Yeah, the sanesecurity sigs. Moving them out, causes Win.Test.EICAR_NDB-1 FOUND to be found. Which I assume is the new name.
Not sure why the update is suddenly causing the SaneSecurity sigs to get checked first. I'll track it down. -J On Wed, Mar 16, 2016 at 9:32 PM, Al Varnell <alvarn...@mac.com> wrote: > I’m still looking, but so far I can’t find any Win.Trojan.Trojan > signatures in the ClamAV Official database or listed in clamav-virusdb > e-mail list. > > Nor can I confirm your results using my own EICAR. > > Are you using any Unofficial signatures from a different source? > > -Al- > > On Wed, Mar 16, 2016 at 09:06 PM, Jason J. W. Williams wrote: > > > > Pulled down 21466 (and force restarted clamd) but it's still classifying > > EICAR as Win.Trojan.Trojan: > > > > https://gist.github.com/williamsjj/b8104402e80f44475df5 > > > > Databases are up to date now: > > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > > amishhammer) > > Empty script daily-21465.cdiff, need to download entire database > > Downloading daily.cvd [100%] > > daily.cvd updated (version: 21466, sigs: 83889, f-level: 63, builder: > > amishhammer) > > Empty script bytecode-275.cdiff, need to download entire database > > Downloading bytecode.cvd [100%] > > bytecode.cvd updated (version: 275, sigs: 45, f-level: 63, builder: > > amishhammer) > > Database updated (4302724 signatures) from db.local.clamav.net (IP: > > 193.1.193.64) > > > > > > > > On Wed, Mar 16, 2016 at 9:00 PM, Al Varnell <alvarn...@mac.com> wrote: > > > >> Those are normal messages for an update of this kind. The 21465.cdiff > was > >> purposely blank in order to force you to download the entire daily.cvd. > >> Give it plenty of time as the main.cvd is 109MB. > >> > >> Technical details: < > >> > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html > >>> > >> > >> -Al- > >> > >> On Wed, Mar 16, 2016 at 08:56 PM, Jason J. W. Williams wrote: > >>> > >>> Thanks. Hopefully it'll sync up soon. I'm getting weird download errors > >> out > >>> of freshclam: > >>> > >>> WARNING: getfile: Error while reading database from > db.local.clamav.net > >>> (IP: 200.236.31.1): Operation now in progress > >>> WARNING: getpatch: Can't download daily-21465.cdiff from > >> db.local.clamav.net > >>> nonblock_recv: recv timing out (30 secs) > >>> WARNING: getfile: Error while reading database from > db.local.clamav.net > >>> (IP: 194.186.47.19): Operation now in progress > >>> WARNING: getpatch: Can't download daily-21465.cdiff from > >> db.local.clamav.net > >>> Empty script daily-21465.cdiff, need to download entire database > >>> > >>> On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarn...@mac.com> wrote: > >>> > >>>> The new database was just made available, so I recommend you hold off > >>>> until you have the new mail.cvd v57 and daily.cvd v21466 before > getting > >> too > >>>> excited about this. > >>>> > >>>> -Al- > >>>> > >>>> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote: > >>>>> > >>>>> As of the latest daily update, running ClamAV against the EICAR test > >>>> string > >>>>> reports Win.Trojan.Trojan-605 instead of Eicar-Test-Signature. > >>>>> > >>>>> -J > >> > >> _______________________________________________ > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > -Al- > -- > Al Varnell > Mountain View, CA > > > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
