Yes, I see them. Thanks. -Al-
On Fri, Jun 06, 2014 at 09:24 AM, Alain Zidouemba wrote: > > They should in be daily.cvd 19065. > > - Alain > > > On Thu, Jun 5, 2014 at 9:37 PM, Al Varnell <alvarn...@mac.com> wrote: > >> Alain, >> >> Just following up since it’s been a couple of weeks now. >> >> I haven't see a new replacement signature yet. Nothing new for “Unix.” or >> “Elk”. Did I overlook something? >> >> -Al- >> >> On Wed, May 21, 2014 at 04:01 PM, Alain Zidouemba wrote: >>> >>> The new signature will be out in the next few releases. >>> >>> If you could, please provide the md5s or sha256s of the samples that >>> alerted. >>> >>> Thanks, >>> >>> - Alain >>> >>> On Wednesday, May 21, 2014, DUCARROZ Birgit <birgit.ducar...@unifr.ch> >>> wrote: >>> >>>> Thank you a lot! When will it be replaced? >>>> I had 317 "infected" files and now I don't know if they are false >>>> positives or not. >>>> Curiously chkrootkit gave me this: >>>> >>>> < You have 1 process hidden for readdir command >>>> >>>> < You have 1 process hidden for ps command >>>> >>>> < chkproc: Warning: Possible LKM Trojan installed >>>> >>>> but this message disappeared also one or two days later. >>>> Since the most of the "infected" files are old, I wonder if they might >>>> have been infected afterwards... >>>> >>>> - Birgit >>>> >>>> >>>> On 21. 05. 14 22:09 , Alain Zidouemba wrote: >>>> >>>>> It was dropped for performance reasons. We found it be generating some >>>>> false positives, such as the one you likely had. The signature >>>>> Unix.Trojan.ElkKnot will be replaced with a better performing one. >>>>> >>>>> - Alain >>>>> >>>>> >>>>> On Wed, May 21, 2014 at 4:07 PM, DUCARROZ Birgit >>>>> <birgit.ducar...@unifr.ch>wrote: >>>>> >>>>> Why has it been dropped? Should I believe now that I have this trojan >> or >>>>>> not? >>>>>> >>>>>> >>>>>> On 21. 05. 14 14:31 , Alain Zidouemba wrote: >>>>>> >>>>>> The signature "Unix.Trojan.ElkKnot" has been dropped from our >> signature >>>>>>> set >>>>>>> a few releases ago. >>>>>>> >>>>>>> - Alain >>>>>>> >>>>>>> >>>>>>> On Wed, May 21, 2014 at 5:46 AM, DUCARROZ Birgit >>>>>>> <birgit.ducar...@unifr.ch>wrote: >>>>>>> >>>>>>> Sorry, I forgot to note my question: >>>>>>> >>>>>>>> Does somebody know what this might be? >>>>>>>> When I am scanning now the same files, this messages does not appear >>>>>>>> again. >>>>>>>> Actual version: ClamAV 0.97.8/19011/Wed May 21 09:48:13 2014 >>>>>>>> >>>>>>>> >>>>>>>> On 21. 05. 14 11:41 , DUCARROZ Birgit wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>>> as of 05/13/2014 I had suddenly a lot of older files with >> notification >>>>>>>>> >>>>>>>>> Unix.Trojan.ElkKnot FOUND _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
