ongoing trend.
I can't believe someone thought this would be a good idea!
# sigtool --find-sigs MBL_13087222 | sigtool --decode-sigs
VIRUS NAME: MBL_13087222
DECODED SIGNATURE:
https://docs.google.com
On Tue, Aug 21, 2018 at 04:31:28AM -0700, Al Varnell
On Tue, Aug 21, 2018 at 9:02 AM Steve Basford
wrote:
> On Tue, August 21, 2018 12:27 pm, Dave McMurtrie wrote:
> >
> > I'm beginning to get the feeling they don't have any type of review
> > process in place.
>
> I whitelisted the sig on the Sanesecurity mirrors this morning UK time:
>
> 21/08/201
On Tue, August 21, 2018 12:27 pm, Dave McMurtrie wrote:
>
> I'm beginning to get the feeling they don't have any type of review
> process in place.
I whitelisted the sig on the Sanesecurity mirrors this morning UK time:
21/08/2018 @ 11:37
It's usually quicker to do that, if not ideal.
--
Ch
Hello,
Do it yourself:
https://www.securiteinfo.com/services/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml
Btw, users/customers of
https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
have no problem because the sig
OK, I don't think there is anything that ClamAV can do about it since it's an
UNOFFICIAL.
Maybe Steve Basford from SaneSecurity can put some pressure on them. He usually
reads what's posted here.
-Al-
On Tue, Aug 21, 2018 at 04:27 AM, Dave McMurtrie wrote:
> They did this in April, 2017 also.
They did this in April, 2017 also. When I reported it as a false positive
at that time, they responded with:
"Thank you for contacting us. There is a file hosted there with a vague
AV classification. After further reviewing it, we've decided to remove
the URL from our block lists and data fee
Submit to fp (at) malwarepatrol.net.
-Al-
On Mon, Aug 20, 2018 at 08:34 PM, Alex wrote:
> Hi, fyi
>
> # sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
> VIRUS NAME: MBL_12952716
> TARGET TYPE: ANY FILE
> OFFSET: *
> DECODED SIGNATURE:
> https://drive.google.com
smime.p7s
Description:
Hi, fyi
# sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
VIRUS NAME: MBL_12952716
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://drive.google.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cg
24 matches
Mail list logo
