Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
This is correct. Kaiji-10003917-0 would be a separate signature, loosely related Kaiji-10003916-0. If Kaiji-10003916-0 had been updated, it would be Kaiji-10003916-1. If it were handwritten, we probably would have done that. In this case, the signature was generated by an automated system, so it was simply thrown out. -Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Maarten Broekman via clamav-users Sent: Thursday, June 8, 2023 4:20 AM To: ClamAV users ML Cc: Maarten Broekman Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0 > So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does > Kaiji-10003916-0 get thrown out, or does it get updated to > Kaiji-10003917-0 ? The way it was explained to me (years ago) is that they are separate signatures, unrelated expect in that they are related to Kaiji. If 10003916-0 was updated, it would become 10003916-1. Maarten Sent from a tiny keyboard > On Jun 8, 2023, at 06:37, Robert M. Stockmann via clamav-users > wrote: > > On Wed, 7 Jun 2023, Al Varnell via clamav-users wrote: > >> Date: Wed, 7 Jun 2023 22:36:52 -0700 >> From: Al Varnell via clamav-users >> To: ClamAV users ML >> Cc: Al Varnell >> Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0 >> >> Note that the signature was dropped in daily - 26932 which was >> released several hours earlier than usual today. >> > > [hubble:root]:(~)# sigtool -l | grep Unix.Malware.Kaiji > Unix.Malware.Kaiji-7789500-0 > Unix.Malware.Kaiji-7789501-2 > Unix.Malware.Kaiji-7813991-0 > Unix.Malware.Kaiji-9760851-0 > Unix.Malware.Kaiji-9763185-0 > Unix.Malware.Kaiji-9969783-0 > Unix.Malware.Kaiji-9992785-0 > Unix.Malware.Kaiji-9993888-0 > Unix.Malware.Kaiji-1905-0 > Unix.Malware.Kaiji-10002375-0 > Unix.Malware.Kaiji-10002376-0 > Unix.Malware.Kaiji-10003612-0 > Unix.Malware.Kaiji-10003647-0 > Unix.Malware.Kaiji-10003670-0 > Unix.Malware.Kaiji-10003730-0 > Unix.Malware.Kaiji-10003731-0 > Unix.Malware.Kaiji-10003738-0 > Unix.Malware.Kaiji-10003739-0 > Unix.Malware.Kaiji-10003917-0 > Unix.Malware.Kaiji-7789499-1 > [hubble:root]:(~)# clamdscan -V > ClamAV 0.103.8/26933/Thu Jun 8 09:26:06 2023 > [hubble:root]:(~)# > > So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does > Kaiji-10003916-0 get thrown out, or does it get updated to > Kaiji-10003917-0 ? > > > -- > Robert M. Stockmann - RHCE > Network Engineer - UNIX/Linux Specialist > crashrecovery.org st...@stokkie.net > > ___ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
> So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does > Kaiji-10003916-0 get thrown out, or does it get updated to > Kaiji-10003917-0 ? The way it was explained to me (years ago) is that they are separate signatures, unrelated expect in that they are related to Kaiji. If 10003916-0 was updated, it would become 10003916-1. Maarten Sent from a tiny keyboard > On Jun 8, 2023, at 06:37, Robert M. Stockmann via clamav-users > wrote: > > On Wed, 7 Jun 2023, Al Varnell via clamav-users wrote: > >> Date: Wed, 7 Jun 2023 22:36:52 -0700 >> From: Al Varnell via clamav-users >> To: ClamAV users ML >> Cc: Al Varnell >> Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0 >> >> Note that the signature was dropped in daily - 26932 which was >> released several hours earlier than usual today. >> > > [hubble:root]:(~)# sigtool -l | grep Unix.Malware.Kaiji > Unix.Malware.Kaiji-7789500-0 > Unix.Malware.Kaiji-7789501-2 > Unix.Malware.Kaiji-7813991-0 > Unix.Malware.Kaiji-9760851-0 > Unix.Malware.Kaiji-9763185-0 > Unix.Malware.Kaiji-9969783-0 > Unix.Malware.Kaiji-9992785-0 > Unix.Malware.Kaiji-9993888-0 > Unix.Malware.Kaiji-1905-0 > Unix.Malware.Kaiji-10002375-0 > Unix.Malware.Kaiji-10002376-0 > Unix.Malware.Kaiji-10003612-0 > Unix.Malware.Kaiji-10003647-0 > Unix.Malware.Kaiji-10003670-0 > Unix.Malware.Kaiji-10003730-0 > Unix.Malware.Kaiji-10003731-0 > Unix.Malware.Kaiji-10003738-0 > Unix.Malware.Kaiji-10003739-0 > Unix.Malware.Kaiji-10003917-0 > Unix.Malware.Kaiji-7789499-1 > [hubble:root]:(~)# clamdscan -V > ClamAV 0.103.8/26933/Thu Jun 8 09:26:06 2023 > [hubble:root]:(~)# > > So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does > Kaiji-10003916-0 get thrown out, or does it get updated to > Kaiji-10003917-0 ? > > > -- > Robert M. Stockmann - RHCE > Network Engineer - UNIX/Linux Specialist > crashrecovery.org st...@stokkie.net > > ___ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
On Wed, 7 Jun 2023, Al Varnell via clamav-users wrote: > Date: Wed, 7 Jun 2023 22:36:52 -0700 > From: Al Varnell via clamav-users > To: ClamAV users ML > Cc: Al Varnell > Subject: Re: [clamav-users] Unix.Malware.Kaiji-10003916-0 > > Note that the signature was dropped in daily - 26932 which was > released several hours earlier than usual today. > [hubble:root]:(~)# sigtool -l | grep Unix.Malware.Kaiji Unix.Malware.Kaiji-7789500-0 Unix.Malware.Kaiji-7789501-2 Unix.Malware.Kaiji-7813991-0 Unix.Malware.Kaiji-9760851-0 Unix.Malware.Kaiji-9763185-0 Unix.Malware.Kaiji-9969783-0 Unix.Malware.Kaiji-9992785-0 Unix.Malware.Kaiji-9993888-0 Unix.Malware.Kaiji-1905-0 Unix.Malware.Kaiji-10002375-0 Unix.Malware.Kaiji-10002376-0 Unix.Malware.Kaiji-10003612-0 Unix.Malware.Kaiji-10003647-0 Unix.Malware.Kaiji-10003670-0 Unix.Malware.Kaiji-10003730-0 Unix.Malware.Kaiji-10003731-0 Unix.Malware.Kaiji-10003738-0 Unix.Malware.Kaiji-10003739-0 Unix.Malware.Kaiji-10003917-0 Unix.Malware.Kaiji-7789499-1 [hubble:root]:(~)# clamdscan -V ClamAV 0.103.8/26933/Thu Jun 8 09:26:06 2023 [hubble:root]:(~)# So how does Kaiji-10003917-0 to Kaiji-10003916-0 ? Does Kaiji-10003916-0 get thrown out, or does it get updated to Kaiji-10003917-0 ? -- Robert M. Stockmann - RHCE Network Engineer - UNIX/Linux Specialist crashrecovery.org st...@stokkie.net ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Unix.Malware.Kaiji-10003916-0
Note that the signature was dropped in daily - 26932 which was released several hours earlier than usual today.Sent from my iPad-Al-Sent from my iPad-Al-On Jun 7, 2023, at 10:43, Steve Basford via clamav-users wrote: Multi False Positive reports... Just a heads up. Cheers,SteveSanesecurity.comTwitter: @sanesecurity ___Manage your clamav-users mailing list subscription / unsubscribe:https://lists.clamav.net/mailman/listinfo/clamav-usersHelp us build a comprehensive ClamAV guide:https://github.com/Cisco-Talos/clamav-documentationhttps://docs.clamav.net/#mailing-lists-and-chat___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Unix.Malware.Kaiji-10003916-0
Multi False Positive reports... Just a heads up. Cheers, Steve Sanesecurity.com Twitter: @sanesecurity ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat