They should in be daily.cvd 19065. - Alain
On Thu, Jun 5, 2014 at 9:37 PM, Al Varnell <alvarn...@mac.com> wrote: > Alain, > > Just following up since it’s been a couple of weeks now. > > I haven't see a new replacement signature yet. Nothing new for “Unix.” or > “Elk”. Did I overlook something? > > -Al- > > On Wed, May 21, 2014 at 04:01 PM, Alain Zidouemba wrote: > > > > The new signature will be out in the next few releases. > > > > If you could, please provide the md5s or sha256s of the samples that > > alerted. > > > > Thanks, > > > > - Alain > > > > On Wednesday, May 21, 2014, DUCARROZ Birgit <birgit.ducar...@unifr.ch> > > wrote: > > > >> Thank you a lot! When will it be replaced? > >> I had 317 "infected" files and now I don't know if they are false > >> positives or not. > >> Curiously chkrootkit gave me this: > >> > >> < You have 1 process hidden for readdir command > >> > >> < You have 1 process hidden for ps command > >> > >> < chkproc: Warning: Possible LKM Trojan installed > >> > >> but this message disappeared also one or two days later. > >> Since the most of the "infected" files are old, I wonder if they might > >> have been infected afterwards... > >> > >> - Birgit > >> > >> > >> On 21. 05. 14 22:09 , Alain Zidouemba wrote: > >> > >>> It was dropped for performance reasons. We found it be generating some > >>> false positives, such as the one you likely had. The signature > >>> Unix.Trojan.ElkKnot will be replaced with a better performing one. > >>> > >>> - Alain > >>> > >>> > >>> On Wed, May 21, 2014 at 4:07 PM, DUCARROZ Birgit > >>> <birgit.ducar...@unifr.ch>wrote: > >>> > >>> Why has it been dropped? Should I believe now that I have this trojan > or > >>>> not? > >>>> > >>>> > >>>> On 21. 05. 14 14:31 , Alain Zidouemba wrote: > >>>> > >>>> The signature "Unix.Trojan.ElkKnot" has been dropped from our > signature > >>>>> set > >>>>> a few releases ago. > >>>>> > >>>>> - Alain > >>>>> > >>>>> > >>>>> On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit > >>>>> <birgit.ducar...@unifr.ch>wrote: > >>>>> > >>>>> Sorry, I forgot to note my question: > >>>>> > >>>>>> Does somebody know what this might be? > >>>>>> When I am scanning now the same files, this messages does not appear > >>>>>> again. > >>>>>> Actual version: ClamAV 0.97.8/19011/Wed May 21 09:48:13 2014 > >>>>>> > >>>>>> > >>>>>> On 21. 05. 14 11:41 , DUCARROZ Birgit wrote: > >>>>>> > >>>>>> Hi, > >>>>>> > >>>>>>> as of 05/13/2014 I had suddenly a lot of older files with > notification > >>>>>>> > >>>>>>> Unix.Trojan.ElkKnot FOUND > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
