Re: [clamav-users] Javascript file not recognized

It was resent as text in the next message body. dp On 2/16/17 2:20 PM, Al Varnell wrote: I thought attachments were removed for that reason. I know the subscription instructions make it very clear not to submit samples . There

Re: [clamav-users] Javascript file not recognized

I thought attachments were removed for that reason. I know the subscription instructions make it very clear not to submit samples . There was no attachment on the e-mail I received, did you get it? -Al- On Thu, Feb 16, 2017 at

Re: [clamav-users] SpoofedDomain FOUND

On 02/16/17 02:59, Al Varnell wrote: I'm afraid it's going to be more trouble than it's worth. You will need to turn debugging on when you scan that mailbox which will produce a huge amount of output, but includes details about exactly what was found. You would then need to search that

Re: [clamav-users] SpoofedDomain FOUND

Am 16.02.2017 um 14:00 schrieb Mark Allan: On 16 Feb 2017, at 12:48 pm, Reindl Harald wrote: Am 16.02.2017 um 13:39 schrieb ellanios82: On 02/16/17 02:59, Al Varnell wrote: I'm afraid it's going to be more trouble than it's worth. You will need to turn debugging

Re: [clamav-users] SpoofedDomain FOUND

Am 16.02.2017 um 14:09 schrieb Mark Allan: On 16 Feb 2017, at 1:03 pm, Reindl Harald wrote: Am 16.02.2017 um 14:00 schrieb Mark Allan: On 16 Feb 2017, at 12:48 pm, Reindl Harald wrote: Am 16.02.2017 um 13:39 schrieb ellanios82: - What

Re: [clamav-users] SpoofedDomain FOUND

On 02/16/17 15:09, Mark Allan wrote: How is it more helpful? Because I gave the answer*and* explained what it did - tremendous : after all , Linux invites ordinary Home Users : NOT just people who know Unix [ i do not : i have zero computer education] . cheers

Re: [clamav-users] SpoofedDomain FOUND

Am 16.02.2017 um 14:34 schrieb ellanios82: On 02/16/17 15:09, Mark Allan wrote: How is it more helpful? Because I gave the answer*and* explained what it did - tremendous : no - it was a answer for a specific shell in a more ore less recent version - that feature was added some years

Re: [clamav-users] SpoofedDomain FOUND

Am 16.02.2017 um 13:39 schrieb ellanios82: On 02/16/17 02:59, Al Varnell wrote: I'm afraid it's going to be more trouble than it's worth. You will need to turn debugging on when you scan that mailbox which will produce a huge amount of output, but includes details about exactly what was

Re: [clamav-users] SpoofedDomain FOUND

On 02/16/17 15:00, Mark Allan wrote: A more helpful answer (which is quicker to type than digging out URLs) is simply to add 2>&1 to the end of your command, to redirect stderr to stdout. - thank you so much { often clever people use lists as platform to show how clever they are} .

Re: [clamav-users] SpoofedDomain FOUND

> On 16 Feb 2017, at 1:03 pm, Reindl Harald wrote: > Am 16.02.2017 um 14:00 schrieb Mark Allan: >> >>> On 16 Feb 2017, at 12:48 pm, Reindl Harald wrote: >>> >>> Am 16.02.2017 um 13:39 schrieb ellanios82: - What please is correct

Re: [clamav-users] SpoofedDomain FOUND

Am 16.02.2017 um 14:27 schrieb ellanios82: On 02/16/17 15:00, Mark Allan wrote: simply to add 2>&1 to the end of your command, to redirect stderr to stdout. clamscan --debug/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus >> clamdeb.txt 2>&1 -

Re: [clamav-users] SpoofedDomain FOUND

On Thu, February 16, 2017 1:03 pm, Reindl Harald wrote: > give a man a fish and you feed him for a day; teach a man to fish and you > feed him for a lifetime ___ Are you are that's correct... wasn't it... Give a man a fish , he eats for a day. Teach

Re: [clamav-users] SpoofedDomain FOUND

> On 16 Feb 2017, at 1:12 pm, Reindl Harald wrote: > Am 16.02.2017 um 14:09 schrieb Mark Allan: >>> On 16 Feb 2017, at 1:03 pm, Reindl Harald wrote: >>> Am 16.02.2017 um 14:00 schrieb Mark Allan: > On 16 Feb 2017, at 12:48 pm, Reindl

Re: [clamav-users] SpoofedDomain FOUND

On 02/16/17 15:00, Mark Allan wrote: simply to add 2>&1 to the end of your command, to redirect stderr to stdout. clamscan --debug/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus >> clamdeb.txt 2>&1 - again thank you for being Really helpful { not

Re: [clamav-users] SpoofedDomain FOUND

On 02/16/17 02:59, Al Varnell wrote: Ellan, I'm afraid it's going to be more trouble than it's worth. You will need to turn debugging on when you scan that mailbox which will produce a huge amount of output, but includes details about exactly what was found. You would then need to search

Re: [clamav-users] SpoofedDomain FOUND

> On 16 Feb 2017, at 12:48 pm, Reindl Harald wrote: > > Am 16.02.2017 um 13:39 schrieb ellanios82: >> On 02/16/17 02:59, Al Varnell wrote: >>> I'm afraid it's going to be more trouble than it's worth. You will >>> need to turn debugging on when you scan that mailbox

Re: [clamav-users] Can't download daily.cvd

Click here-> -Al- On Thu, Feb 16, 2017 at 01:15 AM, Del Monte Paolo wrote: > > You can configure flashclam or directly via wget command on the clamav url. > > Paolo > > -Original Message- > From: clamav-users

Re: [clamav-users] Can't download daily.cvd

You can configure flashclam or directly via wget command on the clamav url. Paolo -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Opiniano, Joyce Sent: mercoledì 15 febbraio 2017 19:34 To: clamav-users@lists.clamav.net Subject:

[clamav-users] freshclam exit codes

Hello, consider this setup. the goal is to run a separate clamav instance using *only* our database files to speedup clamav reload times. # cat custom-freshclam.conf DatabaseCustomURL http://our.clamav.mirror/local_foo.ndb DatabaseDirectory /path/to/custom_clamdir/ #

[clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

I am running a scheduled clamscan on the IMAP mail folders. The command is: /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout --infected \ --recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/ This scan turns up the following: /home/HPRS/dsmith/Maildir/.Sent

Re: [clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

Am 16.02.2017 um 21:17 schrieb Mark Foley: I am running a scheduled clamscan on the IMAP mail folders. The command is: /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout --infected \ --recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/ This scan turns up the

[clamav-users] Javascript file not recognized

The attached file was in an email as attachment as "bill": 319598.js sha1sum b32a6dfdef2444de1695cb96e6a674c2f7cda74b 319598.js sha256sum 319598.js 50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7 319598.js Shows several virus alerts on https://www.virustotal.com/de/ but not

Re: [clamav-users] Javascript file not recognized

Am 16/02/17 um 20:55 schrieb Markus Egg: The attached file was in an email as attachment as "bill": 319598.js sha1sum b32a6dfdef2444de1695cb96e6a674c2f7cda74b 319598.js sha256sum 319598.js 50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7 319598.js Shows several virus alerts

Re: [clamav-users] Javascript file not recognized

It is really bad form to post suspected malware to this or any list. dp On 2/16/17 11:55 AM, Markus Egg wrote: The attached file was in an email as attachment as "bill": 319598.js sha1sum b32a6dfdef2444de1695cb96e6a674c2f7cda74b 319598.js sha256sum 319598.js

Re: [clamav-users] Javascript file not recognized

Am 16.02.2017 um 20:55 schrieb Markus Egg: The attached file was in an email as attachment as "bill": 319598.js sha1sum b32a6dfdef2444de1695cb96e6a674c2f7cda74b 319598.js sha256sum 319598.js 50df856fa3291473face6db59dcc655476e0618e457cdfa2832d0d72f61008e7 319598.js just block them in

Re: [clamav-users] freshclam exit codes

Hi, It looks like return code 1 means the virus database is up to date (#define FC_UPTODATE 1 from freshclamcodes.h). Please advise if this is incorrect or inconsistent. The man page needs to be updated. Thanks, Steve On Thu, Feb 16, 2017 at 4:27 AM, Andreas Schulze

Re: [clamav-users] Javascript file not recognized

On Thu, February 16, 2017 7:55 pm, Markus Egg wrote: > The attached file was in an email as attachment as "bill": > 319598.js Detected: phish.ndb: Sanesecurity.Malware.26652.JsHeur shelter.ldb: Sanesecurity.Shelter.Malware.JSHeur.004 -- Cheers, Steve Twitter: @sanesecurity

Re: [clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

On Thu, 16 Feb 2017 21:21:06 +0100 Reindl Harald wrote: > Am 16.02.2017 um 21:17 schrieb Mark Foley: > > I am running a scheduled clamscan on the IMAP mail folders. The command is: > > > > /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout > > --infected \

Re: [clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

That alert caused by Win.Trojan.DarkKomet-5711346-0 is an FP. The signature is being dropped. Thanks for reporting, - Alain On Thu, Feb 16, 2017 at 3:17 PM, Mark Foley wrote: > I am running a scheduled clamscan on the IMAP mail folders. The command is: > >

Re: [clamav-users] Javascript file not recognized

Thanks for the response. For whatever reason I didn't receive that. -Al- On Thu, Feb 16, 2017 at 02:22 PM, Dennis Peterson wrote: > > It was resent as text in the next message body. > > dp smime.p7s Description: S/MIME cryptographic signature ___