The new signature will be out in the next new releases. If you could, please provide the md5s or sha256s of the samples that alerted.
Thanks, - Alain On Wednesday, May 21, 2014, DUCARROZ Birgit <birgit.ducar...@unifr.ch> wrote: > Thank you a lot! When will it be replaced? > I had 317 "infected" files and now I don't know if they are false > positives or not. > Curiously chkrootkit gave me this: > > < You have 1 process hidden for readdir command > > < You have 1 process hidden for ps command > > < chkproc: Warning: Possible LKM Trojan installed > > but this message disappeared also one or two days later. > Since the most of the "infected" files are old, I wonder if they might > have been infected afterwards... > > - Birgit > > > On 21. 05. 14 22:09 , Alain Zidouemba wrote: > >> It was dropped for performance reasons. We found it be generating some >> false positives, such as the one you likely had. The signature >> Unix.Trojan.ElkKnot will be replaced with a better performing one. >> >> - Alain >> >> >> On Wed, May 21, 2014 at 4:07 PM, DUCARROZ Birgit >> <birgit.ducar...@unifr.ch>wrote: >> >> Why has it been dropped? Should I believe now that I have this trojan or >>> not? >>> >>> >>> On 21. 05. 14 14:31 , Alain Zidouemba wrote: >>> >>> The signature "Unix.Trojan.ElkKnot" has been dropped from our signature >>>> set >>>> a few releases ago. >>>> >>>> - Alain >>>> >>>> >>>> On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit >>>> <birgit.ducar...@unifr.ch>wrote: >>>> >>>> Sorry, I forgot to note my question: >>>> >>>>> Does somebody know what this might be? >>>>> When I am scanning now the same files, this messages does not appear >>>>> again. >>>>> Actual version: ClamAV 0.97.8/19011/Wed May 21 09:48:13 2014 >>>>> >>>>> >>>>> On 21. 05. 14 11:41 , DUCARROZ Birgit wrote: >>>>> >>>>> Hi, >>>>> >>>>>> as of 05/13/2014 I had suddenly a lot of older files with notification >>>>>> >>>>>> Unix.Trojan.ElkKnot FOUND >>>>>> >>>>>> Regards, >>>>>> Birgit >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
