Re: [clamav-users] More fp's.

We are seeing the FPs and are in the process of addressing them. Please keep reporting them. - Alain On Mon, Dec 26, 2016 at 8:11 AM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > > On Mon, December 26, 2016 12:39 pm, Sierk Bornemann wrote: > > Just run freshclam... > > fp\Aston

Re: [clamav-users] More fp's.

On Mon, December 26, 2016 12:39 pm, Sierk Bornemann wrote: Just run freshclam... fp\Aston Villa 1.4.3.ipa: Win.Trojan.Toa-5370166-0.UNOFFICIAL FOUND fp\greasemonkey-3.8-fx.xpi: Win.Trojan.Toa-5370166-0.UNOFFICIAL FOUND fp\imagus-0.9.8.45-fx+sm.xpi: Win.Trojan.Toa-5370166-0.UNOFFICIAL FOUND

Re: [clamav-users] More fp's.

$ sw_vers ProductName:Mac OS X ProductVersion: 10.12.2 BuildVersion: 16C67 $ cat /Users/$USER/Library/Logs/ClamXavSentry-scan.log | grep FOUND /Applications/Firefox.app/Contents/Resources/omni.ja: Win.Trojan.Toa-5370166-0 FOUND

Re: [clamav-users] More fp's. Now its almost everything that has been zipped.

Four have already been dropped and I’m sure there will be more to come. It will go faster if you submit samples to and post a hash back here of the file(s) you uploaded. -Al- On Mon, Dec 26, 2016 at 02:43 AM, Frank Sfalanga Jr. wrote: > > This includes .jar

[clamav-users] More fp's. Now its almost everything that has been zipped.

This includes .jar zips. I am seeing this across dozens of GNU/Linux servers. Other than --exclude=*.jar what else can be done to fix these fp's? === /home/ddale/.gradle/wrapper/dists/gradle-1.10-

Re: [clamav-users] More fp's. Now its almost everything that has been zipped.

Here’s another: sigtool --find Win.Trojan.Toa-5370297-0|sigtool --decode-sigs VIRUS NAME: Win.Trojan.Toa-5370297-0 CONTAINER TYPE: CL_TYPE_ZIP CONTAINER SIZE: ANY FILENAME REGEX: ^[a-z0-9\-_]{1,30}_[a-zA-Z0-9\-]{1,15}\.js$ COMPRESSED FILESIZE: ANY UNCOMPRESSED FILESIZE: ANY ENCRYPTION: IGNORED

Re: [clamav-users] More fp's. Now its almost everything that has been zipped.

On Sun, December 25, 2016 10:40 am, Al Varnell wrote: > A handful of ClamXav users can confirm the Firefox > omni.ja:Win.Trojan.Toa-5370234-0. It also identified some Adobe products > as infected when run through QA. Firstly, Merry Christmas to all. Onto the FP's... basically they are too

Re: [clamav-users] More fp's. Now its almost everything that has been zipped.

A handful of ClamXav users can confirm the Firefox omni.ja:Win.Trojan.Toa-5370234-0. It also identified some Adobe products as infected when run through QA. Reported as FP. -Al- On Dec 24, 2016, at 9:08 PM, Gene Heskett wrote: > Hi all. I am drowning in these for a

[clamav-users] More fp's. Now its almost everything that has been zipped.

Hi all. I am drowning in these for a couple days now. /home/gene/Download/firefox/omni.ja: Win.Trojan.Toa-5370234-0 FOUND /home/gene/Download/7i43.zip: Win.Trojan.Toa-5372190-0 FOUND /home/gene/Download/5i25.zip: Win.Trojan.Toa-5372190-0 FOUND /home/gene/firefox/omni.ja: Win.Trojan.Toa-5370234-0