And during the time we've all been talking about this, evasi0n has been revised several times and is now at v1.3 since Monday, Feb 11, so even if the more accurate signature was active, it would not catch any of the more recent releases:
evasi0n-mac-1.3-1cb32faf1e4f4f6c890e6fcbeb004cb694c386f5-release.dmg https://www.virustotal.com/en/file/7b4bafa6e1278eb72bb7683b8eb10e266a556be73 cfdf07212a9c333e60f8e21/analysis/1361073803/ MD5: de1bb84cefc9869fd94d58db83f595ac -Al On 2/16/13 11:16 AM, "Joel Esler" wrote: We dropped the original signature, and have replaced it with a much more accurate one. -- Joel Esler Sent from my iPhone On Feb 16, 2013, at 1:48 PM, Jim Preston <[email protected]> wrote: > Note: I have combined too messages for clarity > > On 02/14/2013 09:50 AM, Joel Esler wrote: >> In any case. This signature was dropped a couple days ago, and beyond that, users can ignore it on their end. >> >> -- Joel Esler Senior Research Engineer, VRT Open Source Community Manager > > > On 02/16/2013 05:15 AM, Joel Esler wrote: >> Thanks to you all for your input on this matter. I don't think we need to continue this thread any further. >> >> The signature is in place. If users want to remove the jailbreak from quarantine or whitelist the signature, they are more than welcome to do so. >> >> We apologize if this has caused any inconvenience for anyone. ClamAV runs in all kinds of places, from the Linux desktop to the mail filter, to the enterprise AV solution. Trying to anticipate the needs of everyone is impossible, and sometimes we have to rely on the flexibility and openness of the project. >> >> We appreciate your feedback and again, apologize for any inconvenience it has caused. >> >> -- >> Joel Esler >> Sent from my iPhone >> >> On Feb 16, 2013, at 6:26 AM, Peter Bonivart<[email protected]> wrote: > [snip] > > I have to agree we have beat this enough and now digressed to who is in the majority, "honest" or "jailbreaking" iphone users. > > This reply is just to request a clarification on Joel's statements. They appear to be conflicting in my opinion. To end this thread, please clarify the signature status, is or is not evasi0n currently being detected? I am fine with either and using a local solution (whitelist or .ign). > > And while I could query the databases to find out, I did want the answer in the thread. > > -- > Jim Preston _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
