There have not been any additional updates released yet, so nothing could have changed.
-Al- On Thu, Mar 17, 2016 at 10:25 AM, Jason Williams wrote: > > Is anyone still seeing this or have they fixed it? > > -J > > Sent via iPhone > >> On Mar 17, 2016, at 02:44, Mark Allan <markjal...@gmail.com> wrote: >> >> Just to confirm, I'm also seeing everything being flagged as >> Win.Trojan.Trojan-476 with the new main/daily.cvd files. >> >> Mark >> >>> On 17 Mar 2016, at 6:49 am, Al Varnell <alvarn...@mac.com> wrote: >>> >>> I just ran a scan against the ClamAV test files contained in the 0.99.1 >>> source file and I’m getting all Win.Trojan.Trojan-476: >>> >>> File Name Infection Name Status >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/unit_tests/clam-phish-exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.cab >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.zip >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.arj >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.rtf >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.szdd >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.tar.gz >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.chm >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.sis >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-aspack.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-pespin.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-upx.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-fsg.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-mew.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-nsis.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-petite.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-upack.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-wwpack.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.pdf >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.mail >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ppt >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.tnef >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ea05.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ea06.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.d64.zip >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.mbox.base64 >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.mbox.uu >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.binhex >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.ole.doc >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.impl.zip >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.html >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bin-be.cpio >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bin-le.cpio >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.newc.cpio >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.odc.cpio >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-yc.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_IScab_int.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_IScab_ext.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_ISmsi_int.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_ISmsi_ext.exe >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.7z >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam_cache_emax.tgz >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.iso >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clamjol.iso >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-v2.rar >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam-v3.rar >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.exe.bz2 >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/clam.bz2.zip >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam_IScab_int.exeaa >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam.isoaa >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clam_IScab_ext.exeaa >>> Win.Trojan.Trojan-476 >>> /Users/avarnell/Desktop/•Download/clamav-0.99.1/test/.split/split.clamjol.isoaa >>> Win.Trojan.Trojan-476 >>> >>> -Al- >>> >>>> On Wed, Mar 16, 2016 at 10:46 PM, Jason Williams wrote: >>>> >>>> Hey Al, >>>> >>>> I submitted a FP report with one attached. Just put the EICAR string into >>>> a txt file and that'll trigger it. >>>> >>>> -J >>>> >>>> Sent via iPhone >>>> >>>>> On Mar 16, 2016, at 22:16, Al Varnell <alvarn...@mac.com> wrote: >>>>> >>>>> I don’t know why sanesecurity-porcupine.ndb is causing this, but I can >>>>> now see that the signatures for Win.Test.EICAR_LDB-1 and >>>>> Win.Trojan.Trojan-605 are identical, so this is an FP situation which >>>>> would be reported. >>>>> <http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Win.Test.EICAR_LDB-1&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&display=signature&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display> >>>>> >>>>> However, I’m not sure where to find a copy of a Win.Test.EICAR_LDB-1 file >>>>> to submit. >>>>> >>>>> -Al- >>>>> >>>>> >>>>>> On Wed, Mar 16, 2016 at 09:44 PM, Jason J. W. Williams wrote: >>>>>> >>>>>> Culprit seems to be sanesecurity-porcupine.ndb ( >>>>>> http://sanesecurity.com/usage/signatures/). Moving it out causes >>>>>> Win.Test.EICAR_NDB-1 >>>>>> FOUND to be found, moving it back in triggers the Win.Trojan.Trojan-605 >>>>>> FP. >>>>>> Since the Win.Trojan.Trojan sig isn't in the DB I'm not sure why that is. >>>>>> >>>>>> -J >>>>>> >>>>>>> On Wed, Mar 16, 2016 at 9:38 PM, Al Varnell <alvarn...@mac.com> wrote: >>>>>>> >>>>>>> Disregard, I found it here after they got the new main.cvd: >>>>>>> < >>>>>>> http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Win.Trojan.Trojan-605&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&display=signature&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display >>>>>>> >>>>>>> I’ll see what I get once my main.cvd finishes. >>>>>>> >>>>>>> -Al- >>>>>>> >>>>>>>> On Wed, Mar 16, 2016 at 09:32 PM, Al Varnell wrote: >>>>>>>> >>>>>>>> I’m still looking, but so far I can’t find any Win.Trojan.Trojan >>>>>>> signatures in the ClamAV Official database or listed in clamav-virusdb >>>>>>> e-mail list. >>>>>>>> >>>>>>>> Nor can I confirm your results using my own EICAR. >>>>>>>> >>>>>>>> Are you using any Unofficial signatures from a different source? >>>>>>>> >>>>>>>> -Al- >>>>>>>> >>>>>>>>> On Wed, Mar 16, 2016 at 09:06 PM, Jason J. W. Williams wrote: >>>>>>>>> >>>>>>>>> Pulled down 21466 (and force restarted clamd) but it's still >>>>>>>>> classifying >>>>>>>>> EICAR as Win.Trojan.Trojan: >>>>>>>>> >>>>>>>>> https://gist.github.com/williamsjj/b8104402e80f44475df5 >>>>>>>>> >>>>>>>>> Databases are up to date now: >>>>>>>>> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, >>>>>>> builder: >>>>>>>>> amishhammer) >>>>>>>>> Empty script daily-21465.cdiff, need to download entire database >>>>>>>>> Downloading daily.cvd [100%] >>>>>>>>> daily.cvd updated (version: 21466, sigs: 83889, f-level: 63, builder: >>>>>>>>> amishhammer) >>>>>>>>> Empty script bytecode-275.cdiff, need to download entire database >>>>>>>>> Downloading bytecode.cvd [100%] >>>>>>>>> bytecode.cvd updated (version: 275, sigs: 45, f-level: 63, builder: >>>>>>>>> amishhammer) >>>>>>>>> Database updated (4302724 signatures) from db.local.clamav.net (IP: >>>>>>>>> 193.1.193.64) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> On Wed, Mar 16, 2016 at 9:00 PM, Al Varnell <alvarn...@mac.com> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Those are normal messages for an update of this kind. The >>>>>>>>>> 21465.cdiff >>>>>>> was >>>>>>>>>> purposely blank in order to force you to download the entire >>>>>>>>>> daily.cvd. >>>>>>>>>> Give it plenty of time as the main.cvd is 109MB. >>>>>>>>>> >>>>>>>>>> Technical details: < >>>>>>> http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html >>>>>>>>>> >>>>>>>>>> -Al- >>>>>>>>>> >>>>>>>>>>> On Wed, Mar 16, 2016 at 08:56 PM, Jason J. W. Williams wrote: >>>>>>>>>>> >>>>>>>>>>> Thanks. Hopefully it'll sync up soon. I'm getting weird download >>>>>>> errors >>>>>>>>>> out >>>>>>>>>>> of freshclam: >>>>>>>>>>> >>>>>>>>>>> WARNING: getfile: Error while reading database from >>>>>>> db.local.clamav.net >>>>>>>>>>> (IP: 200.236.31.1): Operation now in progress >>>>>>>>>>> WARNING: getpatch: Can't download daily-21465.cdiff from >>>>>>>>>> db.local.clamav.net >>>>>>>>>>> nonblock_recv: recv timing out (30 secs) >>>>>>>>>>> WARNING: getfile: Error while reading database from >>>>>>> db.local.clamav.net >>>>>>>>>>> (IP: 194.186.47.19): Operation now in progress >>>>>>>>>>> WARNING: getpatch: Can't download daily-21465.cdiff from >>>>>>>>>> db.local.clamav.net >>>>>>>>>>> Empty script daily-21465.cdiff, need to download entire database >>>>>>>>>>> >>>>>>>>>>> On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarn...@mac.com> >>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> The new database was just made available, so I recommend you hold >>>>>>>>>>>> off >>>>>>>>>>>> until you have the new mail.cvd v57 and daily.cvd v21466 before >>>>>>> getting >>>>>>>>>> too >>>>>>>>>>>> excited about this. >>>>>>>>>>>> >>>>>>>>>>>> -Al- >>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> As of the latest daily update, running ClamAV against the EICAR >>>>>>>>>>>>> test >>>>>>>>>>>> string >>>>>>>>>>>>> reports Win.Trojan.Trojan-605 instead of Eicar-Test-Signature. >>>>>>>>>>>>> >>>>>>>>>>>>> -J >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Help us build a comprehensive ClamAV guide: >>>>>>> https://github.com/vrtadmin/clamav-faq >>>>>>> >>>>>>> http://www.clamav.net/contact.html#ml >>>>>> _______________________________________________ >>>>>> Help us build a comprehensive ClamAV guide: >>>>>> https://github.com/vrtadmin/clamav-faq >>>>>> >>>>>> http://www.clamav.net/contact.html#ml >>>>> >>>>> -Al- >>>>> -- >>>>> Al Varnell >>>>> Mountain View, CA >>>> _______________________________________________ >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>> >>> -Al- >>> -- >>> Al Varnell >>> Mountain View, CA >>> >>> >>> >>> >>> _______________________________________________ >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
