Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-22 Thread Joel Esler (jesler) via clamav-users 
It may be waiting on peer review internally. 

Sent from my  iPhone

> On Jul 21, 2019, at 08:04, Arnaud Jacques  wrote:
> 
> Yes, confirmed
> 
>> Le 21/07/2019 à 13:05, Groach via clamav-users a écrit :
>> Confirmed.? Updated and rescanned:
>> Scan Started Sun Jul 21 12:02:25 2019
>> ---
>> --- SCAN SUMMARY ---
>> Known viruses: 6349264
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.93 MB
>> Data read: 0.89 MB (ratio 1.04:1)
>> Time: 51.901 sec (0 m 51 s)
>> --
>> Completed
>> --
>> Thanks Al.
>>> On 21/07/2019 10:54, Al Varnell via clamav-users wrote:
>>> It has been dropped by daily 25517 which should have been available about 
>>> an hour ago and I'm no longer seeing it in the database after a freshclam 
>>> update.
>>> 
>>> -Al-
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/contact.html#ml
> 
> -- 
> Cordialement / Best regards,
> 
> Arnaud Jacques
> Gérant de SecuriteInfo.com
> 
> Téléphone : +33-(0)3.44.39.76.46
> E-mail : a...@securiteinfo.com
> Site web : https://www.securiteinfo.com
> Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> Twitter : @SecuriteInfoCom
> 
> Securiteinfo.com
> La Sécurité Informatique - La Sécurité des Informations.
> 266, rue de Villers
> 60123 Bonneuil en Valois
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-21 Thread Arnaud Jacques 

Yes, confirmed

Le 21/07/2019 à 13:05, Groach via clamav-users a écrit :

Confirmed.? Updated and rescanned:



Scan Started Sun Jul 21 12:02:25 2019
---


--- SCAN SUMMARY ---
Known viruses: 6349264
Scanned directories: 0
Scanned files: 1
Infected files: 0

Data scanned: 0.93 MB
Data read: 0.89 MB (ratio 1.04:1)
Time: 51.901 sec (0 m 51 s)

--
Completed
--

Thanks Al.



On 21/07/2019 10:54, Al Varnell via clamav-users wrote:
It has been dropped by daily 25517 which should have been available 
about an hour ago and I'm no longer seeing it in the database after a 
freshclam update.


-Al-



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-21 Thread Groach via clamav-users 

Confirmed.  Updated and rescanned:



Scan Started Sun Jul 21 12:02:25 2019
---


--- SCAN SUMMARY ---
Known viruses: 6349264
Scanned directories: 0
Scanned files: 1
Infected files: 0

Data scanned: 0.93 MB
Data read: 0.89 MB (ratio 1.04:1)
Time: 51.901 sec (0 m 51 s)

--
Completed
--

Thanks Al.



On 21/07/2019 10:54, Al Varnell via clamav-users wrote:
It has been dropped by daily 25517 which should have been available 
about an hour ago and I'm no longer seeing it in the database after a 
freshclam update.


-Al-

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-21 Thread Al Varnell via clamav-users 
It has been dropped by daily 25517 which should have been available about an 
hour ago and I'm no longer seeing it in the database after a freshclam update.

-Al-

On Sat, Jul 20, 2019 at 12:47 PM, Al Varnell via clamav-users wrote:
> I can confirm that it's still in the database thru today's daily 25516 update.
> 
> -Al-
> 
> On Sat, Jul 20, 2019 at 11:02 AM, Joel Esler (jesler) via clamav-users wrote:
>> Signature has already been dropped.  
>> 
>> Sent from my  iPhone
>> 
>> On Jul 20, 2019, at 07:37, Groach via clamav-users 
>> mailto:clamav-users@lists.clamav.net>> wrote:
>> 
>>> Already have done. But I have never (no exaggeration) had any success with 
>>> it being actioned when reported only on that website. So I am also sending 
>>> this notification to the mail list on the hope that that is more productive.
>>> 
>>> Thanks
>>> 
>>> 
>>> 
>>> On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
 On 20.07.19 11:53, Groach via clamav-users wrote: 
> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
> Win.Malware.Krucky-7009041-0 FOUND 
> 
> The file is from Adobe Acrobat (genuine file from 2011). Virustotal hash: 
> https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb
>  
> 
> 
> Can we get the definition reviewed/removed please? 
 
 you should report false positive on: 
 
 https://www.clamav.net/reports/fp  
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net 
> https://lists.clamav.net/mailman/listinfo/clamav-users 
> 
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq 
> 
> 
> http://www.clamav.net/contact.html#ml 



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-20 Thread Al Varnell via clamav-users 
I can confirm that it's still in the database thru today's daily 25516 update.

-Al-

On Sat, Jul 20, 2019 at 11:02 AM, Joel Esler (jesler) via clamav-users wrote:
> Signature has already been dropped.  
> 
> Sent from my  iPhone
> 
> On Jul 20, 2019, at 07:37, Groach via clamav-users 
> mailto:clamav-users@lists.clamav.net>> wrote:
> 
>> Already have done. But I have never (no exaggeration) had any success with 
>> it being actioned when reported only on that website. So I am also sending 
>> this notification to the mail list on the hope that that is more productive.
>> 
>> Thanks
>> 
>> 
>> 
>> On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
>>> On 20.07.19 11:53, Groach via clamav-users wrote: 
 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
 Win.Malware.Krucky-7009041-0 FOUND 
 
 The file is from Adobe Acrobat (genuine file from 2011). Virustotal hash: 
 https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb
  
 
 
 Can we get the definition reviewed/removed please? 
>>> 
>>> you should report false positive on: 
>>> 
>>> https://www.clamav.net/reports/fp  

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-20 Thread Groach via clamav-users 



On 20/07/2019 19:02, Joel Esler (jesler) via clamav-users wrote:

Signature has already been dropped.

Sent from my ??? iPhone



Thanks Joel.

But I just updated the database and retested but it still records:

Scan Started Sat Jul 20 20:14:04 2019
---


C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
Win.Malware.Krucky-7009041-0 FOUND

--- SCAN SUMMARY ---
Known viruses: 6346742
Engine version: 0.99.4
Scanned directories: 0
Scanned files: 1
Infected files: 1

Data scanned: 0.93 MB
Data read: 0.89 MB (ratio 1.04:1)
Time: 51.933 sec (0 m 51 s)

--
Completed


Latest update:

ClamAV update process started at Sat Jul 20 20:13:28 2019
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, 
builder: sigmgr)

Downloading daily-25516.cdiff [100%]
daily.cld updated (version: 25516, sigs: 1663900, f-level: 63, builder: 
raynman)
bytecode.cld is up to date (version: 330, sigs: 94, f-level: 63, 
builder: neo)
Database updated (6230243 signatures) from database.clamav.net (IP: 
104.16.219.84)



When does the latest definition record the dropped signature?

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-20 Thread Joel Esler (jesler) via clamav-users 
Signature has already been dropped.  

Sent from my  iPhone

> On Jul 20, 2019, at 07:37, Groach via clamav-users 
>  wrote:
> 
> Already have done. But I have never (no exaggeration) had any success with it 
> being actioned when reported only on that website. So I am also sending this 
> notification to the mail list on the hope that that is more productive.
> 
> Thanks
> 
> 
> 
>> On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
>>> On 20.07.19 11:53, Groach via clamav-users wrote: 
>>> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
>>> Win.Malware.Krucky-7009041-0 FOUND 
>>> 
>>> The file is from Adobe Acrobat (genuine file from 2011). Virustotal hash: 
>>> https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb
>>> 
>>> Can we get the definition reviewed/removed please? 
>> 
>> you should report false positive on: 
>> 
>> https://www.clamav.net/reports/fp 
>> 
>> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-20 Thread Arnaud Jacques 

Hello,

Signature of Win.Malware.Krucky-7009041-0 has been ignored in 
securiteinfo.ign2 since days, maybe weeks.
Download it now for free at 
https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en



Le 20/07/2019 à 13:35, Groach via clamav-users a écrit :
Already have done. But I have never (no exaggeration) had any success 
with it being actioned when reported only on that website. So I am also 
sending this notification to the mail list on the hope that that is more 
productive.


Thanks



On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:

On 20.07.19 11:53, Groach via clamav-users wrote:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
Win.Malware.Krucky-7009041-0 FOUND


The file is from Adobe Acrobat (genuine file from 2011). Virustotal 
hash: 
https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb


Can we get the definition reviewed/removed please?


you should report false positive on:

https://www.clamav.net/reports/fp






___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-20 Thread Groach via clamav-users 
Already have done. But I have never (no exaggeration) had any success 
with it being actioned when reported only on that website. So I am also 
sending this notification to the mail list on the hope that that is more 
productive.


Thanks



On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:

On 20.07.19 11:53, Groach via clamav-users wrote:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
Win.Malware.Krucky-7009041-0 FOUND


The file is from Adobe Acrobat (genuine file from 2011). Virustotal 
hash: 
https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb


Can we get the definition reviewed/removed please?


you should report false positive on:

https://www.clamav.net/reports/fp





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-20 Thread Matus UHLAR - fantomas 

On 20.07.19 11:53, Groach via clamav-users wrote:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
Win.Malware.Krucky-7009041-0 FOUND


The file is from Adobe Acrobat (genuine file from 2011). Virustotal 
hash: https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb


Can we get the definition reviewed/removed please?


you should report false positive on:

https://www.clamav.net/reports/fp


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Win.Malware.Krucky-7009041-0 false positive

2019-07-20 Thread Groach via clamav-users 


C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: 
Win.Malware.Krucky-7009041-0 FOUND


The file is from Adobe Acrobat (genuine file from 2011). Virustotal 
hash: 
https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb


Can we get the definition reviewed/removed please?

Thank you.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml