We always do that right here. -Al-
On Fri, May 23, 2014 at 01:23 AM, DUCARROZ Birgit wrote: > > ok. Where do I have to submit the md5s ? > > - Birgit > > > On 22. 05. 14 01:01 , Alain Zidouemba wrote: >> The new signature will be out in the next few releases. >> >> If you could, please provide the md5s or sha256s of the samples that >> alerted. >> >> Thanks, >> >> - Alain >> >> On Wednesday, May 21, 2014, DUCARROZ Birgit <birgit.ducar...@unifr.ch> >> wrote: >> >>> Thank you a lot! When will it be replaced? >>> I had 317 "infected" files and now I don't know if they are false >>> positives or not. >>> Curiously chkrootkit gave me this: >>> >>> < You have 1 process hidden for readdir command >>> >>> < You have 1 process hidden for ps command >>> >>> < chkproc: Warning: Possible LKM Trojan installed >>> >>> but this message disappeared also one or two days later. >>> Since the most of the "infected" files are old, I wonder if they might >>> have been infected afterwards... >>> >>> - Birgit >>> >>> >>> On 21. 05. 14 22:09 , Alain Zidouemba wrote: >>> >>>> It was dropped for performance reasons. We found it be generating some >>>> false positives, such as the one you likely had. The signature >>>> Unix.Trojan.ElkKnot will be replaced with a better performing one. >>>> >>>> - Alain >>>> >>>> >>>> On Wed, May 21, 2014 at 4:07 PM, DUCARROZ Birgit >>>> <birgit.ducar...@unifr.ch>wrote: >>>> >>>> Why has it been dropped? Should I believe now that I have this trojan or >>>>> not? >>>>> >>>>> >>>>> On 21. 05. 14 14:31 , Alain Zidouemba wrote: >>>>> >>>>> The signature "Unix.Trojan.ElkKnot" has been dropped from our signature >>>>>> set >>>>>> a few releases ago. >>>>>> >>>>>> - Alain >>>>>> >>>>>> >>>>>> On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit >>>>>> <birgit.ducar...@unifr.ch>wrote: >>>>>> >>>>>> Sorry, I forgot to note my question: >>>>>> >>>>>>> Does somebody know what this might be? >>>>>>> When I am scanning now the same files, this messages does not appear >>>>>>> again. >>>>>>> Actual version: ClamAV 0.97.8/19011/Wed May 21 09:48:13 2014 >>>>>>> >>>>>>> >>>>>>> On 21. 05. 14 11:41 , DUCARROZ Birgit wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>>> as of 05/13/2014 I had suddenly a lot of older files with notification >>>>>>>> >>>>>>>> Unix.Trojan.ElkKnot FOUND >>>>>>>> >>>>>>>> Regards, >>>>>>>> Birgit _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
